How to Reset "root" Password with GRUB on Enterprise Linux

How to Reset "root" Password with GRUB on Enterprise Linux If somehow you have lost the password for the system administrator user "root" you will need to reset it. This document provides a practical method to do that if you have configured system with the GRUB boot loader during the OS installation. It procedure is to boot the system in the "single user" mode and to be able to do that you must be on the system console. Please follow the steps below: 1. Reboot the system 2. When the GRUB menu is shown with list of kernels to boot or count down for boot kernel is seen immediately do the following. 3. Use the arrow key and choose the kernel you want to boot 4. Press key a to append kernel arguments before booting 5. Next line will look something like this: grub append> ro root=/dev/VolGroup00/LogVol00 rhgb quiet 6. At the end of the line press space bar once, then add text single or 1: grub append> ro root=/dev/VolGroup00/LogVol00 rhgb quiet single or grub append> ro root=/dev/VolGroup00/LogVol00 rhgb quiet 1 7. Then press enter/return, system will start to boot. The esc key will cancel your edit. 8. This will bring you to a shell prompt and now you can use the passwd command to change the password for the "root" account: sh-3.00## passwd Changing password for user root. New UNIX password: ... ... After the password is reset type # reboot and after system has been completed booting you can logon with the new root password.

How to Close and Open Ports with iptables

How to Close and Open Ports with iptables Linux dedicated servers typically rely a software firewall system called iptables. With it you can control which ports allow inbound and/or outbound access. It is very important to have iptables configured properly, both for your server’s functionality and for its security. There are many tools, both command-line based and web-based that allow you to control and configure iptables. In some cases, particularly emergency situations, you may still prefer or need to use the command line. In such situations, here is an easy guide to follow. As an example, let’s suppose you want to open the TCP port 25 for your SMTP server. 1. Login to your server via SSH 2. Become root: su 3. Enter the following command: iptables -A INPUT -p tcp --dport 25 -j ACCEPT On the other hand, if you wanted to close access to the same port, you would enter: iptables -A INPUT -p tcp --dport 25 -j DROP Once you are finished, save and restart iptables /etc/init.d/iptables save /etc/init.d/iptables restart Notes: 1. Some Linux distributions, such as Red Hat Enterprise Linux and CentOS provide basic iptables management through the “setup” program. Simply run “setup” as root and configure the firewall. 2. If your server uses a web-based control panel to configure the firewall, it is not a good idea to manually play with it except in cases of emergency where you cannot access services (such as the web). 3. Some iptables management software allows you to control it without actually having to use the iptables command.

Tools to Monitor Linux Performance

Linux/Unix System administrators need to monitor and debug Linux System Performance problems every day. It is very hard to monitor and keep systems up and running without using proper tools or utilities. Below are some frequently used command line monitoring tools that might be useful for every Linux/Unix System Administrator. These commands are available under all flavors of Linux and can be useful to monitor and find the actual causes of performance problem.

1. lsof (List Open Files)
Lsof command used in many Linux/Unix like system that is used to display list of all the open files and the processes. The open files included are disk files, network sockets, pipes, devices and processes. One of the main reason for using this command is when a disk cannot be unmounted and displays the error that files are being used or opened. With this command you can easily identify which files are in use. The most common format for this command is.


2. tcpdump (Network Packet Analyzer)
tpdump is one of the most widely used command-line network packet analyzer or packets sniffer program that is used to capture or filter TCP/IP packets which are received or transferred on a specific interface over the network. It also provides a option to save captured packages in a file for later analysis. tcpdump is almost available in all major Linux distributions.


3. netstat (Network Statistics)
Netstat is a command line tool for monitoring incoming and outgoing network packets statistics as well as interface statistics. It is very useful tool for every system administrator to monitor network performance and troubleshoot network related problems.


4. top (Linux Process Monitoring)
Linux Top command is a performance monitoring program which is used frequently by many system administrators to monitor Linux performance and it is available under many Linux/Unix like operating systems. The top command used to display all the running and active real-time processes in ordered list and refreshes regularly. It display CPU usage, Memory usage, Swap Memory, Cache Size, Buffer Size, Process PID, User, Commands and much more. It also shows high memory and cpu utilization of a running processess. The top command is much useful for system administrator to monitor and take correct action when required.


5. vmstat (Virtual Memory Statistics)
Linux VmStat command used to display statistics of virtual memory, kernel threads, disks, system processes, I/O blocks, interrupts, CPU activity and much more. By default vmstat command is not available under Linux systems you need to install a package called sysstat that includes a vmstat program. The common usage of command format is.


6. iostat (Input/Output Statistics)
IoStat is simple tool that collects and shows system input and output storage device statistics. This tool is often used to trace storage device performance issues including devices, local disks, remote disks such as NFS.

Converting A VMware Image To A Physical Machine

Converting A VMware Image To A Physical Machine

This tutorial shows how to convert an existing CentOS VM to a Physical machine. This tutorial covers the cloning of the VM to an unpartitioned HDD and troubleshoot some of the possible errors that you may have booting the OS on your new hardware. To illustrate this procedure I will use VMware Workstation 7 as the handler to transfer the VM installation to a physical HDD.

1 Requirements
To perform this procedure you will need:
• VMware Workstation, VMware Server or VMware Player.
• CloneZilla ISO image.
• Unpartitioned HDD with enough space to hold your VM image.

2 Preliminary Notes
This tutorial assumes basic knowledge of the cloning process and requires no previous experience on the use of Clonezilla. Make sure your OS is not using in any way the target HDD that will hold your final copy of the VM, otherwise VMware will complain about your disk been in use and CloneZilla will not perform a successful copy of the VM.

3 VMware Configuration
First thing is to make sure your virtual CD/DVD is using your CloneZilla ISO image to boot. Next add your physical HDD as part of your existing VM by clicking the Add button.


Select Hard Drive and click Next.


Select Use physical disk (for advanced users) then click Next.


Make sure you select the correct drive that you want to use for your physical disk and select the option Use entire disk.


Finally give a name to your configuration file then click Finish.


Make sure your final VMware hardware list include this two elements otherwise, start all over.


4 CloneZilla Cloning Process

Start your VMware and boot from your virtual ISO into CloneZilla image. Use the Live option with default settings.


Select your preferred language and continue.


Accept the default option Don't touch keymap and continue.


Select Start_clonezilla and continue.


Select device-device option and continue.


Select Beginner mode and continue.


Select disk to local disk and continue.


Select your source disk and click OK.


Select your target disk and click OK, then press Enter to continue.


You will be presented with a warning, about your existing data on your target disk will be lost, make sure there's nothing usable on your disk before you continue.


You will be presented with a series of questions answer yes to all this prompts.


The cloning process may take a long time.

After the cloning process is finished hit Enter and power off the VM by pressing 0 on the CloneZilla menu.


The cloning process is complete, is now time to install your new HDD to your physical machine.

5 Troubleshooting Physical Machine

More likely your first encounter with your cloned OS will be a filesystem corruption, with the following error: Unexpected Inconsistency. To fix this problem enter your root password and run fsck -y to start the filesystem repair process. The -y answers yes to the questions the fsck command will probably output.


Your next challenge will be fixing your NIC, I have used two different methods to fix this problem.
Go into /etc/udev/rules.d and delete the file 70-persistent-net.rules then reboot. Deleting the file forces the detection process to run again at boot with no baggage left over from the cloning process.

The other way to fix this problem is by edit: /etc/sysconfig/network-scripts/ifcfg-eth0 and add the MAC address of your new NIC.
Open eth0 using vi, type:

vi /etc/sysconfig/network-scripts/ifcfg-eth0

Edit the following line:
HWADDR=
This is my sample config file:
# Micro-Star INT'L CO Gigabit Ethernet Controller
DEVICE=eth0
BOOTPROTO=static
DHCPCLASS=
HWADDR=00:19:B1:2A:BA:B8
IPADDR=10.10.11.50
NETMASK=255.255.255.192
ONBOOT=yes

Save and close the file then reboot the server:

reboot

The system is now ready to be used.

Enabling the VMware vSphere Hot-plug CPU & Hot-Add RAM Feature

Enabling the VMware vSphere Hot-plug CPU & Hot-Add RAM Feature

VMware vSphere’s hot-add Memory and hot-plug CPU functions allow you to add the CPU and Memory while virtual machine is up and running. It will help you to add the additional resources whenever required and no need to bring down the VM for each time. But you can’t remove the resources once you have added the VM while it’s running.

To enable the hot-plug CPU and Hot-add RAM on existing VM.

1. Login to the VMware vSphere Client and Halt the VM.

2. Right click the VM and edit the virtual machine settings.

3. Expand the CPU tab.

4. Navigate to CPU hot Plug option.

5. Select the “Enable CPU Hot Add” Box.

6. Same way you can configure for memory as well. Just enable the Memory Hot plug.




Reference: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2020993

VMware KB: Starting the VMware VirtualCenter Server service fails with the error: Failed to create Secure WebService socket: class Vmacore::SystemException

VMware KB: Starting the VMware VirtualCenter Server service fails with the error: Failed to create Secure WebService socket: class Vmacore::SystemException

AIX Useful commands

Useful commands

Memory
bootinfo –r    shows how much RAM does my machine has (as root)
lsattr –E –l sys0 –a realmem   shows how much RAM does my machine have (as non root)
rmss -c 512
rmss -r        sets the memory size to 512 MB
resets the memory size to the original one
Devices
lsattr  -El  en0    displays en0 driver params
lsattr  -El  ent0    displays ent0 HW params
lsattr -El rmt0    displays tape params
lscfg -vp -l rmt0    (all information about a tape drive)
lsattr  -El  sys0    displays system type, firmware, etc  driver params
lscfg –v    lists all system HW config (NVRAM)
lsdev –Csscsi    list all scsi devices
lsdev –Cspci    list all pci devices
lsparent –Ck scsi    list all scsi adapters
lsdevfc    list fiberchannel devices
cfgmgr    Configures devices
lsdev -Ccdisk     Shows all disks
lsdev -Cctape              Shows all tapes
cfgmgr -v -l device –v   Specifies verbose output. The cfgmgr command writes information about what it is doing to standard output.
cfgmgr -v -l device      Name Specifies the named device to configure along with its children.
If you only turned on a disk tower at e.g. scsi2 cfgmgr -v -l scsi2 will only configure this with detailed output.
lsdisp    To check which graphic adapter is installed.
lscfg -vp -l mga0     (all information about a adapter)
lscfg -vp -l hdisk0 | grep Machine    gives info about the disk manufacture type
lsslot -c pci    For 6F1 only !!!! Lists all slots ,voltage,boards,etc !!!!
bootlist -m normal cd0  rmt0 hdisk0   Changes the default bootlist
lsmcode -c    display the system firmware level and service processor
lsmcode -r -d scraid0    display the adapter microcode levels for a RAID adapter scraid0
lsmcode -A    display the microcode level for all supported devices
System info
/usr/bin/uname -m    Get machine ID
/usr/bin/uname -M    Get platform type
oslevel    Displays current AIX level
oslevel -r    Displays current AIX maintenance level
oslevel -g    List filesets at levels later than maintenance level !!!
lsps -a    Paging space settings.
lscfg -vp -l proc0  (1,2,3)   (all information about a processor[s])
lscfg -vp -l mem0 |pg    (all information about memory modules installed)
env ulimit    Environment setings - show user ulimit
bootinfo –s hdisk0     Displays disk size
lsattr -El sys0 -a systemid   Determines the system serial number
lscfg –vp|grep ROM|grep -v CD  Determines the system Firmware level
System issues
TERM=vt100      -If you execute a command/application and it responds with msg
‘ The type of your terminal is unknown to the system’,run those commands (In ‘ksh’)
set term=vt100   -Same (In tcsh’)
rcp -rp /dataVolumes/brisque1.1.0/jobs/flower.job sciroot@ripro3:/dataVolumes/ripro3.3.0/jobs/ -Copying a file from one Unix machine (Brisque) to another (Server) the assumption is that both machines know each other’s names (in hosts file)
dd if=/dev/fd0 of=/temp/diskimage bs=4096 -Duplicate a diskette copy from diskette to hard drive
dd if=/temp/diskimage of=/dev/fd0 bs=4096  -copy diskette image onto diskette
/usr/lpp/X11/bin/xset -display unix 0 s off  -Kill display timeout
lsfs -v jfs  -List of Filesystem items.
lsfs -q -v jfs         -you can see also the parameter of a filesystem and thus see if e.g. /backup was or is a big_filesystem_enabled one.
Important for the 2GB File limit.
lsuser –f root    Shows all user parameters (max .file size,etc)
sysdumpdev -L    Check last system dump status
sysdumpdev -l    Check system dump device settings
lslpp -f Upd_Timna_DTM.obj    List contents of the package
Networking
ksh
for ENT in ` lsdev –Cs pci|grep ent | awk '{ print $1 }'|cut –c 1,2,4 `;do
    mktcpip –S $ENT
done
exit      -Shows all interfaces IP config+mask+router+DNS !
host timna1    displays station default IP address – works ONLY in DNS environment
ifconfig en0    displays en0 driver params
netstat  -i    displays network interfaces setting
mktcpip -S en0    #host:addr:mask:_rawname:nameserv:domain:gateway:type:start
syslab18:192.9.100.1:255.255.255.0:en0:10.4.2.12:csil.creoscitex.com:10.4.30.1:N/A:no
GREAT TCPIP info in one command !!!
showmount –e    displays all exported volumes
showmount -a    show who's got my filesystemsses mounted over IP !
lssrc –g tcpip    displays all IP oriented processes status
entstat -drt ent0 |grep –i error    display any communication errors on etn0
entstat -r    Resets all the statistics back to their initial values.
arp -a    shows a local arp cache
cd /usr/local/es/;res    restarts appletalk
netstat  -ptcp    shows IP statistics
netstat  -pudp    shows UDP statistics
netstat  -c
         -s
         -m    client only;
server only
NFS mount
netstat -I en0 10    Trace en0 every 10 seconds
netstat -rn    Display routing info with IP address (10.4.27.182)
netstat -in    Shows the state of all configured interfaces
netstat -r    Display routing info with full hostnames (timna2.csil.creoscitex)
    nfsstat  –z      ;to    reset NFS stats without reboot
cat /etc/resolv.conf    Check DNS settings
stopsrc –g NFS     To stop NFS services on a client
startsrc –g NFS     To start NFS services on a client
traceroute 149.115.39.1    Trace all hobs (interconnections=routers) to the destination  IP
netpmon -o netpmon.out
trcstop    Traces all network processes activity into a logfile. Must be preceede by a trcstop command !
nslookup hostname    Shows the DNS server name and address
ping -R -c 1 bnc2    Ping with displaying the routing info
namerslv -s | grep domain | awk '{ print $2 }'    Displays a fully qualified domain name of a host
rup    Shows the status of a remote host on the local network
nmonnfs    Traces all NFS processes activity
mount hostname:/filesystem /mount-point    Mount an NFS filesystem
mknfsexp -d /directory     Creates an NFS export directory
mknfsmnt                            Creates an NFS mount directory
rmnfs                               Stops and un-configures NFS services
mknfs                               Configures and starts NFS services
exportfs -u (filesystem)            Un-exports a filesystem
exportfs                            Lists all exported filesystems
exportfs -a                        Exports all fs's in /etc/exports file
Disks
synclvodm -vP svg3    synchronizes ODM and the disk VG info.
redefinevg svg3    Redfined VG definition in ODM
lqueryvg -p hdisk0 –Avt  -reads logical volumes info from disk
bootinfo -s hdiskx    Shows Megabytes available even if no volume group is assigned.
lspv -p  hdiskx     (PP's used, location on disk, mount point)
lscfg -vp -l hdiskx      (all information about a disk/raid)
Filesystem
chfs -a size=+200000 /var    increases /var FS by 100MB
du -sk /john          shows directory used space in kb !!!!
mount all    mounts all FS
umount /dataVolumes/rtest9.1.0    unmounts a FS
fuser -k /dev/cd0    Releases a CD that will not unmount !
fuser –c /dataVolumes/rtest9.1.0  -Find out which process_id lock the FS
istat <filename>    Shows when the file was last created/modified/accessed !!!!
System monitoring
istat <filename>    Shows create/modify/access file info
alog -o -t boot | more    displays system boot log
w    Lists login users and their programs.
who    Identifies the users currently logged in
/usr/local/es/swho     Identifies the Ethershare users currently logged in
last  |more    shows last logins
last –20    Shows recent 20 lines
last root    Shows username ‘root’ login/logout record
last ftp     Shows all FTP session in the record
mount    shows all mounted filesystems (nfs+local)
ps -ef    show all running processes
ps -ef |grep Scitex     show all scitex running processes
du -ak /scitex|sort -n -r|head –10  -Display 10 biggest directories on the volume by size
find /scitex -xdev -size +2048 -ls|sort -rn +6|head –10  -to find 10 top files in the root (/) directory larger than 1 MB.”-xdev” helps searching ONLY in “/” !!!!!!!!!
history    Last commands run on the system by this user
alog -ot boot    Lists a log of all boot operations
grep TX /etc/environment    Verify daylight settings
Performance issues
nmon    a nice monitor - runs only on AIX5 and up
topas    a nice monitor - runs only on AIX 4.3.3 and up
monitor -top 10 -s 2    monitors system 10  top processes with 2 seconds
iostat 2    displays disks activity every 2 seconds refresh interval
iostat –a 2            AIX5 ONLY !!!!
displays disks and ADAPTER !!!! activity every 2 seconds refresh interval
vmstat 2    ;monitors virtual memory statistics every 2 seconds (see appendix A)
sar –P ALL 2 2    Show all CPU’s activity on an SMP machine
svmon –i 2    Monitors real and virtual memory
ps auxw | sort –r +3 |head –10  -Shows top 10 memory usage by process
ps auxw | sort –r +2 |head –10  -Shows top 10 CPU usage by process
ps –auw | grep defunct    Shows zombies processes (to kill – reboot or kill the parent)
filemon –O all –o filemon.out ; find / -name core ; trcstop    Traces FS,LV,disks,files activityof a “find” command into a logfile (filemon.out). Must be preceded by a trcstop command.
tprof –x find / -name core ; trcstop    Traces CPU activityof a “find” command Severall logfile are created. Must be preceded by a trcstop command.
tprof -ske -x "sleep 30"    -Trace CPU activity for next 30 seconds.Results in file sleep.tprof
lvmstat –ev svg1
lvmstat –v svg1 2    AIX5 ONLY !!!!
enable gathering the VG statistics
Display VG logical volumes statistics every 2 seconds
Remote issues (working over the modem)
pdelay tty0; pdisable tty0 >/dev/null ;penable tty0
-Resets tty0
stty erase '^?'    Makes bakespace to work
/scitex/version/utils/modem/kermit -l /dev/ttyx –c atdt {phone #}     Use Unix to Dail-out  (for any reason) ttyx is the serial port the cable is connected
/scitex/version/utils/modem/kermit -s /u/d0/ripro_messages -i    Sends a file to a remote desktop in binary mode
/scitex/version/utils/modem/kermit –r
-Receives a file to from remote desktop
Browsing errlog with errpt
errpt -a  -s 0604090601  -e 0605090901    browse the errlog in  detail for all errors within a timeframe
errpt -a  -N SYSPROC |more
errpt -a  -N SYSPROC  > /tmp/err.log    Browse the errlog for the SYSPROC resource, can be into the file
errpt -j 5DFED6F1   -Browse the errlog by the identifier
errpt –A    -AIX5 ONLY !!!! Shows less detailes then errpt -a
errpt –D    -AIX5 ONLY !!!! eliminates double entries
Security issues
chmod -s Filename    Remove Sticky Bit to a file or directory
chmod +r+w+x+t Filename     Add Read+Write+Execute+Temp mode to a file or directory.
This is a ‘blanket’ change for all owner, user & group.
Numeric Access Modes
0 (---) - no access
1 (--x) - execute permissions; search permissions for directories
2 (-w-) - write access
3 (-wx) - execute/search permission and write access
4 (r--) - read access
5 (r-x) - execute/search permission and read access
6 (rw-) - read and write access
7 (rwx) - execute/search permission and read and write access
mkpasswd -f    rebuild the /etc/passwd indexes in case of suspected corruption
Miscellaneous
ksh
find / -type f|xargs grep "10.4.27.181" 2> /dev/null
-Find all files containing my IP address
compress -c file > file.Z    Compresses the files while keeps the original
whereis  <command-ame>    Returms full path of program
pax Command User to extract tar back to different location
Purpose
Extracts, writes, and lists members of archive files; copies files and directory hierarchies.
pax -rf /dev/rmt0 -s/u01/archive/p