≡ Menu

rhel

How to: Upgrade VMWARE Server under Linux

Build 56528 is a release build of VMware Server 1.0.4. It is a maintenance bug fix release to address security issues. Upgrading VMWare server is a piece of cake under Redhat Enterprise Linux / CentOS Linux version 5.0.

Please note that following instructions are tested on RHEL 4.5, 5.0 and CentOS Linux 5.0 only. You can use tar ball based package to upgrade vmware under Debian Linux.

Find out current VMware server version

First find out current vmware server version, enter:
# vmware -v
Output:

VMware Server 1.0.3 build-44356

You can download the latest version from official site.

Shutdown all VMWARE guest oses / vps

Login to each running VM and bring down (halt) guest operating system. You can also use vmware server console or web based interface for the same purpose.
Stop VMWARE Server:
# /etc/init.d/vmware stop
Output:

Stopping VMware services:
   Virtual machine monitor                                 [  OK  ]
   Bridged networking on /dev/vmnet0                       [  OK  ]
   Virtual ethernet                                        [  OK  ]

Stop VMWARE Webbased interface:
# /etc/init.d/httpd.vmware stop
Output:

   Shutting down http.vmware:                              [  OK  ]

Download VMWARE Server

Use wget the ultimate command line downloader
# cd /tmp
# wget http://download3.vmware.com/software/vmserver/VMware-server-1.0.4-56528.i386.rpm
# wget http://download3.vmware.com/software/vmserver/VMware-mui-1.0.4-56528.tar.gz

Upgrade VMWARE server

Use rpm command to upgrade VMWARE server, enter:
# rpm -Uvh VMware-server-1.0.4-56528.i386.rpm
Output:

Preparing...                ########################################### [100%]
   1:VMware-server          ########################################### [100%]

Reconfigure VMWARE Server

Just reconfigure Vmware server with old values/options:
# vmware-config.pl
Just accept accept the End User License Agreement and press CTRL+C. Now configure server with old values:
# vmware-config.pl -d
Output:

aking sure services for VMware Server are stopped.
Stopping VMware services:
   Virtual machine monitor                                 [  OK  ]
   Bridged networking on /dev/vmnet0                       [  OK  ]
   Virtual ethernet                                        [  OK  ]
Configuring fallback GTK+ 2.4 libraries.
In which directory do you want to install the mime type icons?
[/usr/share/icons]
What directory contains your desktop menu entry files? These files have a
.desktop file extension. [/usr/share/applications]
In which directory do you want to install the application's icon?
[/usr/share/pixmaps]
Trying to find a suitable vmmon module for your running kernel.
...........
...
.....
*** Output truncated ***

Upgrade VMware Server Web-based management interface

The VMware Server Web-based management interface. Install on your VMware Server system to enable control from a Web browser. Untar and install the same:
# tar -zxvf VMware-mui-1.0.4-56528.tar.gz
# cd vmware-mui-distrib/
# perl vmware-install.pl

Just follow on screen instructions to install Web-based management interface. Finally just start all guest oses.

Linux: Display a login banner for Gnome (GDM) Desktop

You can easily use /etc/issue file to display a pre-login message / login warning banner for text based session. You can also force OpenSSH (SSHD) to display a login message or banner. But how do you force GDM to display a login banner for all local and remote users?

GDM customization

GDM is a replacement for XDM, the X Display Manager. GDM runs and manages the X servers for both local and remote logins (using XDMCP). You can easily configure GDM to display message. You need to open gdm custom configuration file:

[a] RHEL / CentOS / Fedora Linux : Open /etc/gdm/custom.conf file.
[b] Debian / Ubuntu Linux : Open /etc/gdm/gdm.conf-custom file.

This file is the appropriate place for specifying your customizations to the GDM configuration. If you run gdmsetup, it will automatically edit this file for you and will cause the daemon and any running GDM GUI programs to automatically update with the new configuration. Not all configuration options are supported by gdmsetup, so to modify some values it may be necessary to modify this file directly by hand.

Display a login banner for Gnome / GDM under Linux

Open /etc/gdm/custom.conf file:
# vi /etc/gdm/custom.conf
Find out [greeter] section and append following text:
DefaultWelcome=false
Welcome=Message for local users
RemoteWelcome=Message for remote login users

Save and close the file.

A note about RHEL / CentOS / Fedora user

Apart from above configuration you also need to add following line inder the [daemon] section:
Greeter=/usr/libexec/gdmlogin

Using GUI tool gdmsetup

gdmsetup is a graphical tool for easily changing the most commonly used options including greeting messages. As I mentioned earlier gdmsetup does not support changing of all onfiguration variables, so it may be necessary to edit the files by hand for some configurations and security issues. Open X terminal and enter the command:
$ sudo gdmsetup
How do I display a login warning banner for GDM under Linux / UNIX with gdmsetup?
(click to enlarge)

Select Local tab > Welcome Messages > Custom > Enter your custom message > Click on Close button to save the changes.

Sometime by mistakes all file permissions get changed and you need to restore file permission. For example a shell script or some sort of corruption could change the permissions for packages (installed files), it may be necessary to reset them.

For example a long time ago my shell script run chmod and chown commands on /usr and changed the permission. Luckily rpm command can reset package permission. Sun Solaris pkg command and IBM can also reset permissions.

Please note that this troubleshooting tip is about resetting the permission of the installed package files and not about end users files stored in /home directory.

RPM syntax to fix permission

To set permissions of files in a package, enter:

rpm --setperms {packagename}

RPM syntax to fix file ownership

To set user/group ownership of files in a package, enter:

rpm --setugids {packagename}

List installed package

You can list all installed package with rpm -qa command:
rpm -qa
Output:

basesystem-8.0-5.1.1.el5.centos
glibc-2.5-12
expat-1.95.8-8.2.1
db4-4.3.29-9.fc6
cyrus-sasl-lib-2.1.22-4
libusb-0.1.12-5.1
libgcrypt-1.2.3-1
perl-5.8.8-10
gmp-4.1.4-10.el5
perl-DBI-1.52-1.fc6
perl-URI-1.35-3
wireless-tools-28-2.el5
libXdmcp-1.0.1-2.1
perl-IO-Zlib-1.04-4.2.1
perl-String-CRC32-1.4-2.fc6
perl-HTML-Tagset-3.10-2.1.1
libattr-devel-2.4.32-1.1
zip-2.31-1.2.2
.....
..
...

List individual package file permission

You can list individual installed package file permission using following shell for loop (for example list file permission for zip package):
for f in $(rpm -ql zip); do ls -l $f; done
Output:

-rwxr-xr-x 1 root root 75308 Jan  9  2007 /usr/bin/zip
-rwxr-xr-x 1 root root 31264 Jan  9  2007 /usr/bin/zipcloak
-rwxr-xr-x 1 root root 28336 Jan  9  2007 /usr/bin/zipnote
-rwxr-xr-x 1 root root 30608 Jan  9  2007 /usr/bin/zipsplit
total 188
-rw-r--r-- 1 root root  3395 Dec 14  1996 algorith.txt
-rw-r--r-- 1 root root   356 Dec 14  1996 BUGS
-rw-r--r-- 1 root root 60168 Mar  9  2005 CHANGES
-rw-r--r-- 1 root root  2692 Apr 10  2000 LICENSE
-rw-r--r-- 1 root root 40079 Feb 28  2005 MANUAL
-rw-r--r-- 1 root root  8059 Feb 27  2005 README
-rw-r--r-- 1 root root  3149 Feb 21  2005 TODO
-rw-r--r-- 1 root root  2000 Mar  9  2005 WHATSNEW
-rw-r--r-- 1 root root 19032 Apr 19  2000 WHERE
-rw-r--r-- 1 root root 356 Dec 14  1996 /usr/share/doc/zip-2.31/BUGS
-rw-r--r-- 1 root root 60168 Mar  9  2005 /usr/share/doc/zip-2.31/CHANGES
-rw-r--r-- 1 root root 2692 Apr 10  2000 /usr/share/doc/zip-2.31/LICENSE
-rw-r--r-- 1 root root 40079 Feb 28  2005 /usr/share/doc/zip-2.31/MANUAL
-rw-r--r-- 1 root root 8059 Feb 27  2005 /usr/share/doc/zip-2.31/README
-rw-r--r-- 1 root root 3149 Feb 21  2005 /usr/share/doc/zip-2.31/TODO
-rw-r--r-- 1 root root 2000 Mar  9  2005 /usr/share/doc/zip-2.31/WHATSNEW
-rw-r--r-- 1 root root 19032 Apr 19  2000 /usr/share/doc/zip-2.31/WHERE
-rw-r--r-- 1 root root 3395 Dec 14  1996 /usr/share/doc/zip-2.31/algorith.txt
-rw-r--r-- 1 root root 12854 Jan  9  2007 /usr/share/man/man1/zip.1.gz

Reset the permissions of the all installed RPM packages

You need to use combination of rpm and a shell for loop command as follows:
for p in $(rpm -qa); do rpm --setperms $p; done
for p in $(rpm -qa); do rpm --setugids $p; done

Above command combination will reset all the permissions to the default permissions under CentOS / RHEL / Fedora Linux.

A note about Debian / Ubuntu Linux distributions

Only rpm command / Solaris pkg and AIX command supports package file permission reset option. But dpkg / apt-get command doesn’t support this option.

Solaris command example

Boot Solaris / OpenSolaris box in single user mode. Mount /usr and other filesystem:
mount / /a
mount /usr /a/usr
mount /var/ /a/var
mount /opt /a/opt

Login as the root, enter:
pkgchk -R /a -f
Please note that he pkgchk command does not restore setuid, setgid, and sticky bits. These must be set manually. Read pkgchk command man page for more information:
man pkgchk

New Linux user often get this error. Let us say you haved downloaded the RPM file from net and saved to /tmp, you may get error - no no such file or directory - when the file is really downloaded and ls command can show the same.

Answer is pretty simple rpm command needs the full path to RPM command. Use pwd command to get full path and type the following commands:
ls *.rpm
pwd
/tmp
Now install the rpm file:
rpm -ivh myrpm.rpm
or use full path:
rpm -ivh /tmp/myrpm.rpm

Running query on uninstalled rpm package

However if you run query on uninstalled package you will get an error:
# rpm -qi /tmp/bandwidth-0.12-1.el5.rf.x86_64.rpm
Output:

package bandwidth-0.12-1.el5.rf.x86_64.rpm is not installed

To query an uninstalled package pass -p option to rpm command.
# rpm -qip /tmp/bandwidth-0.12-1.el5.rf.x86_64.rpm
Output:

Name        : bandwidth                    Relocations: (not relocatable)
Version     : 0.12                              Vendor: Dag Apt Repository, http://dag.wieers.com/apt/
Release     : 1.el5.rf                      Build Date: Sat 28 Jul 2007 03:27:28 PM CDT
Install Date: (not installed)               Build Host: lisse.leuven.wieers.com
Group       : Applications/Internet         Source RPM: bandwidth-0.12-1.el5.rf.src.rpm
Size        : 30905                            License: GPL
Signature   : DSA/SHA1, Sat 28 Jul 2007 03:31:11 PM CDT, Key ID a20e52146b8d79e6
Packager    : Dag Wieers 
URL         : http://home.comcast.net/~fbui/bandwidth.html
Summary     : Artificial benchmark for measuring memory bandwidth
Description :
bandwidth is an artificial benchmark for measuring memory bandwidth,
useful for identifying a computer's weak areas.

yum (Yellow dog Updater Modified) is a package manager for RPM compatible Linux systems such as CentOS, Fedora core and latest Redhat Enterprise Linux.

So how do you use yum to update / install packages from an ISO of CentOS / FC / RHEL CD?

Creation of yum repositories is handled by a separate tool called createrepo, which generates the necessary XML metadata. If you have a slow internet connection or collection of all downloaded ISO images, use this hack to install rpms from iso images.

Step # 1: Mount an ISO file

Type the following command (replace iso file name with the actual iso file):
# yum install createrepo
# mkdir -p /mnt/iso/{1,2,3}
# mount -o loop /path/to/centos1.iso /mnt/iso/1

Step # 2: Create a repository

Use createrepo to generate the necessary XML metadata. Type the following commands:
# cd /mnt/iso
# createrepo .

Clean repo, enter:
# yum clean all

Step # 3: Create config file

You need to create a repo config file in /etc/yum.repos.d/ directory.
# vi /etc/yum.repos.d/iso.repo
Append following text:
[My ISO Repository]
baseurl=file:///mnt/iso
enabled=1

Save and close the changes.

Now use yum command to install packages from ISO images:
# yum install package-name

This is one of the key questions many new sys admin ask:

How do I audit file events such as read / write etc? How can I use audit to see who changed a file in Linux?

The answer is to use 2.6 kernel’s audit system. Modern Linux kernel (2.6.x) comes with auditd daemon. It’s responsible for writing audit records to the disk. During startup, the rules in /etc/audit.rules are read by this daemon. You can open /etc/audit.rules file and make changes such as setup audit file log location and other option. The default file is good enough to get started with auditd.

In order to use audit facility you need to use following utilities
=> auditctl - a command to assist controlling the kernel’s audit system. You can get status, and add or delete rules into kernel audit system. Setting a watch on a file is accomplished using this command:

=> ausearch - a command that can query the audit daemon logs based for events based on different search criteria.

=> aureport - a tool that produces summary reports of the audit system logs.

Note that following all instructions are tested on CentOS 4.x and Fedora Core and RHEL 4/5 Linux.

Task: install audit package

The audit package contains the user space utilities for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel. CentOS/Red Hat and Fedora core includes audit rpm package. Use yum or up2date command to install package
# yum install audit
or
# up2date install audit

Auto start auditd service on boot
# ntsysv
OR
# chkconfig auditd on
Now start service:
# /etc/init.d/auditd start

How do I set a watch on a file for auditing?

Let us say you would like to audit a /etc/passwd file. You need to type command as follows:
# auditctl -w /etc/passwd -p war -k password-file

Where,

  • -w /etc/passwd : Insert a watch for the file system object at given path i.e. watch file called /etc/passwd
  • -p war : Set permissions filter for a file system watch. It can be r for read, w for write, x for execute, a for append.
  • -k password-file : Set a filter key on a /etc/passwd file (watch). The password-file is a filterkey (string of text that can be up to 31 bytes long). It can uniquely identify the audit records produced by the watch. You need to use password-file string or phrase while searching audit logs.

In short you are monitoring (read as watching) a /etc/passwd file for anyone (including syscall) that may perform a write, append or read operation on a file.

Wait for some time or as a normal user run command as follows:
$ grep 'something' /etc/passwd
$ vi /etc/passwd

Following are more examples:

File System audit rules

Add a watch on "/etc/shadow" with the arbitrary filterkey "shadow-file" that generates records for "reads, writes, executes, and appends" on "shadow"
# auditctl -w /etc/shadow -k shadow-file -p rwxa

syscall audit rule

The next rule suppresses auditing for mount syscall exits
# auditctl -a exit,never -S mount

File system audit rule

Add a watch "tmp" with a NULL filterkey that generates records "executes" on "/tmp" (good for a webserver)
# auditctl -w /tmp -p e -k webserver-watch-tmp

syscall audit rule using pid

To see all syscalls made by a program called sshd (pid - 1005):
# auditctl -a entry,always -S all -F pid=1005

How do I find out who changed or accessed a file /etc/passwd?

Use ausearch command as follows:
# ausearch -f /etc/passwd
OR
# ausearch -f /etc/passwd | less
OR
# ausearch -f /etc/passwd -i | less
Where,

  • -f /etc/passwd : Only search for this file
  • -i : Interpret numeric entities into text. For example, uid is converted to account name.

Output:

----
type=PATH msg=audit(03/16/2007 14:52:59.985:55) : name=/etc/passwd flags=follow,open inode=23087346 dev=08:02 mode=file,644 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(03/16/2007 14:52:59.985:55) :  cwd=/webroot/home/lighttpd
type=FS_INODE msg=audit(03/16/2007 14:52:59.985:55) : inode=23087346 inode_uid=root inode_gid=root inode_dev=08:02 inode_rdev=00:00
type=FS_WATCH msg=audit(03/16/2007 14:52:59.985:55) : watch_inode=23087346 watch=passwd filterkey=password-file perm=read,write,append perm_mask=read
type=SYSCALL msg=audit(03/16/2007 14:52:59.985:55) : arch=x86_64 syscall=open success=yes exit=3 a0=7fbffffcb4 a1=0 a2=2 a3=6171d0 items=1 pid=12551 auid=unknown(4294967295) uid=lighttpd gid=lighttpd euid=lighttpd suid=lighttpd fsuid=lighttpd egid=lighttpd sgid=lighttpd fsgid=lighttpd comm=grep exe=/bin/grep

Let us try to understand output

  • audit(03/16/2007 14:52:59.985:55) : Audit log time
  • uid=lighttpd gid=lighttpd : User ids in numerical format. By passing -i option to command you can convert most of numeric data to human readable format. In our example user is lighttpd used grep command to open a file
  • exe="/bin/grep" : Command grep used to access /etc/passwd file
  • perm_mask=read : File was open for read operation

So from log files you can clearly see who read file using grep or made changes to a file using vi/vim text editor. Log provides tons of other information. You need to read man pages and documentation to understand raw log format.

Other useful examples

Search for events with date and time stamps. if the date is omitted, today is assumed. If the time is omitted, now is assumed. Use 24 hour clock time rather than AM or PM to specify time. An example date is 10/24/05. An example of time is 18:00:00.
# ausearch -ts today -k password-file
# ausearch -ts 3/12/07 -k password-file

Search for an event matching the given executable name using -x option. For example find out who has accessed /etc/passwd using rm command:
# ausearch -ts today -k password-file -x rm
# ausearch -ts 3/12/07 -k password-file -x rm

Search for an event with the given user name (UID). For example find out if user vivek (uid 506) try to open /etc/passwd:
# ausearch -ts today -k password-file -x rm -ui 506
# ausearch -k password-file -ui 506

Other auditing related posts

Further readings

  • Read man pages - auditd, ausearch, auditctl

Updated for accuracy.

Fix a dual boot Windows Vista and Linux problem

How do you fix a dual boot system if you had to reinstall Windows Vista and you can no longer boot to Fedora Core 6 (FC6) or Fedora Linux ? Nobody wants to reinstall FC 6 or Fedora Linux again!

Almost all versions of Microsoft Windows (including XP, Vista and old versions) overwrite GRUB bootloader in MBR (master boot record). As a result Windows boot loader becomes a new boot loader and GRUB will not appear on screen (you will not able to see GRUB menu options).

But don't worry you can easily fix the problem. Please note that if you are using Debian or Ubentu Linux just follow these instructions. Following instuctions are Fedora Linux only and should work with RHEL / CentOS too:

Step # 1: Boot from Fedora Core Linux 1st CD or DVD

Set BIOS to boot from CD/DVD rom. At boot: prompt type command linux rescue
boot: linux rescue

Just follow on screen instructions, when prompted let installer search Linux installation. If the search operation is successful, your old Linux installation will be available at special directory called /mnt/sysimage.

Step # 2: Prepare system for GRUB reinstallation

Type the following commands at shell prompt:
# chroot /mnt/sysimage
# cd /boot/grub

chroot command allows to run rest of all *COMMAND* with root directory set to NEWROOT called /mnt/sysimage. Without chroot environment you will not able to restore GRUB on Fedora Core 6.

Step # 3: Find out your GRUB bootloader installation location

If you have only one IDE hard disk default should be /dev/hda. You can use any of the following command to determine your device name:
# grep '#boot' grub.confOuput:

#boot=/dev/sda

Above output clearly point out that /dev/sda device where my GRUB bootloader was previously installed.

You can also try out fdisk -l command to list partitions and disk information:
# fdisk -l

Step # 4: Reinstall GRUB

Use grub-install command to install GRUB on your drive /dev/sda
# grub-install /dev/sda

Please note that if above command returned any error return with --recheck option to probe a device map even if it already exists
# grub-install --recheck /dev/sda

Step # 5: Reboot system

Exit from chrooted environment and reboot Linux:
# sync;sync;exit;exit
# reboot

Now GRUB will be able to boot both Windows Vista and Fedora Core 6. In UNIX/Linux dd command can be used to backup and restore the MBR :)