Howto: Add a new yum repository to install software under CentOS / Redhat Linux

Posted on in Categories CentOS, Howto, Linux distribution, RedHat/Fedora Linux, Sys admin, Tips last updated July 18, 2007

CentOS / Fedora Core / RHEL 5 uses yum for software management. Yum allows you to add a new repository as a source to install binary software.

Understanding yum repository

yum repository configured using /etc/yum.conf file. Additional configuration files are also read from the directories set by the reposdir option (default is /etc/yum.repos.d and /etc/yum/repos.d.

RPMforge repository

Usually repository carries extra and useful packages. RPMforge is one of such repository. You can easily configure RPMforge repository for RHEL5 just by running following single RPM command:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
For 64 bit RHEL 5 Linux, enter:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Now you can install software from RPMforge.

How do I install 3rd party repository manually?

Let us say you would like to install 3rd party repository from foo.nixcraft.com. Create a file called foo:
# cd /etc/yum.repos.d
# vi foo

Append following code:
[foo]
name=Foo for RHEL/ CentOS $releasever - $basearch
baseurl=http://foo.nixcraft.com/centos/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://foo.nixcraft.com/RPM-GPG-KEY.txt

Save and close the file.

Where,

  • [foo] : Repository name i.e. The [main] section must exist for yum to do anything.
  • name=Foo for RHEL/ CentOS $releasever – $basearch : A human readable string describing the repository name
  • baseurl=http://foo.nixcraft.com/centos/$releasever/$basearch/ : Must be a URL to the directory where the yum repository’s ‘repodata’ directory lives
  • enabled=1 : Enabled or disabled repo. To disable the repository temporarily, set the enabled to 0
  • gpgcheck=1 : Security feature, use GPG key
  • gpgkey=http://foo.nixcraft.com/RPM-GPG-KEY.txt : GPL file location

Also you need to import the gpg key for the repository as follows:
# rpm --import http://foo.nixcraft.com/RPM-GPG-KEY.txt

Now you are ready to install software from foo repository. For further information refer to yum.conf man page:
$ man yum.conf
$ man yum

Hope this tip will help you to configure repository as and when required.

See also:

Howto Setup yum repositories to update or install package from ISO CDROM Image

nixCraft FAQ Roundup May 14, 2007

Posted on in Categories FAQ last updated May 14, 2007

Recently updated/posted Linux and UNIX FAQ (mostly useful to Linux/UNIX new administrators or users) :

Enjoy!

Redhat Enterprise Linux securely mount remote Linux / UNIX directory or file system using SSHFS

Posted on in Categories Backup, CentOS, File system, Howto, Linux, RedHat/Fedora Linux, Security, Sys admin, Tips last updated May 9, 2007

You can easily mount remote server file system or your own home directory using special sshfs and fuse tools.

FUSE – Filesystem in Userspace

FUSE is a Linux kernel module also available for FreeBSD, OpenSolaris and Mac OS X that allows non-privileged users to create their own file systems without the need to write any kernel code. This is achieved by running the file system code in user space, while the FUSE module only provides a “bridge” to the actual kernel interfaces. FUSE was officially merged into the mainstream Linux kernel tree in kernel version 2.6.14.

You need to use SSHFS to access to a remote filesystem through SSH or even you can use Gmail account to store files.

Following instructions are tested on CentOS, Fedora Core and RHEL 4/5 only. But instructions should work with any other Linux distro without a problem.

Step # 1: Download and Install FUSE

Visit fuse home page and download latest source code tar ball. Use wget command to download fuse package:
# wget http://superb-west.dl.sourceforge.net/sourceforge/fuse/fuse-2.6.5.tar.gz
Untar source code:
# tar -zxvf fuse-2.6.5.tar.gz
Compile and Install fuse:
# cd fuse-2.6.5
# ./configure
# make
# make install

Step # 2: Configure Fuse shared libraries loading

You need to configure dynamic linker run time bindings using ldconfig command so that sshfs command can load shared libraries such as libfuse.so.2:
# vi /etc/ld.so.conf.d/fuse.conf
Append following path:
/usr/local/lib
Run ldconfig:
# ldconfig

Step # 3: Install sshfs

Now fuse is loaded and ready to use. Now you need sshfs to access and mount file system using ssh. Visit sshfs home page and download latest source code tar ball. Use wget command to download fuse package:
# wget http://easynews.dl.sourceforge.net/sourceforge/fuse/sshfs-fuse-1.7.tar.gz
Untar source code:
# tar -zxvf sshfs-fuse-1.7.tar.gz
Compile and Install fuse:
# cd sshfs-fuse-1.7
# ./configure
# make
# make install

Mounting your remote filesystem

Now you have working setup, all you need to do is mount a filesystem under Linux. First create a mount point:
# mkdir /mnt/remote
Now mount a remote server filesystem using sshfs command:
# sshfs [email protected]: /mnt/remote
Where,

  • sshfs : SSHFS is a command name
  • [email protected]: – vivek is ssh username and rock.nixcraft.in is my remote ssh server.
  • /mnt/remote : a local mount point

When promoted supply vivek (ssh user) password. Make sure you replace username and hostname as per your requirements.

Now you can access your filesystem securely using Internet or your LAN/WAN:
# cd /mnt/remote
# ls
# cp -a /ftpdata . &

To unmount file system just type:
# fusermount -u /mnt/remote
or
# umount /mnt/remote

Further readings:

nixCraft FAQ Roundup – Dec 8, 2008

Posted on in Categories FAQ last updated December 8, 2006

Recently updated/posted Linux and UNIX FAQ:

=> Boot Ubuntu Linux into Rescue mode to fix system – How do I boot my Ubuntu Linux server into Rescue mode to fix system?

=> Unable to create installation source – Add directories into YaST as an installation source – I have created my own patch files on the hard drive. How do I add all those directories into Suse Linux YaST as an installation source?

=> How to uninstall GRUB – How do I uninstall GRUB using old good MS-DOS fdisk or Linux/UNIX dd command?

=> Can I run fsck or e2fsck when Linux file system is mounted? Can I run run fsck/e2fsc on a live Linux file system?

=> Configure Sendmail SSL encryption for sending and receiving email – Configure Sendmail MTA to use SSL encryption for sending/receiving email using valid SSL certificate.

=> Linux configure Network Address Translation or NAT – Old good Linux NAT!

=> Use sudo or sudoers to start, stop & restart Apache – Sudo to stop and/or restart Apache web server!

=> How to install firefox-2.0.tar.gz in Linux – I have downloaded firefox file from mozilla web site to my Linux desktop system. The name of file is firefox-2.0.tar.gz. How do I install firefox-2.0.tar.gz in Fedora Core Linux?

Enjoy!

How To: Extract an RPM Package Files Without Installing It

Posted on in Categories CentOS, Data recovery, Howto, Linux, Linux distribution, package management, RedHat/Fedora Linux, Sys admin, Tips last updated October 18, 2006

As most of you may know to how extract a tarballs and/or a zip files. Someone, recently PM me with a question:

Dear nixCraft,

How do I extract an RPM package without installing it on my Fedora Linux or CentOS or RHEL (Red Hat Enterprise Linux) Suse Linux?

Sincerely,

CentOS user.

Force iptables to log messages to a different log file

Posted on in Categories Iptables, Linux, Monitoring, Security last updated October 3, 2006

According to man page:
Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user defined chains.

By default, Iptables log message to a /var/log/messages file. However you can change this location. I will show you how to create a new logfile called /var/log/iptables.log. Changing or using a new file allows you to create better statistics and/or allows you to analyze the attacks.

Iptables default log file

For example, if you type the following command, it will display current iptables log from /var/log/messages file:
# tail -f /var/log/messages
Output:

Oct  4 00:44:28 debian gconfd (vivek-4435): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Oct  4 01:14:19 debian kernel: IN=ra0 OUT= MAC=00:17:9a:0a:f6:44:00:08:5c:00:00:01:08:00 SRC=200.142.84.36 DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=18374 DF PROTO=TCP SPT=46040 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct  4 00:13:55 debian kernel: IN=ra0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:18:de:55:0a:56:08:00 SRC=192.168.1.30 DST=192.168.1.255LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=13461 PROTO=UDP SPT=137 DPT=137 LEN=58

Procedure to log the iptables messages to a different log file

Open your /etc/syslog.conf file:
# vi /etc/syslog.conf
Append following line
kern.warning /var/log/iptables.log
Save and close the file.

Restart the syslogd (Debian / Ubuntu Linux):# /etc/init.d/sysklogd restartOn the other hand, use following command to restart syslogd under Red Hat/Cent OS/Fedora Core Linux:# /etc/init.d/syslog restart

Now make sure you pass the log-level 4 option with log-prefix to iptables. For example:
# DROP everything and Log it
iptables -A INPUT -j LOG --log-level 4
iptables -A INPUT -j DROP

For example, drop and log all connections from IP address 64.55.11.2 to your /var/log/iptables.log file:
iptables -A INPUT -s 64.55.11.2 -m limit --limit 5/m --limit-burst 7 -j LOG --log-prefix '** HACKERS **'--log-level 4
iptables -A INPUT -s 64.55.11.2 -j DROP

Where,

  • –log-level 4: Level of logging. The level # 4 is for warning.
  • –log-prefix ‘*** TEXT ***’: Prefix log messages with the specified prefix (TEXT); up to 29 letters long, and useful for distinguishing messages in the logs.

You can now see all iptables message logged to /var/log/iptables.log file:
# tail -f /var/log/iptables.log

Updated for accuracy.

Lighttpd install and configure Webalizer statistics software

Posted on in Categories lighttpd, RedHat/Fedora Linux, Sys admin, Tips, Ubuntu Linux last updated August 21, 2006
Lighttpd logo

If you are new to Lighttpd, please see how to install and configure Lighttpd web server.

The Webalizer is a fast, free, web-server log files analysis program. It produces highly detailed, easily configurable usage reports in HTML format, for viewing with a standard web browser.
Statistics commonly reported by Webalizer include: hits; visits; referers; the visitors’ countries; and the amount of data downloaded. These statistics can be viewed graphically and presented by different time frames, such as per day, hour, or month.

Install Webalizer

If you are using Fedora Core or Cent Os, type the following command to install
# yum install webalizer

If you are using Debian Linux Os, type the following command to install
# apt-get install webalizer

Webalizer configuration

Let us see how to configure Webalizer for the domain theos.in:

  • Domain name: theos.in
  • Webroot: /home/lighttpd/theos.in/
  • Webalizer Webroot: /home/lighttpd/theos.in/stats
  • Webalizer Reports directory: /home/lighttpd/theos.in/stats/out
  • Webalizer configuration file: /home/lighttpd/theos.in/stats/webalizer.conf
  • Webalizer state log file: /home/lighttpd/theos.in/stats/webalizer.current (This file stored incremental processing state for logs. This is useful for large sites that have to rotate their log files more than once a month [using logrotate] )
  • Webalizer the history file: /home/lighttpd/theos.in/stats/webalizer.hist (keeps the data for up to 12 months worth of logs i.e. you will be able to see last 12 months stats)
    Lighttpd log file location: /var/log/lighttpd/theos.in/access.log

To configure Webalizer, copy /etc/webalizer.conf file to your webroot/stats directory. Type the following commands:
# mkdir -p /home/lighttpd/theos.in/stats
# cp /etc/webalizer.conf /home/lighttpd/theos.in/stats/webalizer.conf

Now open /home/lighttpd/theos.in/stats/webalizer.conf file:
# vi /home/lighttpd/theos.in/stats/webalizer.conf

Setup LogFile location:
LogFile /var/log/lighttpd/theos.in/access.log

Make sure LogType is set to Lighttpd’s Combined web server log format:
LogType clf

Setup statistics report directory where you want to put the output files:
OutputDir /home/lighttpd/theos.in/stats/out

Setup the name of the history file:
HistoryName /home/lighttpd/theos.in/stats/webalizer.hist

Make sure you get stats for last 12 months:
Incremental yes

Specify the filename for saving the incremental data:
IncrementalName /webroot/home/lighttpd/theos.in/stats/webalizer.current

Define the hostname of report:
HostName theos.in

Setup DNSCache file name. Use the same file name for all your domains. This will speed up DNS name lookup (you need to create a directory /var/cache/webalizer):
DNSCache /var/cache/webalizer/dns_cache.db

To get accurate stats you need to hide your own site from stats:
HideSite theos.in

In addition, you need to hide your own site from referrals as it gives most referrals:
HideReferrer theos.in

Save and close the file.

Create a directory to store DNS cache file:
# mkdir -p /var/cache/webalizer

Generate test stats:
$ webalizer -c /home/lighttpd/theos.in/stats/webalizer.conf

Map /home/lighttpd/theos.in/stats/ directory to url:
Since /home/lighttpd/theos.in/stats directory is out of your default webroot (/home/lighttpd/theos.in/html) you will not able to see the stats by visiting url http://theos.in/stats/. You can take the help of Lighttpd’s mod_alias to map urls. Open your configuration file and type following line:
# vi /etc/lighttpd/lighttpd.conf
Append following config directives:
alias.url = (
"/stats/" => "/home/lighttpd/theos.in/stats/out/"
)

Save and close the file. Restart the Lighttpd server:
# /etc/init.d/lighttpd restart

View your stats by visiting http://yourdomain.com/stats/ url . Here is sample stat from my own personal website (Click to enlarge images):

Lighttpd Webalizer stats # 1

Lighttpd Webalizer stats # 2

Lighttpd Webalizer stats # 3

Security

Since your log contains lots of personal information of your visitors (such as IP address, Search string query and much more), it is a good idea to put statistic folder/directory in a password protected directory.

Rotating log files

Finally, you need to configure logrotate to rotate logs files with Lighttpd

How to: Linux flush or remove all iptables rules

Posted on in Categories Debian Linux, Howto, Iptables, Linux, Networking, RedHat/Fedora Linux, Ubuntu Linux last updated June 20, 2005

Here is a small script that does this. Debian or Ubuntu GNU/Linux does not comes with any SYS V init script (located in /etc/init.d directory). You create a script as follows and use it to stop or flush the iptables rules. Please don’t type rules at the command prompt. Use the script to speed up work.

Warning: All the commands must be executed with root privileges.

Procedure for Debian / Ubuntu Linux (Generic method)

First, create /root/fw.stop script using text editor such as vi:

#!/bin/sh
echo "Stopping firewall and allowing everyone..."
ipt="/sbin/iptables"
## Failsafe - die if /sbin/iptables not found
[ ! -x "$ipt" ] && { echo "$0: \"${ipt}\" command not found."; exit 1; }
$ipt -P INPUT ACCEPT
$ipt -P FORWARD ACCEPT
$ipt -P OUTPUT ACCEPT
$ipt -F
$ipt -X
$ipt -t nat -F
$ipt -t nat -X
$ipt -t mangle -F
$ipt -t mangle -X
$ipt iptables -t raw -F
$ipt -t raw -X

Make sure you can execute the script:
# chmod +x /root/fw.stop

Run the script as root user:
# /root/fw.stop

How do I verify that my firewall rules are flushed out?

Type the following command:
# iptables -L -n -v
Sample outputs:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

A note for RedHat (RHEL), CentOS and friends Linux user

Please note that RedHat Enterprise Linux (RHEL), Fedora and Centos Linux comes with pre-installed rc.d script, which can be used to stop the firewall, enter:
# /etc/init.d/iptables stop
OR
# service iptables stop
Sample outputs:

A note about firewalld on CentOS 7/Fedora (latest)/RedHat Enterprise Linux 7.x+ user

Type the following command to stop and flush all rules:
# systemctl stop firewalld

Linux > Command line BitTorrent client

Posted on in Categories Linux, RedHat/Fedora Linux, Shell scripting, Suse Linux, Tip of the day, Tips, Ubuntu Linux, UNIX last updated March 14, 2005

BitTorrent is the name of a peer-to-peer (P2P) file distribution protocol, and of a free software implementation of that protocol.

The BitTorrent client is a computer program developed by BitTorrent, Inc. used to download and upload files via the BitTorrent protocol. You can download python based command line BitTorrent client download for Linux/BSD/Mac OS X/UNIX link oses. This is quite useful, if you would like to download file remotely over SSH session. bittorrent.com offers bittorrent client in .deb (Debian Linux) or rpm (RedHat/Fedora Core/CentOS Linux) file formats.

To use the bittorrent in command line one you need to use command bittorrent-console or bittorrent-curses (see below for examples).

Step # 1: Find Python version

Make sure you download file according to your python version. Type following command to find out python version:
$ python -V
Output:

Python 2.4.2

Step # 2: Download bittorrent client

Use wget to download bittorrent client

Download bittorrent client for Debian Linux:

$ wget http://download.bittorrent.com/dl/bittorrent_5.0.3_python2.4.deb

Download bittorrent clientFor Red Hat / Fedora Core / Cent OS Linux

$ wget http://download.bittorrent.com/dl/BitTorrent-5.0.3-1-Python2.4.noarch.rpm

Step # 3: Linux Install BitTorrent client

First login as a root user (use su or sudo command). If you are using Debian Linux, use dpkg command install bittorrent client
# dpkg -i bittorrent_5.0.3_python2.4.deb
If you are using Red Hat / Fedora Core /Cent OS Linux, use rpm command install bittorrent client:
# rpm -ivh BitTorrent-5.0.3-1-Python2.4.noarch.rpm

Step # 4: Start using or downloading files

Use bittorrent client as follows:
$ /usr/bin/bittorrent-curses 'http://www.some.org/DesktopBSD.iso.torrent'
OR
$ bittorrent-curses 'http://www.some.org/DesktopBSD.iso.torrent'
OR
$ /usr/bin/bittorrent-curses '/path/to/file.torrent'
You can try out pure console based client bittorrent-console instead of curses based client:
$ bittorrent-console '/path/to/file.torrent'
$ /usr/bin/bittorrent-console 'http://www.some.org/DesktopBSD.iso.torrent'

Tips about using and Troubleshooting BitTorrent client

(A) If you get [Errno 2] No such file or directory, you need to use wget or lynx command to download .torrent file to local hard drive first. For example
$ bittorrent-curses 'http://www.mininova.org/get/some_file[222].torrent'
First download download .torrent file using any one of the following method:
$ lynx 'http://www.mininova.org/get/some_file[222].torrent'
When prompted save .torrent file to a hard-disk. Another option is use wget to download .torrent file:
$ wget 'http://www.mininova.org/get/some_file[222].torrent'
Now start the downloading as follows:
$ bittorrent-curses 'some_file[222].torrent'

(B) If you get error ‘This seems to be an old Python version which does not support detecting the filesystem encoding. Assuming ‘ascii’, then upgrade your python version to 2.4.xx:

Debian user upgrade python version using apt-get command:
# apt-get update
# apt-get install python2.4

Red Hat Linux user try out:
# up2date python2.4
Fedora Linux user try out:
# yum install python2.4

Remember if you have both versions (python v2.3 and v2.4) installed, you need to run bittorent client as follows:
$ python2.4 /usr/bin/bittorrent-curses '/path/to/file.torrent'
Command line BitTorrent client should work with other UNIX like operating systems such as FreeBSD/OpenBSD/Solaris etc (as long as you have Python it should work).

The current client enables a range of features including multiple parallel downloads. It also intermediates peering between itself, source file servers (read as trackers) and other clients, thereby yielding great distribution efficiencies. The client also enables users to create and share torrent files. See help files for more information.

See also: