Page not found – ShopingServer Wiki

CentOS / RHEL: Check If A Service Is Running Or Not

msrxp — Sat, 06 Jan 2018 10:16:47 +0000

How do I find out if a service such as MySQL or Apache running on my Centos/RHEL/Fedora Linux server? You need to use service command.

It runs a System V init script in as predictable environment as possible, removing most environment variables and with current working directory set to /. The syntax is as follows:

service SERVER status

/etc/init.d/SERVER status

Examples

Find, out if a service called mysqld (MySQL server) is running on CentOS OR RHEL. Open a terminal or login using ssh, enter:

# service mysqld status

Sample outputs:

mysqld (pid 7556) is running…

Find out status of all services

The service –status-all command runs all init scripts, in alphabetical order, with the status command:

# service –status-all

Sample outputs:

….

…

…..

irqbalance (pid 2183) is running…

iscsi is stopped

iscsid is stopped

Kdump is operational

i5k_amb-isa-0000

Adapter: ISA adapter

Ch. 0 DIMM 0: +63.0Â°C (low = +127.5Â°C, high = +127.5Â°C)

Ch. 0 DIMM 1: +56.5Â°C (low = +127.5Â°C, high = +127.5Â°C)

Ch. 1 DIMM 0: +62.0Â°C (low = +127.5Â°C, high = +127.5Â°C)

Ch. 1 DIMM 1: +49.0Â°C (low = +127.5Â°C, high = +127.5Â°C)

Ch. 2 DIMM 0: +54.0Â°C (low = +127.5Â°C, high = +127.5Â°C)

Ch. 3 DIMM 0: +49.0Â°C (low = +127.5Â°C, high = +127.5Â°C)

coretemp-isa-0000

Adapter: ISA adapter

Core 0: +37.0Â°C (high = +78.0Â°C, crit = +100.0Â°C)

Core 1: +38.0Â°C (high = +78.0Â°C, crit = +100.0Â°C)

Core 2: +34.0Â°C (high = +78.0Â°C, crit = +100.0Â°C)

Core 3: +38.0Â°C (high = +78.0Â°C, crit = +100.0Â°C)

coretemp-isa-0001

Adapter: ISA adapter

Core 0: +40.0Â°C (high = +78.0Â°C, crit = +100.0Â°C)

Core 1: +40.0Â°C (high = +78.0Â°C, crit = +100.0Â°C)

Core 2: +39.0Â°C (high = +78.0Â°C, crit = +100.0Â°C)

Core 3: +39.0Â°C (high = +78.0Â°C, crit = +100.0Â°C)

w83627hf-isa-0290

Adapter: ISA adapter

in0: +4.08 V (min = +0.00 V, max = +4.08 V)

in1: +4.08 V (min = +0.00 V, max = +4.08 V)

in2: +4.08 V (min = +2.82 V, max = +3.79 V) ALARM

in3: +3.07 V (min = +4.08 V, max = +4.05 V) ALARM

in4: +3.12 V (min = +4.08 V, max = +4.08 V) ALARM

in5: +3.15 V (min = +4.08 V, max = +4.06 V) ALARM

in6: +3.20 V (min = +4.08 V, max = +4.06 V) ALARM

in7: +3.28 V (min = +3.82 V, max = +4.06 V) ALARM

in8: +3.28 V (min = +4.06 V, max = +4.06 V) ALARM

fan1: 0 RPM (min = 0 RPM, div = 2)

fan2: 0 RPM (min = 0 RPM, div = 2)

fan3: 0 RPM (min = 0 RPM, div = 2)

temp1: -48.0Â°C (high = +60.0Â°C, hyst = +55.0Â°C) sensor = thermistor

temp2: -48.0Â°C (high = +80.0Â°C, hyst = +75.0Â°C) sensor = thermistor

temp3: -48.0Â°C (high = +80.0Â°C, hyst = +75.0Â°C) sensor = thermistor

cpu0_vid: +1.419 V

beep_enable:enabled

lvmetad is stopped

mdmonitor is stopped

memcached (pid 45560) is running…

messagebus (pid 7066) is running…

mysqld (pid 7556) is running…

netconsole module not loaded

Configured devices:

lo eth0 eth1

Currently active devices:

lo eth0 eth1

rpc.svcgssd is stopped

rpc.mountd (pid 7199) is running…

nfsd (pid 7262 7261 7260 7259 7258 7257 7256 7255) is running…

rpc.rquotad (pid 7195) is running…

rpc.statd (pid 2215) is running…

ntpd (pid 7295) is running…

master (pid 7649) is running…

Process accounting is enabled.

ipmi_msghandler module not loaded.

ipmi_si module not loaded.

ipmi_devintf module not loaded.

/dev/ipmi0 does not exist.

quota_nld is stopped

rdisc is stopped

…..

ps or pgrep command

You can use ps or pgrep command as follows to find out if service is running or not on RHEL/Centos:

# ps aux | grep serviceNameHere

# ps aux | grep mysqld

# pgrep serviceNameHere

match user name ##

# pgrep -u userName serviceNameHere

# pgrep mysqld

# pgrep -u mysql mysqld

Starting service

Say if a service called httpd is not running on server and you wish to start the same:

# service httpd status

if httpd is not running start it ##

# chkconfig httpd on

# service httpd start

References

For more information see man pages – service(8),pgrep(1),ps(1).

Linux / Unix: Shell Script Find Out In Which Directory Script File Resides

msrxp — Sat, 06 Jan 2018 09:58:13 +0000

I need to find out in which directory my bash script resides so that I can read config file called .backup .ignore .target. For example, if my script resides in >/home/foo/script.sh, I need to read /home/foo/.{backup,ignore,target} files.

How do I find out the current directory location and shell script directory location in Bash running on Linux or Unix like operating systems?

You can use any one of the following method to find out the portion of pathname:

basename command – Display filename portion of pathname.

dirname command – Display directory portion of pathname.

Bash parameter substitution.

$0 expands to the name of the shell or shell script.

Examples: Shell script find out which directory the script file resides

The following example display directory path or portion of /home/nixcraft/scripts/foo.sh:

dirname /home/nixcraft/scripts/foo.sh

Sample outputs:

/home/nixcraft/scripts

The following line sets the shell variable i to /home/nixcraft/scripts:

i=dirname /home/nixcraft/scripts/foo.sh

echo $i

i=$(dirname /home/nixcraft/scripts/foo.sh)

echo $i

In bash script use $0 instead of /home/nixcraft/scripts/foo.sh:

#!/bin/bash

script= $0

basename= $(dirname $script)

echo Script name $script resides in $basename directory.

Sample outputs:

Script name /tmp/test.sh resides in /tmp directory.

Using bash shell ${var%pattern} syntax

To Remove from shortest rear (end) pattern use the following syntax:

var=${path%/*}

For example:

x= /Users/nixcraft/scripts/bar.sh

echo ${x%/*}

y= ${x%/*}

echo $y

An updated version of the above script:

#!/bin/bash

# Purpose : Linux / Unix shell script find out which directory this script file resides

# Author : nixCraft under GPL v2.x+

# ————————————————————————————-

script= $0

basename= ${script%/*}

config1= ${basename}/.backup

config2= ${basename}/.ignore

config3= ${basename}/.target

echo Script name $script resides in $basename directory.

echo Reading config file $config1 $config2 $config3, please wait…

Run it as:

$ chmod +x /tmp/test.sh

$ /tmp/test.sh

Sample outputs:

Fig.01 Sample run from test.sh

A note about finding physical or real path

You may not get a real physical path and real path may be a symbolic link. To get physical path use realpath command. The realpath command uses the realpath() function to resolve all symbolic links, extra / characters and references to /./ and /../ in path. This is useful for shell scripting and security related applications.

Another recommended option is to use the readlink command to display value of a symbolic link or canonical file name:

#!/bin/bash

# Purpose : Linux / Unix shell script find out which directory this script file resides

# Author : nixCraft under GPL v2.x+

# ————————————————————————————-

Who am i? ##

Get real path ##

_script= $(readlink -f ${BASH_SOURCE[0]})

Delete last component from $_script ##

_mydir= $(dirname $_script)

Delete /path/to/dir/ component from $_script ##

_myfile= $(basename $_script)

echo Script : $_script

echo Directory portion of $_script : $_mydir

echo Filename portion of $_script : $_myfile

Save and close the file. Run it as follows:

./demo.bash

cd /home/vivek/

../../tmp/demo.bash

/tmp/demo.bash

Sample outputs:

Fig.02: Finding real path

CentOS / RHEL: Install KornShell (KSH)

msrxp — Sat, 06 Jan 2018 09:56:33 +0000

am porting ksh script from Sun/Oracle Unix to Linux. How do I install ksh (KornShell) in CentOS / Fedora / Red Hat Enterprise Linux? How do I run and test ksh script on RHEL/CentOS Linux?

KSH was developed by David Korn at Bell Labs in 1980s. KSH is is quite popular is quite loved by sysadmins to automate everyday tasks on Unix like operating systems. You can install ksh on CentOS / RHEL. KSH-93 is the most recent version of the KornShell. It is a shell programming language, which is upward compatible with “sh” (the Bourne Shell).

Steps to install ksh in Linux

Open the Terminal app.

Type the ‘yum install ksh‘ command on CentOS/RHEL.

Type the ‘dnf install ksh‘ command on Fedora Linux.

Update your shell in /etc/passwd

Start using your ksh shell.

Let us see steps in detailed to install KornShell (KSH) on a RHEL/CentOS Linux based system.

How to install the Korn Shell (KSH)

Open a terminal and then type the following yum command to install the ksh shell:

$ sudo yum install ksh

# yum install ksh

Sample outputs:

Loaded plugins: auto-update-debuginfo, protectbase, rhnplugin, security

This system is receiving updates from RHN Classic or RHN Satellite.

0 packages excluded due to repository protections

Setting up Install Process

Resolving Dependencies

–> Running transaction check

—> Package ksh.x86_64 0:20100621-19.el6_4.4 will be installed

–> Finished Dependency Resolution

Dependencies Resolved

================================================================================

Package Arch Version Repository Size

================================================================================

Installing:

ksh x86_64 20100621-19.el6_4.4 rhel-x86_64-server-6 687 k

Transaction Summary

================================================================================

Install 1 Package(s)

Total download size: 687 k

Installed size: 0

Is this ok [y/N]: y

Downloading Packages:

ksh-20100621-19.el6_4.4.x86_64.rpm | 687 kB 00:00

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : ksh-20100621-19.el6_4.4.x86_64 1/1

Verifying : ksh-20100621-19.el6_4.4.x86_64 1/1

Installed:

ksh.x86_64 0:20100621-19.el6_4.4

Complete!

A note about Fedora Linux users

Type the following command to install ksh on Fedora Linux:

$ sudo dnf install ksh

How can I find out path for ksh shell?

To find out path to the ksh, type:

$ whereis ksh

OR use the grep command as follows:

$ grep –color ksh /etc/shells

Sample outputs:

Fig.01: Finding ksh path

/bin/ksh is now added to list of acceptable shells, verify it with the cat command:

$ cat /etc/shells

Sample outputs:

/bin/bash

/bin/csh

/bin/ksh

/bin/sh

/bin/tcsh

/bin/zsh

How do I set ksh as a default shell?

The superuser (root) may change the login shell for any account using any one of the following syntax:

$ sudo chsh -s /bin/ksh UserNameHere

# chsh -s /bin/ksh UserNameHere

In this example, set default login shell to /bin/ksh for nixcraft user:

# chsh -s /bin/ksh nixcraft

Regular user can type the following command to change their shell to the ksh:

$ chsh -s /bin/ksh

Logout and login again. Verify your shell with the following command:

$ echo $SHELL

Sample outputs:

/bin/ksh

To see ksh version, type:

$ ksh –version

Sample outputs:

version sh (AT&T Research) 93t+ 2010-06-21

Sample ksh program

Create a file called test.ksh using a text editor:

#!/bin/ksh

# Name: test.ksh

# Purpose: My first ksh script

# Author: nixCraft under GPL v2.x+

# ————————————————————————

# set variables

FILE= /etc/passwd

NOW= $(date)

HOSTNAME= hostname

USERS_ACCOUNT= $(wc -l $FILE)

# Greet user

print Hi, $USER. I m $0. I m $SHELL script running on $HOSTNAME at $NOW.

print *** User accounts: $USERS_ACCOUNT

print *** Current working directory: $PWD

print *** Running for loop test just for fun:

for x in {1..3}

print Welcome $x times.

done

Save and close the file. Run it as follows:

chmod +x test.sh

./test.sh

Sample outputs:

Fig.02 Ksh script in action.

OpenSSH Config File Examples

msrxp — Sat, 06 Jan 2018 09:39:40 +0000

ow do I create and setup an OpenSSH config file to create shortcuts for servers I frequently access under Linux or Unix desktop operating systems?

A global or local configuration file for SSH client can create shortcuts for sshd server including advanced ssh client options. You can configure your OpenSSH ssh client using various files as follows to save time and typing frequently used ssh client command line options such as port, user, hostname, identity-file and much more:

System-wide SSH client configuration files

/etc/ssh/ssh_config : This files set the default configuration for all users of OpenSSH clients on that desktop/laptop and it must be readable by all users on the system.

User-specific SSH client configuration files

~/.ssh/config or $HOME/.ssh/config : This is user’s own configuration file which, overrides the settings in the global client configuration file, /etc/ssh/ssh_config.

~/.ssh/config file rules

The rules are as follows to create an ssh config file:

You need to edit ~/.ssh/config with a text editor such as vi.

One config parameter per line is allowed in the configuration file with the parameter name followed by its value or values. The syntax is:

config value

config1 value1 value2

You can use an equal sign (=) instead of whitespace between the parameter name and the values.

config=value

config1=value1 value2

All empty lines are ignored.

All lines starting with the hash (#) are ignored.

All values are case-sensitive, but parameter names are not.

Tip : If this is a brand new Linux, Apple OS X/Unix box, or if you have never used ssh before create the ~/.ssh/ directory first using the following syntax:

mkdir -p $HOME/.ssh

chmod 0700 $HOME/.ssh

Examples

For demonstration purpose my sample setup is as follows:

Local desktop client – Apple OS X or Ubuntu Linux.

Remote Unix server – OpenBSD server running latest OpenSSH server.

Remote OpenSSH server ip/host: 75.126.153.206 (server1.cyberciti.biz)

Remote OpenSSH server user: nixcraft

Remote OpenSSH port: 4242

Local ssh private key file path : /nfs/shared/users/nixcraft/keys/server1/id_rsa

Based upon the above information my ssh command is as follows:

$ ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 nixcraft@server1.cyberciti.biz

$ ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 -l nixcraft server1.cyberciti.biz

You can avoid typing all of the ssh command parameters while logging into a remote machine and/or for executing commands on a remote machine. All you have to do is create an ssh config file. Open the Terminal application and create your config file by typing the following command:

edit file in $HOME dir

vi ~/.ssh/config

edit file in $HOME dir

vi $HOME/.ssh/config

Add/Append the following config option for a shortcut to server1 as per our sample setup:

Host server1

HostName server1.cyberciti.biz

User nixcraft

Port 4242

IdentityFile /nfs/shared/users/nixcraft/keys/server1/id_rsa

Save and close the file. To open your new SSH session to server1.cyberciti.biz by typing the following command:

$ ssh server1

Adding another host

Append the following to your ~/.ssh/config file:

Host nas01

HostName 192.168.1.100

User root

IdentityFile ~/.ssh/nas01.key

You can simply type:

$ ssh nas01

Putting it all together

Here is my sample ~/.ssh/config file that explains and create, design, and evaluate different needs for remote access using ssh client:

default for all ##

Host *

ForwardAgent no

ForwardX11 no

ForwardX11Trusted yes

User nixcraft

Port 22

Protocol 2

ServerAliveInterval 60

ServerAliveCountMax 30

override as per host ##

Host server1

HostName server1.cyberciti.biz

User nixcraft

Port 4242

IdentityFile /nfs/shared/users/nixcraft/keys/server1/id_rsa

Home nas server ##

Host nas01

HostName 192.168.1.100

User root

IdentityFile ~/.ssh/nas01.key

Login AWS Cloud ##

Host aws.apache

HostName 1.2.3.4

User wwwdata

IdentityFile ~/.ssh/aws.apache.key

Login to internal lan server at 192.168.0.251 via our public uk office ssh based gateway using ##

$ ssh uk.gw.lan ##

Host uk.gw.lan uk.lan

HostName 192.168.0.251

User nixcraft

ProxyCommand ssh nixcraft@gateway.uk.cyberciti.biz nc %h %p 2> /dev/null

Our Us Proxy Server ##

Forward all local port 3128 traffic to port 3128 on the remote vps1.cyberciti.biz server ##

$ ssh -f -N proxyus ##

Host proxyus

HostName vps1.cyberciti.biz

User breakfree

IdentityFile ~/.ssh/vps1.cyberciti.biz.key

LocalForward 3128 127.0.0.1:3128

Understanding ~/.ssh/config entries

Host : Defines for which host or hosts the configuration section applies. The section ends with a new Host section or the end of the file. A single * as a pattern can be used to provide global defaults for all hosts.

HostName : Specifies the real host name to log into. Numeric IP addresses are also permitted.

User : Defines the username for the SSH connection.

IdentityFile : Specifies a file from which the user’s DSA, ECDSA or DSA authentication identity is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/id_rsa for protocol version 2.

ProxyCommand : Specifies the command to use to connect to the server. The command string extends to the end of the line, and is executed with the user’s shell. In the command string, any occurrence of %h will be substituted by the host name to connect, %p by the port, and %r by the remote user name. The command can be basically anything, and should read from its standard input and write to its standard output. This directive is useful in conjunction with nc(1) and its proxy support. For example, the following directive would connect via an HTTP proxy at 192.1.0.253:

ProxyCommand /usr/bin/nc -X connect -x 192.1.0.253:3128 %h %p

LocalForward : Specifies that a TCP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. The first argument must be [bind_address:]port and the second argument must be host:hostport.

Port : Specifies the port number to connect on the remote host.

Protocol : Specifies the protocol versions ssh(1) should support in order of preference. The possible values are 1 and 2.

ServerAliveInterval : Sets a timeout interval in seconds after which if no data has been received from the server, ssh(1) will send a message through the encrypted channel to request a response from the server. See blogpost “Open SSH Server connection drops out after few or N minutes of inactivity” for more information.

ServerAliveCountMax : Sets the number of server alive messages which may be sent without ssh(1) receiving any messages back from the server. If this threshold is reached while server alive messages are being sent, ssh will disconnect from the server, terminating the session.

Speed up ssh session

Multiplexing is nothing but send more than one ssh connection over a single connection. OpenSSH can reuse an existing TCP connection for multiple concurrent SSH sessions. This results into reduction of the overhead of creating new TCP connections. Update your ~/.ssh/config:

Host server1

HostName server1.cyberciti.biz

ControlPath ~/.ssh/controlmasters/%r@%h:%p

ControlMaster auto

See “Linux / Unix: OpenSSH Multiplexer To Speed Up OpenSSH Connections” for more info. In this example, I go through one host to reach another server i.e. jump host using ProxyCommand:

~/.ssh/config ##

Host internal

HostName 192.168.1.100

User vivek

ProxyCommand ssh vivek@vpn.nixcraft.net.in -W %h:%p

ControlPath ~/.ssh/controlmasters/%r@%h:%p

ControlMaster auto

For more info see following tutorials:

How To Reuse SSH Connection To Speed Up Remote Login Process Using Multiplexing

How To Setup SSH Keys on a Linux / Unix System

A note about shell aliases (outdated method)

WARNING! This bash shell aliased based setup may work out for you. However, I recommend that you use ~/.ssh/config file for better results in a long run. SSH config file is more advanced and elegant solutions. The alias command only used here for demo purpose and it is here due to historical reasons.

An alias is nothing but shortcut to commands and you can create the alias use the following syntax in your ~/.bashrc file:

create a new bash shell alias as follow ##

alias server1= ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 nixcraft@server1.cyberciti.biz

Then, to ssh into the server1, instead of typing full ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 nixcraft@server1.cyberciti.biz command, you would only have to type the command ‘server1’ and press the [ENTER] key:

$ server1

References

See ssh_config(5) for more information on syntax and some of the other available options.

Top 20 OpenSSH Server Best Security Practices

OpenSSH Config File Examples

msrxp — Sat, 06 Jan 2018 09:36:00 +0000

How do I create and setup an OpenSSH config file to create shortcuts for servers I frequently access under Linux or Unix desktop operating systems?

System-wide SSH client configuration files

/etc/ssh/ssh_config : This files set the default configuration for all users of OpenSSH clients on that desktop/laptop and it must be readable by all users on the system.

User-specific SSH client configuration files

~/.ssh/config or $HOME/.ssh/config : This is user’s own configuration file which, overrides the settings in the global client configuration file, /etc/ssh/ssh_config.

~/.ssh/config file rules

The rules are as follows to create an ssh config file:

You need to edit ~/.ssh/config with a text editor such as vi.

One config parameter per line is allowed in the configuration file with the parameter name followed by its value or values. The syntax is:

config value

config1 value1 value2

You can use an equal sign (=) instead of whitespace between the parameter name and the values.

config=value

config1=value1 value2

Tip : If this is a brand new Linux, Apple OS X/Unix box, or if you have never used ssh before create the ~/.ssh/ directory first using the following syntax:

mkdir -p $HOME/.ssh

chmod 0700 $HOME/.ssh

Examples

For demonstration purpose my sample setup is as follows:

Local desktop client – Apple OS X or Ubuntu Linux.

Local ssh private key file path : /nfs/shared/users/nixcraft/keys/server1/id_rsa

Based upon the above information my ssh command is as follows:

$ ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 nixcraft@server1.cyberciti.biz

$ ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 -l nixcraft server1.cyberciti.biz

edit file in $HOME dir

vi ~/.ssh/config

edit file in $HOME dir

vi $HOME/.ssh/config

Add/Append the following config option for a shortcut to server1 as per our sample setup:

Host server1

HostName server1.cyberciti.biz

User nixcraft

Port 4242

IdentityFile /nfs/shared/users/nixcraft/keys/server1/id_rsa

Save and close the file. To open your new SSH session to server1.cyberciti.biz by typing the following command:

$ ssh server1

Adding another host

Append the following to your ~/.ssh/config file:

Host nas01

HostName 192.168.1.100

User root

IdentityFile ~/.ssh/nas01.key

You can simply type:

$ ssh nas01

Putting it all together

Here is my sample ~/.ssh/config file that explains and create, design, and evaluate different needs for remote access using ssh client:

default for all ##

Host *

ForwardAgent no

ForwardX11 no

ForwardX11Trusted yes

User nixcraft

Port 22

Protocol 2

ServerAliveInterval 60

ServerAliveCountMax 30

override as per host ##

Host server1

HostName server1.cyberciti.biz

User nixcraft

Port 4242

IdentityFile /nfs/shared/users/nixcraft/keys/server1/id_rsa

Home nas server ##

Host nas01

HostName 192.168.1.100

User root

IdentityFile ~/.ssh/nas01.key

Login AWS Cloud ##

Host aws.apache

HostName 1.2.3.4

User wwwdata

IdentityFile ~/.ssh/aws.apache.key

Login to internal lan server at 192.168.0.251 via our public uk office ssh based gateway using ##

$ ssh uk.gw.lan ##

Host uk.gw.lan uk.lan

HostName 192.168.0.251

User nixcraft

ProxyCommand ssh nixcraft@gateway.uk.cyberciti.biz nc %h %p 2> /dev/null

Our Us Proxy Server ##

Forward all local port 3128 traffic to port 3128 on the remote vps1.cyberciti.biz server ##

$ ssh -f -N proxyus ##

Host proxyus

HostName vps1.cyberciti.biz

User breakfree

IdentityFile ~/.ssh/vps1.cyberciti.biz.key

LocalForward 3128 127.0.0.1:3128

Understanding ~/.ssh/config entries

HostName : Specifies the real host name to log into. Numeric IP addresses are also permitted.

User : Defines the username for the SSH connection.

ProxyCommand /usr/bin/nc -X connect -x 192.1.0.253:3128 %h %p

Port : Specifies the port number to connect on the remote host.

Protocol : Specifies the protocol versions ssh(1) should support in order of preference. The possible values are 1 and 2.

Speed up ssh session

Host server1

HostName server1.cyberciti.biz

ControlPath ~/.ssh/controlmasters/%r@%h:%p

ControlMaster auto

See “Linux / Unix: OpenSSH Multiplexer To Speed Up OpenSSH Connections” for more info. In this example, I go through one host to reach another server i.e. jump host using ProxyCommand:

~/.ssh/config ##

Host internal

HostName 192.168.1.100

User vivek

ProxyCommand ssh vivek@vpn.nixcraft.net.in -W %h:%p

ControlPath ~/.ssh/controlmasters/%r@%h:%p

ControlMaster auto

For more info see following tutorials:

How To Reuse SSH Connection To Speed Up Remote Login Process Using Multiplexing

How To Setup SSH Keys on a Linux / Unix System

A note about shell aliases (outdated method)

WARNING! This bash shell aliased based setup may work out for you.

However,

I recommend that you use ~/.ssh/config file for better results in a long run. SSH config file is more advanced and elegant solutions.

The alias command only used here for demo purpose and it is here due to historical reasons.

An alias is nothing but shortcut to commands and you can create the alias use the following syntax in your ~/.bashrc file:

create a new bash shell alias as follow ##

alias server1= ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 nixcraft@server1.cyberciti.biz

$ server1

References

See ssh_config(5) for more information on syntax and some of the other available options.

Top 20 OpenSSH Server Best Security Practices

CentOS / RHEL: Install iftop To Display Bandwidth Usage Per interface By Host

msrxp — Sat, 06 Jan 2018 09:20:47 +0000

am running Red Hat Enterprise Linux on IBM based system. How do I display bandwidth usage on an interface by host in real time using command line option? How do I monitor bandwidth usage in a real time on RHEL or CentOS Linux based server? How can I install iftop utility on CentOS or RHEL server using the yum command?

You can install and use iftop utility on Linux. This command listens to network traffic on a given interface (such as eth0 or eth1), and shows a table of current bandwidth usage by pairs of hosts. iftop must be run with sufficient permissions (usually as root user) to monitor all network traffic on the interface.

Install iftop

First, turn on EPEL repo on Linux. See how to install and enable epel repo on CentOS / RHEL / Scientific Linux v4.x/5.x/6.x for more information. Type the following yum command to install iftop on RHEL/CentOS/Fedora Linux:

# yum -y install iftop

Sample outputs:

Fig.01: iftop installed using yum command

How do I use iftop command?

The syntax is:

iftop

iftop [options]

iftop -i interface

iftop -i eth0 -f filter_code

Examples

Simply type the following command to monitor traffic on eth0:

# iftop -i eth0

Sample outputs:

Animated gif 01: iftop in action on CentOS/RHEL

DON’T DO DNS HOSTNAME LOOKUPS

By default, iftop will look up the hostnames associated with addresses it finds in packets. Pass the -n option to disable dns lookup:

# iftop -n -i eth0

HIDE SERVICE NAME AND PORT NUMBERS

Pass the -N option to hide resolve port number to service names:

# iftop -N -i eth0

FIND OUT PACKETS FLOWING IN AND OUT OF 192.168.1.0/24 NETWORK

Use the -F option to set net/mask for traffic analysis. In this example, find out packets flowing in and out of the 192.168.1.0/24 network. This is useful to find out if why the network is slow:

# iftop -F 192.168.1.0/255.255.255.0 -i eth0

ICMP BANDWIDTH STATS

Find out more about icmp ping requests and bandwidth usage per interface by host. Use the -f to set filter:

# iftop -f icmp -i eth0

HIDE BAR GRAPHS

Pass the -b option to turn off display bar graphs of traffic:

# iftop -b -i eth0

Pass the -B option to display bandwidth rates in bytes/sec rather than bits/sec:

# iftop -B -i eth0

IMPORTANT KEYBOARD SHORTCUTS

Press t control display type. The t cycles through the four line display modes; the default 2-line display, with sent and received traffic on separate lines, and 3 1-line displays, with sent, received, or total traffic shown.

Press P to pause the current display.

Press o to freeze the current screen order. This has the side effect that traffic between hosts not shown on the screen at the time will not be shown at all, although it will be included in the totals at the bottom of the screen.

Press j and k to scroll the display of hosts. This is useful for busy servers.

HowTo: Create a Self-Signed SSL Certificate on Nginx For CentOS / RHEL

msrxp — Sat, 06 Jan 2018 09:17:46 +0000

operate a small web site on Cloud server powered by CentOS Linux v6.4. I would like to encrypt my site’s information and create a more secure connection. How do I create a self-signed SSL certificate on Nginx for CentOS/Fedora or Red Hat Enterprise Linux based server?

The ssl encrypts your connection. For example, a visit to https://www.cyberciti.biz/ result into the following:

All pages were encrypted before being transmitted over the Internet.

Encryption makes it very difficult to unauthorized person to view information traveling between client browser and nginx server.

A note about a self-signed certificates vs a third party issued certificates

Fig.01: Cyberciti.biz connection encrypted and verified by a third party CA called GeoTrust, Inc.

Usually, an SSL certificate issued by a third party. It provides privacy and security between two computers (client and server) on a public network by encrypting traffic. CA (Certificate Authorities) may issue you a SSL certificate that verify the organizational identity (company name), location, and server details.

A self-signed certificate encrypt traffic between client (browser) and server. However, it can not verify the organizational identity. You are not depend upon third party to verify your location and server details.

Our sample setup

Domain name: theos.in

Directory name: /etc/nginx/ssl/theos.in

SSL certificate file for theos.in: /etc/nginx/ssl/theos.in/self-ssl.crt

ssl certificate key for theos.in: /etc/nginx/ssl/theos.in/self-ssl.key

Nginx configuration file for theos.in: /etc/nginx/virtual/theos.in.conf

Step #1: Make sure SSL aware nginx installed

Simply type the following command to verify nginx version and feature:

$ /usr/sbin/nginx -V

Sample outputs

nginx version: nginx/1.4.3

built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)

TLS SNI support enabled

configure arguments: –prefix=/etc/nginx –sbin-path=/usr/sbin/nginx –conf-path=/etc/nginx/nginx.conf

…

….

If nginx is not installed, type the following command to download and install nginx using yum command:

# yum install nginx

See how to install Nginx web server On CentOS Linux 6 or Red Hat Enterprise Linux 6 using yum command for more information.

Step #2: Create a directory

Type the following mkdir command to create a directory to store your ssl certificates:

# mkdir -p /etc/nginx/ssl/theos.in

Use the following cd command to change the directory:

# cd /etc/nginx/ssl/theos.in

Step #3: Create an SSL private key

To generate an SSL private key, enter:

# openssl genrsa -des3 -out self-ssl.key 1024

OR better try 2048 bit key:

# openssl genrsa -des3 -out self-ssl.key 2048

Sample outputs:

Generating RSA private key, 1024 bit long modulus

…++++++

……………++++++

e is 65537 (0x10001)

Enter pass phrase for self-ssl.key: Type-Your-PassPhrase-Here

Verifying – Enter pass phrase for self-ssl.key: Retype-Your-PassPhrase-Here

Warning: Make sure you remember passphrase. This passphrase is required to access your SSL key while generating csr or starting/stopping ssl.

Step #4: Create a certificate signing request (CSR)

To generate a CSR, enter:

# openssl req -new -key self-ssl.key -out self-ssl.csr

Sample outputs:

Enter pass phrase for self-ssl.key: Type-Your-PassPhrase-Here

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter . , the field will be left blank.

Country Name (2 letter code) [XX]:IN

State or Province Name (full name) []:Delhi

Locality Name (eg, city) [Default City]:New Delhi

Organization Name (eg, company) [Default Company Ltd]:nixCraft LTD

Organizational Unit Name (eg, section) []:IT

Common Name (eg, your name or your server s hostname) []:theos.in

Email Address []:webmaster@nixcraft.com

Please enter the following extra attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

Step #5: Remove passphrase for nginx (optional)

You can remove passphrase from self-ssl.key for nginx server, enter:

# cp -v self-ssl.{key,original}

# openssl rsa -in self-ssl.original -out self-ssl.key

# rm -v self-ssl.original

Sample outputs:

Enter pass phrase for self-ssl.original: Type-Your-PassPhrase-Here

writing RSA key

Step #6: Create certificate

Finally, generate SSL certificate i.e. sign your SSL certificate with your own .csr file for one year:

# openssl x509 -req -days 365 -in self-ssl.csr -signkey self-ssl.key -out self-ssl.crt

Sample outputs:

Signature ok

subject=/C=IN/ST=Delhi/L=New Delhi/O=nixCraft LTD/OU=IT/CN=theos.in/emailAddress=webmaster@nixcraft.com

Getting Private key

Step #7: Configure the Certificate for nginx

Edit /etc/nginx/virtual/theos.in.conf, enter:

# vi /etc/nginx/virtual/theos.in.conf

The general syntax is as follows for nginx SSL configuration:

server {

#for ipv4

listen 443 ssl http2;

#for ipv6

#listen [::]:443 ssl http2;

ssl_certificate /path/to/self-ssl.crt;

ssl_certificate_key /path/to/self-ssl.key;

server_name theos.in;

location / {

….

…

….

}

Here is my sample config for theos.in:

server {

###########################[Note]##############################

## Note: Replace IP and server name as per your actual setup ##

###############################################################

## IP:Port and server name

listen 75.126.153.211:443 ssl http2;

server_name theos.in;

## SSL settings

ssl_certificate /etc/nginx/ssl/theos.in/self-ssl.crt;

ssl_certificate_key /etc/nginx/ssl/theos.in/self-ssl.key;

## SSL caching/optimization

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS ;

ssl_prefer_server_ciphers on;

ssl_session_cache shared:SSL:50m;

ssl_session_timeout 1d;

ssl_session_tickets off;

## SSL log files

access_log /var/log/nginx/theos.in/ssl_theos.in_access.log;

error_log /var/log/nginx/theos.in/ssl_theos.in_error.log;

## Rest of server config goes here

location / {

proxy_set_header Accept-Encoding ;

proxy_set_header Host $http_host;

proxy_set_header X-Forwarded-By $server_addr:$server_port;

proxy_set_header X-Forwarded-For $remote_addr;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

## Hey, ADD YOUR location / specific CONFIG HERE ##

## STOP: YOUR location / specific CONFIG HERE ##

}

Step #8: Restart/reload nginx

Type the following command

# /usr/sbin/nginx -t

Sample outputs:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

To gracefully restart/reload nginx server, type the following command:

# /etc/init.d/nginx reload

# /usr/sbin/nginx -s reload

# service nginx reload

Step #9: Open TCP HTTPS port # 443

Type the following command to open port # 443 for everyone:

# /sbin/iptables -A INPUT -m state –state NEW -p tcp –dport 443 -j ACCEPT

Save new firewall settings:

# service iptables save

See how to setup firewall for a web server for more information.

Step 10: Test it

Fire a browser and type the following url:

https://theos.in/

Sample outputs:

Fig.02: SSL connection is not verified due to self-signed certificate. Click the “Add Exception” button to continue.

Step 11: Verify SSL certificats

You can verify SSL Certificate using the following command:

# openssl verify pem-file

# openssl verify self-ssl.crt

RHEL / CentOS 6.x KVM Virtualization Installation and Configuration Guide

msrxp — Sat, 06 Jan 2018 09:08:49 +0000

ow do I setup and manage a virtualized environment with Kernel based Virtual Machine (KVM) in CentOS or Red Hat Enterpise Linux version 6 server on IBM server? Can you provide step-by-step commands of how to install and manage Virtual Machines (VMs) on a physical server using KVM for RHEL/CentOS version 6.4?

KVM is part of RHEL and CentOS Linux. You can easily install the same using the following commands. Please note that only the package names have changed in RHEL/CentOS 6.x. If you are using RHEL / CentOS 5.x, read our previous CentOS / Redhat (RHEL) v.5.x KVM Virtulization guide for more information.

Install required KVM RPMs/packages

Type the following yum command

# yum groupinstall Virtualisation Tools Virtualization Platform

# yum install python-virtinst

# yum install kvm qemu-kvm python-virtinst libvirt libvirt-python virt-manager libguestfs-tools

Sample outputs:

Loaded plugins: product-id, protectbase, rhnplugin

This system is receiving updates from RHN Classic or RHN Satellite.

0 packages excluded due to repository protections

Setting up Install Process

Package libvirt-0.10.2-18.el6_4.15.x86_64 already installed and latest version

Resolving Dependencies

–> Running transaction check

—> Package libguestfs-tools.x86_64 1:1.16.34-2.el6 will be installed

–> Processing Dependency: libguestfs-tools-c = 1:1.16.34-2.el6 for package: 1:libguestfs-tools-1.16.34-2.el6.x86_64

….

spice-glib.x86_64 0:0.14-7.el6_4.3

spice-gtk.x86_64 0:0.14-7.el6_4.3

spice-gtk-python.x86_64 0:0.14-7.el6_4.3

spice-server.x86_64 0:0.12.0-12.el6_4.5

vgabios.noarch 0:0.6b-3.7.el6

vte.x86_64 0:0.25.1-8.el6_4

Complete!

Turn on libvirtd service

The libvirtd program is the server side daemon component of the libvirt virtualization management system. Type the following chkconfig command to turn it on:

# chkconfig libvirtd on

Start the libvirtd service by typing the following service command:

# service libvirtd start

Sample outputs:

Starting libvirtd daemon: [ OK ]

You can verify the libvirtd service by tying the following commands:

# service libvirtd status

libvirtd (pid 31128) is running…

# virsh -c qemu:///system list

Id Name State

Sample setup

+————-+

| CentOS/RHEL | |—–|

–>ISP router—+ Box Host w/ +— eth0 –>-+ br0 + Private IP

| KVM | | |

+————-+— eth1 –>-+ br1 | Public IP

|—–|

vm1-+—vm2—-vm3—vm4

*** NOTE: each VMs will have two interface i.e. Private and Public *****

Where,

eth0 – KVM servers’ LAN interface.

eth1 – KVM servers’ WAN/Internet interface.

br0 – KVM servers’ bridge interface to give VM direct access to all the resources on the LAN.

br1 – KVM servers’ bridge interface to give VM direct access to all the resources on the WAN/Internet. Users can ssh into VMs or you can host HTTPD/SMTPD using this interface.

obsd-vm1 (vm1) – OpenBSD VM name.

rhel-vm1 (vm2) – RHEL VM name.

Install and configure a network bridge

All VMs will only have network access to host and other VMs on same physical server via private network. You need to crate a network bridge so that the VMs can access your LAN and possible the Internet/WAN from outside. Type the following yum command to install bridge-utils package:

# yum install bridge-utils

Setup a default gateway

Edit /etc/sysconfig/network as follows

# cat /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=kvm-42.cyberciti.biz

I am routing internet traffic via br1 ##

GATEWAYDEV=br1

Configure bridging

Update /etc/sysconfig/network-scripts/ifcfg-eth0 (private) as follows:

# cat /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

ONBOOT=yes

HWADDR=00:30:48:C6:0A:D8

BRIDGE=br0

Update /etc/sysconfig/network-scripts/ifcfg-eth1 (public) as follows:

# cat /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1

ONBOOT=yes

HWADDR=00:30:48:C6:0A:D9

BRIDGE=br1

Create/edit the /etc/sysconfig/network-scripts/ifcfg-br0 file to setup private/lan ip address for br0:

# cat /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0

TYPE=Bridge

BOOTPROTO=static

ONBOOT=yes

setup LAN/VLAN ips as per your needs ##

IPADDR=10.10.29.66

NETMASK=255.255.255.192

DELAY=0

Create/edit the /etc/sysconfig/network-scripts/ifcfg-br1 file to setup public/wan/internet ip address for br1:

# cat /etc/sysconfig/network-scripts/ifcfg-br1

DEVICE=br1

TYPE=Bridge

BOOTPROTO=static

ONBOOT=yes

setup INTERNET ips as per your needs ##

IPADDR=74.ww.xx.yy

NETMASK=255.255.255.248

GATEWAY=74.ww.xx.yy

DELAY=0

I need to route all lan traffic (subnet 10.0.0.0/8) via 10.10.29.65 gateway. Create/edit file /etc/sysconfig/network-scripts/route-br0 as follows:

# cat /etc/sysconfig/network-scripts/route-br0

10.0.0.0/8 via 10.10.29.65

Warning: Restarting network service over the ssh session may result into total loss of the connectivity to the server. So make sure br0 and br1 configuration including routing set correctly.

A note about SELinux

I have not disabled SELinux on CentOS / RHEL. I do not recommend disabling SELinux. So make sure the config file has correct SELinux permissions:

# ls -Z /etc/sysconfig/network-scripts/{route-br0,ifcfg-eth?,ifcfg-br?}

Sample outputs:

-rw-r–r–. root root system_u:object_r:net_conf_t:s0 /etc/sysconfig/network-scripts/ifcfg-br0

-rw-r–r–. root root system_u:object_r:net_conf_t:s0 /etc/sysconfig/network-scripts/ifcfg-br1

-rw-r–r–. root root system_u:object_r:net_conf_t:s0 /etc/sysconfig/network-scripts/ifcfg-eth0

-rw-r–r–. root root system_u:object_r:net_conf_t:s0 /etc/sysconfig/network-scripts/ifcfg-eth1

-rw-r–r–. root root system_u:object_r:net_conf_t:s0 /etc/sysconfig/network-scripts/route-br0

Use restorecon command to set or restore file(s) default SELinux security contexts:

# restorecon -Rv /etc/sysconfig/

If you are going to reboot the SELinux enabled server, make sure you type the following command:

# touch /.autorelabel

# reboot

Restart the networking service

Type the following command to restart networking on RHEL/CentOS/SL:

# service network restart

Verify br0/br1 settings

Type the following commands:

# brctl show

# ip addr show br0

# ip addr show br1

# ip route

# ping cyberciti.biz

Creating VMs

You need to use virt-install command.

Example: Create OpenBSD VM

Grab, installation media:

# cd /var/lib/libvirt/boot/

# wget http://ftp.openbsd.org/pub/OpenBSD/5.4/amd64/install54.iso

In this example, I am using virt-install to create a OpenBSD 5.4_amd64 VM named obsd-vm1 with one virtual CPU, 1 GB memory and 10 GB of disk space:

# virt-install \

-n obsd-vm1 \

–description cyberciti.biz OpenBSD 5.4 64 bit VM1 \

–ram=1024 \

–vcpus=1 \

–cpu host \

–os-variant=openbsd4 \

–accelerate \

–hvm \

–cdrom /var/lib/libvirt/boot/install54.iso \

–network bridge:br0,model=virtio –network bridge:br1,model=virtio \

–graphics vnc \

–disk path=/var/lib/libvirt/images/openbsd-vm1-cyberciti.biz.img,bus=virtio,size=10

VIRT-INSTALL OPTIONS

-n obsd-vm1 : The name of the VM.

–description cyberciti.biz OpenBSD 5.4 64 bit VM1 : The long description of the VM.

–ram=1024 : 1024MB is the amount of memory allocated to the VM.

–vcpus=1 : The number of virtual CPU(s) for the VM.

–cpu host : Optimize CPU properties for the VM.

–os-variant=openbsd4 : This is the VM OS type.

–accelerate : Prefer KVM or KQEMU (in that order) if installing a QEMU guest. This option is no longer required.

–hvm : Request the use of full virtualization.

–cdrom /var/lib/libvirt/boot/install54.iso : Install OpeBSD v5.4 from an iso the location parameter.

–network bridge:br0,model=virtio –network bridge:br1,model=virtio : Create a network bridge using br0 and br1 i.e. the VM will have two network interface for LAN and Internet.

–graphics vnc : Use VNC to access installation using vnc server/viewer from your local Linux/OSX/Unix/Windows desktop.

–disk path=/var/lib/libvirt/images/openbsd-vm1-cyberciti.biz.img,bus=virtio,size=10 : This is is the image file for the VM, the size is specified in GBs and I am forcing vio driver. The virtio driver provides support service for paravirtualized devices using the VirtIO protocol.

How do I connect to OpenBSD installer from my local desktop?

Type the following command on your local desktop:

# ssh -L 5900:127.0.0.1:5900 root@KVM-Server-IP-Here

# ssh -L 5900:127.0.0.1:5900 -N -f -l root kvm-42.cyberciti.biz

Use VNC client to connect to 127.0.0.1:5900. Now, just follow on-screen instructions:

Fig.01: OpenBSD installation started over the VNC session

Before rebooting the installer make sure you setup com0 console for the VM. For example, for a OpenBSD VM, append the following parameters to the file /etc/boot.conf and then reboot the VM:

stty com0 115200

set tty com0

See how to stup SSH to tunnel VNC traffic though the Internets for more information.

How do I start my VM after OpenBSD install is finished?

The virt-install will create a config file for VM at /etc/libvirt/qemu/obsd-vm1.xml. To start VM called obsd-vm1, enter:

# virsh start obsd-vm1

How do I access a VMs console?

# virsh console obsd-vm1

Sample outputs:

Fig.02: Getting access to a OpenBSD VM console when networking is down

Final example: Create RHEL VM using DVD

Type the following command:

# virt-install \

–name RHEL-vm1 \

–description cyberciti.biz RHEL 6.4 64 bit VM1 \

–ram=2048 \

–vcpus=2 \

–disk path=/var/lib/libvirt/images/rhel-vm1-cyberciti.biz.img,size=20 \

–cdrom /var/lib/libvirt/boot/RHEL.6.4.Server-DVD1.iso \

–network bridge:br0 –network bridge:br1 \

–graphics vnc

Before rebooting the installer make sure you setup com0 console for the VM. For example, for a RHEL/CentOS VM, append the following parameters to the kernel boot line in /boot/grub.conf file and then reboot the VM:

console=tty0 console=ttyS1,19200n8

Stay tuned for the following advanced topics in RHEL/CentOS v6.x KVM (rss) series:

Firewall, kVM & VMs security configuration.

Attaching storage device to a VM.

Changing VM parameters such as RAM, CPU, Disk and more.

Managing and cloning VMs and more.

HowTo: Upgrade CentOS Linux 6.4/6.3/6.2/6.1/6.0 to v6.5

omid — Sat, 06 Jan 2018 09:06:03 +0000

entOS Linux v6.5 has been released and available via repos for immediate update. The new version includes several hundred bug fixes for, and enhancements to the Linux kernel. How do I upgrade from CentOS Linux version 6.0 / 6.1 / 6.2 / 6.3 or 6.4 to the latest version 6.5?

You can only upgrade from minor release as CentOS does not support in-place upgrades between any major versions of CentOS Linux. However, a minor upgrade can be done easily and recommended for all users.

Back up any important data on the server/workstation

Make a backup – it cannot be stressed enough how important it is to make a backup of your system before you do this. You need to backup config files, user data stored in $HOME, pgsql/msyql/oracle and co databases, and web apps files. In short, backup all the data. Most of the actions listed in this post are written with the assumption that they will be executed by the root user running the bash or any other modern shell.

See your current CentOS release information

Type the following commands to see current version:

$ uname -mrs

$ cat /etc/redhat-release

Sample outputs:

CentOS release 6.4 (Final)

Show list of available updates

To list all packages with updates available with new release, enter:

# yum clean all

# yum check-update

# yum clean all

# yum list updates

Sample outputs:

Loaded plugins: downloadonly, fastestmirror, security

Loading mirror speeds from cached hostfile

* base: centos.mirrors.tds.net

* extras: lug.mtu.edu

* updates: yum.singlehop.com

Updated Packages

abrt.x86_64 2.0.8-21.el6.centos base

abrt-addon-ccpp.x86_64 2.0.8-21.el6.centos base

abrt-addon-kerneloops.x86_64 2.0.8-21.el6.centos base

abrt-addon-python.x86_64 2.0.8-21.el6.centos base

abrt-cli.x86_64 2.0.8-21.el6.centos base

….

…

sysvinit-tools.x86_64 2.87-5.dsf.el6 base

udev.x86_64 147-2.51.el6 base

util-linux-ng.x86_64 2.17.2-12.14.el6 base

xmlrpc-c.x86_64 1.16.24-1210.1840.el6 base

xmlrpc-c-client.x86_64 1.16.24-1210.1840.el6 base

xorg-x11-drv-ati-firmware.noarch 7.1.0-3.el6 base

Note: Upgrade speed depends upon various factors such as the current system load, upstream rpm fetch server bandwidth and your Internet connection speed.

CentOS Linux: Upgrading your current system

Type the following yum command to upgrade:

# yum clean all

Sample outputs:

Loaded plugins: downloadonly, fastestmirror, security

Cleaning repos: base extras updates

Cleaning up Everything

Cleaning up list of fastest mirrors

To update, enter:

# yum update

Sample outputs:

Loaded plugins: downloadonly, fastestmirror, security

Determining fastest mirrors

* base: mirrors.einstein.yu.edu

* extras: mirrors.loosefoot.com

* updates: yum.singlehop.com

base | 3.7 kB 00:00

base/primary_db | 4.4 MB 00:01

extras | 3.4 kB 00:00

extras/primary_db | 18 kB 00:00

updates | 3.4 kB 00:00

updates/primary_db | 26 kB 00:00

Setting up Update Process

Resolving Dependencies

–> Running transaction check

—> Package abrt.x86_64 0:2.0.8-16.el6.centos.1 will be updated

—> Package abrt.x86_64 0:2.0.8-21.el6.centos will be an update

—> Package abrt-addon-ccpp.x86_64 0:2.0.8-16.el6.centos.1 will be updated

—> Package abrt-addon-ccpp.x86_64 0:2.0.8-21.el6.centos will be an updateInstalling for dependencies:

….

…

lzo x86_64 2.03-3.1.el6 base 55 k

make x86_64 1:3.81-20.el6 base 389 k

p11-kit x86_64 0.18.5-2.el6 base 94 k

p11-kit-trust x86_64 0.18.5-2.el6 base 71 k

shared-mime-info x86_64 0.70-4.el6 base 209 k

snappy x86_64 1.1.0-1.el6 base 39 k

Transaction Summary

================================================================================

Install 7 Package(s)

Upgrade 128 Package(s)

Total download size: 122 M

Is this ok [y/N]: y

Downloading Packages:

(1/135): abrt-2.0.8-21.el6.centos.x86_64.rpm | 208 kB 00:00

(2/135): abrt-addon-ccpp-2.0.8-21.el6.centos.x86_64.rpm | 116 kB 00:00

(3/135): abrt-addon-kerneloops-2.0.8-21.el6.centos.x86_6 | 65 kB 00:00

(4/135): abrt-addon-python-2.0.8-21.el6.centos.x86_64.rp | 65 kB 00:00

(5/135): abrt-cli-2.0.8-21.el6.centos.x86_64.rpm | 54 kB 00:00

….

…

Updating : openssh-clients-5.3p1-94.el6.x86_64 107/263

Updating : openssh-server-5.3p1-94.el6.x86_64 108/263

warning: /etc/ssh/sshd_config created as /etc/ssh/sshd_config.rpmnew

Updating : parted-2.1-21.el6.x86_64 109/263

Updating : biosdevname-0.5.0-2.el6.x86_64 110/263

Updating : libdrm-2.4.45-2.el6.x86_64 111/263

…

Verifying : lvm2-2.02.98-9.el6_4.3.x86_64 262/263

Verifying : efibootmgr-0.5.4-10.el6.x86_64 263/263

Installed:

kernel.x86_64 0:2.6.32-431.el6

Dependency Installed:

lzo.x86_64 0:2.03-3.1.el6 make.x86_64 1:3.81-20.el6

p11-kit.x86_64 0:0.18.5-2.el6 p11-kit-trust.x86_64 0:0.18.5-2.el6

shared-mime-info.x86_64 0:0.70-4.el6 snappy.x86_64 0:1.1.0-1.el6

Updated:

abrt.x86_64 0:2.0.8-21.el6.centos

abrt-addon-ccpp.x86_64 0:2.0.8-21.el6.centos

….

systemtap-runtime.x86_64 0:2.3-3.el6

sysvinit-tools.x86_64 0:2.87-5.dsf.el6

udev.x86_64 0:147-2.51.el6

util-linux-ng.x86_64 0:2.17.2-12.14.el6

xmlrpc-c.x86_64 0:1.16.24-1210.1840.el6

xmlrpc-c-client.x86_64 0:1.16.24-1210.1840.el6

xorg-x11-drv-ati-firmware.noarch 0:7.1.0-3.el6

Complete!

(Command output truncated to fit on this page)

Reboot the Linux server using any one of the following method:

# reboot

# shutdown -r now

Sample outputs:

Broadcast message from vivek@db1

(/dev/pts/0) at 2:20 …

The system is going down for reboot NOW!

[root@db1 vivek]# Connection to 173.xxx.yyy.zzz closed by remote host.

Connection to 173.xxx.yyy.zz closed.

Verification: After rebooting the box

Verify that everything is working fine and you have been upgraded to the latest CentOS Linux v6.5 release with the following commands:

# uname -a

# cat /etc/redhat-release

Sample outputs:

Fig.01: CentOS Linux 6.5 Final

Verify open ports and make sure your apps are running without any problems with the following commands:

# netstat -tulpn

# tail -f /var/log/messages

# tail -f /path/to/log/files

# ps aux | less

# ps aux | egrep httpd|mysql

# pgrep my_app

See yum(8) for more information.

CentOS / RHEL: See Detailed History Of yum Commands

msrxp — Sat, 06 Jan 2018 08:52:04 +0000

would like to see detailed information on the history of yum transactions such as updates, deleted packages, and other information. How do I see history of yum commands on CentOS / RHEL 6.x based server? How do I undo or redo or rollback packages using yum command?

The yum command has history option on the latest version of CentOS / RHEL v6.x+. To database are normally found in /var/lib/yum/history/ directory. The history option was added at the the end of 2009 (or thereabouts) to yum command. The history command allows an admin to access detailed information on the history of yum transactions that have been run on a system. You can see what has happened in past transactions (assuming the history_record config. option is set). You can use various command line options to view what happened, undo/redo/rollback to act on that information and start a new history file.

Prerequisite

You need yum version 3.2.xx or CentOS/RHEL 6.x. Verify this with the following command:

# yum info yum | grep –color Version

Sample outputs from CentOS v6.5:

Version : 3.2.29

yum history command syntax

The basic syntax is:

yum history

yum history command #ID

yum history [options]

Examples

First, verify that history has been configured for yum command.

# ls -l /var/lib/yum/history/

Sample outputs:

total 1036

drwxr-xr-x. 30 root root 4096 Dec 9 11:40 2012-11-08

-rw——-. 1 root root 1050624 Dec 9 11:40 history-2012-11-08.sqlite

List your history

Type the following command:

# yum history

# yum history list

Sample outputs:

Fig.01: yum history in action

Where,

ID – Transaction number.

Date and time – The date and time when a transaction was issued by yum.

Action(s) – A list of actions that were performed during a transaction as follows:

D or Downgrade – Package has been downgraded to an older version.

E or Erase – Package has been removed.

I or Install – New package has been installed.

O or Obsoleting – Package has been marked as obsolete.

R or Reinstall – Package has been reinstalled.

U or Update – Package has been updated to a newer version.

Altered â€” The number of packages that were affected by a yum, as follows:

*lt; – Before the transaction finished, the rpmdb database was changed outside yum.

– After the transaction finished, the rpmdb database was changed outside yum.

* – The transaction failed to finish.

# – The transaction finished successfully, but yum returned a non-zero exit code.

E – The transaction finished successfully, but an error or a warning was displayed.

P – The transaction finished successfully, but problems already existed in the rpmdb database.

s – The transaction finished successfully, but the –skip-broken command line option was used and certain packages were skipped.

To see all transactions, pass the add option as follows:

# yum history list all

You can list only one transactions or transactions in a given range:

# yum history list 7

# yum history list 1..3

Sample outputs:

Loaded plugins: downloadonly, fastestmirror, security

ID | Login user | Date and time | Action(s) | Altered

3 | 106300 | 2013-08-12 15:14 | Update | 1

2 | 88177 | 2012-11-09 14:24 | Install | 2

1 | System | 2012-11-08 19:19 | Install | 380

history list

List summary of all all past transactions

The syntax is:

# yum history summary

# yum history summary 3

# yum history summary 1..3

Sample outputs:

Loaded plugins: downloadonly, fastestmirror, security

| Last day | Install | 1

| Last week | E, I | 3

root | Last week | Update | 1

| Last 2 weeks | I, U | 139

| Last 3 months | Update | 1

root | Last 3 months | I, O, U | 284

106300 | Last 6 months | I, U | 6

88177 | Over a year ago | Install | 2

System | Over a year ago | Install | 380

history summary

Find out history of a package called nginx

The basic syntax is:

# yum history list PackageNameHere

# yum history list nginx

Sample outputs:

Loaded plugins: downloadonly, fastestmirror, security

ID | Login user | Date and time | Action(s) | Altered

28 | | 2013-12-09 11:40 | Install | 1 EE

history list

You can also see complete history as follows for mysql package including version number, run:

# yum history package-list mysql

Sample outputs:

Loaded plugins: downloadonly, fastestmirror, security

ID | Action(s) | Package

26 | Install | mysql-5.1.71-1.el6.x86_64

25 | Erase | mysql-5.1.71-1.el6.x86_64 EE

24 | Install | mysql-5.1.71-1.el6.x86_64

history package-list

Now, use ID #24 to get detailed information on mysql package:

# yum history info 24

Sample outputs:

Loaded plugins: downloadonly, fastestmirror, security

Transaction ID : 24

Begin time : Mon Dec 2 11:35:59 2013

Begin rpmdb : 401:d28899f68a6631be573730605bd4825fe661fcce

End time : 11:36:03 2013 (4 seconds)

End rpmdb : 405:47873bf26c150bf0a26279da5c62d4ae4b1c227d

User :

Return-Code : Success

Command Line : install mysql-server mysql

Transaction performed with:

Installed rpm-4.8.0-37.el6.x86_64 @base

Installed yum-3.2.29-40.el6.centos.noarch @base

Installed yum-plugin-fastestmirror-1.1.30-14.el6.noarch @base

Packages Altered:

Install mysql-5.1.71-1.el6.x86_64 @base

Install mysql-server-5.1.71-1.el6.x86_64 @base

Dep-Install perl-DBD-MySQL-4.013-3.el6.x86_64 @base

Dep-Install perl-DBI-1.609-4.el6.x86_64 @base

history info

To find out what additional information is available for a certain transaction:

# yum history addon-info id

# yum history addon-info 24

To just get info on last transaction:

# yum history addon-info last

How do I undo / revert transactions?

Say, you deleted the nginx package using yum command:

# yum erase ngnix

Now, use yum history command to review the transaction history, the yum history command provides means to revert or repeat a selected transaction. To revert (undo) a transaction, type the following at a shell prompt as root:

# yum history undo id

To undo nginx erase action, type:

# yum history

# yum history package-list nginx

Sample outputs:

Loaded plugins: downloadonly, fastestmirror, security

ID | Action(s) | Package

29 | Erase | nginx-1.4.4-1.el6.ngx.x86_64

28 | Install | nginx-1.4.4-1.el6.ngx.x86_64 EE

history package-list

To undo use ID # 29:

# yum history undo 29

Verify that nginx has been installed again:

# yum history package-list nginx

Loaded plugins: downloadonly, fastestmirror, security

ID | Action(s) | Package

30 | Install | nginx-1.4.4-1.el6.ngx.x86_64 EE

29 | Erase | nginx-1.4.4-1.el6.ngx.x86_64

28 | Install | nginx-1.4.4-1.el6.ngx.x86_64 EE

history package-list

How do I redo / repeat transactions?

To repeat a particular transaction, run:

# yum history redo id

The yum history rollback option

The syntax is:

# yum history rollback id

The rollback command will undo all transactions up to the point of the specified transaction. For example, if you have 3 transactions, where package A; B and C where installed respectively. Then “yum history undo 1” will try to remove package A, “yum history redo 1” will try to install package A (if it is not still installed), and “yum history rollback 1” will try to remove packages B and C.

The yum new option

As described above, the yum command stores the transaction history in a single SQLite database file in /var/lib/yum/history/ directory. To start new transaction history, run the following command:

# yum history new

Verify with the following command:

# yum history

I strongly suggest that you read yum command man page for more information.