run the command /usr/sbin/rhn_check
Add the -v switch for verbosity in the /var/log/yum..log
5/3/13
Skip Client For NFS username mapping - Win 2008 R2
This was found during my trouble trying to figure out why MS Windows 2008 R2 was mounting an NFS share (From a Linux NFS server) as read only and the multiple hoops you need to jump through in order to configure username mappings etc...Then I found this solution and it works:
Force ClientForNFS to mount a share using a specific UID and GID, and without the need for a user name mapping server, add the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default
Add two DWORD values: AnonymousUid and AnonymousGid and set to your appropriate values in decimal. For example: if your server has root user & group ownership/perms for its NFS shares, then you would leave the default value of zero "0" for those two DWORD entries.Then restart the ClientForNFS service. (You may need to reboot the server.)
Skip Client For NFS username mapping - Win 2008 R2
This was found during my trouble trying to figure out why MS Windows 2008 R2 was mounting an NFS share (From a Linux NFS server) as read only and the multiple hoops you need to jump through in order to configure username mappings etc...Then I found this solution and it works:
Force ClientForNFS to mount a share using a specific UID and GID, and without the need for a user name mapping server, add the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default
Add two DWORD values: AnonymousUid and AnonymousGid and set to your appropriate values in decimal. For example: if your server has root user & group ownership/perms for its NFS shares, then you would leave the default value of zero "0" for those two DWORD entries.Then restart the ClientForNFS service. (You may need to reboot the server.)
3/26/13
How to export Apache's SSL Certificate and private Key to Windows and IIS & Tomcat
The Apache SSL key and certificate have to be converted to a single p12 (PFX) file format that combines the certificate & the key. This can be done using the openssl command as follows.
The default location of the certs and private keys on RHEL and its variant distributions like CentOS is usually in the /etc/pki/tls folder and its sub folders So you'll need to copy the two files to a temporary folder to combine them using openssl or run the command openssl command while providing the full path to those two files (yourservercertificate.crt and yourserverkey.key).
The default location of the certs and private keys on RHEL and its variant distributions like CentOS is usually in the /etc/pki/tls folder and its sub folders So you'll need to copy the two files to a temporary folder to combine them using openssl or run the command openssl command while providing the full path to those two files (yourservercertificate.crt and yourserverkey.key).
Example export performed on a Linux box
Note: Make sure you execute the following command as superuser:openssl pkcs12 -export -out /tmp/combinedfile.p12 -inkey /etc/pki/tls/private/yourserver.key -in /etc/pki/tls/certs/yourservercertificate.crt
Hit the enter key to execute the command. You will be prompted for a password to protect the resulting p12 file. It's entirely up to you to enter a password or not, but it's a good idea to go ahead and do so. You don't want someone else to get a hold of your unencrypted key and assume your server(s) identity.
This command will output the combinedfile.p12 in your /tmp folder. You need to copy this file over to the IIS server for import.
- Click START > RUN, then type mmc in the provided box and hit Enter
An empty "Microsoft Management Console" should open up
- Click on File and then click on Add/Remove Snap-in (You could also use the Ctrl-M key combo as a shortcut)
- Click on Certificates and then click on the Add button in the middle of that window
- Choose "Computer Account" when prompted in the next screen, and click Next
- Make sure that "Local Computer" is selected on the current screen and click Finish
You now will see a tree of various certificate containers
- Expand the certificates (Local Computer) tree
- Right-Click on the sub-tree named (Personal)
- Click on All Tasks from the context menu and choose Import
- Click Next on the first "Certificate Import Wizard Screen"
- Use the Browse button to navigate to the folder where you saved the exported file generated on the Apache box
Note: Make sure to expand the drop down list of filename extensions to show the (*.pfx *.p12) filenames if you don't see your file in the list (see screen cap below. Click the image to enlarge it)
- Select your exported file (combinedfile.p12 in this example) and Click Next
- Type in the password you chose during the openssl export command
- Click Next
- Choose the option to Place all current certificates in the Personal Certificate store
- You're done with the import
Hit the enter key to execute the command. You will be prompted for a password to protect the resulting p12 file. It's entirely up to you to enter a password or not, but it's a good idea to go ahead and do so. You don't want someone else to get a hold of your unencrypted key and assume your server(s) identity.
This command will output the combinedfile.p12 in your /tmp folder. You need to copy this file over to the IIS server for import.
On the Windows IIS server side:
Run the following with admin privileges:- Click START > RUN, then type mmc in the provided box and hit Enter
An empty "Microsoft Management Console" should open up
- Click on File and then click on Add/Remove Snap-in (You could also use the Ctrl-M key combo as a shortcut)
- Click on Certificates and then click on the Add button in the middle of that window
- Choose "Computer Account" when prompted in the next screen, and click Next
- Make sure that "Local Computer" is selected on the current screen and click Finish
You now will see a tree of various certificate containers
- Expand the certificates (Local Computer) tree
- Right-Click on the sub-tree named (Personal)
- Click on All Tasks from the context menu and choose Import
- Click Next on the first "Certificate Import Wizard Screen"
- Use the Browse button to navigate to the folder where you saved the exported file generated on the Apache box
Note: Make sure to expand the drop down list of filename extensions to show the (*.pfx *.p12) filenames if you don't see your file in the list (see screen cap below. Click the image to enlarge it)
 |
- Type in the password you chose during the openssl export command
- Click Next
- Choose the option to Place all current certificates in the Personal Certificate store
- You're done with the import
IIS 7.X Config
Open your IIS management Interface and select your website where the certificate is to be used by Right-Clicking its name.- Choose Edit Bindings from the context menu
- Click the Add button
- Select the HTTPS type from the left drop-down menu and leave the "IP Address" and "Port" options at the default unless you need to alter them to suit your needs
- Click on the Arrow-down under the "SSL Certificate" option and you should see your newly imported key/cert pair listed there.
- You should click the "View" button to visually verify that you selected the right certificate
- Click OK
- Click Close
Done
Simple way to use the same exported key in Tomcat:
- Backup your Tomcat server.xml file on the target server first
- Open server.xml in your favorite editor
- Add the following to you HTTPS/SSL Connector
keystoreType="pkcs12" Keystore="C:\YourPathNametoExportedFile\combinedfile.p12" keypass="ThePasswordChosenForExportKey"
Save your server.xml and restart tomcat to test it out.
3/7/13
Reload your bash profile
To force a reload of your .bash_profile after modifying it, simply type:
source ~/.bash_profile
or
. ~/.bash_profile
source ~/.bash_profile
or
. ~/.bash_profile
Reload your bash profile
To force a reload of your .bash_profile after modifying it, simply type:
source ~/.bash_profile
or
. ~/.bash_profile
source ~/.bash_profile
or
. ~/.bash_profile
2/27/13
Override Active Directory 1000 row limit with ldapsearch
Problem:
Doing a standard ldapsearch for users against an Active Directory domain will by default return a "Size limit exceeded" error assuming your AD search result limit was left at the default setting and your search query has more than 1000 results to be returned.
ldapsearch -LLL -H YourActiveDirectoryHostName:3268 -b 'CN=Users,DC=YourActiveDirectoryDomainName,DC=TLD' -D ADUsername@yourDomainName - w ADUserPWD objectclass=user -E pr=2147483647/noprompt
The Solution:
Found this from the source link below. I've only modified the port name to query AD's Global Catalog port 3268 instead of 389 and the base for search to be my AD Users' OU in the -b parameter (CN=Users, DC=etc...)
Source: http://www.commandlinefu.com/commands/view/2779/bypass-1000-entry-limit-of-active-directory-with-ldapsearch
See some useful ldapsearch examples here: http://goo.gl/3LuVy
Also, click here for ldapseach operators
2/7/13
Useful Windows tool of the day
I needed to grep - Linux style - for a string piped out of windows command line output, so, I started looking for something native to windows that would achieve that for me.
I can't remember if I've just forgotten about this command or if I just didn't know that the Findstr command that's built into windows existed. Anyway, it did what I needed.
Here is the FindStr command link on TechNet with all its switches and the meta-characters it accepts for regular expressions.
http://technet.microsoft.com/en-us/library/bb490907.aspx
So now I can use the findstr command to receive the output from another command and grab the string I'm looking for.
Example use: set | findstr JAVA
This grabs the string JAVA out of the windows environment variables if it's set. In my case, that output would be: JAVA_HOME=D:\Java\jdk1.6.0_39
Syntax:
findstr [/b] [/e] [/l] [/r] [/s] [/i] [/x] [/v] [/n] [/m] [/o] [/p] [/offline] [/g:file] [/f:file] [/c:string] [/d:dirlist] [/a:ColorAttribute] [strings] [[Drive:][Path] FileName [...]]
Parameters
I can't remember if I've just forgotten about this command or if I just didn't know that the Findstr command that's built into windows existed. Anyway, it did what I needed.
Here is the FindStr command link on TechNet with all its switches and the meta-characters it accepts for regular expressions.
http://technet.microsoft.com/en-us/library/bb490907.aspx
So now I can use the findstr command to receive the output from another command and grab the string I'm looking for.
Example use: set | findstr JAVA
This grabs the string JAVA out of the windows environment variables if it's set. In my case, that output would be: JAVA_HOME=D:\Java\jdk1.6.0_39
--------------
Findstr
Searches for patterns of text in files using regular expressions.Syntax:
findstr [/b] [/e] [/l] [/r] [/s] [/i] [/x] [/v] [/n] [/m] [/o] [/p] [/offline] [/g:file] [/f:file] [/c:string] [/d:dirlist] [/a:ColorAttribute] [strings] [[Drive:][Path] FileName [...]]
Parameters
/b : Matches the pattern if at the beginning of a line.
/e : Matches the pattern if at the end of a line.
/l : Uses search strings literally.
/r : Uses search strings as regular expressions. Findstr interprets all metacharacters as regular expressions unless you use /l.
/s : Searches for matching files in the current directory and all subdirectories.
/i : Specifies that the search is not to be case-sensitive.
/x : Prints lines that match exactly.
/v : Prints only lines that do not contain a match.
/n : Prints the line number before each line that matches.
/m : Prints only the file name if a file contains a match.
/o : Prints seek offset before each matching line.
/p : Skips files with non-printable characters.
/offline : Processes files with offline attribute set.
/f: file : Reads file list from the specified file.
/c: string : Uses specified text as a literal search string.
/g: file : Gets search strings from the specified file.
/d: dirlist : Searches a comma-delimited list of directories.
/a: ColorAttribute : Specifies color attributes with two hexadecimal digits.
strings : Specified text to be searched for in FileName.
[ Drive : ][ Path ] FileName [...] : Specifies a file or files to search.
/? : Displays help at the command prompt.
Using regular expressions with findstr
Findstr is capable of finding the exact text you are looking for in any ASCII file or files. However, sometimes you have only part of the information that you want to match, or you want to find a wider range of information. In such cases, findstr has the powerful capability to search for patterns of text using regular expressions.
Regular expressions are a notation for specifying patterns of text, as opposed to exact strings of characters. The notation uses literal characters and metacharacters. Every character that does not have special meaning in the regular expression syntax is a literal character and matches an occurrence of that character. For example, letters and numbers are literal characters. A metacharacter is a symbol with special meaning (an operator or delimiter) in the regular-expression syntax.
The following table lists the metacharacters that findstr accepts.
Character | Value |
|---|---|
. | Wildcard: any character |
* | Repeat: zero or more occurrences of previous character or class |
^ | Line position: beginning of line |
$ | Line position: end of line |
[class] | Character class: any one character in set |
[^class] | Inverse class: any one character not in set |
[x-y] | Range: any characters within the specified range |
\x | Escape: literal use of metacharacter x |
\<xyz | Word position: beginning of word |
xyz\> | Word position: end of word |
The special characters in regular expression syntax are most powerful when you use them together. For example, the following combination of the wildcard character (.) and repeat (*) character match any string of characters:
.*
Use the following expression as part of a larger expression that matches any string beginning with "b" and ending with "ing":
b.*ing
Subscribe to:
Posts (Atom)
-
Problem: RPM package removal error msg "Error: ... Specifies Multiple Packages" Solution: Run rpm -ev with the --allmatches opti...
-
This is to resolve auditd warning asking to specify an arch type for syscall events Sample auditd warning message: WARNING - 32/64 bit s...
