Category Archives: Uncategorized

How to create a local repository in RHEL 8 from DVD ISO

mkdir /media/rhel8/

mount -o loop rhel-8.2-x86_64-dvd.iso /media/rhel8/

cp /media/rhel8/media.repo /etc/yum.repos.d/

chmod 644 /etc/yum.repos.d/media.repo

vi /etc/yum.repos.d/media.repo

[InstallMedia]
name=Red Hat Enterprise Linux 8.2.0
mediaid=None
metadata_expire=-1
gpgcheck=0
cost=500
baseurl=file:///media/rhel8/BaseOS/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

[InstallMedia-AppStream]
name=Red Hat Enterprise Linux 8 – AppStream
metadata_expire=-1
gpgcheck=1
enabled=1
baseurl=file:///media/rhel8/BaseOS/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

Extend LVM partition with same device

Existing Partition Table

[root@server ~]# fdisk -l
Device Boot Start End Blocks Id System
/dev/sda1 * 2048 1026047 512000 83 Linux
/dev/sda2 1026048 41861119 20417536 8e Linux LVM

Example: I want to add /dev/sda3

#fdisk /dev/sda
Command (m for help): m
Command (m for help): n
Command (m for help): t
Command (m for help): 8e
Command (m for help): w

#reboot

Create Physical Volume
pvcreate /dev/sda3

Extend existing Volume Group

[root@server ~]# vgs
VG #PV #LV #SN Attr VSize VFree
rhel 1 2 0 wz–n- <19.47g 0

for the vgs output we will extend rhel volume group
#vgextend rhel /dev/sda3

Extend existing Logical Volume

#lvextend /dev/rhel/root /dev/sda3

In this example I will expand the mount points for root partition
[root@server ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 16G 0 16G 0% /dev
tmpfs 16G 0 16G 0% /dev/shm
tmpfs 16G 12M 16G 1% /run
tmpfs 16G 0 16G 0% /sys/fs/cgroup
/dev/mapper/rhel-root 18G 3.3G 15G 19% /
/dev/sda1 497M 172M 325M 35% /boot
tmpfs 3.2G 0 3.2G 0% /run/user/0

#xfs_growfs /dev/mapper/rhel-root

#reboot

Setup BIND9 DNS server RHEL7/CENTOS 7

Setup BIND9 DNS server RHEL7/CENTOS 7

SERVER
IP ADDRESS: 10.68.33.61

1) Assign a hostname of your server

hostnamectl set-hostname dnsserver

2) Install bind and bind-utils

yum -y install bind bind-utils

3) Configure the DNS(BIND)
Disable IPv6 by commeting the line in name.conf. In this tutorial I will be using IPv4.

vi /etc/named.conf

// listen-on-v6 port 53 { ::1; };

4) Add ACL or this is optional.

vi /etc/named.conf

acl “trusted” {
10.68.33.61;
10.68.33.62;
10.68.33.63;
10.68.33.64;
10.68.33.65;
10.68.33.66;
172.19.19.88;
172.19.19.94;
172.19.19.95;
};

5) Add the IPs or subnet that you will allow to query to this DNS server

vi /etc/named.conf

allow-query { trusted; 10.68.33.61; 10.68.33.62; 10.68.33.63; 10.68.33.64; 10.68.33.65; 10.68.33.66; 172.19.19.88; 172.19.19.94; 172.19.19.95;};

6) Create forward zones. The following zone is the forward zone entry for the mydomain.com domain

vi /etc/named.conf

zone “mydomain.com” IN {
type master;
file “fwd.mydomain.com.db”;
allow-update { none; };
};

7) Create reverse zone. The following zones are the reverse zone entry.
I have created two zones as I have two subnet 10.68.33.x and 172.19.19.x

vi /etc/named.conf

zone “33.68.10.in-addr.arpa” IN {
type master;
file “33.68.10.db”;
allow-update { none; };
};

zone “19.19.172.in-addr.arpa” IN {
type master;
file “19.19.172.db”;
allow-update { none; };
};

Below is the complete configuration of my named.conf

# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator’s Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

acl “trusted” {
10.68.33.61;
10.68.33.62;
10.68.33.63;
10.68.33.64;
10.68.33.65;
10.68.33.66;
172.19.19.88;
172.19.19.94;
172.19.19.95;
};

options {
listen-on port 53 { 127.0.0.1; 10.68.33.61; };
// listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
recursing-file “/var/named/data/named.recursing”;
secroots-file “/var/named/data/named.secroots”;
allow-query { trusted; 10.68.33.61; 10.68.33.62; 10.68.33.63; 10.68.33.64; 10.68.33.65; 10.68.33.66; 172.19.19.88; 172.19.19.94; 172.19.19.95;};

    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.root.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

};

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “mydomain.com” IN {
type master;
file “fwd.mydomain.com.db”;
allow-update { none; };
};

zone “33.68.10.in-addr.arpa” IN {
type master;
file “33.68.10.db”;
allow-update { none; };
};

zone “19.19.172.in-addr.arpa” IN {
type master;
file “19.19.172.db”;
allow-update { none; };
};
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;

8) Create zone files.

There are some special keywords for Zone Files

A – A record
NS – Name Server
MX – Mail for Exchange
CNAME – Canonical Name

touch /var/named/fwd.mydomain.com.db

vi /var/named/fwd.mydomain.com.db

#

$TTL 604800
@ IN SOA dnsserver.mydomain.com. root.mydomain.com. (
2019121213 ;Serial Sample 2019 Nov 12 format
3H ;Refresh
15M ;Retry
1W ;Expire
1D ;Minimum TTL
)

;Name Server Information
@ IN NS dnsserver.mydomain.com.

;IP address of Name Server
dnsserver IN A 10.68.33.61

;A – Record HostName To IP Address
api.openshift4 IN A 10.68.33.62
api-int.openshift4 IN A 10.68.33.62
apps.openshift4 IN A 10.68.33.62
master1.openshift4 IN A 10.68.33.63
master2.openshift4 IN A 10.68.33.67
master3.openshift4 IN A 10.68.33.68
etcd-0.openshift4 IN A 10.68.33.63
etcd-1.openshift4 IN A 10.68.33.67
etcd-2.openshift4 IN A 10.68.33.68
worker1.openshift4 IN A 10.68.33.64
worker2.openshift4 IN A 10.68.33.65
bootstrap.openshift4 IN A 10.68.33.66
*.apps.openshift4 IN A 10.68.33.62
test.openshift4 IN A 172.19.19.88

;_service._proto.name. TTL class SRV priority weight port target.
_etcd-server-ssl._tcp.openshift4 86400 IN SRV 0 10 2380 etcd-0.openshift4.mydomain.com.
_etcd-server-ssl._tcp.openshift4 86400 IN SRV 0 10 2380 etcd-1.openshift4.mydomain.com.
_etcd-server-ssl._tcp.openshift4 86400 IN SRV 0 10 2380 etcd-2.openshift4.mydomain.com.

#

9) Create a zone file called 33.68.10.db and 19.19.172.db for the reverse zone under /var/named directory.
I have two subnets so I have created two zone files.

PTR – Pointer
SOA – Start of Authority

vi /var/named/33.68.10.db
;######################################################################################

@ IN SOA dnsserver.mydomain.com. root.mydomain.com. (
2019121213 ;Serial Sample 2019 Nov 12 format
3H ;Refresh
15M ;Retry
1W ;Expire
1D ;Minimum TTL
)

;Name Server Information
@ IN NS dnsserver.mydomain.com.
;Reverse lookup for Name Server
61 IN PTR dnsserver.mydomain.com.

;PTR Record IP address to HostName
62 IN PTR api.openshift4.mydomain.com.
62 IN PTR api-int.openshift4.mydomain.com.
62 IN PTR apps.openshift4.mydomain.com.
63 IN PTR master1.openshift4.mydomain.com.
67 IN PTR master2.openshift4.mydomain.com.
68 IN PTR master3.openshift4.mydomain.com.
63 IN PTR etcd-0.openshift4.mydomain.com.
67 IN PTR etcd-1.openshift4.mydomain.com.
68 IN PTR etcd-2.openshift4.mydomain.com.
64 IN PTR worker1.openshift4.mydomain.com.
65 IN PTR worker2.openshift4.mydomain.com.
66 IN PTR bootstrap.openshift4.mydomain.com.

;######################################################################################

vi /var/named/19.19.172.db
;######################################################################################

@ IN SOA dnsserver.mydomain.com. root.mydomain.com. (
2019121204 ;Serial Sample 2019 Nov 12 format
3H ;Refresh
15M ;Retry
1W ;Expire
1D ;Minimum TTL
)

;Name Server Information
@ IN NS dnsserver.mydomain.com.
;Reverse lookup for Name Server
61 IN PTR dnsserver.mydomain.com.

;PTR Record IP address to HostName
88 IN PTR test.openshift4.mydomain.com.

;######################################################################################

10) Firewall
Add a allow rule in firewall to let clients can connect to DNS server for name resolution

firewall-cmd –permanent –add-port=53/udp
firewall-cmd –reload

11) Add the DNS server IP ADDRESS in DNS1 to the client machines and as well as this bind dns server.

/etc/sysconfig/network-scripts/ifcfg-eXX

DNS1=10.68.33.61

12)Restart network service.

systemctl restart NetworkManager

13)Use the following command to verify the forward lookup.

dig dnsserver.mydomain.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> dnsserver.mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63873
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dnsserver.mydomain.com. IN A

;; ANSWER SECTION:
dnsserver.mydomain.com. 604800 IN A 10.68.33.61

;; AUTHORITY SECTION:
mydomain.com. 604800 IN NS dnsserver.mydomain.com.

;; Query time: 0 msec
;; SERVER: 10.68.33.61#53(10.68.33.61)
;; WHEN: Thu Dec 12 22:39:57 EST 2019
;; MSG SIZE rcvd: 79

How to troubleshoot spamming activities on postfix mail server.

1. To see the mail queue:

mailq

2. To flush the mail queue:

postfix flush

or

postfix -f

3. To remove all mails from the queue:

postsuper -d ALL

4. To remove all mails in the deferred queue:

postsuper -d ALL deferred

5. To delete all queued messages from or to the domain called webserverpage.com:

./postfix-delete.pl webserverpage.com

Note: You may download the script on the link below.

http://blog.webserverpage.com/?p=541

6. To delete all queued messages that contain the word “virus” in the email.

./postfix-delete.pl virus

7. To know the number of messages sitting in the deferred queue:

find /var/spool/postfix/deferred -type f | wc -l

8. Sort user email accounts with corresponding number(s) of email.

mailq|grep ^[A-F0-9]|cut -c 42-80|sort |uniq -c|sort -n|tail

How to monitor MySQL process.

rpaco@choi:~$ mytop -uroot -p<mypassword>

Output should be like this.

MySQL on localhost (5.0.45) up 0+05:34:18 [15:50:11]
Queries: 16.6M qps: 869 Slow: 0.0 Se/In/Up/De(%): 20/00/00/00
qps now: 682 Slow qps: 0.0 Threads: 9 ( 1/ 1) 22/00/00/00
Key Efficiency: 99.9% Bps in/out: 0.0/ 1.8 Now in/out: 8.4/ 1.4k

Id User Host/IP DB Time Cmd Query or State
— —- ——- — —- — ———-
5 webserverpage localhost:37034 webserverpage 0 Sleep
243 root localhost test 0 Query show full processlist
3 webserverpage localhost:58948 webserverpage 3 Sleep
8 webserverpage localhost:56914 webserverpage 5 Sleep
2 webserverpage localhost:49081 webserverpage 6 Sleep
6 webserverpage localhost:47071 webserverpage 6 Sleep
1 webserverpage localhost:50606 webserverpage 248 Sleep
7 webserverpage localhost:48746 webserverpage 254 Sleep
4 webserverpage localhost:52620 webserverpage 297 Sleep

Check current network bandwidth usage on Linux System

root@choi:/usr/local/bin# vim netspeed
#!/bin/bash
if [ -z "$1" ]; then
echo
echo usage: $0 network-interface
echo
echo e.g. $0 eth0
echo
exit
fi
IF=$1
while true
do
R1=`cat /sys/class/net/$1/statistics/rx_bytes`
T1=`cat /sys/class/net/$1/statistics/tx_bytes`
sleep 1
R2=`cat /sys/class/net/$1/statistics/rx_bytes`
T2=`cat /sys/class/net/$1/statistics/tx_bytes`
TBPS=`expr $T2 - $T1`
RBPS=`expr $R2 - $R1`
TKBPS=`expr $TBPS / 1024`
RKBPS=`expr $RBPS / 1024`
echo "tx $1: $TKBPS kb/s rx $1: $RKBPS kb/s"
done

root@choi:/usr/local/bin# chmod +x netspeed
root@choi:/usr/local/bin# /usr/local/bin/netspeed eth0

Output Below.

bandwidth