Creating a software RAID on Ubuntu/Debian

Posted by & filed under Linux & Unix.

linux-logo-300x300

Creating a software raid of disks is quite easy in Ubuntu, I will assume the disks are attached (physically or virtually) to the guest operating system.

Currently Ubuntu supports the following raid levels:

  • RAID level 0
  • RAID level 1
  • RAID level 2
  • RAID level 3
  • RAID level 4
  • RAID level 5
  • RAID level 6
  • RAID level 10
  • RAID level 50
  • RAID level 0+1

In this example I am using sdb1 and sdc1 disks and settings the raid to a mirror (1) with a total mirrored size of 4TB (3906885440K)

  • Install mdadm (if not already installed)
apt-get update && apt-get install -y mdadm
  • Run mdadm to create the mirror
mdadm --create --verbose /dev/md0 --raid-device=2 --level=1 /dev/sdb1 /dev/sdc1
mdadm_create_raid1
  • Run mkfs.ext3 to create a ext3 filesystem on the mirror volume
mkfs.ext3 /dev/md0
mkfs.ext3_dev_md0
  • Mount the mirror by creating a mount point and running mount to mount the md0 volume
mkdir /mnt/raid1
mount /dev/md0 /mnt/raid1
mount_raid1
  • Check to see if you can see the mirror
df -h
df_h_raid1
  • Check the status of the build
cat /proc/mdstat
mdadm_raid_build_cat_proc
  • Add to fstab to auto mount on startup
vi /etc/fstab
/dev/md0 /mnt/raid1 ext3 defaults 0 0

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

VMware Creating RDMs from Locally Attached SATA Disks

Posted by & filed under Virtualisation, VMware ESX.

LOGO1

I recently had to connect two 4TB sata disks to a server to provide some raw storage to the network. Going on past experiences I didn’t want to virtualise the disks but rather present them to the virtual machine guest as a raw device mapping (RDM).

You will need a separate datastore that is separate to the ones you are attaching. It will have to be VMFS5 to get around the 2TB limit with VMFS3.

Note: This is not supported by VMware to the best of my knowledge.

Procedure

  1. Start a SSH session to the VMware ESX host (or if on the physical server, drop to console)
  2. Run fdisk to see the disk layout.
fdisk –l
vmware_esx_fdisk_list
  1. You will need to find the vml identifier, you need to match that to the drive.
ls /dev/disks/ -l
VMware_ESX_ls_dev_disks

In my example, the two I am interested in are:

vml.01000000002020202020202020202020205a33303346325742535434303030

vml.01000000002020202020202020202020205a33303351523246535434303030

  1. Now browse to the VMFS5 datastore you will be creating the RDM’s
cd /vmfs/volumes/datastorename
Browse to RDM location
  1. Best practise would be to create a folder for the RDM’s to sit in
mkdir RDMs
  1. Create the RDM’s by running the vmkfstools command (use the vml. location that you found in previous steps)
vmkfstools -r /vmfs/devices/disks/vml.01000000002020202020202020202020205a33303346325742535434303030 4TB_Disk1_RDM.vmdk -a lsilogic
vmkfstools -r /vmfs/devices/disks/vml.01000000002020202020202020202020205a33303351523246535434303030 4TB_Disk2_RDM.vmdk -a lsilogic
VMware_ESX_vmkfstools_RDM
  1. Verify you have the files created
ls –lash
VMware_ESX_RDM
  1. Attach to virtual machine
VMware_Use_Exisiting_Virtual_Disk VMware Select RDM VMware_RDM_Attached VMware RDM_Physcial_LUN

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Limit SSH connections geographically

Posted by & filed under Linux & Unix.

linux-logo-300x300

There is a real security risk to leaving your shell connection ports exposed to the internet especially if you don’t ever intend on connecting from Zimbabwe as well as other random countries.

This can limit brute force attack exposure and also save valuable resources and bandwidth by rejecting a packets before a tcp handshake.

Install GeoIP

You will need to implement a database that can be queried locally that stores IP ranges to countries.

apt-get install geoip-database geoip-bin

Query GeoIP database

geoiplookup 8.8.8.8

The script

mkdir /scripts
vi /scripts/sshfilter.sh

Past the following in:

#!/bin/bash
ALLOW_COUNTRIES="AU"

if [ $# -ne 1 ];
then
echo "Usage: `basename $0` <ip>" 1>&2
exit 0
fi

COUNTRY=`/usr/bin/geoiplookup $1 | awk -F ": " '{ print $2 }' | awk -F "," '{ print $1 }' | head -n 1`

[[ $COUNTRY = "IP Address not found" || $ALLOW_COUNTRIES =~ $COUNTRY ]] &&; RESPONSE="ALLOW" || RESPONSE="DENY"

if [ $RESPONSE = "ALLOW" ]
then
exit 0
else
logger "$RESPONSE sshd connection from $1 ($COUNTRY)"
exit 1
fi

Enable script

chmod +x /scripts/sshfilter.sh

Lock down SSH

Setup a deny all for the ssh daemon

vi /etc/hosts.deny

Add the following into the deny file

sshd: ALL

Enable the script in the allow ssh file

vi /etc/hosts.allow

Add the following into the allow file

sshd: ALL: aclexec /scripts/sshfilter.sh &a

Testing

Test the script by inputting the script name and then an IP afterwards

/scripts/sshfilter.sh 8.8.8.8

Should output something like the following:

Aug 25 15:23:21 server root: DENY sshd connection from 8.8.8.8 (US)

Update GeoIP

There is only one constant with the world and that is change, IP addresses are no exception.

Create a new file called update_geo.sh in /scripts

vi /scripts/update_geo.sh

Add the following into the file

#!bin/bash

cd /tmp
wget -q https://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
if [ -f GeoIP.data.gz ]
then
gzip -d GeoIP.dat.gz
rm -f /usr/share/GeoIP/GeoIP.dat
mv -f GeoIP.dat /usr/share/GeoIP/GeoIP.dat
else
echo "Cannot download the GeoIP database"
fi

Change the script to execute

chmod +x /scripts/update_geo.sh

Edit the crontab

crontab -e

Paste the following at the bottom of the crontab

* * 20 * * /scripts/update_geo.sh

Adding Colour to Linux Bash Shell

Posted by & filed under Linux & Unix.

linux-logo-300x300

If the standard black and grey makes you feel uninspired, you can change this by adding two lines to your .bashrc file in the users profile.

1. Edit the .bashrc file

vi ~\.bashrc

2. Add the following lines

force_color_prompt=yes
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\[email protected]\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Install MediaWiki on Apache with mySQL

Posted by & filed under MediaWiki.

MediaWiki Logo

From MediaWiki site: MediaWiki is a free software open source wiki package written in PHP, originally for use on Wikipedia.

I decided to give MediaWiki a try as a scripts repository so I thought I’d write a quick guide of how to install it on a Linux/Apache/mySQL server.

Assumptions

  • A fully qualified domain name with a host record pointing to a internet facing server
  • A fully working Linux server (my example is a Debian server)
  • Apache installed on the Linux server and listening on port 80
  • A preconfigured vhost
  • PHP installed
  • mySQL server installed

Installation

1. Download the compressed installation file

wget http://releases.wikimedia.org/mediawiki/1.23/mediawiki-1.23.5.tar.gz
wget mediawiki

2. Extract the compressed archive

tar xvzf mediawiki*.tar.gz
Extract MediaWiki

3. Copy files from mediawiki-1.23.5 folder to the root folder

cd mediawiki-1.23.5
mv * ../
cd ..
rm -rf mediawiki-1.23.5
rm mediawiki-1.23.5.tar.gz
MediaWiki CleanUp

4. Create mySQL Database

CREATE DATABASE $databasename

5.  Create mySQL Database user

CREATE USER '$databaseuser'@'localhost' IDENTIFIED BY '$databasepass';

6. Grant database permissions to database

GRANT ALL PRIVILEGES ON $databasename.* TO '$databaseuser'@'localhost' IDENTIFIED BY '$databasepass';

7. Flush mySQL privileges

flush privileges;

8. Log into the site eg:

http://wiki.example.com

MediaWiki Inital Screen

Click on “Complete the installation”

9. Select the languageMediaWiki Language

10. Click continueMediaWiki Welcome

11. Input all database information

MediaWiki Database Setup

12. Change settings to suit your database requirements

MediaWiki Database Settings

13. Input name of MediaWiki and desired credentials

MediaWiki Name and Credentials

14. Configure options for your MediaWiki

MediaWiki Options

15. Install MediaWikiMediaWiki Install

16. Installation completeMediaWiki Installation Finished

17. Download and copy the LocalSettings.php file to the root of the MediaWiki installationMediaWiki LocalSettings

18. Browse to your MediaWiki installation and log in

Example: http://wiki.example.com

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.