Mount remote Linux Directories in Linux: SSHFS

SSHFS
  1. SSHFS Setup
  • Be sure to download the correct version of fuse-sshfs for your RHEL
    1. $ yum install fuse
    2. $ yum isntall fuse-devel
    3. $ rpm -ivh fuse-sshfs-2.2-1.el5.rf.x86_64.rpm
  1. Mount the remote partition
    1. $ sshfs <user>@<remoteServer>:/path/to/directory/ /path/to/local/directory

Resources:

X11 Forwarding

X11 Forwarding

  1. Global settings
    1. On the remote server, configure these settings in /etc/ssh/sshd_config:
      1. AllowTcpForwarding yes
      2. X11Forwarding yes
      3. X11DisplayOffset 10
      4. X11UseLocalhost
  2. Download the xauth on Remote Server
    1. If RHEL, CentOS, or Fedora, Download xorg-x11-xauth
      1. $ yum install -y xorg-x11-xauth
    2. ArchLinux
      1. $ pacman -S xorg-xauth
  3. Setup your local machine
    1. Windows
      1. **NOTE**
        1. Either use Xming with PuTTY, or Cygwin. Cygwin can work with Xming, but Cygwin has its own X11 Server.
      2. Xming
        1. Install Xming
        2. Run Xming
      3. Cygwin
        1. Install Cygwin, and the X11 packages through the installation program.
        2. Create your ~/.ssh
          1. $ mkdir ~/.ssh
          2. $ touch ~/.ssh/config
        3. Edit the .ssh/config with your text editor
          1. ForwardAgent yes
          2. ForwardX11 yes
        4. Edit the ~/.bash_profile
          1. Add the following line:
            1. export DISPLAY=:0.0  #=>(Those are zeros)
      4. **NOTE**
        1. The big difference between Xming, and what Cygwin is, Xming has not been updated since 2007, and the Cygwin X11 Server has been updated recently since this posting.
      5. Using PuTTY Connect
        1. Download the most recent version of PuTTY
        2. Configure settings as desired. Then open the Connection Menu
        3. Open SSH Menu.
        4. Click on X11, and enable “Enable X11 Forwarding”
        5. The X Display Location should be set to “localhost:0”. Don’t include the quotes
        6. Click Tunnels Menu, and enable:
          1. Local ports accept connections from other hosts
          2. Remote ports do the same (SSH-2 Only)
      6. **NOTE**
        1. Be sure to have your X11 server (Xming, or Cygwin Xserver) running on your local machine before using putty.
      7. Using Cygwin to connect
        1. Open a Cygwin terminal, type ‘startxwin’ without the quotes
          1. Otherwise, go to the Start Menu, and click on Cygwin-X then XWin Server then use the xTerm
        2. Now ssh into the desired remote server
      8. $ ssh -Y user@remoteserver
  4. Execute your program
    1. Once on your remote server, execute your desired GUI application
      1. xclock &
    2. Ta-da, you’re now X11 Forwarding.

Boot Multiple ISO from USB via Grub2 using USB

Boot Multiple ISO from USB via Grub2 using Linux

Boot ISO Files directly from USB using Grub2 from Linux. Here is one way to create a Multiboot USB Flash Drive from a running Ubuntu (I used the Live CD). You may eventually need a large Flash Drive or USB Hard Drive in order to include every bootable ISO entry. I will add more Bootable ISO files to the grub.cfg file as I find time to test them. Contact me to submit working Bootable Linux ISO grub.cfg entries for inclusion.

I. Format your USB Flash Drive to use a Single Partition:

  1. Open a terminal and type sudo su
  2. Type fdisk -l (and note which device is your USB Drive)
  3. Type fdisk /dev/sdx (replacing x with your actual usb device)
  4. Type d (to delete the existing partition)
  5. Type n (to create a new partition)
  6. Type p (for primary partition)
  7. Type 1 (to create the first partition)
  8. Press Enter (to use the first cylinder)
  9. Press Enter again (to use the default value as the last cylinder)
  10. Type a (for active)
  11. Type 1 (to mark the first partition active “bootable”)
  12. Type w (to write the changes and close fdisk)

II. Create a Fat32 Filesystem on the USB Flash Drive:

  1. Type umount /dev/sdx1 (to unmount the mounted partition)
  2. Type mkfs.vfat -F 32 -n MULTIBOOT /dev/sdx1 (to format the partition as fat32)

III. Install Grub2 on the USB Flash Drive:

  1. Type mkdir /media/MULTIBOOT (to create a directory for the mountpoint)
  2. Type mount /dev/sdx1 /media/MULTIBOOT (to mount the USB)
  3. Type grub-install --force --no-floppy --root-directory=/media/MULTIBOOT /dev/sdx (to install Grub2)
  4. Type cd /media/MULTIBOOT/boot/grub (to change directory)
  5. Type wget pendrivelinux.com/downloads/multibootlinux/grub.cfg (to get the grub.cfg file)

IV. Test to make sure your USB Device Boots into Grub2:

Reboot your Computer, and enter your BIOS or Boot Menu. Set the Boot Order to boot from the USB Device. Save your changes and Reboot. If all goes well, you should be presented with a Grub2 Boot Menu.

Resources:

PenDrive Linux – MultiBoot with Grub2 on USB

Yum hanging during an installation

If for some reason, you kill yum, and it gives you issues running it, you’d try killing it. Normally, you’d try killing the PID by ‘pgrep yum | xargs kill -9’ but that didn’t do it for me. So, I had to find the root of the defunct process.

3048 pts/1 00:00:00 sudo

3049 pts/1 00:00:00 yum
3061 pts/1 00:00:00 ps

As you can see, its defunct, but the pgrep command wouldn’t kill it. So, I had to issue:

ps -ef –forest | grep yum

in order to see the parents of the defunct children. Then I could kill -9 the parents, and get yum freed up. But then I ran into another problem.

$ sudo yum install nc

rpmdb: Thread/process 3012/3077576384 failed: Thread died in Berkeley DB library

error: db3 error(-30974) from dbenv-&gt;failchk: DB_RUNRECOVERY: Fatal error, run database recovery

error: cannot open Packages index using db3 – (-30974)

error: cannot open Packages database in /var/lib/rpm

CRITICAL:yum.main:

Error: rpmdb open failed

So, now you need to remove the corrupted databases, and rebuild them.

sudo rm /var/lib/rpm/__db.*

sudo yum update

Now yum works again.

Accepting command line arguments for bash scripts

Well, while I was scripting today, I learned how to accept command line arguments, and are as such

$ bash_scrip.sh var1 var2

$1 = var1 and $2 = var2 and to use those

if [ “$1” = “start” ]

then

## Do stuff

elif [ “$2” = “stop” ]

then

## do more stuff

else

## If it doesnt match anything

## Do more stuff

fi
Resources

How to read command line arguments in bash – http://how-to.wikia.com/wiki/How_to_read_command_line_arguments_in_a_bash_script

Cyberciti Bash Scripting Guide – http://bash.cyberciti.biz/guide/Main_Page

Installing a CentOS 6.4 Minimal Server w/ MegaMek

I had originially set this blog up to share some of my tech knowledge, or document what I did so you can do it too. So here is the first step in that progress. I used CentOS 6.4 Minimal 32bit, so as to give myself some extra practice, and allow for what I wanted to do with it. You can download the ISO here. I am also using a Virtual Machine, so if I mess up something, I don’t have to redo my whole good operating system. The virtual machine I used was VirtualBox from Oracle. This is a free VM, and supports a wide range of operating systems. You can also install it on a server with no GUI and use a commandline to administer it. There is plenty of documentation on that, and will be covered later. Now, on to install CentOS. If anything needs explanation, or any suggestions, please comment below. Do not accuse me of doing something “stupid” because I just followed a tutorial, and shared what I learned that was not shared on there.

  1. Installed system: CentOS 6.4 Minimal 32bit
  2. edited eth0 to boot
    1. $/etc/sysconfig/network-scripts/ifcfg-eth0
  3. Installed standard tools
    1. $yum install mdadm man wget mlocate beecrypt vim-enchanced lsof screen sudo rsyslog lynx patch which nc gcc gnutls gnutls-devel popt popt-devel
  4. Since it was a VM, I installed these packages to build the VM Tools
    1. $yum install kernel-devel
  5. Configured the user other than root
    1. $useradd -m username
    2. $usermod -a -G wheel username
    3. $passwd username
  6. edited the sudoers file to allow the wheel group to perform sudo actions
    1. $vim /etc/sudoers
  7. Added
    1. %wheel ALL=(ALL) ALL
  8. Then I disabled empty passwords for SSH and also disabled root SSH logins
    1. $vim /etc/ssh/sshd_config
  9. Uncomment
    1. PermitEmptyPasswords no
    2. PermitRootLogin no
  10. If you are unable to do that, then you can disable SELINUX by changing SELINUX=enforcing to disabled.
  11. Once you finish your changes, change SELINUX back to enforcing.
  12. Then I installed some extra security packages for SELinux
    1. $yum install audit
    2. $yum install setroubleshoot-server setroubleshoot-plugins
  13. Then you have to start the auditd
    1. $/etc/init.d/auditd start
    2. $chkconfig auditd on
  14. Now I locked down the ‘cron’ and ‘at’ systems
    1. touch /etc/cron.allow
    2. chmod 600 /etc/cron.allow
      awk -F: ‘{print $1}’ /etc/passwd | grep -v root
    3. /etc/cron.deny
      touch /etc/at.allow
    4. chmod 600 /etc/at.allow
    5. awk -F: ‘{print $1}’ /etc/passwd | grep -v root > /etc/at.deny
  15. Now to setup the firewall rules. Here we are setting up minimal anything. I have locked it down to only incoming SSH connections can be made, and no new outgoing SSH connections can be made. everything else, has been trashed.
  1. #!/bin/bashSERVER_IP=”ipaddress”iptables -F
    iptables -X## Set Default Filter Policy
    iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    iptables -P FORWARD DROP

    ## Allow unlimited local traffic on the loopback
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT

    ## Allow *INCOMING* SSH connections
    iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP –sport 513:65535 –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -p tcp -s $SERVER_IP -d 0/0 –sport 22 –dport 513:65535 -m state –state ESTABLISHED -j ACCEPT

    ## Allow *INCOMING* MegaMek connections
    iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP –sport 513:65535 –dport 2346 -m state –state NEW,ESTABLISHED -j ACCEPT
    iptables -A INPUT -p udp -s 0/0 -d $SERVER_IP –sport 513:65535 –dport 2346 -m state –state NEW,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -p tcp -s $SERVER_IP -d 0/0 –sport 2346 –dport 513:65535 -m state –state ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -p udp -s $SERVER_IP -d 0/0 –sport 2346 –dport 513:65535 -m state –state ESTABLISHED -j ACCEPT

    ## Drop everything else
    iptables -A INPUT -j DROP
    iptables -A OUTPUT -j DROP

    ## Save iptables rules
    /sbin/service iptables save

    ## List current running rules
    iptables -L -v

Another way to restrict the SSH access of root is:

  • $echo "tty1" > /etc/securetty
    $chmod 700 /root

References/Sources

I will continue to modify this also with other security tips that I find. I will be insalling some archiving tools, and java, so I can play my game. My ultimate goal is to serve a game called MegaMek on from http://www.megamek.info. Then I can play with other people, or have them play on my server when they let me know when they want it up and running. Once it is up and running, I will let everyone know.