Yum hanging during an installation

If for some reason, you kill yum, and it gives you issues running it, you’d try killing it. Normally, you’d try killing the PID by ‘pgrep yum | xargs kill -9’ but that didn’t do it for me. So, I had to find the root of the defunct process.

3048 pts/1 00:00:00 sudo

3049 pts/1 00:00:00 yum
3061 pts/1 00:00:00 ps

As you can see, its defunct, but the pgrep command wouldn’t kill it. So, I had to issue:

ps -ef –forest | grep yum

in order to see the parents of the defunct children. Then I could kill -9 the parents, and get yum freed up. But then I ran into another problem.

$ sudo yum install nc

rpmdb: Thread/process 3012/3077576384 failed: Thread died in Berkeley DB library

error: db3 error(-30974) from dbenv->failchk: DB_RUNRECOVERY: Fatal error, run database recovery

error: cannot open Packages index using db3 – (-30974)

error: cannot open Packages database in /var/lib/rpm

CRITICAL:yum.main:

Error: rpmdb open failed

So, now you need to remove the corrupted databases, and rebuild them.

sudo rm /var/lib/rpm/__db.*

sudo yum update

Now yum works again.

Accepting command line arguments for bash scripts

Well, while I was scripting today, I learned how to accept command line arguments, and are as such

$ bash_scrip.sh var1 var2

$1 = var1 and $2 = var2 and to use those

if [ “$1” = “start” ]

then

## Do stuff

elif [ “$2” = “stop” ]

then

## do more stuff

else

## If it doesnt match anything

## Do more stuff

fi
Resources

How to read command line arguments in bash – http://how-to.wikia.com/wiki/How_to_read_command_line_arguments_in_a_bash_script

Cyberciti Bash Scripting Guide – http://bash.cyberciti.biz/guide/Main_Page

Installing a CentOS 6.4 Minimal Server w/ MegaMek

I had originially set this blog up to share some of my tech knowledge, or document what I did so you can do it too. So here is the first step in that progress. I used CentOS 6.4 Minimal 32bit, so as to give myself some extra practice, and allow for what I wanted to do with it. You can download the ISO here. I am also using a Virtual Machine, so if I mess up something, I don’t have to redo my whole good operating system. The virtual machine I used was VirtualBox from Oracle. This is a free VM, and supports a wide range of operating systems. You can also install it on a server with no GUI and use a commandline to administer it. There is plenty of documentation on that, and will be covered later. Now, on to install CentOS. If anything needs explanation, or any suggestions, please comment below. Do not accuse me of doing something “stupid” because I just followed a tutorial, and shared what I learned that was not shared on there.

  1. Installed system: CentOS 6.4 Minimal 32bit
  2. edited eth0 to boot
    1. $/etc/sysconfig/network-scripts/ifcfg-eth0
  3. Installed standard tools
    1. $yum install mdadm man wget mlocate beecrypt vim-enchanced lsof screen sudo rsyslog lynx patch which nc gcc gnutls gnutls-devel popt popt-devel
  4. Since it was a VM, I installed these packages to build the VM Tools
    1. $yum install kernel-devel
  5. Configured the user other than root
    1. $useradd -m username
    2. $usermod -a -G wheel username
    3. $passwd username
  6. edited the sudoers file to allow the wheel group to perform sudo actions
    1. $vim /etc/sudoers
  7. Added
    1. %wheel ALL=(ALL) ALL
  8. Then I disabled empty passwords for SSH and also disabled root SSH logins
    1. $vim /etc/ssh/sshd_config
  9. Uncomment
    1. PermitEmptyPasswords no
    2. PermitRootLogin no
  10. If you are unable to do that, then you can disable SELINUX by changing SELINUX=enforcing to disabled.
  11. Once you finish your changes, change SELINUX back to enforcing.
  12. Then I installed some extra security packages for SELinux
    1. $yum install audit
    2. $yum install setroubleshoot-server setroubleshoot-plugins
  13. Then you have to start the auditd
    1. $/etc/init.d/auditd start
    2. $chkconfig auditd on
  14. Now I locked down the ‘cron’ and ‘at’ systems
    1. touch /etc/cron.allow
    2. chmod 600 /etc/cron.allow
      awk -F: ‘{print $1}’ /etc/passwd | grep -v root
    3. /etc/cron.deny
      touch /etc/at.allow
    4. chmod 600 /etc/at.allow
    5. awk -F: ‘{print $1}’ /etc/passwd | grep -v root > /etc/at.deny
  15. Now to setup the firewall rules. Here we are setting up minimal anything. I have locked it down to only incoming SSH connections can be made, and no new outgoing SSH connections can be made. everything else, has been trashed.
  1. #!/bin/bashSERVER_IP=”ipaddress”iptables -F
    iptables -X## Set Default Filter Policy
    iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    iptables -P FORWARD DROP

    ## Allow unlimited local traffic on the loopback
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT

    ## Allow *INCOMING* SSH connections
    iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP –sport 513:65535 –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -p tcp -s $SERVER_IP -d 0/0 –sport 22 –dport 513:65535 -m state –state ESTABLISHED -j ACCEPT

    ## Allow *INCOMING* MegaMek connections
    iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP –sport 513:65535 –dport 2346 -m state –state NEW,ESTABLISHED -j ACCEPT
    iptables -A INPUT -p udp -s 0/0 -d $SERVER_IP –sport 513:65535 –dport 2346 -m state –state NEW,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -p tcp -s $SERVER_IP -d 0/0 –sport 2346 –dport 513:65535 -m state –state ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -p udp -s $SERVER_IP -d 0/0 –sport 2346 –dport 513:65535 -m state –state ESTABLISHED -j ACCEPT

    ## Drop everything else
    iptables -A INPUT -j DROP
    iptables -A OUTPUT -j DROP

    ## Save iptables rules
    /sbin/service iptables save

    ## List current running rules
    iptables -L -v

Another way to restrict the SSH access of root is:

  • $echo "tty1" > /etc/securetty
    $chmod 700 /root

References/Sources

I will continue to modify this also with other security tips that I find. I will be insalling some archiving tools, and java, so I can play my game. My ultimate goal is to serve a game called MegaMek on from http://www.megamek.info. Then I can play with other people, or have them play on my server when they let me know when they want it up and running. Once it is up and running, I will let everyone know.

Information on Mailing Lists

I recently joined a couple mailing lists, one for CentOS, and another for Cygwin. Since both of those pieces of software are now more prevailent in my life, I need as much help as I can get. Now, the rules for using mailing lists are bascially the same for any old mailing list, but these are aimed at CentOS. For any other mailing list, use the same philosophies and rules and you’ll achieve a pleasureable experience with mailing lists. Below these links are from the CentOS mailing list website which will be listed also. Here are the sites I have mentioned.

<a href=”http://www.centos.org/modules/tinycontent/index.php?id=16&#8243; target=”_blank” rel=”nofollow”>CentOS Mailing List Page</a>

<a href=”http://www.gweep.ca/~edmonds/usenet/ml-etiquette.html&#8221; target=”_blank” rel=”nofollow”>Mailing List Etiquette FAQ</a>

<a href=”http://www.catb.org/~esr/faqs/smart-questions.html&#8221; target=”_blank” rel=”nofollow”>How to ask a question the smart way</a>

<a href=”http://www.caliburn.nl/topposting.html&#8221; target=”_blank” rel=”nofollow”>Why is bottom posting better than top posting?</a>

The top-posting vs bottom-posting topic is basically, do i put my reply on the top or the bottom. I’ve noticed a lot of modern email sites, or programs put the reply on the top, but you can easily change it to the bottom. I feel the main reason for top posting these days is to keep the new information on top, so we don’t get lost in the rest of the email. With mailing lists however, you want to make it as much of a readable story as you can, hence, bottom posting. With work settings, that is not preferable as most of anyone who gets an email wants the BLUF stuff, Bottom Line Up Front.