How To Install DenyHosts on Ubuntu

What is DenyHosts?

This is a python-script for the protection of  ssh server, like fail2ban, but consumes 

far less memory. The script parses the log file and finds failed login attempts and 

prohibits login from these IP addresses.

Installation steps.

Installation process is simple and contains some steps:

1. Retrieve new lists of packages

sudo apt-get update

2. Installation DenyHosts:

sudo apt-get install denyhosts

If the process is successfully completed, you will see the information of the screen:

After installation you can add your IP address in whitelist:

sudo nano /etc/hosts.allow

and insert following string:

sshd: 12.34.45.678

Where “12.34.45.678” – your IP address

And restart denyhost:

sudo service denyhosts restart

Configuration denyhosts.

After the installation process, the DenyHosts is ready to work, but some 

configuration options are noteworthy. All configuration values are in the file 

/etc/denyhosts.conf

1. PURGE_DENY: removed HOSTS_DENY entries that are older than this 

time.

Default value is empty and all listed ip-addresses remain in the file 

/etc/hosts.deny forever.

2. BLOCK_SERVICE: the service name that should be blocked in 

HOSTS_DENY

Default value = sshd, By default, the service protects only ssh server, but it 

can be customized to other services.

3. ADMIN_EMAIL: if you would like to receive report from denyhosts.

Default value = root@localhost, but you can change this value to your email.

After changing the settings, you should restart the DenyHosts again:

sudo service denyhosts restart

The result of  DenyHosts you can see in the file:  /etc/hosts.deny

Provided by:Forthscale systems, cloud experts

Backup to AWS S3 with duply on Ubuntu

1. Install duply and dependences (as root).
sudo apt-get install duplicity duply python-boto

2. Create backup profile (as root).  
sudo duply bck_profile create

3. Edit profile /root/.duply/bck_profile/conf like as:
GPG_PW='___YOUR GENERATED PASSWORD____'
TARGET='s3://s3-endpoint-name.amazonaws.com/bucket-name/directory/for/backup/'
TARGET_USER='AWS_KEY_ID'
TARGET_PASS='AWS_SECRET_KEY'
SOURCE='/'
MAX_AGE=6M
#MAX_FULL_BACKUPS=1
#VERBOSITY=5
TEMP_DIR=/content
#DUPL_PARAMS="$DUPL_PARAMS --time-separator _ "
#DUPL_PARAMS="$DUPL_PARAMS --short-filenames "
MAX_FULLBKP_AGE=1W
DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE "
VOLSIZE=200
DUPL_PARAMS="$DUPL_PARAMS --volsize $VOLSIZE "

4. Edit /root/.duply/bck_profile/excludes to include the list of non wanted directories such as:
- /dev
- /home/*/.cache
- /home/*/.ccache
- /lost+found
- /media
- /mnt
- /proc
- /root/.cache
- /root/.ccache
- /run
- /selinux
- /sys
- /tmp
- /var/cache/*/*
- /var/log
- /var/run
- /var/tmp

5. Tun a full backup test:
sudo duply bck_profile backup

6. Configure crone for daily backup:
sudo crontab -e 
and  add:
0 2 * * * duply bck_profile backup

7. Some useful commands to operate your backup:
To get current list of present backups.
sudo duply status
To restore all files from last backup to /target_dir
sudo duply restore /target_dir
To restore directory etc from last backup to /target_dir
sudo duply fetch etc /target_dir

Note:
 All backups early than MAX_FULLBKP_AGE=1W will be incremental, every MAX_FULLBKP_AGE=1W will create full backup.

Provided by:Forthscale systems, cloud experts

Creating a RAID device on Amazon AWS Elastic

Following procedure is for creating a software (OS managed) RAID disk devices.
EBS (Amazon web services elastic block storage) does not provide any RAID abilities by itself.
But you can use Linux SW raid option to increase either speed or device redundancy.
This tutorial will show you how.

First install RAID management tool on target EC2 instances

For Debian based (Debian, Ubuntu) execute: 
apt-get install mdadm
For Red Hat based (RHEL, Oracle linux, CentOS) execute:
yum install mdadm
For Gentoo execute:
emerge mdadm

Now prepare the EBS devices.

Create desired EBS volume
Attach new EBS volumes to EC2 instance and write down the device name (for example xvdf and xvdg)

Now you can create the RAID device from them.

Set up RAID 0 on this EBS instance with the following command:
  mdadm --create --verbose --auto=yes /dev/md0 --chunk=256 --level=0 --raid-devices=2 /dev/xvdf /dev/xvdg
   blockdev --setra 65536 /dev/md0

Now verify that the raid device /dev/md0 exists
cat /proc/mdstat

Next step is to add devices to the mdadm.conf file (main sw raid configuration file)
   echo DEVICE /dev/xvdf /dev/xvdg | sudo tee /etc/mdadm/mdadm.conf
 
Add the other device info about /dev/md0 to the mdadm.conf file so that it comes back on reboot
   mdadm --detail --scan | sudo tee -a /etc/mdadm/mdadm.conf

Filesystem

One RAID is set up , you can create a file-system on it, we usually propose XFS, but you can use any file system (ext3/4, zfs or reiserfs)
  
To create XFS file system, you will need to install support for it first.
For Debian based (Debian, Ubuntu) execute: 
apt-get install xfsprogs
For Red Hat based (RHEL, CentOS) execute:
yum install xfsprogs
For Oracle Linux:
Log in to ULN, and subscribe your system to the ol6_x86_64_latest channel.
Then run:
yum install xfsprogs xfsdump 
For Gentoo execute:
emerge xfsprogs 

Once installed, execute
mkfs.xfs -f /dev/md0
to create an actual filesystem on your new RAID device.
  
Now you can mount the file system
   mkdir /MOUNTPOINT (for example /raid)
   mount /dev/md0 /MOUNTPOINT (for example /raid)
 
Verify the volume exists and the size you expected
df -h 
 
Edit /etc/fstab to make sure mount point comes back on reboot
/dev/md0 /raid xfs noatime,noexec,nodiratime 0 0

You have the new RAID based partition in your system.
Same procedure will work on both public EC2 cloud and VPC.

Provided by:Forthscale systems, cloud experts

Started telling our story in a comics way

We at #teamforthscale know how to work and know how to have fun. this is our story and we stick to it. Part one :

Post by Forthscale: cloud, scalability and high performance infrastructure experts.

Fixing Fujitsu LIFEBOOK UH572 Touchpad on OpenSuSE 13.1

1. open a terminal or change to /etc/default/ in a file manager
2. run # edit as a superuser file /etc/default/grub
3. go to the line containing: GRUB_CMDLINE_LINUX
4. add "i8042.notimeout i8042.nomux" to the string in quotes
5. save and exit
6. run # sudo grub2-mkconfig -o /boot/grub2/grub.cfg
7. init 6 (reboot)

Provided by:Forthscale systems, cloud experts

Fixing Can't locate object method "new" via package "Gnome2::Vte::Terminal" in pac-manager on opensuse

Perl updates in OpenSuSE can interfere with libraries provided in Pac-manager itself.
As a symptom you will not be able to connect to sessions and can see error message in console similar to:
"Can't locate object method "new" via package "Gnome2::Vte::Terminal""
you need to clean those using:
find /usr/share/pac-manager/ -name "Vte.so*" -exec rm {} +
and it start pac manager normally.

Provided by:Forthscale systems, cloud experts

PPTP server on AWS Ubuntu instance

Simple VPN server configuration for easy VPN access to AWS using built in Windows VPN client.

First to install pptp server package.

sudo apt-get install pptpd

Now to configuration:

edit /etc/pptpd.conf

option /etc/ppp/pptpd-options

logwtmp

localip 172.20.0.1 

remoteip 172.20.0.10-50

edit  /etc/ppp/pptpd-options

refuse-pap

refuse-chap

refuse-mschap

require-mschap-v2

require-mppe-128

ms-dns 8.8.8.8

ms-dns 8.8.4.4

proxyarp

nodefaultroute

lock

nobsdcomp

mtu 1420

mru 1420

edit  /etc/ppp/chap-secrets 

# client        server  secret                  IP addresses

client1      pptpd   secret1      *

client2      pptpd   secret2      *

Add to /etc/rc.local

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -t mangle -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

iptables -t mangle -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Run:

/etc/rc.local

service pptpd restart

Done.

Provided by:Forthscale systems, cloud experts

fixing missing apt-add-repository command

You might need to use apt-add-repository script and will get a missing command error. For example:
sudo: apt-add-repository: command not found

in order to fix that you nred to install  python-software-properties package

# apt-get install python-software-properties

That's it.

Provided by:Forthscale systems, cloud experts

How to disable network manager Red Hat 6 based distributions (RHEL, CentOS, Oracle Linux)

To stop Network Manger ( for example then using pacemaker cluster) execute as root:
# service NetworkManager stop
To prevent Network Manager Service from starting at boot execute as root:
# chkconfig NetworkManager off

Keep in mind that you now need to manually configure your network interfaces.

Provided by:Forthscale systems, cloud experts

How to turn off SELINUX in Red - Hat based distributions including CentOS, Oracle Linux and Fedora?

To check  if SELinux is running execute following command:
# getenforce

To disable it, execute the following command:
# setenforce Permissive

This will put selinux in a passive (allow all) mode and last until the machine is rebooted.
 To permanently disable it, change SELINUX= line in: /etc/sysconfig/selinux.


Provided by:Forthscale systems, cloud experts

working and tested USB install procedure for RH 6 based distributions (RHEL 6.x, CentOS 6.x, Oracle Linux 6.x and others)

We needed to install CentOS 6.4 machines with USB and got into absolute madness. All RHEL cones have no working procedure and workarounds consisted of using FAT32 partition with 3rd party tools (problematic with install ISO files greater than 4GB) or multiple partitions and remounts. Until we found a very simple solution that did not work as well and fixed it.

To create the USB You will need:

• Red hat based distribution to create the USB (in our case CentOS-6.4-x86_64-bin-DVD1.iso). 
• Actual CD iso image 
• Fedora livecd-iso-to-disk script

Steps are very simple:
Insert the USB stick to the port.
You need to find out the device name (for ex. /dev/sdb1 )
On systems with auto-mount just run df -h or plug it in and run dmesg | tail -20

Install livecd tools:
yum install livecd-tools

Make sure it is bootable  (for ex. /dev/sdb1, via editing it`s parent - sdb ):
/sbin/parted /dev/sdb
(parted) toggle 1 boot
(parted) quit

Format it with ext3 (does not support ext4)
mkfs.ext3 /dev/sdb1

Prepare the USB (for example using CentOS 6.4):
livecd-iso-to-disk --reset-mbr CentOS-6.4-x86_64-bin-DVD1.iso /dev/sdb1

Your USB is ready, it will boot but fail to install since it is missing install root, so we need to fix it.
Edit exlinux.conf, you will see something similar to:
append initrd=initrd.img stage2=hd:UUID=791fc126-638c-4f28-8837-f3c2eae31e57:/images/install.img repo=hd:UUID=791fc126-638c-4f28-8837-f3c2eae31e57:/

what is mising is directive "root=" so you need to switch the line to something similar to: 
append initrd=initrd.img root=UUID=2cd71b0d-09a0-47b6-97ef-02c3fa90e9d3 repo=hd:UUID=2cd71b0d-09a0-47b6-97ef-02c3fa90e9d3:/

save the file and boot fro USB. It will install your OS.

Provided by: Forthscale systems, cloud experts

Accessing NoMachine NX Server as root

IN a default installation on NX server root access is disabled. To allow root login just follow those simple steps.

Edit file:
/usr/NX/etc/server.cfg

and substitute line reading

#EnableAdministratorLogin = "0" 
to:
EnableAdministratorLogin = "1"
save the file and exit.

and run in shell as a root user:

/usr/NX/bin/nxserver --useradd root

this is it. Changes will take affect immediately.

Setting up updates with public yum server for Oracle Enterprise Linux

Oracle provides a free and public yum server to update it`s Enterprise Linux distribution.
It is easy to set-up and it supports versions 4, 5 and 6.

To set up public repositories for different versions, download configuration file (for ex. with wget)

In Oracle Enterprise Linux 6.x

# cd /etc/yum.repos.d
# wget https://public-yum.oracle.com/public-yum-ol6.repo

In Oracle Enterprise Linux 5.x
# cd /etc/yum.repos.d
# wget https://public-yum.oracle.com/public-yum-el5.repo



In Oracle Enterprise Linux 4, Update 6 or Newer
# cd /etc/yum.repos.d
# if you have old repo file then:
# mv Oracle-Base.repo Oracle-Base.repo.disabled
# wget https://public-yum.oracle.com/public-yum-el4.repo

You can verify new configuration with:
#  yum list

And execute update with :

# yum update

Provided by: Forthscale systems, scalable infrastructure experts

Vertica installation tutorial

        

How to install Vertica Analytic Database

Download Vertica

Download Vertica RPM from the site http://www.vertica.com/

For this tutorial we are using Community Edition 6.1.2-0, which is the latest version so far. This version has bug, that need to fixed manually in multiple nodes install, the bug will be fixed in next versions.

Server preparation

Before installing Vertica few things must be done on the server and some of the are optional(but strongly suggested). All this steps must be done on all nodes if installing multi node solution.        

Must configurations

• Install Linux OS - we are using Centos 6.4 for this tutorial
• Check that the server is has at least 1 GB RAM free(minimum for install, we suggest     to have more memory for normal usage)

[root@vertica01 ~]# free -m

            total       used       free     shared    buffers     cached

Mem:          1877        465       1412          0         14        343

-/+ buffers/cache:        106       1770

Swap:         3039          0       3039

• Server need at least 2GB of swap

[root@vertica01 ~]# free -m

            total       used       free     shared    buffers     cached

Mem:          1877        465       1412          0         14        343

-/+ buffers/cache:        106       1770

Swap:         3039          0       3039

• Disable SELinux.

[root@vertica01 ~]# vi /etc/sysconfig/selinux

SELINUX=disabled

• Disable firewall (for multiple nodes install). If you system must have firewall ensure that this ports are open and not used:

Port	Protocol	Description
22	TCP	SSH
5433	TCP	Vertica Client
5433	UDP	Vertica Spread
5434	TCP	Vertica cluster communication
5444	TCP	Vertica Management Console
5450	TCP	Vertica Management Console
4803	TCP/UDP	Spread
4804	UDP	Spread
4805	UDP	Spread

• Verify that pam_limits.so module is configured for su command

[root@vertica01 ~]# vi /etc/pam.d/su

session required pam_limits.so

• For multiple node install add nodes names and IP’s to /etc/hosts file for name resolution. Add it even if you’re using DNS server for faster resolution. Also add master host name and IP to it self, Vertica is not checking on what host it’s running

[root@vertica01 ~]# vi /etc/hosts

192.168.122.01  vertica01

192.168.122.02  vertica02

192.168.122.03  vertica03

• For multiple node install make sure that root and DB management (default is     dbadmin) are able to ssh between the nodes without a password. The root user ssh is used at the install only

http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/                    

Suggested configurations

• Configure and     start NTP service
• Disable CPU Frequency Scaling in BIOS
• Configure I/O scheduler to deadline, noop or cfq

[root@vertica01 ~]# vi /boot/grub/grub.conf

Add elevator=<name> to kernel line

Single Node

Once the system is ready for installation you may install the RPM you have downloaded from the Vertica

[root@vertica01 ~]# rpm -ivh vertica-6.1.2-0.x86_64.RHEL5.rpm

RPM will add new directory under /opt with Vertica installation and management scripts. For the basic install run the script with one parameter that indicates DB admin user, with this parameter the script will try to recreate it:

[root@vertica01 ~]# /opt/vertica/sbin/install_vertica -u dbadmin

When the script finish to run you have Vertica installed on single node. You can use admin tools to create new DB:

[root@vertica01 ~]# /opt/vertica/bin/adminTools

Multiple Nodes

Multi node installation uses the same script that is ran only on one server(master) that will install Vertica on the rest of the nodes. To install installation script, install same RPM

[root@vertica01 ~]# rpm -ivh vertica-6.1.2-0.x86_64.RHEL5.rpm

The script will copy the RPM to the rest of the nodes so it's important to have passwordless SSH between the nodes for root user and configure all the nodes in the /etc/hosts. Run the installation script with few more parameters:

-s     – nodes list comma-seperated

-r     – path to the Vertica installation RPM file, to install on rest of the nodes

-u    – DB admin user with password less SSH login between the nodes

-T     – point-to-point nodes communication, used when nodes are not on the same subnet or when nodes are virtual machines

[root@vertica01 ~]# /opt/vertica/sbin/install_vertica -s node01,node02,node03 -r ~/vertica-6.1.2-0.x86_64.rpm -u dbadmin -T

Installation will take more time as it installing on couple of nodes and doing system and networks tests. Once it done you can create new DB and check that it’s working on all the nodes

[root@vertica01 ~]# /opt/vertica/bin/adminTools

Common problems

Installation bug – installation fails with Error: invalid literal for int() with base 10: '8%'    

This is bug in Centos/Red Hat installation confirmed by Vertica, current solution is manual fix. Open /opt/vertica/oss/python/lib/python2.7/site-packages/vertica/network/SSH.py on line 1982 change

df /tmp | tail -1 | awk '{print $4}'

to

df -P /tmp | tail -1 | awk '{print $4}'

Network tests fails without error:

Installation will not succeed if the SSH fails between the nodes. If you never SSH from vertica01 to vertica02 the system will ask to add it's fingerprints to know_hosts file, but installation script can't do it by it's own. There are two workarounds for this:

• Make manual     SSH between all the nodes for the first time
• Change or add StrictHostKeyChecking no to /etc/ssh/ssh_config on all the nodes, this will cause SSH not to check server fingerprints with known_hosts. You can read more about here: http://linux.die.net/man/5/ssh_config

Provided by: ForthScale systems, scalable infrastructure experts