This too shall pass.
Just in case the article dissapears (it happens). This is a edited version of the following.
“How do I rescan the SCSI bus to add or remove a SCSI device without rebooting the computer?”
To add or remove a SCSI device explicitly, or to re-scan an entire SCSI bus without rebooting a running system: Continue reading “Rescan the SCSI bus w/out rebooting”
Q. What is SWAT?
A. It’s the “Samba Web Administration Tool”
Q. What can I use it for?
A. (shrug )Maybe to quickly setup a SAMBA server etc. 😉 from following my previous howto.
A2. It does have some good info even if you don’t use it for your SMB configuration.
We all know it’s best to use the command line interface (CLI) when learning something,
and most GUI tools don’t give you all the options anyway. However, it’s nice to have a GUI tool when you’re in a rush or you just want to try something new without digging for hours.
This article assumes you have already installed SAMBA. See my previous article if you haven’t.
According to the SWAT docs, it will overwrite you current SMB.conf,
so you may want to backup your current one first.
# Backup the current smb.confsudo cp --preserve=context /etc/samba/smb.conf /etc/samba/smb.conf.pre-swat
# Install the SWAT toolsudo yum install -y samba-swat
# Set the service to launch and start it upsudo vi /etc/xinetd.d/swat (change the disable from yes to no)
sudo /sbin/service xinetd restart
# Browse to
http://localhost:901/
* Addtional Info:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/SWAT.html
Q. What is SAMBA?
A. “Samba is a Free Open Source Software suite that provides seamless file and print services to SMB/CIFS clients.”
Q. Where is SAMBA’s home?
A. http://www.samba.org
Q. Why did you bother writing this?
A. Several reasons, mostly to help myself and others.
Note: You may want to copy/paste this into a txt file for easier reading.
---------------------------------------------
This “entry level” guide will show you how to configure SAMBA in order to let users
browse their home folders under Linux via Windows.
Please note: I write these guides under RHEL/CentOS. However, they should work under any distribution. You still may need to tweak things a little. ;0)
I’m also assuming you have sudo rights. You shouldn’t work from root!
---------------------------------------------
If you’ve installed the default settings for SELinux, it will be in “Enforcing” mode.
# To check your SELinux status. (1 = Enforcing, 0 = Permissive)
[[code]]czozMDpcInNoZWxsJmd0OyAvdXNyL3NiaW4vZ2V0ZW5mb3JjZVwiO3tbJiomXX0=[[/code]]
# If you wish to change the state from Enforcing to Permissive temporarily
[[code]]czozNzpcInNoZWxsJmd0OyBzdWRvIC91c3Ivc2Jpbi9zZXRlbmZvcmNlIDBcIjt7WyYqJl19[[/code]]
If you wish to change it permanently between reboots, alter the /etc/selinux/config file to say Permissive
If you wish to keep using SELinux, I’ll provide the extra step to work with this guide,
other wise just ignore the SELinux “setsebool” command.
NOTE: Review the /etc/samba/smb.conf for addtional SELinux settings.---------------------------------------------
# Install the SAMBA server.
[[code]]czozMjpcInNoZWxsJmd0OyBzdWRvIHl1bSBpbnN0YWxsIHNhbWJhXCI7e1smKiZdfQ==[[/code]]
# Add a user for testing the SMB/CIFS Shared Home directory.
[[code]]czo3MDpcInNoZWxsJmd0OyBzdWRvIC9zYmluL3VzZXJhZGQgc2FtYmF0ZXN0CnNoZWxsJmd0OyBzdWRvIHBhc3N3ZCBzYW1iYXRlc3R7WyYqJl19XCI7e1smKiZdfQ==[[/code]]
# Configure the user “sambatest” smb password.
[[code]]czozNzpcInNoZWxsJmd0OyBzdWRvIHNtYnBhc3N3ZCAtYSBzYW1iYXRlc3RcIjt7WyYqJl19[[/code]]
# Backup the /etc/samba/smb.conf file prior to any changes.
# Edit the smb.conf file and set your “workgroup” / “netbios name” if needed.
[[code]]czoxMTI6XCIKc2hlbGwmZ3Q7IGNkIC9ldGMvc2FtYmEKc2hlbGwmZ3Q7IHN1ZG8gY3AgLS1wcmVzZXJ2ZT1jb250ZXh0IHNtYi5jb257WyYqJl19ZiBzbWIuY29uZi5vcmcKc2hlbGwmZ3Q7IHN1ZG8gdmltIHNtYi5jb25mClwiO3tbJiomXX0=[[/code]]
workgroup = workgroup (this is Windows default group)
netbios name = CENTOS (don’t forget to uncomment this line)
# Set the SMB daemon to start on boot up. (for levels 2345)
[[code]]czozNzpcInNoZWxsJmd0OyBzdWRvIC9zYmluL2Noa2NvbmZpZyBzbWQgb25cIjt7WyYqJl19[[/code]]
# Start the SAMBA daemon.
[[code]]czozODpcInNoZWxsJmd0OyBzdWRvIC9zYmluL3NlcnZpY2Ugc21iIHN0YXJ0XCI7e1smKiZdfQ==[[/code]]
# OPTIONAL (if using SELinux)
[[code]]czo2MzpcInNoZWxsJmd0OyBzdWRvIC91c3Ivc2Jpbi9zZXRzZWJvb2wgLVAgc2FtYmFfZW5hYmxlX2hvbWVfZGlycyBvblwiO3tbJiomXX0=[[/code]]
---------------------------------------------
# You’ll want to edit your iptables/firewall rules to allow connections.
# I would recommend locking this down to local network hosts etc.
# I’ll assume your trusted hosts are on a 192.168.1.0/24 network.
[[code]]czoxMTY6XCIKc2hlbGwmZ3Q7IGNkIC9ldGMvc3lzY29uZmlnCnNoZWxsJmd0OyBzdWRvIGNwIC0tcHJlc2VydmU9Y29udGV4dCBpcHR7WyYqJl19YWJsZXMgaXB0YWJsZXMub3JnCnNoZWxsJmd0OyBzdWRvIHZpbSBpcHRhYmxlcwpcIjt7WyYqJl19[[/code]]
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp -s 192.168.1.0/24 --dport 137 -j ACCEPT-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp -s 192.168.1.0/24 --dport 138 -j ACCEPT-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 139 -j ACCEPT-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT
---------------------------------------------
# From Windows, browse your “workgroup” network and you should now see “CENTOS”
# Simply log in with the account/smbpasswd you’ve created.
---------------------------------------------
Additional Info:
* Official Samba 3.2.x HOWTO and Reference – http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/
* SELinux Guide – http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/
Copying / Moving files and retaining SELinux Contexts – See section “5.10. Maintaining SELinux Labels ”
* Dan Walsh’s SAMBA / SELinux info – http://danwalsh.livejournal.com/14195.html
* IPTables
– https://help.ubuntu.com/community/IptablesHowTo
– http://fedorasolved.org/Members/kanarip/iptables-howto
Well….as I posted not that long ago, Red Hat is changing the way they do business with Virtualization.
See the official news release here.
http://www.redhat.com/about/news/prarchive/2009/agenda.html
It seems they are serious about using KVM for their future, as they scooped up the parent company last Sept. and are gearing towards full swing in RHEL 5.4
http://www.qumranet.com/
😉
I’ve seen various posts about people having issues installing/configuring the vmtools package under their CentOS guest.
So here’s my new “Quick Tip”
Inside your CentOS 5.x guest VM
Install/update the kernel source and gcc packages.
sudo yum -y install kernel-devel gcc
Then under the Vmware host application select “VM “Install Vmware Tools” and the “tools” package will be mounted to your host, simply untar the vmware-tools.tar.gz and run the install script inside.
The script will now use your kernel headers and the gcc packages to compile the needed modules.
You can either follow the on screen instructions to unload/load the required modules or simply reboot.
HTH
Quick Tips from the field.
If you’re running a Linux host with a Linux guest and are having issues with your keyboard keys being mapped wrong inside your VM. (Like my up arrow was remapped to “Print” etc)
Then you can try the following.
edit the following file: /etc/vmware/config
Add the following:
xkeymap.nokeycodeMap = true
save the file.
Make sure vmware isn’t running and restart the vmware services like….
#sudo /etc/init.d/vmware restart
Then launch vmware again.
HTH
This describes how to use the free versions of RealVNC to connect to your RedHat Enterpirse Linux 5 desktop from your Windows XP machine. These instructions might work for RHEL4, CentOS, Windows Vista, and other flavors of Linux, but I haven’t tried them. YMMV.
First download the latest free version for Linux to your RedHat machine from here:
http://www.realvnc.com/cgi-bin/download.cgi
Note:Â Since you are on RedHat, make it easy on yourself and grab the RPM version.
Unzip/Untar the file to extract the RPM, then install it:
rpm -i vnc-4.*.*.*.rpm
Next, you will need to edit the script which launches RealVNC or else it will choke on the font paths. So, as root, edit this file:
/usr/bin/vncserver
You should see a section in that file that looks like this:
# Add font path and color database stuff here, e.g.:## $cmd .= " -fp /usr/lib/X11/fonts/misc/,/usr/lib/X11/fonts/75dpi/";# $cmd .= " -co /usr/lib/X11/rgb";#
To jump to it quickly, just search for the word ‘font’ in your editor.
Now, you want to uncomment and edit the two necessary lines so that it looks like this:
# Add font path and color database stuff here, e.g.:#$cmd .= " -fp /usr/share/X11/fonts/misc/,/usr/share/X11/fonts/75dpi/";$cmd .= " -co /usr/share/X11/rgb";#
Got it? Good. Save that sucker and close it.
You need to be logged in as a non-root user when you fire up the VNC server, lest the application bomb out with errors. So, once you have chosen the user you wish to be, log in and edit this file:
/home/username/.vnc/xstartup
You will want to change the last line to use your GUI of choice (I prefer Gnome).
Change:
twm &
To:
gnome-session &
Save that sucker. Got it? Good.
There is one last thing to do before any of this will work, and that is to open the necessary port in your firewall. On your RedHat box, open the Firewall editor and add port 5901 to the list of allowed ports.
Logged in as the non-root user you decided to run this as, enter the following at the command line:
#> vncserver :1
The first time you run this, you will be asked to create a password. Choose something you will remember by the time you get to your Windows machine to connect in a few minutes.
You should see a few notes about the server being started and the log file being created. And with that, the vnc server is ready for connections from your Windows box.
Now, you need to download and install the free RealVNC viewer to connect to your RedHat machine, which again is available here:
http://www.realvnc.com/cgi-bin/download.cgi
When installing, choose the Viewer option, not the Server option. Once it’s installed, launch the application, and in the Server field, enter the IP or hostname of your RedHat server, followed by :1. For example:
192.168.1.2:1
Click OK, and you should be asked to enter the password you created a few minutes ago. Once you do, if all worked as planned, you should be looking at your RedHat desktop on your Windows machine.
Stopping RealVNC
Sometimes you may need to stop and restart VNC on the RedHat box. To do this, log in at the command line and enter:
#> vncserver -kill :1
It should say something like “Killing process 5036”, letting you know it has been completed.
Getting A Better Resolution
If your Windows box has a monitor running at a resolution different than that of your Linux box, you may want to change the resolution at which RealVNC runs. To do this, just add the desired resolution to the startup command like so:
#> vncserver -geometry 1440x900 :1
Let me just say I’m a big VMware fan. And since they started giving out ESXi for free, I try to pass on the love as much as possible.
However, sticking to open source values is very important to me for many reasons, and I recently discovered Xen is going away in RedHat Enterprise Linux (RHEL). I kinda figured it would die out as soon as Citrix bought up Xen.
So I dug around after a few emails with another virt guy.
Red Hat’s official statement:
http://www.redhat.com/about/news/prarchive/2008/virtualization.html
I guess if you’re sticking with RHEL’s way of doing things, you had better give up on Xen and start working with KVM / Ovirt etc.
It seems Xen will continue to be supported through the 5.x series, as they have lots of customers using it. (hmmm…)
So I guess there will be a tool or some article for transitioning later on.
Ovirt – http://ovirt.org/
KVM – http://kvm.qumranet.com/kvmwiki/Front_Page
FreeIPA – http://www.freeipa.org
However, this is all in a beta area for now.
My thoughts would be to simply go with VMware Server or ESXi server for production and then start testing the KVM solutions for future configurations. That’s just my two cents.
HTH
Just a quick tip that might help out the folks needing something better than gcj and still using an open version of Java.
On CentOS 5.2 :
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-2.noarch.rpm
yum install -y java-1.6.0-openjdk-plugin java-1.6.0-openjdk-devel java-1.6.0-openjdk
😉
Hope that makes someone’s life easier!
The other day I had an old client forward me an email from their credit card processing company, saying that the server upon which their website was hosted failed their PCI Compliance security check. I had never heard of this and was wary that it might be a service they were being tricked into adding on, but upon further investigation, I learned that many credit card processing companies are now instituting this new security policy, which is designed to tighten up security on web servers in order to decrease the chances of credit card theft.
This sounded all well and good, and I figured that with my background in securing servers to meet Department of Defense standards it ought to be a breeze. Little did I know that the server in question would put up quite a battle for the lone reason that it was running Plesk, the web host management tool. I had written off Plesk long ago, having ditched the server I had it running on after many issues with it, and I thought I would never have to work with it again, but alas…
I started Googling, of course, and found some great resources out there which cover the tightening up of Plesk in order to meet PCI compliance.
One of the best articles I found was at linux-advocay.org, which explains how to fix issues with Courier, Qmail, Apache, SSL, and iptables in case you don’t have Plesk’s Firewall add-on.
Also, a fellow by the name of DrJermy writes of his solutions about dealing with Plesk and PCI Compliance.
For some general information about what PCI compliance is all about, check out pcicomplianceguide.org.
My Take
As I worked through the PCI issues with the client who contacted me, I started realizing that the standards by which the server was being scanned were presumptuous in that they didn’t take into account back porting, as implemented by RedHat, and that they were making me fix issues which seemed rather trivial in regards to credit card processing security.
If they really wanted to do something that mattered, they should have a look at the NSA’s hardening guides.