Tuesday, February 28, 2012

Prevent a rpm from Being Updated via patching

A common scenario - unneeded packages got updated via patching and a working application Stopped functioning.

If you you don't want to update it even if a newer version is available YUM actually has a plugin called yum-versionlock.

1. Install the yum-plugin-versionlock package.

2. Make sure - /etc/yum/pluginconf.d/versionlock.conf exists, and contains the following text: enabled = 1

3. Add the list of packages which you do not want to be updated to /etc/yum/pluginconf.d/versionlock.list.

Each package should go on its own line. For example:

screen-4.0.3-4.el5

desktop-backgrounds-basic-2.0-37


That's it!!


[root@svn01dev ~]# yum install screen
Loaded plugins: security, versionlock
Reading version lock configuration
Setting up Install Process
Nothing to do
[root@svn01dev ~]#

Cheers!
D E B A

Monday, February 27, 2012

Automatically reboot server On kernel panic

There is a way to auto reboot your servers on Kernel Panic. This is helpful in a situation where your servers are remote and needs time to arrange a hard reboot.

echo X>/proc/sys/kernel/panic , where X is the timeout in seconds, The kernel waits X seconds and reboots.

e.g. echo "1" > /proc/sys/kernel/panic

Above it is 1 sec. BUT usually I keep it 10sec or more to believe that the problem was transitory.

  1. kernel.panic = 1 initiates a hard system reboot whenever the system runs into a kernel panic.
  2. kernel.panic_on_oops = 1 extends that behavior to oopses (the kernel will then treat any oops just like it treats a panic)

Thanks/-
DK

Sunday, February 26, 2012

insecure password practice in Wget

Wget 1.12 onwards - you don't have to specfy password on command line itself - rather use somethign as below:

wget --user=cvs --ask-password http://svn1.codemagicstore.com/Tools/trunk/WebSense/deploy/secureTools.war -O /cvs/secureTools.war

However since script should also be unattended - please user user/pasword pair in /etc/wgetrc OR ~/wgetrc

user=cvs
password=secret


Thanks/-
D E B A

Saturday, February 25, 2012

space command

Someone was fuming why do you provide password at console! anyone can see it later.

Yo Dawg!

if I a prefix a space in my linux command it does not save it in History!

-DK


Wednesday, February 22, 2012

magic SysRq key to reboot server ..

I am sure most of has seen this issue earlier -

[root@DebaTestBox ~]# reboot
bash: /sbin/reboot: Input/output error
[root@DebaTestBox ~]# shutdown -r now
bash: /sbin/shutdown: Input/output error

Whats the rescue - call the data center guy and hard reboot.

WAIT!! **Just try this :

Theere is some issue with your disc for sure and thats why the kernel is unable to access the '/sbin/reboot' and '/sbin/shutdown' binaries from the disk so that it could execute them.


A fsck in next boot is mandatory now BUT what you need right away is - some way to reboot this BOX. Do we have something to tell the kernal bypassing anything or any command on disc.

Yes!

There is this "magic SysRq key" for your rescue.


First you must activate the magic SysRq option:

How To:

echo 1 > /proc/sys/kernel/sysrq

When you are ready to reboot the machine simply run the following:

echo b > /proc/sysrq-trigger

(Note: This will reboot your server, without trying to umount any file system)

BUT pleas remember this should only be used in dire situation as it wont do any umount of the currently mounted file systems. BUT if your drive is already failing then that may not be a concern.

Make the Sysrq setting permanent -

echo "kernel.sysrq = 1" >> /etc/sysctl.conf

More magic keys here

Thanks/-
D e b a

Sunday, February 19, 2012

SSL cert Expiry Date

Why to depend on some sites for this - be a geek and use your Bash Shell ^_^

[root@DebaTestBox ~]# openssl s_client -showcerts -connect mySite.com:443 > mySite.cert < / dev / null

[root@DebaTestBox ~]# openssl x509 -in mySite.cert -text -noout | awk '/After/ || /DNS/'
Not After : Feb 9 01:21:59 2013 GMT

[root@DebaTestBox ~]#

Thanks/-
DK

GoLive Checklist

Usually we start a project against a SOW(Statement Of Work) and until goLive or final Beta testing we do a lot of communication back and forth to respective BU and try to make sure things at our end is perfect and communication keeps flowing. BUT running behind various deadlines we feel to have a checklist just to make sure things are still looking tidy and various servers for the said project is healthy and hardened enough to face the cruel(!) traffic.

Please find this link to download my GoLive checklist!

[***Download here***]

Hope it helps!

-DK

CICD Assessment

( A story on -  how we formulated a process around measuring and achieving CICD, and  how these journey lines has now become a means t...