Uncomment this and restart proftpd:
# Use this to jail all users in their homes
DefaultRoot ~
proftpd jail user to home directory
Reply
Author Archives: ForDoDone
monitor host for slow ping times
When there is intermittent network latency to a host, it’s important to monitor a it for a pattern. Using ping can help narrow down what is causing the latency. VMWare load, bandwidth limitations, employee work patterns, backups, and many other sources could be the cause of the latency.
while true; do j=`ping <slowhost> -i1 -c1 2>&1 | grep icmp_req | awk '{print $7}' | cut -d = -f2 | cut -d . -f1`; if [ $j -gt 30 ]; then date | tr '\n' ' '; echo $j; fi; sleep 1s; done;This does a ping every second, and if it’s over a threshold (30ms in this case) it is considered unacceptable and logged with date.
see what groups a Linux user belongs to
# groups wp
wp : sftpusers www-dataget uptime from Cisco switch or router
switch> show version | include uptime
switch uptime is 1 year, 46 weeks, 5 days, 4 hours, 51 minuteshot reconfigure haproxy without restart
If you don’t want to loose all of your current connections, you need to get haproxy to reload the new configuration without stopping and starting.
# haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -sf $(cat /var/run/haproxy.pid)The -sf flag is for a soft reset.
NetApp access NTFS CIFS share from Unix host via NFS
NTFS vs. Unix style volume settings have nothing to do with which hosts can mount the volume, they have to do with permissions. To access a NTFS volume via NFS, first allow rw or root mounting in /etc/exports (you do have your root vol mounted on your admin boxes right?):
# sed -i '/cifsshare/d' /mnt/toaster/vol0/etc/exports
# echo '/vol/cifsshare -sec=sys,rw,root=someadminhost:anotherlinuxbox,anon=0,nosuid' >> /mnt/toaster/vol0/etc/exports
# ssh toaster
toaster> exportfs -a
toaster> Connection to toaster closed by remote host.
Connection to toaster closed.
#Mount the volume on your administration host and list the directory:
# mkdir -p /mnt/toaster/cifsshare
# mount toaster:/vol/cifsshare /mnt/toaster/cifsshare
# cd /mnt/toaster/cifsshare
# ls
ls: .: Permission denied
#
# whoami
root
#So even though we are able to mount this share via NFS, the NTFS permissions do not let us see what’s there. Check the filer to see what permissions context it has for ‘root’.
toaster> wcc -u root
Tue Jul 16 09:11:57 PDT [toaster: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: LSA lookup: Lookup of account "DOMAINNAME\root" failed: STATUS_NONE_MAPPED (0xc0000073).
(NT - UNIX) account name(s): (DOMAINNAME\guest - root)
***************
UNIX uid = 0
user is a member of group daemon (1)
user is a member of group daemon (1)
NT membership
DOMAINNAME\Guest
DOMAINNAME\Domain Guests
DOMAINNAME\Domain Users
BUILTIN\Guests
BUILTIN\Users
User is also a member of Everyone, Network Users,
Authenticated Users
***************
toaster> Looks like the filer doesn’t recognize the user ‘root’ and sees it as a guest. This explains why we might not have permissions in the ‘cifsshare’ mount. The solution is to add a user mapping so that user ‘root’ is recognized as ‘administrator’ for the domain ‘DOMAINNAME’. Make an entry in usermap.cfg (you do have your root vol mounted on your admin boxes right?):
echo 'DOMAINNAME\administrator == root' >>/mnt/toaster/vol0/etc/usermap.cfgNow let’s see what user ‘root’ is seen as from the view of the filer:
toaster> wcc -u root
Tue Jul 16 09:12:30 PDT [toaster: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: LSA lookup: Located account "DOMAINNAME\administrator" in domain "DOMAINNAME"..
(NT - UNIX) account name(s): (DOMAINNAME\administrator - root)
***************
UNIX uid = 0
user is a member of group daemon (1)
user is a member of group daemon (1)
NT membership
DOMAINNAME\administrator
DOMAINNAME\Enterprise Admins
DOMAINNAME\Exchange Recovery Administrators
DOMAINNAME\Schema Admins
<a ton of other stuff here>
BUILTIN\Administrators
BUILTIN\Users
User is also a member of Everyone, Network Users,
Authenticated Users
***************
toaster>
Now we have all the privileges that the domain administrator has, and we can view, list, and alter files that the domain administrator has permissions for. In a production environment, you could just map a Linux admin jdoe to DOMAINNAME\jdoe assuming they had domain admin permissions.
change mysql password
Here’s one way to change a mysql password:
mysql> use mysql;
mysql> update user set password=PASSWORD("NEWsecretPASSWORD123") where User='ForDoDone';authorized ssh keys for ESXi 5.1
They go here:
# ls -l /etc/ssh/keys-root/authorized_keys
-rw------T 1 root root 1572 Jul 9 22:24 /etc/ssh/keys-root/authorized_keysYou can put them on the kickstart server and get them during install using this line in the ks.cfg file:
# install ssh keys
wget http://10.101.40.41/preseed/ESXi/5.1/authorized_keys -O /etc/ssh/keys-root/authorized_keys
increase max number NFS mounts in ESXi 5.1
# esxcli system settings advanced set -o /NFS/MaxVolumes -i 256get directory mtime in unix time
In scripts when you need to compare last modification date of directories, you can get the date using stat in a unix timestamp or seconds from the Epoch:
# stat -c '%Z' /usr/local/sbin
1373673278
Using date you can get the same format like this:
# date +%s
1373673486You could use this in a script to do something if a directory is older or newer than some amount of time:
#!/bin/bash # FILE: sync_usr_local_sbin.sh # AUTHOR: ForDoDone <fordodone at email.com> # DATE: 2013-07-12 # NOTES: syncs /usr/local/sbin to hostxyz if it's been modified in the last 5 minutes # now=`date +%s` uls_lastmtime=`stat -c '%Z' /usr/local/sbin` uls_diff=$(echo $now - $uls_lastmtime |bc) if [ $uls_diff -lt 300 ] then rsync -a /usr/local/sbin/ hostxyz:/usr/local/sbin fi
Of course rsync has a bunch of options to check whether it needs to do an update of files, this is just an example.