Friday, January 28, 2011

Find and Delete certain files in CentOS Linux

This command can be scripted (needs to be run as root), but this script is not covered here.

Basically what this command does is search a specified directory for a name/filetype and then delete. 
If you run it from the top level directory (/), chances are something important may get deleted. Be sure to specify your folder, it will traverse subfolders.

My particular reason for using this is I need to clean up over 3000 courses in Moodle and remove any old course backups that were used for creating course copies by the site admin. This involves sorting through tens of thousands of folders for course backups.

Bear in mind that this action cannot be undone, so if Lecturers/Teachers manage their own Moodle course backups, this script will not work for you. As always, you should have backups of all necessary files before attempting this sort of activity.


In order to ensure that no unnecessary files get deleted, run the command without the delete section.
find /path/to/your/folder -name \*backup\*.zip

*edit: to pipe the list including the size of the files to a textfile, please see below:
find /path/to/your/folder -size +5k -name \*searchstring\*.zip -exec ls -lh {} \; | awk '{ print $9 ": " $5 }' > /temp/report.txt

much thanks to http://www.cyberciti.biz/faq/find-large-files-linux/ for the size addition
A list of files matching your search string will be displayed.






Breakdown:
find - Linux search command
/path/to/your/folder/ - self explanatory
-name - tells the command to search for specific filenames
\*backup\*.zip - search string, will return the following:
mybackup.zip
mybackup2001.zip
backup2002.zip
will not return:
backup.txt
mybackup.doc
backup1.log
 | xargs -   allows commands to be run from previous query/command
/bin/rm -f - delete command


Now for the cleanup:

find /path/to/your/folder -name \*backup\*.zip | xargs /bin/rm -f

Congrats! All your base are belong to us..err wait, I meant the files should have been deleted.
Rerun the original find command with your search string and it should no longer return any results.



Cheers,
-n

Friday, January 21, 2011

Installing AIDE (Advanced Intrusion Detection Environment) on CentOS 5.x

AIDE (Advanced Intrusion Detection environment) is a great approach to layered security on a Linux Server. This covers a basic install and configuration to run once per day with a report to your email account(or not).
It is recommended to run this on a "Clean" system - i.e one that is perhaps freshly installed and configured before deployment on the web.
Any updates to software or system on the server after this point will trigger false positives, so be sure to update the database after any such work is done.

0. Log in as root

1. Install the package
yum install aide

2. Edit the config file to be able to send to your email address
NOTE: If you do not wish to receive a daily report or you want to inspect the logs manually, skip this section ang go to step 3.


nano /etc/aide.conf
look for the following lines and comment out via # at the beginning of the line
report_url=file:@@{LOGFIR}/aide.log
report_url=stdout
 it should now read:
#report_url=file:@@{LOGFIR}/aide.log

#report_url=stdout
add the following lines immediately below the commented out section as mentioned above:
report_url=mailto:youremail@yourdomain.com
report_url=syslog:LOG_AUTH
save and exit /etc/aide.conf

3. Run AIDE to create the initial database
Steps 3 and 4 will need to be repeated each time you do a system update or modify any configuration files, so be warned. Security and convenience are mutually exclusive.

aide --init

4. Copy the database to default setting - this is the baseline database.
cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz


5.  Run the AIDE first check
aide --check
Expected output in a perfect world:
AIDE, version 0.13.1


### All files match AIDE database. Looks okay!

6. Setup a daily job (in this case to run at 11pm) to run
nano /etc/crontab
if you wish to receive the email as configured in step 2, add to end of file
00 23 * * * /usr/sbin/aide --check /bin/mail -s "$HOSTNAME - Daily AIDE integrity check" youremail@yourdomain.com
if you do not wish to receive any email modify the crontab as indicated below
00 20 * * * /usr/sbin/aide --check

the default logs can be accessed at:
/var/log/aide/aide.log
There will be a list of modified files and or filesystem.

Further information on AIDE as well as troubleshooting can be found here: http://www.cs.tut.fi/~rammer/aide/manual.html

Cheers,
-n

Thursday, January 20, 2011

Installing Tomcat5 on CentOS 5.x

This covers pure installation of the Tomcat server on CentOS alongside Apache httpd, any configurations can be found on the Tomcat site: http://tomcat.apache.org/

0. Login as root (standard rules apply)
 

1. Install the prerequisite packages
yum install -y httpd-devel gcc-java tomcat*

2. Set Auto startup on boot
chkconfig tomcat5 on
service tomcat5 restart

3. Check that the server is operational
From a web browser on the machine (or on the network) type in the following:
http://localhost:8080 (http://your.network.ip.address:8080 from a network machine)
An Apache Tomat testpage should be displayed.

4. Upload a test script
The default tomcat directory is /var/lib/tomcat5/webapps/ROOT/
Create a sample jsp on the server named test.jsp and run it from a browser to ensure the server is operating normally.

cd /var/lib/tomcat5/webapps/ROOT/
nano test.jsp

Paste the following and save the file:
(taken from http://java.sun.com/developer/technicalArticles/xml/WebAppDev/)
**Replace [] with <>**
[HTML][HEAD]
[TITLE]JSP Example[/TITLE]
[/HEAD]
[BODY BGCOLOR="ffffcc"]
[CENTER]
[H2]Date and Time[/H2]
[% 
java.util.Date today = new java.util.Date();
out.println("Today's date is: "+today);
%]
[/CENTER]    
[/BODY]    
[/HTML] 
 5. Access the test script from a web browser
http://localhost:8080/test.jsp (http://your.network.ip.addr:8080/test.jsp)
You should get a yellow page showing the current system date/time.

Cheers,
-n

Wednesday, January 19, 2011

Lost your root password?

Just finished a fresh install of CentOS 5.5, and in my pangs of hunger, I found myself locked out of my root account, as I was unable to remember the bloody password I set 5 minutes ago.

This outlines how to quickly change the root password if locked out.

1. Boot into single user mode. Boot the machine and at the start up options, press a to append to the GRUB loader config.
The following text should be visible
ro root=LABEL=/
Delete any text after this and append the following line (be sure to include a space after the slash)
single
It should look like this
ro root=LABEL=/ single

The Single user prompt should appear after booting:
sh-2.05b#

2. Change the root password
Enter the following command to change the root password:
passwd root

You will be prompted to change and confirm the new root password

3. RebootUpon reboot, you should be able to access the root account.

Cheers,
-n

Thursday, January 6, 2011

2011

2011 is here, and with it some more stuff.
Plans for the next few weeks/months.
NTP
High Availability Load Balancing
...more to come.

-n