-
SSH Installation in ESX Server
2007-08-31 15:08:18
1. First, install the following three packages first and the packages can be found under \\192.168.4.183\Platforms\ESX\ESX 2.5.0\32bit\Packages
openssl-0.9.7l.tar.gz
zlib-1.2.3.tar.gz
openssh-3.9p1.tar.gz
pam-0.75-66.i386.rpm
pam-devel-0.75-66.i386.rpm
Details of the installation....
==========================
gunzip openssl-0.9.7l.tar.gz
tar xf openssl*
cd openssl*
./config
make
make install
gunzip zlib*
tar xf zlib*
cd zlib*
./configure
make
make install
gunzip openssh*
tar xf openssh*
cd openssh*
./configure --with-pam
make
make install
Q: The error message "configure: error: PAM headers not found" when running the command "./configure --with-pam"
A: You need to install the pam-devel packages [pam-0.75-66.i386.rpm and pam-devel-0.75-66.i386.rpm]
==========================
2. Create the sshd and ssh link for the scrīpts
# rm -rf /usr/sbin/sshd
# rm -rf /usr/bin/ssh
# ln -s /usr/local/sbin/sshd /usr/sbin/sshd
# ln -s /usr/local/bin/ssh /usr/bin/ssh
3. Create an sshd startup/shutdown scrīpt.
Run the following command and input the contents as below. [Please make sure that the location of the command "kill" is correct. In some platforms, the command "kill" is under "/usr/bin".]
# vi /etc/init.d/sshd
===================================
#!/bin/sh
case "$1" in
'start')
/usr/local/sbin/sshd
;;
'stop')
/bin/kill `/usr/bin/head -1 /var/run/sshd.pid`
;;
'restart')
/bin/kill -HUP `/usr/bin/head -1 /var/run/sshd.pid`
/usr/local/sbin/sshd
;;
*)
echo "Usage: $0 { start | stop | restart }"
exit 1
;;
esac
exit 0
========================================
# chown root:root /etc/init.d/sshd
# chmod 744 /etc/init.d/sshd
# ln -s /etc/init.d/sshd /etc/rc2.d/S98sshd
4. Start sshd.
# /etc/init.d/sshd start
5. Restart sshd
# /etc/init.d/sshd restart -
how to check the files which are packaged in softwares
2007-08-13 19:29:28
RPM package.
For RH Linux, FC Linux, SUSE Linux, CentOS, Scientific Linux, Oracle Linux
Command:
rpm -qpl rpm_package_name(centrifydc-3.0.7-733-rh9-i386.rpm)
FYI:
http://fanqiang.chinaunix.net/a1/b1/20020520/060201228.html
*************************************************************************************
DPKG package.
For Debian, Ubuntu
Command:
dpkg -L Installed_packgae_name(CentrifyDC)
*************************************************************************************
.tgz (Solaris)
-
HPUX 11.11 RISC
2007-07-27 14:38:09
1. 进入single user mode
a. reboot machine
b. type anykey to terminate the booting program
c. main shown, and type 'Y'
d. Type 'hpux -is'
e. Type 'fsck' to fix filesystem
f. Type 'mount /usr, /var, /tmp, /etc....', mount 到有需要的文件系统
h. 修改一些已损坏的文件, 包括更新root的password(要在normal mode)
-
Root mapping user Login in these situation
2007-07-27 14:32:55
1. create root mapping ad user.
a. stop adclient daemon --- adclient is not running.
1) login as root user with root's local password --- succeed
2) login as root user with root's ad password --- failed
b. disconnected network of DC or shutdown DC
1) login as root user with root's local password --- failed
2) login as root user with root's ad password --- failed
-
测试用例
2007-07-18 18:08:26
1. 等价类
a. 如果两个测试结果的预期结果相同, 它们就是等价的.
例如:
case1, user1 有两种登陆形式 (@, /), 并且两种登陆形式的username是相同的. 既:user1@domain.name, domain\user1.
case2, 两种登陆形式的username不同. 既,user1@domain.name, domain\user1sam.
按照这两个case, 我们需要建立两个user, 但实际上只用创建一个user, 使它的的两种登陆名字不同.这样我们既能测试user1@domain.name, 也能测试domain\user2.
-
7.0.4 - Install and configure ubuntu desktop and server
2007-07-18 15:34:22
How to change root's password on Ubuntu.
1. Login as the user created during the installation
2. Run the command "sudo passwd root" to change the password of "root"
3. Login as root with the changed password --- Work fine...:-)
Xwindow installtion
Ubuntu Desktop
X-Window is one of the component and we don't need to do any additional work.
Ubuntu Server
Ubuntu Server which does not have X Windows installed because it is the server version and not the desktop version. You may want to try installing XWindows (sudo apt-get install x-window-system gnome gdm ) or install the Ubuntu desktop version (sudo apt-get install ubuntu-desktop).
# apt-get install x-window-system gnome gdm
Reboot machine after finish the installation and X window will start successfully.
UI Login problem
A message box with the following message occurred when starting the UI.
Can't open file /usr/share/gdm/themes/Human/Human.xml
You can install the package of "ubuntu-artwork" to fix the problem.
apt-get install ubuntu-artwork
Configure machine to allow root to login
1. Open System --> Administration --> Login Window
2. Click "Security" tab in the dialog of "Login Window Preferences"
3. Make sure to check-on the two boxes in the tab.
- Allow local system administrator login
- Allow remote system administrator login
Installing VMware Tools
Go to the text mode by running the command "/etc/init.d/gdm stop"
# apt-get install build-essential linux-headers-`uname -r` [run "uname -r" to get the kernel version first]
# mount /dev/cdrom /mnt
# cd /tmp
# tar xzf /mnt/VM*.tar.gz
# cd /tmp/vmware-distrib
# sudo ./vmware-install.pl
OpenSSH, Telnet, FTP, RSH, Rlogin Configuration
Ubuntu Desktop
Login as root and run the command below --- The desktop must be able to access internet.
apt-get install openssh-server
apt-get install telnetd
apt-get install ftpd
apt-get install rsh-server
reboot
Ubuntu Server
Put the installation cd to the cd-rom and run the following commands
apt-cdrom add
apt-get install openssh-server
apt-get install telnetd
apt-get install ftpd
apt-get install rsh-server
reboot
Configure IP Address
Because the Ubuntu installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to our needs (in this example setup I will use the IP address 192.168.5.213)
Run the command "vi /etc/network/interfaces" and modify the file to look like below
============================================================
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.5.213
netmask 255.255.252.0
network 192.168.5.0
broadcast 192.168.7.255
gateway 192.168.4.1
==============================================================
Then restart network by running the command "/etc/init.d/networking restart"
Then edit the file of /etc/hosts. Make it look like this:
==============================================================
127.0.0.1 localhost.localdomain localhost
192.168.5.213 hostname.example.com hostname
==============================================================
Reboot the machine.
-
6.0.6 - Install and configure ubuntu desktop and server
2007-07-18 15:30:37
How to change root's password on Ubuntu.
1. Login as the user created during the installation
2. Run the command "sudo passwd root" to change the password of "root"
3. Login as root with the changed password --- Work fine...:-)
Xwindow installtion
Ubuntu Server 6.0.6
Ubuntu Server which does not have X Windows installed because it is the server version and not the desktop version. You may want to try installing XWindows.
Xfce UI
# sudo apt-get install xubuntu-desktop
GNOME
# sudo apt-get install ubuntu-desktop
Reboot machine after finish the installation and X window will start successfully.
Installing VMware Tools
Go to the text mode by running the command "/etc/init.d/gdm stop"
# apt-get install build-essential linux-headers-`uname -r`
# mount /dev/cdrom /mnt
# cd /tmp
# tar xzf /mnt/VM*.tar.gz
# cd /tmp/vmware-distrib
# ./vmware-install.pl
OpenSSH, Telnet, FTP, RSH, Rlogin Configuration
OpenSSH
Put the installation cd to the cd-rom and run the following commands
apt-cdrom add
apt-get install openssh-server
Telnet and FTP
# sudo apt-get install telnetd
# sudo apt-get install ftpd
If you failed to install Telnet and FTP using the way above.
Get the packages below \\192.168.4.183\Platforms\LINUX\Ubuntu\6.0.6
netkit-inetd_0.10-10.2ubuntu1_i386.deb
telnetd_0.17-32_i386.deb
ftpd_0.17-21_i386.deb
and then run the following commands
# sudo dpkg -i netkit-inetd_0.10-10.2ubuntu1_i386.deb
# sudo dpkg -i telnetd_0.17-32_i386.deb
# sudo dpkg -i ftpd_0.17-21_i386.deb
# sudo /etc/init.d/inetd restart
-
Ethereal: Capture
2007-07-18 14:53:30
Capture 工具.
1. Setting
a. open -> click 'Capture' -> select 'Optioin' -> select Interface (e.g interface = "VMware Accelerated AMD PCNet Adapter:\Device\NPF_{8C3FFC44-70AF-4DAF-93DC-5B9F1DE6454F}".
b. In Option page, select all 'Display option" and 'Name resolution'
c. In Option page, select 'Capture Filter' drop-down box, and input host information that you want to capture. (e.g. host 192.168.6.146 && host 192.168.4.134) -- this can capture all information which transfered between two hosts.
-
Pam
2007-07-17 17:51:33
pam 的验证
1. pam的libary -- adclient
2. pamdoeslegacyconflictexist -- 检查login的user是否存在uid/username 冲突. 如果没有, 验证通过.
3. get password
4. Pamverifypassword -- verify password. 验证password是否正确.
5. pam success
pam account managment
1. pamIsUserAllowAccess -- 检查user是否被允许登陆.如果是zone account enabled, ad account enabled, license is ok, workstation is allowed, allow/deny users/groups lists permit access. Does not check password expire.
2. 检查uid/username 是否冲突.
3. 检查password是否过期.
4. pam_success
pam cred
1. krb5cred -- give username/password, and存储它们filesystem中. 只有这个user可以读这个cred, 并且这个user必须是zoneuser.
-
User map
2007-07-13 14:57:49
# Allow a specific user to be mapped to another user. The variables $HOSTNAME
# and $ZONE contain the machine's current hostname and zone name, and are
# useful for mapping root and other system users to more restricted AD users.
# Note, the target user name must be a Windows (SAMAccount) name, not a zone
# name:
#
# This value is controlled by group policy under
# CentrifyDC Settings->User Map
#
# pam.mapuser.unix_user: windows_target
# pam.mapuser.jdoe: Jane Doe
# pam.mapuser.juser: juser_$HOSTNAME
pam.mapuser.tom1: jerry1
#
# Zone root mapping may be configured by the Windows DirectControl
# Management Console install wizard. To disable, comment the the following line
#
pam.mapuser.root: root_$ZONE
(A) pam.mapuser.unix_user: windows_target
For example:
local user ad user
tom jerry
1. login as ad user (jerry), it can access to /home/tom, and modify all files/directory under this /home/tom folder. That is to say, they are same people.
2. Input ad user's password when login as unix local user (tom).
(B) pam.mapuser.juser: juser_$HOSTNAME
For example:
pam.mapuser.tom1: tom1_rh9
1. Create an ad user named 'tom1_rh9'
2. Hostname = rh9, join this machine to domain, then login as tom1 with ad password.
(C) pam.mapuser.root: root_$ZONE
For example:
pam.mapuser.root: root_$ZONE
1. create one ad user named "root_default"
2. Join machine to default zone, then login as root user with ad password.
-
Unix CLI - adrmlocal
2007-07-13 14:08:26
adrmlocal
1. 命令的产生
客户安装了软件后, 创建他们自己的ad user,然后导入/etc/passwd file中. 因此, 他们的localuser其实就是zone user(机器加入的域中的域用户). 这时候是AD在管理这些users,所以这些users不需要在/etc/passwd file中. 但事实上, 这里会有安全风险. 当在disconnect mode时, user可能会用旧的local user的account去登陆系统. 因此管理员想去除不必要的风险.于是就有了adrmlocal.
{
A customer buys our product, installs it on a machine, then sets up their ADaccounts by importing the /etc/passwd file. At this point, their local users
2. 命令的使用
are now AD users in the zone they joined. Now that the accounts are being
managed by AD, they don't need them in the local /etc/passwd file. In fact,
it's a bit of a security risk having them there, since in disconnected mode a
user might get into the system with their "old" (local) password. So, the
administrator wants to get rid of the unnecessary local accounts. This is just
what adrmlocal is designed for.
}
a. '-i/--interactive' display a prompt before any removal of local users and
groups
The --interactive option prompts you interactively
for confirmation that you want to remove the duplicated local user account before performing the delete operation.
NOTE: 显示提示信息提示你是否确认要删除重复的user account.
Qestion: what kinds of users are called conflicted. Here listed four kinds.
1) same uid with different user name
2) same username with different uid
3) same username and uid
4) one local user mapped to one ad user, but they have different uids
1)~3), these users, we called them 'not in conflict'. Because 这些user的unix info 存储在ad 上的 和本地unix系统的匹配.(也就是说, ad可以控制这些信息). 所以, 我们的办法就是安全的删除它们,无需提示.
4), this user, we called it 'in conflict'. Because 同一个user有不同的uid. 这种情况可能会导致在import的过程中,发生错误. 所以我们的做法是给出提示信息让管理员确认是否删除这个localuser.
b. '-c/--commit' remove duplicated local users and groups, prompt only
when there are uid or gid conflictsOur doc explains "-c" option like this:
Remove duplicate local users if the UID and GID is
the same in the local database and Active
Directory. If the UID or GID for a local user conflicts
with the information stored in Active directory, this
option prompts you to determine whether a local
user account should be deleted or not.
c. '-f/--force' remove duplicated local users and groups, never prompt
even if there are uid or gid conflicts
3. Test cases.
1) "-i", should prompted message to delete these users
a. only username conflict
b. only uid conflict
c. both username and uid conflict
d. one unix local user mapped to one ad user, with different uid.[user map setting in /etc/centrifydc/centrifydc.conf]
2) "-c", Remove duplicated user without prompting message, and prompted message for uid conflict.
3) "-f", Remove all users who are duplicated and conflicted.
-
小店开业 - 寄语
2007-07-12 13:57:11
今天突发灵感, 想建立一个属于自己knowlegebase. 记录自己的经验, 吸收别人的精华. 祝福自己在每一天都有进步.