Archive for the ‘ Linux ’ Category
The syntax is as follows to redirect tcp $srcPortNumber port to $dstPortNumber:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $srcPortNumber -j REDIRECT --to-port $dstPortNumber
The following example redirects TCP port 25 to port 2525:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j REDIRECT --to-port 2525
Before Migrationg Please make sure that the kernel module ext4 is installed in the Present Kernel.
root@server [~]# lsmod | grep ext ext4 285409 1 jbd2 47744 1 ext4 crc16 1027 1 ext4 ext3 94929 5 jbd 31739 1 ext3
1. First of all, its recommended to backup everything first. We will us ‘dd‘ command to backup the whole partition to another hard disk. That hard disk is attached via SATA cable. We will format the backup hard disk with ext3 filesystem and and mount as /backup partition:
fdisk /dev/sdb
The sequence I press in the keyboard is: n > p > 1 > enter > enter > w
2. Then, format the partition table /dev/sdb1 with ext3 filesystem:
mkfs.ext3 /dev/sdb1
3. Mount the backup partition to /backup:
$ mkdir /backup $ mount /dev/sdb1 /backup
4.Lets backup “/” partition and put the image into backup directory:
dd if=/ of=/backup
5.Now we need to install one package called e4fsprogs. The e4fsprogs packages contain a number of utilities for creating, checking, modifying, and correcting inconsistencies in fourth extended (ext4 and ext4dev) file systems:
$ yum -y install e4fsprogs
We start to do the ext4 filesystem conversion:
umount /dev/sda7 tune4fs -O extents,uninit_bg,dir_index /dev/sda7
Please run e4fsck on the filesystem.
As what has been advised, we need to run filesystem check after tune. I rather do this in single-mode (init 1) to reduce risks. DON’T PROCEED TO REBOOT ONCE THIS STEP COMPLETE!
$ init 1 $ e4fsck -fDC0 /dev/sda7 root@server [~]# fsck.ext4 -yfD /dev/sda7 e4fsck 1.41.12 (17-May-2010) Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 3A: Optimizing directories Pass 4: Checking reference counts Pass 5: Checking group summary information /home: ***** FILE SYSTEM WAS MODIFIED ***** /home: 127401/14499840 files (2.6% non-contiguous), 985022/28981252 blocks $ vi /etc/fstab
make it as ext4
Now, all’s OK, just mount it as ext4:
mount -t ext4 /dev/sda7 /home/
If you have converted /boot file system , you need to update /boot/grub.conf. Use your favourite editor to open this file, find out current kernel config section and append the following parameter:
rootfstype=ext4
Here is sample config:
title CentOS 5 (2.6.39)
root (hd0,0)
kernel /vmlinuz-2.6.39.42.6.39 ro root=LABEL=/ rootfstype=ext4
initrd /initrd-2.6.39.42.6.39.img
Save and close the file. And run update-grub
Next, update your /etc/fstab file so that it can be mounted as ext4 file system by default. And finally, reboot your system
Rebuild the initrd to make sure our system will mount /sysroot as ext4 and reboot the server once complete:
mkinitrd -v -f initrd-2.6.39.42.6.39.img 2.6.39.42.6.39 reboot
Normally we prefer to just use the RPM method to install a Linux kernel on a server, which is definitely easy and cause less trouble to get the server working. However if you are comfortable with Linux structure and what to have a customized Linux Kernel on your server with the Modules of your choice then here are the steps for you. These steps can be used for Valina as well as standard kernels.
How to compile kernel manually?
There are two ways to compile a kernel:
1. Install a RPM package.
2. An orthodox method of doing it manually.
This tutorial will show you the orthodox method.
*** Steps to compile a kernel on Linux server. ***
(Estimated time is 45-60 mins)
The Pre-Compilation Stage.
1. Login as root into the server.
2. Copy the current modules listed in lsmod command in a notepad.
Code:
lsmod
3. Check the CPU configuration of the system.
Code:
cat /proc/cpuinfo
4. Copy the grub.cong file in a notepad.
Code:
cat /boot/grub/grub.conf
5. Goto /usr/src/
Code:
cd /usr/src/
6. Download kernel you require from kernel.org
Code:
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-x.x.x.x.tar.gz
(Where x.x.x.x is the make of the kernel)
7. untar the zipped file.
Code:
tar zxf linux-2.6.15.4.tar.gz
8. Goto in the folder extracted
Code:
cd linux-2.6.15.4/
——–Compilations Stage.——–
You have a number of ways of going through the possible modules to include.
— make config: A sequential text-based selection method. Takes a loooooong time.
— make menuconfig: uses a text-terminal pseudo-graphic interface.
— make xconfig: A version of menuconfig for X Window if you have it running. You need to have X server running to use this step.
But we will use the oldconfig method since we do not want to make any major changes which might end up being a complete mess.
Before we fire the oldconfig command we will have to copy the old configuration in the new Linux kernel.
And to do that we will have to check the current version kernel installed on the system.
Code:
uname -a
which will show something like :
Code:
Linux ‘hostname’ 2.6.9-11.ELsmp #1 SMP Wed Jun 8 17:54:20 CDT 2005 i686 athlon i386 GNU/Linux
9. Now copy the config file of 2.6.9-11.ELsmp into new kernel as .config
Code:
cp /boot/config-2.6.9-11.ELsmp /usr/src/linux-2.6.15.4/.config
10. Then
Code:
make clean
11. And
Code:
make mrproper
12. And now we hit the oldconfig
Code:
make oldconfig
You will get a list of information and then it will ask you to confirm the modules.
You can just keep on hitting Enter key to set them to default BUT be carefull that you donot pass the CPU selection.
YOU WILL NEED TO SELECT THE CORRECT CPU ON YOUR SYSTEM INFORMATION WILL BE AVAILABLE IN THE /proc/cpuinfo FILE.
And also select 1 i.e : “(No Forced Preemption (server))” in the very next opition and then keep on hitting Enter again.
13. Create an Image
Code:
make bzImage
14. Unpack the modules.
Code:
make modules
15. Install the modules .
Code:
make modules_install
16. Now installing the kernel.
Code:
make install
OK.. we have finished with the intallation, now it is time to configure GRUB to pickup the new Linux kernel on reboot. Since there are always chances for kernel to fail we would set GRUP take it only once and then go back to old so that incase any thing has gone wrong we can simply reboot again to get back on the old Linux kernel.
17. So this is how we do the trick:
Code:
grub
above command will take you to grub prompt
then
Code:
grub > savedefault –default=0 –once
grub > quit
18. And finally reboot.
Code:
reboot
If every thing has gone fine then check the modules with lsmod command and confirm that they are present specially iptables.
19. Now make change in /boot/grub/grub.conf to set the new kernel as default.
Code:
pico /boot/grub/grub.conf
change
Code:
default=1
to
Code:
default=0
THATS IT… WE ARE DONE WITH KERNEL COMPILATION ON A LINUX MACHINE.
Additional Information:
————————
What is Kernel ?
A.
1. Today’s operating systems are built in “layers.” Each layer has different functions such as serial port access, disk access, memory management, and the
user interface itself. The base layer, or the foundation of the operating system, is called the kernel. The kernel provides the most basic “low-level”
services, such as the hardware-software interaction and memory management. The more efficient the kernel is, the more efficiently the operating system will run.
2. It is important for the kernel to be as small as possible while still providing all the essential services required by other parts of the operating system and applications.
Why do we need customized Linux Kernel ?
A.
It depends on exactly what does your system require and is it supported by our current kernel or not ? However you need to be a guru in Linux to have your own kernel.
What we do here is use a kernel that is already tested by others and have come up with most of the bugs in the older version and install it with the old configuration. So that keeps us on minimum risk of server getting crashed.
If Apache is compiled with SuPhp and Mod Security, do the following:
mkdir -p /usr/local/apache/conf/userdata/std/2/<USERNAME>/<DOMAIN NAME>
Then create a mod_security conf file:
touch /usr/local/apache/conf/userdata/std/2/<USERNAME>/<DOMAIN NAME >/mod_security.conf
Using your favorite Linux Text editor such as pico or vi, add the following directive(s) in that file:
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
Save the file and then run:
/scripts/ensure_vhost_includes –user=USERNAME
If Apache is NOT compiled with SuPhp and Mod Security, do the following:
You can implement one of the following two options:
1. Add the following directive in .htaccess file:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
If that didn’t work on your server ,
2. SSH to the server and add the following directive to /etc/httpd/conf/httpd.conf file:
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | |||||
Nazeem's Tech Blog 