Category Archives: Bash - Page 3

IPoIB tuning

startup script

in cron
@reboot /etc/path_to_script

script..
#!/bin/bash

echo “connected > /sys/class/net/ib0/mode”
echo “connected > /sys/class/net/ib0/mode”

ibconfig ib0 mtu 65520
ibconfig ib1 mtu 65520

#make sure sdp is loaded… just in case!
/sbin/modprobe ib_sdp

#TCP Tuning for IPOIB
/sbin/sysctl -w net.ipv4.tcp_timestamps=0
/sbin/sysctl -w net.ipv4.tcp_sack=0
/sbin/sysctl -w net.core.netdev_max_backlog=250000
/sbin/sysctl -w net.core.rmem_max=16777216
/sbin/sysctl -w net.core.wmem_max=16777216
/sbin/sysctl -w net.core.rmem_default=16777216
/sbin/sysctl -w net.core.wmem_default=16777216
/sbin/sysctl -w net.core.optmem_max=16777216
/sbin/sysctl -w net.ipv4.tcp_mem=”16777216 16777216 16777216″
/sbin/sysctl -w net.ipv4.tcp_rmem=”4096 87380 16777216″
/sbin/sysctl -w net.ipv4.tcp_wmem=”4096 65536 16777216″

Centos 6 SFTP chroot Jail

User and Group setup

First you will want to establish the sftponly group

groupadd sftponly

Then create the user with the correct home directories and group

useradd -d /var/www/vhosts/bob -s /bin/false -G sftponly bob

Don’t forget at this point to also add password to these new accounts.

SSHd configuration changes

Now we need to make changes in /etc/ssh/sshd_config to enable SFTP chroot jails in SSH.

Comment out the following line in /etc/ssh/sshd_config:

Subsystem sftp /usr/lib/openssh/sftp-server

and replace it with this line:

Subsystem sftp internal-sftp

Then add the following set of lines to the very bottom of the file:

Match Group sftponly

ChrootDirectory /var/www/vhosts/%u

X11Forwarding no

AllowTCPForwarding no

ForceCommand internal-sftp

This creates a special login group that then chroot jailed all users in that group into their own home directory.

Once these file changes are saved you will need to restart SSHd for the changes to take effect, using the following command:

service sshd restart

Permissions cleanup and testing

Last issue to address is the permissions settings, for this example the directories /var/www/vhosts/bob and /var/www/vhosts/ted should both be owned by root. The directory /var/www/vhosts/ted/site1 should be owned by ted and the directory /var/www/vhosts/bob/site1 should be owned by bob.

Mod Deflate – Apache… quick how to

I searched high and low to get mod-deflate working.

the short answer is.

1. Make sure you are loading mod_deflate!
2. Make sure you have the following within your httpd.conf file to enable compression across all vhosts



AddOutputFilterByType DEFLATE text/html text/plain text/xml

Areca 1882 installation on Debian Squeeze 6.04

Native support for Areca 188x devices is available in > 2.6.37 linux kernel.

However mainstream kernel is still at 2.6.32, meaning that you need to perform some trickery to install a Areca card onto Debian. The following is my method.

I compiled the latest Areca driver onto a debian system that was already running, download the source from the areca website, and build the driver. Place the driver in a location where it is accessible, the easiest method would be to have the driver on a web accessible url for later retrieval.

Burn a netinstaller ISO to a USB key and boot the desired system.

Following the bouncing ball prompts for installation, when you get to detect drives, escape to a shell and find your way to the following directory


/lib/modules/2.6.32.

delete acrmsr.ko and copy across your newly compiled acrmsr.ko areca driver that you built in the first step.

exit the shell and continue the installation.

When the system finishes installing. DO NOT REBOOT. go back into the shell and chroot into the target directory like this


chroot /target

go to the driver directory


/lib/modules/2.6.32.

delete the driver and re-download the new arcmsr.ko file.

now we just need to update the initramfs


update-initramfs -k all -u

A word of caution, if the kernel is upgraded you must perform these steps again, ensuring that the initramfs is also updated otherwise your system will be unbootable!

yum priorities

if you insist on running third party repos, you must install yum-priorities to prevent package conflicts


yum install yum-plugin-priorities

Sparse files in linux

dd if=/dev/zero of=sparse_file_name bs=1 count=0 seek=500G

iscsi target

config files for the latest version if iet are found in /etc/iet/ NOT /etc/init.d

install pmacctd on XenServer

Download

http://www.pmacct.net/#downloads

enable Base repo on Dom0

yum install gcc gcc-c++ autoconf make libpcap libpcap-devel

./configure
make
make install

GIT

I hate setting up new repo’s…

If you have a local repo that you would like to share, on the remote server create a new directory (with correct permissions).

then, cd into the dir

and type

git --bare init

or

git --bare init --shared=group

on the local machine you can now push your copy up, like this. (make sure you are in the directory)

git remote add origin username@remote.server.com:/file/directory/
git add .
git commit -m "commit change"
git push origin master

NFS Port Mapping IPTABLEs Setup

Great post instructing how to lock down an NFS server

http://nxlinuxadmin.blogspot.com/2010/05/iptables-for-nfs-server.html