Tuesday 16 August 2011

Checking disk space in linux

If the disk space is full and you need to clear out the unwanted files and directories, the following commands can be used to find out where exactly the space is being used.

First check the disk space using:

fdisk -l

Then check the mount points using

mount

after that check the directory usage using

cd /

du -hs * or du -ks *


Then clear out the files accordingly.

Also we can use the following command to find out the large files:

The following command works with redhat distros'

find . -type f -size +50000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'

you need to change the awk command accordingly on ubuntu/debian or other distros.

Wednesday 10 August 2011

Setting up an SSL secured Webserver with CentOS

This guide will explain how to set up a site over https. The tutorial uses a self signed key so will work well for a personal website or testing purposes. This is provided as is so proceed at your own risk and take backups!

1. Getting the required software

For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache's interface to OpenSSL. Use yum to get them if you need them.
yum install mod_ssl openssl
Yum will either tell you they are installed or will install them for you.

2. Generate a self-signed certificate

Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you are probably likely to want a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands
# Generate private key 
openssl genrsa -out ca.key 1024 

# Generate CSR 
openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

# Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
WARNING: Make sure that you copy the files and do not move them if you use SELinux. Apache will complain about missing certificate files otherwise, as it cannot read them because the certificate files do not have the right SELinux context.
If you have moved the files and not copied them, you can use the following command to correct the SELinux contexts on those files, as the correct context definitions for /etc/pki/* come with the bundled SELinux policy.
restorecon -RvF /etc/pki
Then we need to update the Apache SSL configuration file
vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
Change the paths to match where the Key file is stored. If you've used the method above it will be
SSLCertificateFile /etc/pki/tls/certs/ca.crt
Then set the correct path for the Certificate Key File a few lines below. If you've followed the instructions above it is:
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Quit and save the file and then restart Apache
/etc/init.d/httpd restart
All being well you should now be able to connect over https to your server and see a default Centos page. As the certificate is self signed browsers will generally ask you whether you want to accept the certificate. Firefox 3 won't let you connect at all but you can override this.

3. Setting up the virtual hosts

Just as you set VirtualHosts for http on port 80 so you do for https on port 443. A typical VirtualHost for a site on port 80 looks like this

        
        AllowOverride All
        
        DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
        ServerName yoursite.com

To add a sister site on port 443 you need to add the following at the top of your file
NameVirtualHost *:443
and then a VirtualHost record something like this:

        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        
        AllowOverride All
        
        DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
        ServerName yoursite.com

Restart Apache again using
/etc/init.d/httpd restart

4. Configuring the firewall

You should now have a site working over https using a self-signed certificate. If you can't connect you may need to open the port on your firewall. To do this amend your iptables rules:
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/sbin/service iptables save
iptables -L -v

Monday 8 August 2011

Installing oracle sun jdk 1.7 on ubuntu 11.04

Install JDK 7 on Ubuntu

Install JDK 7 on Ubuntu
Install JDK 7 on Ubuntu
Task: Install JDK 7 on Ubuntu desktop.
Problem 1: Java version 7 is not available from the official Ubuntu repositories. You don’t see it neither via "Ubuntu Software Center" nor via Synaptic Package Manager.
What to do: Download JDK 7 binaries from the official Java site.
Problem 2: You are Debian/Ubuntu user and don’t see applicable .deb package.
What to do: Again, download JDK 7 self-extract binaries from the official Java site, install and configure it manually.
Step by step instructions to install and manual configure JDK 7 on the Ubuntu 10.04 LTS (the Lucid Lynx) desktop follow:
- For my X64 Ubuntu 10.04 LTS Desktop installation I downloaded Linux X64 self-extracting JDK file from Linux X64 Platform section.
- Using
chmod 755 ./jdk-7-ea-bin-b118-linux-x64-11_nov_2010.bin
command I made file executable.
- Execute it. JDK 7 package is extracted into ./jdk1.7.0 directory.
- Move JDK 7 directory to place where it should be. Right, to the /usr/lib/jvm/jdk1.7.0 directory. Use this command for that
sudo mv ./jdk1.7.0/ /usr/lib/jvm/jdk1.7.0
- Execute this command
sudo update-alternatives --config java
to know under what number you will config you new Java installation. You will get output as:
$sudo update-alternatives –config java
There are 2 choices for the alternative java (providing /usr/bin/java). Selection Path Priority Status
————————————————————
* 0 /usr/lib/jvm/java-6-openjdk/jre/bin/java 1061 auto mode
1 /usr/lib/jvm/java-6-openjdk/jre/bin/java 1061 manual mode
2 /usr/lib/jvm/java-6-sun/jre/bin/java 63 manual mode
Press enter to keep the current choice[*], or type selection number:
Remember the last number and press enter to exit this utility.
- Execute this command
sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/jdk1.7.0/jre/bin/java 3
to add your new JDK 7 installation into alternatives list. I put 3 there as 2 was last number for my configuration. You should use your own number from the previous step increased by 1.
- Execute this command
sudo update-alternatives --config java.
You will see output similar one below:
$sudo update-alternatives –config java
There are 3 choices for the alternative java (providing /usr/bin/java). Selection Path Priority Status
————————————————————
* 0 /usr/lib/jvm/java-6-openjdk/jre/bin/java 1061 auto mode
1 /usr/lib/jvm/java-6-openjdk/jre/bin/java 1061 manual mode
2 /usr/lib/jvm/java-6-sun/jre/bin/java 63 manual mode
3 /usr/lib/jvm/jdk1.7.0/jre/bin/java 3 manual mode
Press enter to keep the current choice[*], or type selection number: 3
update-alternatives: using /usr/lib/jvm/jdk1.7.0/jre/bin/java to provide /usr/bin/java (java) in manual mode.
The job is done. You are fineshed. Just check version of you new JDK 7 installation typing this command java -version. You should see something like this:
~$ java -version
java version “1.7.0-ea”
Java(TM) SE Runtime Environment (build 1.7.0-ea-b118)
Java HotSpot(TM) 64-Bit Server VM (build 20.0-b02, mixed mode)