Saturday, February 11, 2012

Using the online backup system bacula Environment


To install bacula then a few are needed. (Bin & devel package)
readline package
mysql package ( 다른 DB package여도 된다.)
  - mysql server를 위해 perl-DBD-MySQL package도 필요
python package

start mysql daemon

[] Bacula-5.0.2 install

download: http://www.bacula.org

extract : tar zxvf bacula-x.x.x.tar.gz

configure : ./configure  --prefix=/usr/local/bacula-5.0.2 --with-x --with-mysql --with-readline --with-python --with-db-password=BACULA_PWD --with-db-port=3306 --enable-includes  --enable-bwx-console --enable-static --enable-shared

mysql port is 3306.

make: make

install : make install

환경 설정 하기: bacula server
cd / usr/local/bacula-5.0.2/etc
# Once again, I did report preference sipeulttae
. / Bacula_config
#create bacula database to mysql
. / Create_bacula_datase
#create bacula table to mysql
./make_bacula_tables
#copy from /examples/sample-query.sql to /usr/local/bacula-5.0.2/etc/query.sql
cp /root/bacula-5.0.2/examples/sample-query.sql to /usr/local/bacula-5.0.2/etc/query.sql


checking /etc/service
[root@backup bacula-5.0.2]# cat /etc/services |grep bacula
bacula-dir 9101/tcp # Bacula Director
bacula-dir 9101/udp # Bacula Director
bacula-fd       9102/tcp                        # Bacula File Daemon
bacula-fd 9102/udp Bacula File Daemon #
bacula-sd       9103/tcp                        # Bacula Storage Daemon
bacula-sd       9103/udp                        # Bacula Storage Daemon


run: cd / usr/local/bacula-5.0.2/sbin
        . / Bacula start
        . / Console (or. / Gnome-console)

stop : ./bacula stop


checking bacula stuff
# ps -ef |grep bacula
root 2040 1 0 22:32? 00:00:00 / usr/local/bacula-5.0.2/sbin/bacula-sd-v-c / usr/local/bacula-5.0.2/etc/bacula-sd.conf
root 2050 1 0 22:32? 00:00:00 / usr/local/bacula-5.0.2/sbin/bacula-fd-v-c / usr/local/bacula-5.0.2/etc/bacula-fd.conf
root 2058 1 0 22:32? 00:00:00 / usr/local/bacula-5.0.2/sbin/bacula-dir-v-c / usr/local/bacula-5.0.2/etc/bacula-dir.conf
# Netstat-na | grep 910
tcp 0 0 0.0.0.0:9102 0.0.0.0: * LISTEN      
tcp 0 0 0.0.0.0:9103 0.0.0.0: * LISTEN    
#. / Bacula status
bacula-sd (pid 18753) is running...
bacula-fd (pid 18763) is running...
bacula-dir (pid 18771) is running...
However, the ttuiwoomyeon bconsole bacula-dir daemon is killed. So as netstat, verify that port 9101 must be submitted.
#. / Bacula status
bacula-sd (pid 2040) is running...
bacula-fd (pid 2050) is running...
bacula-dir dead but pid file exists

This usually works with mysql and bacula are symptoms caused are impossible.
#. / Bacula stop

# mysql
mysql> use mysql
mysql> insert into user (host,user,password) values('localhost','bacula',password('BACULA_PWD'));
mysql> insert into db values('%','bacula','bacula','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N');


[Root @ backup etc] #. / Bacula start
Starting the Bacula Storage daemon
Starting the Bacula File daemon
Starting the Bacula Director daemon
[root@backup etc]# ps -ef |grep bacu
root 19144 1 0 23:13? 00:00:00 / usr/local/bacula-5.0.2/sbin/bacula-sd-v-c / usr/local/bacula-5.0.2/etc/bacula-sd.conf
root 19154 1 0 23:13? 00:00:00 / usr/local/bacula-5.0.2/sbin/bacula-fd-v-c / usr/local/bacula-5.0.2/etc/bacula-fd.conf
root 19162 1 0 23:13? 00:00:00 / usr/local/bacula-5.0.2/sbin/bacula-dir-v-c / usr/local/bacula-5.0.2/etc/bacula-dir.conf
root     19168  1045  0 23:13 pts/2    00:00:00 grep bacu
[Root @ backup etc] # netstat-na | grep 910
tcp 0 0 0.0.0.0:9101 0.0.0.0: * LISTEN      
tcp 0 0 0.0.0.0:9102 0.0.0.0: * LISTEN      
tcp 0 0 0.0.0.0:9103 0.0.0.0: * LISTEN      

[Root @ backup etc] # cd .. / sbin
[Root @ backup sbin] # ls
bacula      bacula-fd  bconsole  bextract  bregex  bsmtp  btraceback  dbcheck
bacula-dir  bacula-sd  bcopy     bls       bscan   btape  bwild
[root@backup sbin]# ./bconsole
Connecting to Director backup:9101
1000 OK: backup-dir Version: 5.0.2 (28 April 2010)
Enter a period to cancel a command.
*

Test backup
[Root @ backup etc] # pwd
/ Usr/local/bacula-5.0.2/etc
# Vi file-list
--------------------------------------------------------
/ Usr/local/bacula-5.0.2/share/man/man1/bacula-bwxconsole.1.gz
/ Usr/local/bacula-5.0.2/share/man/man1/bacula-tray-monitor.1.gz
--------------------------------------------------------
# Bacula-backup fd.conf 는 될곳 (client) 에 떠 있는 daemon 의 환경 설정 파일. (Client server)
# Vi bacula-dir.conf (backup server)
Where to backup (client) is defined definitions and backup servers.
--------------------------------------------------------
# List of files to be backed up
FileSet {
  Name = "Full Set"
  Include {
    Options {
      signature = MD5
    }
#
#  Put your list of files here, preceded by 'File =', one per line
#    or include an external list with:
#
# File =
#
#  Note: / backs up everything on the root partition.
#    if you have other partitions such as /usr or /home
#    you will probably want to add them too.
#
#  By default this is defined to point to the Bacula binary
#    directory to give a reasonable FileSet to backup to
#    disk storage during initial testing.
#
    # File = / usr/local/bacula-5.0.2/sbin
    File =
  }
#
# If you backup the root directory, the following two excluded
#   files can be useful
#
  Exclude {
    File = /usr/local/bacula-5.0.2/var/bacula/working
    File = /tmp
    File = / proc
    File = /tmp
    File = /. Journal
    File = /.fsck
  }
}
--------------------------------------------------------------
# Vi bacula-sd.conf (backukp server)
accumulate backup file storage-related information to be indicated.
--------------------------------------------------------------
Device {
  Name = FileStorage
  Media Type = File
#  Archive Device = /tmp
  Archive Device = /backup/bacula  # <= backup 된 디렉토리를 써준다.
  LabelMedia = yes; # lets Bacula label unlabeled half
  Random Access = Yes;
  AutomaticMount = yes;               # when device opened, read it
  RemovableMedia = no;
  AlwaysOpen = no;
}
--------------------------------------------------------------

[Root @ backup etc] #. / Bconsole
Connecting to Director backup:9101
1000 OK: backup-dir Version: 5.0.2 (28 April 2010)
Enter a period to cancel a command.
* Label
Automatically selected Catalog: MyCatalog
Using Catalog "MyCatalog"
Automatically selected Storage: File
Enter new Volume name: test2
Defined Pools:
     1: Default
     2: File
     3: Scratch
Select the Pool (1-3): 2
Connecting to Storage daemon File at backup:9103 ...
Sending label command for Volume "test2" Slot 0 ...
3000 OK label. VolBytes=186 DVD=0 Volume="test2" Device="FileStorage" (/backup/bacula)
Catalog record for Volume "test2", Slot 0  successfully created.
Requesting to mount FileStorage ...
3906 File device "FileStorage" (/backup/bacula) is always mounted.
*

Backup command to label this as a device (file name) to run commands to create a backup sikinhu where the backup will be defined as the contents of the label is stored in a file.



[] Bacula daemon 설명
bacula director (bacula-dir)
   - Backup, restore and general manager of service operations such as
   - backup schedule을 관리
bacula console (console)
   - Administrator console to enter commands (director iteoyaham I access)
   - Console-BWX 은 환경 의 GUI console
bacula file (bacula-fd)
    - Back up service where the equipment is installed in
    - director로부터 명령어를 받아서 backup 하거나 restore를 해준다.
    - Restore and elsewhere, as when you send a restore is possible.
bacula storage (bacula-sd)
    - Backup device that is installed in equipment, services that have
    - Bacula-fd or save a file from a flying
       to backup the data to a blow from the bacula-fd a daemon
    - directory에 file device를 사용하거나 DVD, DLT, 8mm, 4mm 등의 device 정의
    - Director cheoriham accept commands from.
Catalog
    - The backup of the file that stores information services that are installed on the database machine
    - If this is broken backup file can be accessed directly using the utilities
bacula monitor
    - I find out the status of several privacy GUI program off

maximal mount count reached, running e2fsck is recommended

How to check Check interval and Maximum mount count?

# dumpe2fs /dev/sda7 | egrep -i "interval|max"
dumpe2fs 1.41.11 (14-Mar-2010)
Maximum mount count: 20
Check interval: 15552000 (6 months)

# tune2fs -l /dev/sda7 | egrep -i "interval|max"
Maximum mount count: 20
Check interval: 15552000 (6 months)

# tune2fs -l /dev/sda7
tune2fs 1.41.11 (14-Mar-2010)
Filesystem volume name:
Last mounted on: /
Filesystem UUID: d88ec2cf-5271-4d05-9ed8-7d04e3febed2
Filesystem magic number: 0xEF53
Filesystem revision #: 1 (dynamic)
Filesystem features: has_journal ext_attr resize_inode dir_index filetype needs_recovery extent flex_bg sparse_super large_file huge_file uninit_bg dir_nlink extra_isize
Filesystem flags: signed_directory_hash
Default mount options: (none)
Filesystem state: clean
Errors behavior: Continue
Filesystem OS type: Linux
Inode count: 14221312
Block count: 56873216
Reserved block count: 2843660
Free blocks: 30911285
Free inodes: 13924266
First block: 0
Block size: 4096
Fragment size: 4096
Reserved GDT blocks: 1010
Blocks per group: 32768
Fragments per group: 32768
Inodes per group: 8192
Inode blocks per group: 512
Flex block group size: 16
Filesystem created: Mon Jul 5 02:55:45 2010
Last mount time: Mon Feb 7 08:57:44 2011
Last write time: Thu Feb 10 16:14:33 2011
Mount count: 21 <------------------
Maximum mount count: 20 <------------------
Last checked: Mon Dec 13 08:32:29 2010
Check interval: 15552000 (6 months) <------------------
Next check after: Sat Jun 11 08:32:29 2011
Lifetime writes: 393 GB
Reserved blocks uid: 0 (user root)
Reserved blocks gid: 0 (group root)
First inode: 11
Inode size: 256
Required extra isize: 28
Desired extra isize: 28
Journal inode: 8
First orphan inode: 7995828
Default directory hash: half_md4
Directory Hash Seed: 62e0d189-bbb6-4c7c-832c-2069310b9806
Journal backup: inode blocks

What do i need to do?

Nothing unless you have some data corruption but if you want to get rid of your warning message, use the -c and -i settings.
Read more about tune2fs in http://linux.die.net/man/8/tune2fs

# tune2fs -c 100 -i 365 /dev/sda7
tune2fs 1.41.11 (14-Mar-2010)
Setting maximal mount count to 100
Setting interval between checks to 31536000 seconds

# tune2fs -l /dev/sda7 | egrep -i "interval|max"
Maximum mount count: 100
Check interval: 31536000 (12 months, 5 days)

Otherwise, if you need to check your filesystem, make sure to stop everything (I mean: EVERYTHING; except sshd. Look for an older post of mine with a sample output), remount the filesystem as read-only with mount -o remount,ro /dev/sda7 then run fsck -ftv /dev/sda7

md5sum

find ! -type d | xargs md5sum
find $@ ! -type d -print0 | xargs -0 md5sum  <--------- 위와 동일

# find ! -type d | xargs md5sum | head
1817f4e8f54ed24302006935cea63652  ./test3.php
eef055589b85482f382202d6998737a9  ./test.png
1817f4e8f54ed24302006935cea63652  ./test.php
9dccf462d245f55ac3e0cdb0e5401f5b  ./info.php
21dde95d9d269cbb2fa6560309dca40c  ./index.html
1817f4e8f54ed24302006935cea63652  ./test2.php

# find $@ ! -type d -print0 | xargs -0 md5sum | head
1817f4e8f54ed24302006935cea63652  ./test3.php
eef055589b85482f382202d6998737a9  ./test.png
1817f4e8f54ed24302006935cea63652  ./test.php
9dccf462d245f55ac3e0cdb0e5401f5b  ./info.php
21dde95d9d269cbb2fa6560309dca40c  ./index.html
1817f4e8f54ed24302006935cea63652  ./test2.php

----------- NOTE -----------

-print    : print  the  full file name on the standard output, followed by a newline.
-print0 : print the full file name on the standard output, followed by a null character (instead of the newline  character that -print uses).


-0    : Input items are terminated by a null character instead of by whitespace, and the quotes and backslash are not special (every charac‐ter is taken literally).

How to login as root in Fedora Core 14

1. Login as root from terminal

$ su – root

2. change dir

# cd /etc/pam.d

3. edit gdm

# vi gdm
auth required pam_succeed_if.so user != root quiet <------- comment

4. make backup of gdm-password
# cp gdm-password gdm-password.bkp

5. edit gdm-password
# vi gdm-password
auth required pam_succeed_if.so user != root quiet <------- comment

6. logoff and login

Locking your Screen as root


1. install

# yum -y install xlockmore


2. run

# xlock
or
go to Applications > Graphics > xlock


3. Add shortcut

set keyboard shortcut with Win_key + L just like Windows

Hard Disk / Parition Clone / HDD.Parition to image (dd)


Suppose you have a 40GB hard disk and a removable hard disk whose capacity is 60GB, and you want to backup all the files from the hard disk to the removable disk. With "dd", it is a very easy task. Again, suppose your hard disk's Unix device name is /dev/sda and the removable disk is /dev/sdb. The following command can copy all the content from /dev/sda to /dev/sdb:

dd if=/dev/sda of=/dev/sdb

Here, if=... sets the source and of=... sets the destination. "dd" doesn't care of the contents of the hard disk. It just reads bytes from /dev/sda and writes them into /dev/sdb. It doesn't know what are files. So, the hard disk file system and how many partitions it has are not important. For example, if /dev/sda is splitted into three partitions, the /dev/sdb will have the same partitions. i.e. "destination" is completely same with "source".

Notice: to execute "dd" you should login as "root" or switch to "root" using "su" command. And you must be careful, a small mistake may cause a serious problem!
Making a Hard Disk Image File

Most of time you don't want to make a complete duplication of your hard disk. You may prefer to creating an image file of the hard disk and save it in other storage devices. The following command will create an image file "disk1.img" in your user's directory from /dev/sda:

dd if=/dev/sda of=~/disk1.img

(or just create gzip file directly)
dd if=/dev/sda | gzip > disk1.gz
gzip -dc disk1.gz | dd of=/dev/sda

Since you have created an image file, you can compress it with "gzip" or "bzip2":

gzip disk1.img #generates disk1.img.gz or

bzip2 disk1.img #generates disk1.img.bz2

You can save much storage space with compression. But it will take very long time.


Partition Clone

Backing up a hard disk partition is much similar to backing up a whole hard disk. The reason is that Unix/Linux uses device name, such as /dev/sda1, /dev/sda5... to indicate the partitions. For example, if you want to create an image file from the first partition of /dev/sda, use "dd" like this:

dd if=/dev/sda1 of=~/disk2.img

Also, you can compress the image file:

gzip disk2.img

By the way, you can copy a partition to another partition completely, just set "of" to the partition's device name. For example:

dd if=/dev/sda1 of=/dev/sdb5

This command will copy all the contents from /dev/sda1 to /dev/sdb5. You must be sure that the capacity of /dev/sdb5 is larger than /dev/sda1.


Restoring from an Image File

To restore a partition or a hard disk from an image file, just exchange the arguments "if" and "of". For example, restore the whole hard disk from the image file "disk1.img":

dd if=disk1.img of=/dev/sda

Restore the first partition of /dev/sda from the image file "disk2.img":

dd if=disk2.img of=/dev/sda1

Install Fail2ban in CentOS 5 (fail2ban)

1. Download and Install

wget http://sourceforge.net/projects/fail2ban/files/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2
tar -xjvf fail2ban-0.8.4.tar.bz2
cd fail2ban-0.8.4
python setup.py install

2. Edit jail.conf

vi /etc/fail2ban/jail.conf

----------//---------

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1 192.168.1.0/24 <--------- 여기에 지정된 주소는 fail2ban의해 밴당하지 않는다

# "bantime" is the number of seconds that a host is banned.
bantime  = 84600 <-------- 24시간으로 변경. 해당 호스트가 밴되는 시간 (기본 600)

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3  <------- 위의 faindtime 시간안에 maxretry 횟수만큼 로그인 실패시 밴 (기본 3)

......

[ssh-iptables]

enabled  = true <-------- sshd에 사용하기 위해 true로 변경
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
logpath  = /var/log/secure <------------ sshd.log에서 secure로 변경
maxretry = 5   <-------- 변경시 여기에 있는 값이 위의 default 'maxretry' 값보다 우선시 된다 

----------//---------

3. Copy start script and start service

cp files/redhat-initd /etc/init.d/fail2ban
chkconfig --add fail2ban
chkconfig fail2ban on
service fail2ban start

Simple File Encryption with OpenSSL (openssl)

This is the basic command to encrypt a file:

openssl aes-256-cbc -a -salt -in secrets.txt -out secrets.txt.enc

How does this work?

* openssl is the command for the OpenSSL toolkit.
* aes-256-cbc is the encryption cipher to be used. (256bit AES is what the United States government uses to encrypt information at the Top Secret level.)
* -a means that the encrypted output will be base64 encoded, this allows you to view it in a text editor or paste it in an email. This is optional.
* -salt adds strength to the encryption and should always be used.
* -in secrets.txt specifies the input file.
* -out secrets.txt.enc specifies the output file.
* You will be prompted for a password.

It’s not much use unless you can decrypted it:

openssl aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt.new

* -d decrypts data.
* -a tells OpenSSL that the encrypted data is in base64.
* -in secrets.txt.enc specifies the data to decrypt.
* -out secrets.txt.new specifies the file to put the decrypted data in.

Encrypting a tar file using openssl (Good)


In some cases, you may have to send your datacenter's passwd information to some of your collegues. Instead of sending them in plain text, you can use tar & openssl combination to encrypt that data. Here is how it can be done.

Encryption :
Tar & gzip the password file and encrypt using openssl des3 and a secret key. Replace the text "secretkey" with your secret password.

[root@unixfoo-lin23 ~]# tar cvzf - passwd_info.txt | openssl des3 -salt -k secretkey | dd of=encrypted_passwd_info
passwd_info.txt
20+1 records in
20+1 records out
The filetype of the encrypted file is "data" and you cannot use "tar -tvzf" to list contents on this.

[root@unixfoo-lin23 ~]# file encrypted_passwd_info
encrypted_passwd_info: data

[root@unixfoo-lin23 ~]# tar tvzf encrypted_passwd_info
gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error exit delayed from previous errors
[root@unixfoo-lin23 ~]#


Decryption : 
While decrypting the file, use the steps below. Replace the text "secretkey" with your secret password which you provided during encryption.

[root@unixfoo-lin12 ~]# dd if=encrypted_passwd_info |openssl des3 -d -k secretkey |tar xvzf -
20+1 records in
20+1 records out
passwd_info.txt
[root@unixfoo-lin12 ~]# cat passwd_info.txt | head -1
UNIX User       UNIX Password
[root@unixfoo-lin12 ~]#

This method can also be used to gzip and encrypt any file or directory.

Install Adobe Flash Player 10.2 on Fedora 14/13, CentOS 5.5


Experimental: Install Adobe’s Real 64-bit Flash Player 10.2 “Square” (Preview 3 Version) on Fedora 14 / 13 (x86_64) CentOS 5.5 (x84_64), Red Hat (RHEL) 5.5 (x86_64) and Red Hat (RHEL) 6 (x86_64)
1. Remove existing flash-plugin
yum remove flash-plugin nspluginwrapper*

2. Download
cd /tmp
wget http://download.macromedia.com/pub/labs/flashplayer10/flashplayer_square_p2_64bit_linux_092710.tar.gz

3. Copy .so to plugins dir
mv /tmp/libflashplayer.so /usr/lib64/mozilla/plugins/

4. Verify
1.png 

Set Up CVS Server on Linux


Assumption: server: s.com   client: c.com
Goal: user mike can use the CVS on s.com (assumption: mike has an account as “mike” on s.com)

Steps:

1. install cvs and xinetd on the server
$yum install cvs
$yum install xinetd

NOTE: check whether cvs (or xinetd) has been installed:
$rpm -qa | grep cvs

2. set up cvs group and user on the server:
$groupadd cvs
$useradd -g cvs -G cvs -d /home/cvsroot cvsroot
$passwd cvsroot # set up password for cvsroot

Add mike to the cvs group:
$usermod -a -G mike cvs

Check whether mike is in the cvs group:
$groups mike

3. change owner of /home/cvsroot if necessary, chmod for /home/cvsroot:
$chown -R cvsroot:cvs /home/cvsroot
$chmod -R 775 /home/cvsroot

4. initialize cvs:
(login as cvsroot)
$cd /home/cvsroot
$cvs -d /home/cvsroot init  # full path is required
$chmod 644 /home/cvsroot/CVSROOT/config

5. create file for CVS self-startup, as xinetd type
(login as root)
$cd /etc/xinetd.d
$cp cvs cvspserver
$vim cvspserver  # do the following modifications:

# default: off
# description: The CVS service can record the history of your source \
#              files. CVS stores all the versions of a file in a single \
#              file in a clever way that only stores the differences \
#              between versions.
service cvspserver
{
disable                 = no             # modify
port                       = 2401
socket_type       = stream
protocol               = tcp
wait                       = no
user                       = root
passenv               = PATH
server                   = /usr/bin/cvs
env                         = HOME=/home/cvsroot    # modify
server_args        = -f –allow-root=/home/cvsroot pserver    # modify
}

6. add CVS as a service:
$vim /etc/services

Add two lines if not in the file:
cvspserver 2401/tcp #pserver cvs service
cvspserver 2401/udp #pserver cvs service

7. restart xinetd:
$/etc/init.d/xinetd restart

8. check if cvspserver has started
$netstat -l |grep cvspserver

should return:
tcp   0    0            *:cvspserver           *:*               LISTEN

9. manage users
$cp /etc/shadow /home/cvsroot/CVSROOT/passwd   # owner of passwd should be cvsroot:cvs
($cd /home/cvsroot/CVSROOT)
$chmod 644 passwd

modify passwd, delete all lines except users cvsroot and mike (you can keep some lines if needed)
for every line, delete all the content after the second “:”, and append cvsroot to that “:”

10. on client c.com, log in to the CVS server:
$export CVSROOT=:pserver:mike@s.com:2401/home/cvsroot
$cvs login

11. on client c.com, import a project /home/mike/myproject onto CVS server:
$cd /home/mike/myproject
$cvs import -m “my project” myproject mike start

12. errors:
1) As follows:
[mike@c.com ~]$ cvs -d :pserver:mike@s.com:/home/cvsroot login
Logging in to :pserver:mike@s.com:2401/home/cvsroot
CVS password:
cvs [login aborted]: unrecognized auth response from localhost: cvs pserver: cannot open /home/cvsroot/CVSROOT/config: Permission denied

Solution: turn off SELinux on s.com.
Turn it off now:
$setenforce 0

Turn it off after next restart:
$vim /etc/selinux/config
modify SELINUX=enforcing to
SELINUX=disabled

2) As follows:
[mike@c.com ~]$ cvs login
Logging in to :pserver:mike@s.com:2401/home/cvsroot
CVS password:
cvs [login aborted]: connect to [s.com]:2401 failed: No route to host

Solution: turn off firewall on s.com, or allow 2401 port in the firewall
Turn off firewall now:
service iptables stop

Turn off firewall after next restart:
$chkconfig iptables off   # or $/sbin/chkconfig –level 2345 iptables off

Check firewall status:
$/etc/init.d/iptables status

NOTE: This method applies on Fedora 12 for CVS server

VNC Server in CentOS



1. Installing the required package

yum install -y vnc-server

2.Create your VNC users (ex. user1 and user2)

useradd user1
passwd user1

useradd user2
passwd user2

3. Set your users' VNC passwords

su user1
vncpasswd
exit

su user2
vncpasswd
exit

4. Edit the server configuration

vi /etc/sysconfig/vncservers
-------------- add ---------------
VNCSERVERS="1:user1 2:user2"
VNCSERVERARGS[1]="-geometry 1024x768"
VNCSERVERARGS[2]="-geometry 1024x768"
----------------------------------

5. Create xstartup scripts
* vncserver 시작하면 ~/.vnc/xstartup 파일이 자동으로 생성된다.

service vncserver start
service vncserver stop

su user1
cd ~/.vnc
vi xstartup
----------------------------------------
#!/bin/sh

# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER  <----------- uncomment
exec /etc/X11/xinit/xinitrc  <----------- uncomment

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &
----------------------------------------
exit

su user2
cd ~/.vnc
vi xstartup
----------------------------------------
#!/bin/sh

# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER  <----------- uncomment
exec /etc/X11/xinit/xinitrc  <----------- uncomment

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &
----------------------------------------
exit

6. Start the VNC server

service vncserver start


7. For next boot

chkconfig vncserver on

---------- Note -----------
=> VNC server on display 1 will listen on TCP ports 5801, 5901 and 6001
=> VNC server on display N will listen on TCP ports 580N, 590N and 600N

* 5800+N - Java-based vncviewer;
* 5900+N - VNC Client Port;
* 6000+N - X Server port.

# netstat -ntlp | grep vnc
tcp        0      0 0.0.0.0:5801                0.0.0.0:*                   LISTEN      18228/Xvnc
tcp        0      0 0.0.0.0:5802                0.0.0.0:*                   LISTEN      20007/Xvnc
tcp        0      0 0.0.0.0:5901                0.0.0.0:*                   LISTEN      18228/Xvnc
tcp        0      0 0.0.0.0:5902                0.0.0.0:*                   LISTEN      20007/Xvnc
tcp        0      0 0.0.0.0:6001                0.0.0.0:*                   LISTEN      18228/Xvnc
tcp        0      0 0.0.0.0:6002                0.0.0.0:*                   LISTEN      20007/Xvnc
tcp        0      0 :::6001                     :::*                        LISTEN      18228/Xvnc
tcp        0      0 :::6002                     :::*                        LISTEN      20007/Xvnc
---------------------------

8. iptables

vi /etc/sysconfig/iptables

---------------- add -----------------------
# Open VNC for USER1
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5801 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6001 -j ACCEPT

# Open VNC for USER1
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5802 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5902 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6002 -j ACCEPT
--------------------------------------------
service iptables restart

9. Test from client

$ vncviewer x.x.x.x:5901
$ firefox http://x.x.x.x:5801/

Turning off SELinux

* Turning off SELinux temporarily
echo 0 > /selinux/enforce

* Configuring SELinux to log warnings instead of block
vi /etc/selinux/config
SELINUX=permissive

* Completely turning off SELinux
vi /etc/selinux/config
SELINUX=disabled

You will need to reboot your system or temporarily set SELinux to non-enforcing mode to create the desired effect like the example above