分类目录归档:Linux

Linux

Manually configuring the /etc/resolv.conf file(RHEL7/8 )

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/manually-configuring-the-etc-resolv-conf-file_configuring-and-managing-networking

By default, NetworkManager on Red Hat Enterprise Linux (RHEL) 8 dynamically updates the /etc/resolv.conf file with the DNS settings from active NetworkManager connection profiles. This section describes different options on how to disable this feature to manually configure DNS settings in /etc/resolv.conf.

31.1. Disabling DNS processing in the NetworkManager configuration

This section describes how to disable DNS processing in the NetworkManager configuration to manually configure the /etc/resolv.conf file.

Procedure

  1. As the root user, create the /etc/NetworkManager/conf.d/90-dns-none.conf file with the following content by using a text editor: [main] dns=none
  2. Reload the NetworkManager service: # systemctl reload NetworkManagerNote After you reload the service, NetworkManager no longer updates the /etc/resolv.conf file. However, the last contents of the file are preserved.
  3. Optionally, remove the Generated by NetworkManager comment from /etc/resolv.conf to avoid confusion.

Verification steps

  1. Edit the /etc/resolv.conf file and manually update the configuration.
  2. Reload the NetworkManager service: # systemctl reload NetworkManager
  3. Display the /etc/resolv.conf file: # cat /etc/resolv.conf If you successfully disabled DNS processing, NetworkManager did not override the manually configured settings.

Additional resources

  • For further details, see the description of the dns parameter in the NetworkManager.conf(5) man page.

31.2. Replacing /etc/resolv.conf with a symbolic link to manually configure DNS settings

NetworkManager does not automatically update the DNS configuration if /etc/resolv.conf is a symbolic link. This section describes how to replace /etc/resolv.conf with a symbolic link to an alternative file with the DNS configuration.

Prerequisites

  • The rc-manager option is not set to file. To verify, use the NetworkManager --print-config command.

Procedure

  1. Create a file, such as /etc/resolv.conf.manually-configured, and add the DNS configuration for your environment to it. Use the same parameters and syntax as in the original /etc/resolv.conf.
  2. Remove the /etc/resolv.conf file: # rm /etc/resolv.conf
  3. Create a symbolic link named /etc/resolv.conf that refers to /etc/resolv.conf.manually-configured: # ln -s /etc/resolv.conf.manually-configured /etc/resolv.conf

Additional resources

  • For details about parameters you can set in /etc/resolv.conf, see the resolv.conf(5) man page.
  • For further details about why NetworkManager does not process DNS settings if /etc/resolv.conf is a symbolic link, see the description of the rc-manager parameter in the NetworkManager.conf(5) man page.

NFS Stale File Handle error and solution

Sometime NFS can result in to weird problems. For example NFS mounted directories sometimes contain stale file handles. If you run command such as ls or vi you will see an error:
$ ls
.: Stale File Handle

First let us try to understand the concept of Stale File Handle. Managing NFS and NIS, 2nd Edition book defines filehandles as follows (a good book if you would like to master NFS and NIS):
A filehandle becomes stale whenever the file or directory referenced by the handle is removed by another host, while your client still holds an active reference to the object. A typical example occurs when the current directory of a process, running on your client, is removed on the server (either by a process running on the server or on another client).

So this can occur if the directory is modified on the NFS server, but the directories modification time is not updated.

How do I fix this problem?

a) The best solution is to remount directory from the NFS client using mount command:
# umount -f /mnt/local
# mount -t nfs nfsserver:/path/to/share /mnt/local

First command (umount) forcefully unmount a disk partition /mnt/local (NFS).

(b) Or try to mount NFS directory with the noac option. However I don’t recommend using noac option because of performance issue and Checking files on NFS filesystem referenced by file descriptors (i.e. the fcntl and ioctl families of functions) may lead to inconsistent result due to the lack of consistency check in kernel even if noac is used.

LVM 灾难修复

LVM 介绍

LVM 简介

LVM 是逻辑盘卷管理(Logical Volume Manager)的简称,最早是 IBM 为 AIX 研发的存储管理机制。LVM 通过在硬盘和分区之间建立一个逻辑层,可以让多个分区或者物理硬盘作为一个逻辑卷 ( 相当于一个逻辑硬盘 ),提高了磁盘分区管理的灵活性。1998 年,Heinz Mauelshagen 在 Linux 2.4 内核上提供了 Linux 的 LVM 实现。目前 Linux 2.6 内核支持 LVM2,Redhat 官方网站目前提供最新可下载版本为 2.2.02.77;如果需要最新或者其它版本,请参考网页。

LVM 早期多用于服务器,配合存储硬件的 Raid 技术,提供高可靠性,可灵活配置的磁盘分区管理;普通 PC 由于存储容量有限,很少使用这种技术。随着单个磁盘容量的不断扩大和硬盘价格的下降,普通 PC 拥有 TB 级的大容量存储空间逐渐普及,也带来对 PC 上存储管理的需要,LVM 无疑是很好的解决方案。只是普通 PC 用户由于缺少硬件冗余保护,在发生灾难时,通常会发生比较严重的数据损失。好在 LVM 提供了一系列灾难恢复的功能,可以帮助普通 PC 用户尽可能减少损失。 我们可以通过下面的命令检查系统中是否安装了 lvm 工具:

清单 1. 查看系统中 LVM 版本
 rpm -qa | grep lvm
 lvm2-2.02.56-8.el5_5.4

上例系统安装了 2.02.56 版本的 LVM。

继续阅读

Postfix权威指南-阅读笔记

文章目录


继续阅读

Linux 文件恢复的原理

inode 和 block

首先简单介绍一下 Linux 文件系统的最基本单元:inode。inode 译成中文就是索引节点,每个存储设备(例如硬盘)或存储设备的分区被格式化为文件系统后,应该有两部份,一部份是 inode,另一部份是 block,block 是用来存储数据用的。而 inode 呢,就是用来存储这些数据的信息,这些信息包括文件大小、属主、归属的用户组、读写权限等。inode 为每个文件进行信息索引,所以就有了 inode 的数值。linux 操作系统下可以使用 ls –id 命令来查看文件或者目录的 inode 值,一般”root”目录的 inode 值为 2,一个分区挂载到一个目录下时,这个”root”目录的 inode 值为 2

# mount /dev/sdb2 /tmp
# ls -id /tmp2 /tmp

文件恢复的原理

本文要介绍的命令是通过文件系统的 inode 值(一般是 2 )来获取文件系统信息。在 ext3 和 ext4 文件系统中,每个文件都是通过 inode 来描述其数据存放的具体位置,当文件被删除以后,inode 的数据指针部分被清零,文件目录区没有太多变化。文件的读写都是通过 inode 来实现,当 inode 数据指针被清零以后,即便文件内容还在,也没有办法把文件内容组合出来。当 ext3 和 ext4 文件系统中的元数据 metadata 发生变化时,相应的元数据 metadata 在日志文件会有一份拷贝。比如一个文件被删除了,它的 inode 信息会在日志文件中先保存一份,然后把要删除文件 inode 相关信息清零。这个日志文件是循环使用的,当操作过多时,删除的文件的 inode 日志记录会被新的数据替换,这就彻底丧失了根据 inode 找回数据的机会了。如果是大量文件的删除,这个日志文件会被反复循环利用多次,只留给最后删除的那些文件的恢复机会。

继续阅读

Postfix+Amavisd-new+SpamAssassin+Clamav

一、安装Amavisd-new+SpamAssassin

说明:amavisd-new是介于MTA与邮件分析软件(如sa、clama)之间的一个接口;可以将位于队列的邮件取出来,调用ClamAV对邮件进行病毒扫描,调用SpamAssassin对邮件内容进行过滤 。

官方网站:

http://www.ijs.si/software/amavisd/

安装参考:

http://www.shisaa.jp/postset/mailserver-3.html

http://www.postfixvirtual.net/postfixantivirus.html#amavisdnew

继续阅读

How to setup an SFTP server on CentOS

This tutorial explains how to setup and use an SFTP server on CentOS. Before I start, let me explain what actually SFTP represents and what it is used for. Currently, most people know that we can use normal FTP for transferring, downloading or uploading data from a server to client or client to server. But this protocol is getting hacked easily (if TLS is not used) by anonymous intruders as it the ports are wide open to anyone. Therefore, SFTP has been introduced to as another alternative to meet the main purpose to strengthen the security level.

SFTP stands for SSH File Transfer Protocol or Secure File Transfer Protocol. It uses a separate protocol packaged with SSH to provide a secure connection.

1. Preliminary Note

For this tutorial, I am using CentOS 7 in the 64bit version. The same steps will work on CentOS 6 as well. The tutorial result will show how a client can be provided with access to the SFTP server but unable to login to the server itself by SSH.

2. SFTP Installation

Unlike normal FTP, there’s no need to install additional packages in order to use SFTP. We just require the prebuild SSHd package that got already installed during installation on the server. Therefore, just check to confirm if you already have the required SSH package. Below are the steps:

Run:

rpm -qa|grep ssh

The output should be similar to this:

[root@localhost ~]# rpm -qa|grep sshlibssh2-1.4.3-10.el7_2.1.x86_64openssh-7.4p1-13.el7_4.x86_64openssh-server-7.4p1-13.el7_4.x86_64openssh-clients-7.4p1-13.el7_4.x86_64

That’s all, now we’ll go on how to make the SFTP configuration.

继续阅读

How to set DNS in CentOS/RHEL 7 & prevent NetworkManager from overwriting /etc/resolv.conf?

This guide shows you how to set custom DNS entries for CentOS 7 / RedHat 7 and ensure that the settings are persistent even after a reboot.

What you need

  • A CentOS 7 or a Red Hat Enterprise Linux (RHEL) 7 server
  • A couple of minutes

Overview

In CentOS and Red Hat Enterprise Linux (RHEL) 7, any custom DNS entries are stored in the file /etc/resolv.conf. However, if we simply go ahead and add our nameservers to this file, we’ll notice that after a reboot or a restart of the network.service, the file is overwritten by NetworkManager.

In this guide, we will first configure NetworkManager to not overwrite this file. Then, we will go ahead and actually add our custom nameservers to /etc/resolv.conf.

Step 1

The NetworkManager configuration is located here: /etc/NetworkManager/NetworkManager.conf Open this file using vim or your favorite text editor.

Search for the [main] section in this file. It should look something like this:

...
[main]
#plugins=ifcfg-rh,ibft
...

Add dns=none just after the [main] tag like this:

...
[main]
dns=none
#plugins=ifcfg-rh,ibft
...

Go ahead and save the file.

Step 2

Let’s restart the NetworkManager.service service so that it picks up the changes we made to the configuration.

sudo systemctl restart NetworkManager.service

Note that the service name NetworkManager.service is case-sensitive.

Step 3

Now, let’s add our nameservers to /etc/resolv.conf

Open this file in you favorite text editor and specify the name servers as follows:

# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 8.8.4.4

That’s it! You’re done. The nameservers added to /etc/resolv.conf will now persist even after a reboot. NetworkManager will not longer overwrite this file.

Centos curl ssl 替换 NSS 为 OpenSSL

系统版本是 Centos 6/7 64位。

1、先安装常用的开发环境。

yum groupinstall Development tools

2、编译OpenSSL

1.下载 OpenSSL:

wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz

2.解压 OpenSSL:

tar -xzvf openssl-1.0.2l.tar.gz

3.进入 OpenSSL目录:

cd openssl-1.0.2l

4.配置并编译 OpenSSL:

./config –shared
make && make install

继续阅读