Sunday, December 1, 2013

How to restore LVM

Using the command “vgcfgrestore” we can recover deleted LVM partitions. Linux keeps the backup copies of lvm configuration  in the /etc/lvm/archive directory. In my scenario I have deleted 10GB lvm partition, follow the below steps to recover the LVM partition :

Step:1 First find the backed up configurations of Volume Group (my-vg)


Synatx :

# vgcfgrestore --list   < Volume-Group-Name >
# vgcfgrestore --list my-vg
recover-lvm-partition

As you can see in the above example correct configuration are backed up , in my case “my-vg_00002-692643462.vg” is correct file throug which I will recover my lvm partitions.

Step:2 Now recover the LVM partition using vgcfgrestore and archive file

Syntax

# vgcfgrestore -f /etc/lvm/archive/

# vgcfgrestore -f /etc/lvm/archive/my-vg_00002-692643462.vg  my-vg

Ouptput would be : “Restored volume group my-vg”

Now we can mount lvm partition and check whether data is there or not.

Sunday, August 25, 2013

key with passphrase in Bigip SSL profile.


# http://www.openssl.org/docs/apps/rsa.html
# Change the existing passphrase from a key, my_encrypted.key
openssl rsa -des3 -in /config/ssl/ssl.key/original_encrypted.key -out /config/ssl/ssl.key/updated_encrypted.key
- Create the client ssl profile with any accepted passphrase.
- Via the command line, edit the /config/bigip.conf file
- Identify the profile section in the file (see an example below).
- Between the following braces, you will find the encrypted passphrase.

    For example:

        profile clientssl NicSSL {
           defaults from clientssl
           key "NicCert.key"
           cert "NicCert.crt"
           ca file "NicCA.crt"
           client cert ca "NicCA.crt"
           passphrase "$M$dd$4S7mOWS//HijBz9V/7/mmA=="    << passphrase
           peer cert mode require
           authenticate always
        }

- Modify it to include your valid passphrase

        profile clientssl NicSSL {
           defaults from clientssl
           key "NicCert.key"
           cert "NicCert.crt"
           ca file "NicCA.crt"
           client cert ca "NicCA.crt"
           passphrase "hello$$$hello"
           peer cert mode require
           authenticate always
        }

- You can now load the configuration. You will then be able to test the ssl profile.

    b load
       
- The password is still in cleartext in the /config/bigip.conf file. This isn't very secure. Save the config, the passphrase will be saved encrypted.

    b save

- Double check the file /config/bigip.conf to make sure the passphrase is now encrypted


    grep passphrase /config/bigip.conf
 

Thursday, August 1, 2013

How to setup Syslog -Centralized log server in centos

How to setup Syslog -Centralized log server in centos.


Server Setup.

 [root@~]# vi /etc/sysconfig/syslog

# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-r -m 0"   (ADD -r option )
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
#    once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS="-x"
#
SYSLOG_UMASK=077
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for "group" and "other".

Restart services

[root@ ~]#  /etc/init.d/syslog restart
Shutting down kernel logger:                               [  OK  ]
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Starting kernel logger:                                    [  OK  ]
[root@ ~]# /etc/init.d/portmap restart
Stopping portmap:                                          [  OK  ]
Starting portmap:                                          [  OK  ]
[root@~]#  /etc/init.d/xinetd restart
Stopping xinetd:                                           [  OK  ]
Starting xinetd:                                           [  OK  ]
Check Syslog is listening on Port 514
[root@~]# netstat -ntulp |grep syslog
udp        0      0 0.0.0.0:514                 0.0.0.0:*                               1024/syslogd

Client Configuration.


[root@~]# vi /etc/syslog.conf 

*.* @172.16.111.152 (server Ip)
[root@ ~]#  /etc/init.d/syslog restart
Shutting down kernel logger:                               [  OK  ]
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Starting kernel logger:                                    [  OK  ]

To check the Syslog

 From Client 

[root@ ~]# logger hay

From Server

[root@ ~]# tail -f /var/log/messages
Aug  1 12:34:02-1 xinetd[2873]: EXIT: nrpe status=0 pid=22879 duration=0(sec)
Aug  1 12:34:30  sanoj: hay
Aug  1 12:34:32  xinetd[1054]: START: nrpe pid=1106 from=172.16.111.52
Aug  1 12:34:32[1054]: EXIT: nrpe status=0 pid=1106 duration=0(se

Wednesday, July 17, 2013

Recover Partition Table using Test Disk

Recover Partition Table using Test Disk


TestDisk is powerful free data recovery software! It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally deleting a Partition Table). Partition table recovery using TestDisk is really easy.
Src: http://www.cgsecurity.org/wiki/TestDisk

TestDisk can be installed in any OS. If your partition table is corrupted entirely, probably you will be unable to get into an OS to use Test Disk. For such an issue, we can make use of GParted Live Disc which has Test Disk Integrated in it. GParted is available as a bootable ISO
1.GParted Bootable ISO  download
2. Download the Bootable ISO and burn it in a CD.
This image can also be made to be booted from a USB or through PXE. Please refer the following links for it.
Live on USB http://gparted.sourceforge.net/liveusb.php
Live from PXE http://gparted.sourceforge.net/livepxe.php

3.
STEP 1:
Place the bootable disc in the disc tray and make changes in the BIOS to boot the system from the CD.
Select the default settings and press Enter.
Note: If you are unsuccessful in booting with the default settings , then select the second option “Other modes of Gparted Live” . This will bring another set of menu, select ” GParted Live ( Failsafe mode ) ” .
Gnome Partition Editor


Go with the default option, don't touch keymap and press Enter.
Gnome Partition Editor
Select whichever language is appropriate for you.
Go with the default. Just press enter


STEP 2:
Double click the terminal. ( Third Icon from the left )


STEP 3:
This is done , just to ensure that your partition table is corrupt. 
Type the following commands
$ sudo 
#fdisk -l


STEP 4:
Now open the testdisk with the following command
# testdisk
STEP 5:
This will open up the Test Disk Utility. Just press enter and proceed.
STEP 6:
Select the appropriate Hard Disk from which you want to recover the partition table. Here,going to recover the partition table from my Virtual Hard disk created using VMware. This is nothing much different from the physical Hard Disk. selected the appropriate hard disk , select and proceed at the bottom .


STEP 7:
Select the appropriate Partition type. Mostly its Intel. Select and then press Enter to proceed.


STEP 8:
Now select Analyse and then press enter to proceed. 
The quick search option is selected by default. Just press enter to proceed.


STEP 9:
Press yes to proceed.

 Now your partition would have been recovered. Just check if its correct. If you are sure its the correct structure, just pressenter  to proceed.



STEP 10:
Select write and enter to proceed.
Press enter to confirm the write.


STEP 11:
Press enter to proceed.
Select ok
            
Select quit
              


STEP 12:














USING  partition wizzard
Go here and get "partition wizzard" it is free for home use.  You can go ahead and install the free version or you can download and use the bootable CD, either one should work.
http://www.partitionwizard.com/free-partition-manager.html

They also have a little tutorial here but I will go ahead and give you a few tips.
http://www.partitionwizard.com/help/partition-recovery.html


Run the program and go to Wizzard > Partition Recovery Wizzard:
Pwiz1.JPG


Make sure you select the right disk on the next screen:

pwiz2.JPG


Do Quick scan
After it does the scan you will see a screen like this:
pwiz3.JPG


In my example here, it's only showing one possible configuration for the deleted partition.
You may end up with more than one, but don't select any boxes yet.  If your drive had a single partion on it, chances are the starting point of the correct configuration would be 63 or 2048.

If you click the line right where my pointer is you will be able to "browse" the drive using that partition alignment.
Don't check the box, just click the line where I am pointing to and you get a box like this:

pwiz4.JPG


Tuesday, July 16, 2013

HOSTCONSH in BIG-IP



  HOSTCONSH in BIG-IP
 Escape-shift-9, hold down escape, hold down shift, then press 9, you will get this menu on the serial console:
escape-shift-nine

Sunday, July 7, 2013

ERROR: Loading command: list (LoadError) | no such file to load -- zlib | ERROR: While executing gem ... (NameError) | uninitialized constant Gem::Commands::ListCommand



======================================================= 
gem list
ERROR:  Loading command: list (LoadError)
    no such file to load -- zlib
ERROR:  While executing gem ... (NameError)
    uninitialized constant Gem::Commands::ListCommand

=======================================================
 
=============================== 
sudo apt-get install zlib1g-dev
cd /ruby-source-files/ext/zlib
ruby extconf.rb
make
sudo make install  
=============================== 

Thursday, June 27, 2013

TCP – 3 WAY HANDSHAKE.



TCP – 3 WAY HANDSHAKE.


When you type google.com on your web browser what’s going to happen is your computer going to send information from the application layer down to the transport layer and the transport layer going create a segment that called syn and the syn is going to build the session with web server.
 


Every single request that your web browser makes to website will get a unique identifier typically this means that every single web browser session you have opened you have one or more ports opened for that particular web browser and that way the web server replies with the next handshake segment syn-ack 
 Complete the handshake by replying with an ack. and the port will filpflop depending upon who sending the data.
Once our three-way handshake is established only we can exchange the data.
Wire shark Capture for 3 way handshake.