There will be two scenario:

1. Delete partition by fdisk and restart the computer.
2. Delete and create empty partition by fdisk and restart the computer.
3. Delete whole storage device from the system and restart computer.
4. Delete and create whole storage device from the system and restart computer.

1. Delete partition by fdisk and restart the computer.

First, I gotta create the raid device:

[root@node1 ~]# mdadm -C /dev/md0 -n 2 -l 1 /dev/hdd1 /dev/hdb8
mdadm: largest drive (/dev/hdb8) exceed size (476160K) by more than 1%
Continue creating array? y
mdadm: array /dev/md0 started.

and build ext3 file system on the device:

[root@node1 ~]# mke2fs -j /dev/md0

Edit /etc/fstab according to the changes:

/dev/md0                /test                   ext3    defaults        0 0

and mount everything is contained at /etc/fstab:

[root@node1 ~]#mount -a

Copy some files to /test(to be able to check files integrity in the future):

[root@node1 ~]# cp -rfv /var/* /test/

Now, delete /dev/hdd1 through fdisk:

[root@node1 ~]# fdisk  /dev/hdd

The number of cylinders for this disk is set to 8322.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): d
Selected partition 1

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

and restart computer:

[root@node1 ~]# reboot

During the system booting I got next error(the same I got when try to manually mount md0):

mount: wrong fs type, bad option, bad superblock on /dev/md0,
       missing codepage or other error
       (could this be the IDE device where you in fact use
       ide-scsi so that sr0 or sda or so is needed?)
       In some cases useful info is found in syslog - try
       dmesg | tail  or so

/proc/mdstat doesn’t see any local raid devices:

[root@node1 ~]# cat /proc/mdstat
Personalities :
unused devices:

Let’s create new mdadm.conf :

[root@node1 ~]#  mdadm --examine --scan  /dev/hdb8 > /etc/mdadm.conf

[root@node1 ~]# cat /etc/mdadm.conf
ARRAY /dev/md0 level=raid1 num-devices=2 UUID=c1ce0c10:035aa2a3:829450b6:84b7a236

And active everything from mdadm.conf:

[root@node1 ~]#  mdadm -A -s
mdadm: /dev/md0 has been started with 1 drive (out of 2).

The md0 was activated, but only with one disk:

[root@node1 ~]# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 hdb8[1]
      476160 blocks [2/1] [_U]

Conclusion: If it was a root partition your system wouldn’t boot at all. And you would have to dance with boot disk to make you system alive.

2. Delete and create empty partition by fdisk and restart the computer.

The same actions as above and additional create partition /dev/hdd1 in fdisk.
After system booted. None of raid’s are active :

[root@node1 ~]# cat /proc/mdstat
Personalities :
unused devices:

But after restore procedure system is going to work in full-fledged mode(with 2 disks):

[root@node1 ~]#  mdadm --examine --scan  /dev/hdb8 > /etc/mdadm.conf
[root@node1 ~]# mdadm -A -s
mdadm: /dev/md0 has been started with 2 drives.
[root@node1 ~]# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 hdd1[0] hdb8[1]
475136 blocks [2/2] [UU]

The new device has no influence on system behavior at all. Result is similar to previous one.

3. Delete whole storage device from the system and restart computer.

During this test the md0 was restored and mounted during system boot without any problem or delays. Also next notice message were generated and put into the syslog facility kernel:

kernel: raid1: raid set md0 active with 1 out of 2 mirrors

4. Delete and create whole storage device from the system and restart computer.

During boot raid wasn’t rebuilt by itself:

[root@node1 ~]# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 hdb8[1]
      475136 blocks [2/1] [_U]

And has to be re-built manually :

[root@node1 ~]# mdadm -a /dev/md0 /dev/hdd1
mdadm: re-added /dev/hdd1

Still recovering :) :

[root@node1 ~]# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 hdd1[0] hdb8[1]
      475136 blocks [2/1] [_U]
      [====>................]  recovery = 21.5% (103296/475136) finish=0.4min speed=12912K/sec

NOTE: partition type for new partition should be set to ‘Linux raid autodetect’ (FD in a hex code). Frankly speaking I didn’t test whether it works without that, that’s why it may be or may _not_ useless procedure. My advice is: just do it!

[root@node1 ~]# fdisk -l /dev/hdd

Disk /dev/hdd: 4294 MB, 4294967296 bytes
16 heads, 63 sectors/track, 8322 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/hdd1               1         943      475240+  fd  Linux raid autodetect

P.S. System information:

Tests were performed at virtual machine:
virtualbox-2.1.4
virtualbox-ose-guest-modules-2.6.26-1-686
Software installed inside VM:
CentOS(kernel-2.6.18-128.el5)
mdadm-2.6.9-2.el5

PRE-REQUIREMENTS:

oowriter has to be already installed. It is provided by Open Office system(for Debian its openoffice.org-writer package).

Unfortunately, I can’t remember the source where this macros is came from. Anyway here my script:

#!/bin/bash
# Written by Andrii Grytsenko
# pp: AndriiGrytsenko.net

if [ $# -lt 1 ]; then
    echo "Example: pdf2doc [doc_file] [output_dir]"
    echo "in case output_dir is missing generate into current dir"
fi

DOCDIR=$(dirname $1)
DOCFILE=$(basename $1)
PDFFILE=$(echo $DOCFILE | sed -e 's/\.doc$/\.pdf/g')
CURRENT_DIR=$(pwd)
OUT_DIR=$2

# if output_dir is missing set current
if [ -z $OUT_DIR ]; then
    OUT_DIR=$CURRENT_DIR
fi

if  echo $DOCDIR | grep -E "^\.$" > /dev/null; then
        DOCDIR=$CURRENT_DIR
elif ! echo $DOCDIR | grep -E "^/" > /dev/null; then
        DOCDIR=$CURRENT_DIR/$DOCDIR
fi

cd $DOCDIR
/usr/bin/oowriter -invisible "macro:///Standard.Module1.ConvertWordToPDF($DOCDIR/$DOCFILE)"
sleep 2 # for big files generation can take more time
mv $PDFFILE $OUT_DIR/
cd $CURRENT_DIR

Put file into the catalog from PATH env variable, into the /usr/bin for example. And call doc2pdf.

To generate question.pdf from question.doc and put it into the /tmp, run this:

doc2pdf ~/tmp2/questions.doc /tmp/

PROFIT:

andrii@agrytsenko:~$ ls -l /tmp/questions.pdf
-rw-r--r-- 1 andrii vboxusers 53226 Jul 16 14:17 /tmp/questions.pdf

There is one good package which allow you to control and check your computer temperature in online mode. To install For debian:

apt-get install lm-sensors

for CentOS or RH:

yum install lm-sensors

Next software should discover all sensors in your PC, run sensors-detect:

agrytsenko:~# sensors-detect
# sensors-detect revision 5729 (2009-06-02 15:51:29 +0200)
# System: Hewlett-Packard HP Compaq 6510b (GB866EA#ACB) (laptop)
# Board: Hewlett-Packard 30C0                                   

This program will help you determine which kernel modules you need
to load to use lm_sensors most effectively. It is generally safe
and recommended to accept the default answers to all questions,
unless you know what you're doing.                                

Some south bridges, CPUs or memory controllers contain embedded sensors.
Do you want to scan for them? This is totally safe. (YES/no):
Silicon Integrated Systems SIS5595...                       No
VIA VT82C686 Integrated Sensors...                          No
VIA VT8231 Integrated Sensors...                            No
AMD K8 thermal sensors...                                   No
AMD K10 thermal sensors...                                  No
Intel Core family thermal sensor...                         Success!
    (driver `coretemp')
Intel AMB FB-DIMM thermal sensor...                         No
VIA C7 thermal and voltage sensors...                       No          

Some Super I/O chips contain embedded sensors. We have to write to
standard I/O ports to probe them. This is usually safe.
Do you want to scan for Super I/O sensors? (YES/no):
Probing for Super-I/O at 0x2e/0x2f
Trying family `National Semiconductor'...                   No
Trying family `SMSC'...                                     Yes
Found unknown chip with ID 0x3600
Probing for Super-I/O at 0x4e/0x4f
Trying family `National Semiconductor'...                   No
Trying family `SMSC'...                                     Yes
Found unknown non-standard chip with ID 0x7a                      

Some hardware monitoring chips are accessible through the ISA I/O ports.
We have to write to arbitrary I/O ports to probe them. This is usually
safe though. Yes, you do have ISA I/O ports even if you do not have any
ISA slots! Do you want to scan the ISA I/O ports? (YES/no):
Probing for `National Semiconductor LM78' at 0x290...       No
Probing for `National Semiconductor LM79' at 0x290...       No
Probing for `Winbond W83781D' at 0x290...                   No
Probing for `Winbond W83782D' at 0x290...                   No          

Lastly, we can probe the I2C/SMBus adapters for connected hardware
monitoring devices. This is the most risky part, and while it works
reasonably well on most systems, it has been reported to cause trouble
on some systems.
Do you want to probe the I2C/SMBus adapters now? (YES/no):
Sorry, no supported PCI bus adapters found.
Module i2c-dev loaded successfully.

Now follows a summary of the probes I have just done.
Just press ENTER to continue:

Driver `coretemp':
  * Chip `Intel Core family thermal sensor' (confidence: 9)

To load everything that is needed, add this to /etc/modules:
#----cut here----
# Chip drivers
coretemp
#----cut here----
If you have some drivers built into your kernel, the list above will
contain too many modules. Skip the appropriate ones!

Do you want to add these lines automatically to /etc/modules? (yes/NO)yes
Successful!

Monitoring programs won't work until the needed modules are
loaded. You may want to run '/etc/init.d/module-init-tools start'
to load them.

Unloading i2c-dev... OK

If you have choosen “yes” on last question then all needed kernel modules were added to your module config file. In my case only one module is found, here is it:

agrytsenko:~# grep temp /etc/modules
coretemp

To get sensors status and data run sensors:

agrytsenko:~# sensors
acpitz-virtual-0
Adapter: Virtual device
temp1:       +60.0°C  (crit = +256.0°C)
temp2:       +58.0°C  (crit = +108.0°C)
temp3:       +45.0°C  (crit = +105.0°C)
temp4:       +32.5°C  (crit = +108.0°C)
temp5:       +65.0°C  (crit = +110.0°C)

coretemp-isa-0000
Adapter: ISA adapter
Core 0:      +59.0°C  (high = +100.0°C, crit = +100.0°C)

coretemp-isa-0001
Adapter: ISA adapter
Core 1:      +61.0°C  (high = +100.0°C, crit = +100.0°C)

The output depends on your hardware sensors. This output from my another PC:

w83627hf-isa-0290
Adapter: ISA adapter
VCore 1:   +1.47 V  (min =  +1.30 V, max =  +1.71 V)
VCore 2:   +1.82 V  (min =  +1.30 V, max =  +1.71 V)       ALARM
+3.3V:     +3.25 V  (min =  +2.82 V, max =  +3.79 V)
+5V:       +4.89 V  (min =  +4.06 V, max =  +5.70 V)
+12V:     +12.28 V  (min =  +7.24 V, max =  +9.97 V)       ALARM
-12V:     -11.95 V  (min =  +4.58 V, max = -11.87 V)       ALARM
-5V:       -5.20 V  (min =  +2.09 V, max =  -4.39 V)       ALARM
V5SB:      +5.46 V  (min =  +5.99 V, max =  +5.19 V)       ALARM
VBat:      +2.85 V  (min =  +3.54 V, max =  +3.49 V)       ALARM
fan1:        0 RPM  (min = 10887 RPM, div = 2)              ALARM
fan2:        0 RPM  (min = 3947 RPM, div = 2)              ALARM
fan3:        0 RPM  (min = 4411 RPM, div = 2)              ALARM
temp1:       +28 C  (high =   +68 C, hyst =   +48 C)   sensor = thermistor
temp2:     +43.0 C  (high =   +70 C, hyst =   +65 C)   sensor = diode(beep)
temp3:      -1.5 C  (high =   +70 C, hyst =   +65 C)   sensor = diode
vid:      +1.500 V  (VRM Version 8.5)
alarms:
beep_enable:
          Sound alarm enabled

Now you can do with these info whatever you want, for instance put into the file as plain text or excel document or even storage in RDBMS. I prefer to store these data’s in Round Robin Database and draw nice graphs by rrdtool util.

First you need to get Windows drivers from your drivers CD(you can find this stuff in your modem’s box). Also you need to install ndiswrapper.

Put directory with drivers to /root/Drivers/ and install ndiswrapper:

apt-get install ndiswrapper-common ndiswrapper-utils-1.9 rt73-common

Make ndiswrapper work with your windows driver:

ndiswrapper -i /root/Drivers/WinXP_2K_9X/Dr71WU.inf

in case of previous step was successfully done, generate new configuration for modprobe:

ndiswrapper -m

Try to determine what name has you wireless interface:

ifconfig -a

By default it’s wlan0 , but in my case it’s wlan1. Let’s bring it up:

ifconfig wlan1 up

Add interface configuration to your /etc/network/interfaces. In case you have no dhcpd server inside the network set your settings statically :

auto wlan1
allow-hotplug wlan1
iface wlan1 inet static
    address 192.168.0.3
    network 192.168.0.0
    gateway 192.168.0.1
    netmask 255.255.255.0
    wireless-essid Homeee
    wireless-mode Managed
    wireless-key DFFB9E2CC1

Or if you have dynamic server inside:

auto wlan1
iface wlan1 inet dhcp
    wireless-essid amber
    wireless-mode managed
    wireless-key 6170-706C-65
    wireless-rate 54M

Restart your computer and enjoy. Or at least run :

/etc/init.d/networking restart

Also below some tips how to make manual configuration:

ifconfig wlan1 192.168.0.1 netmask 255.255.255.0 up

- bring network up with defined ip and net mask.

iwconfig wlan1 essid "name of network"

- to set network name

iwconfig wlan1 mode "new_mode"

- set mode there is 7 modes are present. See man iwconfig to get more details.

iwconfig wlan1 key "key string"

- to set key up

or

iwconfig wlan1 key "s:key_string"

- to WEP ascii key.

iwconfig wlan1 rate 54M

- to set up spesific transfer date speed

iwlist wlan1 scan

- to get all available networks and its parameters.

UPDATE:
You can create little script which will be able restart ot start you wifi connection.

cat > /bin/wifi-restart 

#!/bin/bash

ifconfig wlan1 down
sleep 5
iwconfig wlan1 essid amber
iwconfig wlan1 key s:apple
iwconfig wlan1 rate 54M
ifconfig wlan1 up
dhclient3 wlan1

Now set executable  bit on it:

chmod +x /bin/wifi-restart

To start or restart wifi, run it:

wifi-restart

I was starting investigation and figure out that my problem was the same as this. There is also workaround solution was found. First, let me describe my hardware and symptom data.

I have usb wireless adapter D-link DWA-110.

#lsusb
....
Bus 002 Device 004: ID 07d1:3c07 D-Link System Wireless G DWA-110 Adapter 

Linux kernel:

# uname -r
2.6.30-1-686

Sometimes I observed that my network going to hung. In my logs I observer such messages:

Dec 22 21:45:36 agrytsenko kernel: [52190.300066] wlan1: no probe response from AP 00:26:5a:95:8b:cc - disassociating
Dec 22 21:46:56 agrytsenko kernel: [52269.860040] wlan1: direct probe to AP 00:26:5a:95:8b:cc try 1
Dec 22 21:46:56 agrytsenko kernel: [52270.060080] wlan1: direct probe to AP 00:26:5a:95:8b:cc try 2

I have written little script which restart my network:

#!/bin/bash
ifconfig wlan1 down
sleep 5
iwconfig wlan1 essid amber
iwconfig wlan1 key s:apple
iwconfig wlan1 rate 54M
ifconfig wlan1 up
dhclient3 wlan1

But this way is not good idea at all. So after googling I find next solution(it’s also not complete solution, but quite better then my previous). This solution involve kernel sources. Therefore you should download it. After downloading you need to compile and install new kernel. Here is good how to for Debian users.

Before you begin to compile new kernel and after unpacking the sources you should change one line in your sources. First, try to find it:

cd /usr/src/linux
# grep -r IEEE80211_MONITORING_INTERVAL *
debian/linux-image-2.6.30/lib/modules/2.6.30/build/net/mac80211/mlme.c:#define IEEE80211_MONITORING_INTERVAL (2 * HZ)
.......

So our line is found. Go there and set value to 100. Ex.:
from

#define IEEE80211_MONITORING_INTERVAL (2 * HZ)

to

#define IEEE80211_MONITORING_INTERVAL (100 * HZ)

After new kernel installed and loaded my problem disappeared.

This post include 2 part. In first one I’ll describe step which should be taken on linux machine and in second one step for windows client.

Linux(server side)

We use this host to share internet connection between users over wireless network, so the machine has to have at least two connection:

1. Internet ( regular ethernet connection)
2. Wireless connection( provided by wi-fi card)

I will skip how to setup your Internet connection, therefore make sure its work properly.
If you mounted your wi-fi card to pci slot use lspci to check it out:

[root@localhost ~]# lspci  | grep -i wireless
02:01.0 Ethernet controller: Atheros Communications Inc. Atheros AR5001X+ Wireless Network Adapter (rev 01)

For this card kernel module ath5k should be loaded into the kernel. Check it:

lsmod | grep ath5k

Use modprobe unless module is not loaded.

modprobe ath5k

If you done it without any problem I will able to set up the wi-fi card. Here is network configuration file for interface wlan0 with some comments:

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-wlan0# Atheros Communications Inc. Atheros AR5001X+ Wireless Network Adapter
DEVICE=wlan0
ONBOOT=yes
IPADDR=192.168.0.1
NETMASK=255.255.255.0
HWADDR=00:17:9a:b7:d6:01
TYPE=Wireless
MODE=Ad-Hoc  # set this mode if want to make this card as access point
ESSID=homeee # the name of this connection which will be displayed for users
KEY=dffb9e2cc2 # secret key for connection

To generate connection key run:

dd if=/dev/random bs=1 count=5| xxd -ps

Now restart the network service:

service network restart

and verify:

iwconfig wlan0

and

ifconfig wlan0

So 50% of linux part is done. Tune your kernel to make it forward ip traffic:

vi /etc/sysctl.conf

and set

net.ipv4.ip_forward

to 1:
net.ipv4.ip_forward = 1
Make changes affected:

sysctl -p /etc/sysctl.conf

Verify:

sysctl -a | grep all.forwarding | grep ipv4

And last but very important step. Its firewall and nat settings:
!!! Be careful because this command flush all your rules in OUTPUT chain

iptables -F OUTPUT

turn masquerading on:

 iptables -t nat -I POSTROUTING -s 192.168.0.2/32 -o eth0 -j MASQUERADE

where eth0 your interface for share.
save it all:

service iptables save

The linux router is ready on all 100%.

Windows(client side)

I use windows Vista for this, but this steps can be used to Windows XP as well. Go to:
Start->Control Panel->Network and Internet-> Network and Sharing center -> manage network connections
Click right button on your Wireless Network Connection and choose Properties.
Make double click on Internet Protocol Version 4.
When new window is appear fill it up:
Ip address: 192.168.0.2
Subnet mask: 255.255.255.0
Default gateway: 192.168.0.1
Also you need to specify you DNS server. Put the ip address of DNS server provided by your ISP.

As repository I have used my own Debian machine. Firstly, I have installed createrepo. This program generate some metadata which is necessary for RPM repository. Run

apt-get install createrepo

to install it from yum repository. Create two directories in the DocumentRoot environment. In my case its /var/www/html/ :

mkdir -pv /var/www/html/centos/5/{os,updates}/i386

Now copy packages from your CD/DVD installation disk to ./centos/5/os/i386 directory.
As I have an image file I should mount it first:

mount -o loop ~/CentOS-5.3-i386-bin-DVD.iso /mnt/dvd/

Only after you may start to copy:

cp /mnt/dvd/CentOS/* /var/www/html/centos/5/os/i386/

Its can take a while.
Also you need to get updates for your repository:

rsync -avrt rsync://mirror.web-ster.com/centos/5/updates/i386  --exclude=debug/

Take a look about more suitable rsync mirror for you here. It’s good idea to keep this directory updated all the time via cron.

Generate metadata for both directories.

cd /var/www/html/centos/5/os/i386/ && createrepo . 

cd /var/www/html/centos/5/updates/i386/ && createrepo . 

For server side is done. Please pay attention that your web-server should be run to keep the repository available.

Client side:

Backup your *.repo files in your /etc/yum.repos.d:

for i in *.repo; do mv $i $i.bak; done

And new one CentOS-Base.repo config with next context:

[base]
name=CentOS-$releasever - Base
baseurl=http://{IP address of your server}/centos/$releasever/os/$basearch/
gpgcheck=0
[update]
name=CentOS-$releasever - Updates
baseurl=http://{IP address of your server}/centos/$releasever/updates/$basearch/
gpgcheck=0

This steps should be repeated for each client machine.

# sysctl -w kernel.sysrq=1 

and send command to kernel to reboot the system without unmounting file systems:

echo b > /proc/sysrq-trigger

Here is some additional SRK features:
• r — Disables raw mode for the keyboard and sets it to XLATE (a limited keyboard mode which
does not recognize modifiers such as Alt, Ctrl, or Shift for all keys).
• k — Kills all processes active in a virtual console. Also called Secure Access Key (SAK), it is
often used to verify that the login prompt is spawned from init and not a trojan copy designed to
capture usernames and passwords.
• b — Reboots the kernel without first unmounting file systems or syncing disks attached to the
system.
• c — Crashes the system without first unmounting file systems or syncing disks attached to the
system.
• o — Shuts off the system.
• s — Attempts to sync disks attached to the system.
• u — Attempts to unmount and remount all file systems as read-only.
• p — Outputs all flags and registers to the console.
• t — Outputs a list of processes to the console.
• m — Outputs memory statistics to the console.
• 0-9 — Sets the log level for the console.
• i — Kills all processes except init using SIGKILL.
• l — Kills all processes using SIGKILL (including init). The system is unusable after issuing this SR Key pre.
• h — Displays help text.

Assume you set up pop3 and imap and want to check it out.

First, let’s go to check the POP3 server. Make sure that it bound at port 110:

# netstat -lnp | grep 110
tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN      2779/dovecot

As you can see I use dovecot as server application and it’s works on all interfaces.
Next, make connection attempt:

# telnet 127.0.0.1 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Dovecot ready.

Now, we got server answer. Do authorization with command user and pass

USER user1
+OK
PASS qwe
+OK Logged in.

and LIST to see headers of all inbox mails:

LIST
+OK 1 messages:
1 306
.

We have only one mail. First field of answer means

mail_id

.
To see whole mail use RETR mail_id:

RETR 1
+OK 306 octets
Return-Path: 
Received: from d (node1 [10.0.30.1])
        by mail.test.com (8.13.8/8.13.8) with SMTP id n8ONtVLG011279
        for user1@test.com; Fri, 25 Sep 2009 03:04:08 +0300
Date: Fri, 25 Sep 2009 03:04:08 +0300
From: fd@test.com
Message-Id: <200909250004.n8ONtVLG011279@mail.test.com>
test

To delete it:

DELE 1
+OK Marked to be deleted.

This message marked as deleted and will be removed when you send command QUIT to server. To unmark messages use command RSET without any arguments:

RSET
+OK

Use command QUIT to leave the server.

QUIT
+OK Logging out.

Refer to RFC 1939 for more details.

# netstat -lnp | grep 143
tcp        0      0 0.0.0.0:143                 0.0.0.0:*                   LISTEN      2779/dovecot

Try to connect:

# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
* OK Dovecot ready.

Okay, we have got good answer. Now, we should authorize on server. Syntax is:
? LOGIN USER/ALIAS PASSWORD

For example:

? login user1 qwe
? OK Logged in.

To get folders list make:

? LIST "" "*"
* LIST (\NoInferiors \UnMarked) "/" "INBOX"
? OK List completed.

In folder INBOX contain all incoming messages. To select it:

? SELECT INBOX
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 1 EXISTS
* 0 RECENT
* OK [UNSEEN 1] First unseen.
* OK [UIDVALIDITY 1253837819] UIDs valid
* OK [UIDNEXT 2] Predicted next UID
? OK [READ-WRITE] Select completed.

1 EXISTS – means 1 incoming message. You can choose between see full message or only message body instead:
? FETCH message_number All
OR
? FETCH message_number Body

Let’s see whole message:

? FETCH 1 all
* 1 FETCH (FLAGS () INTERNALDATE "25-Sep-2009 03:04:12 +0300" RFC822.SIZE 306 ENVELOPE ("Fri, 25 Sep 2009 03:04:08 +0300" NIL ((NIL NIL "fd" "test.com")) ((NIL NIL "fd" "test.com")) ((NIL NIL "fd" "test.com")) NIL NIL NIL NIL "<200909250004.n8ONtVLG011279@mail.test.com>"))
? OK Fetch completed.

Exit user command is ? LOGOUT.

To learn more about IMAP refer to RFC 3501.

We should edit to files for this:
/etc/pam.d/login
/etc/security/time.conf

Let’s begin from first one. Put next line into the file:

account    required     pam_time.so

after that go to the /etc/security/time.conf, and insert next:

login;tty*;user1|user2|user3;Wk0009-1800 & !Wd0000-2400

where
login – the type of pam service
tty* – terminal name(in this case all terminal ttyXXX, you also specify defined terminal as well)
user1|user2|user3 – users or user name which should be restricted
Wk0009-1800 & !Wd0000-2400 – time frame. Time where actions is allowed. To inverse it put “!” before. There is 7 types of day:
Mo Tu We Th Fr Sa Su Wk Wd Al
First seven is according to weeks day.
Wk – means all work days(Mo-Fr)
Wd – it’s week end(Sa,SU)
Al – all days of week.

Now, you new rules was applied. And users user1, user2, user3 can’t log on system at no working time. No restart is required.

But we still have one problem. Users which logined at work time can be continuous use system without problem. To prevent this situation I have written little script.

Rename it to time.sh and put anywhere at your system. After this new crontab entry should be added:

crontab -e

55 17 * * 1-5    /path/to/time.sh

Now all session will be destroyed at the end of working day and script notify user via user’s terminal 5 minutes before this. After that nobody from specified users willn’t be able to login on the system.

We have two machines as always:

• srv2: has NFS server and a lot of disk space.(IP 10.0.30.2)
• srv1: has users and autofs daemon(IP 10.0.30.1)

Go to srv1 and make new user:

srv1#adduser user1

Get id:

srv1#id user1
uid=500(user1) gid=500(user1) groups=500(user1)

Open console on srv2 and make directory for home’s directoies:

srv2#mkdir /export_home

now make directory for specific user(user1):

srv2#mkdir /export_home/user1

and set proper owner:

srv2#chown 501 /export_home/user1

!!!where 501 owner ID which is got from srv1.

Next step is NFS configuration at srv2. Open /etc/exports and add new share point:

/export_home/user1     10.0.30.1(rw)

After changes is done reload services and put into boot:

/etc/init.d/nfs reload
chkconfig --level 45 nfs on

srv2 is completely done. Back to srv1:
Add new line into /etc/auto.master:

/home   /etc/auto.home

It’s pointed at new configuration file which will define mount point for /home directory. Put next line into it(/etc/auto.home):

user1            -rw,soft,intr           10.0.30.2:/export_home/user1

This line means mount NFS share /export_home/user1 from server 10.0.30.2 into local directory /home/user1. Restart autofs daemon to make changes take effect:

/etc/init.d/autofs restart

Now when you log in into system as user1 the NFS share from remote host will mount as your home directory. And will be unmount in timeout(300 seconds by default) after you have logged out.

Also you can put together this system with NIS so as to use common user database. As benefits you will get very flexible system and simplified user management.

Let’s imagine that we have 2 hosts.

• Host A with user1 is your local host from which you will connect to remote.
• Host B with user2 is remote host where you want to log in as user2.

Run

ssh-keygen

as user1 on Host A to generate keys unless old one is exist. When I will be prompted to enter passphrase just keep it blank. This command generate RSA key with long in 2048 bit:

ssh-keygen -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
/home/user1/.ssh/id_rsa already exists.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
9e:f0:44:4a:e2:81:72:02:0b:3c:b5:3d:be:a7:c2:95 user1@host_a
The key's randomart image is:
+--[ RSA 2048]----+
...
+-----------------+

After it’s done check content of your id_rsa.pub file:

host_a:~# cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzU6SlO7EZksPGmLTz3EcMpFQXME9otJ4vWqQ1Nnzd0g0FX5MS
/H1m2xJWCLfgsWTWyOP7hHQufPrzY5kqJkeF0tgOSPHnzDQt4YBE1Xi0ihR/cDK+KHOlIFG4kHlEs/ThTDpD0mwgBC755Tu5g2GOW3ogsrViZbyfa72HJQaEbISZwfiPnJUwmtGJ/+PQiEoN8cgK1zrk8oVnlguK0V52ZygFuvNKd6jmKIiDKOcQ2ZIobu6jYVd/Nit1gg+9llbuAdXDFn24AdNHatBzvlwb76yYa/ZAwZQKzytWca0NnMMwMeQ== user1@host_a

Copy it and log in remote Host B as user2. And append it to authorized_keys file:

$ cat >> /home/grytsenko/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzU6SlO7EZksPGmLTz3EcMpFQXME9otJ4vWqQ1Nnzd0g0FX5MS
/H1m2xJWCLfgsWTWyOP7hHQufPrzY5kqJkeF0tgOSPHnzDQt4YBE1Xi0ihR/cDK+KHOlIFG4kHlEs/ThTDpD0mwgBC755Tu5g2GOW3ogsrViZbyfa72HJQaEbISZwfiPnJUwmtGJ/+PQiEoN8cgK1zrk8oVnlguK0V52ZygFuvNKd6jmKIiDKOcQ2ZIobu6jYVd/Nit1gg+9llbuAdXDFn24AdNHatBzvlwb76yYa/ZAwZQKzytWca0NnMMwMeQ== user1@host_a

Set proper permissions for file:

user2@host_b:~$ chmod 600 ~/.ssh/authorized_keys

Now you are ready to log in without password from Host A:

host_a~# ssh -p 443 user2@host_b
Linux host_b 2.6.18-5-686 #1 SMP Fri Jun 1 00:47:00 UTC 2007 i686

That’s all folks:).

!!!CATION: Use this information on your own risk. Please remember that every step should be double checked unless you want to lose your data.

Preamble
I have two host and one of them will be used as backup server another as backup client:

• node1 – uses as client it will be backuped side. It’s critical server and directory /etc should be backuped as well.
• node2 – backup server which has good RAID equipment for backup mounted at /opt/backups.

Let’s start from server side:

SERVER SIDE

Go to the node2 and get all needed software

yum install amanda
yum install amanda-client
yum install amanda-server

After that we are ready to start server in over xinetd. Go to the /etc/xinetd.d directory and set directive

disable

to

no

in files : amanda, amandaidx and amidxtape.

service amanda
{
socket_type             = dgram
protocol                = udp
wait                    = yes
user                    = amanda
group                   = disk
server                  = /usr/lib/amanda/amandad
disable                 = no
}
service amandaidx
{
socket_type             = stream
protocol                = tcp
wait                    = no
user                    = amanda
group                   = disk
server                  = /usr/lib/amanda/amindexd
disable                 = no
}
service amidxtape
{
socket_type             = stream
protocol                = tcp
wait                    = no
user                    = amanda
group                   = disk
server                  = /usr/lib/amanda/amidxtaped
disable                 = no
}

to make new configuration works, restart xinted daemon:

/etc/init.d/xinetd restart

Check that everything is running:

netstat -a | grep amand

You should get something like that:

tcp        0      0 *:amandaidx                 *:*                         LISTEN
udp        0      0 *:amanda                    *:*

Make changes at .amandahosts allow users amanda and root from host localhost connect to server:

cat /var/lib/amanda/.amandahosts
localhost amanda  amindexd amidxtaped amdump
localhost.localdomain amanda  amindexd amidxtaped amdump
localhost root amindexd amidxtaped
localhost.localdomain root amindexd amidxtaped
node1 root  amindexd amidxtaped amdump

Set properly permissions to protect config from illegal access :

chmod 600 /var/lib/amanda/.amandahosts

I will store backups at local hard disk.Mount point is /opt/backups. First, make directory with read-write permissions for user amanda:

mkdir /opt/backups
chown amanda /opt/backups

Next step, check value in

tapecycle

at your amanda.conf. In my case it’s 25. That means that I should have 25 virtual tapes at my /opt/backups. Let’s create it and label, put in console next line:

i=1; while [ $i -lt 26 ]; do mkdir -v /opt/backups/slot$i; let i=i+1; done

also make symlink to first tape:

ln -s /opt/backups/slot1 /opt/backups/data

and set owner:

chown -R amanda.disk /opt/backups/

Now, login as amanda and label slots:

su - amanda
i=1; while [ $i -lt 26 ]; do /usr/sbin/amlabel DailySet1 DailySet1-$i slot $i; let i=i+1;  done

Check is everything labeled properly:

/usr/sbin/amtape DailySet1 show

Let’s take a look at amanda.conf. It’s located at /etc/amanda/DailySet1.

Below describe some change in configuration file which should be done.
Add new section into your amanda.conf :

define tapetype HARD-DISK {
comment "On Hard Disk"
length 3000 mbytes
}

Specify directory for backups:

tapedev "file:/opt/backups"

and change

tapetype

to

HARD-DISK

tapetype HARD-DISK

In section

define dumptype global

comment out and set to yes next:

index yes
record yes

Change

tpchanger

to this:

tpchanger "chg-disk"

If you have CentOS and Amanda Version 2.5.0p2 set chunksize to 0:

chunksize 0

to prevent errors concerning with recovery.

There is listing of main configuration file amanda.conf:

Next files and directories should be created set owner to user amanda:

touch /etc/amanda/DailySet1/tapelist
chown amanda /etc/amanda/DailySet1/tapelist
mkdir -p /dumps/amanda
chown amanda /dumps/amanda
mkdir /etc/amanda/DailySet1/curinfo
mkdir /etc/amanda/DailySet1/index
chown amanda /etc/amanda/DailySet1/index
chown amanda /etc/amanda/DailySet1/curinfo
mkdir  /etc/amanda/DailySet1/curinfo/localhost
chown amanda /etc/amanda/DailySet1/curinfo/localhost
mkdir  /etc/amanda/DailySet1/index/localhost
chown amanda /etc/amanda/DailySet1/index/localhost
mkdir /etc/amanda/DailySet1/curinfo/localhost/_etc
mkdir  /etc/amanda/DailySet1/index/localhost/_etc
chown amanda  /etc/amanda/DailySet1/index/localhost/_etc
chown amanda  /etc/amanda/DailySet1/curinfo/localhost/_etc
touch /etc/amanda/DailySet1/curinfo/localhost/_etc/info
chown amanda  /etc/amanda/DailySet1/curinfo/localhost/_etc/info

Also very important file disklist located at /etc/amanda/DailySet1. Its consist all targets which have to backuped.

cat disklist
node1 /etc comp-root-tar

CLIENT SIDE

First, you should install software:

yum install amanda-client

and edit access file:

cat /var/lib/amanda/.amandahosts
localhost amanda amindexd amidxtaped amdump
localhost  root amindexd amidxtaped
node2 amanda amindexd amidxtaped amdump
node2 root amindexd amidxtaped

Set properly permissions:

chmod 600 /var/lib/amanda/.amandahosts

And last step enable amanda in xinetd as was mentioned above. Set

disable = no

at /etc/xinetd.d/amanda and restart xinetd:

/etc/init.d/xinetd restart

LITTLE PRACTISE

Make test file at client side(node1) :

echo "test"  > /etc/testing

To make backup go to the node2 login as amanda and run

amdump

su - amanda
/usr/sbin/amdump  DailySet1 node1

Now you are ready to restore any file from backup. Go back to node1 and delete test file:

rm /etc/testing

Try to restart it over the amrecovery.

amrecovery -t node2 -s node2

if you get interactive mode type:

> sethost node1
> setdisk /etc
> add testing
> lcd /etc
> extract 

type “y” twice when you be prompted. Go to the /etc and check if was file restored:

cat /etc/testing
test

As you can see we successfully recover file which was mistaken delete.

!!!Keep in mind that in case of node1 will be failed date could be recovered from node2 as well.

The SELinux technology allow you to improve security level of your system. You can restrict access to the ports, files, directories, process and so on. There are a lot of tools involved in this process and I will try to make little overview about most of they.

setenforce uses to set SELinux mode. There are two basic mode: Enforcing and Permissive. First mode makes SELinux turn on. Another one is turn off SELinux.
!!! Caution this tools doesn’t make changes at /etc/selinux/config file. Its means that SELinux will back to previous mode after reboot. To make permanent change of mode edit /etc/selinux/config directly.

The management mechanism of SELinuxfs (/selinux mount point by default) a slightly alike to the procfs. You can easily change any parameter just put bool value into the file. It’s an alternative way to change different options of SELinux. As example use echo to change SELinux mode:

[root@node2 ~]# getenforce
Enforcing
[root@node2 ~]# echo 0 > /selinux/enforce
[root@node2 ~]# getenforce
Permissive

getenforce – check current SELinux mode.

sestatus – output current SELinux status.

setroubleshootd – is located in setroubleshoot* rpm’s which is not installed by default. Use yum to install it:

yum install setroubleshoot

This daemon running with system from /etc/init.d/setroubleshoot and put all SELinux messages into the log file.

secon – allow to see SELinux attributes for object(file, directory, process and so on).

chcon – changes SELinux attributes for object

sealert – It’s GUI tool which works in co-operation with setroubleshootd. It’s display all SELinux message and give some explanation concerning its.

restorecon – restore defaults attribute for given object.

setsebool – allow to set bool variable. Use with option “-P” to make change permanently. Ex. :

setsebool -P allow_ftpd_anon_write  1 

This command allow anonymous user write into the ftp directory which open for write.

getsebool – with option “-a” get all possible variables with current value for each.

semanage – most powerful tools which can configure any element without policy sources recompilation.

Also SELinux writes messages into the

/var/log/messages

.
SELinux also update coreutils and add to this utils option “-Z”. For example we use ordinary coreutils tool ls to check SELinux attribtes for files:

[root@node2 ~]# ls -Z
-rw-------  root root  system_u:object_r:user_home_t    anaconda-ks.cfg
-rw-r--r--  root root  root:object_r:user_home_t        install.log.syslog
.....

Every user in SELinux has at least one role. To list all SELinux roles, run :

semanage user -l

To make copy of existing file with new SELinux attributes, use ls:

cp -Z user:role:type old_file new_file

To find difference between current attributes and defaults one for an object:

matchpathcon -V [object] 

To show current user attributes, type .

id -Z

To create user with attributes:

useradd -Z ..

in case user is already exist:

semanage login -a -s user_roles user

To change directory attributes:

semanage fcontext -a -t httpd_sys_content_t /www
restorecon -R -v /www/

To list all port restriction, run

semanage port -l

if you want your service listen on non-ordinary port. First, check if the port is not already declared by SELinux. The command described above in cooperation with

grep

can help you:

semanage port -l | grep 

If nothing is appear you can skip next step. Otherwise, delete port from existing group:

semanage port -d -p tcp 9050

and put it into your service’s group:

semanage port -a -t httpd_port_t -p tcp 9050 

, where httpd_port_t – your service’s group and 9050 you port.

You can download it here. If you are going to look at OpenVPN more deeply than this post I would like to advice you get information from this source.

There is two machines:

• host node1 server side with debian on board (10.0.2.2)
• host node2 client side with centos (without visible for node1 IP address )

First, install and setting up server side:

node1# apt-get install openvpn
node1# cd /usr/share/doc/openvpn/examples/easy-rsa/2.0
node1# . ./vars

On next step you will be prompted to ask on simple question before your certificates be generated.

node1# ./build-ca

Next generate certificate for server :

node1# ./build-key-server node1

I left password request line empty.

Next generate certificate for client:

node1# ./build-key node2

The same actions as for previous step exclude “Common name”. Its should be the same to you hostname.

Now generate Diffie Hellman parameters

node1# ./build-dh

Here is table about where should be stored certificates and keys files. Which was got by me from official documentation.

!!! According to this make sure that all you files located at properly place.

Copy sample config file into the /etc/openvpn:

node1:# cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
node1:# cd /etc/openvpn/
node1:# gunzip server.conf.gz

Also keys and certificates should be copied too:

node1:# cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/ca.* .
node1:# cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pem .
node1:# cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/node1* .

Comment out or change value for next lines:

local 10.0.2.2
cert node1.crt
key node1.key
user nobody
group nogroup
log /var/log/openvpn.log # in this case openvpn doesn't use syslog daemon for logging

Now it’s time to start our daemon.

node1:# /etc/init.d/openvpn start
Starting virtual private network daemon: server.

If no errors occurred. Check whether interface is up:

node1:# /sbin/ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Also it’s a good idea to check /var/log/openvpn.

Don’t forget to put daemon start into the boot:

node1:# update-rc.d openvpn defaults

Looks like good for server side. Go to the client.

Before you start to install openvpn make sure that next software have been already installed at your box.

1. openssl
2. lzo
3. pam

In my CentOS repository I could not find lzo package :( . Therefore I had to compile it from sources:

[root@node2]#  wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.03.tar.gz
[root@node2]# tar -xzvf lzo-2.03.tar.gz
[root@node2]# ./configure --enable-shared
[root@node2]# make
[root@node2]# make install

Now add new path to library’s paths:

[root@node2]# echo "/usr/local/lib" > /etc/ld.so.conf.d/lzo.conf
[root@node2]# ldconfig

Get latest openvpn version from site :

[root@node2]# wget http://dag.wieers.com/rpm/packages/openvpn/openvpn-2.0.9-1.el5.rf.i386.rpm
[root@node2]# rpm -Uhv --nodeps openvpn-2.0.9-1.el5.rf.i386.rpm

After this copy config file and edit it:

[root@node2]# cp /usr/share/doc/openvpn-2.0.9/sample-config-files/client.conf /etc/openvpn/

copy clients cert and key from server:

[root@node2]cd /etc/openvpn/
[root@node2]# scp root@node1:/usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/node2* .

Next lines should be edited:

remote 10.0.2.2 1194
user nobody
group nobody
cert node2.crt
key node2.key

Now system is ready to start:

[root@node2]# /etc/init.d/openvpn start
Starting openvpn:                                          [  OK  ]

To check is everithing works fine. Identify ip address of virtual interface:

[root@node2]# ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
< skipped >

As you can see it’s 10.8.0.6. Now try to ping it from server side :

node1:# ping 10.8.0.6
PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data.
64 bytes from 10.8.0.6: icmp_seq=1 ttl=64 time=0.692 ms

If you all checks done successful than put script into the autoload:

[root@node2]# chkconfig --level 35 openvpn on

To double check it reboot both systems and check that connection is established.

UPDATE:

Sometimes you face with the problem when your server located at client side(yes, it’s really happens time to time) . Therefore you should have some mechanism to keep your connection alive all time. I use next script to do this(please pay attention on red parts – they must be changed to your conditions):

#!/bin/bash

function start_vpn {
        cd /path/where/client.conf/is/located
        sudo /usr/sbin/openvpn --config client.conf &>/dev/null &
        echo "vpn was started at `date +%H:%M:%S' '%d/%m/%y`" >> /var/log/vpn.log
}

server_ext_ip=/you server external ip/
server_int_ip=/you server internal ip/
avaib=$(nc -w 5 -z $server_ext_ip 80 &>/dev/null; echo $?)

if [ $avaib -eq 0 ] && [ ! ping -c 5 $server_int_ip &>/dev/null ]; then
    if ! ps uax | grep -v grep| grep openvpn &>/dev/null; then
        start_vpn
    else
        pid=$(ps uax | grep -v grep| grep openvpn| awk '{print $2}')
        sudo kill $pid
        start_vpn
    fi
fi

Please make sure that this line is commented out in your /etc/sudoers:

#Defaults    requiretty

It’s makes your sudo works without tty(mean from crontab).

And add new entry to your crontab to run check every minutes.

crontab -l
*/1 * * * *     /path/to/open.sh

!!!Please be very careful with your data. My advice is back your data up before you start

This tutorial describe only ext3 filesystem.

REDUCING

To reduce your lvm partition first of all you have to unmount you partition, re-size filesystem and lvm partition.

Here is our filesystems:

[root@lvm ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
2.2G  1.1G  976M  53% /
/dev/hda1              99M   12M   82M  13% /boot
tmpfs                  94M     0   94M   0% /dev/shm
/dev/mapper/VolGroup00-home
1.5G   35M  1.4G   3% /home 

Let’s reduce our /home partition by 200 MB:

Unmount you partition:

[root@lvm ~]# umount /home 

Double check that it’s really unmounted. Its should not appear at

df

listing :

[root@lvm ~]# df -h   |grep home
1.5G 35M 1.4G 3% /home

Run check fs tool before you start:

[root@lvm ~]# e2fsck -f /dev/VolGroup00/home
e2fsck 1.39 (29-May-2006)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/VolGroup00/home: 11/192768 files (9.1% non-contiguous), 14826/385024 blocks

Now is time for reducing fs:

[root@lvm ~]# resize2fs /dev/VolGroup00/home 200M
resize2fs 1.39 (29-May-2006)
Resizing the filesystem on /dev/VolGroup00/home to 327680 (4k) blocks.
The filesystem on /dev/VolGroup00/home is now 327680 blocks long.

Where, last value in command is size. Its should be equal the total size of partition after reducing(Total_space – reduced_space = OUR_SIZE).

Now you are ready to run lvm reduce tool:
!!!Be careful on this step and always make backups before you start.

[root@lvm ~]# lvresize -L -200Mg /dev/VolGroup00/home
/dev/hdc: open failed: No medium found
Rounding up size to full physical extent 192.00 MB
WARNING: Reducing active logical volume to 1.28 GB
THIS MAY DESTROY YOUR DATA (filesystem etc.)
Do you really want to reduce home? [y/n]: y
Reducing logical volume home to 1.28 GB
Logical volume home successfully resized

mount your partition :

[root@lvm ~]# mount /home

and check it:

[root@node2 ~]# [root@lvm ~]# df -h /home
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-home  1.3G   35M  1.2G   3% /home

As you can see now our partition is 1.3G. Its on 200MB less then old one.

INCREASING

Currently we have 200MB of unallocated space. Next we divide it on two pieces. From first we make new one partition and second one add to existing root(/) partition.

First lets try to make new one:

[root@lvm ~]# lvcreate -l 50%FREE --name test VolGroup00
/dev/hdc: open failed: No medium found
Logical volume "test" created

And make fs:

[root@lvm ~]# mkfs -t ext3 /dev/VolGroup00/test
mke2fs 1.39 (29-May-2006)
THE OUTPUT IS SKIPPED.

Mount and check size of new partition:

[root@lvm ~]# mkdir /mnt/test
[root@lvm ~]# mount /dev/VolGroup00/test /mnt/test/
[root@lvm ~]# df -h | grep test
/dev/mapper/VolGroup00-test  93M  5.6M   83M   7% /mnt/test

Ok. This part is done. Back to our tasks. Lets try to add unallocated space to root partition:

[root@lvm ~]# lvextend -l +100%FREE /dev/VolGroup00/LogVol00
/dev/hdc: open failed: No medium found
Extending logical volume LogVol00 to 2.28 GB
Logical volume LogVol00 successfully resized

TO increase file system, do:

[root@lvm ~]# resize2fs /dev/VolGroup00/LogVol00
resize2fs 1.39 (29-May-2006)
Filesystem at /dev/VolGroup00/LogVol00 is mounted on /; on-line resizing required
Performing an on-line resize of /dev/VolGroup00/LogVol00 to 598016 (4k) blocks.
The filesystem on /dev/VolGroup00/LogVol00 is now 598016 blocks long.

And last one steps remount and check:

[root@lvm ~]# mount -o remount /
[root@lvm ~]# df -h /
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00  2.3G  1.1G  1.1G  51% /

As we can see in the begging of the actions our root partition was 2.2G and now it’s 2.3G. This means that it was increased by 100Mb.

The Network Information Service or NIS (originally called Yellow Pages or YP) consists of a client-server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network.

Before we start I would like to say couple words about my environment:
- I have to boxes (node2 has ip address 10.0.30.2 and node1 with ip 10.0.30.1)
- node2 used as NIS server and node1 as NIS client
- Both machines uses CentOS

I will divide post on two part. First part will be describe what have to done on the server side and second on the client side.

Let’s get nis software over yum:

yum install ypbind
yum install ypserv
yum install yp-tools

And configure ypserv configuration files:

vi /etc/ypserv.conf

The main line is :
Host : Domain : Map : Security , it’s commented by default
In our server we have next lines:

10.0.30. : my-net : * : port 

It’s means that:
- we allow access to our database all machines in subnet 10.0.30.0/24 .
- the name of our nis domain is “my-net”
- we allow for replicate all files which described at /var/yp/Makefile
- allow access if source port < 1024. Otherwise deny access.

If you want to get more information concerning ypserv.conf, type:

man ypserv.conf 

Do not forget set variable NISDOMAIN at file /etc/syconfig/network, because your service will not start at next boot:

echo "NISDOMAIN=\"my_net\"" >> /etc/syconfig/network

Start server services :

/etc/init.d/ypserv start
/etc/init.d/yppasswdd start

and add its to loading scripts :

chkconfig --level 345 ypserv on
chkconfig --level 345 yppasswdd on

Where ,
ypserv – main server
yppasswdd – password daemon, which allows users change their password in NIS database

Also you need to create /var/yp/securenets file restrict access to your NIS server. To allow acces for subnet 10.0.30.0/24, put next in file:

255.255.255.0   10.0.30.0

Use

man securenets

to get more details.

Next, generate nis database :

cd /usr/lib/yp/
./ypinit -m 

you will be prompted to input the name of client servers(they should be declared at /etc/hosts)

Make these steps every time after updating of maped files:

cd /var/yp/
make 

That all for the first part. Now your server should be work.

Go to the client side.

Install nis client software:

yum install ypbind

and switch off SELinux rule which block ypbind running:

# setsebool -P allow_ypbind on

Edit /etc/yp.conf file. Put into it next string:

domain my_net server node2

!!Please make sure that node2 is declared at your /etc/hosts file.

Edit lines you want to effected in /etc/nsswitch.conf, like

passwd: nis files
shadow: nis files

if you want make common account database for all.

Also as in server side you need to set variable NISDOMAIN at file /etc/syconfig/network:

echo "NISDOMAIN=\"my_net\"" >> /etc/syconfig/network

Now, you are ready to run nis client :

/etc/init.d/ypbind start

If its started without errors put it in autoload:

chkconfig --level 345 ypbind on

Let’s check out if everything work fine. Go to the server and create new nis user nis_test_user:

adduser nis_test_user
passwd nis_test_user
cd /var/yp
make

Back to client box and type:

ypmatch nis_test_user passwd 

and if its work you will get something like that:

nis_test_user:$1$qMB3FqLy$XbzjESg3Uuse/.5PTRgPJ1:1000:1000::/home/nis_test_user:/bin/bash

Also you will be able to login as nis_test_user at your box.

To change password for it use:

yppasswd user

!!To use this feature daemon yppasswdd on server side has to be running.

The end.

UPD:
use

ypwhich -m 

to print all mapping files

ypcat [mapping file]

– to print file

Get all required software over apt-get:

# apt-get install kernel-package ncurses-dev fakeroot wget bzip2 module-init-tools initrd-tools procps

Next, get latest linux kernel from kernel.org :

# cd /usr/src
# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.30.tar.bz2

you can also done it over apt-get as well:

# apt-get install linux-source

Extract it:

# tar -xjvf linux-2.6.30.tar.bz2

and make symbolic link pointed out your sources and go there:

# ln -s linux-2.6.30.tar.bz2 linux
# cd linux

Configure your new kernel with

make menuconfig

or

make oldconfig

or

# make xconfig

and so on.

After you will finished. Run :

# make-kpkg clean
# fakeroot make-kpkg --revision=kernel_name-version kernel_image

Where is kernel_name-version – kernel name and version(e.g.: custom-1.0).

If compilation done without errors. Go to the /usr/src and install new kernel over

dpkg

tool:

# cd /usr/src
# dpkg -i kernel-image-2.6.30.2_custom-1.0_i386.deb

Create ramdisk from new kernel :

# cd /boot/
# mkinitramfs -o /boot/initrd.img-2.6.30 2.6.30

Last one step is loader configuration. I will describe how to do this for two most popular(grub and lilo) loaders. If you have lilo loader just add new section into the /etc/lilo.conf and edit directive default. Like this:

default=MYKERN
image=/vmlinuz
        label=MYKERN
        read-only
        initrd=/boot/initrd.img-2.6.30

Now, install new loader at boot sector:

# lilo -c /etc/lilo.conf

In case of GRUB loader. Put next section into the /boot/grub/menu.lst file:

title           My Debian GNU/Linux, kernel 2.6.30
root            (hd0,0)
kernel          /boot/vmlinuz-2.6.30 root=/dev/sda1 ro
initrd          /boot/initrd.img-2.6.30

For GRUB loader no installs is require.

After loader section done well you have to restart you machine:

# reboot

Check you current kernel version with uname if during your booting time no problems were occurred:

# uname -r
2.6.30

If it’s matched with you installed kernel version then you done everything right.

NOTICE: In my case distro is Debian.

My current kernel version is :

# uname -r
2.6.30-1-686

Let’s have a look about virtualbox module :

# apt-cache search virtualbox | grep [you_kernel_version]
# 

Nothing was found.

First of all we have to get kernel sources:

# apt-get install linux-source-[you_kernel_version]

Go to /usr/src and delete symbolic link linux if it exist:

# cd /usr/src
# rm linux 

extract files from archive and make new one linx:

# tar -xjvf linux-source-2.6.30.tar.bz2
# ln -s linux-source-2.6.30 linux

Now go to sources and set current configuration:

# cd linux
# make oldconfig && make prepare

After finished, run :

# /etc/init.d/vboxdrv setup
Stopping VirtualBox kernel module:done..
Recompiling VirtualBox kernel module:done..
Starting VirtualBox kernel module:done..

Check is everything done right:

# lsmod | grep -i vbox

It’s okay if you get something like this:

vboxdrv                63936  0

Now you are ready to run VirtualBox.