[[http://tmade.de|Home tmade.de]] [[http://wiki.tmade.de|Home Wiki]] ===== temp ===== ===== Certificate ===== ====== Erstellen von Zertifikaten ====== ===== Selbstsigniertes Zertifikat ===== Erstellung eines selbstsignierten Zertifikats mit einer Schlüssellänge von 2048 Bit und sha256 openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout ssl.key -out ssl.crt Prüfung des Zertifikats openssl x509 -noout -text -in ssl.crt ===== Zertifikatsrequest ===== Erstellung eines Zertifikatsrequest mit einer Schlüssellänge von 2048 Bit und sha256 openssl req -nodes -sha256 -newkey rsa:2048 -keyout ssl.key -out ssl.csr Prüfung des Zertifikatsrequests openssl req -noout -text -in ssl.csr ===== tomcat55 ===== ==== Create a local Certificate ==== keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore tomcatSSL ==== The CSR is then created with ==== keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore tomcatSSL ==== Import the Chain Certificate into you keystore ==== keytool -import -alias root -keystore tomcatSSL -trustcacerts -file ==== And finally import your new Certificate ==== keytool -import -alias tomcat -keystore tomcatSSL -trustcacerts -file ====== Konvertieren von Zertifikaten ====== ===== Convert pfx nach key, crt ===== openssl pkcs12 -in mybackup.pfx -nocerts -out mykey.key openssl pkcs12 -in mybackup.pfx -nokeys -out mycert.crt ===== Convert encrypted.key to decrypted.key/ Remove Passphrase from Key ===== openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key] ===== Convert key, crt nach pem ===== cat server.crt server.key > server.pem ===== Passwort entfernen ===== openssl rsa -in sslcert.key -out sslcert.key ===== Convert key, crt nach pfx ===== openssl pkcs12 -export -inkey mykey.key -in mycert.crt -out mybackup.pfx ===== Convert pfx nach jks ===== keytool -importkeystore -srckeystore mypfxfile.pxf -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS ===== Extracting a certificate/key pair from a Java keystore ===== #!/bin/bash NAME='tomcatSSL' PASS='password' # Save the file you received from UMLS as $NAME.jks # Uncomment the 3 lines below on the first run # wget 'http://www.source-code.biz/snippets/java/Base64Coder.java.txt' -O 'Base64Coder.java' # wget 'http://mark.foster.cc/pub/java/ExportPriv.old.java' -O 'ExportPriv.java' # the new version doesn't wrap lines at 64 characters # javac Base64Coder.java ExportPriv.java # list certificates in the keystore: # keytool -list -v -keystore $NAME.jks -storepass $PASS # export certificate as DER: keytool -export -alias $NAME -keystore $NAME.jks -storepass $PASS -file $NAME.crt.der # convert DER certificate to PEM: openssl x509 -in $NAME.crt.der -inform DER -out $NAME.crt.pem -outform PEM # export key as PKCS8: java ExportPriv $NAME.jks $NAME $PASS > $NAME.pkcs8 # convert binary PKCS8 key to ASCII RSA: openssl pkcs8 -nocrypt -in $NAME.pkcs8 -inform PEM -out $NAME.rsa -outform PEM # combine DER certificate and RSA key into PEM : cat $NAME.crt.pem $NAME.rsa > $NAME.pem echo "Saved key/certificate pair as $NAME.pem" # clean up: # rm $NAME.crt.der # rm $NAME.crt.pem # rm $NAME.pkcs8 # rm $NAME.rsa ==== sshfs ==== sshfs: sshfs ssh-konto@ssh-server:[Pfad] mount-point sshfs ssh-stream@linuxtest:/home/scripte d:/home sshfs user@meinserver.com:/var/www /pfad/zu/meinem/lokalen/serverdir -o allow_other fusermount -u mount-point ==== dbus, messagebus ==== dbus or messagebus check with: /etc/init.d/dbus status /etc/init.d/haldaemon status /etc/init.d/dbus stop, same for haldaemon kcontrol //started controll center cat /etc/sysconfig/displaymanager | grep DISPLAYMANAGER_AUTOLOGIN= //gibt aus welcher default user für autologin update-alternatives: update-alternatives --config java update-alternatives --config javac ==== ALSA ==== soundcard: http://alsa.opensrc.org/index.php/TroubleShooting Check the ALSA driver version: cat /proc/asound/version Check the ALSA library version: grep VERSION_STR /usr/include/alsa/version.h #driver and lib should match! Check the sound drivers for your card are active: cat /proc/asound/oss/sndstat zypper probleme (yast package probleme): rm /var/cache/zypp/zypp.db dann zypper refresh startup services: harddisk encryption: custom partitioning durning os install: truecrypt disallow access to programms/systemcommand: http://en.opensuse.org/Apparmor problems: user access and security: pam authentication: if theres a file "/etc/nologin" no user except root can login! file /etc/pam.d/login looks if there´s /etc/nologin edit "auth required pam_nologin_so" and uncomment it (#) and login is again possible or delete /etc/nologin ==== Multipath / SAN ==== 1. Install device-mapper-multipath rpm. 2. Edit the multipath.conf configuration file: * comment out the default blacklist * change any of the existing defaults as needed * save the configuration file 3. Start the multipath daemons. 4. Create the multipath device with the multipath command. SUSE: The /etc/multipath.conf file does not exist unless you create it. The /usr/share/doc/packages/multipath-tools/multipath.conf.synthetic file contains a sample /etc/multipath.conf file that you can use as a guide for multipath settings. See /usr/share/doc/packages/multipath-tools/multipath.conf.annotated for a template with extensive comments for each of the attributes and their options. modprobe dm-multipath service multipathd start multipath -v2 #The multipath -v2 command prints out multipathed paths that #show which devices are multipathed. If the command does not print anything out, #ensure that all SAN connections are setup properly and the system is multipathed. multipath -l #show multipath topology (sysfs and DM info) multipath -ll #show multipath topology (maximum info) chkconfig multipathd on blacklist { wwid SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1 //name SBIM*** wird über den Befehl "multipath -v2" ausgelesen. Durch hinzufügen in die Blacklist wird das Divice nicht mehr gelistet } or blacklist { device { vendor "IBM" product "3S42" #DS4200 Product 10 } device { vendor "HP" product "*" } } Then: service multipathd reload Example multipath section: multipaths { multipath { wwid 3600508b4000156d70001200000b0000 alias yellow path_grouping_policy multibus path_checker readsector0 path_selector "round-robin 0" failback manual rr_weight priorities no_path_retry 5 } multipath { wwid 1DEC_____321816758474 alias red rr_weight priorities } } then: multipath -F //flush all multipath device maps multipath -v2 //show vervose mit level 2 Identify devices: cat /sys/block/sda/device/vendor cat /sys/block/sda/device/model Important (redhat/centos): /usr/share/doc/device-mapper-multipath-0.4.7/multipath.conf.defaults /usr/share/doc/device-mapper-multipath-0.4.7/multipath.conf.annotated --->show device info for /etc/multipath.conf example devices: devices { device { vendor "HP" product "OPEN-V." getuid_callout "/sbin/scsi_id -g -u -p0x80 -s /block/%n" } } The multipathd interactive console can be used to troubleshoot problems you may be having with your system. For example, the following command sequence displays the multipath configuration, including the defaults, before exiting the console. multipathd -k //multipath konsole show config //For example, the following command sequence displays the multipath configuration, including the defaults multipathd -k reconfigure //The following command sequence ensures that multipath has picked up any changes to the multipath.conf, multipathd -k //Use the following command sequence to ensure that the path checker is working properly. devices mounten: 1. filesystem erstellen mit mkfs** 2. mounten (e.g) siehe "ll /dev/mpath" und auf gelinktes device mounten mount /dev/dm-2 /mnt/tmp device { vendor "COMPAQ" product "HSV111 (C)COMPAQ" getuid_callout "/sbin/scsi_id -g -u -s" prio_callout "/sbin/mpath_prio_alua %d" features "0" hardware_handler "0" path_grouping_policy multibus failback immediate prio_callout "/sbin/mpath_prio_alua %d" path_checker tur no_path_retry 60 } For each path group: \_ scheduling_policy [path_group_priority_if_known][path_group_status_if_known] For each path: \_ host:channel:id:lun devnode major:minor [path_status][dm_status_if_known] ===== Kernel ===== Kernel: cat /etc/sysconfig/kernel INITRD_MODULES cd /lib/modules/`uname -r`/ find /lib/modules/`uname -r`/ -name "qla*" lsmod | grep qla cat /proc/modules lsmod //this command lists all loaded kernel modules modprobe //loads kernel moduls modprobe usb-storage insmod module //loads the indicated module into the kernel rmmod //removes loaded kernel modules rmmod module better: modprobe -r try modprobe on newer kernels to load the module and modprobe -r to unload it ==== Compiling ==== cd /usr/src/linux make dep make mrprop make clean make menuconfig make make CONFIG_DEBUG_SECTION_MISMATCH=y make modules make modules_install make install make oldconfig; Create an initrd image Type the following command at a shell prompt: # cd /boot # mkinitrd -o initrd.img-2.6.25 2.6.25 read content initrd: gzip -dc /boot/initrd-2.6.xx.img| cpio -i --list gzip -dc /boot/initrd-2.6.16.60-0.21-bigsmp | cpio -i --list in (aktuelles!!!)verzeichniss extrahieren: gzip -dc /boot/initrd-2.6.16.60-0.21-bigsmp | cpio -i --make-directories ===== RHEL ===== RHEL: yum install paket Repolist: yum repolist