temp

Certificate

Erstellen von Zertifikaten

Selbstsigniertes Zertifikat

Erstellung eines selbstsignierten Zertifikats mit einer Schlüssellänge von 2048 Bit und sha256

openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout ssl.key -out ssl.crt

Prüfung des Zertifikats

openssl x509 -noout -text -in ssl.crt

Zertifikatsrequest

Erstellung eines Zertifikatsrequest mit einer Schlüssellänge von 2048 Bit und sha256

openssl req -nodes -sha256 -newkey rsa:2048 -keyout ssl.key -out ssl.csr

Prüfung des Zertifikatsrequests

openssl req -noout -text -in ssl.csr

tomcat55

Create a local Certificate

keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore tomcatSSL

The CSR is then created with

keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore tomcatSSL

Import the Chain Certificate into you keystore

keytool -import -alias root -keystore tomcatSSL -trustcacerts -file <filename_of_the_chain_certificate>

And finally import your new Certificate

keytool -import -alias tomcat -keystore tomcatSSL -trustcacerts -file <your_certificate_filename>

Konvertieren von Zertifikaten

Convert pfx nach key, crt

openssl pkcs12 -in mybackup.pfx -nocerts -out mykey.key 
openssl pkcs12 -in mybackup.pfx -nokeys -out mycert.crt

Convert encrypted.key to decrypted.key/ Remove Passphrase from Key

openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]

Convert key, crt nach pem

cat server.crt server.key > server.pem

Passwort entfernen

openssl rsa -in sslcert.key -out sslcert.key

Convert key, crt nach pfx

openssl pkcs12 -export -inkey mykey.key -in mycert.crt -out mybackup.pfx

Convert pfx nach jks

keytool -importkeystore -srckeystore mypfxfile.pxf -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS

Extracting a certificate/key pair from a Java keystore

#!/bin/bash
NAME='tomcatSSL'
PASS='password'
# Save the file you received from UMLS as $NAME.jks
# Uncomment the 3 lines below on the first run
# wget 'http://www.source-code.biz/snippets/java/Base64Coder.java.txt' -O 'Base64Coder.java'
# wget 'http://mark.foster.cc/pub/java/ExportPriv.old.java' -O 'ExportPriv.java' # the new version doesn't wrap lines at 64 characters
# javac Base64Coder.java ExportPriv.java
# list certificates in the keystore:
# keytool -list -v -keystore $NAME.jks -storepass $PASS
# export certificate as DER:
keytool -export -alias $NAME -keystore $NAME.jks -storepass $PASS -file $NAME.crt.der
# convert DER certificate to PEM:
openssl x509 -in $NAME.crt.der -inform DER -out $NAME.crt.pem -outform PEM
# export key as PKCS8:
java ExportPriv $NAME.jks $NAME $PASS > $NAME.pkcs8
# convert binary PKCS8 key to ASCII RSA:
openssl pkcs8 -nocrypt -in $NAME.pkcs8 -inform PEM -out $NAME.rsa -outform PEM
# combine DER certificate and RSA key into PEM :
cat $NAME.crt.pem $NAME.rsa > $NAME.pem
echo "Saved key/certificate pair as $NAME.pem"
# clean up:
# rm $NAME.crt.der
# rm $NAME.crt.pem
# rm $NAME.pkcs8
# rm $NAME.rsa

sshfs

sshfs:

sshfs ssh-konto@ssh-server:[Pfad] mount-point 
sshfs ssh-stream@linuxtest:/home/scripte d:/home
sshfs user@meinserver.com:/var/www /pfad/zu/meinem/lokalen/serverdir -o allow_other

fusermount -u mount-point

dbus, messagebus

dbus or messagebus check with:

/etc/init.d/dbus status
/etc/init.d/haldaemon status

/etc/init.d/dbus stop, same for haldaemon

kcontrol //started controll center

cat /etc/sysconfig/displaymanager | grep DISPLAYMANAGER_AUTOLOGIN=  //gibt aus welcher default user für autologin

update-alternatives:

update-alternatives --config java
update-alternatives --config javac

ALSA

soundcard: http://alsa.opensrc.org/index.php/TroubleShooting

Check the ALSA driver version:

cat /proc/asound/version

Check the ALSA library version:

grep VERSION_STR /usr/include/alsa/version.h  #driver and lib should match!

Check the sound drivers for your card are active:

cat /proc/asound/oss/sndstat

zypper probleme (yast package probleme):

rm /var/cache/zypp/zypp.db

dann

zypper refresh

startup services:

harddisk encryption:

custom partitioning durning os install:

truecrypt

disallow access to programms/systemcommand: http://en.opensuse.org/Apparmor

problems:

user access and security:

pam authentication: if theres a file “/etc/nologin” no user except root can login! file /etc/pam.d/login looks if there´s /etc/nologin edit “auth required pam_nologin_so” and uncomment it (#) and login is again possible or delete /etc/nologin

Multipath / SAN

1. Install device-mapper-multipath rpm.
2. Edit the multipath.conf configuration file:
* comment out the default blacklist
* change any of the existing defaults as needed
* save the configuration file
3. Start the multipath daemons.
4. Create the multipath device with the multipath command.

SUSE: The /etc/multipath.conf file does not exist unless you create it. The /usr/share/doc/packages/multipath-tools/multipath.conf.synthetic file contains a sample /etc/multipath.conf file that you can use as a guide for multipath settings. See /usr/share/doc/packages/multipath-tools/multipath.conf.annotated for a template with extensive comments for each of the attributes and their options.

modprobe dm-multipath
service multipathd start

multipath -v2			#The multipath -v2 command prints out multipathed paths that 
			#show which devices are multipathed. If the command does not print anything out, 
			#ensure that all SAN connections are setup properly and the system is multipathed.
multipath -l			#show multipath topology (sysfs and DM info)
multipath -ll			#show multipath topology (maximum info)

chkconfig multipathd on

blacklist {
wwid SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1  		//name SBIM*** wird über den Befehl "multipath -v2" ausgelesen. Durch hinzufügen in die Blacklist wird das Divice nicht mehr gelistet
}

or

blacklist {
device {
vendor "IBM"
product "3S42" #DS4200 Product 10
}
device {
vendor "HP"
product "*"
}
}

Then:

service multipathd reload

Example multipath section:

multipaths {
multipath {
wwid 3600508b4000156d70001200000b0000
alias yellow
path_grouping_policy multibus
path_checker readsector0
path_selector "round-robin 0"
failback manual
rr_weight priorities
no_path_retry 5
}
multipath {
wwid 1DEC_____321816758474
alias red
rr_weight priorities
}
}

then:

multipath -F		//flush all multipath device maps
multipath -v2		//show vervose mit level 2

Identify devices:

cat /sys/block/sda/device/vendor
cat /sys/block/sda/device/model

Important (redhat/centos):

/usr/share/doc/device-mapper-multipath-0.4.7/multipath.conf.defaults
/usr/share/doc/device-mapper-multipath-0.4.7/multipath.conf.annotated

—>show device info for /etc/multipath.conf

example devices:

devices {
device {
vendor "HP"
product "OPEN-V."
getuid_callout "/sbin/scsi_id -g -u -p0x80 -s /block/%n"
}
}

The multipathd interactive console can be used to troubleshoot problems you may be having with your system. For example, the following command sequence displays the multipath configuration, including the defaults, before exiting the console.

multipathd -k		//multipath konsole 
show config		//For example, the following command sequence displays the multipath configuration, including the defaults

multipathd -k
reconfigure		//The following command sequence ensures that multipath has picked up any changes to the multipath.conf,

multipathd -k		//Use the following command sequence to ensure that the path checker is working properly.

devices mounten:

1. filesystem erstellen mit mkfs**
2. mounten (e.g) siehe "ll /dev/mpath" und auf gelinktes device mounten

mount /dev/dm-2 /mnt/tmp

 
 device 
	{
             	vendor                  "COMPAQ"
              	product                 "HSV111 (C)COMPAQ"
		getuid_callout          "/sbin/scsi_id -g -u -s"
              	prio_callout            "/sbin/mpath_prio_alua %d"    
             	features                "0"
            	hardware_handler        "0"
              	path_grouping_policy    multibus
		failback                immediate
              	prio_callout            "/sbin/mpath_prio_alua %d"      
               	path_checker            tur
               	no_path_retry           60 
       }

For each path group:

\_ scheduling_policy [path_group_priority_if_known][path_group_status_if_known]


For each path:

 \_ host:channel:id:lun devnode major:minor [path_status][dm_status_if_known]

Kernel

Kernel:

cat /etc/sysconfig/kernel 
INITRD_MODULES

cd /lib/modules/`uname -r`/

find /lib/modules/`uname -r`/ -name "qla*"

lsmod | grep qla

cat /proc/modules

lsmod				//this command lists all loaded kernel modules
modprobe			//loads kernel moduls
modprobe usb-storage
insmod module			//loads the indicated module into the kernel

rmmod 				//removes loaded kernel modules
rmmod module

better:

modprobe -r

try modprobe <modulename> on newer kernels to load the module and modprobe -r <modulename> to unload it

Compiling

cd /usr/src/linux

make dep

make mrprop

make clean

make menuconfig

make

make CONFIG_DEBUG_SECTION_MISMATCH=y

make modules

make modules_install

make install

make oldconfig;

Create an initrd image Type the following command at a shell prompt: # cd /boot # mkinitrd -o initrd.img-2.6.25 2.6.25

read content initrd:

gzip -dc /boot/initrd-2.6.xx.img| cpio -i –list

gzip -dc /boot/initrd-2.6.16.60-0.21-bigsmp | cpio -i –list

in (aktuelles!!!)verzeichniss extrahieren:

gzip -dc /boot/initrd-2.6.16.60-0.21-bigsmp | cpio -i –make-directories

RHEL

RHEL:

yum install paket

Repolist:

yum repolist

Table of Contents