Thursday, August 18, 2011

how to configure pxe server?

Pxe server with various OSes:-
how to do pxe server(network boot)


DHCP
[root@fcld ]# yum install dhcp
[root@fcld ]# nano /etc/dhcpd.conf

ddns-update-style interim;
not authoritative;
option domain-name "codigolibre.org";
option domain-name-servers 196.3.81.132, 200.88.127.22;
option subnet-mask 255.255.255.0;
subnet 10.0.200.0 netmask 255.255.255.0
{
authoritative;
range 10.0.200.50 10.0.200.100;
allow unknown-clients;
allow booting ;
allow bootp ;
next-server 10.0.200.1;
filename "pxelinux.0";
}

Note: The 10.0.200.1 direction belongs to the same PXE server.

VSFTP
[root@fcld ]# yum install vsftp

TFTP
[root@fcld ]# yum install tftp-server
[root@fcld ]# nano /etc/xinetd.d/tftp
disable=no

Make the following directories
[root@fcld ]# mkdir /tftpboot/
[root@fcld ]# mkdir /tftpboot/images
[root@fcld ]# mkdir /tftpboot/pxelinux.cfg
[root@fcld ]# chmod -R 777 /tftpboot/

Copy those files to /tftpboot/
[root@fcld ]# cp /usr/lib/syslinux/pxelinux.0 /tftpboot/
[root@fcld ]# cp /usr/lib/syslinux/menu.c32 /tftpboot/

Create and edit the PXE menu config file.
[root@fcld]# nano /tftpboot/pxelinux.cfg/default
DEFAULT menu.c32
PROMPT 0
TIMEOUT 600
MENU TITLE Servidor de Instalacion de la FCLD

Config each one of the distros.
a) CentOS 5

[root@fcld ]# mkdir /tftpboot/images/centos/5/i386
[root@fcld ]# mkdir /var/ftp/centos/5/i386
[root@fcld ]# mount -o loop -t iso9660 ~/Centos5.iso /mnt
[root@fcld ]# cp -R /mnt/* /var/ftp/centos/5/i386/
[root@fcld ]# cp /var/ftp/centos/5/i386/images/pxeboot/vmlinuz /tftpboot/images/centos/5/i386/
[root@fcld ]# cp /var/ftp/centos/5/i386/images/pxeboot/initrd.img /tftpboot/images/centos/5/i386/

Add Centos entry on PXE menu:
LABEL Centos 5 (DVD-i386)
KERNEL images/centos/5/i386/vmlinuz
APPEND vga=normal initrd=images/centos/5/i386/initrd.img ramdisk_size=32768
METHOD=ftp://10.0.200.1/centos/5/i386/

b) Fedora 11
[root@fcld ]# mkdir /tftpboot/images/fedora/11/i386
[root@fcld ]# mkdir /var/ftp/fedora/11/i386
[root@fcld ]# mount -o loop -t iso9660 ~/Fedora-11.iso /mnt
[root@fcld ]# cp -R /mnt/* /var/ftp/fedora/11/i386/
[root@fcld ]# cp /var/ftp/fedora/11/i386/vmlinuz /tftpboot/images/fedora/11/i386/
[root@fcld ]# cp /var/ftp/fedora/11/i386/initrd.img /tftpboot/images/fedora/11/i386/

Add fedora entry on PXE menu:
[root@fcld]# nano /tftpboot/pxelinux.cfg/default
LABEL Fedora Core 11
KERNEL images/fedora/11/i386/vmlinuz
APPEND vga=normal initrd=images/fedora/11/i386/initrd.img ramdisk_size=32768
METHOD=ftp://10.0.200.1/fedora/11/i386/

c) Ubuntu 9.10
[root@fcld ]# mkdir /tftpboot/images/ubuntu-desktop
[root@fcld ]# mkdir /var/ftp/ubuntu-desktop
[root@fcld ]# mount -o loop -t iso9660 ~/Ubuntu-9.10.iso /mnt
[root@fcld ]# cp -R /mnt/* /tftpboot/images/ubuntu-desktop/
[root@fcld ]# cp -R /mnt/* /var/ftp/ubuntu-desktop/

Add the ubuntu entry to PXE menu:
[root@fcld]# nano /tftpboot/pxelinux.cfg/default
LABEL Ubuntu 9.10 Karmic Koala
KERNEL images/ubuntu-desktop/casper/vmlinuz
APPEND vga=normal boot=casper netboot=nfs nfsroot=10.0.200.1:/var/ftp/ubuntu-desktop/
initrd=images/ubuntudesktop/casper/initrd.gz ramdisk_size=32768

Edit the file /etc/exports and add:
[root@fcld ]# nano /etc/exports
/var/ftp/ubuntu-desktop 10.0.200.0/255.255.255.0(rw)

c) Clonezilla 1.2.2
[root@fcld ]# mkdir /tftpboot/images/clonezilla
[root@fcld ]# mkdir /var/ftp/clonezilla
[root@fcld ]# mount -o loop -t iso9660 ~/clonezilla-1.2.iso /mnt
[root@fcld ]# cp -R /mnt/* /tftpboot/images/clonezilla/
[root@fcld ]# cp -R /mnt/* /var/ftp/clonezilla/

Add entry for clonezilla on PXE menu:
[root@fcld]# nano /tftpboot/pxelinux.cfg/default

LABEL Clonezilla 1.2.2
KERNEL images/clonezilla/live/vmlinuz1
APPEND vga=normal initrd=images/clonezilla/live/initrd1.img boot=live union=aufs
netboot=nfs nfsroot=10.0.200.1:/var/ftp/clonezilla/ ramdisk_size=32768

Edit the file /etc/exports que le pertenece and add:
[root@fcld ]# nano /etc/exports
/var/ftp/clonezilla 10.0.200.0/255.255.255.0(rw)

Start or restart the daemons
[root@fcld ]# service vsftpd restart
[root@fcld ]# service xinetd restart
[root@fcld ]# service nfs restart
[root@fcld ]# service dhcpd restart

Make the daemons start on boot
[root@fcld ]# chkconfig vsftpd --level 345 on
[root@fcld ]# chkconfig xinetd --level 345 on
[root@fcld ]# chkconfig nfs --level 345 on
[root@fcld ]# chkconfig dhcpd --level 345 on

NOTE: After completion of all relevant daemons start, remember to initialize the DHCPD requires a network card configured on the same subnet that the server work.


content from nixcraft

Monday, August 15, 2011

limit Unix command to user


                                                                     
                                             
we want to limit the activities or command to run for specific user then, how to limit a shell? here are the steps to create limited shell.

Add a user who can execute some specific commands.

1. Create a link named ‘rbash’ from bash.

# ln -s /bin/bash /opt/rbash

2. Add a user that his default shell is rbash and set he can execute only ‘ping’.

# useradd lsuser -s /opt/rbash
# passwd lsuser
# mkdir /home/lsuser/bin
# ln -s /bin/ping /home/lsuser/bin/ping
# chown root. /home/lsuser/.bash_profile
# chmod 755 /home/lsuser/.bash_profile
# vi /home/lsuser/.bash_profile

  # change PATH like follows
  PATH= $HOME/bin

3. Login with the test user.

$ cd
-rbash: cd: restricted # denied
$ ls
-rbash: ls: command not found # none
$ ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.045 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.008 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.008 ms

— localhost ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2157ms
rtt min/avg/max/mdev = 0.008/0.020/0.045/0.017 ms  # executed

webmin

Webmin is a program that simplifies the process of managing a Linux or Unix system.

Webmin lets you perform these tasks through an easy to use web interface, and automatically updates all of the required configuration files for you. This makes the job of administering your system much easier.

Some of the things that you can do with Webmin are :

1) Create, edit and delete Unix login accounts on your system.
2) Export files and directories to other systems with the NFS protocol.
3) Set up disk quotas to control how much space users can use up with their files.
4) Install, view and remove software packages in RPM and other formats.
5) Change your system’s IP address, DNS settings and routing configuration.
6) Set up a firewall to protect your computer, or to give hosts on an internal LAN access to the Internet.
7) Create and configure virtual web servers for the Apache webserver.
8) Manage databases, tables and fields in a MySQL or PostgreSQLdatabase server.
9) Share files with Windows systems by configuring Samba.

These are just a few of the available functions. Webmin lets you configure almost all of the common services and popular servers on Unix systems, all using a simple web interface. It protects you from the syntax errors and other mistakes that are often made when editing configuration files directly, and warns you before potentially dangerous actions.

Because Webmin is accessed though a web browser, you can login to it from any system that is connected to yours through a network. There is absolutely no difference between running it locally and running it remotely, and it is much easier to use over the network than other graphical configuration programs.