Erstellung eines selbstsignierten Zertifikats mit einer Schlüssellänge von 2048 Bit und sha256
openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout ssl.key -out ssl.crt
Prüfung des Zertifikats
openssl x509 -noout -text -in ssl.crt
Erstellung eines Zertifikatsrequest mit einer Schlüssellänge von 2048 Bit und sha256
openssl req -nodes -sha256 -newkey rsa:2048 -keyout ssl.key -out ssl.csr
Prüfung des Zertifikatsrequests
openssl req -noout -text -in ssl.csr
keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore tomcatSSL
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore tomcatSSL
keytool -import -alias root -keystore tomcatSSL -trustcacerts -file <filename_of_the_chain_certificate>
keytool -import -alias tomcat -keystore tomcatSSL -trustcacerts -file <your_certificate_filename>
openssl pkcs12 -in mybackup.pfx -nocerts -out mykey.key openssl pkcs12 -in mybackup.pfx -nokeys -out mycert.crt
openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]
cat server.crt server.key > server.pem
openssl rsa -in sslcert.key -out sslcert.key
openssl pkcs12 -export -inkey mykey.key -in mycert.crt -out mybackup.pfx
keytool -importkeystore -srckeystore mypfxfile.pxf -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS
#!/bin/bash NAME='tomcatSSL' PASS='password' # Save the file you received from UMLS as $NAME.jks # Uncomment the 3 lines below on the first run # wget 'http://www.source-code.biz/snippets/java/Base64Coder.java.txt' -O 'Base64Coder.java' # wget 'http://mark.foster.cc/pub/java/ExportPriv.old.java' -O 'ExportPriv.java' # the new version doesn't wrap lines at 64 characters # javac Base64Coder.java ExportPriv.java # list certificates in the keystore: # keytool -list -v -keystore $NAME.jks -storepass $PASS # export certificate as DER: keytool -export -alias $NAME -keystore $NAME.jks -storepass $PASS -file $NAME.crt.der # convert DER certificate to PEM: openssl x509 -in $NAME.crt.der -inform DER -out $NAME.crt.pem -outform PEM # export key as PKCS8: java ExportPriv $NAME.jks $NAME $PASS > $NAME.pkcs8 # convert binary PKCS8 key to ASCII RSA: openssl pkcs8 -nocrypt -in $NAME.pkcs8 -inform PEM -out $NAME.rsa -outform PEM # combine DER certificate and RSA key into PEM : cat $NAME.crt.pem $NAME.rsa > $NAME.pem echo "Saved key/certificate pair as $NAME.pem" # clean up: # rm $NAME.crt.der # rm $NAME.crt.pem # rm $NAME.pkcs8 # rm $NAME.rsa
sshfs:
sshfs ssh-konto@ssh-server:[Pfad] mount-point sshfs ssh-stream@linuxtest:/home/scripte d:/home sshfs user@meinserver.com:/var/www /pfad/zu/meinem/lokalen/serverdir -o allow_other
fusermount -u mount-point
dbus or messagebus check with:
/etc/init.d/dbus status /etc/init.d/haldaemon status
/etc/init.d/dbus stop, same for haldaemon
kcontrol //started controll center
cat /etc/sysconfig/displaymanager | grep DISPLAYMANAGER_AUTOLOGIN= //gibt aus welcher default user für autologin
update-alternatives:
update-alternatives --config java update-alternatives --config javac
soundcard: http://alsa.opensrc.org/index.php/TroubleShooting
Check the ALSA driver version:
cat /proc/asound/version
Check the ALSA library version:
grep VERSION_STR /usr/include/alsa/version.h #driver and lib should match!
Check the sound drivers for your card are active:
cat /proc/asound/oss/sndstat
zypper probleme (yast package probleme):
rm /var/cache/zypp/zypp.db
dann
zypper refresh
startup services:
harddisk encryption:
custom partitioning durning os install:
truecrypt
disallow access to programms/systemcommand: http://en.opensuse.org/Apparmor
problems:
user access and security:
pam authentication: if theres a file “/etc/nologin” no user except root can login! file /etc/pam.d/login looks if there´s /etc/nologin edit “auth required pam_nologin_so” and uncomment it (#) and login is again possible or delete /etc/nologin
1. Install device-mapper-multipath rpm. 2. Edit the multipath.conf configuration file: * comment out the default blacklist * change any of the existing defaults as needed * save the configuration file 3. Start the multipath daemons. 4. Create the multipath device with the multipath command.
SUSE: The /etc/multipath.conf file does not exist unless you create it. The /usr/share/doc/packages/multipath-tools/multipath.conf.synthetic file contains a sample /etc/multipath.conf file that you can use as a guide for multipath settings. See /usr/share/doc/packages/multipath-tools/multipath.conf.annotated for a template with extensive comments for each of the attributes and their options.
modprobe dm-multipath service multipathd start
multipath -v2 #The multipath -v2 command prints out multipathed paths that #show which devices are multipathed. If the command does not print anything out, #ensure that all SAN connections are setup properly and the system is multipathed. multipath -l #show multipath topology (sysfs and DM info) multipath -ll #show multipath topology (maximum info)
chkconfig multipathd on
blacklist { wwid SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1 //name SBIM*** wird über den Befehl "multipath -v2" ausgelesen. Durch hinzufügen in die Blacklist wird das Divice nicht mehr gelistet }
or
blacklist { device { vendor "IBM" product "3S42" #DS4200 Product 10 } device { vendor "HP" product "*" } }
Then:
service multipathd reload
Example multipath section:
multipaths { multipath { wwid 3600508b4000156d70001200000b0000 alias yellow path_grouping_policy multibus path_checker readsector0 path_selector "round-robin 0" failback manual rr_weight priorities no_path_retry 5 } multipath { wwid 1DEC_____321816758474 alias red rr_weight priorities } }
then:
multipath -F //flush all multipath device maps multipath -v2 //show vervose mit level 2
Identify devices:
cat /sys/block/sda/device/vendor cat /sys/block/sda/device/model
Important (redhat/centos):
/usr/share/doc/device-mapper-multipath-0.4.7/multipath.conf.defaults /usr/share/doc/device-mapper-multipath-0.4.7/multipath.conf.annotated
—>show device info for /etc/multipath.conf
example devices:
devices { device { vendor "HP" product "OPEN-V." getuid_callout "/sbin/scsi_id -g -u -p0x80 -s /block/%n" } }
The multipathd interactive console can be used to troubleshoot problems you may be having with your system. For example, the following command sequence displays the multipath configuration, including the defaults, before exiting the console.
multipathd -k //multipath konsole show config //For example, the following command sequence displays the multipath configuration, including the defaults
multipathd -k reconfigure //The following command sequence ensures that multipath has picked up any changes to the multipath.conf,
multipathd -k //Use the following command sequence to ensure that the path checker is working properly.
devices mounten:
1. filesystem erstellen mit mkfs** 2. mounten (e.g) siehe "ll /dev/mpath" und auf gelinktes device mounten
mount /dev/dm-2 /mnt/tmp
device { vendor "COMPAQ" product "HSV111 (C)COMPAQ" getuid_callout "/sbin/scsi_id -g -u -s" prio_callout "/sbin/mpath_prio_alua %d" features "0" hardware_handler "0" path_grouping_policy multibus failback immediate prio_callout "/sbin/mpath_prio_alua %d" path_checker tur no_path_retry 60 }
For each path group:
\_ scheduling_policy [path_group_priority_if_known][path_group_status_if_known] For each path: \_ host:channel:id:lun devnode major:minor [path_status][dm_status_if_known]
Kernel:
cat /etc/sysconfig/kernel INITRD_MODULES
cd /lib/modules/`uname -r`/
find /lib/modules/`uname -r`/ -name "qla*"
lsmod | grep qla
cat /proc/modules
lsmod //this command lists all loaded kernel modules modprobe //loads kernel moduls modprobe usb-storage insmod module //loads the indicated module into the kernel
rmmod //removes loaded kernel modules rmmod module
better:
modprobe -r
try modprobe <modulename> on newer kernels to load the module and modprobe -r <modulename> to unload it
cd /usr/src/linux
make dep
make mrprop
make clean
make menuconfig
make
make CONFIG_DEBUG_SECTION_MISMATCH=y
make modules
make modules_install
make install
make oldconfig;
Create an initrd image Type the following command at a shell prompt: # cd /boot # mkinitrd -o initrd.img-2.6.25 2.6.25
read content initrd:
gzip -dc /boot/initrd-2.6.xx.img| cpio -i –list
gzip -dc /boot/initrd-2.6.16.60-0.21-bigsmp | cpio -i –list
in (aktuelles!!!)verzeichniss extrahieren:
gzip -dc /boot/initrd-2.6.16.60-0.21-bigsmp | cpio -i –make-directories
RHEL:
yum install paket
Repolist:
yum repolist