Dec 25, 2010

Install NVIDIA Drivers in XEN Kernel

Install NVIDIA Drivers in XEN Kernel


Release:
RedHat Enterprise Linux

Problem:
Need to install Nvidia drivers in XEN Kernel

Solution:

1)Boot the Server to Runlevel 3

# init 3

2)Now copy the Nvidia driver to /tmp directory

# cp /mnt/NVIDIA-Linux-xxx-pkg2.run /tmp

3)Now extract the bin file and add modify to use the XEN kernel
           
# cd /tmp
# ./NVIDIA-Linux-xxx-pkg2.run extract-only
# cd  NVIDIA-Linux-xxx-pkg2/usr/src/nv
# IGNORE_XEN_PRESENCE=y make SYSSRC=/lib/modules/`uname -r`/build module

Note: Will get lot of Warnings, but end with NVIDIA: left KBUILD

4)Now load the new driver to the xen kernel library

# cp -i nvidia.ko /lib/modules/`uname -r`/kernel/drivers/video/nvidia
# depmod -a
# modprobe nvidia

5)Now check with lsmod weather nvidia driver is loaded or not

# lsmod | grep nvidia

6)Reboot the server and boot the server with nonxen kernel

# shutdown -r now

7)Now install the nvidia driver

# cd /tmp
# sh  NVIDIA-Linux-xxx-pkg2.run

8)Allow system to rewrite the “xorg.conf” file

9)Now reboot the server and boot to the xen kernel and check.


Dec 16, 2010

Add Verisign Trail Certificate to Tomcat Server

 
Add Verisign Trail Certificate to Tomcat Server


Release:
Apache Tomcat 5.5
Windows Enterprise Server 2003
JDK 1.3.1 or later

Problem:
Need to add Verisign Trial Certificate to Apache Tomcat Server

Solution:

Creating the CSR file:

  1. Create a certificate keystore and private key by executing the below command

C:\Program Files\Java\jre1.5.0_12\bin>keytool -genkey -alias tomcat -keyalg RSA -keystore C:\keystore -keysize 2048

Enter keystore password:  sbs@123
What is your first and last name?
  [Unknown]: YOUR DOMAIN NAME
What is the name of your organizational unit?
  [Unknown]:  YOUR ORGANIZATION NAME
What is the name of your organization?
  [Unknown]:  YOUR ORGANIZATION NAME
What is the name of your City or Locality?
  [Unknown]:  CHENNAI
What is the name of your State or Province?
  [Unknown]:  TAMILNADU
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN= DOMAIN NAME, OU= ORGANIZATION NAME, O= ORGANIZATION NAME, L=CHENNAI, ST=TAMILNADU, C=IN correct?
  [no]:  YES

Enter key password for
        (RETURN if same as keystore password):  sbs@123

  1. Create a  CSR (Certificate Signing Request) using the below command

C:\Program Files\Java\jre1.5.0_12\bin>keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore c:\keystore

Enter keystore password:  sbs@123

Note: The above command create a file in C drive in a name “certreq.csr”.


Enroll the CSR file:

  1. To verify the CSR go to the below link and  check the status



  1. First time to start the enrollment go to the below link and create an account. If you have a login id, login to your account and submit the CSR to Verisign.


Install CA Certificate:

  1. After submitting your CSR, Verisign will send one mail with  the original certificate.

  1. Copy the Primary Intermediate CA from the below link and save it in a notepad as “primary_inter.cer”, also import this to keystore


C:\Program Files\Java\jre1.5.0_12\bin>keytool -import -trustcacerts -alias root -keystore c:\keystore -file c:\primary_inter.cer

  1. Copy the Secondary Intermediate CA from the below link and save it in a notepad as “secondary_inter.cer”, also import this to keystore


C:\Program Files\Java\jre1.5.0_12\bin>keytool -import -trustcacerts -alias intermediate t -keystore c:\keystore -file c:\secondary_inter.cer

Install the SSL Certificate:

  1. Copy and paste the Verisign send certificate to a notepad and save the file as “cert.cer”, also import the SSL Certificates

C:\Program Files\Java\jre1.5.0_12\bin>keytool -import –alias tomcat -keystore c:\keystore -trustcacerts -file c:\cert.cer


Edit server.xml to enable SSL in tomcat 5.5:

  1. Open the server.xml using the notepad ( location: C:\Program Files\Apache Software Foundation\Tomcat 5.5\conf ) and edit the below

          
port="80" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" />  

    
  
     maxThreads="150" minSpareThreads="25" maxSpareThreads="75"     enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="c:\keystore" keystorePass="sbs@123"/>

  1. Now restart the Tomcat application from “Services”  ( Run → services.msc ) and check the application.


Dec 10, 2010

Configure SFTP Server using chroot jail in Linux

Configure SFTP Server using chroot jail in Linux

Release:
RedHat Enterprise Linux
Openssh 5.6P1

Problem:
Configure the sftp-server on a per-user-basis (restrict users to their individual home directory) using chroot() jail in RedHat Enterprise Linux

Solution:

1)      Install the OpenSSH latest version that must support the chroot() function

2)      Configure Openssh to use its internal sftp subsystem by editing the sshd_config file

# vi /etc/ssh/sshd_config

Replace
Subsystem sftp /usr/local/libexec/sftp-server
by
Subsystem sftp internal-sftp

3)      Now configure the chroot() by using match rule, add the below entries in the end of the sshd_config file

# vi /etc/ssh/sshd_config

Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Note: Here %u represents username, that means all the users in the sftponly group home directories are chrooted. Also chroot directory must be owned by root.

4)      Add one new group named as sftponly

# groupadd sftponly

5)      Create a new user to use retricted sftp. First create a user's home directory after that add the user

# mkdir /home/test
# useradd -g sftponly test
# usermod -d / test

Note: In here, create a home directory as a root user, while adding the user one warning comes like this, "useradd: warning: the home directory already exists"

6)      Now test the configuration from client side

[root@server Desktop]# sftp test@192.168.1.7
Connecting to 192.168.1.7...
test@192.168.1.7's password:
sftp> ls
IN
sftp> cd IN
sftp> ls
sftp> mput 1.png
Uploading 1.png to /IN/1.png
1.png 100% 90KB 90.4KB/s 00:00
sftp> ls
1.png
sftp> bye

7)      Test the SFTP-Server function from the windows client use the “WinSCP” or “Filezilla