GPFS Enable and Disable Quota Management

The General Parallel File System (GPFS) is a high-performance clustered file system that can be deployed in shared-disk or shared-nothing distributed parallel modes. It is developed by IBM. It is used by many of the world's largest commercial companies, as well as some of the supercomputers on the Top 500 List.[1] For example, GPFS is the filesystem of the ASC Purple Supercomputer[2] which is composed of more than 12,000 processors and has 2 petabytes of total disk storage spanning more than 11,000 disks.
In common with typical cluster filesystems, GPFS provides concurrent high-speed file access to applications executing on multiple nodes of clusters. It can be used with AIX 5L clusters, Linux clusters, on Microsoft Windows Server, or a heterogeneous cluster of AIX, Linux and Windows nodes. In addition to providing filesystem storage capabilities, GPFS provides tools for management and administration of the GPFS cluster and allows for shared access to file systems from remote GPFS clusters.

Enable and Disable Quota Management for GPFS.

Taken from GPFS Administration and Programming Reference Enabling and disabling GPFS quota management
To enable GPFS quota management on an existing GPFS file system.
1) Unmount the file system everywhere.
2) Run the mmchfs -Q yes command. This command automatically activates quota enforcement whenever   the file system is mounted.
3) Remount the file system, activating the new quota files. All subsequent mounts follow the new quota     setting.
4) Compile inode and disk block statistics using the mmcheckquota command. The values obtained can be used to establish realistic quota values when issuing the mmedquota command.
5) Issue the mmedquota command to explicitly set quota values for users, groups, or filesets.

Once GPFS quota management has been enabled, you may establish quota values by:
1.Setting default quotas for all new users, groups of users, or filesets.
2. Explicitly establishing or changing quotas for users, groups of users, or filesets.
3. Using the gpfs_quotactl() subroutine.
To Disable quota management:
Step-1 Unmount the file system everywhere.
Step-2 Run the # mmchfs -Q no command.
Step-3 Remount the file system, deactivating the quota files. All subsequent mounts obey the new quota setting.
To Enable GPFS quota management on a new GPFS file system: 
Step-1 Run  # mmcrfs -Q yes command. This option automatically activates quota enforcement whenever the file system is mounted.
Step-2 Mount the file system.
Step-3 Issue the mmedquota command to explicitly set quota values for users, groups, or filesets. See Explicitly establishing and changing quotas.

Installing Redmine on CentOS 6.2 With MySQL and Apache

Pre-requisites
Logged as root, install the following packages:
Step 1
#   yum install make gcc gcc-c++ zlib-devel ruby-devel rubygems ruby-libs apr-devel apr-util-devel httpd-devel mysql-devel mysql-server automake autoconf ImageMagick ImageMagick-devel curl-devel
And then install the bundle ruby gem:
#  gem install bundle
Install Redmine
Redmine is installed with the following commmands:

#  cd /var/www
#  wget http://rubyforge.org/frs/download.php/76255/redmine-1.4.4.tar.gz
#  tar zxf redmine-1.4.4.tar.gz
#  ln -s redmine-1.4.4 redmine
#  rm -f redmine-1.4.4.tar.gz
Install Redmine ruby dependencies
Bundle helps us install the ruby Redmine dependencies:
#  cd /var/www/redmine
#  bundle install --without postgresql sqlite test development
Database creation
First we start MySQL:
#  service mysqld start
Then we secure it (Optional):
#  mysql_secure_installation
We then create the redmine database and user:
$ mysql
mysql> create database redmine character set utf8;
mysql> grant all privileges on redmine.* to 'redmine'@'localhost' identified by 'my_password';
mysql> flush privileges;
mysql> quit
Redmine database configuration

We copy the database configuration example and we modify it to point to our newly created database:
#  cd /var/www/redmine/config
#  copy database.yml.example database.yml
On the database.yml file, the production section should look like this:
 1production:
 2 adapter: mysql
 3database: redmine
 4 host: localhost
 5 username: redmine
 6password: my_password
 7encoding: utf8
And then we create and populate the database with the following rake commands:

#  cd /var/www/redmine
#  rake generate_session_store
#  rake db:migrate RAILS_ENV="production"
#  rake redmine:load_default_data RAILS_ENV="production"
Outgoing email configuration (Optional)
To configure an outgoing SMTP server for sending emails, we create the config/configuration.yml file from the sample:
#  cd /var/www/redmine/config
#  cp configuration.yml.example configuration.yml
And edit it to provide our configuration :
 1production:
 2 email_delivery:
 3 delivery_method: :smtp
 4 smtp_settings:
 5 address: "smtp.mydomain.com"
 6 port: 25
 7 domain: "mydomain.com"
Redmine standalone testing

At this point, Redmine can be tested in standalone mode by running the following command:

#  cd /var/www/redmine/
#  ruby script/server webrick -e production
and open the http://localhost:3000 addess in a browser. If you are testing from another computer, you will need to open the port in the /etc/sysconfig/iptables file by duplicating the ssh (port 22) line and adapting it:

#  -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
#  -A INPUT -m state --state NEW -m tcp -p tcp --dport 3000 -j ACCEPT
Then apply the new configuration with the following command:

#  service iptables restart
Passenger installation

To install Phusion passenger, we firts install its gem:

#  gem install passenger
And then install the Apache module with the command:

#  passenger-install-apache2-module
Apache configuration

We remove the default Apache configuration and replace it by a new one:

#  cd /etc/httpd
#  mv conf.d available
#  mkdir conf.d
In the empty new conf.d folder, we create a redmine.conf file with the following configuration:

# Loading Passenger
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.13/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.13
PassengerRuby /usr/bin/ruby

<VirtualHost *:80>
   ServerName redmine.mycompany.com
   DocumentRoot /var/www/redmine/public
   <Directory /var/www/redmine/public>
      # This relaxes Apache security settings.
      AllowOverride all
      # MultiViews must be turned off.
      Options -MultiViews
      allow from all
   </Directory>

   ErrorLog "|/usr/sbin/rotatelogs /etc/httpd/logs/redmine-error.%Y-%m-%d.log 86400"
   CustomLog "|/usr/sbin/rotatelogs /etc/httpd/logs/redmine-access.%Y-%m-%d.log 86400" "%h %l %u %t %D \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""

</VirtualHost>
We then enable named based virtual hosting for our server by uncomenting the following line in the /etc/httpd/conf/httpd.conf file:
...
#
# Use name-based virtual hosting.
#
NameVirtualHost *:80
...
We give full access on the redmine folder to the apache user and test the configuration:

#  chown -R apache:root /var/www/redmine
#  service httpd configtest
At this point, the SELinux configuration needs to be modified to allow our apache instance to run the phusion passenger module. You can do this by putting SELinux in permissive mode:

#  setenfore Permissive
And letting the Permissive mode survive a reboot by modifyin the /etc/selinux/config file from:
SELINUX=enforcing
to
SELINUX=permissive
If you want to run redmine while enforcing, you may want to apply the method described here for which you will need to install the policycoreutils-python package.
In any case, you will start Apache with the command:
#  service httpd start
Now you can access your Redmine installation with your browser. To access it from all the computers in your network, you will need to open the port 80 in the /etc/sysconfig/iptables. You can replace the 3000 rule by :
#  -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
#  -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
And restart iptables.

#  service iptables restart
Start services at boot

To have MySQL and Apache started at boot, run the commands:
#  chkconfig --level 345 mysqld on
#  chkconfig --level 345 httpd on
Cleaning up

A quick command to clean up all the devel stuff needed for installation:
#  yum remove '*-devel' make automake autoconf
Tips

Don’t forget that if you change your Redmine configuration, you don’t have to restart Apache. Your can restart only Redmine with the command:

#  touch /var/www/redmine/tmp/restart.txt
If you restore data on your server from another redmine instance that runs on a previous version, dont forget to migrate your data:

#  cd /var/www/redmine
#  rake db:migrate RAILS_ENV="production"

Server’s Serial Number from command line – RedHat/CentOS

To get service/serial number from command in linux run command below. The first result is the service tag which usually in alphanumeric.
[server@dev-test ~] # dmidecode | egrep -i “serial|product”
output example:
Product Name: PowerEdge R710
Serial Number: 378CDE1
Product Name: 0DCR13
Serial Number: ..ABC980CDE4545XYZ.
Serial Number: AB66X66
Serial Number: Not Specified
Serial Number: Not Specified
Port Type: Serial Port 11204A Compatible

How to create & convert Linux File Systems Ext2, Ext3 & Ext4

ext2,ext3 and ext4 are all filesystems created for Linux.

High level difference between these filesystems.
How to create these filesystems.
How to convert from one filesystem type to another.

I converted from ext2 to ext3, ext3 to ext4 and ext2 to ext4 file systems successfully. By following this guide anyone can convert their file systems smartly, but still I like to WARN you’ll before doing this, because the following task required skilled administrative practices and make sure you must take important backup of your files before doing this. If in case something goes wrong at least you can revert to back with your backup data.
File system is divided in two segments called User Data and Metadata. In this article I am trying to explore how to create and convert various Linux file systems and high level difference amongst Ext2, Ext3 and Ext4 file systems. Before moving further readings, let me introduce a brief about Linux file systems.

Ext2:- Stands for second extended file system.
It was introduced in 1993. Developed by Rémy Card.
This was developed to overcome the limitation of the original ext file system.
Ext2 does not have journaling feature.
On flash drives, usb drives, ext2 is recommended, as it doesn’t need to do the over head of journaling.
Maximum individual file size can be from 16 GB to 2 TB
Overall ext2 file system size can be from 2 TB to 32 TB

Ext3:- Stands for third extended file system.
It was introduced in 2001. Developed by Stephen Tweedie.
Starting from Linux Kernel 2.4.15 ext3 was available.
The main benefit of ext3 is that it allows journaling.
Journaling has a dedicated area in the file system, where all the changes are tracked. When the system crashes, the possibility of file system corruption is less because of journaling.
Maximum individual file size can be from 16 GB to 2 TB
Overall ext3 file system size can be from 2 TB to 32 TB
There are three types of journaling available in ext3 file system.
Journal – Metadata and content are saved in the journal.
Ordered – Only metadata is saved in the journal. Metadata are journaled only after writing the content to disk. This is the default.
Writeback – Only metadata is saved in the journal. Metadata might be journaled either before or after the content is written to the disk.
You can convert a ext2 file system to ext3 file system directly (without backup/restore).

Ext4:- Stands for fourth extended file system.
It was introduced in 2008.
Starting from Linux Kernel 2.6.19 ext4 was available.
Supports huge individual file size and overall file system size.
Maximum individual file size can be from 16 GB to 16 TB
Overall maximum ext4 file system size is 1 EB (exabyte). 1 EB = 1024 PB (petabyte). 1 PB = 1024 TB (terabyte).
Directory can contain a maximum of 64,000 subdirectories (as opposed to 32,000 in ext3)
You can also mount an existing ext3 fs as ext4 fs (without having to upgrade it).
Several other new features are introduced in ext4: multiblock allocation, delayed allocation, journal checksum. fast fsck, etc. All you need to know is that these new features have improved the performance and reliability of the filesystem when compared to ext3.
In ext4, you also have the option of turning the journaling feature “off”.

Creating an ext2, or ext3, or ext4 filesystem

Once you’ve partitioned your hard disk using fdisk command, use mke2fs to create either ext2, ext3, or ext4 file system.

Creating Ext2 File System

#  mke2fs /dev/sdXX

Creating Ext3 File System

#  mke2fs –j  /dev/sdXX

-j option is used for journaling.

Creating Ext4 File System

# mke2fs -t ext4 /dev/sdXX

-t option to specify the file system type.

Converting an Ext2, or Ext3, or Ext4 File Systems

If you are upgrading /dev/sda2 that is mounted as /home, from ext2 to ext3, do the following.

Converting Ext2 to Ext3

#  umount /dev/sda2
#  tune2fs -j /dev/sda2
#  mount /dev/sda2 /home

You really don’t need to umount and mount it, as ext2 to ext3 conversion can happen on a live file system. But, I feel better doing the conversion offline.

Converting Ext3 to Ext4

#  umount /dev/sda2
#  tune2fs -O extents,uninit_bg,dir_index /dev/sda2
#  e2fsck -pf /dev/sda2
#  mount /dev/sda2 /home

-p option automatically repairs the file system.
-f option force checking file system even it seems clean.
WARNING: You cannot revert or mount back to ext3 filesystem once you run above command.

Converting Ext2 to Ext4

To convert from old ext2 to new ext4 file system with latest journaling feature. Run the following command.

#  umount /dev/sdxx
#  tune2fs -O dir_index,has_journal,uninit_bg /dev/sdxx
#  e2fsck -pf /dev/sdXX
#  mount /dev/sdxx /home

Note: all of the above commands only on a test Linux server, where you can afford to lose all your data.

Secure your RHEL/CentOS Server Prevent from DoS and Bruteforce (Intrusion Prevention)

Prevent from DoS and Bruteforce attack.

Bruteforce and Denial Of Service are both automated attacks that you can prevent by using tools specially made for this purpose.

Fail2ban is an open source free intrusion prevention framework developed in python programming language. Fail2ban operates by monitoring log files such as /var/log/pwdfail, /var/log/auth.log, /var/log/secure etc. and bans the IP address after too many password failure attempts. It used to update iptable firewall rules to reject the IP address for a specified amount of time.
              Fail2ban is designed to ban users which fail to login correctly on your server, its main purpose is to prevent malicious users to bruteforce your password.

Before heading up for installation and configuration of Fail2Ban, I would like to tell you that most of the attackers trying to gain root access via SSH. So, I recommend you to pay close attention to things such as disable ssh root logins and use pair of ssh keys for authentication etc.

Step 1-Installing Fail2Ban in RHEL, CentOS and Fedora.
By default Fail2Ban is not available under Linux systems, so you will need to add and enable third party RPMForge repository or EPEL repository in your Linux box. Once you’ve added repository, install it using following YUM command.

# rpm -ivh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarc...
# rpm –import https://fedoraproject.org/static/0608B895.txt
# yum install fail2ban
Step 2- Configuring Default section for Fail2Ban.

The master Fail2Ban configuration file is located under /etc/fail2ban/jail.conf. So, open it using VI editor or any editor that you feel comfortable.
Then edit the configuration file as you wish :

# vi /etc/fail2ban/jail.conf

Now, you will see default section with some basic rules that are followed by fail2ban itself. If you want to add some extra layer of protection to your server, then you can customize the each rule section as per your needs.
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
 as follows :

Step 3 -Restarting Fail2Ban Service

Once you’ve made the changes to the fail2ban config file, then always make sure to restart Fail2Ban service.

# chkconfig --level 23 fail2ban on
# service fail2ban start
  Starting fail2ban:                                         [  OK  ]

Step 4- DDOS Deflate

DDos Deflate automatically detects and blocks denial of service attempts. Switch to a folder where you will download the DDoS Deflate script:

# wget http://www.inetbase.com/scripts/ddos/install.sh

# chmod 0700 install.sh
# ./install.sh

A ddos.conf configuration file has been created under /usr/local/ddos/ddos.conf, have a look inside, it's commented well. A software cron job is installed and will regurlarly to the DoS checking.

#  ls -l /etc/cron.d

-rw-r--r--. 1 root root 113 Jul 19  2011 0hourly
-rw-r--r--. 1 root root  74 Apr  1 12:37 ddos.cron
-rw-r--r--. 1 root root 108 Dec  6 21:41 raid-check

# /usr/local/ddos/ddos.sh --help
DDoS-Deflate version 0.6

Usage: ddos.sh [OPTIONS] [N]

N : number of tcp/udp   connections (default 150)

OPTIONS:

-h | --help: Show       this help screen

-c | --cron: Create cron job to run this script regularly (default 1 mins)

-k | --kill: Block the offending ip making more than N connections

Watch Failed SSH login attempts

To see the current ssh failed login attempts, run the following command it will display a list of failed attempts attempted by hosts.

# cat /var/log/secure | grep 'Failed password' |  sort | uniq -c