JFS (Journaled File System) is a file system from IBM. I have always really liked this file system since I first came across it, working with AIX, but I have never used it in a Linux environment until now. When you read comparisons of different file systems it seems JFS always comes out in a top position. For Linux it is sometimes beaten by XFS, but I think that is due to the fact that XFS is more widely used on Linux.

For some reason RedHat seems to have taken out support for JFS in RHES, but it is available for CentOS using the kernel in the CentosPlus repository. The process to upgrade an existing Centos installation to support JFS is simply to update the kernel with the kernel in centosplus and install jfsutils:

yum –enablerepo=centosplus install kernel-smp
yum –enablerepo=centosplus install kernel-smp-devel
yum install jfsutils

Then you probably need to change the “default” row in grub.conf and reboot to start using the new kernel with JFS support.

To create a JFS file system on a new partition use fdisk and mkfs -t jfs.

I think you need to stick to ext3 for the root and boot file systems though and there is no path (at least that I know of) for migrating an existing ext3 file system to JFS “in place”.

Postfix is a great e-mail server and you would usually want to keep up with new versions more aggressively than RedHat publishes RPMs for new version. However, I have never succeeded well in compiling Postfix from source with SASL support enabled. The resulting binaries (compiled towards the RedHat SASL rpms) always seem to core dump and mis-behave for reasons I have never understood.However, there is a solution… building an RPM from source and using that RPM for updating.

(more…)

Our mail server receives around 10.000 e-mails per day. On weeekdays around 70% is spam, during weekends more than 90% is spam. Lately our mailserver load has been very high leading to poor reponse times. As a result we decided to implement greylisting.

(more…)

Now I have finished a PAM module for sending One-Time Passwords (OTPs) via SMS when using Pluggable Authentication Module (PAM) in Linux.

For more information »

We have experienced high load on one of our web servers lately (Apache 2.0.59 on Linux). So, I started thinking about how to analyze this in a bit more detail. We are running multiple virtual hosts (around 60) so when using tcpdump it is not easy to see which URLs are requested, therefore I looked around for some HTTP-oriented sniffer. My search ended with “urlsnarf” from the “dsniff” package.

(more…)

This is not very complicated, apart from one libgcc-issue that was fatal and kept me busy for a couple of hours.

If the correct version of libgcc_s is not found then VMware Server will not run correctly. For me it crashed every time I tried to create a virtual machine.

You can either link to the libgcc_s.so which accompanies the VMware Server distribution

ln -s /usr/lib/vmware/lib/libgcc_s.so.1/libgcc_s.so.1 /lib/libgcc_s.so.1

or install the compatibility library

yum install compat-libstdc++-33

- Install SNMP agent (important to do this before installing OMSA)
yum install net-snmp net-snmp-utils

- Ensure necessary packages are installed
yum install ncurses libxml2 compat-libstdc++-33

- Download OMSA Managed Node from Dell, unpack and edit setup.sh to use the “RHEL4″ by default, since Centos is not a known operating system to the script. Then run setup.sh.

Choose “4″ and then “i” to install all packages. Install to default locations.

After installation run “srvadmin-services.sh start”

Sometimes it is necessary to start ipmi separately
srvadmin-services.sh stop
/etc/init.d/ipmi start
srvadmin-services.sh start

- Now it should be possible to “walk” the Dell MIB

snmpwalk -v 2c -c public 127.0.0.1 enterprises.674.10892

It should also be possible to open a browser and point it to
https://server:1311 (where server is your servername) in order
to access the OpenManage web interface.

We have four Dell PowerEdge 1850 servers with 2 x 3.0 GHz CPU, 2 x 73 GB SCSI HD (in RAID-1 configuration) and 4 GB RAM on which we now run CentOS 4.4. I think hese are great servers, easy to install and reliable.

My favorite method for installing Centos 4.4 (and I have done it numerous times, trust me) is to download only iso 1 (out of 4), burn it and boot from it. There is noting specific to the PowerEdge servers in these first steps but then we want Dell OpenManage in order to be able to monitor the server in full. We currently use Nagios and SNMP to monitor our environment.

During the installation I choose “Custom” and then de-select all packages. The installation process will only need the first cd for this and I can then “yum install” the packages needed afterwards. I also include the firewall (even though we also have a hardware appliance in front of our servers) and activate SE Linux.

Post-installation:

• Remove “en_US.UTF-8″ from /etc/sysconfig/i18n
• “yum update”
• Install kernel source for being able to compile modules later on
  yum -y install kernel-devel
• Install NTP and sync the clock for correct time
  yum -y install ntp
  ntpdate ntp.lth.se
• Install VIM enhanced since only minimal is installed during the minimal install
  yum -y install vim-enhanced
• Install MySQL 5 from CentosPlus
  yum -y –enablerepo=centosplus install mysql-server-5.0.22
• Update Perl CPAN
  perl -MCPAN -e shell
  install Bundle::CPAN
• Install SNMP agent and Dell OpenManage (see separate article)

I have just started writing a PAM module for authentication using One Time Passwords (OTP) sent to the user’s mobile phone via SMS.

The idea is adding a PAM module to the stack for sshd (or other services) with the following functionality:

• First use “normal” authentication of type “requisite”. That is if the normal username/password combination is not entered correctly by the user, the user is rejected.
• Check if the user originates from an IP address configured as trusted. If yes, approve authentication without further action.
• For non-trusted IP addresses check if the user is configured in the “OTP database” and if yes, generate an OTP and send to the user’s mobile phone.
• The user is prompted for the OTP and if entered correctly authectication is approved. For incorrect password start the authentication process all over again.

The PAM module will send the password using a HTTP POST on the format used by our own SMS Submit service. However, letting the URL be configurable the module can be configured to use any SMS service that can use the parameters sent.

First objective is to make it run in Linux, but then it would be nice to be able to support other operating systems as well.

We have a web server which can be accessed via two different internet connections. So far the secondary connection has been using NAT on the firewall in order since the default gateway in the web server points to the primary connection. However, when using NAT you miss all web statistics.

So, I decided to find out whether it is possible to use multiple default gateways in Linux. The approach would be to use 2 different virtual IP addresses on the box and have different default gateways depending on which virtual IP is accessed.

This turned out to be very easy indeed using iptables.

The box is running RedHat 9 using iptables 1.2.7a.

All needed was this: