yum error ULN-CA-CERT is expired

February 21, 2018 Leave a comment

If you get an error like so:

# yum info ssh
Loaded plugins: refresh-packagekit, rhnplugin, security

The certificate /usr/share/rhn/ULN-CA-CERT is expired. Please ensure you have the correct certificate and your system time is correct.

To update the client SSL certificate on your Oracle Linux machine, run the following steps.

        # cp /usr/share/rhn/ULN-CA-CERT /usr/share/rhn/ULN-CA-CERT.old
        # wget https://linux-update.oracle.com/rpms/ULN-CA-CERT.sha2
        # cp ULN-CA-CERT.sha2 /usr/share/rhn/ULN-CA-CERT
Categories: Uncategorized

Extending AWS Linux LVM partition

December 17, 2017 Leave a comment

This process was tested successfully on RHEL 6.4.

Suppose we have extended the volume size of a disk to 300G from 200G; note the current partition and VG size is 200G:

# lsblk /dev/xvdd
xvdd 202:48 0 300G 0 disk
└─xvdd1 202:49 0 200G 0 part
└─vg02-lvol1 (dm-2) 252:2 0 200G 0 lvm /test

First, we have to install package for your particular RHEL version:

Pbone RPM Repo

Next, install the RPM:
rpm -ivh cloud-utils-growpart-0.27-10.el6.x86_64.rpm

  • # growpart /dev/xvdd 1
  • # reboot
  • # pvresize /dev/xvdd1
  • # lvextend -l +<free_extents> /dev/vg02/lvol1
  • # resize2fs /dev/vg02/lvol1

# lsblk /dev/xvdd
xvdd 202:48 0 300G 0 disk
└─xvdd1 202:49 0 300G 0 part
└─vg02-lvol1 (dm-2) 252:2 0 300G 0 lvm /test

If anyone knows how we can grow the partition and have it be recognized by the physical volume without a reboot, I’d love to hear it!

Hope this helps!

Categories: Linux, Redhat, Uncategorized

Linux IOPs benchmarking tool

December 11, 2017 Leave a comment

Notes from:

Must have fio benchmarking tool installed along with libaio-devel package. Get fio from:

Random read/write (75%/25%) with 4G file:
# fio –randrepeat=1 –ioengine=libaio –direct=1 –gtod_reduce=1 –name=test –filename=test –bs=4k –iodepth=64 –size=4G –readwrite=randrw –rwmixread=75

read : io=3070.5MB, bw=132862KB/s, iops=33215 , runt= 23665msec
write: io=1025.6MB, bw=44375KB/s, iops=11093 , runt= 23665msec

Random read performance test:
# fio –randrepeat=1 –ioengine=libaio –direct=1 –gtod_reduce=1 –name=test –filename=test –bs=4k –iodepth=64 –size=4G –readwrite=randread

read : io=4096.0MB, bw=346522KB/s, iops=86630 , runt= 12104msec

Lot more options if you want to tailor your profile of io data for your test, refer to the man page for fio.

Categories: Uncategorized

Oracle rebuild your indexes and how to find all of them

November 2, 2017 Leave a comment

Useful sql scripts to output your DDL for all index types:

— Rebuild index
select ‘alter index ‘||owner||’.’||index_name||’ rebuild ONLINE;’ from dba_indexes d where D.TABLE_NAME =‘PROVIDE_TABLE_NAME’ and D.OWNER=‘PROVIDE_OWNER’;

— Rebuild Partition index
select ‘alter index ‘||index_owner||’.’||index_name||’ rebuild partition ‘||partition_name||’ ONLINE;’ from dba_ind_partitions where INDEX_NAME=‘PROVIDE_INDEX_NAME’;

— Rebuild Sub Partition index
select ‘alter index ‘||index_owner||’.’||index_name||’ rebuild subpartition ‘||subpartition_name||’ ONLINE;’ from dba_ind_subpartitions where INDEX_NAME=‘PROVIDE_INDEX_NAME’;

Categories: Uncategorized

Kali Tools

October 19, 2017 Leave a comment

# Check for rootkits on local system


Categories: Kali Linux, Uncategorized

portmap dead but subsys locked

October 19, 2017 Leave a comment

I have seen this issue and my feeling is it is a result of vulnerability scanners knocking the portmap service that handles the registration of systems for remote NFS, autofs.

Symptoms you may see:
Could not mount a user’s home directory:

su: warning: cannot change directory to /home/<user>: No such file or directory
# rpcinfo -p <nfs_server>
rpcinfo: can’t contact portmapper: RPC: Remote system error – Connection refused
# showmount -e
mount clntudp_create: RPC: Port mapper failure – RPC: Unable to receive

On NFS server if you see this error:

# service portmap status
portmap dead but subsys locked
# ll /var/lock/subsys/portmap    # If file exists, it has to be removed
# rm /var/lock/subsys/portmap
# service portmap restart
# rpcinfo -p
# service nfs restart    # Needs to be restarted to register with portmapper

Now, you should be able to run “rpcinfo -p <nfs_server>” from the NFS clients and mount the shares.


Categories: Linux, Redhat, Uncategorized

Kali SSH setup

October 17, 2017 Leave a comment

Move default keys to backup folder:
# cd /etc/ssh; mkdir backup_ssh; mv ssh_host_* backup_ssh
# dpkg-reconfigure openssh-server

Allow root to login
Edit /etc/ssh/sshd_config, add or change line to:
PermitRootLogin yes

Restart SSH
# service ssh stop; service ssh start; service ssh status