Recover Root Password in RHEL6

There are a lot of guide lines on recovering ROOT password in a Red Hat or Fedora, by entering single user mode and change the ROOT password using passwd command. However the trick isn’t work in RHEL 6 any more, where issuing the passwd command in single user mode will not prompt you to enter the new password.

Here is a trick where I discover in order to recover the ROOT password in RHEL6.

1. First enter single user mode. To do this, boot your machine and wait until the message to enter GRUB (the one with a counter). Press any key to enter GRUB, then press e to edit the boot argument. Just append the word single at the back of the arguments and press enter to continue boot.
2. You should enter single user mode, with the root prompt. Instead of using entering only passwd, enter the following command:passwd -d root
3. “-d” is meant for making the password blank. Now your root password should be blank. Reboot your machine and change your ROOT password.

How to Offline Update Symantec Antivirus Definition in Redhat

There is some huge differences between Windows version and Linux version of Symantec Endpoint Protection (in Linux only known as Symantec Antivirus, SAV). After install the antivirus at Linux, you can see the antivirus tray icon at your task bar. If you double click it, it will show a small GUI with the Live Update function only. To scan virus you can only use command such as sav manualscan. Further more you are unable to run the sav utility directly since it is located at /opt where you either need to add the location to the path variable or create a link to the sav utility (or simple change directory to /opt to run it).

However the point of this post is to troubleshoot the problem when using the Symantec Linux version offline virus definition update file. The file is so called UNIX version, which can be used in Linux. It is simply a 100 plus MB shell file which will do everything for you, almost. I faced 2 problems when running the file in Redhat 5.3:

1. Missing of uncompress command
2. Missing of uudecode command

The uncompress command is actually a short hand of gzip -d. So to solve this problem:

1. Create a file called uncompress at /bin
2. put “gzip -d $1” (exclude the double quotation) inside the file
3. grant execute right to the file (chmod +x uncompress)
4. Solved

For the uudecode command, it is within the shareutil package where might not installed by default. Look for it at the installation disc or install from internet.

How to Purge Emails at Linux Server using Command

All the mails are stored in files at /var/mail, where each user will have their owned individual file. For example user James’ email will be stored at /var/mail/james. To purge all emails of a user, simply clear the content of the file using the following command:

cat /dev/null > /var/mail/james

Do not remove the file, or else the user will not able to receive email anymore. However by any change the file is removed, simple recreate back the file:

cat /dev/null > /var/mail/james

chown james:mail /var/mail/james

VNC Cannot Show Normal Desktop

Referring to Setup VNC Server at Linux, users sometimes might not able to see a normal desktop in VNC Viewer even though they already uncomment the 2 lines.

unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc

It is because /etc/X11/xinit/xinitrc need ROOT privilege to be executed. To overcome the problem, users just need to add the execute privilege for all other users:

chmod 755 /etc/X11/xinit/xinitrc (Red Hat)
or
sudo chmod 755 /etc/X11/xinit/xinitrc (Ubuntu)

Restart the vncserver and users should able to view a normal desktop in the viewer

Linux Machine No More Display after Monitor Is Replaced

We might experience display problem in a Linux Machine after monitor is replaced, especially when changing a LCD with a CRT. To be more precise, the monitor cannot display the GUI anymore because of monitor refresh rate too high. So we need to adjust the refresh rate through the console.

1. As the monitor goes blank when displaying the GUI, hit Ctrl+Alt+F2 to switch the display to console. Login as root.
2. Change directory to /etc/X11, look for a file called xorg.conf.
   cd /etc/X11
3. Make a copy of the file before making any changes.
   cp xorg.conf xorg.conf.backup
4. Edit the file with your favorite editor:
   vi xorg.conf
5. Look for the Monitor Section (similar as below):
Section "Monitor"
Identifier   "Monitor0"
VendorName   "Monitor Vendor"
ModelName    "AL1717"
DisplaySize  340        270
HorizSync    30.0 - 83.0
VertRefresh  56.0 - 75.0
Option      "dpms"
EndSection

6. Remove the line DisplaySize, HorizSync and VertRefresh, then save the file.
7. Reboot the machine, and now it should able to display GUI.
   reboot

CPIO Tape with Unknown Block Size

Here are same useful CPIO command samples (assume the tape is /dev/st0):

1. To list out the content of the tape:
   cpio -tv -F /dev/st0
2. To extract the tape to working directory:
   cpio -iv -F /dev/st0
3. To archive files from working directory to tape:
   find . -print | cpio -ov -F /dev/st0

Sometime we might face problem in extracting the tape because wrong block size is used. To check the block size used in a CPIO archived tape catridges, try command below:

dd if=/dev/sto of=/tmp/deleteme ibs=64k count=1

If no error prompts out, it means the tape is archived in 64k. Else try other block size number such as 128k until you find a figure that doesn’t result an error message. The command will create a dummy file called deleteme at /tmp, which can safely be removed. After you know the block size, use command below to list or extract the content of the tape:

cpio -tv --block-size 64 -F /dev/st0

cpio -iv --block-size 64 -F /dev/st0

Wireshark the Packet Sniffer in Linux

Wireshark is a packet sniffer program that run on Linux machine (formerly known as Ethereal), and of course available to Windows as well. Basically it will record down what ever going through a specified port. To use it, you need to install the following packages:

1. wireshark package: tools that do the sniffing.
2. wireshark-gnome package: used to read the PCAP files created by wireshark (not sure whether can run in KDE or got KDE version or not).
3. libsmi package: library required to install wireshark.

After everything is installed, you can execute wireshark using tshark command:

tshark

It will output a live packet sniffing to the terminal, however it is not much usage for this case. The following command is to run tshark in daemon mode and save the PCAP files in a specified location:

tshark -q -i eth0 -b files:80 -b filesize:10000 -w /root/trace/trace -x -t ad port 80

q: quiet mode or daemon mode

i: network interface

b: ring buffer option, which means it can set to save the data in multiple files in a mary go round pattern. files means how many files to save, filesize means maximum size of 1 single file (in KB)

w: file path where the PCAP file saved, aware that file number will be append to the file name when it is saved to multiple files.

x: tell wireshark to save the hex and ACSII dump

t: time format, ad means absolute date and time

port: which port to be sniffed

While to read the PCAP file, you need to be in Gnome Desktop and execute wireshark command:

wireshark

A wireshark GUI program will appear, and all you need to do is open the PCAP file that you want to read.

This is the wireshark Startup Script (change the filename from wireshark.doc to wireshark), copy it to /etc/init.d and issue chkconfig --add wireshark to add it into services.

CHKCONFIG Equivalence in Ubuntu

CHKCONFIG is a utility for the Red Hat family of Linux, to configure the background services. While in Ubuntu, you can either install CHKCONFIG:

sudo apt-get install chkconfig

Or use the Ubuntu service configuring utility RCCONF:

sudo rcconf

It has a nice console interface for user to enable or disable the services.

Solve Gnome Desktop Missing Problem

Sometime after you do something on your Linux (such as distribution upgrade), your Gnome desktop will turn into black color and showing nothing. If you create anything on the black desktop, it will actually go to your home directory.

This indicates your desktop path is point to your home directory instead of your desktop directory, to solve this problem:

1. Edit ~/.config/users.dirs.dirs with your favorite editor (aware that .config is hidden).
2. Look for the keyword XDG_DESKTOP_DIR, it might point to $HOME. Edit it to $HOME/Desktop.
   XDG_DESKTOP_DIR="$HOME/Desktop"
3. Log out and log in again to see the changes.

Upgrade Ubuntu Platform from ISO without Burning a CD

Dozen of methods to upgrade Ubuntu Platform, either through Update Manager or through CD. Steps below show you how to upgrade Ubuntu Platform (for example from 9.04 to 9.10) from ISO without burning to CD:

1. Download the Alternate version of Ubuntu Installation CD from Ubuntu Official Website. The differences between Alternate version and the normal version include:
   1. Alternate version doesn’t have Live CD features.
   2. Alternate version is text based.
   3. Alternate version has CD upgrade features (and the normal one does not have).
2. Mount the ISO using command below (assume that the name of your ISO is ubuntu-alternate.iso, located at /home/james and the mount point you want to set is /mnt/iso)
   mount -o loop /home/james/ubuntu-alternate.iso /mnt/iso
3. Change directory to /mnt/iso
cd /mnt/iso
4. Run cdromupgrade as ROOT user (and key in your password) and continue with the upgrade.
   sudo ./cdromupgrade