VirtualBox Installation error

If you run into the error message at the first launch from virtualbox on your Linux box with error below:-
================

Kernel driver not installed (rc=-1908)

The VirtualBox Linux kernel driver (vboxdrv) is either not loaded or there is a permission problem with /dev/vboxdrv. Please reinstall the kernel module by executing

'/etc/init.d/vboxdrv setup'

as root. If it is available in your distribution, you should install the DKMS package first. This package keeps track of Linux kernel changes and recompiles the vboxdrv kernel module if necessary.

================

[root@localhost ~]# /etc/init.d/vboxdrv setup
Stopping VirtualBox kernel modules [ OK ]
Recompiling VirtualBox kernel modules [FAILED]
(Look at /var/log/vbox-install.log to find out what went wrong)

leads you to another error:-

unable to find the sources of your current Linux kernel. Specify KERN_DIR=<directory> and run Make again

Solution:-
[root@localhost ~]# yum install kernel-devel kernel-headers gcc

AWS - S3 - Apply bucket policy for public read and office IP read and write

Here's the sample S3 Bucket policy when you have a pulic read bucket but only restrict write/update access to office network

If you enable everyone list your bucket from permission menu, everyone could grep the whole list of our bucket object by browsing your root domain url 


 {
  "Id": "Policy1346919974114",
  "Statement": [
    {
      "Sid": "Stmt1346917860156",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::origin-pdf.domain.com/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "110.174.240.29/26",
            "175.143.152.282/32"
          ]
        }
      },
      "Principal": {
        "AWS": [
          "*"
        ]
      }
    },
    {
      "Sid": "Stmt1346919900506",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::origin-pdf.domain.com/*",
      "Principal": {
        "AWS": [
          "*"
        ]
      }
    }
  ]
}

DevOps Toolbox - Mount New volume to EC2

This should be a piece of coke for a most sysadmin, but if you only do it once in a blue moon(or start aging like me), you would probably spend 30mins googling. So I decided to write it down.

 

==

1.     Attach the new EBS volume to your instance from console

2.     Login into your instance on the command line and do and run (# represents the command prompt):
# ls /dev
You should see that /dev/sdf has been created for you

3.     Format /dev/sdf by running:
# mkfs.ext3 or mkfs.ext4 /dev/sdf
It will warn you that this an entire device. You should type y to allow the process to continue unless you want to create specific partitions on this device

4.     Create a directory to mount your new drive as on the filesystem, for example we’ll use /var:
# mkdir /var (first mv var to var.bk)

5.     Add a reference in the fstab file to mount the newly formatted drive onto the /files directory by running the following command:
#  echo “/dev/sdb /files ext4 noatime 0 0″ >> /etc/fstab

6.     Mount the drive by running:
# mount /var

7.     Check your drive has mounted correctly with the expected amount of file space by running:
# df -h /var

It really is that simple, within a few cli commands you can simply add 1GB to 1TB of storage at the drop of a hat!

Source: http://www.digitaltactics.co.uk/linux/how-to-mount-an-amazon-ebs-disk-as-a-drive-in-linux-centos/

Windows file sharing fix

And now you have successfully configured your Linux server to get authenticated via AD, Hooray!

Wait a minute, why can't I connect to my \\ files on Linux from Windows?

Here's the changes you need to make on your Windows Server local policy:-
1.Open the Run command and type "secpol.msc".

2. Click on "Local Policies" --> "Security Options"

3. Navigate to the policy "Network Security: LAN Manager authentication level" and open it.

4. Change the policy to "Send LM and NTLM – use NTLMV2 session security if  negotiated".

Linux - how to show the memory usage per process

Top is a very useful command to show real time overall system health like CPU,memory and  swap status
 

But when come to memory leak detection, we will need more detail information like which process consumes how much memory

Command below comes handy:-

ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNS

Disable Auto-Restart after Windows Update

If you often receive alert at 3 in the morning about your lovely Windows servers restart by itself.

Chances are Auto-restart has been set to on on Windows Update configuration and Windows Update is normally scheduled to restart at 3:00a.m. by default.

To disable Auto Restart after Windows Update. You can set it from Group Policy.

Run gpedit.msc

Computer Configuration-> Admin Template->Windows Component-> Windows Update
Enable - No auto-restart with...

You can now have a good night sleep. Zz.zz..

Authenticating Linux against Active Directory

When you only have few Linux machines and sysadmins, a simple local machine authentication would do a fairy good job.

Imaging if you have 64 Linux box(and growing) and 4 sysadmins. To keep and maintain sudo access up-to-update would be a daunting task.

Why not get Linux and Windows talk to each other if you already have Active Directory on your environment?

- First you will need to ensure Linux machine A record added to AD DNS server

- create a AD group called linixadmin and add admin user to the group

- Next run the following command on Linux client box

yum install samba-common samba-winbind pam_krb5 sudo authconfig;
chkconfig winbind on;
mkdir /home/[your domain name-mycompany];
chmod 0777 /home/mycompany;
echo "%linuxadmin ALL=(ALL) ALL" >> /etc/sudoers;

authconfig \
--disablecache \
--enablewinbind \
--enablewinbindauth \
--smbsecurity=ads \
--smbworkgroup=MYCOMPANY \
--smbrealm=MYCOMPANY.LOCAL \
--enablewinbindusedefaultdomain \
--winbindtemplatehomedir=/home//%U \
--winbindtemplateshell=/bin/bash \
--enablekrb5 \
--krb5realm=MYCOMPANY.LOCAL \  
--enablekrb5kdcdns \
--enablekrb5realmdns \
--enablelocauthorize \
--enablemkhomedir \
--enablepamaccess \
--updateall \

net ads join -U "AD Admin account i.e. joesoh";
 

service winbind restart

===

Note: MYCOMPANY.LOCAL is your AD domain name

Try logon using you Windows ID and password.

Now who says Windows and Linux don't talk?