I am working on a driver for NetFPGA-1G card. I found this Linux Kernel Programming Guide
is a good place for whom wants to write a kernel module or hardware driver to start with
Install/remove a kernel module
Commands must be executed under root privilege
To install insmod <path_to_module/module_name.ko>
To remove modprobe -r module_name
or rmmod -f module_name
-f: force removal
If it fails to remove, there could be the module is in use by a process or it has dependencies
Run lsmod to display all loaded module, its use and dependencies
Ex. lsmod | grep module_name
Output:
Module Size Used by
Used by is a number and may be followed by a list of dependencies
If the number > 0, modprode will fail.
Sometimes, a positive number means the kernel module has bugs. It crashes during installation can lead to the case. Then, the only solution is to reboot the computer and check the code.
A look at /var/log/syslog can provide some infos.
Showing posts with label Linux. Show all posts
Showing posts with label Linux. Show all posts
Thursday, August 27, 2015
Sunday, July 17, 2011
Installing Rsyslog and Log Analyzer
Operating system: RedHat Linux Enterprise 6.
Assume that Apache has been installed and configured to work properly. Apache docsroot is /var/www/html.
This installation is aimed to provide syslog facility to networking devices such as routers, switches, servers and to use Log Analyzer to view and analyse syslog.
1. Configuring Rsyslog
Rsyslog is installed by default in RHEL environment. If not, do it following this.
Configure Rsyslog to receive syslog via UDP port 514:
Edit /etc/rsyslog.conf
Uncomment $ModLoad imudp.so and $UDPServerRun 514
Add $ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format and comment all other $ActionFileDefaultTemplate
Add *.* /var/log/syslog and comment all other rules if not used. That causes all syslog messages received to be put to file /var/log/syslog.
Make Rsyslog to automatically start when OS reboots:
Run chkconfig rsyslog on
Start Rsyslog: /etc/init.d/rsyslog start
2. Installing Log Analyzer
Get it
Install it
DONE.
If you get this message "Syslog file is not readable, read access may be denied". Follow this to resolve
3. Configuring logging in Cisco IOS
logging esm config // Send to syslog server every command that user enters. Used to track what user has done on IOS.
logging trap notifications // Choose lowest severity level to send to syslog. In this case syslog messages include emerg, alert, crit, err, warning and notice. If you want more, put logging trap info or even lower.
logging origin-id hostname // To send HOSTNAME in syslog msg
logging source-interface Loopback0 // Source IP address used to send syslog msg
logging 192.168.16.9 // Syslog server
Assume that Apache has been installed and configured to work properly. Apache docsroot is /var/www/html.
This installation is aimed to provide syslog facility to networking devices such as routers, switches, servers and to use Log Analyzer to view and analyse syslog.
1. Configuring Rsyslog
Rsyslog is installed by default in RHEL environment. If not, do it following this.
Configure Rsyslog to receive syslog via UDP port 514:
Edit /etc/rsyslog.conf
Uncomment $ModLoad imudp.so and $UDPServerRun 514
Add $ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format and comment all other $ActionFileDefaultTemplate
Add *.* /var/log/syslog and comment all other rules if not used. That causes all syslog messages received to be put to file /var/log/syslog.
Make Rsyslog to automatically start when OS reboots:
Run chkconfig rsyslog on
Start Rsyslog: /etc/init.d/rsyslog start
2. Installing Log Analyzer
Get it
Install it
DONE.
If you get this message "Syslog file is not readable, read access may be denied". Follow this to resolve
3. Configuring logging in Cisco IOS
logging esm config // Send to syslog server every command that user enters. Used to track what user has done on IOS.
logging trap notifications // Choose lowest severity level to send to syslog. In this case syslog messages include emerg, alert, crit, err, warning and notice. If you want more, put logging trap info or even lower.
logging origin-id hostname // To send HOSTNAME in syslog msg
logging source-interface Loopback0 // Source IP address used to send syslog msg
logging 192.168.16.9 // Syslog server
Apache file permission issue
I was so crazy about this.
I tried to setup Log Analyzer site but couldn't get it work as wanted. "Syslog file is not readable, read access may be denied" is what I got instead of syslog information.
Searching in the net and asking for help from friends didn't work. All I got were about using such:
chmod 644 or 755 or even 777
Or chown
At last, I found out that, the main cause of the issue is SE Linux. SE Linux prevents Apache from accessing files outside its granted folders (that's /var/www). Following shows how to overcome this:
Solution 1:
Disable SE Linx (Not recommended)
edit /etc/selinux/config
change SELINUX=enforcing to SELINUX=disabled
DONE.
I tried to setup Log Analyzer site but couldn't get it work as wanted. "Syslog file is not readable, read access may be denied" is what I got instead of syslog information.
Searching in the net and asking for help from friends didn't work. All I got were about using such:
chmod 644 or 755 or even 777
Or chown
At last, I found out that, the main cause of the issue is SE Linux. SE Linux prevents Apache from accessing files outside its granted folders (that's /var/www). Following shows how to overcome this:
Solution 1:
Disable SE Linx (Not recommended)
edit /etc/selinux/config
change SELINUX=enforcing to SELINUX=disabled
DONE.
Solution 2:
Grant permission to apache user (The one that's used to run apache web server) over /var/log/ or anywhere you want.
OpenLDAP for ISP on RedHat Enterprise 6
This posts shows step by step of installing OpenLDAP on RHEL 6.
The next post will shows how to add more LDAP objects and AAA attributes that often being used in Internet Service Provider environment (such as Framed-IP-Address, NAS-Port-ID...)
1. Installing compiler tools
RHEL doesn't install this by default. At least that's true to me.
Refer to this
2. Installing Prerequisites software
2.1. Installing Oracle Berkeley Database
[root@openldap db-5.1.25]# cd build_unix
[root@openldap db-5.1.25]# ../dist/configure
[root@openldap db-5.1.25]# make
[root@openldap db-5.1.25]# make install
2.2. Installing OpenSSL
Get it (Require internet connection to the server)
[root@openldap tmp]# wget http://www.openssl.org/source/openssl-1.0.0d.tar.gz
Install it
[root@openldap tmp]# tar zxvf openssl-1.0.0d.tar.gz
[root@openldap openssl-1.0.0d]# ./config
[root@openldap openssl-1.0.0d]# make
[root@openldap openssl-1.0.0d]# make install
2.3. Installing Cyrus SASL
Install Cyrus SASL from RHEL DVD: [root@openldap Packages]# rpm -Uvh cyrus-sasl-2.1.23-8.el6.x86_64.rpm
2.4. InstallingKerberos Authentication Service
3. Installing OpenLDAP
3.1. Get the latest version
http://www.openldap.org/software/download/
3.2. Compile and install
CPPFLAGS="-I/usr/local/BerkeleyDB.4.7/include"
export CPPFLAGS
LDFLAGS="-L/usr/local/lib -L/usr/local/BerkeleyDB.4.7/lib -R/usr/local/BerkeleyDB.4.7/lib"
export LDFLAGS
LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.7/lib"
export LD_LIBRARY_PATH4. Configuring OpenLDAP
4.1. Create database for storing config information (config DIT)
4.2. Create database for root DIT
In this example, root DIT is: dc=test, dc=com
The next post will shows how to add more LDAP objects and AAA attributes that often being used in Internet Service Provider environment (such as Framed-IP-Address, NAS-Port-ID...)
1. Installing compiler tools
RHEL doesn't install this by default. At least that's true to me.
Refer to this
2. Installing Prerequisites software
2.1. Installing Oracle Berkeley Database
[root@openldap db-5.1.25]# cd build_unix
[root@openldap db-5.1.25]# ../dist/configure
[root@openldap db-5.1.25]# make
[root@openldap db-5.1.25]# make install
2.2. Installing OpenSSL
Get it (Require internet connection to the server)
[root@openldap tmp]# wget http://www.openssl.org/source/openssl-1.0.0d.tar.gz
Install it
[root@openldap tmp]# tar zxvf openssl-1.0.0d.tar.gz
[root@openldap openssl-1.0.0d]# ./config
[root@openldap openssl-1.0.0d]# make
[root@openldap openssl-1.0.0d]# make install
2.3. Installing Cyrus SASL
Install Cyrus SASL from RHEL DVD: [root@openldap Packages]# rpm -Uvh cyrus-sasl-2.1.23-8.el6.x86_64.rpm
2.4. Installing
3. Installing OpenLDAP
3.1. Get the latest version
http://www.openldap.org/software/download/
3.2. Compile and install
CPPFLAGS="-I/usr/local/BerkeleyDB.4.7/include"
export CPPFLAGS
LDFLAGS="-L/usr/local/lib -L/usr/local/BerkeleyDB.4.7/lib -R/usr/local/BerkeleyDB.4.7/lib"
export LDFLAGS
LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.7/lib"
export LD_LIBRARY_PATH4. Configuring OpenLDAP
4.1. Create database for storing config information (config DIT)
4.2. Create database for root DIT
In this example, root DIT is: dc=test, dc=com
Friday, March 11, 2011
Create VLAN on Ubuntu
First, check to see whether NIC supports 802.1Q
If yes, install VLAN support to Ubuntu:
sudo apt-get install vlan
Edit your /etc/network/interfaces file so it would contain the following:
# The loopback network interface
auto lo
iface lo inet loopback# This is a list of hotpluggable network interfaces.
# They will be activated automatically by the hotplug subsystem.
auto vlan11
auto vlan22
# VLAN 11iface vlan11 inet static
address x.x.x.x
netmask x.x.x.x
vlan_raw_device eth0# VLAN 22
iface vlan5 inet static
address 172.16.0.1
netmask 255.255.255.0
vlan_raw_device eth0
Restart your network interface:
sudo /etc/init.d/networking restart
Done. If you connects that Ubuntu to a switch via trunk link, it can serve multiple VLANs same as the routers do.PPPoE Server on Ubuntu 10
If you need a PPPoE for your network or just for hacking a very poor security Ethernet network, follow this to create a PPPoE server on a Ubuntu server.
Note that:
In poor security ethernet network, when a pppoe client sends request in broadcast form, that request could reach not only genuine BRAS but also other clients. If you setup a client as pppoe server, and your reply comes to the client before that BRAS's one, the client will choose you. You will be the gateway. That's cool.
Installation
Note that:
In poor security ethernet network, when a pppoe client sends request in broadcast form, that request could reach not only genuine BRAS but also other clients. If you setup a client as pppoe server, and your reply comes to the client before that BRAS's one, the client will choose you. You will be the gateway. That's cool.
Installation
sudo apt-get install ppp
sudo apt-get install pppoe
cd /etc/ppp/
vi options
uncomment auth to enable authentication that requires users to enter password
comment noauth to disable non-authentication
uncomment +pap and +chap to enable PAP an CHAP authentication method
vi pap-secrets and chap-secrets to add new users
Start PPPoE Server
In this example, pppoed will listen on interface eth0, local IP for eth0 is 172.16.16.1, dynamic IP for clients ranges from 172.16.16.2
sudo pppoe-server -I eth0 -L 172.16.16.1 -R 172.16.16.2 -O /etc/ppp/options
Now we can create PPPoE session on our client host to connect to the server
In case you want to enable clients to connect to the internet, you must change local IP and Remote IP to public IP addresses. Or you could enable NAT on the server
Enable NAT on Ubuntu using ufw (IP Masquerading)
First, packet forwarding needs to be enabled in ufw.
Two configuration files will need to be
adjusted, in /etc/default/ufw change the DEFAULT_FORWARD_POLICY to “ACCEPT”:
Then edit /etc/ufw/sysctl.conf and uncomment: net/ipv4/ip_forward=1
(Similarly, for IPv6 forwarding uncomment: net/ipv6/conf/default/forwarding=1)
Now we will add rules to the /etc/ufw/before.rules file. The default rules only configure the
filter table, and to enable masquerading the nat table will need to be configured. Add the following
to the top of the file just after the header comments:
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Forward traffic from eth0 through eth1.
-A POSTROUTING -s 172.16.16.0/24 -o eth1 -j MASQUERADE
# don't delete the 'COMMIT' line or these nat table rules won't be processed
COMMIT
In the above example replace eth0, eth1, and 172.16.16.0/24 with the appropriate
interfaces and IP range for your network.
Finally, disable and re-enable ufw to apply the changes:
sudo ufw disable && sudo ufw enable
IP Masquerading should now be enabled. You can also add any additional FORWARD rules to the
/etc/ufw/before.rules. It is recommended that these additional rules be added to the ufw-beforeforward
chain.
Tuesday, March 8, 2011
FreeRADIUS deployment on RedHat Enterprise Linux
OS Preparation
Installing gcc compiler tool
RHEL is not installing gcc by default, so gcc need to be installed first before configuring the source
Install gcc tools from RHEL DVD
create a folder to mount cdrom to
mkdir /cdrom
insert RHEL DVD disk 1, mount /dev/cdrom /cdrom
enter /cdrom/Packages
Install Kernal Headers first
[root@radius Packages]# rpm -Uvh kernel-headers-2.6.32-71.el6.x86_64.rpm
Looking for gcc packages
run rpm -Uvh gcc-??? (enter TAB to display all the packages that start with gcc)
[root@radius Packages]# rpm -Uvh gcc-4.4.4-13.el6.x86_64.rpm
warning: gcc-4.4.4-13.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
error: Failed dependencies:
cloog-ppl >= 0.15 is needed by gcc-4.4.4-13.el6.x86_64
cpp = 4.4.4-13.el6 is needed by gcc-4.4.4-13.el6.x86_64
glibc-devel >= 2.2.90-12 is needed by gcc-4.4.4-13.el6.x86_64
If the above error displayed, enter the following command
[root@radius Packages]# rpm -Uvh cloog-ppl-0.15.7-1.2.el6.x86_64.rpm cpp-4.4.4-13.el6.x86_64.rpm glibc-devel-2.12-1.7.el6.x86_64.rpm gcc-4.4.4-13.el6.x86_64.rpm
If this error message displayed, fix it first
warning: cloog-ppl-0.15.7-1.2.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
error: Failed dependencies:
libppl.so.7()(64bit) is needed by cloog-ppl-0.15.7-1.2.el6.x86_64
libppl_c.so.2()(64bit) is needed by cloog-ppl-0.15.7-1.2.el6.x86_64
libmpfr.so.1()(64bit) is needed by cpp-4.4.4-13.el6.x86_64
glibc-headers is needed by glibc-devel-2.12-1.7.el6.x86_64
glibc-headers = 2.12-1.7.el6 is needed by glibc-devel-2.12-1.7.el6.x86_64
Use the following link to find the package that contains libppl.so.7 and so on library http://rpmfind.net/linux/rpm2html/
[root@radius Packages]# rpm -Uvh ppl-0.10.2-11.el6.x86_64.rpm mpfr-2.4.1-6.el6.x86_64.rpm glibc-headers-2.12-1.7.el6.x86_64.rpm
Repeat the previous step.
[root@radius Packages]# rpm -Uvh cloog-ppl-0.15.7-1.2.el6.x86_64.rpm cpp-4.4.4-13.el6.x86_64.rpm glibc-devel-2.12-1.7.el6.x86_64.rpm gcc-4.4.4-13.el6.x86_64.rpm
Install gcc-c++
[root@radius Packages]# rpm -Uvh libstdc++-devel-4.4.4-13.el6.x86_64.rpm gcc-c++-4.4.4-13.el6.x86_64.rpm
Installing libtools
[root@radius Packages]# rpm -Uvh autoconf-2.63-5.1.el6.noarch.rpm automake-1.11.1-1.2.el6.noarch.rpm libtool-2.2.6-15.5.el6.x86_64.rpm
[root@radius Packages]# rpm -Uvh libtool-ltdl-2.2.6-15.5.el6.x86_64.rpm
If you need to config or change IP address of your server, refer to this link
Get the software
Download FreeRADIUS package to /tmp
[root@radius tmp]# wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.10.tar.gz
Prerequisites
No prerequisites required
Installation
[root@radius tmp]# tar zxvf freeradius-server-2.1.10.tar.gz
[root@radius freeradius-server-2.1.10]# ./configure
To enable LDAP authentication, use ./configure --with-modules="rlm_ldap"
[root@radius freeradius-server-2.1.10]# make
[root@radius freeradius-server-2.1.10]# make install
Default installation location on RHEL
/usr/local/etc/raddb/
config file: /usr/local/etc/raddb/radiusd.conf
Radius server daemon: /usr/local/var/run/radiusd
Configuration
Start/Stop the server
Testing server
LDAP configuration for authenticating
SQL configuration for accounting
Securing the server
Installing gcc compiler tool
RHEL is not installing gcc by default, so gcc need to be installed first before configuring the source
Install gcc tools from RHEL DVD
create a folder to mount cdrom to
mkdir /cdrom
insert RHEL DVD disk 1, mount /dev/cdrom /cdrom
enter /cdrom/Packages
Install Kernal Headers first
[root@radius Packages]# rpm -Uvh kernel-headers-2.6.32-71.el6.x86_64.rpm
Looking for gcc packages
run rpm -Uvh gcc-??? (enter TAB to display all the packages that start with gcc)
[root@radius Packages]# rpm -Uvh gcc-4.4.4-13.el6.x86_64.rpm
warning: gcc-4.4.4-13.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
error: Failed dependencies:
cloog-ppl >= 0.15 is needed by gcc-4.4.4-13.el6.x86_64
cpp = 4.4.4-13.el6 is needed by gcc-4.4.4-13.el6.x86_64
glibc-devel >= 2.2.90-12 is needed by gcc-4.4.4-13.el6.x86_64
If the above error displayed, enter the following command
[root@radius Packages]# rpm -Uvh cloog-ppl-0.15.7-1.2.el6.x86_64.rpm cpp-4.4.4-13.el6.x86_64.rpm glibc-devel-2.12-1.7.el6.x86_64.rpm gcc-4.4.4-13.el6.x86_64.rpm
If this error message displayed, fix it first
warning: cloog-ppl-0.15.7-1.2.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
error: Failed dependencies:
libppl.so.7()(64bit) is needed by cloog-ppl-0.15.7-1.2.el6.x86_64
libppl_c.so.2()(64bit) is needed by cloog-ppl-0.15.7-1.2.el6.x86_64
libmpfr.so.1()(64bit) is needed by cpp-4.4.4-13.el6.x86_64
glibc-headers is needed by glibc-devel-2.12-1.7.el6.x86_64
glibc-headers = 2.12-1.7.el6 is needed by glibc-devel-2.12-1.7.el6.x86_64
Use the following link to find the package that contains libppl.so.7 and so on library http://rpmfind.net/linux/rpm2html/
[root@radius Packages]# rpm -Uvh ppl-0.10.2-11.el6.x86_64.rpm mpfr-2.4.1-6.el6.x86_64.rpm glibc-headers-2.12-1.7.el6.x86_64.rpm
Repeat the previous step.
[root@radius Packages]# rpm -Uvh cloog-ppl-0.15.7-1.2.el6.x86_64.rpm cpp-4.4.4-13.el6.x86_64.rpm glibc-devel-2.12-1.7.el6.x86_64.rpm gcc-4.4.4-13.el6.x86_64.rpm
Install gcc-c++
[root@radius Packages]# rpm -Uvh libstdc++-devel-4.4.4-13.el6.x86_64.rpm gcc-c++-4.4.4-13.el6.x86_64.rpm
Installing libtools
[root@radius Packages]# rpm -Uvh autoconf-2.63-5.1.el6.noarch.rpm automake-1.11.1-1.2.el6.noarch.rpm libtool-2.2.6-15.5.el6.x86_64.rpm
[root@radius Packages]# rpm -Uvh libtool-ltdl-2.2.6-15.5.el6.x86_64.rpm
If you need to config or change IP address of your server, refer to this link
Get the software
Download FreeRADIUS package to /tmp
[root@radius tmp]# wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.10.tar.gz
Prerequisites
No prerequisites required
Installation
[root@radius tmp]# tar zxvf freeradius-server-2.1.10.tar.gz
[root@radius freeradius-server-2.1.10]# ./configure
To enable LDAP authentication, use ./configure --with-modules="rlm_ldap"
[root@radius freeradius-server-2.1.10]# make
[root@radius freeradius-server-2.1.10]# make install
Default installation location on RHEL
/usr/local/etc/raddb/
config file: /usr/local/etc/raddb/radiusd.conf
Radius server daemon: /usr/local/var/run/radiusd
Configuration
Start/Stop the server
Testing server
LDAP configuration for authenticating
SQL configuration for accounting
Securing the server
Change IP Address on RedHat Enterprise Linux
1. Open Terminal.
2. Open network configuration file. In this example, it’ll configure on interface eth0. Type
vi /etc/sysconfig/network-scripts/ifcfg-eth0
The current and default configuration is DHCP.
3. Modify the file by press ‘i’ to enter insert mode. Change BOOTPROTO to static and add IP Address and Net mask as new lines if they’re not existed yet..
BOOTPROTO=static
IPADDR=192.168.125.10
NETMASK=255.255.255.0
4. Save the configuration file by press ESC + ‘:’ and type ‘wq’ to write and quit the editor.
5. You can added these configuration to the config file. Replace [number] with your actual value.
GATEWAY=[number]
TYPE=Ethernet
NETWORK=[number]
BROADCAST=[number]
6. Restart the network interface card. Type
service network restart
7. Review the configuration. Type
ifconfig
2. Open network configuration file. In this example, it’ll configure on interface eth0. Type
vi /etc/sysconfig/network-scripts/ifcfg-eth0
The current and default configuration is DHCP.
3. Modify the file by press ‘i’ to enter insert mode. Change BOOTPROTO to static and add IP Address and Net mask as new lines if they’re not existed yet..
BOOTPROTO=static
IPADDR=192.168.125.10
NETMASK=255.255.255.0
4. Save the configuration file by press ESC + ‘:’ and type ‘wq’ to write and quit the editor.
5. You can added these configuration to the config file. Replace [number] with your actual value.
GATEWAY=[number]
TYPE=Ethernet
NETWORK=[number]
BROADCAST=[number]
6. Restart the network interface card. Type
service network restart
7. Review the configuration. Type
ifconfig
Subscribe to:
Posts (Atom)