Category: Knowledgebase

recover lv

Recover LV or VG after running lvreduce, lvremove, lvresize

Before applying a change to a logical volume (LV), it automatically creates a backup of the volume group (VG) and even an archive of the logical volume on which the operation is performed. This enables the restoration of the lost logical volume from the archive.

  • To restore the LV, first fund the LV in the archive. In the below command, [VG] is the name of the volume group from which you want to restore LV. This command will display all available backups for the VG.

# vgcfgrestore -l [VG]

  • Grep the string ‘command_executed’ from the output of the above command by appending the grep command as follows.

# vgcfgrestore -l [VG] | grep -A2 -B2 "<command_executed>"

  • Copy the filename of backup that is your logical volume. You can pinpoint your required LV by reading the description and timestamps.
  • Test the archive using the following command.

# vgcfgrestore --test -f <archive_file_path_here> [VG]

  • Finally, restore LV/VG as follows.

# vgcfgrestore -f <archive_file_path> <VG name>

  • Unmount the volume, reboot the server, and remount volume

image

How to grow an XFS filesystem with pvcreate, vgextend, lvextend and xfs_growfs commands?

The methods below show how to extend a Volume Group (VG), a Logical Volume (LV), and a filesystem with a Physical Volume designated /dev/sda. (PV).

  • Create a PV from a free disk or partition (e.g., a partition named /dev/sda1):

# pvcreate /dev/sda1

  • Extend the VG name vg. /dev/sda1 is the existing PV path.

# vgextend vg /dev/sda1

  • Extend the LV and resize the underlying filesystem at the same time (the existing LV path is /dev/vg/lv00), which will be expanded by 150 GB.

# lvextend -r -L +150G /dev/vg/lv00

If you don’t run resize2fs or xfs_growfs on the block device after growing the Logical Volume, the file system size will be the same as it was before. To make use of the LVM’s extra capacity, use resize2fs or xfs_growfs to fill the partition with the current file system. You can now see the extended size of the file system in the df command output after resizing the file system.

apache

How to change the ownership of httpd process?

  • The owner and group of httpd-related processes is “apache” by default, as set in the apache configuration file (httpd.conf) shown below.

User apache
Group apache

  • You can confirm the user name and group of httpd process by using the ps command as follows.

$ ps -aux | grep httpd
root 9773 0.0 0.0 4520 685 pts/3 R+ 19:19 0:00 grep --color httpd
root 9773 0.0 0.5 18564 5736 ? Ss Aug19 0:00 /usr/sbin/httpd
apache 9773 0.0 0.2 18564 3068 ? S Aug19 0:00 /usr/sbin/httpd
apache 9773 0.0 0.2 18564 3068 ? S Aug19 0:00 /usr/sbin/httpd

  • If you want to change the owner of the httpd, simply edit /etc/httpd/conf/httpd.conf and replace the User and Group directives with any other user/groupd.

User newuser
Group newgroup

  • Restart apache httpd service.

systemctl restart httpd

  • Confirm the modification as follows.

ps -aux | grep httpd

Enable HTTP Strict Transport Security (HSTS) on Apache HTTPD

This guide explains how to enable HTTP Strict Transport Security (HSTS) on Apache HTTPD.

  • The first step is to verify that Apache HTTPD headers module is enabled. Check the following text in /etc/httpd/conf.modules.d/00-base.conf or /etc/httpd/conf/httpd.conf.

LoadModule headers_module modules/mod_headers.so

  • Add the following text in /etc/httpd/conf.d/ssl.conf to <VirtualHost *:443> virtual host or for each SSL enabled virtual host.

Header always set Strict-Transport-Security "max-age=58099000; includeSubDomains"

  • The final step is to redirect traffic from the non-encrypted virtual host to HTTPS as follows:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>

  • Restart HTTPD service as follows:

systemctl restart httpd

YUM Command Cheat Sheet

YUM command is used for installing, querying, deleting, and managing CentOS/AlmaLinux packages in local and remote repositories. Use the following YUM Cheat Sheet as a quick reference for commands and options.

TASKDESCRIPTIONCOMMAND

Manage YUM Repository

List enabled repositories on the server.repolist

Manage YUM Repository

Show information about enabled yum repositories.yum repoinfo centos-7-server-rpms

Manage YUM Repository

List packages in a repository.yum repo-pkgs seimaxim-rpms list

Manage YUM Repository

Install all packages in a seimaxim-rpms repository.yum repo-pkgs seimaxim-rpms install

Manage YUM Repository

Remove all packages from seimaxim-rpms repository.yum repo-pkgs seimaxim-rpms remove

Manage YUM Repository

Download the yum repository data in the cache.makecache

YUM Info

List yum options and commands.yum help

YUM Info

List all available & installed packages.yum list all

YUM Info

List all installed packages.yum list installed

YUM Info

Show all installed and available kernel packages.yum list kernel

YUM Info

Show info of ImageMagick package.yum info ImageMagick

YUM Info

Show package dependency.yum deplist ImageMagick

YUM Info

List package providing the queried file.yum provides "/sbin/adduser"

YUM Info

Search package by name.yum search finger

YUM Info

Show available and installed package groups.yum grouplist

YUM Info

Show contents and description of package groups.yum groupinfo "Web Server"

YUM Info

Show available updates in a repository.yum check-update

Installation, Removal, & Upgrade of Packages

Install the ImageMagick package.yum install vsftpd

Installation, Removal, & Upgrade of Packages

Update all packages installed on the server.yum update
yum -y update

Installation, Removal, & Upgrade of Packages

Update one package installed on the server.yum update httpd

Installation, Removal, & Upgrade of Packages

Upgrade all packages on the server.yum upgrade

Installation, Removal, & Upgrade of Packages

Update only security packages.yum update --security

Installation, Removal, & Upgrade of Packages

Update packages to a specific version.yum update-to

Installation, Removal, & Upgrade of Packages

Upgrade all packages on the server.yum upgrade

Installation, Removal, & Upgrade of Packages

Downgrade a package.yum downgrade vsftpd

Installation, Removal, & Upgrade of Packages

Remove a package (ftp) and install another (vsftpd).yum swap ftp vsftpd

Installation, Removal, & Upgrade of Packages

Erase a package and dependencies.yum remove lftp

Installation, Removal, & Upgrade of Packages

Erase a package and dependencies.yum erase lftp

Installation, Removal, & Upgrade of Packages

Erase a package and packages, not required.yum autoremove vsftpd

Installation, Removal, & Upgrade of Packages

Install all packages in selected group.yum groupinstall "Web Server"

Installation, Removal, & Upgrade of Packages

Install a package from http,ftp, or local file.yum localinstall xyz-2-2.x64.rpm
yum localinstall https://seimaxim-repo/xyz-2-2.x64.rpm

Troubleshoot YUM

Display yum update, install and erase commands.yum history list

Troubleshoot YUM

Display info of yum action 2.yum history info 2

Troubleshoot YUM

Undo yum action in transaction 2.yum history undo 2

Troubleshoot YUM

Redo yum action in transaction 2.yum history redo 2

Troubleshoot YUM

Useful for package updates rollback.yum fssnapshot

Useful YUM Commands

If prompted for install permission, assume no.yum --assumeno

Useful YUM Commands

Produce extra verbose output.yum -v

Useful YUM Commands

No verbose output.yum -q

Useful YUM Commands

Enable disabled repo.yum --enablerepo=
yum install ImageMagick --enablerepo=centos-7-server-rpm

Useful YUM Commands

Disable the enabled repo.yum list available --disablerepo=epel

Useful YUM Commands

Execute command without loading yum plugins.yum --noplugins

Useful YUM Commands

Show changelog details of a package.yum --changelog

Useful YUM Commands

List processes that have been updated and require a restart. Requires yum-utils package.yum needs-restarting

Useful YUM Commands

Show conflicted dependencies from the repository. Requires yum-utils package.yum repoclosure

Useful YUM Commands

Analyze consistency in local yum repository. Requires yum-utils package.yum verifytree

Useful YUM Commands

Complete yum actions that are not yet complete/failed. Requires yum-utils package.yum-complete-transaction

Useful YUM Commands

Change or check the yum database. Requires yum-utils package.yumdb

Useful YUM Commands

Download a package from a yum repository to a local server. Requires yum-utils package.yumdownloader

Useful YUM Commands

Download a package and its dependences. Requires yum-utils package.repotrack

How to find files with specific permissions?

You may need to find files with specific permissions in a Linux server for audit and security reasons. You can use the Linux find command to achieve this task.

  • The following command can be used to find files with (group or other or both) writable permission and SET UID set.

# find / -perm /022 -and -perm -4000 -exec ls -ldb {} ;
                        ^^^^                       ^
                        | | | |                           |– So the SUID is 4
                        | | | |– Other is writable (2)
                        | | |–Group permission is writable (2)
                        | |– No owner permission mentioned (0)
                       |– As the logic is OR – group or other or both

  • You can use the following command to list files with other writable excluding sticky bit sets.

# find / -perm -002 -and -perm -1000 -exec ls -ldb {} ;

  • Use the following command to list files with other writable excluding sticky bit set.

# find / -perm -002 -not -perm -1000 -exec ls -ldb {} ;

  • The following command can be used to list files with (group + other) writable and SET GID set.

# find / -perm -2022 -exec ls -ldb {} ;

  • The Find command to list files with (group + other) writable permission and SET UID set.

# find / -perm -4022 -exec ls -ldb {} ;

  • Command to list files with other writable and sticky bit sets.

# find / -perm -1002 -exec ls -ldb {} ;

  • Command to list files with other writable excluding sticky bit set.

# find / -perm -002 -not -perm -1000 -exec ls -ldb {} ;

Find the largest directories sorted by disk space

Use the du command to list firectories with largest disk space. Replace DIREC in the following commands with a starting directory (e.g; / or /etc)

# du -sh $DIREC/* | sort -r --human-numeric-sort | head -n10

In the above command, head -n10 option can be changed to list few or more results in the output.

Another example is given below.

# du -sh /* | sort -r --human-numeric-sort | head -n10

Are all numeric usernames allowed in AlmaLinux 8

All numeric login names are not supported in AlmaLinux and CentOS. usernames that begin with a digit and also contain letters are not known to have any issue. However, in CentOS 7 version, some system tools can make varying assumptions.

In Almalinux 8 and future releases, ALL numeric usernames are not supported. For more details check the man page of useradd. An excerpt is given below:

Usernames may contain only lower and upper case letters, digits, underscores, or dashes. They can end with a dollar sign. Dashes are not allowed at the beginning of the username. Fully numeric usernames and usernames . or .. are also disallowed. It is not recommended to use
usernames beginning with . character as their home directories will be hidden in the ls output. In regular expression terms: [a-zA-Z0-9_.][a-zA-Z0-9_.-]*[$]?

In CentOS 7, user and group names consisting of only digits, while permitted by shadow-utils,  should best be avoided. OS tools, getent, setfacl, and chown can’t recognize ALL numeric login names. If you still want to create ALL numeric usernames shadow-utils will require the SHADOW_ALLOW_ALL_NUMERIC_USER environment variable to be set to any value so as to allow useradd to make ALL numeric usernames.

POSIX does not forbid ALL numeric user names but it can introduce certain issues. Some programs only manipulate a string or an integer but CLI tools get their input as strings. They have to decide whether 3OO1 should be treated as a string username or an integer UID. 

 

How to disable delayed ACKs

TCP throughput (SCP) from a remote host is slow. By looking at the trace, it is noticed that the CentOS server is waiting for up to 40ms before sending an ACK.

In CentOS releases before 7.2, delayed Acks can only be reduced by cannot be eliminated. In CentOS 7.2, quickacks are tunable on a per route basis. By enabling quickacks delayed, The kernel disables aCKs. You can allow quickacks by executing ip route change based on ip route show.

# ip route show
default via 192.168.1.254 dev ens1 proto static metric 100
192.168.1.0/24 dev ens1 proto kernel scope link src 192.168.1.112 metric 100

# ip route change default via 192.168.1.254 dev ens1 proto static metric 100 quickack 1

# ip route change 192.168.1.0/24 dev ens1 proto kernel scope link src 192.168.1.112 metric 100 quickack 1

# ip route show
default via 192.168.1.254 dev ens1 proto static metric 100 quickack 1
192.168.1.0/24 dev ens3 proto kernel scope link src 192.168.1.112 metric 100 quickack 1