Cloud DevOps Admin Guide

How to keep X11 display after su or sudo - MobaXterm

I have received a lot of emails asking how to keep X11-forwarding working after changing user to root inside a SSH session in MobaXterm. This is by default not allowed on Unix/Linux systems, because the X11 display connection belongs to the user you used to log with when connecting to your remote SSH server. X11-forwarding mechanism does not allow anyone to use the open display.

However, in some cases you may need to start a graphical application like nedit or firefox in a sudo or su context. In order to achieve this, you could manually retrieve X credentials in the su/sudo context by looking up the “xauth list” for the original username and then adding them using “xauth add” to the current context.

You can also use a single (magic) command in order to achieve this!

For instance, here is a simple scenario:

I start a SSH session to remote server “Server1” with user “john”
In this session, I perform a “su -” command in order to become “root”
If I run “xclock”, the following error occurs:

MobaXterm X11 proxy: Authorisation not recognised
Error: Can’t open display: localhost:10.0

I just have to execute the following command in order to retrieve my display and make “xclock” work:
xauth add $(xauth -f ~john/.Xauthority list|tail -1)

We hope this will help you if you need to have a working X11 display through SSH after becoming root.

Install and configure Squid proxy server on Linux

A proxy server is a computer that acts as an intermediary between a desktop computer and the internet and allows a client machine to make an indirect connection to network servers and services. There are many reasons why you might want to include a proxy server on your network:

To share internet connection on a LAN
To speed up internet surfing
To hide the IP address of the client computer for anonymous surfing
To implement internet access control
To scan outbound content
To circumvent regional restrictions

Clearly some of the above reasons are perfectly fitting for a business and some, well, may not fall in line with your best practices. Regardless, knowing how to install and configure a proxy server is a must-have skill for a network administrator. So, let's take care of that.

1. Install Squid

Squid can be easily install using yum command line tool.

# yum install squid

2. Setup Port and Start Service

Squid by default run on port 3128. If you want to start squid on different port, Edit squid configuration file and change http_port value. For example we are changing squid to run on port 8080.

# vim /etc/squid/squid.conf

http_port 8080

Start/Restart Squid service.

# service squid restart

3. Configure SQUID to Block Specific Website

Add below rules to block specific website before any allow all rules. Below example will block yahoo.com and www.rediff.com.

acl blocksite1 dstdomain yahoo.com
acl blocksite2 dstdomain www.rediff.com
http_access deny blocksite1
http_access deny blocksite2

If you have a long list of domain names, Create a file /etc/squid/blockwebsites.lst and put domain names one per line and add below rule in squid configuration file.

acl blocksitelist dstdomain "/etc/squid/blockwebsites.lst"
http_access deny blocksitelist

blockwebsites.lst file content example:

# cat /etc/squid/blockwebsites.lst
yahoo.com
www.rediff.com

4. Configure Squid to Block Specific Keyword

Add below rules to block specific website before any allow all rules. Below example will block all pages having keyword yahoo or gmail.

acl blockkeyword1 url_regex yahoo
acl blockkeyword2 url_regex gmail
http_access deny blockkeyword1
http_access deny blockkeyword2

If you have a long list of keywords, Create a file /etc/squid/blockkeywords.lst and put keywords one per line and add below rule in squid configuration file.

acl blockkeywordlist url_regex "/etc/squid/blockkeywords.lst"
http_access deny blockkeywordlist

blockkeywords.lst file content example:

# cat /etc/squid/blockkeywords.lst
yahoo
gmail
facebook

Congratulation’s you have successfully installed and configured Squid proxy server

Finding WWN number of HBA and Scanning FC luns in linux

As a Linux admin, we may come in a situation like, to find WWN number of HBA and scan the FC Luns in LINUX which are provided by Storage team. It needs to be scan from the Linux OS side without rebooting server.

So How to find WWN number of HBA and scan the FC Luns in LINUX without rebooting the server?

Here is a solution to find WWN number of HBA and scan the FC Luns.

Identify the number of HBA adapters

systool -c fc_host -v
or
ls /sys/class/fc_host
host0 host1

Note the number of hosts available in the server. We have Two HBA here from the above example (host0 and host1).

To get the WWNN (World Wide Node Number) of HBA or FC card in Linux

cat /sys/class/fc_host/host0/node_name
0x20000000c9538d83
cat /sys/class/fc_host/host1/node_name
0x20000000c9538dac

To get the WWPN (World Wide Port Number) of HBA or FC card in Linux

cat /sys/class/fc_host/host0/port_name0x10000000c9538d83
cat /sys/class/fc_host/host1/port_name0x10000000c9538dac

If you have more HBAs, replace "host0 or host1" with "hostN ". In most cases, System admins need to provide the WWPN to storage admins for the storage allocation.

Scan the newly added or rescan the existing LUNs in Linux

echo "1" > /sys/class/fc_host/host0/issue_lip
echo "- - -" > /sys/class/scsi_host/host0/scan

If you have more number of hosts file under the directory /sys/class/fc_host, then use the command for each hosts file by replacing the "host0".

From Redhat Linux 5.4 onwards, redhat introduced “/usr/bin/rescan-scsi-bus.sh” script to scan all the SCSI bus and update the SCSI layer to reflect new devices.

We can also use the "rescan-scsi-bus.sh" script to detect new LUNs without rebooting the server.

This script is available with sg3-utils package. So install the sg3-utils package using yum.

yum install sg3_utils
rescan-scsi-bus.sh

Now check the detected disks using fdisk command.