Search

Friday, October 05, 2012

Setup ntpd

To synchronize your unix to the HK time servers:

1.    service stop ntpd
2.    ntpdate hk.pool.ntp.org  // we set a sensible time first
3.    vi /etc/ntp.conf and put the followings.

server 0.hk.pool.ntp.org
server 1.hk.pool.ntp.org
server 2.hk.pool.ntp.org

driftfile /var/lib/ntp/drift

4.    service start ntpd

Soon, you will see the ntp status.  For illustration:
#ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*203.129.68.14   192.168.51.202   2 u   60   64   17    7.094    7.683   3.114
+202.131.74.126  210.0.235.14     3 u   61   64   17   10.296    6.702   4.906
 127.127.1.0     .LOCL.          10 l    -   64   37    0.000    0.000   0.008

The actual ip addresses will be different as you are assigned random servers from the pool.  The important thing is the '*' sign in front of one of them, meaning that your server is now getting time from internet.

Troubleshooting
If you are unable to synchronize with the time servers, please check that UDP port 123 is opened.


Thursday, October 04, 2012

How to restrict ssh login by ip address

SSH restriction can be accomplished in below two files.

1.    /etc/hosts.allow

Example:
sshd: 1.2.3.0/255.255.255.0  sshd: 192.168.0.0/255.255.255.0

2.    /etc/hosts.deny

Example:
sshd: ALL

The access control software consults the above two files.   Search stops at the first match.

Wednesday, October 03, 2012

Iptables Rule for Asterisk

The default iptables ruleset will block SIP traffic. To allow it, we
need below:

# SIP on UDP port 5060. Other SIP servers may need TCP port 5060 as well
iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
# RTP - the media stream
# (related to the port range in /etc/asterisk/rtp.conf)
iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
#

Or we use -I to insert the rules at specified rule number (the topmost
rule is numbered 1)
iptables -I INPUT 2 -p udp -m udp --dport 5060 -j ACCEPT
iptables -I INPUT 2 -p udp -m udp --dport 10000:20000 -j ACCEPT

Resize Unix Root File System

The resize2fs program will resize ext2, ext3, or ext4 file systems.
It can be used to enlarge or shrink an unmounted file system located on
device. If the filesystem is mounted, it can be used to expand the size
of the mounted filesystem, assuming the kernel supports on-line resizing.

First of all, we need to add a new partition.
# fdisk <disk>

Command (m for help): n

Command action
e extended
p primary partition (1-4)
p

and input the required partition size and lastly 'w' to write the
changes to partition table.

# shutdown -r now (or use partprobe)

# pvcreate <the new partition>

# vgextend VolGroup /dev/xvda3 (add the new physical volume to a
volume group)

# lvextend /dev/VolGroup/lv_root /dev/xvda3 (extend an existing logical
volume with the newly created physical volume)

# resize2fs /dev/mapper/VolGroup-lv_root (at last, we run resize2fs to
enlarge the filesystem)