TimArcher.com A blog about technology...and more.

From the expect man page:
Expect is a program that "talks" to other interactive programs according to a script. Following the script, Expect knows what can be expected from a program and what the correct response should be. An interpreted language provides branching and high-level control structures to direct the dialogue. In addition, the user can take control and interact directly when desired, afterward returning control to the script.

At the institution for which I work, I am responsible for our Sungard HE Banner ERP system. One of the development tasks that I was presented with was to automatically run a binary file at 10pm every night. The challenge was that this program was interactive and required the user to input answers to prompts. This sounded like a perfect use of the Unix program expect.

By default, RedHat Linux AS and AS4 servers don’t come with a JDK (Java Development Kit) installed on them. Depending on your install, if you run the java command you may get some sort of error message or a file not found message.

In this post I will describe how to install a JDK on your RedHat Linux server. It should also work on Fedora, however I have not tried it personally.

1. First we need to download a JDK. I am downloading JDK 6u1 from http://java.sun.com/javase/downloads/index.jsp. Go to that page and click the Download button. On the new page that loads, we will download the Linux RPM in self-extracting file.
   

I believe that every organization should have a NTP/time server if they have more than one computer on site. Having an NTP server will allow you to keep the times on all of your computers in sync. This helps when comparing the logs from various servers to trace through various events that happened. It’s nice to be assured that the event really happened at the time specified in the log file regardless of what server you’re on.

In this post I will show you how to setup your RedHat Linux AS 3 or 4 machine as an NTP server. You could then take all of your other servers and workstations and have them synchronize their time from your NTP server.

By default, the files necessary to run the ntpd service are installed on a RedHat machine if you installed everything. If you did not install everything, go grab the ntp package off your install CDs or download it directly from RedHat. The name of the package that is installed on my RedHat AS4 server is ntp-4.2.0.a.20040617-4

Now we have to edit the /etc/ntp.conf file to plug in the NTP servers that we’ll synchronize with and setup the permissions of who can synchronize with us. To do this follow my steps below.

1. First make sure your computer's clock is set to something sensible (within a few minutes of the 'true' time). If it isn’t, NTP may never get them synchronized. On RedHat AS4, you can use the command system-config-date, and I believe on RedHat AS3, the command is redhat-config-date.
2. Open up /etc/ntp.conf in your favorite editor.
   

   vi /etc/ntp.conf
   

3. Plug in the timeservers that we’ll synchronize with. I use the servers from pool.ntp.org. The 0, 1 and 2.pool.ntp.org names point to a random set of servers that will change every hour.

   server 0.pool.ntp.org
   server 1.pool.ntp.org
   server 2.pool.ntp.org
   

4. Restrict the access that the pool.ntp.org servers have to our system. By putting the below restrictions in your ntp.conf file, the servers are not allowed to modify the run-time configuration or query your Linux NTP server.

   restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
   restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
   restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
   

5. Allow systems on your own network to query your NTP server. We have to define the networks from which this server will accept NTP synchronization requests. To do this we add another restrict statement that does not have the noquery restriction. Since my home network contains IP addresses in the range of 192.168.1.1-255, I plug in the following network:

   restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
   

   We could easily add many networks, or even individual hosts by using the mask 255.255.255.255.

6. We also want to permit full access to our NTP server from the localhost. Add a line like the following in your ntp.conf file if it is not already in there.
   

   # Permit all access over the loopback interface.  This could
   # be tightened as well, but to do so would effect some of
   # the administrative functions.
   restrict 127.0.0.1
   

7. The last thing we want to do is to setup ntpd to automatically start at system boot.

   chkconfig --level 35 ntpd on
   

8. And then verify that your system is set to start ntpd on system boot for runlevels 3 and 5. Run the command:

   chkconfig --list ntpd
   

   And your output should look like:

   ntpd            0:off   1:off   2:off   3:on    4:off   5:on    6:off
   

9. Now your NTP config should be all setup. Let’s manually stop and then start it. Run the /etc/init.d/ntpd stop and then the /etc/init.d/ntpd start commands.

   root@as1 filmoregroup.com [asdb] > /etc/init.d/ntpd stop
   Shutting down ntpd: [  OK  ]
   
   root@as1 filmoregroup.com [asdb] > /etc/init.d/ntpd start
   ntpd: Synchronizing with time server: [  OK  ]
   Starting ntpd: [  OK  ]
   

10. At your shell prompt you can run the ntpq command to check the synchronization status of your server with the external time servers we specified in the ntp.conf file.

    As root, run the command:

    ntpq -p
    

    And your output should look something like:

    root@as1 filmoregroup.com [asdb] > ntpq -p
         remote           refid      st t when poll reach   delay   offset  jitter
    ==============================================================================
    +ns1.dns.pciwest 204.123.2.5      2 u  562 1024  377   76.131   -2.912   1.129
    +dns1.tjgroup.no 192.43.244.18    2 u  550 1024  377  143.463    1.390   0.422
    *time4.stupi.se  .PPS.            1 u  604 1024  377  122.685    0.087   0.492
     LOCAL(0)        LOCAL(0)        10 l   35   64  377    0.000    0.000   0.001
    

    If the jitter column has a value of 4000.00 for any of the servers then it is usually a sign that your server is not able to synchronize with that server specified on the line with the bad jitter value. You may have a firewall or other internet connectivity problem then.

11. Your NTP server should now be setup. You can now tell other machines on your network how synchronize with your NTP server.

Synchronize Your Other Linux Clients

In order to point other Linux boxes on your network to your new NTP server, you’d follow the instructions above. However, instead of synchronizing with the pool.ntp.org servers you’d synchronize with the hostname of your NTP server. You also WOULD NOT need to grant access from other machines on the network to your server as we did by adding the command:

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

Alternatively, you can use the command system-config-time on RedHat AS 4, or redhat-config-time on RedHat AS 3 to use a GUI to specify the NTP server to synchronize with. I have a document on doing it this way at http://timarcher.com/?q=node/16

By default FTP comes disabled on stock RedHat AS3 and AS4 server installs. For the most part you should not be using it anyways, and instead using something more secure like SFTP. However, in some rare occasions I find the need to enable FTP. Below I will show you how to do it:

1. Become the root user on your server.
2. Change to the /etc/xinetd.d directory
   

   cd /etc/xinetd.d/
   

3. Edit the gssftp file

   vi gssftp
   

4. Change the line that says disable = yes to disable = no. Also remove the –a option in the server_args line.

When I setup my RedHat AS4 Linux server and connected it to the Internet, I soon saw in my logs that there were unauthorized people trying to login all day long. For the most part these attempted logins were from hacking scripts whose job is to try various common usernames and password until they find a combination that works. Frequently I would see entries in my /var/log/messages file that look like:

Apr  8 14:52:34 as1 sshd(pam_unix)[8217]: check pass; user unknown
Apr  8 14:52:34 as1 sshd(pam_unix)[8217]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=111.111.111.111
  

A basic, but very useful command I use in the day to day management of my servers is the Unix find command. The find command will search through directories looking for files that match your search criteria.

The most command tasks I use the find command for are to:

• Find files greater than X kBytes, especially log files that are getting big.
• Find files modified in the last X days. This is useful for finding old log files and deleting them.
• Finding files that have a certain keyword in their file name. For example, finding everything named *.txt.

Have you ever wondered how to easily change the date, time, and time zone configuration on your RedHat Linux server? Every once in a while I need to manipulate the date or time, especially when I ship servers to a new location in a different time zone, and I always fumble around for the commands.

Here is the easiest and fastest method I can find to do this:

1. First of all you need an X-Server running. Either start one up remotely on your workstation, or login to the graphical login screen on the console to your server.
2. Now run the appropriate RedHat utility to set your time as the root user.
   

With the servers that I manage, I sometimes need to run a command that starts some sort of GUI interface requiring an X server. This holds especially true if the server holds an Oracle database. The GUI tools Oracle provides make it easy to install Oracle, use the database configuration assistant (DBCA), run the wallet manager (OWM), and other utilities, however they all require an X Server.

What I don’t like to do is to have to determine my local computer's IP address, and from the Unix server manually export my DISPLAY to that IP address every time I want to run one of the programs requiring an X server.

One minor thing I do on all of my unix based Oracle database servers is setup the shell prompt to give me some key information. Namely, I always want to see my current directory, the user I am logged in as, the server I am logged into, and my current ORACLE_SID. Since I typically have many servers, oracle instances, and shell sessions open to manage them all, its easy to get confused as to what server and database your executing commands against.

My solution to this is to setup my shell prompt to show all of this information. The instructions I provide below will show you how to do this on a RedHat Linux AS3 system. It should work on most other Linux systems, and needs minor modifications for use on Sun Solaris systems.