Topics: Red Hat / Linux, Security

Monitor SSH logins

To monitor SSH logins on a Linux server, run the following command:

# journalctl -S @0 -u sshd
If you wish to continuously monitor the traffic, add the -f option. This will "tail" the output:
# journalctl -S @0 -u sshd -f

Topics: Hardware, Red Hat / Linux, System Admin

Determining memory DIMMs for Linux systems

If you wish to determine how much memory is installed in a Linux system, or perhaps the maximum amount of memory configurable on a system and the exact number and size of the memory DIMMs installed in the system, then you should use the dmidecode command.

The dmidecode command has a type option ( -t ), that can be used to indicate the type of device you wish to see detailed information for, like bios, system, baseboard, chassis, processor, cache, connector, slot and ... memory.

To retrieve the memory information, run the following command:

# dmidecode -t memory
You should get an output similar like the one below, but it can obviously differ per Linux system, depending on the hardware (model) and the installed memory.
# dmidecode -t memory
# dmidecode 3.2
Getting SMBIOS data from sysfs.
SMBIOS 2.7 present.

Handle 0x0047, DMI type 16, 23 bytes
Physical Memory Array
        Location: System Board Or Motherboard
        Use: System Memory
        Error Correction Type: None
        Maximum Capacity: 16 GB
        Error Information Handle: Not Provided
        Number Of Devices: 2

Handle 0x0048, DMI type 17, 34 bytes
Memory Device
        Array Handle: 0x0047
        Error Information Handle: Not Provided
        Total Width: 64 bits
        Data Width: 64 bits
        Size: 4096 MB
        Form Factor: SODIMM
        Set: None
        Locator: DIMM A
        Bank Locator: Not Specified
        Type: DDR3
        Type Detail: Synchronous
        Speed: 1600 MT/s
        Manufacturer: Hynix/Hyundai
        Serial Number: 3248A01B
        Asset Tag: 9876543210
        Part Number: HMT351S6CFR8C-PB
        Rank: 2
        Configured Memory Speed: 1600 MT/s

Handle 0x004A, DMI type 17, 34 bytes
Memory Device
        Array Handle: 0x0047
        Error Information Handle: Not Provided
        Total Width: 64 bits
        Data Width: 64 bits
        Size: 4096 MB
        Form Factor: SODIMM
        Set: None
        Locator: DIMM B
        Bank Locator: Not Specified
        Type: DDR3
        Type Detail: Synchronous
        Speed: 1600 MT/s
        Manufacturer: Kingston
        Serial Number: BA33020F
        Asset Tag: 9876543210
        Part Number: KFYHV1-HYC
        Rank: 2
        Configured Memory Speed: 1600 MT/s
In the output above you can see that this particular system has a "Maximum Capacity" of 16 GB, and up to two "Number of Devices" can be installed.

Below it, you see the currently installed Memory Devices, the first one with a size of 4096 MB in slot DIMM A, with the exact Manufacturer and the Part Number listed. In slot DIMM B, you can also see another DIMM of 4096 MB installed, which is of a different vendor.

This information tells you, that the system shown above can be configured up to 16 GB of memory, but currently has two 4 GB memory DIMMs, thus 8 GB installed. In this case, upgrading the system to 16 GB of memory would mean replacing the two 4 GB memory DIMMs with two 8 GB memory DIMMs.

Topics: Red Hat / Linux, Security

Renew self-signed SSL Certificate

Should the root user receive emails from certwatch about expiring self-signed certificates, like these:

 ################# SSL Certificate Warning ################

  Certificate for hostname 'yourhost', in file (or by nickname):

  The certificate needs to be renewed; this can be done
  using the 'genkey' program.

  Browsers will not be able to correctly connect to this
  web site using SSL until the certificate is renewed.

                                  Generated by certwatch(1)

Then, you can run the following command to renew this self-signed certificate for a new year:
# openssl req -new -days 365 -x509 -nodes -out /etc/pki/tls/certs/localhost.crt \ 
-keyout /etc/pki/tls/private/localhost.key

More complete instructions can be found here:

Topics: Performance, Red Hat / Linux

How to view threads of a process on Linux

Threads are a popular programming abstraction for parallel execution on modern operating systems. When threads are forked inside a program for multiple flows of execution, these threads share certain resources (e.g., memory address space, open files) among themselves to minimize forking overhead and avoid expensive IPC (inter-process communication) channel. These properties make threads an efficient mechanism for concurrent execution.

In Linux, threads (also called Lightweight Processes (LWP)) created within a program will have the same "thread group ID" as the program's PID. Each thread will then have its own thread ID (TID). To the Linux kernel's scheduler, threads are nothing more than standard processes which happen to share certain resources. Classic command-line tools such as ps or top, which display process-level information by default, can be instructed to display thread-level information.

Here are several ways to show threads for a process on Linux:

Using the ps command

The "-T" option for the ps command enables thread views. The following command list all threads created by a process with :

# ps -T -p <pid>
For example to list the threads for the following java process:
# ps -ef | grep 97947
deploy   97947 97942  1 00:51 ?       00:13:51 java
Run the following command:
# ps -T -p 97947
97947 97947 ?    00:00:00 java
97947 97948 ?    00:00:00 java
97947 97949 ?    00:00:00 java
The "SID" column represents thread IDs, and "CMD" column shows thread names.

Using the top command

The top command can show a real-time view of individual threads. To enable thread views in the top output, invoke top with "-H" option. This will list all Linux threads. You can also toggle on or off thread view mode while top is running, by pressing 'H' key.
top - 14:43:25 up 6 days,  5:40,  2 users,  load average: 0.87, 0.33, 0.22
Threads: 684 total,   1 running, 683 sleeping,   0 stopped,   0 zombie
%Cpu(s):  6.3 us,  4.0 sy,  0.0 ni, 89.6 id,  0.1 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem :  7910136 total,   384812 free,  1603096 used,  5922228 buff/cache
KiB Swap:  8388604 total,  8239100 free,   149504 used.  5514264 avail Mem
Note how in the example above the number of threads on the system is listed.

To restrict the top output to a particular process and check all threads running inside the process:
# top -H -p <pid>
Using htop

A more user-friendly way to view threads per process is via htop, an ncurses-based interactive process viewer. This program allows you to monitor individual threads in tree views.

To enable thread views in htop, launch htop, and press F2 to enter htop setup menu. Choose "Display option" under "Setup" column, and toggle on "Tree view" and "Show custom thread names" options. Presss F10 to exit the setup.

Topics: Red Hat / Linux

Linux strace command

The strace command in Linux lets you trace system calls and signals. Or in other words: it allows you to see what a program or process is doing.

Following is its syntax:

strace [OPTIONS] command
In the simplest case, strace runs the specified command until it exits. It intercepts and records the system calls which are called by a process and the signals which are received by a process. The name of each system call, its arguments and its return value are printed on standard error or to the file specified with the -o option. For example:
# strace ls
If a process is already running, you can trace it by simply passing its PID as follows; this will fill your screen with continued output that shows system calls being made by the process. To end it, press [Ctrl + C].
# strace -p 3569

Topics: Red Hat / Linux, Security

Resetting the Root Password of RHEL-7

In case you've ever forgotten the root password of a RHEL 7 system, here's a good description of how to change it:

Topics: Red Hat / Linux, Security

Discovering and joining identity domains on RHEL

The "realm discover" command returns complete domain configuration and a list of packages that must be installed for the system to enrolled in the domain.

The "realm join" command then sets up the local machine for use with a specified domain by configuring both the local system services and the entries in the identity domain. the process run by "realm join" follows these steps:

  • Running a discovery scan for the specified domain.
  • Automatic installation of the packages required to join the system to the domain.
    This includes SSSD and the PAM home directory job packages. Note that the automatic installation of packages requires the PackageKit suite to be running. If PackageKit is disabled, the system prompts you for the missing packages, and you will be required to install them manually using the "yum" utility.
  • Joining the domain by creating an account entry for the system in the directory.
  • Creating the /etc/krb5.keytab host keytab file.
  • Configuring the domain in SSSD and restarting the service.
  • Enabling domain users for the system services in PAM configuration and the /etc/nsswicht.conf file.
To install the software manually, run:
# yum install realmd oddjob oddjob-mkhomedir sssd 
# yum install adcli krb5-workstation samba-common-tools
When run without any options, the "realm discover" command displays information about the default DNS domain. It is also possible to run a discovery for a specific domain, such as:
# realm discover mydomain.local
Before this works, make sure the system can access the domain controllers, such as the AD servers. You may have to add those to /etc/resolv.conf, as realmd will use DNS SRV lookups to find the domain controllers in the domain automatically.

To join the domain use the "realm join" command, for example:
# realm join -v - U user mydomain.local
By default, the join is performed as the domain administrator. For AD, the administrator is called "Administrator"; for IdM, it is called "admin". To connect as a different user, use the -U option, as was shown in the example above. When prompted for a password, type it in.

Once the join has been completed, use a separate user account to login to the system, to ensure that domain accounts work.

If you run into issue, make sure that the following ports are opened in the firewall, if present: 53, 389, 636, 88, 464, 3268, 3269 and 123.

For more details on joining a RHEL system to a domain, see:

Topics: Red Hat / Linux, Storage

RHEL: Recovering a corrupt file system in emergency mode

If you have a RHEL system that boots in emergency mode due to a corrupt file system, here are some steps to perform to resolve the issue.

Once booted in emergency mode, connect to the system on the console. Try running:

# journalctl -xe
To help determine why the system booted in emergency mode. For example, you may discover that the /var file system has an issue.

Once you do, shut down the system, and boot it from the boot ISO or DVD (depending if the system is a virtual or a physical system).

When using VMware, you'll have to edit the settings of the VM, and enable the "Force BIOS setup" setting, and mount/connect the boot ISO image. Then start it up, and open the console. Once in the BIOS, make sure CDROM is high in the boot order.

Once the system is booting RHEL, select "Troubleshooting", and "Rescue a Red Hat Enterprise Linux system". The system will boot up. Select "Continue" when prompted.

Run "df -h" to list the mounted directories. Since /var is the file system having the issue, unmount it:
# unmount /mnt/sysimage/var
Once /var is unmounted, run fsck to fix any issues:
# fsck /mnt/sysimage/var
Once completed, you can reboot the system. If you connected an ISO image earlier, make sure to disconnect the ISO image.

Topics: LVM, Red Hat / Linux

Removing a LVM based file system

If you need to remove a non-root LVM based file system, it can be removed using the following steps. If the file system contains any data, then please make sure to take a backup of that data before proceeding with the following steps.

In this example, we will be deleting "u01lv" from volume group "oracle". The logical volume is mounted on mount point /u01.

# df /u01 | grep u01
/dev/ampper/oracle/u01lv   209612800  80946812  128665988  39%  /u01
# lvs | grep u01
  u01lv oracle -wi-ao---- 200.00g
As you can see, mount point /u01 is define don logical volume u01lv, and is 200 GB.

Start off, by deleting the corresponding entry in /etc/fstab.
# grep u01 /etc/fstab 
/dev/oracle/u01lv    /u01    xfs  defaults,noatime 0 0
Then unmount the file system:
# umount /u01
Disable the logical volume:
# lvchange -an /dev/oracle/u01lv
Delete the logical volume:
# lvremove /dev/oracle/u01lv
At this point, depending if this logical volume is defined on a disk within a volume group, you can, if the disk is now empty after removing the logical volume, also remove the disk from the volume group. First run the "pvs" command and check for an empty disk, such as:
# pvs
  PV         VG       Fmt   Attr  PSize   PFree
  /dev/sdb   oracle   lvm2  a--   <5.00t  <5.00t
If the disk is empty, as seen as disk /dev/sdb in the example above, you can then remove it from the volume group:
# vgreduce oracle /dev/sdb
Or, if the logical volume removed from the volume group was the very last logical volume to remove, and the volume group is empty, you can also remove the volume group. Do so by disabling the volume group and removing it:
# vgchange -an oracle
# vgremove oracle
And then finally remove any physical volumes used, such as /dev/sdb:
# pvremove /dev/sdb

Topics: Red Hat / Linux, System Admin


XRDP is an Open Source Remote Desktop Protocol server, very similar to what is used on Windows Server systems, but XRDP is meant for Linux. Once installed on Linux, you can set up a RDP (or Remote Desktop Connection) session from a Windows system directly to a Linux system.

Here's how you install and configure it on RHEL or CentOS 7:

First of all, we need to install the EPEL repository and XRDP server:

# yum -y install
# yum -y install xrdp
Next, we need to start and enable the service:
# systemctl start xrdp.service 
# systemctl enable xrdp.service
To check if its running, run:
# netstat -an | grep 3389 
tcp   0    0*   LISTEN
That's all. Now you can connect to your server from any Windows machine using RDP.

Number of results found for topic Red Hat / Linux: 96.
Displaying results: 1 - 10.