Keep program running after you close putty session to your CentOS server

If you want to keep your program running after you close your putty session to your CentOS server, you could use the following method: 1. install screen

sudo yum install screen

2. start screen then type whatever process you want to keep running

screen
# the command you want to keep running

3. on keyboard issue ctrl-d 4. exist putty session 5. when you logon next time, you could restore the previous session by doing

screen -r

Please refer here for an alternative solution.

Sourcecode syntaxhighlighter in wordpress

If you want to format source code in your wordpress blog, you could try the "sourcecode" tag.

[sourcecode language="python"]
your code here
[/sourcecode]

Supported languages are bash, python, java, JavaScript, perl etc.
The biggest benefits of doing so is to avoid change "--" to '.' automatically by wordpress when you copy commands from your post.

Install Berkeley DB-5.3.21 on Centos

Berkeley DB source file at Oracle. Install optional dependence: Tcl-8.6.0, OpenJDK-1.7.0.9, and Sharutils-4.13.3 (for the uudecode command)

sudo yum install tcl
sudo yum install java-1.7.0-openjdk java-1.7.0-openjdk-devel
sudo yum install sharutils

Install Berkeley DB

wget http://download.oracle.com/berkeley-db/db-5.3.21.tar.gz
tar zvxf db-5.3.21.tar.gz 
cd db-5.3.21/build_unix
# configure the program
../dist/configure --prefix=/opt --enable-compat185 --enable-dbm --disable-static --enable-cxx
make
# install
sudo make docdir=/usr/share/doc/db-5.3.21 install
sudo chown -v -R root:root /usr/bin/db_* /usr/include/db{,_185,_cxx}.h /usr/lib/libdb*.{so,la} /usr/share/doc/db-5.3.21

Questions:
when you run db_recover or other commands, you may encounter "libdb-5.3.so: cannot open shared object file: No such file or directory" Answer:

sudo /sbin/ldconfig

Enable EPEL Repository on CentOS

Extra Packages for Enterprise Linux (or EPEL) provide much more current versions of popular applications like PHP or MYSQL. Before starting you need to check check your current repositories and verify that you have not enabled EPEL

yum repolist

If you do not see EPEL in the output, then you have not enabled it yet. https://fedoraproject.org/wiki/EPEL 1. download the following package from fedoraproject.org

# The following link is for CentOS 5
wget http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
# check for and report potential conflicts
rpm -ivh epel-release-5-4.noarch.rpm --test

During test you might see the following NONKEY warning msg: "warning: epel-release-5-4.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 217521f6"
Download the specific GPG key for EPEL repository from fedoraproject.org/keys by matching the key ID.
In my case I need key with ID 217521f6.

wget http://fedoraproject.org/static/217521F6.txt
mv 217521F6.txt /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL

Verify that the key got installed

rpm -qa gpg*

Now run the test command again you should not see NOKEY msg:

sudo rpm -ivh epel-release-5-4.noarch.rpm --test

2. Enable the repository:

sudo rpm -ivh epel-release-5-4.noarch.rpm

Port Forwarding in CentOS Using Iptables

Port forwarding could be useful when you do not want to you client to put a port nuimber after you web address. In my case I forward port 8080 to 80. 1. check if IP forwarding is enabled:

/sbin/sysctl net.ipv4.ip_forward

if return net.ipv4.ip_forward = 1 then it is enabled. if not edit /etc/sysctl.conf and set net.ipv4.ip_forward = 1.
2. COnfigure and restart iptables

/sbin/sysctl -p /etc/sysctl.conf
/sbin/service iptables restart

3. Adding IP forwarding rules to IpTables

/sbin/iptables -I FORWARD 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -I FORWARD 1 -p tcp --dport 80 -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.1.1:8080
/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE
/sbin/service iptables save
/sbin/service iptables restart

The content of /etc/sysconfig/iptables files looks like:

# Generated by iptables-save v1.3.5 on Fri Mar 8 10:27:21 2013
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.1.1:8080
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Fri Mar 8 10:27:21 2013
# Generated by iptables-save v1.3.5 on Fri Mar 8 10:27:21 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [234:26336]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
....
....
....
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

SSH Public Key Authentication

Generating Keys 

To generate the public and private key files, you can use ssh-keygen command which is installed with OpenSSH.

ssh-keygen

By default, your public key file is located at ~/.ssh/id_rsa.pub and it can be shared with anyone. Your private key file is located at ~/.ssh/id_rsa and it must be kept secret.

Key Installation 

You now need to copy your public key file to the remote host(s) that you want to be able to use public key authentication.
1. Copy your public key to remote host1.example.net using one simple command:

ssh-copy-id -i ~/.ssh/id_rsa.pub username@host1.example.net

2. Manual Installation
To install the key manually you need to append the key to the ~/.ssh/authorized_keys file on each host you wish to use.

# copy the key to the remote host
scp ~/.ssh/id_rsa.pub user@remotehost:id_rsa.pub
# ssh into the remote host using your password
ssh user@remotehost
# append the public key
cat id_rsa.pub >> ~/.ssh/authorized_keys
rm id_rsa.pub

ON WINDOWS You can download puttygen.exe to generate private and public key pairs. Copy public keys generated to your remote host ~/.ssh/authorized_keys file and make sure they are in ONE LINE.

Cron Jobs

Usefult summaries for crontabs

#List the current running cron jobs for currently logged in user:
crontab -l
#remove the jobs from crontab 
#It is a good practice to do so before modifying your script
crontab -r
#add cron jobs
crontab /path/to/backup_script.cron

Modify other user's cron job 

You have to make sure that another user's user name was listed in /etc/cron.allow file.

#Add cron job for another user
crontab -u username -e
#list another user's cron job
xrontab -u username -l

Examples

#run command_1 every 5 minutes (do not miss / in */5)
*/5 * * * * /path/to/command_1
#run command_2 every 5 hours (do not miss / in */5)
0 */5 * * * /path/to/command_2
# run command_3 1:30am everyday
30 1 * * * /path_to_command_3
# run command_4 1pm everyday
0 13 * * * /path_to_command_4

Why Crontab Fails running my command?

Short answer is because of different running environment for command wish to be executed by cron. Cron passes a minimal set of environment variables to your jobs. To see the difference, add a dummy job like this:

* * * * * env > /tmp/env.output

Restart crontab and wait for /tmp/env.output to be created, then remove the job again. Now compare the contents of /tmp/env.output with the output of env running in your regular terminal. The big differences is PATH environment variable. To get around that, set your own PATH variable at the top of the script. E.g.

#!/bin/bash
PATH=/opt/someApp/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# rest of scron script follows