Recover Deleted Linux Files With lsof

December 3, 2011 Leave a comment

To try this out, create a test text file, save it and then type less deleted.txt. Open another terminal window, and type rm -f deleted.txt. If you try ls deleted.txt you’ll get an error message.

But less still has a reference to the file.:

> lsof | grep testing.txt
less	4607	nithins 4r  REG 254,4   21
           8880214 /home/nithins/deleted.txt (deleted)

Take the PID of  the process, second column  that has the file open (4607), and the fourth one, which gives you the file descriptor (4). Now, look in /proc, and there you will see  a reference to this inode, from which we can copy the file back:

> ls -l /proc/4607/fd/4
lr-x------ 1 nithins nithins 32 Apr  18 02:59
             /proc/4607/fd/4 -> /home/nithins/deleted.txt (deleted)
> cp /proc/4607/fd/4 deleted.txt.bak

Note: don’t use the -a flag with cp, as this will copy the (broken) symbolic link, rather than the actual file contents.

In the same way you can recover apache files (config/log) from the parent process PID if it was deleted accidently.  Try out..!

Now,

Categories: Linux Tags: , , ,

Linux Mint 12 ‘Lisa’ with Gnome Shell extensions called “MGSE”

November 5, 2011 Leave a comment
Linux Mint 12 ‘Lisa’ will come with its own customized desktop and it will be based on Gnome 3. The core desktop will be based on a series of Gnome Shell extensions called “MGSE” (Mint Gnome Shell Extensions) that will provide a layer on top of Gnome 3.


Take a look at the screenshot below:

The main features of MGSE are:

  • The bottom panel
  • The application menu
  • The window list
  • A task-centric desktop (i.e. you switch between windows, not applications)
  • Visible system tray icons
MGSE also includes additional extensions such as a media player indicator, and multiple enhancements to Gnome 3. Thus Linux Mint 12 will be more like a hybrid desktop balancing traditional desktop and new modern technologies.
Categories: tech Tags: , ,

Dealing with Exim Spammers

June 8, 2011 4 comments

There are two aspects to dealing with spam for a server administrator:

1. Inbound spam to users

2. Outbound spam from compromised scripts

Both need very different approaches to help detect, remove and resolve.

Inbound spam is the scourge of the modern internet and, the inconvenience to users aside, can cause serious performance and resource issues on the server. These can affect both the server overall and the timely deliver of clean email in particular.

The best way to tackle inbound spam is at the entry point into the server – the MTA, i.e. exim the SMTP server of choice for cPanel. By blocking spam before it has even entered the server you save both on server resources used when delivering the email in addition to 3rd party tools to help detect spam further along the email relay process.

To do this you need to do work at the RCPT stage of the SMTP protocol. This occurs during the transaction between the sender and recipient SMTP servers and comes before the actual body of an email arrives on a server.

The primary form of spam attack is the Dictionary Attack: A common technique for spammers to use is what is known as a dictionary attack on a domain. A dictionary attack, in our context, is a single SMTP connection that attempts to send email from a spam source to a random set of names on our domain, e.g. bob@ourdomain.com fred@ourdomain.com harry@ourdomain.com, in the hope that one of the many hundreds that we try will get a hit and deliver our spam.

This technique is used by spammers mainly because most people don’t advertise their email addresses (due to spam!) and they want to access this untapped market.

To prevent this type of spam getting through, it is essential that you do not use the Default Address (catchall) feature within cPanel to receive emails wherever possible. You should always setup specific Forwarders (aliases) for any email addresses you use and set the Default Address to :fail: for each domain.

By using :fail: exim will automatically reject email at the SMTP RCPT stage and make dictionary attacks redundant. Additionally, you can use exim ACLs to block such spammers who repeatedly perform dictionary attacks to further relieve the server of the load from dealing with them. See: http://www.configserver.com/free/eximdeny.html

From a server performance perspective, it is essential that you use :fail: and not :blackhole: with email addresses or the Default Address to block such spam. Mor information about the reasoning for this is presented here.

Another preventative measure is to enable the WHM options:

WHM > Exim Configuration Editor > Verify the existance of email senders. WHM > Exim Configuration Editor > Use callouts to verify the existance of email senders.

These two options have exim check that any server that attempts to relay email to your server can actually receive email in reply. This is part of the RFC requirements of an SMTP server and the inability of a server to do so indicates a likely spammer.

There are numerous other checks that you can also perform at the SMTP RCPT stage in exim ACLs. Examples are using RBL checks to reject email from IP addresses that originate from IP addresses that are know to harbour spammers, e.g.:

deny message = Message rejected – $sender_fullhost is in an RBL, see $dnslist_text !hosts = +relay_hosts !authenticated = * dnslists = bl.spamcop.net : sbl-xbl.spamhaus.org

You can also check the format of email headers to ensure that they’re RFC compliant, which many spam servers are not. A typical example is checking the SMTP HELO/EHLO protocol command to ensure it’s correctly structured, e.g.:

deny message = HELO/EHLO set to my IP address condition = ${if match {$sender_helo_name}{11.22.33.44} {yes}{no}}

(where 11.22.33.44 is your servers main IP address)

deny message = EHLO/HELO does not contain a dotted address condition = ${if match{$sender_helo_name}{\\.}{no}{yes}}

Finally, once the email has passed through these hoops, you can implement a 3rd party application to scan emails and tag them as likely spam. cPanel has an inbuilt solution that uses SpamAssassin to score email likely to be spam. You can then have such emails filtered to a special account or the client can filter such emails based on the email header record modifications made by SpamAssassin.

An alternative is to use a more thorough tool such as MailScanner which can be very effective at scoring spam emails. A free installation tool is available for cPanel servers from us here or as a paid service here.

However, a cPanel server using such a tool is not supported by cPanel and would have to be removed/disabled before cPanel would investigate any email related issues should you need support.

Outbound spam from compromised scripts

Outgoing spam is likely to come from two sources:

1. Indirectly from a compromised web script in a clients account

2. Directly from a client

The starting point for both will be the exim mainlog:

/var/log/exim_mainlog (Linux)

/var/log/exim/mainlog (FreeBSD)

For the purpose of this document I am going to assume a Linux OS.

The most laborious way to track messages down is to trawl the exim mainlog and to look for anomalous behaviour. This is actually very difficult to do and you really need to narrow down exactly what you are looking for.

Tracking down spammers is a difficult affair, but can be made easier with some preparation of your servers environment. I would strongly advise that you add the following to the exim configuration to enable some extended logging that greatly improves the ease in tracking down on-server spammers:

In WHM > Exim Configuration Editor > Switch to Advanced Mode > in the first textbox add the following line and then Save:

log_selector = +arguments +subject

This tells exim to log the path on disk from where the email was executed and the subject of the email. You can then interrogate the exim mainlog more easily. The best way to do this is to obtain the original email header from the spam originating from your server. This you should receive either from the person reporting the spam, or from remnants of a spam attack in the exim mail queue. The part required in the email is the exim message id in the Received: header line within the email header of the spam.

As an example, take the following email header:

Return-path: Received: from [11.22.33.44] (helo=barfoo.com) by foobar.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.52) id 1FZ8z3-0006M4-Do for fred@foobar.com; Thu, 27 Apr 2006 17:04:49 +0100 Received: from forums by barfoo.com with local (Exim 4.43) id 1FZ8zt-0005lz-E7 for fred@foobar.com; Thu, 27 Apr 2006 12:05:41 -0400 To: fred@foobar.com Subject: Buy Me! From: bob@barfoo.com

The Received: header lines are added to the email header, so the original Received: line that we’re interested in is:

Received: from forums by barfoo.com with local (Exim 4.43) id 1FZ8zt-0005lz-E7 for fred@foobar.com; Thu, 27 Apr 2006 12:05:41 -0400

And the id we want is 1FZ8zt-0005lz-E7

This is the unique identifier for this email that has originated from the server. With this, we can follow the exim transaction on the server to see how it was processed using:

grep 1FZ8zt-0005lz-E7 /var/log/exim_mainlog

(be aware that the exim_mainlog files may have been rotated so you may have to expand compressed archives and search them instead)

This transaction may look something like this:

2006-04-27 17:43:41 1FZ8zt-0005lz-E7 fred@foobar.com R=lookuphost T=remote_smtp H=foobar.com [44.33.22.11] X=TLSv1:AES256-SHA:256 2006-04-27 17:43:53 1FZ8zt-0005lz-E7 Completed

In this example, we can see that the email originated from the nobody user locally on the server. This means that the likely spam was sent from a script on the server. The nobody user is used to run the Apache web server and is the default username and group that Apache will execute web scripts as. Two things can affect this:

1. suexec, if enabled, will run CGI scripts as the owner of the script file, typically the cPanel account name

2. phpsuexec, if enabled, will run PHP scripts in the same manner as CGI script

Suexec is typically always enabled on web servers and phpsuexec may or may not be. If phpsuexec is not enabled, then in all likelihood, the script run under the nobody account will be a PHP script.

From the example above we can see that a script was run from with the /home/ClientX/public_html/phpBB/ directory on the server, which would suggest a compromised PHP script within that directory.

Here’s another example of a spam originating from a client instead of a script. This can happen either with malicious intent, or if the clients PC has been compromised by a virus or worm:

2006-04-27 17:54:51 1FZ9lT-000707-O2 fred@foobar.com R=boxtraper_autowhitelist T=boxtrapper_autowhitelist 2006-04-27 17:54:52 1FZ9lT-000707-O2 => fred@foobar.com R=lookuphost T=remote_smtp H=foobar.com [44.33.22.11] X=TLSv1:AES256-SHA:256 2006-04-27 17:54:52 1FZ9lT-000707-O2 Completed I

n this example, the key part is: A=fixed_plain:bob@barfoo.com

This shows that the email was authenticated for relaying using SMTP AUTH (i.e. fixed_plain) and the username bob@barfoo.com from that clients PC.

As you can see, there is a great depth to the amount of work needed to track down spammers on a server, plus there’s the additional work of closing holes in insecure scripts if they are the cause.

Some instances can be much more complex and require trawling through the Apache logs for domains in /usr/local/apache/domlogs/* which is not a trivial matter. The best security from such exploitation is to keep your server secure and to be aware of who and what you allow on your server.

Categories: cPanel, exim Tags: , ,

OpenSSH Server Best Security Practices

January 12, 2011 Leave a comment

Default Config Files and SSH Port

  • /etc/ssh/sshd_config – OpenSSH server configuration file.
  • /etc/ssh/ssh_config – OpenSSH client configuration file.
  • ~/.ssh/ – Users ssh configuration directory.
  • ~/.ssh/authorized_keys or ~/.ssh/authorized_keys – Lists the public keys (RSA or DSA) that can be used to log into the user’s account
  • /etc/nologin – If this file exists, sshd refuses to let anyone except root log in.
  • /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here.
  • SSH default port : TCP 22

Only Use SSH Protocol 2

SSH protocol version 1 (SSH-1) has man-in-the-middle attacks problems and security vulnerabilities. SSH-1 is obsolete and should be avoided at all cost. Open sshd_config file and make sure the following line exists:

Protocol 2

Limit Users’ SSH Access

By default all systems user can login via SSH using their password or public key. Sometime you create UNIX / Linux user account for ftp or email purpose. However, those user can login to system using ssh. They will have full access to system tools including compilers and scripting languages such as Perl, Python which can open network ports and do many other fancy things. One of my client has really outdated php script and an attacker was able to create a new account on the system via a php script. However, attacker failed to get into box via ssh because it wasn’t in AllowUsers.

Only allow root, sunny and sumi user to use the system via SSH, add the following to sshd_config:

AllowUsers root sumi sunny

Alternatively, you can allow all users to login via SSH but deny only a few users, with the following line:

DenyUsers suraj anuja foo

Configure Idle Log Out Timeout Interval

User can login to server via ssh and you can set an idel timeout interval to avoid unattended ssh session. Open sshd_config and make sure following values are configured:

ClientAliveInterval 300

ClientAliveCountMax 0

You are setting an idle timeout interval in seconds (300 secs = 5 minutes). After this interval has passed, the idle user will be automatically kicked out (read as logged out).

Disable Host-Based Authentication

To disable host-based authentication, update sshd_config with the following option:

HostbasedAuthentication no

Disable root Login via SSH

There is no need to login as root via ssh over a network. Normal users can use su or sudo (recommended) to gain root level access. This also make sure you get full auditing information about who ran privileged commands on the system via sudo. To disable root login via SSH, update sshd_config with the following line:

PermitRootLogin no

Firewall SSH Port # 22

You need to firewall ssh port # 22 by updating iptables or pf firewall configurations. Usually, OpenSSH server must only accept connections from your LAN or other remote WAN sites only.

Netfilter (Iptables) Configuration

Update /etc/sysconfig/iptables (Redhat and friends specific file) to accept connection only from 192.168.1.0/24 and 202.54.1.5/29, enter:

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -s 202.54.1.5/29 -m state --state NEW -p tcp --dport 22 -j ACCEPT

If you’ve dual stacked sshd with IPv6, edit /etc/sysconfig/ip6tables (Redhat and friends specific file), enter:

 -A RH-Firewall-1-INPUT -s ipv6network::/ipv6mask -m tcp -p tcp --dport 22 -j ACCEPT

Replace ipv6network::/ipv6mask with actual IPv6 ranges.

*BSD PF Firewall Configuration

If you are using PF firewall update /etc/pf.conf as follows:

pass in on $ext_if inet proto tcp from {192.168.1.0/24, 202.54.1.5/29} to $ssh_server_ip port ssh flags S/SA synproxy state

Change SSH Port and Limit IP Binding

By default SSH listen to all available interfaces and IP address on the system. Limit ssh port binding and change ssh port (by default brute forcing scripts only try to connects to port # 22). To bind to 192.168.1.5 and 202.54.1.5 IPs and to port 300, add or correct the following line:

Port 300
ListenAddress 192.168.1.5
ListenAddress 202.54.1.5

Use Public Key Based Authentication

Use public/private key pair with password protection for the private key. See how to use RSA and DSA key based authentication. Never ever use passphrase free key (passphrase key less) login.

Use Keychain Based Authentication

keychain is a special bash script designed to make key-based authentication incredibly convenient and flexible. It offers various security benefits over passphrase-free keys. See how to setup and use keychain software.

Chroot SSHD (Lock Down Users To Their Home Directories)

http://www.debian-administration.org/articles/590

Use TCP Wrappers

TCP Wrapper is a host-based Networking ACL system, used to filter network access to Internet. OpenSSH does supports TCP wrappers. Just update your /etc/hosts.allow file as follows to allow SSH only from 192.168.1.2 172.16.23.12 :

sshd : 192.168.1.2 172.16.23.12

Disable Empty Passwords

You need to explicitly disallow remote login from accounts with empty passwords, update sshd_config with the following line:

PermitEmptyPasswords no

Thwart SSH Crackers (Brute Force Attack)

Brute force is a method of defeating a cryptographic scheme by trying a large number of possibilities using a single or distributed computer network. To prevents brute force attacks against SSH, use the following softwares:

  • DenyHosts is a Python based security tool for SSH servers. It is intended to prevent brute force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses.
  • Explains how to setup DenyHosts under RHEL / Fedora and CentOS Linux.
  • Fail2ban is a similar program that prevents brute force attacks against SSH.
  • security/sshguard-pf protect hosts from brute force attacks against ssh and other services using pf.
  • security/sshguard-ipfw protect hosts from brute force attacks against ssh and other services using ipfw.
  • security/sshguard-ipfilter protect hosts from brute force attacks against ssh and other services using ipfilter.
  • security/sshblock block abusive SSH login attempts.
  • security/sshit checks for SSH/FTP bruteforce and blocks given IPs.
  • BlockHosts Automatic blocking of abusive IP hosts.
  • Blacklist Get rid of those bruteforce attempts.
  • Brute Force Detection A modular shell script for parsing application logs and checking for authentication failures. It does this using a rules system where application specific options are stored including regular expressions for each unique auth format.
  • IPQ BDB filter May be considered as a fail2ban lite.

Rate-limit Incoming Port # 22 Connections

Both netfilter and pf provides rate-limit option to perform simple throttling on incoming connections on port # 22.

Iptables Example

The following example will drop incoming connections which make more than 5 connection attempts upon port 22 within 60 seconds:

#!/bin/bash

inet_if=eth1 ssh_port=22

$IPT -I INPUT -p tcp –dport ${ssh_port} -i ${inet_if} -m state –state NEW -m recent —set

$IPT -I INPUT -p tcp –dport ${ssh_port} -i ${inet_if} -m state –state NEW -m recent –update –seconds 60 –hitcount 5 -j DROP

Call above script from your iptables scripts. Another config option:

$IPT -A INPUT -i ${inet_if} -p tcp –dport ${ssh_port} -m state –state NEW -m limit –limit 3/min –limit-burst 3 -j ACCEPT

$IPT -A INPUT -i ${inet_if} -p tcp –dport ${ssh_port} -m state –state ESTABLISHED -j ACCEPT

$IPT -A OUTPUT -o ${inet_if} -p tcp –sport ${ssh_port} -m state –state ESTABLISHED -j ACCEPT

# another one line example

# $IPT -A INPUT -i ${inet_if} -m state –state NEW,ESTABLISHED,RELATED -p tcp –dport 22 -m limit –limit 5/minute –limit-burst 5-j ACCEPT

See iptables man page for more details.

*BSD PF Example

The following will limits the maximum number of connections per source to 20 and rate limit the number of connections to 15 in a 5 second span. If anyone breaks our rules add them to our abusive_ips table and block them for making any further connections. Finally, flush keyword kills all states created by the matching rule which originate from the host which exceeds these limits.

sshd_server_ip=“202.54.1.5” table <abusive_ips> persist block in quick from <abusive_ips> pass in on $ext_if proto tcp to $sshd_server_ip port ssh flags S/SA keep state (max-src-conn 20, max-src-conn-rate 15/5, overload <abusive_ips> flush)

Use Port Knocking

Port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). A sample port Knocking example for ssh using iptables:

$IPT -N stage1 $IPT -A stage1 -m recent –remove –name knock $IPT -A stage1 -p tcp –dport 3456 -m recent —set –name knock2   $IPT -N stage2 $IPT -A stage2 -m recent –remove –name knock2 $IPT -A stage2 -p tcp –dport 2345 -m recent —set –name heaven   $IPT -N door $IPT -A door -m recent –rcheck –seconds 5 –name knock2 -j stage2 $IPT -A door -m recent –rcheck –seconds 5 –name knock -j stage1 $IPT -A door -p tcp –dport 1234 -m recent —set –name knock   $IPT -A INPUT -m –state ESTABLISHED,RELATED -j ACCEPT $IPT -A INPUT -p tcp –dport 22 -m recent –rcheck –seconds 5 –name heaven -j ACCEPT $IPT -A INPUT -p tcp –syn -j doo

  • fwknop is an implementation that combines port knocking and passive OS fingerprinting.
  • Multiple-port knocking Netfilter/IPtables only implementation.

Use Log Analyzer

Read your logs using logwatch or logcheck. These tools make your log reading life easier. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. Make sure LogLevel is set to INFO or DEBUG in sshd_config:

LogLevel INFO

Patch OpenSSH and Operating Systems

It is recommended that you use tools such as yum, apt-get, freebsd-update and others to keep systems up to date with the latest security patches.

Limit Users’ SSH Access

By default all systems user can login via SSH using their password or public key. Sometime you create UNIX / Linux user account for ftp or email purpose. However, those user can login to system using ssh. They will have full access to system tools including compilers and scripting languages such as Perl, Python which can open network ports and do many other fancy things. One of my client has really outdated php script and an attacker was able to create a new account on the system via a php script. However, attacker failed to get into box via ssh because it wasn’t in AllowUsers.

Only allow root, vivek and jerry user to use the system via SSH, add the following to sshd_config:

AllowUsers root vivek jerry

Alternatively, you can allow all users to login via SSH but deny only a few users, with the following line:

DenyUsers saroj anjali foo

You can also configure Linux PAM allows or deny login via the sshd server. You can allow list of group name to access or deny access to the ssh.

Categories: Linux, Uncategorized

Unable to remove Plesk Domain

January 12, 2011 2 comments

When we try to remove domain the following error message is appearing.

Unable to delete hosting: Unable to create SubDomainManager: Unable to create SubDomainPerformance object: WebServerManager::getSubDomainPerformance() failed: Unable to parse current performance.


Also I am not able to remove the subdomains.

When accessing a sub domain management page the following error message is displayed:

Unable to create SubDomainManager object: Unable to create SubDomainPerformance object: WebServerManager::getSubDomainPerformance() failed: Unable to parse current performance.

CAUSE
========
Sub domain is not configured in IIS.

RESOLUTION
========

It’s needed to be re-configured. This can be done using the following command line utility:

“%plesk_bin%\websrvmng.exe” –update-subdomain –vhost-name=<domain> –subdomain=<subdomain>

==========================

If the issue persist try  these also :

1. Remove the Registry Key

HKEY_LOCAL_MACHINE -> SOFTWARE -> PLESK -> PSA Config -> Config ->SitesCache

2. The follow your suggestion and remove the domain.

cd %plesk_bin%

websrvmng.exe –remove-vhost –vhost-name=Domainname

3. Then install the domain through the command line:

websrvmng.exe –install-vhost –vhost-name=Domainname

4. Then go to the Plesk Control Panel and delete the domain. It is still in the list, but it will actually delete this time.

Categories: IIS, plesk, Windows Tags: , ,

change RDP listening port in Windows 2003 server?

January 12, 2011 Leave a comment

How to Change the Listening Port for Remote Desktop

Microsoft has a Knowledge Base article KB306759 that details how to modify and change the Remote Desktop listening port by changing registry value.

  1. Start RegEdit
    Start Registry Editor by clicking on Start -> Run, and type in regedit in the Run text box, and then press Enter or click OK.
  2. Navigate to the following registry branch/subkey:HKEY_LOCAL_MACHINE\System\CurrentControlSet\
    Control\TerminalServer\WinStations\RDP-Tcp\
  3. Locate the registry entry PortNumber in the right pane.
  4. Modify PortNumber
    Right click on PortNumber and choose Modify (or select PortNumber, then click on Edit menu and select Modify).
  5. Decimal PortNumber
    On the Edit DWORD Value window, click on Decimal.
  6. Type in the new port number on the Value Data text box.
  7. Click OK when done.
Categories: IIS Tags: ,

How to use parted for creating patition larger that 2 TB

January 12, 2011 Leave a comment

To create partitions larger than 2TB we need to use GPT labels. Standard fdisk doesn’t understand GPT labels so we need to use parted.

Here we are going to partition the disk /dev/sdb

root@localhost ~> parted /dev/sdb

This will bring up parted.  Type help to view the commands in parted prompt.

(parted) help
check NUMBER                             do a simple check on the file system
cp [FROM-DEVICE] FROM-NUMBER TO-NUMBER   copy file system to another partition
help [COMMAND]                           prints general help, or help on COMMAND
mklabel,mktable LABEL-TYPE               create a new disklabel (partition table)
mkfs NUMBER FS-TYPE                      make a FS-TYPE file system on partititon NUMBER
mkpart PART-TYPE [FS-TYPE] START END     make a partition
mkpartfs PART-TYPE FS-TYPE START END     make a partition with a file system
move NUMBER START END                    move partition NUMBER
name NUMBER NAME                         name partition NUMBER as NAME
print [free|NUMBER|all]                  display the partition table, a partition, or all devices
quit                                     exit program
rescue START END                         rescue a lost partition near START and END
resize NUMBER START END                  resize partition NUMBER and its file system
rm NUMBER                                delete partition NUMBER
select DEVICE                            choose the device to edit
set NUMBER FLAG STATE                    change the FLAG on partition NUMBER
toggle [NUMBER [FLAG]]                   toggle the state of FLAG on partition NUMBER
unit UNIT                                set the default unit to UNIT
version                                  displays the current version of GNU Parted and copyright information

root@localhost ~> parted /dev/sdb
GNU Parted 1.8.1
Using /dev/sdb
Welcome to GNU Parted! Type ‘help’ to view a list of commands.
(parted)

To change the label to gpt we run the following command:

(parted) mklabel gpt

Next run the print command: This will list the disk geometry. Please note the size listed:

(parted) print

Model: Adaptec raid5-1 (scsi)
Disk /dev/sdb: 10.7TB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

Number  Start   End     Size    File system  Name     Flags

This will tell us where to start and end the partitions. To create one huge partition ( 8 Tb = 8388608 bytes) run the following commands:

(parted) mkpart primary 0 8388607.000

The command reads as make a primary partition, start at 0 and end at 8388607.000

Also, if you are making a partition for a device smaller than the limit from the notes below, you can use the following if the geometry doesn’t show like it does above. Just exit out of parted, and run this from a shell:

root@localhost ~> parted -s — /dev/sdb  mkpart primary ext3 0 -1

This will take the whole disk for creating the partition.

The parition has been created and now you can quit parted:
(parted) quit

Now all that has to be done is to format the partition:(the -m swith tells mkfs to only reserve 1% of the blocks for the super block)

root@localhost ~> mkfs.ext3 -m1 /dev/sdb1
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
1024000000 inodes, 2047999751 blocks
20479997 blocks (1.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
62500 block groups
32768 blocks per group, 32768 fragments per group
16384 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000, 214990848, 512000000, 550731776, 644972544, 1934917632

Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 38 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

Mount the disk

root@localhost ~> mount /dev/sdb1 /disk1

root@localhost ~> df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda3             240G  2.3G  225G   2% /
/dev/sda1             996M   45M  900M   5% /boot
tmpfs                 2.0G     0  2.0G   0% /dev/shm
/dev/sdb1             7.6T  177M  7.5T   1% /disk1

Now edit /etc/fstab to mount the partiton automatically on boot.

root@localhost ~>vi /etc/fstab

Add the following  line  in /etc/fstab

/dev/sdb1     /disk1   ext3    defaults        0 0

 

Categories: Linux, tech Tags: