Clone system with DD

On destination system:

Ifconfig eth0 <ip address> netmask 255.255.255.0

Route add –net 0.0.0.0/0 gw <ip address gw>

destination% nc -l -p 9000 | gzip –dfc | dd bs=1M of=/dev/sda

On the source system…

source% dd bs=1M if=/dev/sda | gzip –cf | nc <ip address dest> 9000

from another console…

source% ps –ef | grep dd

source% watch ‘kill -USR1 pid_of_dd’

Edit /etc/fstab and replace all label= entries with /dev/sdaX entries i.e.

Change Label=/ to /dev/sda2

Change Label=/boot to /dev/sda1

Change Label=swap-sda5 to /dev/sda5

Edit /etc/grub.conf and replace all Label=/ entries with /dev/sda2

Reboot to the rescue cd again

Mount your installation with chroot /mnt/sysimage

If hardware is different backup and edit modules.conf and remove old drivers (megaraid,symbios, etc) and replace with BusLogic (alias scsi_hostadapter BusLogic) or appropriate module

Backup current ramdisk (cp /boot/init-[version].img /boot/init-[version].img.bak) i.e.

cp /boot/initrd-2.6.9-42.0.10.ELsmp.img /boot/initrd-2.6.9-42.0.10.ELsmp.img.bak

Rebuild with new module and overwrite existing (mkinit -f -v /boot/initrd-[version]-img [version] i.e.

mkinitrd -f -v /boot/initrd-2.6.9-42.0.10.ELsmp.img 2.6.9-42.0.10

Reboot, system should detect changes

You will see filesystem went down unclean errors on startup, just hit Y and let Redhat repair the FS

Clone system with tar gzip

Boot destination server to backtrack or linux rescue

ifconfig eth0 <ip_address> netmask <subnet_mask>

route add –net 0.0.0.0/0 gw <gateway_ip>

exclude from the tar command

Destination %%

Make partitions, make file systems, mount partitions.

cd /

nc -l -p 9000 | tar -xvz

Source %%

cd /

tar -cpvz * | nc <ip_address_of_destination> 9000

Note: if file systems are different size cd to / and use tar --exclude=/apps –exclude=/log –exclude=/data –exclude=/datadr –exclude=/logdr –exclude=/appsdr –exclude=/uxlog –exclude=/proc –exclude=/sys –exclude=/dev/shm –cpvz * | nc <ip_address_of_destination> 9000

Then cd to the individual folders for /data etc… and run the nc and tar commands as shown above the Note: section

Follow remainder of steps from DD

Converting from DES passwords to MD5 and MD5 to DES


To change from DES to MD5:

  • Make note of any DES user passwords that exist on your system. MD5 cannot read DES passwords, so any DES passwords you have will have to be changed.

    # vi passwd

    You should see something similar to:

    root:$1$93CDf$EQWY0qV7WJ1HBwx3OhOwo/:0:0::0:0::/root:/bin/csh paul:$1$hZQd5kJY$dWKdu.A8O9HOr8Qz2.ck21:1000:20::0:0::/home/dan:/usr/local/bin/bash


  • MD5 passwords start with '$1$', DES passwords do not; MD5 password hashes are also longer.

    Once you make note of any users whose passwords will have to be changed, exit vi.


  • Check that your system is indeed using DES:

    # ls -l /usr/lib/libcrypt*
    lrwxr-xr-x 1 root wheel 11 Aug 15 16:48 /usr/lib/libcrypt.a -> libdescrypt.a
    lrwxr-xr-x 1 root wheel 12 Aug 15 16:49 /usr/lib/libcrypt.so -> libdescrypt.so
    lrwxr-xr-x 1 root wheel 14 Aug 15 16:49 /usr/lib/libcrypt.so.2 -> libdescrypt.so.2

    If your system is using DES, the links will point to libdescrypt.* (If not, the links will point to libscrypt.*).


  • Change the symbolic links to point to the MD5 libraries:

    # cd /usr/lib
    # ln -s libscrypt.a libcrypt.a
    # ln -s libscrypt.so libcrypt.so
    # ln -s libscrypt.so.2 libcrypt.so.2


  • Reboot the system:

    # init 6


  • When the system is back up, enter new passwords for the users who had DES passwords
passwd user

Changing from MD5 to DES:

  • Check that your system is indeed using MD5:

    # ls -l /usr/lib/libcrypt*
    lrwxr-xr-x 1 root wheel 11 Aug 15 16:48 /usr/lib/libcrypt.a -> libscrypt.a
    lrwxr-xr-x 1 root wheel 12 Aug 15 16:49 /usr/lib/libcrypt.so -> libscrypt.so
    lrwxr-xr-x 1 root wheel 14 Aug 15 16:49 /usr/lib/libcrypt.so.2 -> libscrypt.so.2

    If your system is using MD5, the links will point to libscrypt.* (If you are already using DES, the links will point to libdescrypt.*).


  • Change the symbolic links to point to the DES libraries:

    # cd /usr/lib
    # ln -s libdescrypt.a libcrypt.a
    # ln -s libdescrypt.so libcrypt.so
    # ln -s libdescrypt.so.2 libcrypt.so.2


  • Reboot the system:

    # init 6


  • When the system is back up, enter new passwords for the users who had DES passwords
passwd user

Updated check_url.pl script for nagios

#!/usr/bin/perl

use strict;
my $wget = '/usr/bin/wget --output-document=/tmp/tmp_html$$ --no-check-certificate -S';
my ($url) = @ARGV;
my @OK = ("200",);
my @WARN = ("400", "401", "403", "404", "408");
my @CRITICAL = ("500", "501", "502", "503", "504");

my $TIMEOUT = 20;

my %ERRORS = ('UNKNOWN' , '-1',
'OK' , '0',
'WARNING', '1',
'CRITICAL', '2');

my $state = "UNKNOWN";
my $answer = "";

$SIG{'ALRM'} = sub {
print ("ERROR: check_url Time-Out $TIMEOUT s n");
exit $ERRORS{"UNKNOWN"};
};
alarm($TIMEOUT);

system ("$wget $url 2> /tmp/tmp_res1$$");
for (1..1000){
}

if (! open STAT1, "/tmp/tmp_res1$$") {
print ("$state: $wget returns no result!");
exit $ERRORS{$state};
}
close STAT1;

`cat /tmp/tmp_res1$$|grep 'HTTP/1'|tail -n 1 > /tmp/tmp_res$$`;
open (STAT, "/tmp/tmp_res$$");
my @lines = <STAT>;
close STAT;

if ($lines[0]=~/HTTP/1.d+ (d+)( .*)/) {
my $errcode = $1;
my $errmesg = $2;

$answer = $answer . "$errcode $errmesg";

if ('1' eq &chkerrwarn($errcode) ) {
$state = 'WARNING';
} elsif ('2' eq &chkerrcritical($errcode)) {
$state = 'CRITICAL';
} elsif ('0' eq &chkerrok($errcode)) {
$state = 'OK';
}
}

sub chkerrcritical {
my $err = $1;
foreach (@CRITICAL){
if ($_ eq $err) {
return 2;
}
}
return -1;
}


sub chkerrwarn {
my $err = $1;
foreach (@WARN){
if ($_ eq $err) {
return 1;
}
}
return -1;
}

sub chkerrok {
my $err = $1;
foreach (@OK){
if ($_ eq $err) {
return 0;
}
}
return -1;
}

`rm /tmp/tmp_res$$ /tmp/tmp_res1$$`;
my $npid = $$ + 1;
`rm /tmp/tmp_html$npid`;

print ("$state: $answern");
exit $ERRORS{$state};

!Using 7149 out of 393214 bytes
!
ver 10.1.00TI2
!
!
!
!
!
!
ssl profile pvalentino-ssh
keypair-file pvalentino-key
certificate-file pvalentinochain
cipher-suite all-cipher-suites
session-cache off
ssl profile siteC-ssh
keypair-file siteC-key
certificate-file siteCchain
cipher-suite all-cipher-suites
session-cache off
ssl profile siteB-ssh
keypair-file collegeplace-key
certificate-file collegeplacechain
cipher-suite all-cipher-suites
session-cache off
!
server no-graceful-shutdown
!
!
!
!

server port 80
tcp
udp

server port 8080
tcp

server port 8081
tcp

server port 8083
tcp

server port 8084
tcp

server port 8085
tcp

server port 8087
tcp

server port 8089
tcp

server port 8090
tcp

server port 8086
tcp

server source-nat-ip 192.168.5.62 255.255.255.0 192.168.5.1 port-range 2
server source-nat-ip 192.168.5.63 255.255.255.0 192.168.5.1 port-range 2 for-ssl
!
!
! Match applications traffic by url
csw-rule "r1" url prefix "/server"
csw-rule "r10" url prefix "/ftpadmin"
csw-rule "r11" url prefix "/projects"
csw-rule "r12" url prefix "/servletMaile"
csw-rule "r13" url prefix "/addbook"
csw-rule "r14" url prefix "/office"
csw-rule "r15" url prefix "/pvapp"
csw-rule "r16" url prefix "/siteB"
csw-rule "r2" url prefix "/albums"
csw-rule "r3" url prefix "/wages"
csw-rule "r4" url prefix "/forms"
csw-rule "r5" url prefix "/tickets"
csw-rule "r6" url prefix "/purchasing"
csw-rule "r7" url prefix "/statements"
csw-rule "r8" url prefix "/reports"
csw-rule "r9" url prefix "/labels"
!
!
! Forward all application traffic to ssl terminated on the 4G
csw-policy "redirect"
match "r3" redirect "*" "*" ssl
match "r4" redirect "*" "*" ssl
match "r5" redirect "*" "*" ssl
match "r6" redirect "*" "*" ssl
match "r7" redirect "*" "*" ssl
match "r8" redirect "*" "*" ssl
match "r9" redirect "*" "*" ssl
match "r10" redirect "*" "*" ssl
match "r11" redirect "*" "*" ssl
match "r12" redirect "*" "*" ssl
match "r13" redirect "*" "*" ssl
match "r14" redirect "*" "*" ssl
match "r2" redirect "*" "*" ssl
match "r1" redirect "*" "*" ssl
match "r15" redirect "*" "*" ssl
match "r16" redirect "*" "*" ssl
! Forward all application traffic to the corresponding app servers
csw-policy "wls_forward"
match "r1" forward 2
match "r3" forward 4
match "r4" forward 4
match "r5" forward 4
match "r6" forward 4
match "r7" forward 4
match "r8" forward 5
match "r9" forward 6
match "r10" forward 7
match "r11" forward 7
match "r12" forward 8
match "r13" forward 9
match "r14" forward 10
match "r2" forward 3
match "r15" forward 11
match "r16" forward 8
default forward 4
!
!
server real pvweb001 192.168.5.40
source-nat
port http
port http keepalive
port http url "GET /"
port 8080
port 8080 keepalive
port 8080 group-id 1 1
port 8080 url "GET /"
!
server real pvweb003 192.168.5.50
source-nat
port http
port http keepalive
port http url "GET /"
port 8080
port 8080 keepalive
port 8080 group-id 1 1
port 8080 url "GET /"
!
server real webtest.siteB.com 192.168.5.41
source-nat
port http
port http keepalive
port http url "GET /"
port 8080
port 8080 keepalive
port 8080 url "GET /"
!
server real webtest.siteB.com2 192.168.5.51
source-nat
port http
port http keepalive
port http url "GET /"
port 8080
port 8080 keepalive
port 8080 url "GET /"
!
server real webtest.siteC.com 192.168.5.42
source-nat
port http
port http keepalive
port http url "GET /labels/index.htm"
port 8080
port 8080 keepalive
port 8080 url "GET /labels/index.htm"
!
server real webtest.siteC.com2 192.168.5.52
source-nat
port http
port http keepalive
port http url "GET /labels/index.htm"
port 8080
port 8080 keepalive
port 8080 url "GET /labels/index.htm"
!
server remote-name wls-server 192.168.17.68
source-nat
port 8080
port 8080 keepalive
port 8080 group-id 2 2
port 8080 url "GET /server/login.jsp"
port 8086
port 8086 keepalive
port 8086 group-id 3 3
port 8086 url "GET /albums/default.htm"
port 8081
port 8081 keepalive
port 8081 group-id 4 4
port 8083
port 8083 keepalive
port 8083 group-id 5 5
port 8083 url "GET /reports/login.jsp"
port 8084
port 8084 keepalive
port 8084 group-id 6 6
port 8084 url "GET /labels/index.htm"
port 8087
port 8087 keepalive
port 8087 group-id 7 7
port 8087 url "GET /ftpadmin/index.jsp"
port 8090
port 8090 keepalive
port 8090 group-id 8 8
port 8090 url "GET /servletMailer/index.html"
port 8089
port 8089 keepalive
port 8089 group-id 9 9
port 8089 url "GET /addbook/start.do"
port 8085
port 8085 keepalive
port 8085 group-id 10 10
port 8085 url "GET /office/login.jsp"
!
server remote-name pvweb002 192.168.4.70
source-nat
port http
port http keepalive
port http url "GET /"
!
server remote-name pvweb004 192.168.4.71
source-nat
port http
port http keepalive
port http url "GET /"
!
server remote-name appsrvt 192.168.4.17
source-nat
port 8080
port 8080 keepalive
port 8080 group-id 11 11
port 8080 url "GET /pvapp/home.do"
!
!
server virtual webtest1 192.168.5.61
port default sticky
port http

port http reset-on-port-fail
port http csw-policy "redirect"
port http csw
port ssl sticky
port ssl ssl-terminate pvalentino-ssh
port ssl reset-on-port-fail
port ssl csw-policy "wls_forward"
port ssl csw
bind http pvweb001 http pvweb003 http
bind ssl wls-server 8080 wls-server 8086 wls-server 8081 wls-server 8083
bind ssl wls-server 8084 wls-server 8087 wls-server 8085 wls-server 8089
bind ssl wls-server 8090 appsrvt 8080
!
server virtual siteB 192.168.5.65
port default sticky
port http

port http reset-on-port-fail
port ssl sticky
port ssl ssl-terminate siteB-ssh
port ssl reset-on-port-fail
bind http webtest.siteB.com http webtest.siteB.com2 http
bind ssl webtest.siteB.com 8080 webtest.siteB.com2 8080
!
server virtual siteC 192.168.5.66
port default sticky
port http
port http reset-on-port-fail
port ssl sticky
port ssl ssl-terminate siteC-ssh
port ssl reset-on-port-fail
bind http webtest.siteC.com http webtest.siteC.com2 http
bind ssl webtest.siteC.com 8080 webtest.siteC.com2 8080
!
server virtual pvapptest 192.168.5.67
port default sticky
port http
port http reset-on-port-fail
bind http pvweb002 http pvweb004 http
!
!
!
!

!
vlan 1 name DEFAULT-VLAN by port
no spanning-tree
!
vlan 2 by port
tagged ethe 4
no spanning-tree
!
!
aaa authentication web-server default local
aaa authentication login default local
no enable aaa console
hostname pvlbs-4G1
ip address 192.168.5.60 255.255.255.0
ip default-gateway 192.168.5.1
ip dns domain-name pvalentino.org
ip dns server-address 192.168.1.11 192.168.1.10
logging buffered 1000
telnet server
username pvalentino password .....
snmp-server
clock summer-time
clock timezone us Central
web-management
!
!
!
!
!
!
end