How to do Remote Desktop to Linux Box (RDP)

Often we need into a situation where we want to do a remote desktop to Linux Machines, there are plenty of ways to access Linux Machines remotely

One of them is XRDP, its a lightweight server you install on Linux box and from Windows you can do RDP to your linux Box.

Here are 5 easy steps to install and configure on your Linux Box

01. Download the source code from 
http://sourceforge.net/projects/xrdp/?source=directory


02.  copy the contents to /usr/locale
       cp xrdp.x.x.tar.gz /usr/local

03.  gunzip -c xrdp.x.x.tar.gz | tar xvf -
04.  change to the xrdp directory and run
./bootstrap
./configure
make
then as root
make install

05. To Start XRDP, go to /etc/xrdp

./xrdp.sh start

To Sto p

./xrdp.sh stop


From Windows machine, you can do mstsc/RDP to the linux  box now :)  
 

How to Disable SELinux

You've setup a new system, or installed something new on your Linux system and its not working. You get the feeling that SELinux is the cause of the problem. This page was written to help.

Contents

      Overview
      Should you really disable SELinux?
      Temporarily switch off enforcement
      Permanently Permissive
      Fully Disabling SELinux
      Re-Enabling SELinux

Overview

SELinux has two major components on your system. There's the kernel mechanism which is enforcing a bunch of access rules which apply to processes and files. And secondly, there's file labels : every file on your system has extra labels attached to it which tie-in with those access rules. Run ls -Z and you'll see what I mean.

Should you really disable SELinux?

Be aware that by disabling SELinux you will be removing a security mechanism on your system. Think about this carefully, and if your system is on the Internet and accessed by the public, then think about it some more. Joshua Brindle (an SELinux developer) has comments on disabling SELinux here, which states clearly that applications should be fixed to work with SELinux, rather than disabling the OS security mechanism. 
You need to decide if you want to disable SELinux temporarily to test the problem, or permanently switch it off. It may also be a better option to make changes to the policy to permit the operations that are being blocked - but this requires knowledge of writing policies and may be a steep learning curve for some people. For the operating system as a whole, there is two kinds of disabling:

• Permissive - switch the SELinux kernel into a mode where every operation is allowed. Operations that would be denied are allowed and a message is logged identifying that it would be denied. The mechanism that defines labels for files which are being created/changed is still active.
• Disabled - SELinux is completely switched off in the kernel. This allows all operations to be permitted, and also disables the process which decides what to label files & processes with.

Disabling SELinux could lead to problems if you want to re-enable it again later. When the system runs with file labelling disable it will create files with no label - which could cause problems if the system is booted into Enforcement mode. A full re-labelling of the file system will be necessary.

Temporarily switch off enforcement

You can switch the system into permissive mode with the following command:

echo 0 >/selinux/enforce

You'll need to be logged in as root, and in the sysadm_r role:

newrole -r sysadm_r

To switch back into enforcing mode:

echo 1 >/selinux/enforce

In Fedora Core and RedHat Enterprise Linux you can use the setenforce command with a 0 or 1 option to set permissive or enforcing mode, its just a slightly easier command than the above.

To check what mode the system is in,

cat /selinux/enforce

which will print a "0" or "1" for permissive or enforcing - probably printed at the beginning of the line of the command prompt. 

Permanently Permissive

The above will switch off enforcement temporarily - until you reboot the system. If you want the system to always start in permissive mode, then here is how you do it.

In Fedora Core and RedHat Enterprise, edit /etc/selinux/config and you will see some lines like this:

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of enforcing.

# disabled - No SELinux policy is loaded.

SELINUX=enforcing

# SELINUXTYPE= can take one of these two values:

# targeted - Only targeted network daemons are protected.

# strict - Full SELinux protection.

SELINUXTYPE=targeted

... just change SELINUX=enforcing to SELINUX=permissive, and you're done. Reboot if you want to prove it.

For the other Linuxes which don't have the /etc/selinux/config file, you just need to edit the kernel boot line, usually in /boot/grub/grub.conf if you're using the GRUB boot loader. On the kernel line, add enforcing=0 at the end. For example,

title SE-Linux Test System

   root (hd0,0)

   kernel /boot/vmlinuz-2.4.20-selinux-2003040709 ro root=/dev/hda1 nousb enforcing=0

   #initrd /boot/initrd-2.4.20-selinux-2003040709.img

Fully Disabling SELinux

Fully disabling SELinux goes one step further than just switching into permissive mode. Disabling will completely disable all SELinux functions including file and process labelling.

In Fedora Core and RedHat Enterprise, edit /etc/selinux/config and change the SELINUX line toSELINUX=disabled:

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of enforcing.

# disabled - No SELinux policy is loaded.

SELINUX=disabled

# SELINUXTYPE= can take one of these two values:

# targeted - Only targeted network daemons are protected.

# strict - Full SELinux protection.

SELINUXTYPE=targeted

... and then reboot the system.

For the other Linuxes which don't have the /etc/selinux/config file, you just need to edit the kernel boot line, usually in /boot/grub/grub.conf, if you're using the GRUB boot loader. On the kernel line, add selinux=0 at the end. For example,

title SE-Linux Test System

        root (hd0,0)

        kernel /boot/vmlinuz-2.4.20-selinux-2003040709 ro root=/dev/hda1 nousb selinux=0

        #initrd /boot/initrd-2.4.20-selinux-2003040709.img

You will have to reboot to disable SELinux, you just can't do it while the system is running. 

Re-Enabling SELinux

If you've disabled SELinux as in the section above, and you want to enable it again then you've got a bit of work to do. The problem will be that files created or changed when SELinux was disabled won't have the correct file labels on them - if you just reboot in enforcing mode then a lot of stuff won't work properly.

What you need to do is to enable SELinux by editing /etc/selinux/config (for Fedora/RedHat) or by addingselinux=1 to the kernel boot line, then boot into permissive mode, then relabel everything, and then reboot into (or simply switch to) enforcing mode.

After booting into permissive mode, runfixfiles relabel

Alternatively, in Fedora and RedHat Enterprise Linux you can runtouch /.autorelabeland reboot or putautorelabelon the boot command line - in both cases the file system gets a full relabel early in the boot process. Note that this can take quite some time for systems with a large number of files.

After relabelling the filesystem, you can switch to enforcing mode (see above) and your system should be fully enforcing again. 

sestatus command to check the status of SELINUX

Setting up VNC Server on Linux

                                                           [  OK  ]
From-Server-Side

Confirm the package is installed

[root@pun-lnx-rds11 sysconfig]# rpm -qa | grep vnc-server
vnc-server-4.1.2-14.el5_3.1

[root@pun-lnx-rds11 sysconfig]# pwd
/etc/sysconfig

Note: Take backup of vncservers file.

Step 1:
vi vnservers

Modify the below settings

VNCSERVERS="1:root 2:vwadekar"
 VNCSERVERARGS[1]="-geometry 800x600"
 VNCSERVERARGS[2]="-geometry 1280x1024"

Step 2:
[root@pun-lnx-rds11 sysconfig]# chkconfig --list vncviewer
error reading information on service vncviewer: No such file or directory
[root@pun-lnx-rds11 sysconfig]# chkconfig --list vncserver
vncserver       0:off   1:off   2:off   3:off   4:off   5:off   6:off

Step 3:
[root@pun-lnx-rds11 sysconfig]# chkconfig vncserver on
[root@pun-lnx-rds11 sysconfig]# chkconfig --list vncserver
vncserver       0:off   1:off   2:on    3:on    4:on    5:on    6:off

Step 4:
vncpasswd
Password:
Verify:

[root@pun-lnx-rds11 sysconfig]# service vncserver start
Starting VNC server: 1:root
New 'pun-lnx-rds11.bmc.com:1 (root)' desktop is pun-lnx-rds11.bmc.com:1

Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/pun-lnx-rds11.bmc.com:1.log

2:vwadekar
New 'pun-lnx-rds11.bmc.com:2 (root)' desktop is pun-lnx-rds11.bmc.com:2

Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/pun-lnx-rds11.bmc.com:2.log

 From Client Side #

While connecting to Vncviewer, try giving :2 for the second user and :1 for the first user

Create Database Script

name the script as crdb.sh and to create a db use below command

sh crdb.sh vaibhav

Note: It will create database vaibhav
===============
#!/bin/bash

if [ $# -ne 1 ]; then
echo "You must enter the name of the database"
exit
fi

db=$1

rm -rf /u01/app/oracle/admin/$db

mkdir /u01/app/oracle/admin/$db/
mkdir /u01/app/oracle/admin/$db/bdump
mkdir /u01/app/oracle/admin/$db/cdump
mkdir /u01/app/oracle/admin/$db/udump
mkdir /u01/app/oracle/admin/$db/pfile

chmod -R 1770 /u01/app/oracle/admin/$db/


mkdir /u01/app/oracle/oradata/$db/
chmod -R 1770 /u01/app/oracle/oradata/$db/
rm -f /u01/app/oracle/oradata/$db/*



echo "db_name=$db
compatible=10.2.0
instance_type=rdbms
instance_name=$db
sga_target=250m
sga_max_size=300m
background_dump_dest='/u01/app/oracle/admin/$db/bdump'
user_dump_dest='/u01/app/oracle/admin/$db/udump'
core_dump_dest='/u01/app/oracle/admin/$db/cdump'
undo_management=auto
undo_tablespace=undotbs
db_recovery_file_dest='/u01/app/oracle/oradata/$db_flash_recovery'
db_recovery_file_dest_size=3G
log_archive_format=%t_%s_%r.arc
control_files='/u01/app/oracle/oradata/$db/control01.ctl','/u01/app/oracle/oradata/$db/control02.ctl'" > /u01/app/oracle/admin/$db/pfile/init$db.ora


export ORACLE_SID=$db
sqlplus "/ as sysdba" <shutdown abort
startup nomount pfile='/u01/app/oracle/admin/$db/pfile/init$db.ora';
create database $db
controlfile reuse
Maxinstances 1
Maxloghistory 1
Maxlogfiles 10
Maxlogmembers 4
Maxdatafiles 100
Datafile '/u01/app/oracle/oradata/$db/system01.dbf' size 250M
sysaux datafile '/u01/app/oracle/oradata/$db/sysaux01.dbf' size 100M
character set WE8MSWIN1252
noarchivelog
logfile
group 1 ('/u01/app/oracle/oradata/$db/redo_01.log') size 10M,
group 2 ('/u01/app/oracle/oradata/$db/redo_02.log') size 10M
undo tablespace UNDOTBS datafile
'/u01/app/oracle/oradata/$db/undotbs_01.dbf' size 20M
default temporary tablespace TEMP
tempfile '/u01/app/oracle/oradata/$db/temp_01.dbf' size 20M;

@$ORACLE_HOME/rdbms/admin/catalog.sql
@$ORACLE_HOME/rdbms/admin/catproc.sql

EOF
===============

Oracle Backup/Recovery Scenarios Discussed

how to put database in an archive log mode
-------------------------------------------
log_archive_dest=/u01/app/arch
log_archive_format=vaibhav_%r_%t_%s.arc
shutdown normal
startup mount
alter database archivelog;
alter database open;

How to check if the database is archiving correctly
----------------------------------------------------
archive log list;
select log_mode from v$database;
ls -l /u01/app/arch

How to manually do a log switch
-------------------------------
alter system switch logfile;


How to manually perform a checkpoint
-------------------------------------
alter system checkpoint;

How to find out which redo log group is current
-----------------------------------------------
select group#, status from v$log;


How to take a hot backup
-------------------------
export ORACLE_SID=vaibhav

sqlplus / <alter tablespace sysaux begin backup;
host cp /u01/app/oracle/oradata/data/sysaux01.dbf /backup/sysaux01.dbf
alter tablespace sysaux end backup;

alter tablespace system begin backup;
host cp /u01/app/oracle/oradata/data/system01.dbf /backup/system01.dbf
alter tablespace system end backup;

alter tablespace undotbs begin backup;
host cp /u01/app/oracle/oradata/data/undotbs01.dbf /backup/undotbs01.dbf
host cp /u01/app/oracle/oradata/data/undotbs02.dbf /backup/undotbs02.dbf
alter tablespace undotbs end backup;

alter database backup controlfile to '/backup/c_backup.ctl';
alter database backup controlfile to trace;

alter system archive log current;

host cp /u01/app/oracle/oradata/arch/* /backup/

EOF

cp initvaibhav.ora /backup
cp spvaibhav.ora /backup
cp listener.ora /backup
cp tnsnames.ora /backup
cp password_file /backup
cp altervaibhav /backup




What to do when one datafile of a running database is corrupted
-----------------------------------------------------------------
1. sql> alter database datafile '/u01/app/oradata/user01.dbf' offline;
2. restore the datafile from backup
$ cp /backup/user01.dbf /u01/app/oradata/user01.dbf
3. sql> recover datafile '/u01/app/oradata/user01.dbf';
The above command will ask for archive log files. You just press
ENTER if archive log files are in the log_archive_dest diretory.
4. sql> alter database datafile '/u01/app/oradata/user01.dbf' online;



What to do when system or undo datafile of a running database is corrupted
--------------------------------------------------------------------------
1. sql> shutdown abort;
2. restore the system or undo datafile from backup
$ cp /backup/system01.dbf /u01/app/oradata/system01.dbf
3. sql> startup mount;
4. sql> recover datafile '/u01/app/oradata/system01.dbf';
The above command will ask for archive log files. You just press
ENTER if archive log files are in the log_archive_dest diretory.
5. sql> alter database open;

What to do when one control file out of two is corrupted
---------------------------------------------------------
1. sql> shutdown abort
2. $ cp /u01/app/oradata/c1.ctl /u01/app/oradata/c2.ctl
3. sql> startup <== instance recovery will happen at this time


What to do when a temp file is lost
------------------------------------
1. sql> create temporary tablesapce temp_new tempfile
'/u01/app/oradata/tenp_new01.dbf' size 100M;
2. sql> alter database default temporary tablespace temp_new;
3. sql> drop temporary tablespace temp;


What to do when one member of a current redo group is lost
-------------------------------------------------------------
1. Make the current redo group a non-current group by doing
a manual log switch
SQL> alter system switch logfile;
2. Copy the good member over the bad/lost member
$ cp /u01/app/oradata/redo01_a.log /u01/app/oradata/redo01_b.log

Note: The database will keep on running without any issues. The alert
log file will show the error message that lgwr is unable to
write to the lost member of the group.

What to do when one of the archived log file is lost
-------------------------------------------------------------------------
When an archived log file is lost, you will not have any problem for the
running database. In this situation take a fresh backup immediately to
avoid inability to recover from any crash.

The problem will come if you have lost an archive log file and a data file
at the same time. In this situation you can perform only incomplete recovery
till the last SCN in the archived log file created prior to the lost one.



What to do when both control files are lost (incomplete recovery)
-----------------------------------------------------------------
Note: There is no data loss even if we call this an incomplete
recovery
1. sql> shutdown abort
2. Restore controlfile from its backup
$ cp /backup/c_backup.ctl /u01/app/oradata/c1.ctl
$ cp /backup/c_backup.ctl /u01/app/oradata/c2.ctl
4. sql> startup mount;
3. restore all data files
$ cp /backup/system01.dbf /u01/app/oradata/system01.dbf
$ cp /backup/sysaux01.dbf /u01/app/oradata/sysaux01.dbf
$ cp /backup/undo01.dbf /u01/app/oradata/undo01.dbf
4. All archive log file generated after the last backup must
be present in the log_archive_dest directory
sql> recover database using backup controlfile;
- The above command will ask for archive log files. You just press
ENTER if archive log files are in the log_archive_dest diretory.
- When the last archived log file is asked, enter the name of the
redo file.
- To find the name of the current redo file query v$log and v$logfile
SQL> select member
from v$log l,
v$logfile lf
where l.group# = lf.group#
and l.status = 'CURRENT';

5. sql> alter database open resetlog;
The above command will start a new incarnation of the database.
i.e. the log sequence number will start from 1.
This command will clear any contents of all online redo groups. If
the redo group is not present it will be created.
Even though the Log Sequence Number is reset to 1, the SCN does not
get reset to 1
6. You should take a new backup to have the ability to recover
from any further crashes.

What to do when all copies of current redo are lost (incomplete recovery)
-------------------------------------------------------------------------
Note : There would be a data loss
1. sql> shutdown abort
4. sql> startup mount;
3. restore all data files
$ cp /backup/system01.dbf /u01/app/oradata/system01.dbf
$ cp /backup/sysaux01.dbf /u01/app/oradata/sysaux01.dbf
$ cp /backup/undo01.dbf /u01/app/oradata/undo01.dbf
4. All archive log file generated after the last backup must
be present in the log_archive_dest directory
sql> restore database until scn 99999 ;
- The above command will ask for archive log files. You just press
ENTER if archive log files are in the log_archive_dest diretory.
Note: Use v$log to find 99999
SQL> select first_change# -1 from v$log where status = 'CURRENT';
5. sql> alter database open resetlog;
The above command will start a new incarnation of the database.
i.e. the log sequence number will start from 1.
This command will clear any contents of all online redo groups. If
the redo group is not present it will be created.
Even though the Log Sequence Number is reset to 1, the SCN does not
get reset to 1
6. You should take a new backup to have the ability to recover
from any further crashes. You can delete all older backups and
archive log files.


Related views
---------------
select * from v$log;
select * from v$logfile;
select * from v$datafile;
select * from v$controlfile;
select * from v$archived_log;
select file#, checkpoint_change# from v$datafile_header;
select current_scn from v$database;



Command RMAN Commands
----------------------
export ORACLE_SID=abcd
rman target /
report schema
backup database
backup database plus archivelog all;
backup database format '/tmp/%d_%s_%p.bak'
backup archivelog all
backup current controlfile
list backup
delete backupset 6
delete force backupset