Thursday, November 29, 2012

Cannot retrieve repository metadata (repomd.xml) for repository: updates. Please verify its path and try again 


Error: Cannot retrieve repository metadata (repomd.xml) for repository: updates. Please verify its path and try again

If you see this kind of error intially you don't do anything just reboot the server. This might work for you.
After the reboot try the “yum update” command.
But if you getting same error after the reboot then try the below.
  1. vi /etc/yum.repos.d/fedora.repo
  2. Comment out the “baseurl”.
  3. Save it and exit.
  4. Then try to reboot and run the yum update command.

Then you should be able to update your servers.

If it still having the same then if you having proxy on your network you can try out with that with the below configuration changes.

  1. vi /etc/yum.conf
  2. Add to this line “proxy=http://192.168.1.8:3128
Then save and reboot with those configuration you should be able update your repository.

Posted by at No comments:

Monday, November 19, 2012

Edit Virtual Machine Startup and Shutdown Settings

You can configure virtual machines running on an ESXi host to start up and shut down with the host. You can also set the default timing and startup order for selected virtual machines. This ability allows the operating system to save data when the host enters maintenance mode or is being powered off for another reason. This setting is disabled when DRS cluster is enabled.
Procedure
1. In the vSphere Client inventory, select the host where the virtual machine is located and click the Configuration tab.
2. Under Software, click Virtual Machine Startup/Shutdown and click Properties.
The Virtual Machine Startup and Shutdown dialog box opens.
image



3. Select Allow virtual machines to start and stop automatically with the system.

image


image



Posted by at No comments:

Friday, November 9, 2012

Configure fail2ban in Fedora server

If you need to monitor or mail the unauthorized login to linux server fail2ban is perfect tool for that purpose. It will trace the unauthorized access by looking at secure log file and will mail it to mention email address ( by default root ).

To install fail2ban use the yum command
  • yum -y install fail2ban
Change the configuration settings

Need to configure below files in roder to work fail2ban properly.

  1. /etc/fail2ban/jail.conf
  2. /etc/fail2ban/action.d/sendmail-whois.conf
  3. /etc/fail2ban/filter.d/sshd.conf

First go to jail.conf file and change the below configuration

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1

Add your internal IP range to the ignore IP address

# "bantime" is the number of seconds that a host is banned.
bantime = 600

The defualt ban time is 10 minutes and if you want to increase banned time then change above setting and time calculate in Seconds.

# "maxretry" is the number of failures before a host get banned.
maxretry = 3
Either you can change maxretry level here or in particular service directory which will meet u below.

# This jail corresponds to the standard configuration in Fail2ban 0.6.
# The mail-whois action send a notification e-mail with a whois request
# in the body.

[ssh-iptables]

enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=chamara@nic.lk, sender=fail2ban@ukusu.nic.lk]
logpath = /var/log/secure
maxretry = 3

In the above settings enabled should be true and in dest and sender you should edit as necessary to enable your mail fascility. Even if you didn't mention mail IDs then it will forwarded to root mail folder.
Note : If you use diffenrnt port and different protocol for SSH then you should port=ssh and protocol=tcp accordingly.

In sendmail-whois.conf comment the bewlo lines if you don not need the fail2ban service start and stop mails.

#actionstart = printf %%b "Subject: [Fail2Ban] <name>: started
# From: Fail2Ban <<sender>>
# To: <dest>\n
# Hi,\n
# The jail <name> has been started successfully.\n
# Regards,\n
# Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>

# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
#actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped
# From: Fail2Ban <<sender>>
# To: <dest>\n
# Hi,\n
# The jail <name> has been stopped.\n
# Regards,\n
# Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>


In sshd.conf just go through that file and check if there is unwanted filtering for ssh ban.

Enjoy with the fail2ban service for SSH. 
Posted by at No comments:
Subscribe to: Posts (Atom)