Fixing the BIND (named) Service Bug – Generating /etc/rndc.key

I must admit, I have never had this bug for a very loong time. I thought It must have been fixed or rather removed all together. It was first reported with RHEL 6.1 and was removed as commented here by the developers.

However, I came accross this bug again while trying configure one of my DNS servers running on CentOS 6.3. The DNS (named) service always stopped on the following


#service named restart

Generating /etc/rndc.key:


Just exceute the following command:

#rndc-confgen -a -r /dev/urandom

and if you’re runing chroot under /var/named/chroot, you must add “-t /var/named/chroot” to the command above. It should look like this:

#rndc-confgen -a -r /dev/urandom -t /var/named/chroot

More description to rndc-confgen can be found here

You should be able to start DNS (named) service after executing these commands.

Good luck 😉

Posted in Linux and tagged , , , , by with 2 comments.

CentOS 6.3 NetInstall

Download the network installation iso file and burn to CD.

Place the CD in the CD-Rom and reboot the system.

When ask to select the network install method, choose “HTTP” and enter the following:

1) for 32 Bit
Directory: centos/6.3/os/i386

2) for 64 Bit
Directory: centos/6.3/os/x86_64

Posted in CentOS, Linux, Linux Installation and tagged , , , by with comments disabled.

Add Gnome/Gui to a Minimal CentOS 6.3 Linux System

I recently used the netinstall CentOS CD to install one of my Linux systems. During the installation process, I decided to install CentOS 6.3 minimal to quiken the overall install process. After the successful installation, I decided it was time to add Gnome/GUI to the system. The following were the steps taken to achive this task.

First, it is worth mentioning that there are two versions of this installation.

a.) Short version

b.) Long version



a. ) Short version:

Start a new terminal and enter the following:

yum -y groupinstall basic-desktop basic-platform x11 fonts

b.) Long version:

yum -y install “Desktop” “Desktop Platform” “X Window System” “Fonts”


That’s it! It will work regardless the method used 😉

Posted in CentOS, Linux, Linux Installation and tagged , , , , , by with comments disabled.

Knowledgebase – Useful Links


1.) Linux Servers:

2.) Fix FTP Passive mode Problems:

3.) Ways to add swap space using ‘dd’:

4.) CentOS 6.3 Netinstall Guide:

5.) Linux User Guide:



Posted in Linux, Networking, Web Design, Windows and tagged , by with comments disabled.

How Fix VsFTPD Passive Errors On CentOS (Works On Any Linux Distro.)

While trying to connect to my VsFTPD server on CentOS Linux, I got errors “connection time out, Failed to retrieve directory listing”. The reason for this is that, passive mode connects to random ports above 1023 and if you use iptables like in my case, these ports has to be opened otherwise the above errors will occure. One approach to resolving this issue is to enable passive mode, lock down the FTP server to a port range (to serve as random ports) and open the port range in the firewall. Below are the steps I took:

1.) Edit vsftpd.conf and add the following (vi /etc/vsftpd/vsftpd.conf)





2.) Specify which IP address VsFTPD will advertise in response to passive connections

     pasv_address={your public IP address}

     Note: If you have two network interfaces, specify the IP address for the one poniting outside network

              Example: EXT=         INT=

              You have to specify and add “pasv_address=” to the lines above

OR If you don’t have afixed elastic IP address:

      pasv_addr_resolve={your public domain or DNS}

3.) Open the required ports in iptables

      First open die standard port range 20 to 21 by adding this lines to your iptables

      iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 20:21 -j ACCEPT

      iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 10000:10100 -j ACCEPT

4.) Restart vsftpd

     /etc/init.d/vsftpd restart

That’s it! Your passive connections should work without errors

The idea came from

Posted in Linux, VsFTP and tagged , , , by with comments disabled.

HowTo Disable the “ZEROCONF” in Linux

Most linux distribution uses the zero configuration network ( ZEROCONF) suite to automatically configure themselves and communicate on a network without the need of DHCP or DNS servers. ZEROCONF is an IETF organ that planned and coordinated a series of dynamic protocols to allow many operating systems to automatically configure themselves.


ZEROCONF commonly referred to as IPv4 Link-Local (IPv4LL) and Automatic Private IP Addressing (APIPA) utilises the network address to auto-configure a network interface. It uses a series of unanswered “ARP” queries and then assumes an address if the queries yield an empty result. As a result, a route to the ZEROCONF network is added to the routing table by the network initscripts. Example:

The ZEROCONF route

ZEROCONF can be disabled by adding the following entry to the “/etc/sysconfig/network” configuration file.


[bash] # vi /etc/sysconfig/network
NOZEROCONF=yes or no (either answer will disable the “ZEROCONF route”)

It is important to note that the value of the “NOZEROCONF” parameter can actually be set to any value. The initscripts can only check to determine whether the parameter has a zero length or not. In other words, setting “NOZEROCONF=no” will have the same effect as setting it to “yes”. In order to reactivate ZEROCONF, the above entry “NOZEROCONF=yes/no” will have to either be commented out or removed entirely.

The network service must be restarted for the changes above to take effect.

[bash] # vi /etc/init.d/network restart

To see if the ZEROCONF route has been disabled, we have to check the routing table again.

The IP routing table

If you ever wonder and want to know more about the the makeup and history of the ZEROCONF, check this very informative zeroconf article written by John C. Welch and this zeroconf article on wikipadia.

Posted in CentOS, ESX, ESXi, Linux and tagged , by with comments disabled.

How to Create a Swap File

A swap file is an ordinary file that is in noway special to the kernel. The purpose of the swap file is to reserve the disk space so that the kernel can quickly swap out a page without having to go through all the things that are necessary when allocating a disk sector to a file.Because a hole in a file means that there are no disk sectors allocated (for that place in the file), it is not good for the kernel to try to use them.

In order to create the swap file without holes, use the following command:

1.) Assuming we want to create a swap file with 2GB size (1024 x 1024 x 2 = 2097152).

[bash]# dd if=/dev/zero of=/swapfile bs=1024 count=2097152

     where if is source, of is output file for dd to write to which is /swapfile in this case, bs is read/write byte size at a time and count is number of blocks.

2.) The next step is to make it a swap file

[bash]# mkswap /swapfile

3.) Activate the swap file

[bash]# swapon /swapfile

4.) Check the newly created swap space usinf free or top

[bash]# free -m


[bash]# top

5.) Write it to fstab to make it available for the system even after a reboot

[bash]# echo swapfile swap swap defaults 0 0 >> /etc/fstab


**) Using cat give you the following output:

[bash]# cat /etc/fstab
/swapfile1 swap swap defaults 0 0

Posted in CentOS, ESX, ESXi, Linux and tagged , by with comments disabled.

How to correctly configure CUPS



This tutorial describes how to install a Linux print server with CUPS. It also covers the installation and configuration of printer drivers on the print server using samba share as well as the printer setup on a Windows 2000 (or higher) client


CUPS – Common Unix Printing System is a modular printing system for unixlike computer operating system which allows a computer to act as a print-server. A computer running CUPS is a host that accept print jobs from client computers, process them and send them to the appropriate printers.

CUPS was initially developed by a guy called Michael Sweet and the protocol used back then was LPD. Due to LPD limitations and vendors incompactibility, it was replaced with IPP (internet printing protocol). CUPS was quickly adopted by various linux distributions as the default printing system. Notable among them were Red Hat Linux, Fedora, SuSE, Mandrake and in March 2002, Apple joined (using CUPS as printing system for Mac OS X 10.2). In February 2007, Apple hired chief developer Michael Sweet and purchased CUPS source code.

Now, let’s proceed with the step-bystep installing and configuring CUPS

Step #1 – Install cups service

a.) # su –

b.) # yum -y install cups

Step #2 – Configuration

a.) # vi /etc/cups/cupsd.conf

The default CUPS configuration limits access only to the local machine (cups server). If you wish to open up the access, edit /etc/cups/cupsd.conf and comment out the following lines:

Order deny, allow

Deny from all

Allow from

b.) #vi /etc/cups/cupsd.conf

I’m not sure if this is advicable but if you wish to avoid password authentication, you need to edit and comment out the following lines:

AuthType Basic

AuthClass System

These lines above restrict the printer access to system users.

Step #3 – Restart the CUPS server

# service cups restart

To be continued…

Posted in Linux, Linux Installation, samba and tagged , , by with comments disabled.

Accessing the console and enabling SSH in ESXi 4.0

SSH in ESXi 4.0 is by default disabled. The following steps illustrate how to enable the SSH service in ESXi 4.0 server. Steps 1-3 are needed ONLY if you just want to access the ESXi console and whereas, steps 4-6 additionally show you how to enable SSH in ESXi server.


1.) On the ESXi server keyboard, press ALT-F1 to access the console window.

2.) Enter unsupported and press Enter. Note that you will not see the text typed in.

3.) If the unsupported text was typed in correctly, you should see the Tech Support Mode warning and a password prompt. Enter the root password and press Enter

4.) You should now be able to see the prompt ~#. Type vi /etc/inetd.conf in the console to edit the file.

5.) Search in the file for line that begin with #ssh and remove the #. Save the file afterwards. Just in case you’re new to the vi editor, move the cursor down to the lines that begin with #ssh and press “i” key for insert. Move the cursor over one space and then hit the backspace to delete the #. Press the ESC key to escape the insert mode. Type :wq and Enter to save the file and exit vi editor.

6.) You can either restart the host or restart the inetd process after closing the vi editor. To restart inetd process, type ps | grep inetd on the console to determine the inetd process ID. The output should look like this:

1234 1234 ZeusBox      inetd (This clearly shows that the process ID is 1234).

Then, run kill -HUP
i.e. kill -HUP 1234 as in our example. Thereafter, you should be able to access the host via SSH.

Note: With some applications like WinSCP, the default encryption cipher used is AES. You will see significantly faster transfers if you change that to Blowfish.

Changing the port for SSH

To change the port for SSH, edit the file /etc/services and change the SSH port listed in the file. Save the file and repeat the step 6 above.

Enable Telnet

While it is NOT generally recommended to enable Telnet, there may be circumstances whereby it is necessary. If this is the case, the steps are the same with SSH by removing the # from the two telnet entries in /etc/inetd.conf. 

 You can also download an oem.tgz file which will enable SSH (and FTP). Copy the file to a datastore with the VI client and then to bootbank with the command cp /vmfs/volumes//oem.tgz /bootbank/oem.tgz and then reboot. 

Enable SSH access for a non-root account

Use the following process to enable SSH access for a non-root account

1.) Login to the ESXi server using SSH or directly the console with the root account

2.) Create a new account with the following command: useradd -M -d/. This will set the home directory to / instead of /home.

3.) Set the new user password using passwd .

4.) Edit the passwd file with vi /etc/passwd. On the line for the new user, change the /bin/sh at the end of the line to /bin/ash. Save the file and exit. The example below illustrates how the file should look like after editing:

nfsnobody:x:65534:65534:Anonymous NFS User:/:/sbin/nologin
dcui:x:100:100:DCUI User:/:/sbin/nologin
test1:x:500:500:Linux User,,,:/:/bin/ash

Now, you should be able to connect with SSH using the new account.

Disable SSH access for the root account

If you have created non-root accounts for SSH access you can disable root access via SSH. Edit the /etc/inetd.conf file using the initial procedure described earlier on this page and add the option -w after the -i option. The line in inetd.conf will appear similar to the one below.

ssh stream tcp nowait root /sbin/dropbearmulti dropbear ++min=0,swap,group=shell -i -w -K60

Once you have made the change, save the file and run the kill -HUP command as described above to restart the inetd process. You will now be able to login with a non-root account, but will get access denied if you use a root account. Once you have established a SSH session with your non-root account you can issue the command su – to switch to the root account.

Posted in ESX, ESXi, Linux, VMware and tagged , , , , by with comments disabled.

CentOS 5.8 NetInstall

Download the network installation iso file and burn to CD.

Place the CD in the CD-Rom and reboot the system.

When ask to select the network install method, choose “HTTP” and enter the following:

1) for 32 Bit
Directory: centos/5.8/os/i386

2) for 64 Bit
Directory: centos/5.8/os/x86_64

Posted in CentOS, Linux, Linux Installation and tagged , , , by with comments disabled.