/var/lib/mlocate almost 15G

Some times your machine may occupy loads of space under /var, Due to files created under  /var/lib/mlocate directory.

If you have lots and lots of files on your machine, you may want to consider pruning some paths from the database. You can do this in /etc/updatedb.conf under PRUNEPATHS. You can also prune file systems (like nfs, if you so desire).

fuse.sshfs can be added to PRUNEFS in /etc/updatedb.conf. This should have exclueded sshfs lookups

cat /etc/updatedb.conf  –> [entries in this file should be like this..]

PRUNEFS = “auto afs gfs gfs2 iso9660 sfs udf  fuse.sshfs
PRUNEPATHS = “/afs /media /net /sfs /tmp /udev /var/spool/cups /var/spool/squid /var/tmp”

By impavan

Compile Linux kernel 2.6

Compiling custom kernel has its own advantages and disadvantages. However, new Linux user / admin find it difficult to compile Linux kernel. Compiling kernel needs to understand few things and then just type couple of commands. This step by step howto covers compiling Linux kernel version 2.6.xx under  Linux distro

Note: Before getting started with the process you need to install a gcc compiler to build the kernel

Step # 1 Get Latest Linux kernel code

Visit http://kernel.org/ and download the latest source code. File name would be linux-x.y.z.tar.bz2, where x.y.z is actual version number. For example file lnux-2.6.34.tar.bz2 represents 2.6.34 kernel version. Use wget command to download kernel source code:

# cd /opt
# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-x.y.z.tar.bz2

Replace x.y.z with your version

Step # 2 Extract tar (tar.bz2) file

Type the following command:
# tar -xjvf linux-2.6.34.tar.bz2 -C /usr/src
# cd /usr/src

Now you can start kernel configuration by typing any one of the command

  • # make menuconfig – Text based color menus, radiolists & dialogs. This option also useful on remote server if you wanna compile kernel remotely.
  • #  make xconfig – X windows (Qt) based configuration tool, works best under KDE desktop
  • #  make gconfig – X windows (Gtk) based configuration tool, works best under Gnome Dekstop.

For example make menuconfig command launches following screen:

# make menuconfig

You have to select different options as per your need. Each configuration option has HELP button associated with it so select help button to get help.

Note: After selecting required options in this screen .config file will get generated. Edit the .config file by adding this option in it & save


Step # 4 Compile kernel

Start compiling to create a compressed kernel image, enter

# make bzImage

Compile kernel modules

# make modules

Install kernel modules

# make modules_install

Step # 5 Install kernel

#  make install

It will install three files into /boot directory as well as modification to your kernel grub configuration file:

  • System.map-2.6.34
  • config-2.6.34
  • vmlinuz-2.6.34

Step # 6 : Reboot computer and boot into your new kernel

# reboot


Enjoy working on newly builded kernel by yourself.


By impavan

Converting rhel to Centos


Converting rhel to centos


migration from RHEL to CentOS, done!

This is my existing Rhel login screen

features rhel

I decided to migrate to CentOS, which is compatible Enterprise Linux Vendor ;-) . It was simple and straightforward as shown on the page of the official CentOS’ wiki.

Follow the given command sequence..

cp /etc/redhat-release /etc/redhat-release.bkp

rpm -e --nodeps redhat-release-notes redhat-release yum-rhn-plugin redhat-logos

We’ve nearly there … I’ve manually downloaded on the system the three packages: centos-release, centos-release-notes and redhat-logos-X.X.XX-XX.el5.centos.noarch.rpm  and then installed them.

yum update
completed the process and here we are:


[root@localhost ~]# cat /etc/issue
CentOS release 5.7 (Final)

By impavan

Complete PAM security


Complete PAM Security


PAM: Pluggable Authentication Modules ==> Developed my sun microsystems
Pam is a suite of shared libraries that grants privileges to PAM-aware
applications, This is much grander authentication scheme.
These PAM-aware programmes can enhance your system security by using both
shadow password scheme and virtually any other authentication scheme.

Process of PAM authentication:
1) User tries to access particular application
2) This PAM-aware application calls the underlying PAM libraries to perform the authentication
3) PAM libraries looks up an application-specific configuration file in /etc/pam.d/ directory
and it checks what type of authentication required for the application.
4) PAM  checks and loads the  required authentication modules
5) These modules make PAM To communicate with the conversation functions available in the application  & requests the password
and the user provides the password
6) PAM checks the authentication process and does one of the following
a) Grants the requested privileges
b) Informs the user that the process failed

Working with a PAM configuration file:

==> PAM-aware programmes include their own configuration file’s in /etc/pam.d directory & it checks for
    the pam modules present in /lib/security

==> PAM config file for an application will be having the following fields
    module-type     control-flag     module-path    module-args

:Module-type: 1) Auth – it does the authentication, this module requires password (or) any other identity from the user..
          2) Account – This module check whether the user access met all the guidelines (it checks whether the user is accessing the service
            from a secure host and specified time)
          3) Password – Sets password
          4) Session – Handles session management tasks
:Control-flags: 1) Required – This flag tells the PAM library to require the success of the module specified in the same, When the module returns a
        response indicating failure it fails & it continues with other modules
        2) Requisite – This flag tells the PAM library to abort the authentication process as soon as the PAM library receives
                failure response
        3) sufficient – This flag tells the PAM library to continue if it receives a success response & proceeds with other modules
        4) optional –  This flag is hardly used. It removes the emphasis on the success or failure response of the module

If no pam configuration file for an application is found, It uses the default  /etc/pam.d/other file which pam_deny module which
always returns failure status

Note: This configuration management issue has been addressed with the recent introduction of a PAM module called pam_stack.so

Using various PAM Modules to enhance security

a) pam_access.so :: this module uses the /etc/security/access.conf file, It contains the following fields

                permission :   users     : origins
                  __ or +    username     tty or host

Useful    Examples  1) Disallow non-root logins on tty1
                -:ALL EXCEPT root:tty1
          2) Disable the console login for expcept few
                -: ALL EXCEPT john sam : LOCAL
          3)  User “root” should be allowed to get access from hosts with ip addresses.
               + : root :
               + : root :

b) pam_cracklib.so::  checks the password strenth of a password using the crack library

c) pam_deny.so :: It always return false, it uses /etc/pam.d/other  configuration to deny access

d) pam_env.so :: this module checks the enviroinmental modules ( /etc/security/pam_env.conf )

e) pam_group.so :: this is a group access module that uses the /etc/security/group.conf file to provide group access to services

f) pam_limits.so :: This modules sets resource  limits using  /etc/security/limit.conf

By impavan