How to Install Any OS Using IPMI: A Step-by-Step Guide

IPMI (Intelligent Platform Management Interface) is a powerful tool that allows remote management of servers, including OS installation. While it can be intimidating due to its quirks, this guide will walk you through the process of installing an operating system via IPMI with practical solutions to common challenges.

---

What is IPMI, and Why Use It?

IPMI enables administrators to manage servers remotely, offering features like virtual KVM (Keyboard, Video, Mouse) access. This is particularly useful for installing an OS when physical access to the server is not possible. With the right tools and steps, you can use IPMI to set up your server from scratch.

---

What You’ll Need

1. IPMI Access: Credentials and web interface details from your hosting provider.
2. Java: Required to open .jnlp files for the console viewer.
3. Netboot.xyz ISO: A versatile bootloader for network-based OS installation.
4. SSH Access: Needed to create a secure tunnel if accessing IPMI remotely.

---

Step-by-Step Instructions

1. Set Up IPMI Viewer

If the default IPMI viewer is unreliable (e.g., crashing or failing to mount ISOs), use an alternative like BrendanHalley/ipmi_jessie_viewer:

1. Clone and install the viewer:

   git clone https://github.com/BrendanHalley/ipmi_jessie_viewer.git
   cd ipmi_jessie_viewer
   ./install.sh
   

2. Launch the viewer to access IPMI on your server.

---

2. Create an SSH Tunnel

For secure remote access to IPMI:

1. Set up an SSH tunnel:

   ssh -L 8080:localhost:8080 user@remote-server
   

2. Open http://localhost:8080 in your browser to access the IPMI Viewer.

---

3. Remove Nullroute and Access IPMI

• If your server’s IP is blocked by a nullroute, remove it through your firewall settings or contact your hosting provider.
• Use tools like NoVNC if you prefer a browser-based IPMI experience.

---

4. Download Netboot.xyz

1. Visit Netboot.xyz Downloads.
2. Download the ISO file to your local system. This will serve as your bootloader for OS installation.

---

5. Access the IPMI Console

1. Log into the IPMI web interface.
2. Navigate to the Remote Console or a similarly named section (varies by vendor).
3. Download the .jnlp file for the console.
4. Open the .jnlp file with Java to launch the IPMI console.

---

6. Mount the ISO and Reboot

1. In the IPMI console, mount the netboot.xyz.iso file as virtual media.
2. Reboot the server to boot from the ISO.

---

7. Configure Network and Boot Options

1. Once the server boots into Netboot.xyz, manually configure the network interface:
   • Use the details from your hosting provider (IP address, netmask, gateway, DNS).
2. Select the OS you want to install from the Netboot.xyz menu.
3. For certain OSes (e.g., Ubuntu), you might need to reselect the network interface during installation.

---

8. Install the OS

Follow the installation prompts to complete the OS setup. After installation, the server will reboot into the newly installed operating system.

---

Troubleshooting Common Issues

• Java Viewer Doesn’t Launch: Ensure you have the latest version of Java installed, or try an alternative IPMI viewer.
• ISO Fails to Mount: Verify the ISO file and re-upload it if necessary.
• Post-Installation Access Issues: Double-check your network configuration during setup (IP, gateway, DNS).

---

Advanced Options for Power Users

1. Automate ISO Booting:

   ipmitool -I lanplus -H <IP> -U <User> -P <Password> chassis bootdev pxe options=persistent
   

2. Unattended Installations: Use preseed or kickstart files with Netboot.xyz for fully automated OS installations.

---

Additional Resources

• IPMITool Documentation: Command-line management for IPMI.
• Netboot.xyz Documentation: Comprehensive guides for network-based OS installations.
• PXE Booting Overview: Learn about network booting and automation.

---

Tips for a Smooth Installation

• Document Everything: Keep a record of network configurations and steps for future reference.
• Prepare for Hiccups: IPMI is powerful but can be finicky—be patient and ready to troubleshoot.
• Backups are Key: Always back up critical data before making server changes.

---

Conclusion

Using IPMI to install an OS may feel intimidating at first, but with the right approach and tools like Netboot.xyz, it becomes a straightforward process. This guide is designed to help you navigate the challenges and get your server up and running with minimal hassle. Whether you’re a beginner or a seasoned sysadmin, mastering IPMI will enhance your remote server management capabilities.

Happy configuring! 🚀

Descomprimir archivos en Linux desde la consola

En modo gráfico tenemos el gestor de archivadores para facilitarnos la vida. Pero, ¿cómo tratar con archivos comprimidos o empaquetados como los tgz, tar, bz2 o rar en la consola?

TAR

Se trata de un archivo que combina varios archivos en uno, no hay compresión de datos. Para extraer el contenido usamos el comando tar con los flags x (extract, extraer) y f (file, desde un archivo), y opcionalmente v (verbose) para mostrar por pantalla el proceso o vv para mostrar no solo los archivos y carpetas creadas, sino información sobre estas.

tar xvf archivo.tar

GZ

Se trata de un archivo comprimido con gzip. Para descomprimir utilizamos el comando gzip con el flag -d (descomprimir) o bien el comando gunzip, que no es más que un enlace a gzip.

gunzip archivo.gz
gzip -d archivo.gz

TGZ, TAR.GZ

Un archivo empaquetado con tar y comprimido con gunzip. Se descomprime de la misma forma que los tar, añadiendo el flag z para indicarle que use gzip para descomprimir.

tar xvzf archivo.tar.gz

BZ2

Archivo comprimido con bzip2. Para descomprimir se usa el comando bzip2 con el flag -d (descomprimir) o bien el comando bunzip2, que no es más que un enlace a bzip2.

bunzip2 archivo.bz2
bzip2 -d archivo.bz2

TAR.BZ2

Similar a los archivos tar.gz, pero se usó bzip2 para comprimirlo. Para descomprimir se usa también tar, con el flag j en lugar de z:

tar xvjf archivo.tar.bz2

ZIP

Archivo comprimido con zip. Se descomprime usando el comando unzip:

unzip archivo.zip

RAR

Formato propietario de RarLab, creadores del famoso Winrar. Normalmente el comando rar no está instalado en el sistema

sudo aptitude install rar

Se descomprime con el flag -x (eXtract, extraer)

rar -x archivo.rar

linux command cheat sheet

Basic Syntax for Find command :

find (name/size/type/access or modified date) ..argument ..argument

Search for file ending .conf
find /etc/ -name *.conf

Search for directories ending with *conf
find /etc/ -type d -name *conf

Search for files ending with .doc and accessed in last 24 hours(or 1 day)
find /home/xyzuser/ -name *.doc -atime -1

Find files modified by minutes
Syntax : find /path/ -mmin

Find files 10 minutes ago
find /etc/ -mmin -10

Find files more then 10 minutes ago
find /etc/ -mmin +10

Find files modified between 10 to 20 minutes ago
find /etc/ -mmin +10 -mmin -20

Find files modified in past 2 days(48 hours)
find /etc/ -mtime -2

Search for files owned by xyz user
find /etc/ -type f -user xyz

Search for directories and change permission to 755
find /home/xyz.com/public_html/ -type d -exec chmod -v 755 {} \;

These are find command example used by every admin most frequently.

For further reading do
man find or man 1 find

Linux Detecting / Checking Rootkits with Chkrootkit and rkhunter Software

Q. Most rootkits use the power of the kernel to hide themselves, they are only visible from within the kernel. How do I detect rootkits under CentOS or Debian Linux server?

A.. A rootkit is a program (or combination of several programs) designed to take fundamental control (in Unix terms "root" access, in Windows terms "Administrator" access) of a computer system, without authorization by the system's owners and legitimate managers.

Detecting rootkits under Linux

You can try the following tools to detect Linux rootkits:

WARNING! These examples should run from Live CD (Linux Live Security CD) for the best result.

Zeppoo Software

Zeppoo - Zeppoo allows you to detect rootkits on i386 and x86_64 architecture under Linux, by using /dev/kmem and /dev/mem. Moreover it can also detect hidden tasks, connections, corrupted symbols, system calls and so many other things. Download source code here

Chkrootkit Software

Chkrootkit - chkrootkit is a tool to locally check for signs of a rootkit. Type the following command to install chkrootkit
$ sudo apt-get install chkrootkit
Start looking for rootkits, enter:
$ sudo chkrootkit
Look for suspicious strings, enter:
$ sudo chkrootkit -x | less
You need to specify the path for the external commands used by chkrootkit such as awk, grep and others. Mount /mnt/safe using nfs in read-only mode and set /mnt/safe binaries PATH as trusted one, enter:
$ sudo chkrootkit -p /mnt/safe

rkhunter software

rkhunter - rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. rkhunter is a shell script which carries out various checks on the local system to try and detect known rootkits and malware. It also performs checks to see if commands have been modified, if the system startup files have been modified, and various checks on the network interfaces, including checks for listening applications. Type the following command to install rkhunter:
$ sudo apt-get install rkhunter
The following command option tells rkhunter to perform various checks on the local system:
$ sudo rkhunter --check
The following command option causes rkhunter to check if there is a later version of any of its text data files:
$ sudo rkhunter --update
The following option tells rkhunter which directories to look in to find the various commands it requires:
$ sudo rkhunter --check --bindir /mnt/safe

Recommended readings:

• man pages - rkhunter and chkrootkit
• rkhunter Project home page
• chkrootkit Project home page

Setting Up ProFtpd with MySQL

Prerequisites : MySQL 5 & PHP 5

Download proftpd source

wget ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/ftp.proftpd.net/distrib/source/proftpd-1.3.1.tar.gz
tar xzvf proftpd-1.3.1.tar.gz
cd proftpd-1.3.1 
Configure using:
install_user=root install_group=wheel ./configure --with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql --with-includes=/usr/include/mysql/ --with-libraries=/usr/lib/mysql/ --enable-timeout-linger --enable-timeout-stalled --sysconfdir=/etc --localstatedir=/var --prefix=/usr 
make & make install

Create the /etc/init.d/proftpd as

#!/bin/sh # $Id: proftpd.init,v 1.1 2004/02/26 17:54:30 thias Exp $ # # proftpd This shell script takes care of starting and stopping # proftpd. # # chkconfig: - 80 30 # description: ProFTPD is an enhanced FTP server with a focus towards \ # simplicity, security, and ease of configuration. \ # It features a very Apache-like configuration syntax, \ # and a highly customizable server infrastructure, \ # including support for multiple 'virtual' FTP servers, \ # anonymous FTP, and permission-based directory visibility. # processname: proftpd # config: /etc/proftp.conf # pidfile: /var/run/proftpd.pid # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 [ -x /usr/sbin/proftpd ] || exit 0 RETVAL=0 prog="proftpd" start() { echo -n $"Starting $prog: " daemon proftpd RETVAL=$? echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd } stop() { echo -n $"Shutting down $prog: " killproc proftpd RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd } # See how we were called. case "$1" in start) start ;; stop) stop ;; status) status proftpd RETVAL=$? ;; restart) stop start ;; condrestart) if [ -f /var/lock/subsys/proftpd ]; then stop start fi ;; reload) echo -n $"Re-reading $prog configuration: " killproc proftpd -HUP RETVAL=$? echo ;; *) echo "Usage: $prog {start|stop|restart|reload|condrestart|status}" exit 1 esac exit $RETVAL

chmod 755 /etc/init.d/proftpd

Create /etc/proftpd.conf file as

ServerName "FTP Server" ServerType standalone ServerIdent on "Servers identifying string" DeferWelcome on DefaultServer on DisplayLogin .welcome # Textfile to display on login DisplayConnect .connect # Textfile to display on connection DisplayChdir .firstchdir # Textfile to display on first changedir UseReverseDNS off IdentLookups off Port 21 Umask 002 MaxInstances 15 MaxClientsPerHost 3 "Only ٪m connections per host allowed" MaxClients 30 "Only ٪m total simultanious logins allowed" MaxHostsPerUser 1 User nobody Group nobody ScoreboardFile /var/proftpd/proftpd.scoreboard AllowStoreRestart on AllowRetrieveRestart on RequireValidShell off PathDenyFilter "\\.ftp)|\\.ht)[a-z]+$" DefaultRoot ~ DenyFilter \*.*/ # Some logging formats LogFormat default "٪h ٪l ٪u ٪t \"٪r\" ٪s ٪b" LogFormat auth "٪v [٪P] ٪h ٪t \"٪r\" ٪s" LogFormat write "٪h ٪l ٪u ٪t \"٪r\" ٪s ٪b" # Define log-files to use TransferLog /var/log/proftpd/proftpd.xferlog ExtendedLog /var/log/proftpd/proftpd.access_log WRITE,READ write ExtendedLog /var/log/proftpd/proftpd.auth_log AUTH auth ExtendedLog /var/log/proftpd/proftpd.paranoid_log ALL default SQLLogFile /var/log/proftpd/proftpd.mysql # Set up authentication via SQL # =========== AuthOrder mod_sql.c SQLAuthTypes Backend #=========================== # CHANGE THE FOLLOWING LINE TO REFLECT YOUR INSTALLATION #=========================== SQLConnectInfo proftpd_admin@localhost proftpd proftpd #=========================== SQLUserInfo usertable userid passwd uid gid homedir shell SQLGroupInfo grouptable groupname gid members SQLUserWhereClause "disabled=0 and (NOW()<=expiration or expiration=-1 or expiration=0)" # Log the user logging in SQLLog PASS counter SQLNamedQuery counter UPDATE "lastlogin=now(), count=count+1 WHERE userid='٪u'" usertable # logout log SQLLog EXIT time_logout SQLNamedQuery time_logout UPDATE "lastlogout=now() WHERE userid='٪u'" usertable # display last login time when PASS command is given SQLNamedQuery login_time SELECT "lastlogin from usertable where userid='٪u'" SQLShowInfo PASS "230" "Last login was: ٪{login_time}" # xfer Log in mysql SQLLog RETR,STOR transfer1 SQLNamedQuery transfer1 INSERT "'٪u', '٪f', '٪b', '٪h', '٪a', '٪m', '٪T', now(), 'c', NULL" xfer_stat SQLLOG ERR_RETR,ERR_STOR transfer2 SQLNamedQuery transfer2 INSERT "'٪u', '٪f', '٪b', '٪h', '٪a', '٪m', '٪T', now(), 'i', NULL" xfer_stat # Normally, we want users to do a few things. <Global> AllowOverwrite yes <Limit ALL SITE_CHMOD> AllowAll </Limit> </Global>

mkdir /var/log/proftpd/
Create /etc/logrotate.d/proftpd as 

/var/log/proftpd/*log { compress missingok postrotate test -f /var/lock/subsys/proftpd && /usr/bin/killall -HUP proftpd endscript } /var/log/proftpd/proftpd.mysql { compress missingok postrotate test -f /var/lock/subsys/proftpd && /usr/bin/killall -HUP proftpd endscript }

Dowload proFTPd Administrator (http://proftpd-adm.sourceforge.net/)

cd /var/www/html

wget http://mesh.dl.sourceforge.net/sourceforge/proftpd-adm/proftpd_admin_v1.2.tar.gz

tar xzvf proftpd_admin_v1.2.tar.gz

rm proftpd_admin_v1.2.tar.gzmv proftpd_admin_v1.2/ proftpd_admin/

cd proftpd_admin

edit misc/database_structure_mysql

and change the last 3 lines according to the credentials you have set in /etc/proftpd.conf and then :

mysql -u root -p < misc/database_structure_mysql/db_structure.sql

chmod o+w /var/www/html/configuration.xml

Edit misc/user_script/create_user.sh to

#!/bin/bash USER=$1 USER_ID=$2 GROUP_ID=$3 mkdir -p --mode=775 /ftp/$USER chown $USER_ID.$GROUP_ID /ftp/$USER

Then :

chown -R root.root /var/www/html/proftpd_admin/misc/user_script
chmod 700 -R /var/www/html/proftpd_admin/misc/user_script

edit /etc/sudoers files and add the following 2 lines at the end

# Cmnd alias specification
Cmnd_Alias CREATE_USER = /var/www/html/proftpd_admin/misc/user_script/create_user.sh

# User privilege specification
apache ALL=(ALL) NOPASSWD: CREATE_USER

Also make sure that Defaults requiretty is commented out

Securing Installation of Proftpd Admin

vi /etc/httpd/conf.d/dirSecurity.conf

# Secure proftpd_directory both by ip and password <Directory "/var/www/html/proftpd_admin"> deny from all Order deny,allow Allow from <any safe IP> AuthType Basic AuthUserFile /etc/httpd/conf/proftpd.htpasswd AuthName Administration require valid-user satisfy All </Directory>

Then execute

htpasswd -b -c /etc/httpd/conf/proftpd.htpasswd proftp <password>

/etc/init.d/httpd restart
/etc/init.d/mysqld restart
/etc/init.d/proftpd start

And point your browser to http://<server-ip>/proftpd-admin and supply the username & password you created.
Go to the Configure Tab and then the ProFTPd tab and set

Create user command: sudo /var/www/html/proftpd_admin/misc/user_script/create_user.sh