Installing sudo on HP-UX

1. check your OS and server architecture to know which package
to download. Use the uname command.
If it's an PA-RISC 2.0 architecture, you will normally see
something like this:
# uname -an
HP-UX darwin B.11.11 U 9000/800 1234567 unlimited-user license

else if it's an Itanium 2
# uname -an
HP-UX darwin B.11.31 U ia64 0987654321 unlimited-user license

From here you can see, the following
HP-UX   operating system name
darwin  hostname/system name
B.11.11 operating system release identifier
U       operating system version identifier
9000/800 	machine and model numbers
1234567  	machine identification number
unlimited-user operating system license level

2. Go to my favorite Porting and Archiving Centre for HP-UX
based in UK and search the needed packages. URL will be
http://hpux.connect.org.uk

3. Search for package name or description
4. For this tutorial, I will demonstrate how to install it
on a Itanium. Search for "sudo" and download the 
necessary package depending on your OS version and
architecture.If you will point your mouse on the HTTP or
FTP link, it will tell you to "Install
gettext,libiconv,zlib first"meaning those are the
dependencies required.

5. Download the following packages

gettext-0.18.1.1-ia64-11.23.depot.gz
libiconv-1.14-ia64-11.23.depot.gz
sudo-1.8.4p2-ia64-11.23.depot.gz
zlib-1.2.6-ia64-11.23.depot.gz

6. Move it to a specified folder if you want, then uncompress it
#gunzip *.gz

7. Install the package as follow:
swinstall -s /etc/sudo-1.8.4p1-hppa-11.23.depot \*
swinstall -s /home/darwin/libiconv-1.14-ia64-11.23.depot \*
swinstall -s /home/darwin/gettext-0.18.1.1-ia64-11.23.depot \*
swinstall -s /home/darwin/zlib-1.2.6-ia64-11.23.depot \*
swinstall -s /home/darwin/sudo-1.8.4p2-ia64-11.23.depot \*

Configuring sudo

1. Normally installation path will be on /usr/local as in files
will be in
/usr/local/bin/sudo
/usr/local/sbin/visudo
/usr/local/etc/sudoers

2. Add user or group in the sudoers using visudo
example

darwin ALL=(ALL) ALL
%group ALL=(ALL) ALL

3.To test if sudo works already, login as normal user and tried this
$ ls -l /usr/local/etc/sudoers
-r--r----- 1 root root  142 Apr 13 12:47 /usr/local/etc/sudoers
$ more /usr/local/etc/sudoers
/usr/local/etc/sudoers: Permission denied
$ sudo more /usr/local/etc/sudoers
Password:
darwin ALL=(ALL) AL
%system ALL=(ALL) ALL

From here can see, cannot display the file sudoers because the
file permission is for root only. When use "sudo", it is like
temporarily switching a normal user to root to see or
execute commands

Tip:
As default installation, sudo files will be on /usr/local,
so to make your life easier, add it in your path
export PATH=$PATH:/usr/local/bin:/usr/local/sbin

or to make it permanent, put it in your profile path
/home/darwin/.profile

Red Hat sponsored Fedora project managed to release 16th version of its Linux distribution, code-named “Verne”. Aside from package updates, it improve also in the areas of virtualization and cloud computing.

The official release notes can be found here, http://docs.fedoraproject.org/en-US/Fedora/16/html/Release_Notes/index.html

It is dedicated in memory of the creator of C programming language, and key developer of Unix OS, Dennis Ritchie.

HP-UX tutorial on a Linux website? why not…

To take a break, I decided to post a tutorial here on Creating and Extending LV on HP-UX. It’s better for me to post it here so it will serve my guide once I get my hands again on HP-UX servers. This is the one I used when my colleague asked me  to check if I can find a way to increase the Filesystem  of these servers.  Here it is:

To create the LV on HP-UX server

1.verify first if JFS is online (if online, no need to mount/unmount so no downtime)
# swlist -l product | grep -i online
OnlineJFS01           4.1.008        Online features of the VxFS File System

2. verify if there’s avail space
#bdf
#vgdisplay
e.g.
PE Size (Mbytes)            32              
Total PE                    8692    
Alloc PE                    4618    
Free PE                     4074

FreePE X PE Size = 4074  X 32 = 130GB

3. To create let say a 2GB
#lvcreate -L 2048 -n lv_back /dev/vg00
Logical volume “/dev/vg00/lv_back” has been successfully created with
character device “/dev/vg00/rlv_back”.
Logical volume “/dev/vg00/lv_back” has been successfully extended.
Volume Group configuration for /dev/vg00 has been saved in /etc/lvmconf/vg00.conf

4. create filesystem,
# newfs -F vxfs /dev/vg00/rlv_back
version 6 layout
2097152 sectors, 2097152 blocks of size 1024, log size 16384 blocks
largefiles supported

5.create dir and mountpoint
#mkdir /backup
#mount /dev/vg00/lv_back /backup

6.check the new LV
#bdf

To enable mirroring

1. verify status
# vgdisplay -v | grep PV

2. check LV
#lvdisplay -v /dev/vg00/lv_back

00125 /dev/dsk/c2t1d0s2       02242 current  
00126 /dev/dsk/c2t1d0s2       02243 current

only writing to c2t1d0s2

compare to others,

2. check LV
#lvdisplay -v /dev/vg00/lv_vol03
LE    PV1                     PE1   Status 1 PV2                     PE2   Status 2
00000 /dev/dsk/c2t1d0s2       00312 current  /dev/dsk/c2t0d0s2       00312 current

writing on both c2t1d0s2 and c2t0d0s2

3. to mirror

# lvextend -m 1 /dev/vg00/lv_back /dev/dsk/c2t0d0s2
The newly allocated mirrors are now being synchronized. This operation will
take some time. Please wait ….

Extend LV on HP-UX server
Since HP-UX server JFS is online, then we use this procedure

1. example, to extend 2G to 20GB
#lvextend -L 20480 /dev/vg00/lv_back
# fsadm -F vxfs -b 20480M /backup

2.verify
#bdf

If server has no online JFS, procedure as follows:
root@darwin-ux [/]
# umount /backup
root@darwin-ux [/]
# lvextend -L 20480 /dev/vg00/lv_back
Logical volume “/dev/vg00/lv_back” has been successfully extended.
Volume Group configuration for /dev/vg00 has been saved in /etc/lvmconf/vg00.conf
root@darwin-ux [/]
# extendfs -F vxfs /dev/vg00/rlv_back
root@darwin-ux [/]
# mount /dev/vg00/lv_back /backup
root@darwin-ux [/]
# bdf /backup
Filesystem          kbytes    used   avail %used Mounted on
/dev/vg00/lv_back  4194304   18118 3915182    0% /backup
root@darwin-ux [/]

Finally, put on /etc/fstab , so it will auto mount even after reboot

add:
/dev/vg00/lv_back /backup vxfs delaylog 0 2

Enjoy

My webhosting company have to do emergency migration to the new server with still no definite reasons and all my hyperlinks are all messed up. It seems my mysql DB was not properly migrated and web site traffic logs are not restored as well. My web traffic dropped significantly

The hosting need to point my site to the old server and still waiting for their permanent solution on this, or might as well change another hosting serve… too bad..I’m very disappointed

Sorry for the inconvenience …

Is it really hard for the webhosting company to restore wordpress to a new server? On my next post, I’ll post a how to, so please wait for it. thanks

-admin

10th day of the 10th month in 10th year, Ubuntu released 10.10 , a perfect date to denotes geekiness  at its best 1010101010 Kidding aside, here’s the excerpt

Coming from the Meerkat department
Some time ago a group of hyper-intelligent pan dimensional beings decided to finally answer the great question of Life, The Universe and Everything. To this end, a small band of these Debians built an incredibly powerful distribution, Ubuntu. After this great computer programme had run (a very quick 3 million minutes…or 6 years) the answer was announced. The Ultimate answer to Life, the Universe and
Everything is…42, and in its’ purest form 101010. Which suggests that what you really need to know is ‘What was the Question?’. The great distribution kindly pointed out that what the problem really was that no-one knew the question. Accordingly, the distribution designed a set of successors, marked by a circle of friends…to ultimately bring Unity to all things living…Ubuntu 10.10, to find the question to the ultimate answer.

Ubuntu team announced Ubuntu 10.10 with Codenamed “Maverick Meerkat”. Official announcement can be seen at https://lists.ubuntu.com/archives/ubuntu-announce/2010-October/000139.html.

As posted on LinuxMint Official website:

The team is proud to announce the release of Linux Mint 9 “Isadora”. Linux Mint 9 “Isadora” New features at a glance: New Software Manager 30,000 packages Review applications straight from the Software Manager APT daemon Visual improvements New Backup Tool Incremental backups, compression, integrity checks Backup/Restoration of the software selection Menu improvements Editable items Transparent menu Always start with favorites “Add to”…

http://www.linuxmint.com/blog/?p=1403

personal comment:

I had the chance to try Linux Mint 9 on my virtualbox yesterday after almost more than an hour of downloading (since I need to limit my download transfer to prioritize some of my movie downloads =) Anyway, after installing, I just felt that I’m just using a combination of Ubuntu and Opensuse. I like the ease of installation and it’s network backup tool, other than that,I find it very Ubuntuish , but still worth a try.

Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire.

Other definitions:
- Barnyard is an output system for Snort. Snort creates a special binary output format called unified. Barnyard reads this file, and then resends the data to a database backend. Unlike the database output plug-in, Barnyard manages the sending of events to the database and stores them when the database temporarily cannot accept connections.

-BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.

-Oinkmaster is a script that will help you update and manage your Snort rules.

Pre-requisites Softwares:

Mysql
mysql-bench
mysql-server
mysql-devel
mysqlclient10
php-mysql
httpd
gcc
pcre-devel
php-gd
gd
mod_ssl
glib2-devel
gcc-c++
libpcap-devel
php
php-pear
yum-utils

Assuming you already installed your latest 64-bit CentOS, configured important services like Apache,PHP and your mysql server, make sure your server packages are updated as well by issuing
#yum update

I. Installation of Snort

1. Download the lateset Snort source file on Snort’s official Site @ snort.org. As of this moment, the latest version is 2.8.6. You can find it at http://www.snort.org/downloads
   #wget  http://dl.snort.org/snort-current/snort-2.8.6.tar.gz
2. Go to your favorite root install directory (mine is /usr/local/src) and extract the file
   #tar zxvf snort-2.8.6.tar.gz
3. Compile. If you are using the 32-bit OS, it’s very rare that you encounter errors. For 64-bit, it’s quite pain In the ass, errors like libmysqlclient cannot be found since it will look for /lib/mysql instead of lib64/mysql. In order to solve that issue, you need to add extra parameters to your configure .

#cd snort-2.8.6
#./configure –with-mysql –enable-dynamicplugin –with-mysql-libraries=/usr/lib64/mysql
#make
#make install

1. Create snort user and group
   #groupadd snort
   #useradd –g snort snort –s /sbin/nologin
2. Create snort directory files
   #mkdir –p /etc/snort
   #mkdir –p /etc/snort/rules
   #mkdir /var/log/snort
3. Copy files on the root installation folder of snort to /etc/snort
   #cd etc/
   #cp * /etc/snort
4. Modify your snort.conf and make these changes, assuming your network is 192.168.1.0/24

var RULE_PATH /etc/snort/rules
var HOME_NET 192.168.1.0/24
var EXTERNAL_NET !$HOME_NET

Uncomment the lines (create if none):

output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128

1. Download the snort init file for easy management of snort service
   #cd /etc/init.d
   #wget http://www.freelinuxtutorials.com/freefiles/snort
   #chmod 755 snort
   #chkconfig snort on

II. Installation and Configuration of OinkMaster

Downloading the snort rules on the snort.org website is a little bit tricky. Even if you can sign up an account, you cannot directly download those rules and you’ll receive a  403 Forbidden error. There are ways to get it, you either get it by paying a subscription or get the registered user  release.

1. Download the OinkMaster source file in SourceForge @ oinkmaster.sourceforge.net
   #cd /usr/local/src
   # wget http://nchc.dl.sourceforge.net/project/oinkmaster/oinkmaster/2.0/oinkmaster-2.0.tar.gz
2. Extract the file and read the INSTALL file for details
   # tar zxvf oinkmaster-2.0.tar.gz
   #cd oinkmaster-2.0
   #less INSTALL
3. Copy oinkmaster.pl,oinkmaster.conf and oinkmaster.1  on your suitable directory
   #cp oinkmaster.pl /usr/local/bin
   #cp oinkmaster.conf /etc
   #cp oinkmaster.1 /usr/local/man/man1
4. Edit oinkmaster configuration, change the settings on the line “ url = <url> “. Download the snort rule same with your snort version.  Use snort –V to check.[root@FLT oinkmaster-2.0]# snort -V

,,_     -*> Snort! <*-
o”  )~   Version 2.8.6 (Build 38)
””    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team           Copyright (C) 1998-2010 Sourcefire, Inc., et al.
Using PCRE version: 6.6 06-Feb-2006

You will see line similar to:

url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/filename

e.g.

url = http://www.snort.org/pub-bin/oinkmaster.cgi/f8ff7c46785aac436c9f596059863b145d285abc/snortrules-snapshot-CURRENT.tar.gz

Save and exit

1. Assuming your rules directory is /etc/snort/rules. Update the rules by executing:
   # oinkmaster.pl –o /etc/snort/rules
2. Create a non-root user for schedule run of oinkmaster daily
   #group add oink
   #useradd –g oink oink –s /sbin/nologin
3. Create the crontab
   #su – oink
   $crontab –e

01 4 * * * /usr/local/bin/oinkmaster.pl -C /etc/oinkmaster.conf -C /etc/autodisable.conf -o /etc/snort/rules 2>&1 | mail -s “oinkmaster” darwin@freelinuxtutorials.com

This will run the oinkmaster daily @ 4:01AM and send email

You will see an email like this:

Loading /etc/oinkmaster.conf

Loading /etc/autodisable.conf

Downloading file from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-CURRENT.tar.gz… done.

Archive successfully downloaded, unpacking… done.

Setting up rules structures… done.

Processing downloaded rules… disabled 0, enabled 0, modified 0, total=8464

Setting up rules structures… done.

Comparing new files to the old ones… done.

[***] Results from Oinkmaster started 20100518 05:33:38 [***]

[*] Rules modifications: [*]

None.

[*] Non-rule line modifications: [*]

None.

[*] Added files: [*]

None.

III. Set-up database in MySQL

1. This will serve as database for snort to make it easy to look up on events and it is a requirement of the BASE monitoring tool

#mysql –u root –p

Mysql> create database snort;
mysql> GRANT CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort@localhost IDENTIFIED by ‘snortpass’;
mysql>exit

1. Execute the command below to create tables
   #mysql –u root –p snort < /usr/local/src/snort-2.8.6/schemas/create_mysql

IV. Install Barnyard

1. Download and extract barnyard#cd /usr/local/src
   # wget http://snort.org/dl/barnyard/barnyard-0.2.0.tar.gz
   #tar zxvf barnyard-0.2.0
2. Patch and configure for 64-bit. This is another pain in the ass, coz if you don’t patch the barnyard, you will get an error something like “ERROR: Invalid packet length:”#cd barnyard-0.2.0
   #wget http://www.snort.org/users/jbrvenik/Site/Code_files/barnyard.64bit.diff
   #patch –p1 < barnyard.64bit.diff
   You will something like this:

[root@FLT barnyard-0.2.0]# patch -p1 < barnyard.64bit.diff

patching file src/barnyard.h
patching file src/event.h

patching file src/input-plugins/dp_alert.h
patching file src/util.c
patching file src/util.h

1. Edit op_acid_db.c  and the line “mysql->reconnect = 1; “ below
   #cd /usr/local/src/barnyard-0.2.0/src/output-plugins
   #vi  op_acid_db.c
   From:
   LogMessage(“Lost connection to MySQL server.  Reconnecting\n”);
   while(mysql_ping(mysql) != 0)

To:
LogMessage(“Lost connection to MySQL server.  Reconnecting\n”);
mysql->reconnect = 1;
while(mysql_ping(mysql) != 0)

1. Compile# ./configure –enable-mysql  –with-mysql-libraries=/usr/lib64/mysql
   #make
   #make install
2. Copy barnyard.conf on /etc/snort
   #cp etc/barnyard.conf /etc/snort
3. Configure barnyard.conf. Change the ffg:
   from:
   config interface: fxp0
   to:
   config interface: eth0

   Add these lines if not existing, the database details should be same on the one you configure on your database.

output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user snort, password snortpass
output log_acid_db: mysql, database snort, server localhost, user snort, password snortpass, detail full

1. Create a waldo file for barnyard.a. Execute on the CLI and let it go until on the message “Not Using PCAP_FRAMES”, run it for few seconds and stop it by pressing Ctrl-c
   #snort –c /etc/snort/snort.conf

   b. Open another CLI and check your /var/log/snort, you will see files like :

   -rw-r–r– 1 root root    400 May 20 15:04 snort.alert.1274330319
   -rw-r–r– 1 root root   7484 May 20 15:04 snort.log.1274330319

c. Create a file barnyard.waldo and put this line
/var/log/snort snort.log 1274330319 0
Save and exit
We used 1274330319 as the 10 digit suffix on snort.log

8.  Copy the barnyard init file same as we did on snort.
#wget http://www.freelinuxtutorials.com/freefiles/barnyard
#chmod 755 barnyard
#chkconfig barnyard on

9. Start barnyard service
[root@FLT snort]# service barnyard startStarting Barnyard: Barnyard Version 0.2.0 (Build 32)
31165
[  OK  ]

V.  Install BASE

1. Install first the following packages used for graphing of BASE
   #pear install Image_Graph-alpha Image_Canvas-alpha Image_Color Numbers_Roman
2. Download and install ADODB
   #wget http://easynews.dl.sourceforge.net/sourceforge/adodb/adodb480.tgz
   #cd /var/www/
   # tar zxvf /usr/local/src/adodb480.tgz
3. Download and configure BASE
   #wget http://easynews.dl.sourceforge.net/sourceforge/secureideas/base-1.3.5.tar.gz
   #cd /var/www/html
   #tar –zxvf /usr/local/src/base-1.3.5.tar.gz
   # mv base-1.3.5/ base/
4. Copy base_conf.php.dist to base_conf.php
   #cp base_conf.php.dist base_conf.php
5. Edit base_conf.php and insert/edit the  parameters below:
   $BASE_urlpath = “/base”;
   $DBlib_path = “/var/www/adodb/ “;
   $DBtype = “mysql”;
   $alert_dbname = “snort”;
   $alert_host = “localhost”;
   $alert_port = “”;
   $alert_user = “snort”;
   $alert_password = “password on your snort DB”;
6. Access the sensor on your browser
   http://192.168.1.x/base
7. You should now see the BASE startup banner, click the “setup page” link and follow the instructions.
8. You can create an htaccess to secure the base directory if you want

V1.  Testing Snort

1. Create a simple rule under the /etc/snort/rules and named it as local.rules. Make sure the line below is  uncommented on snort.conf to make it work
   include $RULE_PATH/local.rules
2. Create local.rules and insert this line:
   alert tcp any any <> any 80 (msg: “Test web activity”;sid:1000001;)
3. Save and exit. Now restart your Snort and open a web browser,and go to any websites
4. You should see number of events with SID 1000001 indicating the your snort is working.  Just check the alert links and categories to verify your testing. You will see something like this: http://www.freelinuxtutorials.com/freefiles/base1.PNG
   http://www.freelinuxtutorials.com/freefiles/base2.PNG

Relaying to Gmail via smtp.gmail.com can be accomplished by configuring your Postfix with SASL authentication and TLS encryption.

The common errors you will encounter if sending from your postfix mail server failing to gmail.com domain but works in other domains are:

@/var/log/maillog
-Must issue a STARTTLS command first
-certificate verification failed for gmail.com:unable to get local issuer certificate
-Authentication Required. Learn more at 530 5.5.1 http://mail.google.com/support/bin/answer.py?

How to fix?

Assuming you already installed Postfix and everything works fine except sending to gmail smtps, here are the steps to follow:

1. Configure Postfix main configuration

a.vi /etc/postfix/main.cf

b. Add these lines:

smtp_sasl_security_options = noanonymous
relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd

c. Save and exit

2. Create /etc/postfix/sasl/passwd

a. Create a directory sasl under /etc/postfix and create a file passwd with contents below:

[smtp.gmail.com]:587 username@gmail.com:password

Save and exit

b. Change permission
#chmod 600 /etc/postfix/sasl/passwd

c. Create lookup table via postmap
#postmap /etc/postfix/sasl/passwd

Issuing that command will create passwd.db

3. Generate your own CA certificate

a. Change directory to /etc/pki/tls/certs

#cd /etc/pki/tls/certs

b.Create a key and test certificate in one file

#make hostname.pem

You will something like

[root@FLT certs]# make hostname.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 >  hostname.pem ; \
echo “”    >> hostname.pem ; \
cat $PEM2 >> hostname.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
……………………….++++++
…..++++++
writing new private key to ‘/tmp/openssl.z12084′
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:
Email Address []:

c. Fill-up the necessary information and copy the file on /etc/postfix as cacert.pem

#cp /etc/pki/tls/certs/hostname.pem /etc/postfix/cacert.pem

4. Restart the postfix service

#service postfix restart
5. Inspect now your postfix logs to see if it can send out mails now to gmail servers

A successful message states something like
May  3 17:35:00 FLT postfix/smtp[28244]: 0ABB61CE32A: to=<freelinuxtutorials@gmail.com>, relay=smtp.gmail.com[74.125.93.109]:587, delay=5, delays=0.41/0.02/2.7/1.8, dsn=2.0.0, status=sent (250 2.0.0 OK 1272879300 8sm8902550qwj.38)

The next big version of Ubuntu Linux OS has now arrived and if offers new exciting features for users like quicker boot speed on almost any machine, along with a social networking-oriented ” Me Menu”,Ubuntu Software Centre 2.0 for easier access to new software, and a slew of new cloud-based services courtesy of Ubuntu One — not to mention the Ubuntu One music store.
Ready for the ride. To see the technical overview, read more to ubuntu.com

I.Configure Master

1. edit /etc/mysql/my.cnf. We have to enable networking for MySQL,

I.Configure Master

1. edit /etc/mysql/my.cnf. We have to enable networking for MySQL,

#skip-networking

2. Add the following line to the my.cnf

server-id = 1
log-bin=/storage/lun0/db/mysql/FLTVM01-bin

3. restart mysql
#service mysqld restart

4.     log into the MySQL database as root and create a user with replication privileges:

#mysql -u root -p
mysql> GRANT REPLICATION SLAVE ON *.* TO ‘slaveuser’@'%’ IDENTIFIED BY ‘<some_password>’; (Replace <some_password> with a real password!)
mysql>FLUSH PRIVILEGES;

5. To accomplish identical data on both master and slave  server, prevent all writes on the master via Lock Tables & Show Log Position
mysql> FLUSH TABLES WITH READ LOCK;
mysql> SHOW MASTER STATUS;

NOTE: Keep this prompt running  in order for lock to be ACTIVE

e.g.

mysql> SHOW MASTER STATUS;
+——————–+———–+————–+——————+
| File               | Position  | Binlog_Do_DB | Binlog_Ignore_DB |
+——————–+———–+————–+——————+
| FLTVM01-bin.000051 | 444132144 |              |                  |
+——————–+———–+————–+——————+
1 row in set (0.00 sec)

mysql> exit

6. Dump Database

#mysqldump -u root -p<password> –lock-all-tables –all-databases > alldb.sql

7. Unlock Tables on the master after dumping

mysql> UNLOCK TABLES;

II. Configure Slave

1.Create Database

mysql -u root -p
Enter password:
CREATE DATABASE exampledb;
quit;

2. Restore Database

mysql -u root -p <password> exampledb < /path/to/alldb.sql

3. Configure Slave configuration, assuming master is 192.168.1.2,

server-id=2
master-host=192.168.1.2
master-user=slave_user
master-password=secret
master-connect-retry=60

4. Restart MySQL service
#service mysql restart

5. Issue command Slave Stop and Change master

#mysql -u root -p
Enter password:
mysql> SLAVE STOP;
mysql> CHANGE MASTER TO MASTER_HOST=’192.168.1.2′, MASTER_USER=’slaveuser’, MASTER_PASSWORD=’slavepass!’, MASTER_LOG_FILE=’FLTVM01-bin.000051′, MASTER_LOG_POS=444132144;

6. Start Slave

mysql> START SLAVE;
mysql>quit

7. Check for errors
#tail -f /var/log/mysqld.log

III. CHECKING & TESTING

status of the master can be known from mysql prompt:

mysql> SHOW MASTER STATUS;

and slave can be known by:

mysql> SHOW SLAVE STATUS;

To test:

1. On sample database on master, create table

Example:

mysql>use testdb;
mysql>CREATE TABLE example (
id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
data VARCHAR(100)       );

–> insert data on table

mysql> INSERT INTO example (data)  VALUES (‘Hello world’);

2. Check the Slave database and see if the following changes are replicated.
mysql>use testdb;
mysql> select * from example;