February 2020
M T W T F S S
« Jan    
 12
3456789
10111213141516
17181920212223
242526272829  

Categories

WordPress Quotes

What we plant in the soil of contemplation, we shall reap in the harvest of action.
Meister Eckhart
February 2020
M T W T F S S
« Jan    
 12
3456789
10111213141516
17181920212223
242526272829  

Short Cuts

2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (40)
Ansibile (19)
Apache (135)
Asterisk (2)
cassandra (2)
Centos (211)
Centos RHEL 7 (268)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (30)
Eassy (11)
ELKS (1)
EXCHANGE (3)
Fedora (6)
ftp (5)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
health (2)
horoscope (23)
Hyper-V (10)
IIS (15)
IPTABLES (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (7)
Ldap (5)
Linux (188)
Linux Commands (166)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (24)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (35)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (35)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
SFTP (1)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
swap (3)
TIPS on Linux (28)
tomcat (62)
Ubuntu (1)
Uncategorized (30)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.

Who's Online

21 visitors online now
7 guests, 14 bots, 0 members

Hit Counter provided by dental implants orange county

Install Postfix on Solaris 11

Install Postfix on Solaris 11

 

# Prepare compile environment
root@xxx:~/# cat /etc/release
Oracle Solaris 11.1 X86
root@xxx:~/# pkg install developer/gcc-45
root@xxx:~/# pkg install library/gnutls

# Disable sendmail
root@xxx:~/# svcadm disable svc:/network/smtp:sendmail

# get postfix from postfix sites
http://www.postfix.org/download.html

# Install postfix
root@xxx:~/# tar xf postfix-2.x.x.tar.gz
root@xxx:~/postfix-2.10.1# cd postfix-2.x.x
root@xxx:~/postfix-2.10.1# gmake clean
root@xxx:~/postfix-2.10.1# gmake makefiles MAKE=gmake CCARGS=’-DNO_NIS -DUSE_TLS -lssl -lcrypto’
root@xxx:~/postfix-2.10.1# gmake
root@xxx:~/postfix-2.10.1# gmake install

# start Postfix
root@xxx:~/postfix-2.10.1# postfix start

# Test postfix
root@xxx:~/postfix-2.10.1# postfix status
root@xxx:~/postfix-2.10.1# mail -s “Test email” your_name@your_domain.com

solaris: how to recover solaris 11 root password

solaris: how to recover solaris 11 root password

 

boot net -s
boot cdrom -s, if it ask username: root/solaris or root/password.

on x86, you need edit grub and append -s on kernel line.

after login. mount /dev/dsk/cxtxdxsx /a

if you use zfs for /, then zfs import
zfs list
zfs set mountpoint=/a rpool/ROOT/solaris
zfs mount -f rpool/ROOT/solaris
then edit /etc/shadow
remove the password section, let it looks likes.
root::15356::::::

don’t forget to reset the mountpoint back
zfs set mountpoint=/ rpool/ROOT/solaris

GRUB password solaris 11

GRUB password

Nowadays I’d say it’s hard to believe that anything is really secure.
Nevertheless one can keep going adding more and more barriers.
The idea is not to be selected as an easier path to attack.
But again, if someone is determined who can tell…

Despite this gave introduction, my goal is to repeat one known tiny bit:
Help preventing unauthorized GRUB configuration change by adding a password.
The method below isn’t for GRUB2 (the next generation), but for the older version.

Locate the grub menu file where to configure the password:

# bootadm list-menu
the location … is: /rpool/boot/grub/menu.lst
default 4
timeout 15

Invoke the grub binary to create the password.
Take note of the resulting encrypyted hash.

# /boot/grub/bin/grub

GNU GRUB  version 0.97  (640K lower / 65536K upper memory)
[ …

… ]

grub> md5crypt

Password: ***************
Encrypted: $1$…

grub> quit

Edit the grub menu file and include the generated password hash as shown below:

# head -7 /rpool/boot/grub/menu.lst
splashimage /boot/grub/splash.xpm.gz
foreground 343434
background F7FbFF
default 4
timeout 15
password –md5 $1$…
#———- ADDED BY BOOTADM – DO NOT EDIT ———-

That’s all what’s need for GRUB1.
For GRUB2 I’m still trying to learn how to do it.

Solaris 11 Network add

Solaris 11 coming with new feature and enhancement, one of it is NWAM (Network automagic) with NWAM you can create and save the network profile. In this post, I’ll blogging about how to configure your Solaris 11 Systems to used static IP Address.

Ok let’s start :
1. Switch From Automatic Network Configuration Mode to Manual Network Configuration Mode

# netadm enable -p ncp DefaultFixed

2. Verify that DefaultFixed profile is applied

# netadm list
netadm: DefaultFixed NCP is enabled;
automatic network management is not available.
'netadm list' is only supported when automatic network management is active.

3. Determine the interface that you want to configure

# dladm show-phys

4. I’ll configure the net0 interface

# ipadm create-ip net0
# ipadm create-addr -T static -a 192.168.56.200/24 net0/v4

5. Verify

# ipadm show-addr
ADDROBJ           TYPE     STATE        ADDR
lo0/v4            static   ok           127.0.0.1/8
net0/v4           static   ok           192.168.56.200/24
lo0/v6            static   ok           ::1/128
root@solaris:~# dladm show-link
LINK                CLASS     MTU    STATE    OVER
net0                phys      1500   up       --
net1                phys      1500   unknown  --

6. Add default route

# route -p add default 12.34.56.1

7. Add DNS Name Server

root@solaris:~# svccfg -s dns/client
svc:/network/dns/client> setprop config/nameserver = (8.8.8.8 8.8.4.4)
svc:/network/dns/client> listprop config
config                      application
config/value_authorization astring     solaris.smf.value.name-service.dns.client
config/nameserver          net_address 8.8.8.8 8.8.4.4
svc:/network/dns/client> exit
root@solaris:~#
root@solaris:~# svcadm refresh dns/client
root@solaris:~# svcadm restart dns/client

8. Set name service switch

root@solaris:~# svccfg -s name-service/switch
svc:/system/name-service/switch> setprop config/host = "files dns"
svc:/system/name-service/switch> listprop config
config                      application
config/default             astring     files
config/value_authorization astring     solaris.smf.value.name-service.switch
config/printer             astring     "user files"
config/host                astring     "files dns"
svc:/system/name-service/switch> exit

9. Testing

root@solaris:~# ping google.com
google.com is alive

That’s it..
In the next post I’ll blogging about how to configure IPMP on Solaris 11.

CentOS 6.8 ftp service installation and configuration based on local users and virtual users

CentOS 6.8 ftp service installation and configuration based on local users and virtual users

First, install ftp services

1, check whether the installation

# rpm -qa | grep ftp

ftp-0.17-54.el6.x86_64

vsftpd-2.2.2-21.el6.x86_64

2, if not installed to install

# yum -y install vsftp

# yum -y install ftp

/ / If the offline environment on the Internet to go ahead to download ftp rpm package for manual installation

3, ftp service command

# /etc/init.d/vsftpd start      Start the ftp service manually

service vsftpd start

# chkconfig vsftpd on           set to boot from the start

# service vsftpd stop

# service vsftpd restart

# service vsftpd status

Second, the allocation of ftp

1, configure the vsftpd configuration file

# vi /etc/vsftpd/vsftpd.conf

# Disable anonymous user anonymous login

anonymous_enable=NO

# Enable the local user to log in

local_enable=YES

# Make the logged-in user have write permission (upload, delete)

write_enable=YES

# Default umask

local_umask=022

# Save the log of the transfer log to /var/log/vsftpd.log

xferlog_enable=YES

xferlog_file=/var/log/vsftpd.log

xferlog_std_format=NO

# Enable ASCII mode

ascii_upload_enable=YES

# Enable the ASCII mode download

ascii_download_enable=YES

# Use port 20 to transmit data

connect_from_port_20=YES

# Welcome slogan

ftpd_banner=Welcome to use my test ftp server.

# The next three configurations are important
# Chroot_local_user set YES, then all users will be chroot by default,

# Also the user directory is limited to their own home, can not change the directory up.

# Chroot_list_enable Set YES to enable the chroot user list.

# If chroot_local_user is set to YES, then chroot_list_file

# Set the file, the user is not chroot (you can change the directory up)

# If chroot_local_user is set to NO, then chroot_list_file

# Set the file, the user is chroot (can not change the directory up)

chroot_list_enable=YES

# touch /etc/vsftpd/chroot_list New

chroot_list_file=/etc/vsftpd/chroot_list

use_localtime=YES

# Run on ipv4 in standalone mode

listen=YES

# PAM authentication service name, here is the default vsftpd, when the installation has been created vsftpd the pam file,

# In /etc/pam.d/vsftpd, according to the pam file settings, / etc / vsftpd / ftpusers

# File users will be prohibited from logging in ftp server, such as root so sensitive to the user, so you want to prohibit other users

# Log in, you can also add the user to /etc/vsftpd/ftpusers

pam_service_name=vsftpd

* Reboot vsftpd

# service vsftpd restart

Third, create a local user

Create a user

# useradd -d /home/ftpuser/zzp -s /sbin/nologin -M zzp123

Set the user to the folder

# chown -R username /home/ftpuser/zzp

Setting permissions

# chown -R 777 /home/ftpuser/zzp

Add a password

# passwd zzp

Fourth, create a virtual user

Install the Generating Tool for file-based authentication databases based on common files

# rpm -qa | grep db4-utils

# yum -y install db4-utils

Edit the virtual user account and password file, the odd-line user name, and even-action passwords

# vi /etc/vsftpd/vu.txt

test

1234

usernameN

passwordN

File-based database generation for authentication

# db_load -T -t hash -f /etc/vsftpd/vu.txt /etc/vsftpd/vu.db

Modify permissions

# chmod 600 /etc/vsftpd/vu.*

Modify the default VSFTP authentication mode, based on just generated file-based database

# vi /etc/pam.d/vsftpd.vu

auth      required  /lib64/security/pam_userdb.so db=/etc/vsftpd/vu

account  required  /lib64/security/pam_userdb.so db=/etc/vsftpd/vu

**note**:

1. The system acquiescence to read the document is /etc/pam.d/vsftpd This can also be added directly to the above content

2. 64-bit system may not recognize the path of pam_userdb.so db, it is necessary to write the full path, otherwise the time will be logged in ftp login login incorrect error 530

Create a system user that maps virtual users

# useradd  -d /home/vsftp/ftp -s /sbin/nologin -M vsftp

Create a virtual user profile directory

# mkdir /etc/vsftpd/conf.vu

Modify the VSFTP configuration file

# vi /etc/vsftpd/vsftpd.conf
anon_umask=022                                # file 644, folder 755
anonymous_enable=NO                      # Turn off anonymous logins
pam_service_name=vsftpd.vu               Modify the PAM authentication module (the system default is vsftpd)
guest_enable=YES                                # Allow the virtual user to log in
guest_username=vsftp                        # The system user who mapped the virtual user
user_config_dir=/etc/vsftpd/conf.vu    # The virtual user profile directory
pasv_enable=YES                                 # Passive mode
pasv_max_port=20999                        # Maximum port
pasv_min_port=20000                          # minimum port
xferlog_enable=YES
xferlog_std_format=YES
xferlog_file=/var/log/xferlog                # Log: record upload, download, delete, create
dual_log_enable=YES
vsftpd_log_file=/var/log/vsftpd.log       # Log: Server transfer log

Create the virtual user’s directory and configuration file

# mkdir /home/vsftp/ftp/username
# chmod 700 /home/vsftp/ftp/username
# chown vsftp.vsftp /home/vsftp/ftp/username
# vi /etc/vsftpd/conf.vu/username
write_enable=YES                        # The current virtual user write permission
anon_world_readable_only=NO               # Current virtual user download permissions
anon_upload_enable=YES                  # The current virtual user upload privilege
anon_mkdir_write_enable=YES             # Create the directory permissions for the current virtual user
anon_other_write_enable=YES              # Delete and rename permissions for the current virtual user
local_root=/bigdisk/ftp/username1       # Current virtual home directory
# chmod 600 /etc/vsftpd/conf.vu/*

Finally restart vsftpd

# service vsftpd restart

CentOS6.8 compiler installation Apache2.4.25, MySQL5.7.16, PHP5.6.29 initialization

CentOS6.8 compiler installation Apache2.4.25, MySQL5.7.16, PHP5.6.29
initialization

# Fixed IP address
vi /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes
BOOTPROTO=none
DNS1=202.96.209.133
IPADDR=192.168.159.68
PREFIX=24
GATEWAY=192.168.159.2

# The base library
yum groupinstall base
yum grouplist
yum groupinstall ‘Development tools’
yum groupinstall ‘Debugging Tools’
yum groupinstall ‘Compatibility libraries’

Apache

mkdir /app/src -p
cd /app/src/
wget -c http://mirrors.aliyun.com/apache/apr/apr-1.5.2.tar.gz
wget -c http://mirrors.aliyun.com/apache/apr/apr-util-1.5.4.tar.gz
wget -c http://mirrors.aliyun.com/apache/httpd/httpd-2.4.25.tar.gz
tar xf apr-1.5.2.tar.gz

apr
cd apr-1.5.2
./configure –prefix=/app/apr-1.5.2
make && make install
ln -sv /app/apr-1.5.2/ /app/apr

apr-util
cd ..
tar xf apr-util-1.5.4.tar.gz
cd apr-util-1.5.4
./configure –prefix=/app/apr-util-1.5.4 –
-with-apr=/app/apr-1.5.2/
make && make install
ln -sv /app/apr-util-1.5.4/ /app/apr-util

httpd
yum install pcre-devel zlib-devel openssl-devel -y
cd ..
tar xf httpd-2.4.25.tar.gz
cd httpd-2.4.25
./configure –prefix=/app/httpd-2.4.25 –with-apr=/app/apr-1.5.2/ \
–with-apr-util=/app/apr-util-1.5.4/ –enable-so –enable-deflate –enable-expires \
–enable-headers –enable-ssl –enable-rewrite –enable-mpms-shared=all \
–with-mpm=prefork –enable-mods-shared=most
make
make install

ln -sv /app/httpd-2.4.25/ /app/httpd
vi /etc/profile.d/httpd.sh
export PATH=/app/httpd/bin:$PATH
. /etc/profile.d/httpd.sh

ls /app/httpd/modules/

apachectl -t -D DUMP_MODULES
vi /app/httpd/conf/httpd.conf
ServerName localhost:80
apachectl start
netstat -tunlp | grep httpd
cp ./httpd /etc/init.d/httpd

pid?lock
vi /etc/init.d/httpd
apachectl=/app/httpd/bin/apachectl
httpd=${HTTPD-/app/httpd/bin/httpd}
prog=httpd
pidfile=${PIDFILE-/app/httpd/logs/httpd.pid}
lockfile=${LOCKFILE-/app/httpd/logs/httpd}
apachectl stop
chmod +x /etc/init.d/httpd
/etc/init.d/httpd start
chkconfig –list | grep httpd
chkconfig –add httpd
chkconfig –list httpd
chkconfig httpd on
chkconfig –list httpd

#!/bin/bash
#
# httpd        Startup script for the Apache HTTP Server
#
# chkconfig: – 85 15
# description: The Apache HTTP Server is an efficient and extensible  \
#          server implementing the current HTTP standards.
# processname: httpd
# config: /etc/httpd/conf/httpd.conf
# config: /etc/sysconfig/httpd
# pidfile: /var/run/httpd/httpd.pid
#
### BEGIN INIT INFO
# Provides: httpd
# Required-Start: $local_fs $remote_fs $network $named
# Required-Stop: $local_fs $remote_fs $network
# Should-Start: distcache
# Short-Description: start and stop Apache HTTP Server
# Description: The Apache HTTP Server is an extensible server
#  implementing the current HTTP standards.
### END INIT INFO

# Source function library.
. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/httpd ]; then
. /etc/sysconfig/httpd
fi

# Start httpd in the C locale by default.
HTTPD_LANG=${HTTPD_LANG-“C”}

# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=””

# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server
# with the thread-based “worker” MPM; BE WARNED that some modules may not
# work correctly with a thread-based MPM; notably PHP will refuse to start.

# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/app/httpd/bin/apachectl
httpd=${HTTPD-/app/httpd/bin/httpd}
prog=httpd
pidfile=${PIDFILE-/app/httpd/logs/httpd.pid}
lockfile=${LOCKFILE-/app/httpd/logs/httpd}
RETVAL=0
STOP_TIMEOUT=${STOP_TIMEOUT-10}

# The semantics of these two functions differ from the way apachectl does
# things — attempting to start while running is a failure, and shutdown
# when not running is also a failure.  So we just do it the way init scripts
# are expected to behave here.
start() {
echo -n $”Starting $prog: ”
LANG=$HTTPD_LANG daemon –pidfile=${pidfile} $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}

# When stopping httpd, a delay (of default 10 second) is required
# before SIGKILLing the httpd parent; this gives enough time for the
# httpd parent to SIGKILL any errant children.
stop() {
status -p ${pidfile} $httpd > /dev/null
if [[ $? = 0 ]]; then
echo -n $”Stopping $prog: ”
killproc -p ${pidfile} -d ${STOP_TIMEOUT} $httpd
else
echo -n $”Stopping $prog: ”
success
fi
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}

reload() {
echo -n $”Reloading $prog: ”
if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then
RETVAL=6
echo $”not reloading due to configuration syntax error”
failure $”not reloading $httpd due to configuration syntax error”
else
# Force LSB behaviour from killproc
LSB=1 killproc -p ${pidfile} $httpd -HUP
RETVAL=$?
if [ $RETVAL -eq 7 ]; then
failure $”httpd shutdown”
fi
fi
echo
}

# See how we were called.
case “$1″ in
start)
start
;;
stop)
stop
;;
status)
status -p ${pidfile} $httpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart|try-restart)
if status -p ${pidfile} $httpd >&/dev/null; then
stop
start
fi
;;
force-reload|reload)
reload
;;
graceful|help|configtest|fullstatus)
$apachectl $@
RETVAL=$?
;;
*)
echo $”Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest}”
RETVAL=2
esac

exit $RETVAL

MySQL

wget -c http://mirrors.sohu.com/mysql/MySQL-5.7/mysql-boost-5.7.16.tar.gz
wget -c https://cmake.org/files/v3.7/cmake-3.7.1.tar.gz
tar xf cmake-3.7.1.tar.gz
cd cmake-3.7.1
less README.rst
./bootstrap –prefix=/app/cmake-3.7.1
gmake
gmake install
cd ..
ln -sv /app/cmake-3.7.1/ /app/cmake
export PATH=/app/cmake/bin:$PATH
tar xf mysql-boost-5.7.16.tar.gz
cd mysql-5.7.16/
yum install ncurses-devel
cmake . -DCMAKE_INSTALL_PREFIX=/app/mysql-5.7.16 -DMYSQL_DATADIR=/app/mysql-5.7.16/data \
-DWITH_BOOST=/app/src/mysql-5.7.16/boost/ -DENABLED_LOCAL_INFILE=1 -DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci -DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_PARTITION_STORAGE_ENGINE=1
make
make install

cd /app/mysql-5.7.16
mkdir data
useradd mysql -M -s /sbin/nologin
chown mysql.mysql /app/mysql-5.7.16/ -R

mv /etc/my.cnf /etc/my.cnf.ori
bin/mysqld –initialize –user=mysql –basedir=/app/mysql-5.7.16/ –datadir=/app/mysql-5.7.16/data/
cp support-files/mysql.server /etc/init.d/mysqld
/etc/init.d/mysqld start
bin/mysql -uroot -p
ALTER USER root@localhost IDENTIFIED BY ‘root’;

PHP

cd /app/src
tar xf php-5.6.29.tar.gz
cd php-5.6.29
yum install libxml2-devel curl-devel libjpeg-devel libpng-devel freetype-devel
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum install libmcrypt-devel
./configure –prefix=/app/php-5.6.29 –with-apxs2=/app/httpd-2.4.25/bin/apxs \
–with-mysql –with-mysqli –enable-pdo –with-pdo-mysql –with-mysql-sock \
–enable-xml –with-libxml-dir –enable-sockets –with-curl \
–with-gd –enable-gd-native-ttf –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib \
–with-mcrypt –with-openssl –with-mhash –enable-zip –enable-mbstring –enable-mbregex \
–with-iconv –enable-static
make
make install
vi /app/httpd/conf/httpd.conf
DirectoryIndex index.php index.html
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

MySQL ERROR 1819 (HY000): Your password does not satisfy the current policy requirements !!

First you login with mysql -u root -p and check the current policy rules by:

# SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password_dictionary_file    |        |
| validate_password_length             | 5      |
| validate_password_mixed_case_count   | 1      |
| validate_password_number_count       | 1      |
| validate_password_policy             | MEDIUM |
| validate_password_special_char_count | 1      |
+--------------------------------------+--------+

Then you can change any of the above variables at your will:

# SET GLOBAL validate_password_length = 5;
# SET GLOBAL validate_password_number_count = 0;
# SET GLOBAL validate_password_mixed_case_count = 0;
# SET GLOBAL validate_password_special_char_count = 0;


[root@ ~]# /usr/bin/mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root:

The existing password for the user account root has expired. Please set a new password.

New password:

Re-enter new password:
The 'validate_password' plugin is installed on the server.
The subsequent steps will run with the existing configuration
of the plugin.
Using existing password for root.

Estimated strength of the password: 100
Change the password for root ? ((Press y|Y for Yes, any other key for No) : y

New password:

Re-enter new password:

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!

Change mysql root password on Centos7

dit the initial root password on install can be found by running

grep 'temporary password' /var/log/mysqld.log

http://dev.mysql.com/doc/refman/5.7/en/linux-installation-yum-repo.html


  1. systemd is now used to look after mySQL instead of mysqld_safe (which is why you get the -bash: mysqld_safe: command not found error – it’s not installed)
  2. The user table structure has changed.

So to reset the root password, you still start mySQL with --skip-grant-tables options and update the user table, but how you do it has changed.

1. Stop mysql:
systemctl stop mysqld

2. Set the mySQL environment option 
systemctl set-environment MYSQLD_OPTS="--skip-grant-tables"

3. Start mysql usig the options you just set
systemctl start mysqld

4. Login as root
mysql -u root

5. Update the root user password with these mysql commands
mysql> UPDATE mysql.user SET authentication_string = PASSWORD('MyNewPassword')
    -> WHERE User = 'root' AND Host = 'localhost';
mysql> FLUSH PRIVILEGES;
mysql> quit

6. Stop mysql
systemctl stop mysqld

7. Unset the mySQL envitroment option so it starts normally next time
systemctl unset-environment MYSQLD_OPTS

8. Start mysql normally:
systemctl start mysqld

Try to login using your new password:
7. mysql -u root -p

ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password:NO)

[root ~]# mysql -u root
ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password:NO)
Stop the service/daemon of mysql running
[root ~]# service mysql stop
mysql stop/waiting
Start mysql without any privileges using the following option; This option is used to boot up and do not use the privilege system of MySQL.
[root ~]# mysqld_safe –skip-grant-tables &
enter the mysql command prompt
[root ~]# mysql -u root
mysql>
Fix the permission setting of the root user ;
mysql> use mysql;
Database changed
mysql> select * from user;
Empty set (0.00 sec)
mysql> truncate table user;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql> grant all privileges on *.* to root@localhost identified by ‘YourNewPassword’ with grant option;
Query OK, 0 rows affected (0.01 sec)
*if you don`t want any password or rather an empty password

mysql> grant all privileges on *.* to root@localhost identified by ” with grant option;
Query OK, 0 rows affected (0.01 sec)*
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
Confirm the results:

mysql> select host, user from user;
+———–+——+
| host | user |
+———–+——+
| localhost | root |
+———–+——+
1 row in set (0.00 sec)
Exit the shell and restart mysql in normal mode.
mysql> quit;
[root ~]# kill -KILL [PID of mysqld_safe]
[root ~]# kill -KILL [PID of mysqld]
[root ~]# service mysql start
Now you can successfully login as root user with the password you set
[root ~]# mysql -u root -pYourNewPassword
mysql>

rhel7: Message “Error calling StartServiceByName for org.freedesktop.PolicyKit1: Timeout was reached” is coming on system after setting the hostname

hostnamectl set-hostname <hostname>
Error getting authority: Error initializing authority: Error calling StartServiceByName for org.freedesktop.PolicyKit1: Timeout was reached (g-io-error-quark, 24)
Also other commands fail:

[root@rhel7u2a ~]# systemctl restart sshd
Error getting authority: Error initializing authority: Error calling StartServiceByName for org.freedesktop.PolicyKit1: GDBus.Error:org.freedesktop.DBus.Error.TimedOut: Activation of org.freedesktop.PolicyKit1 timed out (g-dbus-error-quark, 20)
[root@rhel7u2a ~] #
Resolution
The permissions should be fixed:

chmod 644 /etc/passwd
chmod 000 /etc/shadow