I have come up with a workaround to get it working.

Edit this file

Mac:~ root# vi /usr/local/mysql/support-files/mysql.server


You then need to change this line (around line number 67)

bindir=./bin


to

bindir=/usr/local/mysql/bin


then try to start the server with

Mac:~ root# /usr/local/mysql/support-files/mysql.server start
Starting MySQL
. SUCCESS!


All working

You will see this error:

Mac:~ root# apachectl restart
/usr/sbin/apachectl: line 82: ulimit: open files: cannot modify limit: Invalid argument


This is due to an update that was released to patch Apache to version 2.2.15 to patch some vulnerabilities in it.

This error can be fixed by editing the ulimit line that is in the apachectl init script.

Fix the Error

1. Open the file
   Mac:~ root# vi /usr/sbin/apachectl
2. Find this line
   ULIMIT_MAX_FILES="ulimit -S -n `ulimit -H -n`"
3. Replace it with this line
   ULIMIT_MAX_FILES=""

This will fix the error and you will be able to start apache from the command line.

Description of tripwire “Open Source Tripwire software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems”

1. Install Tripwire

   Install tripwire from the yum repositories.

   [root@server ~]# yum install tripwire

2. Backup Original Configuration

   Backup original Tripwire configuration files before we make any changes.

   [root@server ~]# mkdir /home/user/tripwire_backup
   [root@server ~]# cp /etc/tripwire/twcfg.txt /home/user/tripwire_backup/twcfg.txt
   [root@server ~]# cp /etc/tripwire/twpol.txt /home/user/tripwire_backup/twpol.txt

3. Directory Checking

   Set Loose Directory Checking to true.

   [root@server ~]# vi /etc/tripwire/twcfg.txt

   Change

   LOOSEDIRECTORYCHECKING =false

   to

   LOOSEDIRECTORYCHECKING =true

4. Create Keys

   Create the keys for securing Tripwire.

   [root@server ~]# /usr/sbin/tripwire-setup-keyfiles

   ----------------------------------------------
   The Tripwire site and local passphrases are used to sign a  variety  of
   files, such as the configuration, policy, and database files.
    
   Passphrases should be at least 8 characters in length and contain  both
   letters and numbers.
    
   See the Tripwire manual for more information.
    
   ----------------------------------------------
   Creating key files…
    
   (When selecting a passphrase, keep in mind that good passphrases typically
   have upper and lower case letters, digits and punctuation marks, and are
   at least 8 characters in length.)
    
   Enter the site keyfile passphrase: <***secret-site-password***>
   Verify the site keyfile passphrase: <***secret-site-password***>
   Generating key (this may take several minutes)…Key generation complete.
    
   (When selecting a passphrase, keep in mind that good passphrases typically
   have upper and lower case letters, digits and punctuation marks, and are
   at least 8 characters in length.)
    
   Enter the local keyfile passphrase: <***secret-local-password***>
   Verify the local keyfile passphrase: <***secret-local-password***>
   Generating key (this may take several minutes)…Key generation complete.
    
   ----------------------------------------------
   Signing configuration file…
   Please enter your site passphrase: <***secret-site-password***>
   Wrote configuration file: /etc/tripwire/tw.cfg
    
   A clear-text version of the Tripwire configuration file:
   /etc/tripwire/twcfg.txt
   has been preserved for your inspection.  It  is  recommended  that  you
   move this file to a secure location and/or encrypt it in place (using a
   tool such as GPG, for example) after you have examined it.
    
   ----------------------------------------------
   Signing policy file…
   Please enter your site passphrase: <***secret-site-password***>
   Wrote policy file: /etc/tripwire/tw.pol
    
   A clear-text version of the Tripwire policy file:
   /etc/tripwire/twpol.txt
   has been preserved for  your  inspection.  This  implements  a  minimal
   policy, intended only to test  essential  Tripwire  functionality.  You
   should edit the policy file to  describe  your  system,  and  then  use
   twadmin to generate a new signed copy of the Tripwire policy.
    
   Once you have a satisfactory Tripwire policy file, you should move  the
   clear-text version to a secure location  and/or  encrypt  it  in  place
   (using a tool such as GPG, for example).
    
   Now run "tripwire --init" to enter Database Initialization  Mode.  This
   reads the policy file, generates a database based on its contents,  and
   then cryptographically signs the resulting  database.  Options  can  be
   entered on the command line to specify which policy, configuration, and
   key files are used  to  create  the  database.  The  filename  for  the
   database can be specified as well. If no  options  are  specified,  the
   default values from the current configuration file are used.

5. Initialise DB

   Initialize the Tripwire database. (A list of errors will be displayed these will be fixed later on)

   [root@server ~]# tripwire --init

   Please enter your local passphrase: <***secret-site-password***>
   Parsing policy file: /etc/tripwire/tw.pol
   Generating the database…
   *** Processing Unix File System ***
   ### Warning: File system error.
   ### Filename: /dev/kmem
   ### No such file or directory
   ### Continuing…
   ### Warning: File system error.
   ### Filename: /proc/ksyms
   ### No such file or directory
   ### Continuing…
   ### Warning: File system error.
   ### Filename: /dev/initctl
   ### No such file or directory
   ### Continuing…
   Wrote database file: /var/lib/tripwire/server.twd
   The database was successfully generated.

6. Fix Errors

   Fix the Tripwire database errors.

   Create a folder for the update process and change into that directory.

   [root@server ~]# mkdir /home/user/tripwire_update
   [root@server ~]# cd /home/user/tripwire_update

   This command will get all of the files that are causing problems because they dont exist and add them to a file which we will use to edit the policy file.

   [root@server ~]# tripwire --check | grep "Filename:" | awk {'print $2'} >> ./tripwire_errors

   Copy the policy file

   [root@server ~]# cp /etc/tripwire/twpol.txt /home/user/tripwire_update/twpol.txt

   Create the script that will automatically fix the errors listed in the tripwire_errors file created earlier and comment out the specific lines in the tripwire policy file.

   [root@server ~]# vi ./tripwire_fix_script.sh

   #!/bin/sh
    
       TWERR="./tripwire_errors"
       TWPOL="./twpol.txt"
    
       export IFS=$'\n'
       for i in $(cat $TWERR);
       do
           if grep $i $TWPOL
           then
               sed -i "s!$i!# $i!g" $TWPOL
           fi
       done

   Run the script.

   [root@server ~]# sh ./tripwire_fix_script.sh

   Now copy the update policy file back to the original location.

   [root@server ~]# cp /home/user/tripwire_update/twpol.txt /etc/tripwire/twpol.txt

   Update the tripwire database from the tripwire policy we have created.

   [root@server ~]# tripwire --update-policy -Z low /etc/tripwire/twpol.txt

   Parsing policy file: /etc/tripwire/twpol.txt
   Please enter your local passphrase: <***secret-local-password***>
   Please enter your site passphrase: <***secret-site-password***>
   ======== Policy Update: Processing section Unix File System.
   ======== Step 1: Gathering information for the new policy.
   ======== Step 2: Updating the database with new objects.
   ======== Step 3: Pruning unneeded objects from the database.
   Wrote policy file: /etc/tripwire/tw.pol
   Wrote database file: /var/lib/tripwire/server.twd

   Run a tripwire check.

   [root@server ~]# tripwire --check

   Parsing policy file: /etc/tripwire/tw.pol
   *** Processing Unix File System ***
   Performing integrity check…
   Wrote report file: /var/lib/tripwire/report/server-20090818-131022.twr
    
   Open Source Tripwire® 2.4.1 Integrity Check Report
    
   Report generated by:          root
   Report created on:            Tue 18 Aug 2009 13:10:22 BST
   Database last updated on:     Tue 18 Aug 2009 13:08:30 BST
    
   ===============================================================================
   Report Summary:
   ===============================================================================
    
   Host name:                    server
   Host IP address:              127.0.0.1
   Host ID:                      None
   Policy file used:             /etc/tripwire/tw.pol
   Configuration file used:      /etc/tripwire/tw.cfg
   Database file used:           /var/lib/tripwire/server.twd
   Command line used:            tripwire --check
    
   ===============================================================================
   Rule Summary:
   ===============================================================================
    
   -------------------------------------------------------------------------------
   Section: Unix File System
   -------------------------------------------------------------------------------
    
   Rule Name                       Severity Level    Added    Removed  Modified
   ---------                       --------------    -----    -------  --------
   Invariant Directories           66                0        0        0
   Temporary directories           33                0        0        0
   * Tripwire Data Files             100               0        0        1
   Critical devices                100               0        0        0
   User binaries                   66                0        0        0
   Tripwire Binaries               100               0        0        0
   Libraries                       66                0        0        0
   File System and Disk Administraton Programs
   100               0        0        0
   Kernel Administration Programs  100               0        0        0
   Networking Programs             100               0        0        0
   System Administration Programs  100               0        0        0
   Hardware and Device Control Programs
   100               0        0        0
   System Information Programs     100               0        0        0
   Application Information Programs
   100               0        0        0
   (/sbin/rtmon)
   Shell Related Programs          100               0        0        0
   Operating System Utilities      100               0        0        0
   Critical Utility Sym-Links      100               0        0        0
   Shell Binaries                  100               0        0        0
   Critical system boot files      100               0        0        0
   System boot changes             100               0        0        0
   OS executables and libraries    100               0        0        0
   Critical configuration files    100               0        0        0
   Security Control                100               0        0        0
   Login Scripts                   100               0        0        0
   Root config files               100               0        0        0
    
   Total objects scanned:  14663
   Total violations found:  1
    
   ===============================================================================
   Object Summary:
   ===============================================================================
    
   -------------------------------------------------------------------------------
   # Section: Unix File System
   -------------------------------------------------------------------------------
    
   -------------------------------------------------------------------------------
   Rule Name: Tripwire Data Files (/etc/tripwire/tw.pol)
   Severity Level: 100
   -------------------------------------------------------------------------------
    
   Modified:
   "/etc/tripwire/tw.pol"
    
   ===============================================================================
   Error Report:
   ===============================================================================
    
   No Errors
    
   -------------------------------------------------------------------------------
   *** End of report ***
    
   Open Source Tripwire 2.4 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
   trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
   for details use --version. This is free software which may be redistributed
   or modified only under certain conditions; see COPYING for details.
   All rights reserved.
   Integrity check complete.

7. Run a check

   [root@server ~]# /etc/cron.daily/tripwire-check

8. Update (Again)

   Update again to fix the error that will be displayed because we have updated the policy file. Change YYYYMMDD & HHMMSS to the date and time that you ran the first check. To find the latest one just do an ls-la on /var/lib/tripwire/report/

   tripwire --update --twrfile /var/lib/tripwire/report/server-YYYMMDD-HHMMSS.twr

9. Email Reports

   [root@server ~]# vi /etc/cron.daily/tripwire-check

   Change:

   test -f /etc/tripwire/tw.cfg &&  /usr/sbin/tripwire --check

   to

   test -f /etc/tripwire/tw.cfg &&  /usr/sbin/tripwire --check | /bin/mail -s "File Integrity Report (Tripwire) - servername" user@domain.tld

10. Directory Checking (Revert)

    Set Loose Directory Checking to false.

    [root@server ~]# vi /etc/tripwire/twcfg.txt

    Change

    LOOSEDIRECTORYCHECKING =true

    to

    LOOSEDIRECTORYCHECKING =false

11. Testing

    This will run the cron.daily tripwire check script and email out a report to the email address you have specified.

    [root@server ~]# /etc/cron.daily/tripwire-check

You now have a working tripwire setup, if any changes are made to your file system you will see them in the report that gets emailed out to you everyday. If you have made the changes dont forget to update, otherwise you will just see loads of errors and wont be able to tell if something is actually wrong.

I assume that you already have apache installed.

1. Create a Key Pair

   Create your site RSA private Key and CSR (Certificate Signing Request)

   [root@server ~]# openssl genrsa -des3 -out domain.tld.key 1024

   You will be asked to enter a pass phrase for the key, remember this as you will need it later.
   A key size of 1024 is used because it is stronger than 512. Anything over 1024 can cause problems with some browsers.

   This where you have to choose to either sign the certificate yourself or get it signed by a CA (Certification Authority)

   This next steps document how to get a certificate signed by a CA such as Thawte. If you want to sign it yourself jump to step 4.

2. Create a CSR

   Create a CSR (Certificate Signing Request)

   [root@server ~]# openssl req -new -key domain.tld.key -out domain.tld.csr

3. Sign the CSR (Signed by Signing Authority)

   You now have to send the generated CSR (Certificate Signing Request) to a CA (Certifying Authority) to be signed. Most CA’s will charge for this service. Once the CSR has been sent to them, using which ever method they prefer (Email, online form) they will the process it and send you a certificate back usually with a .crt extension. Once you have the domain.tld.key file and the domain.tld.crt file jump to part 5

4. Sign the CSR (Signed by Yourself)

   [root@server ~]# openssl req -new -x509 -nodes -sha1 -days 365 -key domain.tld.key -out domain.tld.crt

5. Configure Apache

   You now have your domain.tld.key (Key) file and your domain.tld.crt (Certificate) file. We will now need to configure Apache to use these.

6. Install MOD_SSL

   Install mod_ssl via the yum repos.

   [root@server ~]# yum install mod_ssl

7. Move the Key and Certificate

   Move the key and certificate. I usually create the directory “/etc/httpd/ssl” and then put my key and certificate in there.

   [root@server ~]# mkdir /etc/httpd/ssl
   [root@server ~]# mv domain.tld.key /etc/httpd/ssl/domain.tld.key
   [root@server ~]# mv domain.tld.crt /etc/httpd/ssl/domain.tld.crt

8. Configure Apache (Password needed to restart Apache)

   Configure apache to use the Certificate and Key.

   [root@server ~]# vi /etc/httpd/conf.d/ssl.conf

   Configure the following paths:

   SSLCertificateFile /etc/httpd/ssl/domain.tld.crt
   SSLCertificateKeyFile /etc/httpd/ssl/domain.tld.key

9. Restart Apache

   [root@server ~]# /sbin/service httpd restart

   You will be asked to enter a passphrase to start Apache, this is the password we typed right at the start for the Key. once you have typed the correct passphrase apache will startup using SSL.

10. Configure Apache (Password NOT needed to restart Apache)

    If you dont want to enter a passphrase to restart apache you have to remove the encryption.

    [root@server ~]# cp domain.tld.key domain.tld.key.org
    [root@server ~]# openssl rsa -in domain.tld.key.org -out domain.tld.key
    [root@server ~]# chmod 400 domain.tld.key

    This removes the encryption and sets the key to only be readable by root.

11. Restart Apache

    [root@server ~]# /sbin/service httpd restart

    You shouldnt now be prompted to enter a passphrase and Apache will start.

There is a CGI page included with your NAS that isnt documented anywhere. Luckily someone found it.

To enable SSH just navigate here: http://xxx.xxx.xxx.xxx/ssh_controlF.cgi

substitute xxx.xxx.xxx.xxx with internal IP of your NAS

When the device is rebooted, SSH will be disabled again.

See this link: http://h18006.www1.hp.com/products/servers/management/agents/index.html

HP only provide this software for a few Linux Distributions such as SUSE and RHEL, which are all paid for support / update OS’s.

I have managed to get this HP software working under Fedora to provide most if not all of the functionality you would normally. I have posted the instructions I have used below.

1. Update the system and reboot if needed

[root@server ~]# yum -y update

Trick the HP software so it thinks Redhat Enterprise is installed

2. Backup the redhat-release file

[root@server ~]# cp /etc/redhat-release /home/user/redhat-release.bak

3. Edit the redhat-release file

[root@server ~]# vi /etc/redhat-release

Replace “Fedora release XX (Xxxxxxxxxxxxx)” with “Red Hat Enterprise Linux ES release 5″

4. Change the posix version

[root@server ~]# export _POSIX2_VERSION=199209

5. Download the Proliant Support Pack (PSP) from the HP website.

6. Unzip the package that you have downloaded.

7. In the directory that was created there will be a installXX.sh script, run this and follow the on screen instructions.

Note: Some of the packages failed to install because of dependencies, you can install these but I found most of them can be ignored. The packages that didn’t install for me were the hp-snmp and hp-smh-templates packages. once the RPM’s were unzipped I tried a manual install using rpm -Uvh which failed due to dependencies. After checking the dependencies, i had the packages installed but the wrong lib versions, the software needs .so.10 and i had .so.15. so i just used rpm -Uvh –nodeps, the package installed and the software just worked.

8. Move the original redhat-release file back

[root@server ~]# mv /home/user/redhat-release.bak /etc/redhat-release

All done.

Now you should be able to browse to https://you-server-name:2381 and login with your root account. (Check firewall rules)

If you want to use this software you will need to open up a few ports on the firewall in front of your server.

Hope this helps as I know I have spent ages trying to work out why the virtual media would not work correctly, after opening up port 17988 it all worked fine.

C:\Program Files\Sun\VirtualBox>VBoxManage internalcommands setvdiuuid C:\ \disk01.vdi
Sun VirtualBox Command Line Management Interface Version 3.1.6
(C) 2005-2010 Sun Microsystems, Inc.
All rights reserved.

UUID changed to: 3abdc988-3095-4d36-8119-63ac11e7b3d8

All done.

Explaing naming conventions for HP Disks
/dev/cciss/c0d1

Now lets configure the array

[root@server ~]# /sbin/fdisk /dev/cciss/c0d1
 
The number of cylinders for this disk is set to 52299.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)
 
Command (m for help):

See if there are any arrays configured already

Command (m for help): p
 
Disk /dev/cciss/c0d1: 218.5 GB, 218501038080 bytes
255 heads, 32 sectors/track, 52299 cylinders
Units = cylinders of 8160 * 512 = 4177920 bytes
Disk identifier: 0x1680ee20
 
           Device Boot      Start         End      Blocks   Id  System
/dev/cciss/c0d1p1               1       52299   213379904    5  Extended

Delete the current partition

Command (m for help): d
Selected partition 1

Now there shouldnt be any partitions left

Command (m for help): p
 
Disk /dev/cciss/c0d1: 218.5 GB, 218501038080 bytes
255 heads, 32 sectors/track, 52299 cylinders
Units = cylinders of 8160 * 512 = 4177920 bytes
Disk identifier: 0x1680ee20
 
           Device Boot      Start         End      Blocks   Id  System

Creating a new disk

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-52299, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-52299, default 52299):
Using default value 52299

set the type

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 83

Check that everything has been done correctly

Command (m for help): p
 
Disk /dev/cciss/c0d1: 218.5 GB, 218501038080 bytes
255 heads, 32 sectors/track, 52299 cylinders
Units = cylinders of 8160 * 512 = 4177920 bytes
Disk identifier: 0x1680ee20
 
           Device Boot      Start         End      Blocks   Id  System
/dev/cciss/c0d1p1               1       52299   213379919+  83  Linux

write the changes

Command (m for help): w
The partition table has been altered!
 
Calling ioctl() to re-read partition table.
Syncing disks.

We now need to format the disk so that we can use it, I have chosen to use ext3.

[root@server ~]# /sbin/mkfs -t ext3 /dev/cciss/c0d1p1
mke2fs 1.41.3 (12-Oct-2008)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
13336576 inodes, 53344979 blocks
2667248 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
1628 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
        4096000, 7962624, 11239424, 20480000, 23887872
 
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
 
This filesystem will be automatically checked every 31 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

We will use the UUID (Universally Unique IDentifier) to reference the disk we have just created. To get the UUID we need to run the following command:

[root@server ~]# /lib/udev/vol_id -u /dev/cciss/c0d1p1
f5fff8af-f51f-4398-9e8f-dfb9e72ed362

Now we have to take the UUID and add it to the fstab. First create the directory you want the new storage to be mounted as, for this example I will use /storage01.

[root@server ~]# mkdir /storage01
[root@server ~]# vi /etc/fstab
 
#
# /etc/fstab
# Created by anaconda on Fri Feb 20 09:49:19 2009
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or vol_id(8) for more info
#
UUID=201df672-e84b-4495-bcdc-a76e1a5d91b8 /                       ext3    defaults        1 1
UUID=765f9b40-3f89-406c-a19a-5f4c47343a81 /boot                   ext3    defaults        1 2
UUID=f5fff8af-f51f-4398-9e8f-dfb9e72ed362 /storage01                ext3    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
UUID=cb67c89a-7888-4760-8023-78e6a5398085 swap                    swap    defaults        0 0

View the mounts

[user@server ~]$ df -kh
Filesystem            Size  Used Avail Use% Mounted on
/dev/cciss/c0d0p2      61G  1.5G   57G   3% /
/dev/cciss/c0d0p1      99M   20M   74M  22% /boot
/dev/cciss/c0d1p1     201G  188M  190G   1% /u01
tmpfs                 2.9G     0  2.9G   0% /dev/shm

You can look through the logins of users and work out who was logged in using the last command, but this takes a bit of time.

Wouldnt things be easier if you could have a timestamp next to the command when you execute the history command. Well you can, you just need to set one variable: HISTTIMEFORMAT.

HISTTIMEFORMAT takes format string of strftime. Check out the strftime manual to choose and construct the timestamp that suit your taste. I use “%F %T “, this outputs 2009-03-09 14:01.

Ok to illistrate how this works type

[user@server ~]$ history
    1  vi /etc/sysconfig/iptables
    2  su
    3  vi /etc/hosts
    4  ls
    5  su
    6  free -g
    7  yum search apache
    8  cat /proc/cpuinfo
    9  uname -r
   10  su

Now run this

[user@server ~]$ export HISTTIMEFORMAT="%F %T "

Now if you run the history command you get this

[user@server ~]$ history
    1  2009-03-09 16:43:20 vi /etc/sysconfig/iptables
    2  2009-03-09 16:43:20 su
    3  2009-03-09 16:43:20 vi /etc/hosts
    4  2009-03-09 16:43:20 ls
    5  2009-03-09 16:43:20 su
    6  2009-03-09 16:43:20 free -g
    7  2009-03-09 16:43:20 yum search apache
    8  2009-03-09 16:43:20 cat /proc/cpuinfo
    9  2009-03-09 16:43:20 uname -r
   10  2009-03-09 16:43:20 su

As you can see because these command were run before timestamps were stored they are all given the current date and time, after this they will be stamped correctly.

To make this permanente if you put the export into ~/.bash_profile as well as /root/.bash_profile. In case you do not have .bash_profile, you can choose to put into ~/.bashrc.