Unable to Install mkpasswd on CentOS 6.4

I was surprised to find the mkpasswd utility missing from my new installation of CentOS 6.4.

Yum has a feature called whatprovides, which can be used to find out which installable package provides some feature, utility or file. The below demonstrates its use. You just need to prefix ‘*/’ to the utility name that your searching for.

[root@server ~]# yum whatprovides */mkpasswd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
base/filelists_db                                                                                                                     | 5.9 MB     00:00     
extras/filelists_db                                                                                                                   |  10 kB     00:00     
updates/filelists_db                                                                                                                  | 2.8 MB     00:00     
expect-5.44.1.15-4.el6.x86_64 : A program-script interaction and testing utility
Repo        : base
Matched from:
Filename    : /usr/bin/mkpasswd

[root@server ~]# 

The output shows us that the expect package contains the mkpasswd utility.

[root@server ~]# yum install expect

Now I can quickly and easily generate strong passwords from the Linux command line. For example, the following command produces a password using the default set of arguments.

[root@server ~]# mkpasswd
N5cZ8v*dq

A default password is 9 characters long. Each password will have at least 2 digits (numbers); 2 upper and 2 lowercase alphabetic characters; plus 1 special character, which in our example is an asterisk (‘*‘).

Keyboard Input and Arithmetic

Up to now, our scripts have not been interactive. That is, they did not require any input from the user. In this lesson, we will see how your scripts can ask questions, and get and use responses.

read

To get input from the keyboard, you use the read command. The read command takes input from the keyboard and assigns it to a variable. Here is an example:

#!/bin/bash

echo -n "Enter some text > "
read text
echo "You entered: $text"
       

As you can see, we displayed a prompt on line 3. Note that “-n” given to the echo command causes it to keep the cursor on the same line; i.e., it does not output a carriage return at the end of the prompt.

Next, we invoke the read command with “text” as its argument. What this does is wait for the user to type something followed by a carriage return (the Enter key) and then assign whatever was typed to the variable text.

Here is the script in action:

[me@linuxbox me]$ read_demo.bash
Enter some text > this is some text
You entered: this is some text

If you don’t give the read command the name of a variable to assign its input, it will use the environment variable REPLY.

The read command also takes some command line options. The two most interesting ones are -t and -s. The -t option followed by a number of seconds provides an automatic timeout for the read command. This means that the read command will give up after the specified number of seconds if no response has been received from the user. This option could be used in the case of a script that must continue (perhaps resorting to a default response) even if the user does not answer the prompts. Here is the -t option in action:

#!/bin/bash

echo -n "Hurry up and type something! > "
if read -t 3 response; then
    echo "Great, you made it in time!"
else
    echo "Sorry, you are too slow!"
fi
       

The -s option causes the user’s typing not to be displayed. This is useful when you are asking the user to type in a password or other security related information.

Arithmetic

Since we are working on a computer, it is natural to expect that it can perform some simple arithmetic. The shell provides features for integer arithmetic.

What’s an integer? That means whole numbers like 1, 2, 458, -2859. It does not mean fractional numbers like 0.5, .333, or 3.1415. If you must deal with fractional numbers, there is a separate program called bc which provides an arbitrary precision calculator language. It can be used in shell scripts, but is beyond the scope of this tutorial.

Let’s say you want to use the command line as a primitive calculator. You can do it like this:

[me@linuxbox me]$ echo $((2+2))

As you can see, when you surround an arithmetic expression with the double parentheses, the shell will perform arithmetic evaluation.

Notice that whitespace is not very important:

[me@linuxbox me]$ echo $((2+2))
4
[me@linuxbox me]$ echo $(( 2+2 ))
4
[me@linuxbox me]$ echo $(( 2 + 2 ))
4

Install Maven 3 on Linux Ubuntu 14.04

sudo apt-get remove maven*
wget http://apache.arvixe.com/maven/maven-3/3.2.3/binaries/apache-maven-3.2.3-bin.tar.gz
tar -zxf apache-maven-3.2.3-bin.tar.gz
sudo cp -R apache-maven-3.2.3 /usr/local
sudo ln -s /usr/local/apache-maven-3.2.3/bin/mvn /usr/bin/mvn
mvn –version

References:

http://java.dzone.com/articles/installing-maven-304-ubuntu
http://linuxg.net/how-to-install-apache-maven-3-2-1-on-ubuntu-14-04-linux-mint-17-and-their-derivative-systems/
http://maven.apache.org/download.cgi
http://www.sysads.co.uk/2014/05/install-apache-maven-3-2-1-ubuntu-14-04/

How To Protect Data in Flight

Accessing cloud-based resources, whether they be IaaS/PaaS/SaaS-based, is very convenient. With a browser and Internet connection, you are up and running. No driving to your work office, no need to log into the corporate network. Just open up your web browser and go. This convenience, however, comes with a security risk. All of your business work is conducted over an insecure communication network. Unlike your office network, where the network link between you and the data center is under corporate control and is physically secure, the cloud access link is over the Internet.

The wild, uncontrolled, used-by-everyone-in-the-world Internet. There are no guarantees about who else has (or does not have) access to your network communication link. In fact, from a security perspective, we assume that the cloud link (i.e., the Internet) is unsecured and hostile. Any sensitive or private information WILL be accessed by someone else. This is why we have a need to protect “data in flight.” The data may be safe once it gets to the cloud provider, but during the transmission we need to protect it and ensure it remains private. To ensure secure communication across the Internet, a key fundamental cloud security principle is to encrypt the data transmission whenever you engage with a cloud resource. In this blog we introduce the security concept of protecting “data in flight” and explain how it operates.

The good news is that this data in flight protection is easier that it sounds. Since just about all traffic is done via the web browser (HTTP protocol), all you have to do is ensure that the HTTPS protocol is used by default in your browser. This means that instead of using http://myurl…, make sure it uses https://myurl… .

Secure HTTP (HTTPS) is a security protocol. It uses a secure transport layer security mechanism called SSL, or its newer version TLS, to transmit HTTP traffic (i.e., your browser traffic) securely by encrypting the data. When HTTPS is used you can be certain that your confidential data (like your credit card information) is safe from eavesdropping. If someone does intercept all of your encrypted data, they won’t be able to decrypt it.

TLS (transport layer security) data encryption is based on two related but different encryption technologies called symmetric key encryption and asymmetric key encryption. Symmetric key encryption means that two users who wish to communicate must share the same encryption key to encrypt and decrypt a message. For example, if I encrypt a message with an encryption key-A, then the receiver of my encrypted message must have the same encryption key-A to decrypt the message.

Asymmetric key encryption is different. It uses two keys, a public key and a private key. The public key is distributed to anyone who wants to communicate with me. They encrypt their message with my public key and send it to me. When I receive it I use my private key to decrypt the message.

The advantage that the asymmetric encryption has is that initiating communication with a stranger is easy. Just use the person’s public key, which is usually obtained via a certificate authority. To initiate secure communication with symmetric encryption requires that the initiator somehow knows ahead of time what the symmetric key is, or must acquire it in a secure manner. That becomes impractical if the person is halfway around the world. However, symmetric key encryption does have one advantage over asymmetric encryption. Symmetric encryption is computationally faster than asymmetric encryption; in fact asymmetric encryption processing is about 1,000 times slower (http://​windowsitpro​.com/​s​e​c​u​r​i​t​y​/​s​y​m​m​e​t​r​i​c​-​v​s​-​a​s​y​m​m​e​t​r​i​c​-​c​i​p​hers). This is important because symmetric processing can speed up the transmission and processing of secured data.

The astute observer will note that the advantages and disadvantages of each encryption method are complementary. Therefore, TLS uses both techniques to securely transmit HTTP traffic. It uses asymmetric key encryption to initiate a secure communication link between the two parties. Once that secure link is established, TLS securely exchanges a symmetric key. Going forward, TLS uses the symmetric encryption technique for all data transmission. This maximizes performance while still ensuring safe and convenient access to cloud resources.

Key Management in the Cloud

In my previous cloud security blogs, I mentioned the need to use key-based encryption for protecting data. Whether the data is in flight (i.e., being transmitted) or at rest (i.e., stored), it must be encrypted to ensure confidentiality, integrity and availability. Managing encryption keys can be challenging. There are different key types (symmetric vs. asymmetric), key strengths (128-bit through 2048-bit and greater), key usage (privacy, key exchange, authentication and digital signature) and key encryption algorithms (AES, 3DES, SHA-1, SHA-2, MD5, etc). Furthermore, each data end point, like storage or server, requires an integration point that also needs to be managed. For example, for storage we need an encryption integration point for each storage medium (disk, SAN, NAS or tape).

To help manage all of these encryption security components cloud security managers should utilize a centralized Key Management System (KMS) solution. While it is possible to use specific, individual point solutions from different vendors to handle parts of the key management tasks, a centralized approach is most preferable and cost effective. In this blog, I will examine the components of a generic KMS and use an example from Amazon Web Services to illustrate how it can be implemented.

One item to note is that the industry for key management solutions is still evolving, therefore you will see various names, terms and acronyms being used: Enterprise Key Management (EKM), Enterprise Key Management System (EKMS) and Encryption Key Management (EKM). All of these refer to the same concept we call KMS.

A KMS consists of two main components, a core key management server and the end-target integration points.

KMS server

A mature KMS performs five functions through the core key management server:

1. Key Generation: a KMS must be able to generate symmetric and asymmetric keys of varying bit lengths. These parameters are determined via your security policies and configured through the tool’s administrative console.
2. Secure Storage: every key used for encryption must be well-protected and secured. This means encrypting the keys themselves. This is called key wrapping.
3. Key Lifecycle Tracking: a key has a lifespan and very specific stages or states that it goes through. A common key lifecycle used is from NIST’s SP800-57 Recommendation for Key Management — Part 1: General (Revision 3): pre-activation state, active state, deactivated state, destroyed state, compromised state and destroyed compromised state.
4. Backup Mechanism: if the sets of encryption keys are ever lost, then the encrypted data is lost. To protect yourself against this the KMS must provide a secure method for backing up the encryption keys.
5. Auditing: a mature KMS will make reporting and auditing easier by providing documentation of what keys are being used, for what purpose and who has access to them. This information is critical for regulation and compliance audits.

To provide even greater protection and security, a KMS may optionally use a Hardware Security Module (HSM). A HSM is a self-contained hardware appliance that stores keys in a physically tamper-resistant device. If the KMS uses a HSM, all keys are stored in the HSM exclusively. These two components communicate through a secure, encrypted network link. This extra level of security may be required of some businesses’ compliance audit.

End-Target Integration Points
The second component of a KSM is the end-target integration point where the encrypted data resides (usually a storage device) or where the data is being sent (usually a server). These can also be called “service agents.” It is the service agents that actually use the encryption keys to convert plaintext data into encrypted data and then store it on a storage device, and then reverse the process when the data is accessed or transmitted. In order to use a KMS you must ensure that the end target has a service agent that can interoperate with the KMS. Not every KMS has support every storage device and/or server platform. Usually it is the KMS provider that provides the service agents to support a variety of storage/server devices.

Key Management in the Cloud
It is possible to extend a KMS solution that is in your data center to include IT components residing in the cloud. However, it is more convenient to use a cloud-based KMS, especially if the cloud provider offers one directly. This is the case with Amazon Web Services (AWS). As part of their IaaS offering, they have a KMS service where key management for all cloud data is performed right in the cloud environment. This ensures maximum performance and throughput since the key distribution and processing is done close to where the data resides. Just as important, a cloud provider-based KMS solution integrates natively with their storage, server and database IaaS offering. In AWS, you can use key encryption through their KMS to store encrypted data on NAS disks (EBS), on tape (Glacier), in a database (RDS/Oracle, RDS/SQL), warehouse (RedShift), on a per file basis (S3) and for Windows/Linux servers (EC2). AWS takes care of integrating the key encryption regardless of where or how you store your data. AWS also offers the equivalent of a HSM called CloudHSM where the encryption keys are stored on a physically tamper-resistant device for greater protection.

Using a cloud based KMS, like AWS’ KMS, greatly eases the work and planning involved in protecting data at rest and data in flight. With a proper implementation IT operations in the cloud can be just as secure as any IT operations in a data center.

What is the difference between $@ and $* in shell script?

There are no difference between $* and $@, but there is a difference between "$@" and "$*".

$ cat 1.sh
mkdir "$*"

$ cat 2.sh
mkdir "$@"

$ sh 1.sh a "b c" d

$ ls -l
total 12
-rw-r--r-- 1 igor igor   11 mar 24 10:20 1.sh
-rw-r--r-- 1 igor igor   11 mar 24 10:20 2.sh
drwxr-xr-x 2 igor igor 4096 mar 24 10:21 a b c d

We gave three arguments to the script (a, b c and d) but in “$*” they all were merged into one argument a b c d.

$ sh 2.sh a "b c" d

$ ls -l
total 24
-rw-r--r-- 1 igor igor   11 mar 24 10:20 1.sh
-rw-r--r-- 1 igor igor   11 mar 24 10:20 2.sh
drwxr-xr-x 2 igor igor 4096 mar 24 10:21 a
drwxr-xr-x 2 igor igor 4096 mar 24 10:21 a b c d
drwxr-xr-x 2 igor igor 4096 mar 24 10:21 b c
drwxr-xr-x 2 igor igor 4096 mar 24 10:21 d

You can see here, that "$*" means always one single argument, and "$@" contains as many arguments, as the script had. “$@” is a special token which means “wrap each individual argument in quotes”. So a "b c" d becomes (or rather stays) "a" "b c" "d" instead of "a b c d" ("$*") or "a" "b" "c" "d" ($@ or $*).

Also, I would recommend this beautiful reading on the theme:

http://tldp.org/LDP/abs/html/internalvariables.html#ARGLIST

Commands to Check SSL cert’s validity and other details

1. Get complete available details of an SSL certificate

openssl x509 -text -in ssl.cert 

2. Who issued the certificate?

openssl x509 -noout -in ssl.cert -issuer

3. To whom the certificate was issued?

openssl x509 -noout -in ssl.cert -subject

4. To check the expiry date of SSL certificate

openssl x509 -noout -in ssl.cert -dates

5. To get SSL cert’s hash value

openssl x509 -noout -in ssl.cert -hash

6. To get SSL cert’s MD5 fingerprint

openssl x509 -noout -in ssl.cert -fingerprint

To check CSR: openssl req -noout -text -in new.csr 

To check key: openssl rsa -noout -text -in new.key 

Master-Slave Replication

Master-Slave Replication
Treselle Engineering June 6, 2014
669
VIEWS
Twitter Facebook Google +r LinkedIN
Master-Slave Replication
Table of Content [show]
Introduction

This blog covers the basics of how replication really works on the high level, and the configuration of Master-Slave replication. With this replication we can share load between Master and Slave (only read operations), take backups from Slave server without effecting the Master server.

Use Case

This use case describes replication and configuration of a Master-Slave replication.

What we need to do:

Theoretical explanation of how replication works.
Configuration of Master Server.
Configuration of Slave Server.
Solution

Before solving our use case, let’s get some pre-requisites satisfied.

Pre-requisites:
Minimum two Linux servers along with MySQL software should be installed.

Master ip: 192.168.0.1
Slave ip: 192.168.0.2
Theoretical explanation of how replication works:
Types of mysql replication:
Replication is based on events written to the binary log, which are read from master and then processed on the slave.

Statement Based Replication:
Replication work is based on propagation of SQL statements from master to slave. This is called statement-based replication. Often it called SBR, Which corresponds to the standard statement-based binary logging format.

Row Based Replication:
Replication based on row-based logging which changes binary logging logs in individual table row. This is known as row-based replication. It is also called as RBR. In row-based replication, the master writes events to the binary log that indicates how individual table rows are changed.

Mixed Based Replication:
The server can change the binary logging format in real time according to the type of event using mixed-format logging. When the mixed format is in effect, statement-based logging is used by default, but automatically switches to row-based logging in particular cases. Replication using the mixed format is often referred to as mixed-based replication or mixed-format replication.

So now let’s start with what is happening on the master. For replication to work, first and foremost, master needs to write replication events to a special log called binary log. The binary log file stores data that replication slave will be reading later. Whenever a replication slave connects to a master, master creates a new thread for the connection.

Slaves that are up to date will mostly be reading events that are still cached in OS cache on the master, so there will not be any physical disk reads on the master in order to feed binary log events to slave(s). However, when you connect a replication slave that is few hours or even days behind, it will initially start reading binary logs that were written hours or days ago – master may no longer have these cached, so disk reads will occur. If master does not have free IO resources, you may feel a bump at that point.

Now let’s see what is happening on the slave. When you start replication, two threads are started on the slave:

IO thread:
This process called IO thread connects to a master, reads binary log events from the master as they come in and just copies them over to a local log file called relay log. That’s all.

Even though there are only one thread reading binary log from the master and one writing relay log on the slave, very rarely copying of replication events is a slower element of the replication. There could be a network delay, causing a steady delay of few hundred milliseconds, but that’s about it.

To see IO thread status, just type “show slave status\G” on slave.

Master_Log_File – last file copied from the master (most of the time it would be the same as last binary log written by a master)
Read_Master_Log_Pos – This shows the position where binary log copied over the relay log on the slave.

SQL thread:
This process reads the events from a relay log stored locally on the replication slave and then applies them as fast as possible and it is a single thread.

To see SQL thread status, just type “show slave status\G” on slave.

Relay_Master_Log_File – The name of the master binary log file containing the most recent event executed by the SQL thread.
Exec_Master_Log_Pos – The position in the current master binary log file through which the SQL thread has read and executed.

SQL thread

Configuration of Master Server:
Take backup of database from Master server. The command to take consistent backup is given below:

1
# mysqldump -u$username -p$passwd DBname –single-transaction -R –triggers –quick –master-data=2 –flush-logs>/opt/mysqlbackup/MasterBackup.sql
Edit my.cnf file on the Master server to enable binary logging and set the server’s id.

1
#vi /etc/my.cnf
Add these lines under [mysqld] section:

1
2
log-bin=mysql-bin
server-id=1
Restart MySQL for the changes to take effect.

1
#/etc/init.d/mysqld restart
Login into MySQL as root user and create the slave user and grant privileges for replication.

1
2
3
mysql> GRANT REPLICATION SLAVE ON *.* TO ‘slave_user’@’192.168.0.2’ IDENTIFIED BY ‘your_password’;
mysql> FLUSH PRIVILEGES;
mysql> FLUSH TABLES WITH READ LOCK;
Now execute ‘SHOW MASTER STATUS’ command to get all the data we need.

Show master status

Note the current binary log and position. In our example, the Master server is currently on mysql- bin.00003 binary log and on position 239. Here Binlog_Do_DB means to capture the DB changes into binary file and Binlog_Ignore_DB means do not capture the DB changes into binary file and these are empty because we did not mentioned these parameters in my.cnf file.

Configuration of Slave Server:
Edit my.cnf file on the Slave server.

1
#vi /etc/my.cnf
Add these lines under the [mysqld] section:

1
2
3
server-id = 2
relay-log = mysql-relay-bin
log-bin = mysql-bin
Restart MySQL for the changes to take effect.

1
#/etc/init.d/mysqld restart
Now import the dump file that we exported from Master server.

1
# mysql -u root -p CHANGE MASTER TO
-> MASTER_HOST=’192.168.0.1′,
-> MASTER_USER=’slave_user’,
-> MASTER_PASSWORD=’your_password’,
-> MASTER_LOG_FILE=’mysql-bin.000003′,
-> MASTER_LOG_POS=239;
Note the values for each field. The MASTER_HOST is the private IP of the Master server, MASTER_USER is the user we created for replication, MASTER_PASSWORD is the password for the replication user, MASTER_LOG_FILE is the binary log that we recorded from the Master server status earlier, and MASTER_LOG_POS is the position the Master was in that we recorded.

Now start the slave thread on the Slave server.

1
mysql> START SLAVE;
Let’s make sure that replication is working with the ‘SHOW SLAVE STATUS’ statement:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
mysql> SHOW SLAVE STATUS\G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 192.168.0.1
Master_User: slave_user
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000003
Read_Master_Log_Pos: 314
Relay_Log_File: mysqld-relay-bin.000003
Relay_Log_Pos: 235
Relay_Master_Log_File: mysql-bin.000003
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 314
Relay_Log_Space: 235
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
If Slave_IO_Running and Slave_SQL_Running is YES then your replication is working fine.

Conclusion

One of the biggest advantages to have master-slave set up in MySQL is to be able to use master for all of the inserts and send some, if not all, select queries to slave. This will most probably speed up your application without having to diving into optimizing all the queries or buying more hardware.
Do backups from slave. That way site is not affected at all when doing backups. This becomes a big deal when your database has grown to multiple gigs and every time you do backups using mysqldump, site lags when table locks happen. For some sites, this could mean that site goes down for few secs to minutes. If we have slave, we just take slave out of rotation and run backups off the slave.
References

http://dev.mysql.com/doc/refman/5.5/en/replication-howto.html/
http://www.tecmint.com/how-to-setup-mysql-master-slave-replication-in-rhel-centos-fedora/

HOW TO INSTALL MYSQL ON UBUNTU/DEBIAN

12 December, 2007

• Ubuntu
• MySQL
• debian

It may seem easy for some, but for others, installing MySQL on Ubuntu or Debian Linux is not an easy task. This article explains to you how to install the MySQL Server and Client packages on a Ubuntu/Debian system.

First of all, make sure your package management tools are up-to-date. Also make sure you install all the latest software available.

sudo apt-get update
sudo apt-get dist-upgrade

After a few moments (or minutes, depending on the state of your system), you’re ready to install MySQL. ~ By default, recent Ubuntu/Debian systems install a MySQL Server from the 5-branch. This is a good thing, so don’t worry.

First, install the MySQL server and client packages:

sudo apt-get install mysql-server mysql-client

When done, you have a MySQL database read to rock ‘n roll. However, there’s more to do.

You need to set a root password, for starters. MySQL has it’s own user accounts, which are not related to the user accounts on your Linux machine. By default, the root account of the MySQL Server is empty. You need to set it. Please replace ‘mypassword’ with your actual password and myhostname with your actual hostname.

sudo mysqladmin -u root -h localhost password 'mypassword'
sudo mysqladmin -u root -h myhostname password 'mypassword'

Now, you probably don’t want just the MySQL Server. Most likely you have Apache+PHP already installed, and want MySQL to go with that. Here are some libraries you need to install to make MySQL available to PHP:

sudo apt-get install php5-mysql

Or for Ruby:

sudo apt-get install libmysql-ruby

You can now access your MySQL server like this:

mysql -u root -p

Have fun using MySQL Server.

How to Install Oracle Java JRE on Ubuntu Linux

This tutorial will cover the installation of 32-bit and 64-bit Oracle Java 7 (currently version number 1.8.0_25) JRE on 32-bit and 64-bit Ubuntu operating systems. These instructions will also work on Debian and Linux Mint. This article is intended for those who only want to install Oracle Java JRE on their Debian based Linux systems, such as Debian, Ubuntu and Linux Mint. Using this method you will only be able to run and execute Java programs and not be able to develop and program in Java. This article was created due to so many requests from other users who wanted to know how to only install Oracle Java JRE on their Ubuntu systems. I included a section on how to enable Oracle Java JRE in your web browsers as well using this method. These instructions will work on Debian, Ubuntu and Linux Mint.

Steps

1. 
   1
   Check to see if your Ubuntu Linux operating system architecture is 32-bit or 64-bit, open up a terminal and run the following command below.

   • Type/Copy/Paste: file /sbin/init
     • Note the bit version of your Ubuntu Linux operating system architecture it will display whether it is 32-bit or 64-bit.
   Ad
2. 
   2
   Check if you have Java installed on your system. To do this, you will have to run the Java version command from terminal.

   • Open up a terminal and enter the following command:
     • Type/Copy/Paste: java -version
   • If you have OpenJDK installed on your system it may look like this:
     • java version “1.7.0_15”
       OpenJDK Runtime Environment (IcedTea6 1.10pre) (6b15~pre1-0lucid1)
       OpenJDK 64-Bit Server VM (build 19.0-b09, mixed mode)
   • If you have OpenJDK installed on your system, you have the wrong vendor version of Java installed for this exercise.
3. 
   3
   Completely remove the OpenJDK/JRE from your system and create a directory to hold your Oracle Java JRE binaries. This will prevent system conflicts and confusion between different vendor versions of Java. For example, if you have the OpenJDK/JRE installed on your system, you can remove it by typing the following at the command line:

   • Type/Copy/Paste: sudo apt-get purge openjdk-\*
     • This command will completely remove OpenJDK/JRE from your system
   • Type/Copy/Paste: sudo mkdir -p /usr/local/java
     • This command will create a directory to hold your Oracle Java JDK and JRE binaries.
4. 
   4
   Download the Oracle Java JRE for Linux. Make sure you select the correctcompressed binaries for your system architecture 32-bit or 64-bit (which end in tar.gz).

   • For example, if you are on Ubuntu Linux 32-bit operating system download 32-bit Oracle Java binaries.
   • For example, if you are on Ubuntu Linux 64-bit operating system download 64-bit Oracle Java binaries.
   • Optional, Download the Oracle Java JDK/JRE Documentation
     • Select jdk-7u40-apidocs.zip
   • Important Information: 64-bit Oracle Java binaries do not work on 32-bit Ubuntu Linux operating systems, you will receive multiple system error messages, if you attempt to install 64-bit Oracle Java on 32-bit Ubuntu Linux.
5. 

   http://us-ads.openx.net/w/1.0/afr?auid=537735502&cb=1433620328819&url=http%3A%2F%2Fwww.wikihow.com%2FInstall-Oracle-Java-JRE-on-Ubuntu-Linux&c.width=665&c.height=82&c.tag_id=21083&c.taglink_id=32112&c.scale=1.0947368&c.url=http%3A%2F%2Fwww.wikihow.com%2FInstall-Oracle-Java-JRE-on-Ubuntu-Linux&c.params=&c.impression_type=26
   5
   Copy the Oracle Java binaries into the /usr/local/java directory. In most cases, the Oracle Java binaries are downloaded to: /home/“your_user_name”/Downloads.

   • 32-bit Oracle Java on 32-bit Ubuntu Linux installation instructions:
     • Type/Copy/Paste: cd /home/“your_user_name”/Downloads
     • Type/Copy/Paste: sudo cp -r jre-8u25-linux-i586.tar.gz /usr/local/java
     • Type/Copy/Paste: cd /usr/local/java
   • 64-bit Oracle Java on 64-bit Ubuntu Linux installation instructions:
     • Type/Copy/Paste: cd /home/“your_user_name”/Downloads
     • Type/Copy/Paste: sudo cp -r jre-8u25-linux-x64.tar.gz /usr/local/java
     • Type/Copy/Paste: cd /usr/local/java
6. 
   6
   Run the following commands on the downloaded Oracle Java tar.gz files.Make sure to do this as root in order to make them executable for all users on your system. To open a root terminal type sudo -s you will be prompted for your logon password.

   • 32-bit Oracle Java on 32-bit Ubuntu Linux installation instructions:
     • Type/Copy/Paste: sudo chmod a+x jre-8u25-linux-i586.tar.gz
   • 64-bit Oracle Java on 64-bit Ubuntu Linux installation instructions:
     • Type/Copy/Paste: sudo chmod a+x jre-8u25-linux-x64.tar.gz
7. 
   7
   Unpack the compressed Java binaries, in the directory /usr/local/java

   • 32-bit Oracle Java on 32-bit Ubuntu Linux installation instructions:
     • Type/Copy/Paste: sudo tar xvzf jre-8u25-linux-i586.tar.gz
   • 64-bit Oracle Java on 64-bit Ubuntu Linux installation instructions:
     • Type/Copy/Paste: sudo tar xvzf jre-8u25-linux-x64.tar.gz
8. 
   8
   Double-check your directories. At this point, you should have an uncompressed binary directory in /usr/local/java for the Java JDK/JRE listed as:

   • Type/Copy/Paste: ls -a
   • jre1.8.0_25
9. 
   9
   Edit the system PATH file /etc/profile and add the following system variables to your system path. Use nano, gedit or any other text editor, as root, open up /etc/profile.

   • Type/Copy/Paste: sudo gedit /etc/profile
   • or
   • Type/Copy/Paste: sudo nano /etc/profile
10. 
    10
    Scroll down to the end of the file using your arrow keys and add the following lines below to the end of your /etc/profile file:

    • Type/Copy/Paste:

      JAVA_HOME=/usr/local/java/jre1.8.0_25
      PATH=$PATH:$HOME/bin:$JAVA_HOME/bin
      export JAVA_HOME
      export PATH
11. 
    11
    Save the /etc/profile file and exit.
12. 
    12
    Inform your Ubuntu Linux system where your Oracle Java JRE is located.This will tell the system that the new Oracle Java version is available for use.

    • Type/Copy/Paste: sudo update-alternatives –install “/usr/bin/java” “java” “/usr/local/java/jre1.8.0_25/bin/java” 1
      • this command notifies the system that Oracle Java JRE is available for use
    • Type/Copy/Paste: sudo update-alternatives –install “/usr/bin/javaws” “javaws” “/usr/local/java/jre1.8.0_25/bin/javaws” 1
      • this command notifies the system that Oracle Java Web start is available for use
13. 
    13
    Inform your Ubuntu Linux system that Oracle Java JRE must be the default Java.

    • Type/Copy/Paste: sudo update-alternatives –set java /usr/local/java/jre1.8.0_25/bin/java
      • This command will set the Java runtime environment for the system
    • Type/Copy/Paste: sudo update-alternatives –set javaws /usr/local/java/jre1.8.0_25/bin/javaws
      • this command will set Java Web start for the system
14. 
    14
    Reload your system wide PATH /etc/profile by typing the following command:

    • Type/Copy/Paste: /etc/profile
    • Note your system-wide PATH /etc/profile file will reload after reboot of your Ubuntu Linux system
15. 
    15
    Test to see if Oracle Java was installed correctly on your system. Run the following commands and note the version of Java:
16. 
    16
    A successful installation of 32-bit Oracle Java will display:

    • Type/Copy/Paste: java -version
      • This command displays the version of Java running on your system
    • You should receive a message which displays:
      • java version “1.8.0_05”
        Java(TM) SE Runtime Environment (build 1.8.0_05-b18)
        Java HotSpot(TM) Server VM (build 24.45-b08, mixed mode)
17. 
    17
    A successful installation of Oracle Java 64-bit will display:

    • Type/Copy/Paste: java -version
      • This command displays the version of Java running on your system
    • You should receive a message which displays:
      • java version “1.8.0_25”
        Java(TM) SE Runtime Environment (build 1.8.0_05-b18)
        Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)