RHCSA studying. classroom.example.com 10.0.2.10 has a web server and /var/www/html/repo is where we want the yum repository to be. A little selinux problem with that in enforcing mode. yum -y install nmap ##our test dummy. The answer: chcon -R -t httpd_sys_content_t “/var/www/html/repo/” restorecon -R /var/www/html/repo Like magic yum then works.
Read More →Category: Networking
The firewall project
Converting a fairly elaborate iptables based firewall with proprietary anti-spam scripts to the modern firewall-command architecture without revealing any IP. First lets take a look where we started: [root@instance-5 ~]# systemctl list-unit-files | egrep “iptables|firewall” firewalld.service masked iptables.service disabled This shows iptables as disabled but a […]
Read More →Use TCP wrappers with care
Real life story. DMZ based server dedicated to SFTP was configured with sshd rules in /etc/hosts.allow sshd : ALL@16.89.97.*:ALLOW sshd : ALL@14.251.*:ALLOW sshd : AAL@208.94.61.*:ALLOW Should have been: sshd : ALL@16.89.97.*:ALLOW sshd : ALL@14.251.*:ALLOW sshd : ALL@208.94.61.*:ALLOW That network was the firewall to the outside world. The end users were inconvenienced and the firewall […]
Read More →Quick and dirty autofs script share
I run a large unix and linux server farm on the west coast. In the old days we had problems with scrip versions. The problem was we pushed scripts from a central server and inevitably due to network or space issues the updates did not happen reliably. In 2012 we opened up our unix management […]
Read More →Network install point httpd with Centos or RHEL6 using kickstart
Why set up a network install point? So you can do consistent Linux installations. Really so you can do the same installation over and over again and come out with consistent results. Today’s article is how to set up the install point and have it work. There is credit for the source article below but […]
Read More →DNS configuration checklist
BIND has always been a dark art. Recent configuration nuances made in the name of improving security have made things all the more fun. Here is a simple checklist that can avoid trouble and downed websites. Note that on RHEL6/CentOS/ and clones the /var/named/chroot structure has been made obsolete. Before starting cp /etc/named.conf /root # […]
Read More →Network Channel Bonding (teaming) RHEL 6.0
This procedure did not actually change very much from RHEL 5.0. Knowing the changes however are pretty critical to getting it right. Gone is the Administrator’s friend and potential cestpool, /etc/modpprobe.conf Its replaced by anything you want to load in /etc/modprobe.d Naming guidelines? Who needs them. Name the file anything you want. Procedure: Still pretty […]
Read More →