RHCSA exam prep recover root password

Your root password is lost and gone forever. Temporary video version without sound.[youtube][/youtube] Your sudo account has been blocked by an incompetent SA(System Administrator). This according to reports is often on the test. It takes 5 minutes to fix. Reboot your system and intervene on the kernel prompt. Press e to edit go down to […]

Read More →

The firewall project

Converting a fairly elaborate iptables based firewall with proprietary anti-spam scripts to the modern firewall-command architecture without revealing any IP. First lets take a look where we started: [root@instance-5 ~]# systemctl list-unit-files | egrep “iptables|firewall” firewalld.service masked iptables.service disabled                   This shows iptables as disabled but a […]

Read More →

Maria-db(mysql) two node installation with galera data replication

This is the first step toward unsupported installation of the NDC, New Data Cloud. To get the commercial version with full support, click here. This document takes you through the installation and creation of a two node database installation. This install was done in google compute engine but with the right band width will work […]

Read More →

Use TCP wrappers with care

Real life story.   DMZ based server dedicated to SFTP was configured with sshd rules in /etc/hosts.allow sshd : ALL@16.89.97.*:ALLOW sshd : ALL@14.251.*:ALLOW sshd : AAL@208.94.61.*:ALLOW Should have been: sshd : ALL@16.89.97.*:ALLOW sshd : ALL@14.251.*:ALLOW sshd : ALL@208.94.61.*:ALLOW That network was the firewall to the outside world. The end users were inconvenienced and the firewall […]

Read More →

Making sure what is configured to mount is mounted

Here is a script that uses some advanced awk commands to check that what is configured to be mounted in /etc/fstab is actually mounted. #!/bin/ksh ######################################################################### # fsrootreserve #HPUX_SCRIPTS=/opt/depots/scripts/system_build/HPUX #COMMON=/opt/depots/scripts/system_build/COMMON # Load common environment . /opt/scripts/env/.scriptenv.linux # set total variable for reserve blocks tot=0         echo “. Checking mount status of all […]

Read More →

DNS configuration checklist

BIND has always been a dark art. Recent configuration nuances made in the name of improving security have made things all the more fun. Here is a simple checklist that can avoid trouble and downed websites. Note that on RHEL6/CentOS/ and clones the /var/named/chroot structure has been made obsolete. Before starting cp /etc/named.conf /root  # […]

Read More →