Tuesday, September 24, 2013

List of Packages you need to install for RHCSA or RHCE exam

This is list of packages that you might need to install for the RHCSA/RHCE exam. All of these may not be needed - you need to figure out the ones that will help you finish the exam faster.
Please feel free to add any that you think need to be on this list!

After checking that the repository is working fine:
#yum install ....

Filesystem related:

1. gnome-disk-utility
2. system-config-lvm

SELinux related:


1. policycoreutils
2. policycoreutils-gui
3. policycoreutils-python
4. setroubleshoot*
//this one give you:
setroubleshoot
setroubleshoot-doc
setroubleshoot-plugins
setroubleshoot-server
5. yum install star
//although not related to selinux in a direct way, some may argue, this is a cmd that 
you could end up needing if the exam requires you to archive data using star
VNC related:

1. tigervnc
2. tigervnc-server
3. vinagre

Kickstart related:

1. system-config-kickstart

Virtualization/KVM related:

1. kvm
2. libvirtd
3. virt-manager

Share:

Monday, September 23, 2013

Monday, September 2, 2013

A quick look at some basic networking commands

http://vishalthakur.com


IFCONFIG

This command prints the information on the available network interfaces. You can use this command to look at the IP address that your interfaces are using, the subnet, broadcast address etc.
Sample output:
# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:AE:49:76 
          inet addr:10.10.10.8  Bcast:10.10.10.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:feae:4976/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19526 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3932 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1633624 (1.5 MiB)  TX bytes:564499 (551.2 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1776 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1776 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:539420 (526.7 KiB)  TX bytes:539420 (526.7 KiB)

In the above example, the IP address of eth0 (the Ethernet interface) is 10.10.10.8
You can also use this command to manually assign an IP address to an interface:
#ifconfig eth0 10.10.10.7 netmask 255.255.255.0

ROUTE

This command can be used to show the current gateway address that the network is using. You can also use this command to manually assign a gateway to the interface of your choice.
Sample output:
# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.10.10.0      *               255.255.255.0   U     0      0        0 eth0
default         10.10.10.1      0.0.0.0         UG    0      0        0 eth0

#route add default gw 10.10.10.1 eth0

HOSTNAME

This command can be used to print the current hostname of the machine.
You can also use this command to change the hostname of the machine but the change is not permanent – it does not survive a reboot.
#hostname
old_hostname
#hostname new_hostname
#hostname
new_hostname

Another way of achieving above results:
#echo “new_hostname” >> /proc/sys/kernel/hostname
#hostname
new_hostname

Changing the hostname permanently:

Change the hostname in the file /etc/sysconfig/network
Save the file with the new name and that'll do the job.

MANUALLY CHANGING THE IP ADDRESS OF A MACHINE

You can change/assign IP addresses to your Linux machine by changing the interface file manually. The file that holds that information is:
ifcfg-‘interface’
Eg. ifcfg-eth0
To see what the configuration is, run this command:
#cat /etc/sysconfig/network-scripts/ifcfg-eth0 (to see the IP configuration of eth0, in this case).
Sample output:
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:0C:29:AE:49:76
TYPE=Ethernet
UUID=c906df68-4958-447e-8993-d6bf07aef7f4
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=10.10.10.8
NETMASK=255.255.255.0
GATEWAY=10.10.10.1
DNS1=8.8.8.8

Some important attributes from this file:

DEVICE – this specifies the actual device, like eth0, eth1, lo etc.
ONBOOT – this tells the machine to activate the interface while its being turned on or leave it deactivated till its manually brought up by the user
BOOTPROTO – very important, this decides whether the  IP is manually assigned or is assigned dynamically by DHCP (change it to DHCP for that)
DNS1 – this defines the DNS that the machine is going to be using (in this example its using google’s DNS, which is free service provided by google)
Make sure you restart the network service everytime the config file is changed.
#service network restart
Share:

CREATING CUSTOM REPOSITORIES

http://vishalthakur.com

Creating Local Repositories

Step 1. Mount the source to the local system

Mount the source DVD/CD or ISO file to the local system using this cmd:
Example:
# mount –o loop /source-dvd.iso /media

Step 2. Copy the source to the local media.

Example:
# mkdir /localrepo
#cp –R /media/* /localrepo

Step 3. Create a repo file for the local repo:

Example:
#vi /etc/yum.repod/local.repo
This will open up a new blank file in vi editor. Include this text in the file and save it:
[LocalRepo]
name=local-repo
baseurl=file:///localrepo/media
enabled=1
gpgcheck=0

Step 4. Check the newly created reposiotry:

Running a quick update or installing a program from the repository is the fastest and best way of checking if its working fine.
# yum update
This cmd should update the repo database and you’ll see it coming back without any errors – this means the repo we just built is working fine.
# yum install java
If everything has been installed and configured correctly, this cmd should result in the installation of the latest (available) version of Java on your system.
All done!

Using Remote Repositories

Step 1. Find a repository that you would like to use

If you want to use a remote repository on a system that hasn’t got it enabled by default, it is possible to do so. You need to find out the specifics of that repository and then create a repo file to be used for that purpose.
For example, you can use a CentOS repo for a RHEL installation. It will work fine for most packages – some might not perform the way expected as this is a repo for a different repo, even if the source happens to be the same.

Step 2. Create the .repo file

For this example, we’ll create a CentOS repository
# vi /etc/yum.repos.d/centos.repo
Insert this text in the file and then save it:
[centos]
name=CentOS $releasever - $basearch
baseurl=http://ftp.heanet.ie/pub/centos/6/os/$basearch/
enabled=1
gpgcheck=0
Step 3. Check the repository
# yum install wget
If the repo is working fine, the program will be downloaded and installed on the system.
All done!
Share:

LOGICAL VOLUME MANAGER

http://vishalthakur.com

Creating Logical Volumes

Step 1. Create a physical volume.

Use this cmd to create a physical volume: pvcreate
Example:
# pvcreate /dev/sdb2
  Physical volume "/dev/sdb2" successfully created

Step 2. Create a Logical Volume Group.

Example:
# vgcreate my_grp /dev/sdb2
  Volume group "my_grp" successfully created

Step 3. Create a Logical Volume:

Example:
# lvcreate -n my_vol -l 100%FREE my_grp
  Logical volume "my_vol" created

Step 4. Create a filesystem on the newly created Logical Volume:

First check if it has been created successfully by running this command –
# lvs
  LV     VG     Attr      LSize  Pool Origin Data%  Move Log Cpy%Sync Convert
  my_vol my_grp -wi-a---- 10.21g 
Now that you’ve confirmed that, create a file system on it:
# mkfs.ext3 /dev/my_grp/my_vol
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
670432 inodes, 2677760 blocks
133888 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2743074816
82 block groups
32768 blocks per group, 32768 fragments per group
8176 inodes per group
Superblock backups stored on blocks:
               32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208

Writing inode tables: done                           
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 28 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

Step 5. Now you can go ahead and mount the system:

Example:
# mount /dev/my_grp/my_vol /kvm
Check if it has been mounted:
# df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sda3             16274852  10021100   5427028  65% /
tmpfs                   959328       228    959100   1% /dev/shm
/dev/sda1               297485     37250    244875  14% /boot
/dev/sda4             41280908   4004924  35179036  11% /kvm
/dev/sdb1             10088520    153596   9422456   2% /kvm2
/dev/sr0                989180    989180         0 100% /media/Oracle_Solaris-11_1-Live-X86
/dev/mapper/my_grp-my_vol                      10542696    157348   9849796   2% /kvm

Step 6. If you want to give a name to the new volume, do this:

# tune2fs -L logical_vol /dev/my_grp/my_vol
tune2fs 1.41.12 (17-May-2010)
Check if the label has been applied:
# dumpe2fs /dev/my_grp/my_vol | less
Filesystem volume name:   logical_vol
All done!
Share:

SELINUX BASICS

http://vishalthakur.com

MAC Vs DAC

DAC: Discretionary Access Control

DAC has been used as a form of access control in linux to enforce some sort of security related to information contained on a machine running linux. In this form of access control, information is secured based on permissions. Files and directories have a set of permissions that control what users or groups can get access to them.

MAC: Mandatory Access Control

MAC is at the heart of SELinux. MAC enforces security on all information that is present on a machine running linux in the form of contexts, which are applied to each and every file/dir, user and process.

Basics

SELinux implements MAC by contexts. Every file, directory, process and user has a context assigned to it and the contexts control what they have access to.
There are three main components of SELinux:
1.      Subject: this is the process
2.      Object: this is the file
3.      Action: this is what a subject can do to an object

Configuration

SELinux configuration file can be found in:
/etc/selinux/config
Sample file:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Changing SELinux Settings

Open the config file in a text editor.
Change SELINUX= to any of the following for desired mode:
SELINUX=enforcing (this the safest mode – SELinux is enforced)
SELINUX=permissive (in this mode, SELinux is not enforced, but all breaches are logged)
SELINUX=disabled (in this mode, SELinux is complete inactive – not recommended)

You need to restart the machine if changing from ‘enforcing’ to disabled’ or vice versa.

Some basic commands


#sestatus
This command prints basic information about the current status if SELinux on the machine.

Sample output:

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted


#getenforce
This command can be used for printing the current mode of SELinux. It will come back and print either of the following:
Enforcing
Permissive
Disabled
#setenforce
This command can be used to change the mode to ‘enforcing’ or ‘permissive’ by using the values 1 or 0 respectively.
#setenforce 1 (this sets it to ‘enforcing’)
#setenforce 0 (this sets it to ‘permissive’)
Share: