Saturday, February 8, 2014

Openstack::Three services you better start before installing openstack on Redhat/CentOS

Hey guys!
Thought I better share this personal experience with all of you.

Now, I'm not entirely sure that this needs to be done but I did find that having these three services 'on' or 'started' before the installation helps.

1. httpd
2. mysqld
3. sshd

Have all these daemons running before starting the install process.
Please note that I'm talking about the RDO version of Openstack - from the good folks at Redhat.

Also, be aware that it takes a while to complete the process after you run the 'packstack --allinone' cmd.


Linux::User Management

There are three important and essential commands:
1.      useradd: add a new user
2.      usermod: modify and existing user
3.      userdel: delete and existing user

To set a password for a user:
#passwd – use this cmd
-l :          locks the account
-u :         unlocks the account
-S:          shows the status of the account
-e:          forces the user to change passwd on next login
Important files:
/etc/passwd:     contains account info, including passwd
/etc/shadow:    contains account and password info, but encrypted
vipw:                    use to edit the passwd file
pwck:                   use to check the integrity of the passwd file

SUID:                    sets the user id of a file/dir  – used to allow users with non-root privs to change files that require root privs.
SGUI:                   sets the group ID of a file/dir – same purpose as SUID, but for groups.
Sticky Bit:            once set, this prevents a file being deleted by users even if they have the privs to modify the file.

SUID:                                                  4                                           u+s
GUID:                                                 2                                           g+s
Sticky                                                  1                                           +t

Friday, February 7, 2014

Tenable SecurityCenter::Admin login goes to config

Please try these steps:
-SSH to the Security Center host
- Stop Security Center
# service SecurityCenter stop
-back up the /opt/sc4/application.db file
# cd /opt/sc4
# cp application.db applicaiton.db.orig
-run the following command:
# /opt/sc4/support/bin/sqlite3 /opt/sc4/application.db "UPDATE Configuration SET value = 'no' WHERE name = 'FreshInstall' AND type = 64"
-start Security Center
# service SecurityCenter start

Please log into the Security Center, first as Org Head, then as admin. Please confirm that all settings are correct in the administrator account, that you can change the password, and that you can create other administrative accounts.


Nessus::Proxy and plugin update troubles

If you have a firewall on your network, you must allow outgoing access from the scanner to the following addresses via TCP port 443/https: ( (

Run your command line as administrator 

cd c:\program files\tenable\nessus net stop "Tenable Nessus"
nessus-fix --reset

Set your proxy if you have one (if not, skip these steps):
nessus-fix --secure --set proxy=%IP or Hostname of Proxy% 
nessus-fix --secure --set proxy_port=%Port of Proxy% 
nessus-fix --secure --set proxy_username=%Username of Proxy% 
nessus-fix --secure --set proxy_password=%Password of Proxy%

Nessus-fetch --register <activation code> 

After it finishes updating the plugins run this:
Nessusd -R
Net start "Tenable Nessus"

Tuesday, February 4, 2014

Redhat 7 :: what's new?

Long-awaited (they always are!) new version of RHEL is finally out as RHEL 7 beta and it's got a lot of new stuff (they always do)!

A quick look at some of the stuff that got me excited:

1. Linux Containers : this is huge - don't know what or how this will affect future dev regarding SELinux or if it will at all, at this time. Guess we'll have to stay tuned to Dan Walsh's Blog.

2. GNOME 3: havent tried it yet but from what I hear, it'll be, well, good to to look at!

3. Anaconda kickstart - Active Directory integration: not sure at what point I'll actually use this feature (depends on the systems environment and business needs, I guess) but I'm sure a lot of admins out there would'e wanted this for a long time.

4. OpemLMI: its very important this is not mistaken as a replacement for those devops apps like Chef or Puppet. Not much exists in terms of documentation or production experience regarding OpenLMI at this time.

5. XFS and BTRFS: both of these filesystems are now supported.

6. Dynamic Firewall: this has to be the most important new feature for me. It allows you to change rules on the fly - no need to stop and restart firewall. Well and truly 'firewalld'!

There are a lot of other new features and you can have a look at all of them at the link below. This post just gives you an idea of what's happening and of course, I've picked up what interests me here so do have a look at the official Redhat doc at:

What's new in RHEL 7?

Nothing new on KVM!