Posts in Category: rhce

Kerberos – A ‘Hello World’ example on CentOS/RHEL 7

Kerberos is a network authentication protocol that’s designed to allow machines to securely authenticate one another over a public network. In a typical Kerberos setup, there is a single Kerberos server and lots of kerberos clients. The Kerberos server is often referred to as the KDC server, where KDC is short for Key Distribution Center. Before you can implement kerberos, there are 2 key requirements that needs to be met:

  • all boxes must have fully qualified domain names
  • time needs to be accurately synced across all boxes

The best way to understand how kerberos works is to go through a working example. You can follow this example with this Kerberos vagrant project. In this vagrant project we have the following scenario:


Firewalld – Understanding Rich Rules on CentOS/RHEL 7

Rich rules are an additional feature of firewalld that allows you create more sophisticated firewall rules. For example:

  • whitelist an ip range with the exception of one ip that’s in this range.
  • reroute incoming request from one port, and forward it to another port. For example, you might want people to ssh into a box using port 4234 instead of the standard port 22, for improved security. then get firewalld to reroute this traffic to sshd daemon which is listening on port 22. In this scenario, there would be no actual services listening on port 4234, but firewalld will intercept them and forward it onto port 22.
  • limit how many incoming requests comes in per second/minute/hour/day.
  • write particular log entries into /var/log/messages when certain requests come through

You can follow along with this article by

Real world examples of using firewalld on CentOS/RHEL 7

Previously we gave a brief introduction to firewalld, but we are now going to walk through a few firewalld setups that’s often seen in the real world.

I have created a vagrant project that you can use to follow along in this tutorial. We will use the following demo setup throughout this article:

|                webserver.local                    |
|          +------------------------+               |
|          |  Apache (httpd daemon) |															

RHCE – Configure IPv6 addresses

An interface device usually has IPv4 address assigned to it. However you can assign an IPv6 address to it too. Here’s a step-by-step approach to do this. First you need to have a ip6 enabled ifcfg-* file (aka connection). Let’s first see what connections currently exist:

$ ls -l /etc/sysconfig/network-scripts/ifcfg-*
-rw-r--r--. 1 root    root    312 Jul 15 12:12 /etc/sysconfig/network-scripts/ifcfg-enp0s3
-rw-------. 1 vagrant vagrant 162 Jul 15 12:12 /etc/sysconfig/network-scripts/ifcfg-enp0s8
-rw-------. 1 vagrant vagrant 162 Jul 15 12:12 /etc/sysconfig/network-scripts/ifcfg-enp0s9
-rw-r--r--. 1 root    root    254 Sep 12  2016 /etc/sysconfig/network-scripts/ifcfg-lo

Another way to get this info is:

$ nmcli connection show
NAME           UUID                															

RHCE – Setting up Network Teaming in CentOS/RHEL 7

Network interfaces, e.g. eth0 and eth1, traditionally represents actual hardware inside your machine. These hardware components are commonly referred to as network adapters and they come in various shapes and sizes. Some network adapters have dual sockets.

CentOS assigns a user friendly name to these sockets (aka interfaces) called, eth0, eth1,….etc. You can view a full list of all the interfaces on you machine by running:

[root@localhost ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3:  mtu 1500 qdisc pfifo_fast state UP qlen 1000

RHCE – About this course

This course covers everything you need to know in order to pass the RedHat Certified Engineer (RHCE) exam. This course assumes you already are well versed with all the topics that are covered in RHCSA course.