Posts Tagged Under: Redhat

Samba – How to set up a Samba client on CentOS/RHEL 7

If you have directories on your machine that you want to share out to other machines then you can do this by setting up your machine as an NFS server. However with NFS you can only share out folders to machine that are in the same private network. If you want share folders to other machines over the public internet, then that’s where you need to use the Samba/CIFS protocol. You can follow along this article using this vagrant project on Github.

We will walk through the following example:

+--------------------------+              +--------------------------+
|                        															

NFS – Set up private group folders

Let’s say you want to setup group folder that’s available via nfs. However this time only a particulat Linux group is allowed to have read+write access to this folder. You can do this by ensuring the exported folder is owned by a group, and then setup the SGID. You can follow along this article using this vagrant project on Github.

We will walk through the following example:

+--------------------------+              +--------------------------+
|                          |              |      															

NFS – How to set up an NFS client on CentOS/RHEL 7

Network Files System (NFS) is a protocol that let’s one Linux box (NFS server) to share a folder with another Linux box (NFS Client). On the NFS client this shared folder looks like just an ordinary folder. NFS only works in an internal network so you can share folders over the public internet.

This article doesn’t cover how to setup an NFS server, instead we will assume that we already have an NFS server already setup and we want to configure an NFS client to connect to it. We created a NFS vagrant project on github to help you following along with this example. In our example we have:

+--------------------------+              +--------------------------+
|      															

RHCE – Make websites more secure by setting up HTTPS and SSL/TLS for CentOS 7

So far we have configured web servers to allow connections via the http protocol. However http is not secure which is why it’s better to use https.

When using https, we actually encrypt all data traffic using Symmetric and Asymmetric Encryption.

To setup the above encryption system on our Apache server, we need to first to install the ssl addon module that will allow Apache to be able to communicate on the SSL/TLS layer:

$ yum install mod_ssl

Next we need to install the software that is used for generating public-private key-pairs, so that we can create a key-pair for our web server.

$ yum install openssl

Next we create the private key and it’s csr file. We generate the private key by running the following:

$ openssl genpkey -algorithm RSA -out cb.com.private.key -pkeyopt rsa_keygen_bits:2048
...+++
.......................................+++

Here,


System monitoring and reporting using sysstat and dstat on CentOS/RHEL 7

It’s often useful to measure and view various system utilisation metrics, such as for:

  • cpu
  • memory
  • disk
  • network

There are a lot of tools that can measure and collect these metrics, including:

  • dstat – suited for creating realtime reports
  • sysstat – suited for creating historical reports

dstat in action

Dstat shows realtime system utilisation data. First you need to install it:

$ yum install dstat

running dstat on it’s own gives a steady stream of output until you exit out:

[root@target man]# dstat
You did not select any stats, using -cdngy by default.
----total-cpu-usage---- -dsk/total- -net/total- ---paging-- ---system--
usr sys idl wai hiq siq| read  writ| recv  send|  in   out | int   csw
  0   0 100   0   0   0|  23k   53k|   0  															

RHCSA – About this Course

This course covers everything you need to know in order to pass the Red Hat Certified Systems Administrator (RHCSA) exam for RHEL 7.

Becoming RHCSA certified proves that you have developed a strong proficiency in RHEL. RHEL is short for “RedHat Enterprise Linux” and as the name suggests, it’s a Linux based Operating System. RHEL is not free, and is actually quite expensive, especially if you want to practice using RHEL at home. However there’s a free alternative of RHEL called CentOS.

CentOS is identical to RHEL in nearly every way. The main exception being that the RedHat logo and branding are replaced with CentOS’s own logo and branding. Therefore we will be using CentOS 7 throughout this course, and everything we do will cover/demo will work in exactly the


Real world examples of using firewalld on CentOS/RHEL 7

Previously we gave a brief introduction to firewalld, but we are now going to walk through a few firewalld setups that’s often seen in the real world.

I have created a vagrant project that you can use to follow along in this tutorial. We will use the following demo setup throughout this article:

+---------------------------------------------------+
|                webserver.local                    |
|          +------------------------+               |
|          |  Apache (httpd daemon) |															


Setting up an LDAP client

Overview

There are 2 main server-side ldap software you can use to set up an ldap server:

  • OpenLDAP
  • Microsoft Active Directory (AD)

Unfortunately we don’t have a single client-side ldap software that can connect to both of these types of LDAP servers. Instead we have the following 2 options:

  • openldap-clients: This ldap client-side software is used for connecting to an OpenLDAP based LDAP server
  • realmd: This ldap client-side software is used for connecting to an Microsoft AD based LDAP server

In most cases you won’t know which type of LDAP server you are dealing with. If that is the case, then the only way to do figure it out is by first try one approach, if that doesn’t work then try the other approach.

One of the RHCSA exam object is:

Configure a system to use an existing authentication


SELinux Summary

The policy book can be thought of as a really big text book, which contains 3 chapters.

Chapter 1 – Contains a list of all available security attributes. There are actually 4 lists, one for each type of the differnt types of suecurity attributes user:role:type:level. In the targeted policy, the “type” list is by far the longest, containing about 4500 entries.
Chapter 2 – lists mapping rules about which security attribute can access to which other security attributes.
chapter 3 – list selinux context assignment rules. This chapter gives info about what SELinux needs, in order to determine what selinux context values every object in your machine should have.

Overview

By the end of this article you should be able to answer the following questions:


[toggle title="What is the command to list