Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- RED HAT CERTFIED SYSTEM ADMINISTRATOR V 7 EXAM NOTES
- IMPORTANT THINGS
- mount -o remount,rw | fix corrupted partitioning
- awk '/bash/ {print $0}' /etc/passwd > bash.txt | takes any line containing bash and put them in file bash.txt
- cd /root
- wget "http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm"
- rpm -ivh epel-release-7-0.2.noarch.rpm
- yum repolist all
- yum install ntfs-3g
- VLC MEdia Player
- Installation (copy/paste) for EL7: rpm -Uvh http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm && rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm
- yum yum install vlc
- -----------------------------------------------------------------
- NETWORKING /etc/sysconfig/network-scripts/ifcfg-eth0
- DEVICE=eth0
- BOOTPROTO=static
- IPADDR=192.168.122.10
- NETMASK=255.255.255.0
- GATEWAY=192.168.122.1
- DNS1=8.8.8.8
- DNS2-8.8.4.4
- ONBOOT=YES
- -----------------------------------------------------------------------
- Disable FIREWALLD AND IPTABLES-SAVE
- ================================================================================
- systemctl disable firewalld
- systemctl stop firewalld
- systemctl start iptables
- systemctl start ip6tables
- systemctl enable iptables
- systemctl enable ip6tables
- iptables-save > /etc/sysconfig/iptables
- TO have script start at boot
- ==================================================================================
- vi /etc/rc.d/rc.local
- tar -cvzf /root/backup.sh /home/bigtymer37/
- VNC Cent OS 6
- ===============================================================================
- yum install tigervnc vinagre tigervnc-server
- /etc/sysconfig/vncserver
- VNCSERVERS="1:username 2:username"
- VNCSERVERARGS[2]="-geometry 800x600 -no listen tcp -localhost"
- systemctl enable firewalld
- systemctl start vnc-servers
- firewall-cmd --permanent --zone=public --add-server vnc-server
- Cent-OS 7
- yum install tigervnc-server
- cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:2.service
- vi /etc/systemd/system/vncserver@:2.service
- edit
- [Unit]
- Description=Remote desktop service (VNC)
- After=syslog.target network.target
- [Service]
- Type=forking
- # Clean any existing files in /tmp/.X11-unix environment
- ExecStartPre=/bin/sh -c ‘/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :’
- ExecStart=/sbin/runuser -l bigtymer37 -c “/usr/bin/vncserver %i -geometry 1280×1024″
- PIDFile=/home/bigtymer37/.vnc/%H%i.pid
- ExecStop=/bin/sh -c ‘/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :’
- [Install]
- WantedBy=multi-user.target
- su bigtymer37 ---------------------- ver importannt
- vncserver ------------create password
- systemctl enable firewalld
- systemctl start firewalld
- firewall-cmd --permanent --zone=public --add-port=5902/tcp
- systemctl restart firewalld
- systemctl start vncserver@:2.service
- systemctl enable vncserver@:2.service
- from client compueter
- vinagre 192.168.122.12
- vncviewer 192.168.122.12
- XFS REDUCE AND GROW
- pvcreate /dev/sda
- vgcreate -s 1M cent /dev/sda
- vgdisplay --- check total extents
- lvcreate -n data -l 255 cent
- mkfs.xfs /dev/mapper/cent-data
- mkdir /cent
- mount /dev/mapper/cent-data /cent
- lvextend --size +50M -r /dev/mapper/cent-data ----- TO GROW XFS LOGICAL VOLUME MUST BE MOUNTED BUT NOT ON EXT4 !!!!!!!
- xfs_growfs /cent
- lvreduce --size -50M -r /dev/mapper/cent-data ------- -r allows file system to grow / reduce aswell as logical volume CAN NOT SHRINK XFS FILESYSTEM ONLY EXT file systems
- ==============================================================================
- Add extra SWAP SPACE
- pvcreate /dev/sda
- vgcreate extra /dev/sda
- lvcreate -n swap -l 205 extra
- mkswap /dev/mapper/extra-swap
- vi /etc/fstab
- /dev/mapper/extra-swap swap swap defaults 0 0
- swapon -va
- free -m
- ==============================================================================
- Virtualization
- yum groupinstall Virtualization*
- images stored in /var/lib/libvirt/images
- yum install qemu-kvm python-virtinst virt-manager virt-top virt-viewer libvirt libvirt-client
- virt-install --prompt | run install from cmd
- virt-install -n cent7-server -r 2048 --disk \path=/var/lib/libvirt/images/cent7-server.img,size=15 \-l http://192.168.0.15/cent \-x ks=http://192.168.0.15/cent/ks.cfg
- virsh list --all
- virsh destroy centos.img | shuts down vm then delete image from /var/lib/libvirt/images/
- virsh autostart (domain name) | starts on boot up
- virsh autostart --disable (domain name) | disables at bootup
- virt-viewer (domain name) access virtual machine gui
- SNAPSHOTS of VMS
- virsh snapshot-create-as cent-server snap1-C-S "snap1 description" --diskspec vda,file=/var/lib/libvirt/images/cent-server.qcow2 --disk-only --atomic
- Domain snapshot snap1-C-S created
- virsh snapshot-create cent-server
- virsh snapshot-create cent-server | create snapshot
- virsh snapshot-list cent-server | list snapshot
- virsh snapshot-revert cent-server ****** | revert snapshot Make sure VM is off when you revert
- virsh snapshot-delete cent-server ****** | delete snapshot
- cd /var/lib/libvirt/images/ | REMOVE VM
- rm ****.img
- cd /etc/libvirt/qemu/
- rm ****.xml
- virt-clone --prompt | to clone VM
- ADDING STORAGE
- dd if=/dev/zero of=/var/lib/libvirt/images/sdb1.img bs=1M seek=512 count=0
- -------------------------------------------------
- nfs
- vi /etc/exports
- /nfs 192.168.122.167(rw,async)
- exportfs
- FROM OTHER MACHINE
- mount -t nfs 192.168.122.10:/nfs /nfs
- AUTOMOUNTER!!! important DO NOT HAVE DIRECTORY CREATED BEFORE ADDING TO AUTO.NFS
- vi /etc/auto.master
- /nfs /etc/auto.nfs
- :wq!
- vi /etc/auto.nfs
- home -fstype=nfs,rw,sync 192.168.122.10:/hello
- service autofs restart
- cd /nfs/home
- SMB
- ============================================================
- yum install cifs-utils
- yum install samba-client
- Edit the /etc/fstab file and add the following line:
- smbserver:/shared /mnt cifs rw,username=user01,password=user01 0 0
- AUTOMOUNT CIFS
- vi /etc/auto.master
- /cifs /etc/auto.cifs
- wq!
- vi /etc/auto.cifs
- winbox -fstype,rw,noperm,user=user01,pass=user01 192.168.122.12:/hello
- :wq!
- service autofs restart
- cd /cifs/winbox
- ------------------------------------------------------------
- FORMATING A DRIVE
- Make sure drive is unmounted
- df to check mounted drives
- fdisk /dev/sdb
- n to select partition
- p to select primary partition
- enter select beggining of drive
- enter select end of drive
- t
- 83 for linux 82 for swap
- w to save
- mkfs.ext4 /dev/sdb
- partprobe /dev/sdb
- fsck -t ext4 /dev/sdb check filesystem
- mount /dev/sdb /sdb1
- ======================================================
- Logical volumes
- # Useful LVM commands
- # pvdisplay - Displays currently configured PVs.
- # pvchk - Checks the integrity of a physical volume.
- # pvs - Lists configured PVs and the associated VGs.
- # pvmove - Moves PVs in a VG from the specified partition to free locations
- on other partitions; prerequisite is to disable the PE.
- # vgcfgbackup - Backs up and restores the configuration files associated with LVM
- # vgchange - Similar to pvchange, allows you to activate or deactivate a VG. For
- # vgck - Checks the integrity of a volume group.
- # vgcreate - Creates a VG, from two or more configured PVs: for example,
- # vgdisplay - Displays characteristics of currently configured VGs.
- # vgextend - if you�ve create a new PV vgextend vg00 /dev/sda11 adds the
- space from /dev/sda11 to vg00.
- # vgrename - Allows renaming of LVs.
- # vgs - Displays basic information on configured VGs.
- # vgscan - Scans and displays basic information on configured VGs.
- # lvcreate - Creates a new LV in an existing VG.
- # lvdisplay - Displays currently configured LVs.
- # lvextend - Adds space to an LV: the lvextend -L6G /dev/volume01/lv01
- command extends lv01 to 6GB, assuming space is available.
- # lvrename - Renames an LV.
- # lvresize - Resizes an LV; can be done by -L for size. For example, lvresize -L
- 6GB volume01/lvl01 changes the size of lvl01 to 6GB.
- # lvs - Lists all configured LVs.
- # Don't setup a LVM vol for the /boot dir. Linux can't read from it on boot.
- pvcreate /dev/sdb /dev/sdc
- vgcreate cent -s 8M /dev/sdb /dev/sdc | -s add physeical extent
- lvcreate -n data -l 50 vol-group | -l specifies logical extent size
- mkdir /cent-data
- mkfs.ext4 /dev/mapper/cent-data
- mount /dev/mapper/cent-data /cent-data
- partprobe /dev/mapper/cent-data
- fsck -t ext4 /dev/mapper/cent-data
- blkid
- add UUID to fstab or auto.master and auto.cent-data
- =====================================================================================
- LUKS ENCRYPTION
- pvcreate /dev/sdb /dev/sdc
- vgcreate cent -s 8M /dev/sdb /dev/sdc | -s add physeical extent
- lvcreate -n data -l 50 vol-group | -l specifies logical extent size
- lvcreate -n data -L 1G+ cent
- cryptsetup luksFormat /dev/mapper/cent-data
- cryptsetup LuksOpen /dev/mappert/cent-data crypt | opens /dev/mapper/crypt
- mkfs.ext4 /dev/mapper/crypt
- partprobe /dev/mapper/crypt
- fsck /dev/mapper/crypt
- mount /dev/mapper/crypt /crypt
- blkid
- add to fstab
- /dev/mapper/crypt /crypt ext4 defaults 1 1
- add to crypttab
- crypt /dev/mapper/cent-data none
- =====================================================================================
- HOW TO ADD KEY FILE TO LUKS
- ====================================================================================
- dd if=/dev/urandom of=/root/crypt bs=1024 count=4 | create a keyfile with random bits of 4kb
- chmod 0400 /root/keyfile | read only permission for root
- sudo cryptsetup luksAddKey /dev/mapper/crypt /root/crypt | adds keyfile
- vi /etc/crypttab
- crypt /dev/mapper/cent-data /root/crypt | adds the keyfile in at the end
- =======================================================================
- RED HAT PACKAGE MANAGER
- rpm -qp --requires filename looks for dependencies
- rpm -qp --provides file name
- ==========================================================================
- IPTABLES
- iptables -L -nv --list | all rules
- iptables -F | flushes table
- iptables -P INPUT DROP
- iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT;
- iptables -I INPUT 2 -p tcp --dport 22 -j ACCEPT
- iptables -I INPUT 3 -m state --state ESTABLISHED, RELATED -j ACCEPT
- iptables -P OUTPUT DROP
- iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
- iptables -I OUTPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -I OUTPUT 2 -p tcp --dport 80 -j ACCEPT
- iptables -I OUTPUT 3 -p tcp --dport 22 -j ACCEPT
- iptables -I OUTPUT 4 -p udp --dport 53 -j ACCEPT
- iptables -I OUTPUT 5 -m state --state NEW,RELATED -j ACCEPT
- TO BLOCK IPS
- iptables -I INPUT 2 --source 210.0.0.0/8 DROP
- CENT OS 7
- systemctl enable iptables.service | starts iptables service on boot
- systemctl enable ip6tables.service
- systemctl enable nfs-server.service | starts nfs-server on boot
- systemctl enable firewalld.server | starts firewalld on boot
- systemctl stop firewalld.service
- systemctl start iptables.service
- systemctl start ip6tables.service
- firewall-cmd --state ----------Check Status
- firewall-cmd --reload -------------Reload rules without loosing state
- firewall-cmd --get-zones ---------------- Shows zones
- firewall-cmd --get-services ------------- shows services
- firewall-cmd --list-all-zones ----------shows all zones with enabled service
- firewall-cmd --get-services -------------shows a list of all enabled services
- firewall-cmd --permanent --zone=public --add-service=nfs-server --------add nfs-server to firewall public zone
- firewall-cmd --permanent --zone=public --add-service=rpc-bind -----------add rpc-bind which is tcp wrapper for nfs
- firewall-cmd --permanent --zone=public --add-service=http -------------------add web access in public zone
- firewall-cmd --permanent --zone=public --remove-service=nfs-server ----removes nfs-server from public zone after restart
- firewall-cmd --permanent --zone=public --change-interface=eth0 -change zone on interface
- firewall-cmd --get-zone-of-interface=eth0 -- get zones on interface
- firewall-cmd --zone=public --list-ports - list ports open on zone
- firewall-cmd --panic-on ---- block all traffic in emergency
- firewall-cmd --panic-off ---- unblock all traffic
- firewall-cmd --add-service=http ------------- add http in deafault zone
- firwall-cmd --zone=public --list-all -----list services on zone
- DISABLE FIREWALLD ENABLE IPTABLES
- yum -y install iptables-services
- systemctl mask firewalld
- systemctl enable iptables
- systemctl enable ip6tables
- systemctl stop firewalld
- systemctl disable firewalld
- systemctl start iptbales
- systemctl start ip6tables
- ==================================================================
- SSH
- ssh-keygen
- scp /root/.ssh/id_rsa.pub 192.168.122.11:/root/.ssh/ ---from pc you want to automatically connect to server
- cat id_rsa.pub >> authorized_keys < do this on server
- chmod 700 /root/.ssh <
- chmod 644 /root/.ssh/authorized_keys <
- CRONTAB
- crontab -e | edit roots crontab
- crontab -l | show root crontab
- crontab -u john -e | edit johns crontab
- crontab -u john -l | list johns crontab
- 30 8 * * * tar -cvzf /root/backup.tar /home/bigtymer
- * 9 * * * mv /root/backup.tar /
- 30 9 * * * tar -xvzf backup.tar
- 30 21 * * * echo "Hello World!" >> ~/helloworld.txt
- minute hour day of month day of week command
- cat /var/spool/root
- service crond restart
- =====================================================================
- RED HAT PACKAGE MANAGER
- Install and update software packages from Red Hat Network, a remote repository, or from the local file system.
- Redhat network updates (requires subscription)
- rhn_register
- Configuration of repositories other than the RHN is accomplished through text configuration files located in the directory:
- /etc/yum.repos.d/
- • A configuration file for each repository (or group of related repos) should
- be created in /etc/yum.repos.d/
- • The name of each repo config file should end in “.repo”.
- Yum Repository Mandatory Configuration Items
- Repository ID: Short name for identifying this repository in reports
- [MyRepo]
- Name: Longer description of this repository
- name=My Custom Repository
- Baseurl: Description of protocol and location needed to locate the repo files.
- baseur=http://192.168.0.15/cent
- Yum Repository Common Optional Configuration Items
- gpgcheck: Defines whether yum should attempt to validate package signatures. “0″ = “off”, “1″ = “on”.
- gpgcheck=1
- gpgkey: Defines (via URL) where the keys for signature validation are located (typically file:///etc/pki/rpm-gpg/<key name>)
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
- enabled (Optional) Defines whether this repository should be currently active. “0″ = “off”, “1″ = “on”.
- enabled=1
- RPM Cheat Sheet
- # rpm -i[v,h] name-ver-rel.arch.rpm : Installs a package
- # rpm -U[v,h] name-ver-rel.arch.rpm : Upgrades a package if an older version was previously installed. Otherwise, simply installs the new version.
- # rpm -F[v,h] name-ver-rel.arch.rpm : Upgrades a package if an older version is installed. Otherwise, does nothing — does not install new packages if no older version was installed.
- Upgrading a Kernel
- Always use #rpm -i …
- Uninstalling
- # rpm -e name[-ver][-rel]
- RPM over a Network
- # rpm -ivh ftp://{Host}/path/to/packagename-ver-rel.arch.rpm
- # rpm -ivh http://{Host}/path/to/packagename-ver-rel.arch.rpm
- And wildcard “globbing” is allowed:
- # rpm -ivh http://{Host}/path/to/packagename*
- rpm -qa lists all installed packages.
- rpm -q pkg Reports the version of the package.
- rpm -qf /path/file Reports which package provided the file.
- rpm -qc pkg Lists all configuration files of the package.
- rpm -qd pkg Lists all documentation of the package.
- rpm -qi pkg Reports a description of the package.
- rpm -ql pkg Lists all files contained in the package.
- rpm -qR pkg Lists all dependencies.
- rpm -q –scripts Lists the scripts that run when installing/removing.
- rpm -q{c|d|i|l|R}p /path/to/packagename-ver-rel-arch.rpm Reports the same info as above, but pulls info from the .rpm file instead of the rpm database.
- rpm -V (or –verify) Validate Package Signatures
- Import GPG key, check sigs.
- 1. Import the Red Hat GPG public key (It can be found on the installation CD or in the /etc/pki/rpm-gpg/ directory):
- # rpm –import /media/disk/RPM-GPG-KEY-redhat-release
- or:
- # rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
- 2. Check the signature of the package in question:
- # rpm –checksig /path/to/package-ver-rel.arch.rpm
- View a list of the packages originally installed on the system:
- # less /root/install.log
- View a list of the packages installed through yum:
- # less /var/log/yum.log
- Query the RPM database for the packages installed right now:
- # rpm -qa
- Update the kernel package appropriately to ensure a bootable system.
- rpm -ivh kernel_package_name
- =============================================================
- SE LINUX
- yum install policycoreutils-python x86_64
- getsebool -a | grep httpd find selinux booleans for apache web server server
- semanage user -l | lists users
- semanage boolean -l | grep httpd <<<<<shows what each boolean does
- send SE contents from one fold to another
- chcon -R --reference=/var/www/html /var/www/html/files
- setsebool -P nfs_export_all_rw=1 | allows nfs export shares to read,write
- APACHE INSTALLATION SERVER
- =============================================================
- yum install httpd
- mkdir /var/www/html/cent
- mount -o loop cent.iso /var/www/html/cent1.iso /var/www/html/cent
- mkdir /var/www/html/repo
- cp -ar /var/www/html/cent/. /var/www/html/repo/
- chcon -R --reference=/var/www/html /var/www/html/repo
- service httpd restart
- chkconfig httpd on
- ================================================================================
- Yum & REPOS
- Yum install --downloadonly --downloaddir=/var/www/html/repo kernel.x86_64
- yum --add-repo repository epel6 ------------------add repo
- yum-config-manager --disable repository epelxxxxxxxxxx -------------- disable repo
- yum-config-manager --enable repository epelxxxxxxxxxxx--------------enable repo
- yum clean all -----------------cleans up repo
- yum repolist all ---------------- list all repos
- CREATE REPO
- mount -o loop cent7.iso /cent7
- mkdir /var/www/html/cent7
- cp -ar /cent7 /var/www/html/cent7
- chcon -R --reference=var/www/html/ /var/www/html/cent7
- cd /etc/yum.repos.d
- vi cent7.repo
- [centos7]
- name=centos7
- baseurl=file:///var/www/html/cent7/ or http://192.168.0.15/cent7
- enabled=1
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- yum clean all
- yum repolist all
- =============================================================
- KICKSTART
- system-config-kickstart /root/anaconda.ks ---- open ks file in gui save to apache installation server.
- virt-install -n cent7-server -r 3000 --disk path=/var/lib/libvirt/images/cent7-server.img,size=15 -l http://192.168.0.15/cent --vcpus=4 -x "ks=http://192.168.0.15/cent/ks.cfg"
- =======================================================LDAP=================================================
- TO SET UP LDAP SERVER
- yum install -y openldap openldap-clients openldap-servers migrationtools
- slappasswd -s redhat -n > /etc/openldap/passwd ----------- add secret key
- IMPORTANT
- openssl req -new -x509 -nodes -out /etc/openldap/certs/cert.pem -keyout /etc/openldap/certs/priv.pem -days 365 ----------- creates certificate
- Country Name (2 letter code) [XX]:
- State or Province Name (full name) []:
- Locality Name (eg, city) [Default City]:
- Organization Name (eg, company) [Default Company Ltd]:
- Organizational Unit Name (eg, section) []:
- Common Name (eg, your name or your server's hostname) []:instructor.example.com
- Email Address []:
- cd /etc/openldap/certs
- chown ldap:ldap *
- chmod 600 priv.pem
- cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
- # slaptest
- 53d61aab hdb_db_open: database "dc=my-domain,dc=com": db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2).
- 53d61aab backend_startup_one (type=hdb, suffix="dc=my-domain,dc=com"): bi_db_open failed! (2)
- slap_startup failed (test would succeed using the -u switch)
- chown ldap:ldap /var/lib/ldap/*
- systemctl enable slapd
- systemctl start slapd
- netstat -lt | grep ldap
- cd /etc/openldap/schema
- ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f cosine.ldif
- ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f nis.ldif
- Then, create the /etc/openldap/changes.ldif file and paste the following lines (replace password with the previously created password):
- dn: olcDatabase={2}hdb,cn=config
- changetype: modify
- replace: olcSuffix
- olcSuffix: dc=example,dc=com
- dn: olcDatabase={2}hdb,cn=config
- changetype: modify
- replace: olcRootDN
- olcRootDN: cn=Manager,dc=example,dc=com
- dn: olcDatabase={2}hdb,cn=config
- changetype: modify
- replace: olcRootPW
- olcRootPW: passwd # previously generated password
- dn: cn=config
- changetype: modify
- replace: olcTLSCertificateFile
- olcTLSCertificateFile: /etc/openldap/certs/cert.pem
- dn: cn=config
- changetype: modify
- replace: olcTLSCertificateKeyFile
- olcTLSCertificateKeyFile: /etc/openldap/certs/priv.pem
- dn: cn=config
- changetype: modify
- replace: olcLogLevel
- olcLogLevel: -1
- dn: olcDatabase={1}monitor,cn=config
- changetype: modify
- replace: olcAccess
- olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=example,dc=com" read by * none
- THEN MODIFY
- ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/openldap/changes.ldif
- SASL/EXTERNAL authentication started
- SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
- SASL SSF: 0
- modifying entry "olcDatabase={2}hdb,cn=config"
- modifying entry "olcDatabase={2}hdb,cn=config"
- modifying entry "olcDatabase={2}hdb,cn=config"
- modifying entry "cn=config"
- modifying entry "cn=config"
- modifying entry "cn=config"
- modifying entry "olcDatabase={1}monitor,cn=config"
- Create the /etc/openldap/base.ldif file and paste the following lines:
- dn: dc=example,dc=com
- dc: example
- objectClass: top
- objectClass: domain
- dn: ou=People,dc=example,dc=com
- ou: People
- objectClass: top
- objectClass: organizationalUnit
- dn: ou=Group,dc=example,dc=com
- ou: Group
- objectClass: top
- objectClass: organizationalUnit
- Build the structure of the directory service:
- ldapadd -x -w redhat -D cn=Manager,dc=example,dc=com -f base.ldif
- Create two users for testing:
- mkdir /home/guests
- useradd -d /home/guests/ldapuser01 ldapuser01
- passwd ldapuser01
- useradd -d /home/guests/ldapuser02 ldapuser02
- passwd ldapuser02
- cd /usr/share/migrationtools
- Edit the migrate_common.ph file and replace in the following lines:
- $DEFAULT_MAIL_DOMAIN = "example.com";
- $DEFAULT_BASE = "dc=example,dc=com";
- Create the current users in the directory service:
- grep ":10[0-9][0-9]" /etc/passwd > passwd
- ./migrate_passwd.pl passwd users.ldif
- ldapadd -x -w redhat -D cn=Manager,dc=example,dc=com -f users.ldif
- adding new entry "uid=ldapuser01,ou=People,dc=example,dc=com"
- adding new entry "uid=ldapuser02,ou=People,dc=example,dc=com"
- grep ":10[0-9][0-9]" /etc/group > group
- ./migrate_group.pl group groups.ldif
- ldapadd -x -w redhat -D cn=Manager,dc=example,dc=com -f groups.ldif
- Test the configuration with the user called ldapuser01:
- ldapsearch -x cn=ldapuser01 -b dc=example,dc=com
- firewall-cmd --permanent --zone=public --add-service=ldap
- firewall-cmd --permanent --zone=public --add-service=nfs
- firewall-cmd --reload -------------Reload the firewall configuration:
- local4.* /var/log/ldap.log ---------Edit the /etc/rsyslog.conf file and add the following line
- systemctl restart rsyslog
- chmod 744 /home/guests/ldapuser*
- ===========================================================================================================
- Configure LDAP Client
- yum install -y openldap-clients nss-pam-ldapd openldap-servers
- scp /etc/openldap/certs 192.168.122.11:/etc/openldap/cacerts --------------- FROM SERVER
- authconfig-tui
- Choose the following options:
- - Cache Information
- - Use LDAP
- - Use MD5 Passwords
- - Use Shadow Passwords
- - Use LDAP Authentication
- - Local authorization is sufficient
- In the LDAP Settings, type:
- Use TLS
- ldap://instructor.example.com
- dc=example,dc=com
- NFS on LDAP
- vi /etc/exports
- /home/guests/ldapuser01 192.168.122.11(rw,sync,no_root_squash)
- /home/guests/ldapuser02 192.168.122.11(rw,sync,no_root_squash)
- service nfs restart
- exportfs -v
- vi /etc/auto.master
- /home/guests /etc/auto.guests
- vi /etc/auto.guests
- * -rw,nfs4 192.168.0.15:/home/guests/&
- systemctl reload nfs
- systemctl start iptables.service
- systemctl start ip6tables.service
- systemctl start firewalld.service
- systemctl start autofs.service
- systemctl start slapd.service
- firewall-cmd --get-services
- firewall-cmd --permanent --zone=public --add-service=ldap
- firewall-cmd --permanent --zone=public --add-service=nfs
- firewall-cmd --permanent --zone=public --add-service=ldaps
- systemctl enable slapd.service
- systemctl enable autofs.service
- systemctl enable iptables.service
- systemctl enable ip6tables.service
- systemctl enable firewalld.service
- ==================================================================
- Grub2
- grub2-mkconfig -o /boot/grub2/grub.cfg
- vi /usr/sbin/update-grub
- #!/bin/bash
- exec grub2-mkconfig -o /boot/grub2/grub.cfg -----------makes script for update-grub
- init 6
- edit line "e" with vmlinuz put init=/bin/sh at end to enter single user mode with shell
- passwd to update password
- touch ./autorelabel
- exec /sbin/init ----------------to reboot
- How to add password to grub
- vi /etc/grub.d/00_header
- add at bottom of file
- cat <<EOF
- set superusers="bigtymer37"
- password bigtymer37 passwordhere
- EOF
- update-grub or grub2-mkconfig -o /boot/grub2/grub.cfg
- grub-mkpasswd-pbkdf2
- vi /etc/grub.d/00header
- add at bottom of file
- cat <<EOF
- set superusers="bigtymer37"
- password_pbkdf2 bigtymer37 pbkdf2
- EOF
- grub2-mkconfig /boot/grub2/grub.cfg
- ==================================================================================================
- SYSTEM D
- systemctl enable iptables.service | starts iptables service on boot ---------------- enable on boot
- systemctl enable ip6tables.service -----------enable on boot
- systemctl enable nfs-server.service | starts nfs-server on boot -----------enables on boot
- systemctl enable firewalld.server | enables on boot firewalld on boot
- systemctl stop firewalld.service ------------ stop service
- systemctl start iptables.service -------------starts service
- systemctl start ip6tables.service------------- starts service
- systemctl isolate runlevel6.target ----------same as init 6 restart
- systemctl isolate runlevel3.target -------------same as init 3
- systemctl isolate shutdown.target ----------------- same as init 0
- systemctl list-units --type target --all -------------list all units that are currently loaded
- systemctl list-units --type target --all ----------- list all units regardless of state
- systemctl set-default multi-user.target
- ACCESS CONTROL LISTS
- ======================================================================
- getfacl /etc/hosts
- setfacl -m u:bigtymer37:rw /etc/hosts
- chmod 644 /etc/hosts
- AT COMMAND
- vi /root/backup.sh
- tar -cvzf /root/backup-at.tar /home/bigtymer37
- at -f /root/backup.sh Aug19,2014
- at -f /root/backup.sh now + 15 minutes
- at -f /root/backup.sh now + 7 days
- at -f mycrontest.sh 10pm tomorrow --- job 14 at Sun Jul 8 22:00:00 2007
- at -f mycrontest.sh 2:00 tuesday ---job 15 at Tue Jul 10 02:00:00 2007
- at -f mycrontest.sh 2:00 july 11 -----job 16 at Wed Jul 11 02:00:00 2007
- at -f mycrontest.sh 2:00 next week
- atq
- atrm (number of at id)
- NTP
- ===============================================================================
- vi ntp.conf
- systemctl enable ntpd
- systemctl start ntpd
- ntpq -q -----------list synchronized time server
- systemctl stop ntpd
- ntpdate centos1.pool.org
- systemctl ntpd start
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement