Posts

Showing posts from December, 2018

CONFIGURE THIRD PARTY REPO AND THE GPG KEY.

CREATING A LOCAL REPO FROM ISO IMAGE

MANAGING REPOSITORIES

BOOT SYSTEM IN DIFFERNET TARGETS AND RESET ROOT PWD FROM CONSOLE

SOME IMPORTANT VIM COMMANDS

NFS SERVER AND CLIENT CONFIGURATION

MAIL SERVER_POSTFIX CONFIGURATION

MARIA DB_INSTALLATION_USERS CREATION,DELETETION,QUERY

NETWORK TIME PROTOCOL AND IT'S CONFIGURATION

SAMBA_SMB FILE SHARING

ISCSI INTRODUCTION AND CONFIGURATION IN REDHAT

ADVANCED CONCEPTS OF APACHE WEB SERVER

ADVANCED NETWORKING USING NETWORK MANAGER

BASICS OF BASH SCRIPTING

BASICS OF BASH SCRIPTING variables Script file ends/extension with sh. Creating a script file below Vim example.sh #!/bin/bash     ##Write she-bang sentence (it informs the shell what kind of programming lang it contains) #!/bin/php          #!/bin/perl          #!/bin/python    ### so on #Comments – very imp to write what your program execute for/created for # for ex This script is created to do blah blah # this script is created by someone@domain.com #Variables: these are executed by bash programming lang as of other lang(common concept) Var=value (string,no,char etc) Echo $Var             # $ -used to execute variable or command #end Now make the file excutable Chmod +x example.sh Sh example.sh     ## execute using sh Ex2: Take backup from /etc #!/bin/bash #this script is created to do backup Backup=</mybackup/etc-$(data +%Y-%m-%d).tgz or destination to store backup> #date – an environmental variable #-$(data +%Y-%m-%d)

PASSWORD POLICY FOR SINGLE USER AND ALL_USERS

CHANGE PASSWORD AND ADJUST PASSWORD POLICES FOR SINGLE USER AND ALL USERS AT A TIME:                 vim /etc/login.defaults which allows to set specific parameters for passwords of the users like pwd length, include special chars, no’s and password expiry, etc… password hashes are located in /etc/shadow(password policy info). Ex: root:$6$neBVcz0K$7zTq20kWszOZKaqRO.4KOgLkwNQPjEi0/xatTa9h2tjfdnWUuv/QaWnt44DqZjMz5YHoc1hcPTgCJiYn5tRd5.:17266:0:99999:7::: <user>:<passwordhash>:<last pwd date>:<min days before pwd can be changed >:<max no of days before pwd can be changed>:<no of days one should get warning to change pwd>:<no of days account remains active after pwd has expired if it exceeds your account is locked>:<expiration date(yyyy-mm-dd)> How to we manage above By using (usermod,passwd,chage)   commands.                 chage –l                 chage –l <username> it gives all the above info of the specif

MANAGE USERS AND GROUPS IN REDHAT

MANAGE USERS AND GROUPS id             -               gives the info about the user u logged in. +++++++++++++++++ uid=0(root) gid=0(root) groups=0(root) ++++++++++++++++ Root user always having user id 0 1-200 user id – system users for specific redhat process’s /for redhat file owned process’s. 201-999 - system users for specific redhat process’s but they won’t files on the system. Ex: apache (/usr/sbin/nologin) From 1000 : id’s will be assigned when we create new user accounts. You can see users in /etc/passwd neelu:x:1001:1001::/home/neelu:/bin/bash ntp:x:38:38::/etc/ntp:/sbin/nologin   ##user can’t ssh because /sbin/nologin <user_name>:<pwd linked to some where /etc/shadow>:uid:gid:<arbitrary field,user defined>:<home_dire>:<shell to use> Each user exactly have 1 primary group. Whenever user created in the system primary group is same as user name by default. Whenever user creates a new file/directory, group owner o

INSTALL AND CONFIGURE WEBSERVER

INSTALL AND CONFIGURE WEBSERVER yum search apache yum search apache | grep "server" it provide list of the packages and now install apache or http server by following cmnd's yum install httpd systemctl start httpd systemctl status httpd root of the apache web server located in /var/www cgi-bin html folders are there intially. you can put html pages in html folder DocumentRoot=/var/www/html (cmd to connect internet using dhcp - dhclient) now connect the server ex in windows machinf open browser and type 192.168.0.84 - if u r not getting. ping ip from windows machine (if it is connected then there is problem with polices) now in server give iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT or iptables -A INPUT -p tcp --dport 80 -j ACCEPT to check policy iptables _L | grep 80 to delete policy iptables -D INPUT 1 or iptables -D INPUT -p tcp --dport 80 -j ACCEPT now connect to http server it's working config file of http /et

CONFIGURING KEY BASED SSH AUTHENTICATION

CONFIGURING KEY BASED SSH AUTHENTICATION yum search ssh yum install openssh-server.x86_64 failed (if yum is locked then update it yum update) - need to check bcz yum packet manager actually occupied with package git ps -aux | grep -i packge now allow port iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT firewall-cmd --permanent --add-port=22/tcp systemctl start sshd now connect in linux ssh username@ip -p <portno> in windows connect using putty password less login secure bcz if someone know username and pwd they connect the server easily pwdlesslogin provide connecting server with keys edit config file vi /etc/ssh/sshd_config PermitRootLogin no (by default it is yes with #) RSAAuthentication yes - insert it PubkeyAuthentication yes - uncomment it PasswordAuthentication no(by default it is yes) after changes systemctl restart sshd now go to client and make preparations for pwd less login and attemp the login by generating key ssh-keygen

ALL ABOUT SELINUX

ALL ABOUT SELINUX: it stands for security enhanced linux it is neither a fw nor antivirus it is implementation of manadatory access control mechanism in the linux kernal this is 2 nd ry check of access controls in addition to the DIC(discreasnory access control) DIC ex: ls -l d---------     --->file permissions -rwxr--r--     ---> (authorised users can do) --root use may not have all the permissions in some cases these DIC permissions are checked 1 st later anything selinux dictates are checked(selinux polices are applied) selinux can enforce rules on files and process's in linux sys. and it can also enforce rules on their actions based on certain defined polices selinux wil treat all files in linux as object's and   process's wheter user or system generated as subjiects most os's are lay on DIC for access management selinux in linux os provide fine grain contorl(with DIC it is not possible) (bcz individual users can chage permission if

CONFIGURING LVMS

CONFIGURING LVMS fdisk /dev/sdb t - to change partition id(system id) - to lvm choose part no - 1 to n L - to see hex codes 8e - Linux LVM then w changes. if you want to do it in mounted file system it will through a warning ++++++++++++++++++++++++++++++++++++++++++++ Re -reading the partition table failed with error 16: Device or resource busy. The kernal still uses the old table. The new table will be used at the next reboot or after you run partprobe(8) or kpartx(8) syncking disks. +++++++++++++++++++++++++++++++++++ to see the changes fdisk -l unmount the file system umount /mnt/udemy fdisk /dev/sdb t 2 8e w no warning's lvm - allow us to dynamically resize the space on the drive we don't need to know in advance how much drive we need for partition used for hot plug options(defected drive-hint) layers of abstraction: ## ######     FILE SYSTEM                        ############################################this ## ### ####   LOGICA

CONFIGURATION OF LUKS

CONFIGURATION OF LUKS it provides extra layer of security to disks. Linux unified key ststem ex: add a disk reboot system check wheter it is added or not fdisk -l or fdisk /dev/sdc sdc- 8G now create vg vgcreate luks-group /dev/sdc now create lv lvcreate -n lv-luks -L 7G luks-group check above created once with vgs lvs creating passphrase: CRYPTSETUP:- CMD cryptsetup: manage plain dm-crypt and LUKS encrypted volumes once encrypted. if u forget the key then 99.99% u can not retrieve back. EX: cryptsetup -v -y luksFormat /dev/mapper/luks--group-lv--luks v- verbose y - verify the passphrase by asking for it twice luksFormat - format a luks device enter passphrase, now i have given DIVYAMD450 it asks again for verification. NOW OPEN IT (WITH ALIAS): crypysetup luksOpen /dev/mapper/luks--group-lv--luks LUKS (open with LUKS) asks for passphrase enter it NOW FORMAT FILESYSTEM: mkfs.xfs /dev/mapper/LUKS NOW CREATE MOUNT POINT: mkdir /mnt/L

INSTALL,CONFIGURE AND TEST FTP

INSTALL,CONFIGURE AND TEST FTP install vsftpd -ftp sever yum install vsftpd systemctl start vsftd inorder to work this 1 st disable selinux - edit file vim /etc/selinux/config SELINUX=disabled rebbot the machine to apply selinx changes now edit vsftdd conf file vim /etc/vsftpd/vsftd.conf anonymous_enable means login anonymous users to download whatever they want from ftp server local_umask=022 which sets the permission for users anon_upload_enable means anonymous upload from the users.u should not allow logs stored: /var/log/xferlog - by default listen=NO listen_ipv6=YES by default it listens on ipv4 sockets. in this ex used all the conf as it is but added below lines as a part of trouble shoting bcz had lot of problem with ftp,with fw for time being add below pasv_enable=YES      means passive mode for ftp is enabled pasv_max_port=40000   maximum port to be 40000 pasv_min_port=40000   minimum port to be 40000 which means 1 port ### allow th