Category: Linux

  • Disable SELinux on CentOS/RHEL

    To disable SELinux

    Method 1

    sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
    setenforce 0
    

    Method 2

    edit file

    vi /etc/selinux/config
    

    Find

    SELINUX=enforcing
    

    Replace with

    SELINUX=disabled
    

    Reboot the server with

    reboot
    

    You can disable selinux for current session by running command

    setenforce 0
    

    See SELinux

  • Install AnyDesk on Ubuntu

    To install AnyDesk on Ubuntu, run following commands as user root (sudo su).

    wget -qO - https://keys.anydesk.com/repos/DEB-GPG-KEY | apt-key add -
    

    Add repository

    echo "deb http://deb.anydesk.com/ all main" > /etc/apt/sources.list.d/anydesk-stable.list
    

    Update apt cache

    apt update
    

    Install anydesk with

    apt install anydesk
    

    If you don’t want auto start anydesk on boot, disable it with

    systemctl disable anydesk
    

    If you need to enable AnyDesk start on boot, run

    systemctl enable anydesk
    

    To see if anydesk is enabled or disabled, you can run

    systemctl list-unit-files | grep anydesk
    

    To check status of anydesk, run

    systemctl status anydesk
    

    You can manually start it with

    systemctl start anydesk
    

    See AnyDesk

  • Install Latest MariaDB on CentOS

    Install Latest MariaDB on CentOS

    To install the latest MariaDB on the CentOS server, go to

    https://mariadb.org/download/?t=repo-config

    On this page, select CentOS, then select your CentOS version and MariaDB version you need.

    MariaDB install CentOS

    Below you will see instructions for your specific version of CentOS.

    Install MariaDB 10.5 on CentOS 7

    CentOS 7 by default provide MariaDB 5.5. To install MariaDB 10.5

    Create file

    vi /etc/yum.repos.d/MariaDB.repo
    

    Add

    # MariaDB 10.5 CentOS repository list - created 2020-11-05 08:27 UTC
    # http://downloads.mariadb.org/mariadb/repositories/
    [mariadb]
    name = MariaDB
    baseurl = http://yum.mariadb.org/10.5/centos7-amd64
    gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
    gpgcheck=1
    

    Now you can install MariDB with command

    yum install MariaDB-server MariaDB-client
    

    To start MariaDB, run

    systemctl start mariadb
    

    You can replace start with stop/restart/status. To auto start MariaDB on boot, run

    systemctl enable mariadb
    

    See MySQL

  • Enable Remote Desktop in Ubuntu from the command line

    Method 1: Using x11vnc

    Connect to remote computer with SSH

    ssh user@REMOTE_PC_IP
    

    Install x11vnc

    sudo apt install x11vnc
    

    start x11vnc as the user that is logged in to GUI.

    x11vnc -display :0
    

    Now you should be able to connect to the desktop using any vnc client software using

    REMOTE_PC_IP:0
    

    Method 2: Using vino

    Connect to remote computer with SSH

    ssh -Y user@REMOTE_PC_IP
    

    Run

    sudo apt-get install vino -y
    vino-preferences
    

    You need X11 forward enabled to get this working, so you can run GUI application of remote PC on your PC.

    Configure settings as required.

    Now run

    export DISPLAY=:0.0
    xhost +
    /usr/lib/vino/vino-server
    

    This will start vino-server, if you want to run in background, run with & at end.

    /usr/lib/vino/vino-server &
    

    To verify vino running, run

    netstat -nl | grep 5900 
    

    Now you have VNC enabled on remote PC.

    Start your favorite VNC client and connect to remote PC.

    If you don’t have vino-preferences, you can use

    export DISPLAY=0.0
    gsettings set org.gnome.Vino notify-on-connect false
    gsettings set org.gnome.Vino prompt-enabled false
    gsettings get org.gnome.desktop.notifications.application:/org/gnome/desktop/notifications/application/vino-server/ enable
    gsettings set org.gnome.desktop.notifications.application:/org/gnome/desktop/notifications/application/vino-server/ enable false
    gsettings set org.gnome.desktop.notifications show-in-lock-screen false
    gsettings set org.gnome.desktop.notifications show-banners false
    gsettings set org.gnome.Vino require-encryption false
    gsettings set org.gnome.Vino view-only false
    

    To set password for VNC, run

    dbus-launch gsettings set org.gnome.Vino authentication-methods "['vnc']"
    dbus-launch gsettings set org.gnome.Vino vnc-password $(echo -n "YOUR_VNC_PW_HERE"|base64)
    

    Allow connection from a network interface

    eths=$(nmcli -t -f uuid,type c s --active | grep 802 | awk -F  ":" '{ print "'\''" $1 "'\''" }' | paste -s -d, -)
    gsettings set org.gnome.settings-daemon.plugins.sharing.service:/org/gnome/settings-daemon/plugins/sharing/vino-server/ enabled-connections "[ $eths ]"
    dbus-launch gsettings set org.gnome.settings-daemon.plugins.sharing.service:/org/gnome/settings-daemon/plugins/sharing/vino-server/ enabled-connections "[ $eths ]"
    gsettings get org.gnome.settings-daemon.plugins.sharing.service:/org/gnome/settings-daemon/plugins/sharing/vino-server/ enabled-connections
    

    start vino server

    /usr/lib/vino/vino-server --display=:0.0
    

    To view the settings

    gsettings list-recursively org.gnome.Vino
    gsettings list-recursively org.gnome.desktop.notifications
    dconf dump /org/gnome/
    
  • RHCSA Questions

    CREATE LVM
    
    Create the "LVM" with the name "source" by using 26PE's from the volume group "open". Consider the PE size as "8MB". Mount it on /mnt/secret with filesystem vfat.
    USER'S GROUPS AND PERMISSION:
    
    Create a group named "sysadmin" A user sarah and natasha should belongs to "manager" group as a secondary group . A user harry should not have access to interactive shell and he should not be a member of "manager" group. passwd for all user created should be "password".
    DIRECTORY COLLABORATION:
    
    Create the Directory "/home/manager" with the following characteristics. Group ownership of "/home/manager" should go to "manager" group. The directory should be have full permission for all members off "manager" group but not to any other users accept "root". Files created under "/home/manager" should get the same group ownership is set to the "manager" group.
    UPDATE THE KERNEL:
    
    Install the appropriate Kernel from ftp://instructor.example.com/ftp/updates. Your machine should boot with updated kernel.
    CRON JOB:
    
    The user sarah must configure a cron job that runs today at 14:23 today. and executes "/bin/echo "hyer" and deny the user max for creating cronjob .
    
    
    RESIZE LVM:
    
    Resize the lvm "/dev/vgsrv/home" (/dev/myvol/vo) so that after reboot size should be in between 90MB to 120MB..
    BIND THE "LDAP" FOR USER AUTHENTICATION:
    
    Note the following. BASE DN: dc=example,dc=com ldap path ldap://instructor.example.com/ Download the certificate from "ftp://instructor.example.com/pub/EXAMPLE-CA-CERT" Ldap user should login into your system . Where "X" is your system no.
    "NTP" CLIENT:
    
    Configure your system as "NTP" client for "instructor.example.com".
    AUTOMOUNT THE HOME DIRECTORY FOR LDAPUSER
    
    Note the following. instructor.example.com(192.168.0.254) "Nfs exports" /home/guests to your system where "x" is your station ip. Ldapuser's home directory is instructor.example.com:/home/guests/ldapuserx. Ldapuser's home directory should be automounted locally beneath at /home/guests/ldapuserx. While login with any of the ldapuser then only home directory should accesible from your system that ldapuserx.
    ACCESS CONTROL LIST:
    
    Copy the file /etc/fstab to /var/tmp and configure the "ACL" as mention following. The file /var/tmp/fstab is owned by the "root". The file /var/tmp/fstab belongs to the group "root" The file /var/tmp/fstab should not be executable by other's. The user "sarah" should able to read and write to the file. The user "natasha" can neither read nor write to the file. other users (future and current) shuold be able to read /var/tmp/fstab. Create a directory /data ,set default group as ftp so that when content will be created under this dir group ftp will be inherited.
    CONFIGURE FTP SERVER:
    
    Configure FTP access from your system. Clients within the remote.test should not have anonomyous FTP access to your system.
    CONFIGURE "web server":
    
    Configure your system as "web server" for the site http://serverX.example.com . Download the web page from ftp://instructor.example.com/updates/station.html Rename the the downloaded page as "index.html" Copy the "index.html" page to the "document root" Do not make any modifications to the content of index.html.
    ADD USERS:
    
    Create the user "dax" with uid 4223.
    EXTEND SWAP SPACE:
    
    Extend the SWAP space with "250" MB dont remove the existing swap.
    LOCATE THE FILES:
    
    locate the files of owner "dax" and copy to the directory /root/found directory
    SEARCH FOR WORD:
    
    List all lines which have string "full" from "/usr/share/dict/words" file and copy the lines in /root/word.found.
    Create logical volume “lv” belongs to volume group “vg” with extend 100
    All logical volume in volume group “vg” must have extend size 8M
    Format logical volume “lv” as vfat type and mount it /mnt/blah upon reboot

    See redhat

  • rhce

    Red Hat Certified Engineer Exam Questions

    Before starting exam

    #iptables -L
    #iptables -F
    #service iptables save
    #service iptables restart
    #chkconfig iptables on
    

    1. Enable selinux as enforcing

    # setup
    firewall configuration - disabled
    # getenforce
    # lokkit --selinux=enforcing
    init6
    # cat /etc/sysconfig/system-config-firewall
    # cat /etc/stsconfig/selinux
    

    2. Enable IP forwarding on your virtual machine

    Step-01:
    
    Enable IP Forwarding permanently in your machine.
    vi /etc/sysctl.conf            (sysctl configure parameters at run level)
    change line number 7
    net.ipv4.ip_forward=1
    :wq
    
    Step-02:
    
    sysctl -p  
    

    3. Configure FTP access on your system.

    clients with in domain70.example.com should have anonymous FTP access to your machine.
    clients outside domain70.example.com should Not have access to your FTP service.

    
    Step-01:
    
    #yum install vsftpd*
    #service vsftpd restart
    #yum install ftp
    
    Step-02:
    
    #ftp 
    user:annonymous
    password: enter
    
    Step-03:
    
    #vi /etc/hosts.deny
    vsftpd: ALL EXCEPT IP/mask
    :wq!
    
    Step-04:
    
    #service vsftpd restart
    #chkconfig vsftpd on
    
    If login problem
    
    remove anonymous user from below files
    
    #vi /etc/vsftpd/vsftpd.conf
    #vi /etc/vsftpd/ftpusers
    #vi /etc/vsftpd/user_list
    

    4. Set cron service such that it can’t be accessable by mike

    Step-01:
    
    #vi /etc/cron.deny
    mike
    :wq
    
    Step-02:
    
    #service crond restart
    #chkconfig crond on
    (to check - # grep mike /etc/passwd)
    

    5. Configure ssh as follows

    natasha has remote access to your machine from with in domain70.example.com.
    client within my133t.org should not have access to ssh on your system

    
    Step-01:
    
    #vi /etc/hosts.allow
    sshd: 172.24.70.0/255.255.255.0
    :wq
    Step-02:
    
    #vi /etc/hosts.deny
    sshd:172.24.70.0/255.255.0.0
    :wq!
    
    Step-03:
    
    #service sshd restart
    #chkconfig sshd on
    #service iptables restart
    #chkconfig iptables on
    

    6. Export your /archive directory via NFS to the example.com domain only.

    or

    Export Your /common directory via NFS to the domain70.example.com domain only. (linux to linux directory sharing)

    Step-01:
    
    #vi /etc/exports
    /common 172.24.70.0/255.255.255.0(rw,sync)
    :wq
    
    Step-02:
    
    #service nfs restart
    #exportfs
    #chkconfig nfs on
    
    

    7.Share the /common directory via SMB
    Your SMB server must be a member of STAFF workgroup
    the share’s name must common
    The common share must be available to domain70.example.com clients only.
    The common share must be browseable
    natasha must have read access to the share authenticity with the password porstroll if necessary.

    
    Step-01:
    
    #yum install samba*
    
    Step-02:
    
    #vim /etc/samba/smb.conf
    Go to 74th line
    Workgroup=STAFF
    Shift+G
    copy last 7 lines using 7yy and p command
    Remove ; from all lines and edit like
    
    [common]  ( sharename
    comment=public_staff
    path=common         (path=
    valid users=natasha ( add this line)
    public=yes
    browseable=yes 
    Writable=no ( yes change to no)
    Printable=no
    :wq
    
    Step-03:
    
    #service smb restart
    
    Step-04:
    
    #smbpasswd -a natasha
    New smbpassword:postroll
    
    Step-05:
    
    #vim /etc/hosts.deny
    smb: ALL EXCEPT IP/netmask 
    :wq!
    
    Step-06:
    
    #chcon -t samba_share_t /common        (/common or share directory)
    #ls -dZ /common
    
    Step-07:
    
    #service smb restart
    #chkconfig smb on
    
    Step-08:
    
    #smbclient //ip/common -U natasha  (#smbclient //ip/ -U natasha
    
    
    

    * [[samba]]

    8 Implement a web server for the site http://serverx.example.com/ then perform the following steps:
    Download ftp://nstructor.example.com/pub/rhce/station.html
    Rename the download file to index.html
    Copy this index.html to Document root of your web server
    Do Not Make any modifications to the content of index.html

    
    Step-01:
    
    #yum install httpd
    #service httpd restart
    
    Step-02
    :
    #cd /var/www/html
    #wget ftp://instructor.example.com/pub/rhce/station.html
    mv station.html index.html
    
    Step-03:
    
    #vi /etc/httpd/conf/httpd.conf
    :set nu
    990
    remove * and add IP
    Virtual host: ip:80
    (ifconfig and take ip)
    1003 rd line
    copy 7 line 7 yy
    remove # from all line
    
    document root  /var/www/html
    server name serverx.example.com
    
    :wq
    
    Step-04:
    #service httpd restart
    #chkconfig httpd on
    
    

    9. Extend the web server include
    site http://wwwwX.example.com
    Document root /var/www/virtual
    Download ftp://instructor.example.com/pub/rhce/www.html and rename to index.html
    ensure natasha is able to create content in /var/www/virtual provided by server1.domain70.example.com

    Step-01:
    
    #service httpd start
    
    Step-02:
    
    #cd /var/www/
    #mkdir virtual
    #cd virtual
    #wget ftp......
    #mv www.html index.html
    
    Step-03:
    
    #vi /etc/httpd/conf/httpd.conf
    :set nu 1003
    copy 7yy and P
    
    remove # from all line
    
    :80>
    Document root /var/www/virtual
    Servername wwwwX.example.com
    :wq!
    
    Step-04:
    
    #service httpd restart
    #chkconfig httpd on
    
    Step-05:
    
    #setfacl -m u:natasha:rwx /var/www/virtual
    
    

    10. Create a directory limited on your document root
    download ftp://instructor.example.com/pub/rhce/station.html
    rename the downloaded file to index.html
    copy this index.html file the limited directry
    Make it such that the content of limit can be accessable to the local users only.

    
    Step-01:
    
    #cd /var/www/html
    #mkdir /limited
    #cd limited
    
    Step-02:
    
    #wget ftp://instructor.example.com/pub/rhce/station.html
    #mv station.html index.html
    
    Step-03:
    
    #vi /etc/httpd/conf/httpd.conf
    1003rd line before closing  type the following
    
    Step-04:
    
    
    allow,deny
    Allow from IP
    
    :wq!
    
    Step-05:
    
    #service httpd restart
    #chkconfig httpd on
    
    
    

    11. Export your /archive directory via NFS to the example.com domain only.

    Export Your /common directory via NFS to the domain70.example.com domain only.
    (linux to linux directory sharing)

    Step-01:
    
    #vi /etc/exports
    #/common 172.24.70.0/255.255.255.0(rw,sync)
    :wq
    
    Step-02:
    
    #service nfs restart
    #exportfs
    #chkconfig nfs on
    
    

    12. configure SMTP mail service according to the following requirements

    Your mail server should accept mail from remote hosts mail delivered paula should spool into default mail spool for paula, /var/spool/paula

    Step-01:
    #Yum install postfix*
    #chkconfig postfix on
    #service postfix restart
    
    Step-02:
    
    #vi /etc/postfix/main.cf
    #remove # from 113 th line
    #place # on the 116th line
    
    Step-03:
    
    #service postfix restart
    
    

    13. Configure an email alias for your MTA such that mail set to admin is received by the local user harry

    Step-01:
    
    #vi /etc/aliases
    admin:harry
    :wq
    
    Step-02:
    
    #newaliases
    
    

    14.Using iscsi, discover and mount a device shared by host.domain70.example.com
    create an iscsi storage device of 1100 MB size
    Download ftp://server1.domain70.example.com/pub/iscsi.txt
    and copy it to the iscsi device
    Mount the device permanently under /mnt/data as ext4 file system

    Step-01:
    
    #iscsiadm -m discovery -t st -p hostname
    copy the iqn number line
    #iscsiadm -m node  -p hostname
    #iscsiadm -m node  -p hostname -l
    (if -p error - try with -P)
    
    Step-02:
    
    #fdisk -l
    n
    p
    default
    default +1100M
    p
    w
    
    Step-03:
    
    #partprobe -s /dev/sda                (higher size than  provided, then only we can create partition)
    
    Step-04:
    
    #mkfs.ext4 /dev/sda1
    #mkdir /mnt/data
    
    Step-05:
    
    For Permanently Mount:
    
    #vi /etc/fstab
    /dev/sda1 /mnt/data ext4 default 0 0
    :wq!
    #mount -a
    
    Step-06:
    
    #cd /mnt/data
    #wget ftp://server1.domain70.example.com/pub/iscsi.txt
    
    

    15. Configure kernel such that kernstack value is 1 . kernel line should display the edited string in /proc/cmdline

    Step-01:
    
    #vi /etc/grub.conf
    go to the end of kernel line ,after word quiet, put a space and type kernstack=1
    :wq!
    
    Step-02:
    
    reboot
    #cat /proc/cmdline
    
    

    16. Write a script /root/bar.sh such that when we execute /root/bar.sh python it displays perl and when we execute /root/bar.sh perl displays python.
    And when we type some other charactoer, /root/bar.sh Perl/Python is directed to stdeer

    #vi /root/bar.sh
    
    if [ "$a == "Python" ]
    then
    echo "Perl"
    elif [ "$a == "Perl" ]
    then
    echo "Python'
    else
    echo "/root/bar.sh /Python/Perl" >> stdeer
    if
    :wq!
    /root/bar.sh
    Perl
    
    chmod 755 /root/bar.sh
    # /root/bar.sh
    dgfdg
    #vi /stdeer
    Python/Perl
    
    
  • Show Hidden Files

    For linux to show hidden files when you type ls command

    Edit ~/.bashrc

    vi /root/.bashrc
    

    Add line

    alias ls='ls -la --color'
    

    Save and exit. Now you need to re login to SSH to see the hidden files when you type “ls”

    After editing the file will look like

    [root@194 ~]# cat /root/.bashrc
    # .bashrc
    
    # User specific aliases and functions
    
    alias rm='rm -i'
    alias cp='cp -i'
    alias mv='mv -i'
    alias ls='ls -la --color'
    
    # Source global definitions
    if [ -f /etc/bashrc ]; then
            . /etc/bashrc
    fi
    [root@194 ~]#
    
  • Create an interworx user from command line

    To create an interworx user from command line, first install CLI tool

    yum install interworx-cli -y
    

    Now to create a user, run

    nodeworx -u -n -c Users -a add --nickname USER_NAME_HERE --email [email protected] --theme heliotrope --password 'PASSWORD_HERE' --confirm_password 'PASSWORD_HERE' --perms NODEWORXUSER,LANGUAGES,THEMES,SWACCOUNTS,SHELLUSERS,PACKAGES,LOGIN,BRESTORE,IMPORT,RESELLER,APACHE,EMAIL,FTP,MYSQL,DNS,SSH,APIKEY,CRON,IPS,FIREWALL,UPDATES,GRAPHS,NFS,CLUSTERING,SETTINGS,IWORXLOGS,PHPMYADMIN,PLUGINS,SSL,REMOTEASSIST
    

    In above command, replace following

    USER_NAME_HERE
    [email protected]
    PASSWORD_HERE repated 2 times.

    See interworx

  • Systemctl Start a Service on Boot

    To enable a service on boot, run

    systemctl enable SERVICE_NAME
    

    systemctl start service on boot

    To disable a service from starting on boot, run

    systemctl disable SERVICE_NAME
    

    See systemctl

  • Prometheus init script for CentOS 6

    Create init file.

    touch /etc/rc.d/init.d/prometheus
    chmod 755 /etc/rc.d/init.d/prometheus
    vi /etc/rc.d/init.d/prometheus
    

    Add following

    #!/bin/bash
    #
    # /etc/rc.d/init.d/prometheus
    #
    # Prometheus monitoring server
    #
    #  chkconfig: 2345 20 80 Read
    #  description: Prometheus monitoring server
    #  processname: prometheus
    
    # Source function library.
    . /etc/rc.d/init.d/functions
    
    PROGNAME=prometheus
    PROG=/usr/hostonnet/prometheus/$PROGNAME
    USER=prometheus
    LOGFILE=/var/log/prometheus.log
    DATADIR=/usr/hostonnet/prometheus/data
    LOCKFILE=/var/run/$PROGNAME.pid
    CONFIG_FILE=/usr/hostonnet/prometheus/prometheus.yml
    ALERT_MGR_URL=localhost:9093
    
    start() {
        echo -n "Starting $PROGNAME: "
        cd /usr/hostonnet/prometheus/
        #daemon --user $USER --pidfile="$LOCKFILE" "$PROG -config.file $CONFIG_FILE -storage.local.path $DATADIR -alertmanager.url $ALERT_MGR_URL &>$LOGFILE &"
        daemon --user $USER --pidfile="$LOCKFILE" "$PROG -config.file $CONFIG_FILE -storage.local.path $DATADIR &>$LOGFILE &"
        echo $(pidofproc $PROGNAME) >$LOCKFILE
        echo
    }
    
    stop() {
        echo -n "Shutting down $PROGNAME: "
        killproc $PROGNAME
        rm -f $LOCKFILE
        echo
    }
    
    
    case "$1" in
        start)
        start
        ;;
        stop)
        stop
        ;;
        status)
        status $PROGNAME
        ;;
        restart)
        stop
        start
        ;;
        reload)
        echo "Sending SIGHUP to $PROGNAME"
        kill -SIGHUP $(pidofproc $PROGNAME)
        ;;
        *)
            echo "Usage: service prometheus {start|stop|status|reload|restart}"
            exit 1
        ;;
    esac
    

    Create User For Prometheus

    groupadd -r prometheus
    useradd -r -g prometheus -s /sbin/nologin -d /usr/hostonnet/prometheus/ -c "prometheus Daemons" prometheus
    chown -R prometheus:prometheus /usr/hostonnet/prometheus/
    chown prometheus:prometheus /var/log/prometheus.log
    
    

    Run prometheus on Boot

    chkconfig --add prometheus
    chkconfig prometheus on
    

    Verify it is enabled

    [root@backup ~]# chkconfig --list | grep prome
    prometheus     	0:off	1:off	2:on	3:on	4:on	5:on	6:off
    [root@backup ~]# 
    

    “3:on” will start prometheus on run level 3, that is normal boot.

    Start Prometheus

    [root@backup ~]# service prometheus start
    Starting prometheus:                                       [  OK  ]
    [root@backup ~]# 
    

    See Monitor Server with Prometheus and Grafana