RHCE Database Services

RHCE Objectives: Database Services

  • Install and configure MariaDB
  • Backup and restore a database
  • Create a simple database schema
  • Perform simple SQL queries against a database

Installing MariaDB is easy enough; yum install mariadb. This will install the main files, server, and libs.

mariadb-5.5.41-2.el7_0.x86_64
mariadb-server-5.5.41-2.el7_0.x86_64
mariadb-libs-5.5.41-2.el7_0.x86_64

Standard configuration by running mysql_secure_installation and following the prompts.

Use the systemctl commands to enable and start the database.

systemctl enable mariadb.service
systemctl start mariadb.service
systemctl status mariadb.service

To log in, simply type in mysql. If you’ve set up a password for the root user, you’ll need to pass -u root -p or –user=root -p to log in.

Database stuff is pretty easy if you’ve done anything with it.

MariaDB [(none)]> create database username;
Query OK, 1 row affected (0.00 sec)

Piece of cake.

You’ll want to create a table (schema) for querying to satisfy the last requirement.

MariaDB [(none)]> use database username;
Database changed

MariaDB [username]> create table users (
-> usr_id int(10) not null auto_increment,
-> usr_last char(30) not null default ”,
-> usr_first char(30) not null default ”,
-> usr_name char(30) not null default ”,
-> usr_phone char(30) not null default ”,
-> usr_email char(255) not null default ”,
-> primary key (usr_id)
-> );
Query OK, 0 rows affected (0.04 sec)

And you’ll need to add some data

MariaDB [cschelin]> insert into users set usr_id = null,usr_last=’Lastname’,usr_first=’Firstname’,usr_name=’FLastnam’,usr_phone=”303-555-1212″,usr_email=”user@testing.com”;
Query OK, 1 row affected (0.02 sec)

Okay, to perform a simple query, run the following command:

MariaDB [cschelin]> select * from users;
+——–+———-+———–+———-+————–+——————+
| usr_id | usr_last | usr_first | usr_name | usr_phone | usr_email |
+——–+———-+———–+———-+————–+——————+
| 1 | Lastname | Firstname | FLastnam | 303-555-1212 | user@testing.com |
+——–+———-+———–+———-+————–+——————+
1 row in set (0.00 sec)

Again, piece of cake.

Backing up a database is simple as well:

mysqldump --user=root -p username
Enter password: 
-- MySQL dump 10.14  Distrib 5.5.41-MariaDB, for Linux (x86_64)
--
-- Host: localhost    Database: username
-- ------------------------------------------------------
-- Server version	5.5.41-MariaDB

/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;

--
-- Table structure for table `users`
--

DROP TABLE IF EXISTS `users`;
/*!40101 SET @saved_cs_client     = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `users` (
  `usr_id` int(10) NOT NULL AUTO_INCREMENT,
  `usr_last` char(30) NOT NULL DEFAULT '',
  `usr_first` char(30) NOT NULL DEFAULT '',
  `usr_name` char(30) NOT NULL DEFAULT '',
  `usr_phone` char(30) NOT NULL DEFAULT '',
  `usr_email` char(255) NOT NULL DEFAULT '',
  PRIMARY KEY (`usr_id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Dumping data for table `users`
--

LOCK TABLES `users` WRITE;
/*!40000 ALTER TABLE `users` DISABLE KEYS */;
INSERT INTO `users` VALUES (1,'Lastname','Firstname','FLastnam','303-555-1212','user@testing.com');
/*!40000 ALTER TABLE `users` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;

/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;

-- Dump completed on 2015-08-11 10:06:22

And reloading the data is easy as well. You’ll need to recreate the database first though.

MariaDB [(none)]> drop database username;
Query OK, 1 row affected (0.03 sec)

MariaDB [(none)]> create database username;
Query OK, 1 row affected (0.00 sec)

Exit out and restore your backup. The thing to note is that the data file needs to be where mariadb can get to the file. Saving it to your home directory fails because of the access restrictions. I save to /var/tmp for this but generally I have a mariadb directory in /var/tmp for the daily backups.

mysql –user=root -p username < username.sql

Once done (and after entering your password), log in to mariadb, use username, show tables, select * from users. Done!

Posted in Computers | Tagged | Leave a comment

RHCE NTP

RHCE Objectives: Network services

Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:

  • Install the packages needed to provide the service
  • Configure SELinux to support the service
  • Use SELinux port labeling to allow services to use non-standard ports
  • Configure the service to start when the system is booted
  • Configure the service for basic operation
  • Configure host-based and user-based security for the service

http://www.certdepot.net/rhel7-use-selinux-port-labelling/

  • Synchronize time using other NTP peers

Install packages: yum install ntp, systemctl start ntpd

Configure SELinux: Should be configured out of the box; ps -e –context | grep ntp

SELinux Port labeling: Use the semanage tool to see the existing ports to be used:

semanage port -l | grep ntp

To use a different port, you’ll need to make sure the target port isn’t different

sepolicy network -p [port number]

If unreserved, then assign it.

semanage port -a -t ntp_port_t -p tcp 60123

Configure to start when booted: systemctl enable ntpd

Configure for basic operation: By default; ntpq -p to review the output.

Configure host-based and user-based security for the service:

Synchronize time using other NTP peers: Start ntpd; systemctl start ntpd. This will start the sync process. If you need to initially set your hardware clock, you can use ntpdate [servername] to manually set the date and time but ntpd can’t be running. So stop ntpd (systemctl stop ntpd), run ntpdate [servername] to sync, and then start ntpd back up (systemctl start ntpd).

Posted in Computers | Tagged | Leave a comment

RHCE SSH

RHCE Objectives: Network services

Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:

  • Install the packages needed to provide the service
  • Configure SELinux to support the service
  • Use SELinux port labeling to allow services to use non-standard ports
  • Configure the service to start when the system is booted
  • Configure the service for basic operation
  • Configure host-based and user-based security for the service
  • Configure key-based authentication
  • Configure additional options described in documentation

Install: yum install sshd (technically it’s already in place but to satisfy the listing above). You’ll need to add it to the firewall if it’s not there already: firewall-cmd –permanent –add-service=ssh; firewall-cmd –reload

Configure SELinux to support: Should already be there

Use SELinux Port labeling: See NTP. You’ll need to change /etc/ssh/sshd_config port command if you use a different port.

Configure the service to start: systemctl enable sshd

Configure the service for basic operation: again, already started.

Configure host-based and user-based security for the service:

http://www.certdepot.net/rhel7-configure-ssh-key-based-authentication/

Configure key-based authentication: Simple enough. In your home directory, create a .ssh directory chmod 700. Run ssh-keygen -t rsa and hit enter through the prompts. On the second machine, create a .ssh directory also chmod 700 and copy the id_rsa.pub file from server 1 to server to:.ssh/authorized_keys

Configure additional options: Edit the /etc/ssh/sshd_config file. The file itself is pretty clearly documented. Commented out commands show the default option. Restart the service after changes (systemctl restart sshd).

Posted in Computers | Tagged | Leave a comment

RHCE SMTP

RHCE Objectives: Network services

Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:

  • Install the packages needed to provide the service
  • Configure SELinux to support the service
  • Use SELinux port labeling to allow services to use non-standard ports
  • Configure the service to start when the system is booted
  • Configure the service for basic operation
  • Configure host-based and user-based security for the service

http://www.certdepot.net/rhel7-configure-system-forward-email-central-mail-server/

  • Configure a system to forward all email to a central mail server

Assuming Postfix here vs sendmail (especially with the above article).

Install: yum install postfix

SELinux: Again, with the yum install, the selinux part is already configured.

SELinux Port: See ntp

Configure to start: systemctl enable postfix; systemctl restart postfix;

Configure the service for basic operation: This may be the first block below (the myhostname to mydestination).

Configure host-based and user-based security for the service:

Configure a system to forward all email to a central mail server:

Here we don’t know if there is a central mail server already or if one will be provided. Assuming “send mail to the following IP address or server”

In /etc/postfix/main.cf uncomment/change the following lines:

myhostname = server.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = loopback-only
mydestination =
relayhost = 192.168.1.1

The first parts are to configure your system. Blank mydestination and set relayhost. This will forward mail to the relayhost.

Posted in Computers | Tagged | Leave a comment

RHCE SMB

RHCE Objectives: Network services

Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:

  • Install the packages needed to provide the service
  • Configure SELinux to support the service
  • Use SELinux port labeling to allow services to use non-standard ports
  • Configure the service to start when the system is booted
  • Configure the service for basic operation
  • Configure host-based and user-based security for the service
  • Provide network shares to specific clients
  • Provide network shares suitable for group collaboration.

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/sect-Managing_Confined_Services-Samba-Configuration_examples.html#sect-Managing_Confined_Services-Configuration_examples-Sharing_directories_you_create

http://www.certdepot.net/rhel7-provide-smb-network-shares/

Install is a bit more involved, at least for the testing part: yum groupinstall “file-server”, plus samba-client and samba-winbind

firewall-cmd –permanent –add-service=samba

systemctl enable smb

systemctl enable nmb

systemctl enable winbind

systemctl start smb

systemctl start nmb

systemctl start winbind

Setting it up is easy enough. in /etc/samba/smb.conf:

Uncomment ‘netbios name’
Update interfaces with interfaces on system

Everything should already be set.

Add a new shared entry at the end

Comment =
browseable = yes
path = /shared
valid users = your user
writable = yes

Done

Make the directory and set it 777 (mkdir /shared, chmod 777 /shared, touch /shared/test

The selinux part is as always the harder part.

If semanage not there, install setroubleshoot-server

semanage fcontext –list | grep samba gives you some. Set up samba_share_t for the new shared filesystem

semanage fcontext -a -t samba_share_t “/shared(/.*)?”
restorecon -R /shared

And add the user to the password file.

smbpasswd -a your user. It’ll ask for your new password.

Use smbclient to access the share //localhost/shared -U user%password

Group access is similar but a few extra options are needed for management

valid users = @group
create mode = 0660
directory mode = 0770

Change the group for /shared to group (chgrp /shared group)

Posted in Computers | Tagged | Leave a comment

RHCE NFS

RHCE Objectives: Network services

Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:

  • Install the packages needed to provide the service
  • Configure SELinux to support the service
  • Use SELinux port labeling to allow services to use non-standard ports
  • Configure the service to start when the system is booted
  • Configure the service for basic operation
  • Configure host-based and user-based security for the service
  • Provide network shares to specific clients
  • Provide networks hares suitable for group collaboration
  • Use Kerberos to control access to NFS network shares

Install: yum groupinstall “file-server”

firewall-cmd –permanent –add-service=nfs

firewall-cmd –reload

systemctl enable rpcbind
systemctl enable nfs-server
systemctl enable nfs-lock
systemctl enable nfs-idmap

mkdir -p /home/tools; mkdir -p /home/guests; chmod 777 /home/tools; chmod 777 /home/guests

In the /etc exports file, add the two file systems to be shared

/home/tools client1(rw,no_root_squash)
/home/guests client2(rw,no_root_squash)

exportfs -avr

systemctl restart nfs-server

As always, selinux adds complexity to a simple task :)

You’ll need to change the context of the two file systems and set up the boolean values

semanage fcontext -a -t public_content_rw_t “/home/tools(/.*)?”
semanage fcontext -a -t public_content_rw_t “/home/guests(/.*)?”

semanage boolean -l | grep nfs

The last three need to be set on (last two should already be on)

setsebool -P use_nfs_home_dirs on

On the client side, install the nfs-utils package and then use

mount -t nfs server:/home/tools /mnt

To mount the share.

Group is the same, just create the group owned directory and add GUID (2770) to the file system.

Posted in Computers | Tagged | Leave a comment

RHCE DNS

RHCE Objectives: Network services

Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:

  • Install the packages needed to provide the service
  • Configure SELinux to support the service
  • Use SELinux port labeling to allow services to use non-standard ports
  • Configure the service to start when the system is booted
  • Configure the service for basic operation
  • Configure host-based and user-based security for the service
  • Configure a caching-only name server
  • Troubleshoot DNS client issues

Edit /etc/named.conf

Change 127.0.0.1 to any
Change query to any
Change dnssec-validation to no

Save

Run named-checkconf

firewall-cmd –permanent –add-service=dns

firewall-cmd –reload

systemctl enable named

systemctl start named

Posted in Computers | Tagged | Leave a comment

RHCE HTTP/HTTPS

RHCE Objectives: Network services

Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:

  • Install the packages needed to provide the service
  • Configure SELinux to support the service
  • Use SELinux port labeling to allow services to use non-standard ports
  • Configure the service to start when the system is booted
  • Configure the service for basic operation
  • Configure host-based and user-based security for the service
  • Configure a virtual host
  • Configure private directories
  • Deploy a basic CGI application
  • Configure group-managed content
  • Configure TLS security

Install: yum groupinstall “Web Server”

If no DNS, add IP and hostname in /etc/hosts

systemctl enable httpd

systemctl start httpd

firewall-cmd –permanent –add-service=http

firewall-cmd –reload

Virtual Hosts

Make a directory under /var/www/html for the new server

/etc/httpd/conf.d/vhosts.conf

VirtualHost *:80
ServerAdmin
DocumentRoot
ServerName
ErrorLog
CustomLog

apachectl configtest

apachectl restart or systemctl restart httpd

httpd -D DUMP_VHOSTS

Posted in Computers | Tagged | Leave a comment

RHCE Shell Scripting

RHCE Objectives: Use shell scripting to automate system maintenance tasks

This is far too simple and to broad a task to be able to address in a posting. In the chapter study guide, it uses “make a backup of files in /home” for the example.

Seriously, if you can’t script, you shouldn’t be here.

Posted in Computers | Tagged | Leave a comment

RHCE Performance

RHCE Objectives: Produce and deliver reports on system utilization (processor, memory, disk, and network).

This is a bit more flexible. You can use several tools to get processor, memory, disk, and network information such as

iostat – cpu and disk information
vmstat – procs, memory, swap, system, and cpu info
netstat – network statistics
mpstat – cpu

You do need to remember that the first line is stats since the system was booted.

You can also use dstat which gives you a display (use the -f flag) info for cpus, disks, network, and memory. Plus you can send the output to a csv file for export into a spreadsheet.

sar is an old handy tool that also gives you the same stats, cpu, memory, swap, and network.

All three sets of tools can be used to generate reports depending on what report is of interest.

An excel spreadsheet would likely have the output of dstat be the easiest for reporting purposes.

Posted in Computers | Tagged | Leave a comment