RHCE Cheat Sheet

Posted on January 25, 2017 by Freejack

Just the commands ma’am. I can follow the links and read the books but ultimately I just want a cheat sheet to remind me what the actual commands are after all this studying.

Memorize This!

The following bits are the harder to remember, less often used bits. Basically commands with options I tend to forget.
Networking: nmcli con add type team con-name myteam0 ifname team0 config ‘{ “runner”: {“name”: “loadbalance”}}’
iSCSI: iscsiadm –mode discovery –type sendtargets –portal 192.168.1.53 –discover
iSCSI: iscsiadm –mode node –targetname iqn.2017-02.pri.internal:target –portal 192.168.1.53:3260 –login
HTTP: openssl req -new -x509 -nodes -out /etc/pki/tls/certs/host.internal.pri.crt -keyout /etc/pki/tls/private/host.internal.pri.key -days 365
Kerberos/NFS: mount -t nfs4 -o sec=krb5 enwd1cuomnfss1.internal.pri:/home/tools /mnt
MariaDB: grant all on test.* to user@localhost identified by ‘password’;

Password Reset 1

At boot kernel screen
‘e’ to edit
At linux16, add rd.break enforcing=0
Ctrl-X to start
At prompt, mount -o remount,rw /sysroot
chroot /sysroot
passwd – change root password
selinux?
restorecon /etc/shadow
touch /.autorelabel works but is slow as it relabels the system
exit,exit

Password Reset 2

At boot kernel menu, ‘e’ to edit
At linux line, remove rhgb and add init=/bin/sh
At shell, /usr/sbin/load_policy -i
At shell, mount -o remount,rw /
At shell, passwd root
At shell, mount -o remount,ro / (flushes memory)
exit, exit

Networking

man nmcli-examples
nmcli con add con-name ens256 ifname ens256 type ethernet ip4 192.168.1.203/24 gw4 192.168.1.1
nmcli con mod my-con-em1 ipv4.dns “192.168.1.1”
nmcli con mod my-con-em1 +ipv4.dns 8.8.8.8
nmcli con mod my-con-em1 ipv6.dns “2001:4860:4860::8888 2001:4860:4860::8844”
nmcli con mod ens256 ipv4.never-default yes
nmcli -p con show ens256

Networking: Bonding

nmcli con show
nmcli con add type bond con-name mybond0 ifname bond0 mode active-backup
7.0: nmcli con mod mybond0 ipv4.addresses “192.168.1.10/24 192.168.1.1”
7.0: nmcli con mod mybond0 ipv4.method manual
7.1: nmcli con mod mybond0 ipv4.addresses 192.168.1.10/24
7.1: nmcli con mod mybond0 ipv4.gateway 192.168.1.1
7.1: nmcli con mod mybond0 ipv4.method manual
nmcli con add type bond-slave con-name bond0-eth0 ifname eth0 master bond0
nmcli con add type bond-slave con-name bond0-eth1 ifname eth1 master bond0
nmcli con up mybond0
nmcli con show
/etc/sysconfig/network-scripts/ifcfg-[bond-interface]

DEVICE=bond0
TYPE=Bond
BONDING_MASTER=yes
NAME=mybond0
ONBOOT=yes
IPADDR=192.168.1.72
PREFIX=24
GATEWAY=192.168.1.1

/etc/sysconfig/network-scripts/ifcfg-[slave-interface]

NAME=bond0-ens192
DEVICE=ens192
ONBOOT=yes
MASTER=bond0
SLAVE=yes

Networking: Teaming

nmcli con show
nmcli con add type team con-name myteam0 ifname team0 config ‘{ “runner”: {“name”: “loadbalance”}}’
7.0: nmcli con mod myteam0 ipv4.addresses “192.168.1.10/24 192.168.1.1”
7.0: nmcli con mod myteam0 ipv4.method manual
7.1: nmcli con mod myteam0 ipv4.addresses 192.168.1.10/24
7.1: nmcli con mod myteam0 ipv4.gateway 192.168.1.1
7.1: nmcli con mod myteam0 ipv4.method manual
nmcli con add type team-slave con-name team0-slave0 ifname eth0 master team0
nmcli con add type team-slave con-name team0-slave1 ifname eth1 master team0
nmcli con up myteam0
nmcli con show

Networking: IPv6

ip addr show eno16777984
nmcli con show eno16777984 | grep -i ipv6
nmcli con mod eno16777984 ipv6.addresses ‘fddb:fe2a:badb:abe::1/64’
nmcli con mod eno16777984 ipv6.method manual
nmcli con down eno16777984
nmcli con up eno16777984
ip addr show dev eno16777984
/etc/sysconfig/network-scripts/ifcfg-[interface]

IPV6INIT=yes
IPV6ADDR=fddb:fe2a:badb:abe::1/64
IPV6_DEFAULTGW=2001:db8:0:1::1

Networking: IPv6 Troubleshooting

ping6 [ipv6 address]
ip -6 route

Networking: Routing

echo 1 > /proc/sys/net/ipv4/ip_forward
echo net.ipv4.ip_forward = 1 > /etc/sysctl.d/ip_forward.conf
ip route show
/etc/sysconfig/network-scripts/route-[interface]

192.168.1.100/32 via 192.168.1.254 dev eno16777984
ADDRESS0=192.168.1.100
NETMASK0=255.255.255.255
GATEWAY0=192.168.1.254
METRIC0=

Firewall

man firewalld.conf
firewall-cmd –get-services
/usr/lib/firewalld/services
firewall-cmd –zone=external –add-masquerade –permanent
firewall-cmd –reload
firewall-cmd –add-forward-port=port:2022:proto:tcp:toport:22:toaddr:192.168.1.203 –permanent
firewall-cmd –reload

Firewall: Zones

man firewalld.zones
firewall-cmd –get-default-zone
firewall-cmd –get-active-zones
firewall-cmd –get-zones
firewall-cmd –set-default-zone=home
firewall-cmd –permanent –zone=internal –change-interface=eth0
nmcli con show | grep eth0
nmcli con mod “System eth0” connection.zone internal
nmcli con up “System eth0”
/etc/sysconfig/network-scripts/ifcfg-* – ZONE=internal
firewall-cmd –get-zone-of-interface=eth0
firewall-cmd –permanent –zone=public –list-all
firewall-cmd –permanent –new-zone=test
firewall-cmd –reload

Firewall: Rich Rules

man firewalld.richlanguage
firewall-cmd –zone=dmz –add-rich-rule=’rule family=ipv4 source address=10.0.0.100/32 reject’ –timeout=60
firewall-cmd –add-rich-rule=’rule protocol value=icmp accept’ –zone=dmz
firewall-cmd –zone=dmz –add-rich-rule=’rule family=ipv4 source address=10.0.0.0/24 port port=7900-7905 protocol=tcp accept’
firewall-cmd –list-all –zone=dmz

Package Management

/etc/yum.repos.d

[base]
name=Name
baseurl=http://
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/...

yum grouplist
yum whatprovides semanage

SELinux

Test is only on ‘types’ “-t / _t”. _r is Roles, _u is Users.
/etc/selinux/config
/etc/sysconfig/selinux
sestatus -v
getenforce
setenforce
yum install -y policycoreutils-python
semanage
semanage fcontext -l for a long list
semanage fcontext to update the policy
restorecon to apply the policy
chcon updates the context of a file but is temporary only
getsebool
setsebool

iSCSI: Server

vgs
lvcreate -L 200M -n lvsan1 /dev/vg00
lvcreate -L 200M -n lvsan2 /dev/vg00
yum install -y targetcli
Note: cd brings up a select. help gives you help 🙂

# targetcli
Warning: Could not load preferences file /root/.targetcli/prefs.bin.
targetcli shell version 2.1.fb41
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.

/> cd /backstores
/backstores> ls
o- backstores ................................................................................................................ [...]
  o- block .................................................................................................... [Storage Objects: 0]
  o- fileio ................................................................................................... [Storage Objects: 0]
  o- pscsi .................................................................................................... [Storage Objects: 0]
  o- ramdisk .................................................................................................. [Storage Objects: 0]
/backstores> block/ create block1 /dev/vg00/lvsan1
Created block storage object block1 using /dev/vg00/lvsan1.
/backstores> block/ create block2 /dev/vg00/lvsan2
Created block storage object block2 using /dev/vg00/lvsan2.
/backstores> fileio/ create file1 /opt/diskfile1 100M
Created fileio file1 with size 104857600
/backstores> ls
o- backstores ................................................................................................................ [...]
  o- block .................................................................................................... [Storage Objects: 2]
  | o- block1 ................................................................. [/dev/vg00/lvsan1 (200.0MiB) write-thru deactivated]
  | o- block2 ................................................................. [/dev/vg00/lvsan2 (200.0MiB) write-thru deactivated]
  o- fileio ................................................................................................... [Storage Objects: 1]
  | o- file1 .................................................................... [/opt/diskfile1 (100.0MiB) write-back deactivated]
  o- pscsi .................................................................................................... [Storage Objects: 0]
  o- ramdisk .................................................................................................. [Storage Objects: 0]
/backstores> cd /iscsi/
/iscsi> create iqn.2017-02.pri.internal:target
Created target iqn.2017-02.pri.internal:target.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/iscsi> ls
o- iscsi .............................................................................................................. [Targets: 1]
  o- iqn.2017-02.pri.internal:target ..................................................................................... [TPGs: 1]
    o- tpg1 ................................................................................................. [no-gen-acls, no-auth]
      o- acls ............................................................................................................ [ACLs: 0]
      o- luns ............................................................................................................ [LUNs: 0]
      o- portals ...................................................................................................... [Portals: 1]
        o- 0.0.0.0:3260 ....................................................................................................... [OK]
/iscsi> cd iqn.2017-02.pri.internal:target/
/iscsi/iqn.20...ternal:target> tpg1/acls/ create iqn.2017-02.pri.internal:server1
Created Node ACL for iqn.2017-02.pri.internal:server1
/iscsi/iqn.20...ternal:target> tpg1/luns/ create /backstores/block/block1
Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.2017-02.pri.internal:server1
/iscsi/iqn.20...ternal:target> tpg1/luns/ create /backstores/block/block2
Created LUN 1.
Created LUN 1->1 mapping in node ACL iqn.2017-02.pri.internal:server1
/iscsi/iqn.20...ternal:target> tpg1/luns/ create /backstores/fileio/file1
Created LUN 2.
Created LUN 2->2 mapping in node ACL iqn.2017-02.pri.internal:server1
/iscsi/iqn.20...ternal:target> ls
o- iqn.2017-02.pri.internal:target ....................................................................................... [TPGs: 1]
  o- tpg1 ................................................................................................... [no-gen-acls, no-auth]
    o- acls .............................................................................................................. [ACLs: 1]
    | o- iqn.2017-02.pri.internal:server1 ......................................................................... [Mapped LUNs: 3]
    |   o- mapped_lun0 .................................................................................... [lun0 block/block1 (rw)]
    |   o- mapped_lun1 .................................................................................... [lun1 block/block2 (rw)]
    |   o- mapped_lun2 .................................................................................... [lun2 fileio/file1 (rw)]
    o- luns .............................................................................................................. [LUNs: 3]
    | o- lun0 .................................................................................... [block/block1 (/dev/vg00/lvsan1)]
    | o- lun1 .................................................................................... [block/block2 (/dev/vg00/lvsan2)]
    | o- lun2 ...................................................................................... [fileio/file1 (/opt/diskfile1)]
    o- portals ........................................................................................................ [Portals: 1]
      o- 0.0.0.0:3260 ......................................................................................................... [OK]
/iscsi/iqn.20...ternal:target> cd /
/> ls
o- / ......................................................................................................................... [...]
  o- backstores .............................................................................................................. [...]
  | o- block .................................................................................................. [Storage Objects: 2]
  | | o- block1 ................................................................. [/dev/vg00/lvsan1 (200.0MiB) write-thru activated]
  | | o- block2 ................................................................. [/dev/vg00/lvsan2 (200.0MiB) write-thru activated]
  | o- fileio ................................................................................................. [Storage Objects: 1]
  | | o- file1 .................................................................... [/opt/diskfile1 (100.0MiB) write-back activated]
  | o- pscsi .................................................................................................. [Storage Objects: 0]
  | o- ramdisk ................................................................................................ [Storage Objects: 0]
  o- iscsi ............................................................................................................ [Targets: 1]
  | o- iqn.2017-02.pri.internal:target ................................................................................... [TPGs: 1]
  |   o- tpg1 ............................................................................................... [no-gen-acls, no-auth]
  |     o- acls .......................................................................................................... [ACLs: 1]
  |     | o- iqn.2017-02.pri.internal:server1 ..................................................................... [Mapped LUNs: 3]
  |     |   o- mapped_lun0 ................................................................................ [lun0 block/block1 (rw)]
  |     |   o- mapped_lun1 ................................................................................ [lun1 block/block2 (rw)]
  |     |   o- mapped_lun2 ................................................................................ [lun2 fileio/file1 (rw)]
  |     o- luns .......................................................................................................... [LUNs: 3]
  |     | o- lun0 ................................................................................ [block/block1 (/dev/vg00/lvsan1)]
  |     | o- lun1 ................................................................................ [block/block2 (/dev/vg00/lvsan2)]
  |     | o- lun2 .................................................................................. [fileio/file1 (/opt/diskfile1)]
  |     o- portals .................................................................................................... [Portals: 1]
  |       o- 0.0.0.0:3260 ..................................................................................................... [OK]
  o- loopback ......................................................................................................... [Targets: 0]
/> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json

systemctl enable target
systemctl start target
firewall-cmd –add-port=3260/tcp –permanent
firewall-cmd –reload
systemctl status target

iSCSI: Client

yum install -y iscsi-initiator-utils
/etc/iscsi/initiatorname.iscsi

InitiatorName=iqn.2017-02.pri.internal:server1

systemctl enable iscsid
systemctl start iscsid
systemctl start iscsi
iscsiadm –mode discovery –type sendtargets –portal 192.168.1.53 –discover
iscsiadm –mode discovery -P 1
iscsiadm –mode node –targetname iqn.2017-02.pri.internal:target –portal 192.168.1.53:3260 –login
iscsiadm –mode session -P 3
lsblk –scsi
mkfs.xfs /dev/sdb
blkid /dev/sdb (copy UUID)
mkdir /mnt/iscsi
vi /etc/fstab

UUID=ba082551-c983-4f1f-852a-53b1c8a55106  /mnt/iscsi  xfs   _netdev   0   2

mount -a

Performance

top
/proc/meminfo
free -m
swapon -s
cifsiostat
nfsiostat
iostat
mpstat
pidstat
vmstat
dstat – not noted in materials though

Performance: SAR

/etc/cron.d/sysstat
/etc/sysconfig/sysstat – HISTORY variable – default 28 days
sar -n DEV
sar -b
sar -P 0
sar 1 10

Optimization

/proc/meminfo
/proc/cmdline
/proc/cpuinfo
/proc/partitions
/proc/modules
/etc/sysconf.d
sysconf -a
sysconf -p
sysconf -w

net.ipv4.ip_forward
net.ipv4.icmp_echo_ignore_all
net.ipv4.icmp_echo_ignore_broadcasts
vm.swappiness
kernel.hostname

Logging: Server

/etc/rsyslog.conf – im* (input modules)
/etc/rsyslog.conf – om* (output modules)
/etc/rsyslog.conf

$ModLoad imudp
$InputUDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514

systemctl restart rsyslogd
firewall-cmd –add-port=514/tcp –permanent
firewall-cmd –reload

Logging: Clients

@ = via UDP
@@ = via TCP
/etc/rsyslog.conf

*.*   @@enwd1cuomlog1.internal.pri:514

systemctl restart rsyslogd

HTTP/HTTPS: Server

yum groupinstall -y ‘Web Server’
systemctl enable httpd
systemctl start httpd
firewall-cmd –permanent –add-service=http
firewall-cmd –reload

<Directory /var/www/html>
AllowOverride None
Require all granted
</Directory>

HTTP/HTTPS: Virtual Host

/var/www/html
mkdir host.internal.pri
echo “Testing” > /var/www/html/host.internal.pri/index.html
restorecon -R host.internal.pri
cd /etc/httpd/conf.d
edit vhosts.conf

<VirtualHost *:80>
  ServerAdmin webmaster@host.internal.pri
  DocumentRoot /var/www/html/host.internal.pri
  ServerName host.internal.pri
  ErrorLog logs/host.internal.pri-error_log
  CustomLog logs/host.internal.pri-access_log common
</VirtualHost>

mv ssl.conf ssl.conf2
apachectl configtest
apachectl restart
httpd -D DUMP_VHOSTS
yum install -y elinks
elinks http://host.internal.pri

HTTP/HTTPD: Access Restrictions

/var/www/html/private
echo “testing” > /var/www/html/private/index.html
restorecon -R /var/www/html
/etc/httpd/conf/httpd.conf

<Directory "/var/www/html/private">
  AllowOverride None
  Options None
  Require host host.internal.pri
</Directory>

apachectl configtest
/etc/httpd/conf/httpd.conf

<Directory "/var/www/html/private">
  AuthType Basic
  AuthName "Password protected area"
  AuthUserFile /etc/httpd/conf/passwd
  Require user cschelin
<Directory>

apachectl configtest
htpasswd -c /etc/httpd/conf/passwd cschelin
chmod 600 /etc/httpd/conf/passwd
chown apache:apache /etc/httpd/conf/passwd
systemctl restart httpd

HTTP/HTTPD: Group Content

/etc/httpd/conf/httpd.conf

<Directory "/var/www/html/private">
  AuthType Basic
  AuthName "Password protected area"
  AuthGroupFile /etc/httpd/conf/team
  AuthUserFile /etc/httpd/conf/passwd
  Require group team
</Directory>

apachectl configtest
mkdir -p /var/www/html/private
restorecon -R /var/www/html/private
/etc/httpd/conf/team

team: cschelin jainsley

htpasswd -c /etc/httpd/conf/passwd cschelin
htpasswd /etc/httpd/conf/passwd jainsley
systemctl restart httpd

HTTP/HTTPD: TLS

openssl req -new -x509 -nodes -out /etc/pki/tls/certs/host.internal.pri.crt -keyout /etc/pki/tls/private/host.internal.pri.key -days 365
/etc/httpd/confi.d/ssl.conf

SSLCertificateFile /etc/pki/tls/certs/host.internal.pri.crt
SSLCertificateKeyFile /etc/pki/tls/private/host.internal.pri.key
Servername host.internal.pri:443

apachectl configtest
apachectl restart
httpd -D DUMP_VHOSTS
openssl s_client -connect localhost:443 -state

DNS

yum install -y bind
/etc/named.conf

listen-on port 53 { any; };
allow-query { any; };
dnssec-validation no;

named-checkconf
firewall-cmd –permanent –add-service=dns
firewall-cmd –reload
systemctl enable named
systemctl start named

DNS: Troubleshooting

dig
/etc/resolv.conf

NFS: Server

yum groupinstall -y file-server
firewall-cmd –permanent –add-service=nfs
firewall-cmd –reload
systemctl enable rpcbind nfs-server
systemctl start rpcbind nfs-server
mkdir -p /home/tools
chmod 0777 /home/tools
mkdir -p /home/guests
chmod 0777 /home/guests
yum install -y setroubleshoot-server
semanage fcontext –list
semanage fcontext -a -t public_content_rw_t “/home/tools(/.*)?”
semanage fcontext -a -t public_content_rw_t “/home/guests(/.*)?”
restorecon -R /home/tools
restorecon -R /home/guests
semanage boolean -l | egrep “nfs|SELinux”
If needed:
setsebool -P nfs_export_all_rw on
setsebool -P nfs_export_all_ro on
setsebool -P use_nfs_home_dirs on
man exports for examples
/etc/exports

/home/tools enwd1cuomnfsc1.internal.pri(rw,no_root_squash)
/home/guests enwd1cuomnfsc1.internal.pri(rw,no_root_squash)

exportfs -avr
systemctl restart nfs-server
showmount -e localhost

NFS: Client

yum install -y nfs-utils
mount -t nfs enwd1cuomnfss1.internal.pri:/home/tools /mnt

NFS: Group (Server)

yum groupinstall -y ‘file-server’
firewall-cmd –permanent –add-service=nfs
firewall-cmd –reload
systemctl enable rpcbind nfs-server
systemctl start rpcbind nfs-server
mkdir /shared
groupadd -g 60000 sharedgrp
chgrp sharedgrp /shared
chmod 2770 /shared
/etc/exports

/shared enwd1cuomnfsc1.internal.pri(rw,no_root_squash)

exportfs -avr
systemctl restart nfs-server

NFS: Group (Client)

yum install -y nfs-utils
mount -t nfs enwd1cuomnfss1.internal.pri:/shared /mnt

NFS: Kerberos Distribution Center

Need this for further testing:

yum install -y krb5-server krb5-workstation pam_krb5
/var/kerberos/krb5kdc/kdc.conf – update example.com, uncomment master_key_type, add default_principal_flags = +preauth
/var/kerberos/krb5kdc/kadm5.acl – update example.com
/etc/krb5.conf – uncomment lines and replace example.com and kerbserver.example.com
kdb5_util create -s -r internal.pri – This can take quite a while. Be patient
systemctl start krb5kdc kadmin
systemctl enable krb5kdc kadmin
useradd [dummy user]
enter kerberos admin tool: kadmin.local

kadmin.local: addprinc root/admin
kadmin.local: addprinc [dummy user]
kadmin.local: addprinc -randkey host/enwd1cuomkrb1.internal.pri
kadmin.local: ktadd host/enwd1cuomkrb1.internal.pri
kadmin.local: quit

/etc/ssh/ssh_config

GSSAPIAuthentitaction yes
GSSAPIDelegateCredentials yes

systemctl reload sshd
authconfig –enablekrb5 –update
Add the following to /etc/firewalld/services/kerberos.xml to add the kadmin port (cp /usr/lib/firewalld/services/kerberos.xml /etc/firewalld/services/):

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Kerberos</short>
  <description>Kerberos network authentication protocol server</description>
  <port protocol="tcp" port="88"/>
  <port protocol="udp" port="88"/>
  <port protocol="tcp" port="749"/>
</service>

firewall-cmd –permanent –add-service=kerberos
alternate: firewall-cmd –permanent –add-port 749/tcp
firewall-cmd –reload
su – [dummy user]
kinit (enter password for user)
klist (to see the ticket)

NFS: Kerberos Client

yum install -y krb5-workstation pam_krb5
scp root@enwd1cuomkrb1.internal.pri:/etc/krb5.conf /etc/krb5.conf
Enter kadmin

kadmin: addprinc -randkey host/enwd1cuomnfsc1.internal.pri
kadmin: ktadd host/enwd1cuomnfsc1.internal.pri

/etc/ssh/ssh_config

GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

systemctl reload sshd
authconfig –enablekrb5 –update
su – [dummy user]
kinit
klist
ssh enwd1cuomkrb1.internal.pri – to test; should log in without password

NFS: Add NFS Server

kadmin

kadmin: addprinc -randkey nfs/enwd1cuomnfss1.internal.pri
kadmin: ktadd nfs/enwd1cuomnfss1.internal.pri
kadmin: quit

NFS: Add NFS Client

kadmin

kadmin: addprinc -randkey nfs/enwd1cuomnfsc1.internal.pri
kadmin: ktadd nfs/lnmt1cuomdb1.internal.pri
kadmin: quit

systemctl enable nfs-client.target
systemctl start nfs-client.target
mount -t nfs4 -o sec=krb5 enwd1cuomnfss1.internal.pri:/home/tools /mnt
su – [dummy user]
kinit
cd /mnt
echo “This is a test.” > testfile

SMB

yum groupinstall -y ‘file-server’
yum install -y samba-client
/etc/samba/smb.conf

[global]
      workgroup = MYGROUP
      server string = Samba Server Version %v
      netbios name = MYSERVER
      interfaces = lo eth0 192.168.1.0/24
      hosts allow = 127. 192.168.1.
      log file = /var/log/samba/log.%m
      max log size = 50
      security = user
      passdb backend = tdbsam

[shared]
      comment = Shared directory
      browseable = yes
      path = /shared
      valid users = jainsley
      writable = yes

testparm
mkdir /shared
chmod 777 /shared
echo “Testing” > /shared/test
yum install -y setroubleshoot-server
semanage fcontext -a -t samba_share_t “/shared(/.*)?”
restorecon -R /shared
firewall-cmd –permanent –add-service=samba
firewall-cmd –reload
systemctl enable smb
systemctl enable nmb
systemctl start smb
systemctl enable nmb
useradd -s /sbin/nologin cschelin
smbpasswd -a cschelin
smbclient //localhost/shared -U cschelin%[password]

smb: \> ls

SMTP: Forwarder

yum install -y posfix
systemctl enable postfix
systemctl start postfix
/etc/postfix/main.cf

myhostname = enwd1cuomail1.internal.pri
mydomain = internal.pri
myorigin = $mydomain
inet_interfaces = loopback-only
mydestination = 
relayhost = 192.168.1.1

postfix check
postconf -n
systemctl restart postfix
postconf relayhost (to verify)

SMTP: Gateway

yum install -y postfix
systemctl enable postfix
systemctl start postfix
/etc/postfix/main.cf

myhostname = enwd1cuomail1.internal.pri
mydomain = internal.pri
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 192.168.1.0/24, 127.0.0.0/8
relayhost = 192.168.1.1

postfix check
postconf -n
systemctl restart postfix
firewall-cmd –add-service=smtp –permanent
firewall-cmd –reload

ssh: Server

yum install -y openssh-server
systemctl enable sshd
systemctl start sshd
firewall-cmd –permanent –add-service=ssh
firewall-cmd –reload

ssh: Client

On both servers:
useradd [dummy user]
passwd [dummy user]
As [dummy user]:
ssh-keygen -b 2048 -t rsa
scp .ssh/rd_rsa.pub [dummy user]@server2
/etc/ssh/sshd_config

PasswordAuthentication no
PubkeyAuthentication yes

systemctl restart sshd
ssh server2

ntp: Client

timedatctl set-timezone America/Denver
yum install -y ntp
systemctl enable ntpd
systemctl start ntpd
/etc/ntp.conf
ntpq -p
ntpstat
systemctl stop ntpd
ntpdate pool.ntp.org
systemctl start ntpd

chrony: Client

yum install -y chrony
systemctl enable chronyd
systemctl start chronyd
/etc/chrony.conf
chronyc tracking
chronyc sources -v
chronyc sourcestats -v
ntpdate pool.ntp.org

MariaDB: Server

yum install -y mariadb mariadb-server
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation

MariaDB: backup/restore

mysqldump –user=root –password=[password] –result-file=test.sql test
mysqldump –user=root –password=[password] test > test.sql
mysql –user=root –password=[password] testdb < test.sql

MariaDB: Create Schema

mysql –user=root -p

create database test;
grant all on test.* to user@localhost identified by 'password';
flush privileges;
use test;
create table addresses(id int(10) unsigned, name varchar(20), address varchar(40));
quit

Note: drop user ‘name’@’localhost;

MariaDB: Queries

show tables;
desc addresses;
insert addresses values(1,"James","address1");
insert addresses values(2,"Bill","address2");
select * from addresses where name="James";
select * from addresses order by name ASC";
update addresses set name="John" where name="Bill";
delete from addresses where name="James";
This entry was posted in Computers and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *