Thursday, 12 November 2015

Start service at boot (autostart) - CentOS 6

chkconf is the command, for example auto start Apache at boot: 
chkconfig httpd on
Posted by at No comments:

Wednesday, 11 November 2015

Fixing deleted /var/run link and restoring SELinux permissions - CentOS 7

So some idiot with sudo permissions deleted the symlink /var/run. To restore it, log on to another system and find out the permissions of this link: 
# ls -ld /var/run
lrwxrwxrwx. 1 root root 6 Feb 25  2015 /var/run -> ../run
# ls -Z /var/run
lrwxrwxrwx. root root system_u:object_r:var_run_t:s0   /var/run -> ../run
#
Log on to broken system as root and do the following: 
# cd /var
# ln -s ../run run
# chcon -h system_u:object_r:var_run_t:s0 run
# ls -Z run
lrwxrwxrwx. root root system_u:object_r:var_run_t:s0   /var/run -> ../run
Posted by at No comments:

Monday, 26 October 2015

Kerberos Keytab Error - CentOS 6 

Oct 22 21:10:38 server sshd[52210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=server.domain.com  user=st14988
Oct 22 21:10:38 server sshd[52210]: pam_krb5[52210]: error reading keytab 'FILE:/etc/krb5.keytab'
Oct 22 21:10:38 server sshd[52210]: pam_krb5[52210]: TGT verified
Oct 22 21:10:38 server sshd[52210]: pam_krb5[52210]: authentication succeeds for 'abc' (abc@server.domain.com)
Oct 22 21:10:38 server sshd[52210]: pam_unix(sshd:session): session opened for user abc by (uid=0)
To disable keytab validation and hence suppress these log messages, add the no_validate option to your PAM settings. 
auth        sufficient    pam_krb5.so use_first_pass no_validate
On my CentOS 6 servers, these are in the following files: 
/etc/pam.d/password-auth-ac
/etc/pam.d/system-auth-ac
Posted by at No comments:

Friday, 25 September 2015

RedHat Channel Subscription

To list all available channels: 
[root@ ~]# rhn-channel -L  --user=rhn_user --password=rhn_password
To subscribe to a channel (e.g. options): 
[root@ ~]# rhn-channel --add --channel=rhel-x86_64-server-optional-6 --user=rhn_user --password=rhn_password
To list channel subscribed: 
[root@ ~]# rhn-channel -l
rhel-x86_64-server-6
rhel-x86_64-server-optional-6
To register to RHN (do this first!): To register and subscribe in one step: 

[root@ ~]# subscription-manager register --username  --password  --auto-attach
This is the old way or using a satellite server: 
[root@ ~]# rhn_register
Posted by at No comments:

Monday, 27 July 2015

Remove node from Puppet Enterprise system

On the PE master: 
[root@pe-master ~]# puppet cert clean node.domain.com
Notice: Revoked certificate with serial 34
Notice: Removing file Puppet::SSL::Certificate node.domain.com at '/etc/puppetlabs/puppet/ssl/ca/signed/node.domain.com
Notice: Removing file Puppet::SSL::Certificate node.domain.com at '/etc/puppetlabs/puppet/ssl/certs/node.domain.com

[root@pe-master ~]# puppet node deactivate node.domain.com
Submitted 'deactivate node' for node.domain.com with UUID 1d6c7992-d4cf-4659-91e2-23c751afacc2

[root@pe-master ~]# puppet cert revoke node.domain.com
Notice: Revoked certificate with serial 34
Restart pe: service pe-puppet restart On the client: 
[root@pe-client ~]# find /etc/puppetlabs/puppet/ssl -name node.domain.com -delete
Posted by at No comments:

Thursday, 23 July 2015

Firewall Commands on CentOS 7

Open a firewall port 
   30  firewall-cmd --zone=public --add-port=4407/tcp --permanent
   31  firewall-cmd --reload
Show opened ports 
  568  firewall-cmd --zone=public --list-ports
List connected servies 
  567  firewall-cmd --zone=public --list-services
Posted by at No comments:

Monday, 13 July 2015

Find out whether an NIC is connected and has link 

root@host ~
$ ip link show dev eth0
3: eth0:  mtu 1500 qdisc pfifo_fast master bond0 state UP qlen 1000
    link/ether 00:xx:xx:xx:xx:ef brd ff:ff:ff:ff:ff:ff
root@host ~
$ ip link show dev eth1
2: eth1:  mtu 1500 qdisc pfifo_fast master bond1 state DOWN qlen 1000
    link/ether 00:xx:xx:xx:xx:ed brd ff:ff:ff:ff:ff:ff
root@nost ~
Posted by at No comments:
Subscribe to: Posts (Atom)