Linukstricks.com: February 2015

Thursday 19 February 2015

Things to do after installation of CentOS-7

---------------------------------------------
Things to do after installation of CentOS-7
---------------------------------------------

-------------------------------------------
1) Install Following Required Commands
-------------------------------------------

yum install net-tools # -----> Install ifconfig Command
yum install wget # -----> Install wget Command
yum install lsof # -----> Install lsof Command
yum install mlocate # -----> Install updatedb Command
yum install bind-utils # -----> Install nslookup Command
yum group install "Development Tools" # -----> Install GCC and Development Tools

yum install mailx # -----> Install mail Command

Command to list groups on a CentOS 7
# yum group list

-------------------------------------------
2) Set Hostname
-------------------------------------------
echo 192.168.1.111 test.deva.com deva >> /etc/hosts
echo test.deva.com > /etc/hostname

-------------------------------------------
3) Set Bashrc Setting
-------------------------------------------

[root@localhost ~]#vi /etc/bashrc

#-------------------------------------------
#Custome CHANGES START
#-------------------------------------------
alias c='clear'
alias df='df -Th'
export HISTSIZE=10000
export HISTTIMEFORMAT="%h %d %H:%M:%S "
export HISTFILESIZE=10000…

#-------------------------------------------
#Custome CHANGES END
#-------------------------------------------

To apply bashrc changes , lgout from server & login again OR
run follwoing command

[root@localhost ~]#. /etc/bashrc

-------------------------------------------
4) Update Kernel
-------------------------------------------
[root@localhost ~]# yum update kernel

---------------------------------------------
5)Enable iptables (instead of firewalld)
---------------------------------------------

### Stop firewalld ###
#systemctl disable firewalld.service
#systemctl stop firewalld.service

### Install IPtables ###
# yum install iptables-services

Re-run the command to restart the iptables:
# service iptables restart

#systemctl enable iptables.service
#systemctl start iptables.service

#systemctl enable ip6tables.service
#systemctl start ip6tables.service

-------------------------------------------
6) Change NIC Name
-------------------------------------------
Change the default network interface name to “eth0′′
CentOS7 has a default nic name as “en016.....”,

# vi /etc/default/grub
Search for the line “GRUB_CMDLINE_LINUX” and append the following: “net.ifnames=0 biosdevname=0′′

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="vconsole.font=latarcyrheb-sun16 vconsole.keymap=us rd.lvm.lv=centos/root crashkernel=auto rhgb quiet"
GRUB_DISABLE_RECOVERY="true"

Then it Will look like this:

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="vconsole.font=latarcyrheb-sun16 vconsole.keymap=us rd.lvm.lv=centos/root crashkernel=auto rhgb quiet net.ifnames=0 biosdevname=0"
GRUB_DISABLE_RECOVERY="true"

We had just added net.ifnames=0 biosdevname=0 in second last line.

Create a new configuration based on the currently running system using grub2-mkconfig command:
# grub2-mkconfig -o /boot/grub2/grub.cfg

Rename the interface files by renaming the file

# mv /etc/sysconfig/network-scripts/ifcfg-eno16777736 /etc/sysconfig/network-scripts/ifcfg-eth0

Reboot the system:
# reboot

After reboot, check the interface name:

# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.58.255
inet6 fe80::20c:29ff:fe6e:b0ae prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:6e:b0:ae txqueuelen 1000 (Ethernet)
RX packets 25336 bytes 2829386 (2.6 MiB)
RX errors 0 dropped 11 overruns 0 frame 0
TX packets 172 bytes 35789 (34.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

-------------------------------------------
6) Configure the static ip on the server
-------------------------------------------

Edit the interface file under /etc/sysconfig/network-scripts/ directory:

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

Here is my ifcfg-eth0 file as a sample, please change it according to your requirement:

DEVICE="eth0"
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1

Stop and disable the NetworkManager service, because we don’t need it on the server:
# systemctl stop NetworkManager
# systemctl disable NetworkManager

Restart the network service(Be careful, if you are connecting remotely, because you will be disconnected after issue this command):
# service network restart

-------------------------------------------
7) Disable IPv6:(If U dont have use of IPV6)
-------------------------------------------
First check that IPv6 is enabled or not:

[root@localhost ~]# lsmod | grep -i ipv6

nf_conntrack_ipv6 18738 5
nf_defrag_ipv6 34651 1 nf_conntrack_ipv6
nf_nat_ipv6 13279 1 ip6table_nat
nf_nat 21798 4 nf_nat_ipv4,nf_nat_ipv6,ip6table_nat,iptable_nat
nf_conntrack 101024 8 nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,ip6table_nat,iptable_nat,nf_conntrack_ipv4,nf_conntrack_ipv6

Edit the grub file:
# vi /etc/default/grub

Search for the line “GRUB_CMDLINE_LINUX” and add the following at the beginning: “ipv6.disable=1′′ Will look like this:

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="vconsole.font=latarcyrheb-sun16 vconsole.keymap=us rd.lvm.lv=centos/root crashkernel=auto rhgb quiet"
GRUB_DISABLE_RECOVERY="true"

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="ipv6.disable=1 vconsole.font=latarcyrheb-sun16 vconsole.keymap=us rd.lvm.lv=centos/root crashkernel=auto rhgb quiet"
GRUB_DISABLE_RECOVERY="true"

Create a new configuration based on the currently running system using grub2-mkconfig command:
# grub2-mkconfig -o /boot/grub2/grub.cfg

Reboot the system:
# reboot

Once again, check the IPv6 on the system:
lsmod | grep -i ipv6

-------------------
End Of Document
-------------------

Monday 9 February 2015

Recover or Reset MySQL root Password

------------------------------------------------------
Recover or Reset MySQL root Password
------------------------------------------------------

------------------------------------------------------
Step # 1 : Stop mysql service
------------------------------------------------------
# /etc/init.d/mysqld stop

------------------------------------------------------
Step # 2: Start to MySQL server w/o password:
------------------------------------------------------
# mysqld_safe --skip-grant-tables &

------------------------------------------------------
Step # 3: Connect to mysql server using mysql client:
------------------------------------------------------
# mysql -u root
mysql> use mysql;
mysql> update user set password=PASSWORD("NEW-ROOT-PASSWORD") where User='root';
mysql> flush privileges;
mysql> quit

------------------------------------------------------
Step # 5: Stop MySQL Server:
------------------------------------------------------
# /etc/init.d/mysqld stop

------------------------------------------------------
Step # 6: Start MySQL server and test it
------------------------------------------------------
# /etc/init.d/mysqld start
# /etc/init.d/mysqld restart
# mysql -u root -p

------------------------------------------------------
END
------------------------------------------------------

Set Password Policy in Mysql 5.6

Set Password Policy in Mysql 5.6

-------------------------------------------------------------------------------------------
1) INSTALL PLUGIN loads the plugin, and also registers it in the mysql. plugins table
   to cause the plugin to be loaded for each subsequent normal server startup.
-------------------------------------------------------------------------------------------

mysql> INSTALL PLUGIN validate_password SONAME 'validate_password.so';

-------------------------------------------------------------------------------------------
2) Edit my.cnf file & Add following 2 parameters in my.cnf
-------------------------------------------------------------------------------------------
# vi /etc/my.cnf

[mysqld]
plugin-load=validate_password.so
validate-password=FORCE_PLUS_PERMANENT

-------------------------------------------------------------------------------------------
3) Login Mysql & Set Following parameters as per your requirement
-------------------------------------------------------------------------------------------
[root@maindb ~]# mysql -u root -p
Enter password:

mysql> SET GLOBAL validate_password_length = 8;
Query OK, 0 rows affected (0.00 sec)

mysql> SET GLOBAL validate_password_number_count = 3;
Query OK, 0 rows affected (0.00 sec)

mysql> SET GLOBAL validate_password_special_char_count = 3;
Query OK, 0 rows affected (0.00 sec)

-------------------------------------------------------------------------------------------
4) Check Parameters
-------------------------------------------------------------------------------------------

mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+
| Variable_name                        | Value |
+--------------------------------------+--------+
| validate_password_dictionary_file    |        |
| validate_password_length             | 8      |
| validate_password_mixed_case_count   | 1      |
| validate_password_number_count       | 3      |
| validate_password_policy             | MEDIUM |
| validate_password_special_char_count | 3      |
+--------------------------------------+--------+
6 rows in set (0.00 sec)

-------------------------------------------------------------------------------------------
5) Test With Following Password
-------------------------------------------------------------------------------------------
select password('test');
select password('Test@12345');
select password('Test@123456789');
select password('Test@!#123456789');

[root@maindb ~]# mysql -u root -p
Enter password:

mysql> GRANT ALL PRIVILEGES ON demo.* TO 'devendra'@'localhost' IDENTIFIED BY 'Devendra@12345';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

mysql> GRANT ALL PRIVILEGES ON demo.* TO 'devendra'@'localhost' IDENTIFIED BY 'Devendra@!#12345';
Query OK, 0 rows affected (0.00 sec)

Sunday 1 February 2015

Samba Server with Audit Log Facility

Samba Server with Audit Log Facility (Syslog) in CentOS 6.*

----------------------------------------------------------------------------------------
1) Stop unwamted Services or settings
----------------------------------------------------------------------------------------
# /etc/init.d/NetworkManager stop
# chkconfig NetworkManager off
Note: Make sure you have configured Network i.e. (IP Address/Netmask/Gateway/DNS)

# /etc/init.d/sendmail stop
# chkconfig sendmail off
# vi /etc/sysconfig/selinux
SELINUX=disabled

HOSTNAME=samba.deva.com

----------------------------------------------------------------------------------
2) Bashrc Setting
----------------------------------------------------------------------------------

#vi /etc/bashrc

#----------------------------------------------------------------------------------
#CHANGES START
#----------------------------------------------------------------------------------
alias c='clear'
alias df='df -Th'
export HISTSIZE=10000
export HISTTIMEFORMAT="%h %d %H:%M:%S "
export HISTFILESIZE=10000…

#----------------------------------------------------------------------------------
#CHANGES END
#----------------------------------------------------------------------------------

#. /etc/bashrc

----------------------------------------------------------------------------------------
3) Open Necessary Ports in iptables
----------------------------------------------------------------------------------------
# vi /etc/sysconfig/iptables

### deva Network ###
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 137 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 138 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 139 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 445 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 901 -j ACCEPT

Note :192.168.1.0/24 will be your Network

#/etc/init.d/iptables restart
#chkconfig iptables on

----------------------------------------------------------------------------------------
4) Install Require Packages and dependencies and verify
----------------------------------------------------------------------------------------
#yum update kernel

#yum install -y samba samba-commons cups-libs
#yum install samba* -y
#yum install xinetd samba-swat -y

----------------------------------------------------------------------------------------
5)Create Share , Group & User
----------------------------------------------------------------------------------------

[root@samba ~]# mkdir /opt/data

[root@samba ~]# groupadd tech
[root@samba ~]# chgrp -R tech /opt/data
[root@samba ~]# chmod -R 777 /opt/data

[root@samba ~]# useradd devendra.joshi
[root@samba ~]# usermod -G tech devendra.joshi
[root@samba ~]# smbpasswd -a devendra.joshi
New SMB password:
Retype new SMB password:
Added user devendra.joshi.

----------------------------------------------------------------------------------------
6)Backup smb.conf , Edit smb.conf & paste following config in smb.conf
----------------------------------------------------------------------------------------

[root@samba ~]# cp /etc/samba/smb.conf /etc/samba/smb.conf-ORG
[root@samba ~]# > /etc/samba/smb.conf

[root@samba ~]# vi /etc/samba/smb.conf

############################# Start of File #############################
[global]
workgroup = MYGROUP
passdb backend = smbpasswd:/etc/samba/smbpasswd.db
log file = /var/log/samba/log.%m
log level = 3
idmap config * : backend = tdb

vfs objects = full_audit

# Audit settings
full_audit: prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = connect opendir mkdir rmdir open read pread write pwrite rename unlink chmodfchmod chown fchown ftruncate
full_audit:facility = local5
full_audit: priority = notice

[Tech Data]
path = /opt/data
vfs object = full_audit
valid users = devendra.joshi
write list = devendra.joshi
read only = No
create mask = 0777
directory mask = 0777

############################# End of File #############################

----------------------------------------------------------------------------------------
7)Restart smb & nmb restart
----------------------------------------------------------------------------------------

[root@sambaserver ~]# /etc/init.d/smb restart && /etc/init.d/nmb restart

[root@sambaserver ~]# testparm

----------------------------------------------------------------------------------------
8) Configure samba server in GUI mode
----------------------------------------------------------------------------------------

[root@sambaserver ~]# yum install xinetd samba-swat -y

----------------------------------------------------------------------------------------
9) Configure SWAT
----------------------------------------------------------------------------------------

[root@sambaserver ~]# vi /etc/xinetd.d/swat

service swat
{
port = 901
socket_type = stream
wait = no
only_from = 127.0.0.1 192.168.1.0/24
user = root
server = /usr/sbin/swat
log_on_failure += USERID
disable = no
}

----------------------------------------------------------------------------------------
10) Restart samba and xinetd services
----------------------------------------------------------------------------------------

[root@sambaserver ~]# /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@sambaserver ~]# /etc/init.d/smb restart
Shutting down SMB services: [ OK ]
Starting SMB services: [ OK ]
[root@sambaserver ~]# /etc/init.d/nmb restart
Shutting down NMB services: [ OK ]
Starting NMB services: [ OK ]

Open the web browser from any client syatems. In the address bar type “http://server-ip-address:901″ and press enter.
Now the console screen will open. You can start configure samba server here.

----------------------------------------------------------------------------------------
11) Install rsyslog
----------------------------------------------------------------------------------------

yum install rsyslog rsyslog-mysql

# service rsyslog start
# chkconfig rsyslog on

----------------------------------------------------------------------------------------
12) Edit rsyslog conf file & add following paramitters
----------------------------------------------------------------------------------------
[root@samba ~]# vi /etc/rsyslog.d/00-samba-audit.conf

local5.notice /var/log/samba/audit.log
&~

[root@samba ~]# vi /etc/rsyslog.d/50-default.conf

*.*;local5,auth,authpriv.none -/var/log/syslog

local5.notice /var/log/samba/audit.log

----------------------------------------------------------------------------------------
13) Log Rotation
----------------------------------------------------------------------------------------
[root@samba ~]# vi /etc/logrotate.d/samba

/var/log/samba/audit.log {
weekly
missingok
rotate 7
postrotate
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
endscript
compress
notifempty
}"

----------------------------------------------------------------------------------------
14 Restart Following Services
----------------------------------------------------------------------------------------
[root@sambaserver ~]# /etc/init.d/smb restart
[root@sambaserver ~]# /etc/init.d/nmb restart
[root@sambaserver ~]# /etc/init.d/rsyslog restart

[root@samba ~]# tail -f /var/log/samba/audit.log

----------------------------------------------------------------------------------------
End of Document
----------------------------------------------------------------------------------------

Subscribe to: Posts (Atom)

Disclaimer

Terms And Conditions Of Use Linukstricks.com

All content provided on this "Linukstricks.com" blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site.

The owner of Linukstricks.com will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.

The owner is not responsible for the republishing of the content found on this blog on other Web sites or media without permission.

This terms and conditions is subject to change at anytime with or without notice.

All post,data and information published on this blog site is only for informational purposes.

This is a personal blog site.The posts & information posted here in blog represent my own experience and not my employer.