Posts tagged rhel

upstart manual

posted on 2015-03-26 10:17:13

Ubuntu, as well as RHEL 6.6 (6.x?) use upstart for system initalization during boot up.

If you need help for creating the init scripts, see the official manual.

RHEL: configure static ip

posted on 2015-03-24 01:13:02

From somewhere on the internet I found this handy gist, which got some improvements:

## Configure eth0
#
# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
NAME="eth0"
TYPE=Ethernet
ONBOOT=yes
HWADDR=A4:BA:DB:37:F1:04
IPADDR=192.168.1.44
PREFIX=24
BOOTPROTO=static
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03


## Configure Default Gateway
#
# vi /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=centos6
GATEWAY=192.168.1.1


## Restart Network Interface (as root)
#
### DONT!
/etc/init.d/network restart
### DO!
ifdown eth0; ifup eth0

## Configure DNS Server
#
# vi /etc/resolv.conf

nameserver 8.8.8.8 # Replace with your nameserver ip
nameserver 192.168.1.1 # Replace with your nameserver ip 

This may be expanded later on, this is just a quick post.

RHEL: debugging locale settings

posted on 2015-03-23 14:07:36

Having had a system landscape with some webservers, basically a apache-apache-tomcat and apache-apache-jboss setup, where the Umlauts were bugged. Or websites did now work at all.

Oh my. That is all what you usually think about such things.

To complicate matters further, there was a CMS deployed, generating the .jsp's that were later to be served through the app servers.

vim /etc/sysconfig/i18n . /etc/sysconfig/i18n # same as: source /etc/sysconfig/i18n

check locale:

locale

sshd: show ssh logins and fails

posted on 2015-03-05 11:13:00

successes

To show all successful login attempts on a debian-based system:

cat /var/log/secure | grep 'sshd.*opened'

Same for RHEL:

cat /var/log/auth.log | grep 'sshd.*opened'

fails

Debian's:

cat /var/log/auth.log | grep 'sshd.*Invalid'

RHEL's:

cat /var/log/secure | grep 'sshd.*Invalid'

RHEL 6 Fail2Ban fix

posted on 2015-02-04 17:51:22

When using fail2ban, installing it via yum is easy.

Sad part is, even though the install is done, it won't be of much help. This is due to the regular expressions defined in /etc/fail2ban/filter.d/sshd.conf, which will not match current entries in /var/log/secure/.

test

Testing this is rather easy:

fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf

The output should look like this:

Running tests
=============

Use   failregex file : /etc/fail2ban/filter.d/sshd.conf
Use         log file : /var/log/secure


Results
=======

Failregex: 16972 total
|-  #) [# of hits] regular expression
|  13) [16972] ^.*authentication failure[s]?; logname=.* uid=.* euid=.* tty=.* ruser=.* rhost=<HOST>  user=.*\s*$
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [36248] MONTH Day Hour:Minute:Second
`-

Lines: 36248 lines, 0 ignored, 16972 matched, 19276 missed
Missed line(s): too many to print.  Use --print-all-missed to print all 19276 lines

If there are no 'matched' entries, the regex is likely to fail.

Instead of passing the filterfile as second arguement, matching strings as regexes also works. For furter info google the fail2ban manual.

fix

Adding this fixed the issue for me:

^.*authentication failure[s]?; logname=.* uid=.* euid=.* tty=.* ruser=.* rhost=<HOST>  user=.*\s*$

Afterwards issueing iptables -L -vnx will show that the Chain fail2ban-SSH gets populated rather fast.

RedHat Networking Docs (Oracle Linux)

posted on 2014-10-01 12:22:53

Here is a short linklist, because Oracle's documentation is the best I have seen so far.

Oracle Linux Administrator's Guide for Release 6

Part II Networking and Network Services

Chapter 11 Network Configuration

Why is this fine for RedHat stuff?

RHEL / RedHat Enterprise Linux is the 'original' distribution from redhat. Fedora is the 'testing distribution' from the company redhat. Difference between Fedora and RHEL are the lifetimes (support, EOL, update frequencies, up-to-date packages), RHEL is focused on stability. redhat's sources for it's distributions are open to the public. CentOS, Oracle Linux and Scientific Linux are created from the redhat sources, but basically without all the RedHat logos.

Thus, the documentation of the one is sufficient for the other distributions.

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apachebench, apple, arcconf, arch, architecture, areca, arping, asa, asdm, autoconf, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blockdev, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fdisk, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, global, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pct, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pveam, pvecm, pvesm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x11vnc, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh


Unless otherwise credited all material Creative Commons License by sjas