Tag Archives: redhat

How to disable root access to RHEL Redhat systems. | disable root access linux

For security reasons, root access to Linux systems should be disabled as  standard theses days. Some distributions still allow it but other have blocked it by default. We should be taking advantage of sudo, which allows you to log in with your standard unprivileged account but execute root commands with the sudo app.

Here are some quick and easy steps to stop root access to your system and improve your security footprint.

This command will lock the root account

This will replace the hashed password with “!”, which is another way to stop logons

To add another level of security you should also disable root logons from the ssh server too. Here is how to do so,

Ensure the following entry is set, if it currently does not exist in the config file, add it anywhere.

 

Syslog permissions blocking Splunk Access | syslog splunk permissions /var/log/messages

Had a problem splunk having access permissions to /var/log/messages, syslog would change the permissions to read only by root and no one else. The fix is in the syslog config file. See below.

Should have an entry like this 

Pay particular attentions to,

Then restart syslog

 

Fix Apache2 SELINUX permissions problems. | selinux stopping images appearing on site

I recently had a request with an Apache2 problem.  The website didn’t display the images on the page.

After looking at the logs, the error appeared in the /var/log/audit/audit.log.

When you kick off a request with the web browser, you see 5 – 6 error appear about permissions.

So fix this, its easy, running the following command while its running refresh your browser.

This tool will find the error and create a white list and store it as “test”

To implement the fix execute the following command.

Once completed you will have access to your files.

GeoIP – Converting IPs to Physical Locations. | locate based on IP geoip maxmind tracing

I manage a large scale SSH server. This server is open to the world via SSH port 22.

Considering I only have Australian clients I would expect only Australian IP’s connected to it, so how would I know?

You can google the IP but that is a manual time consuming process. So I have automated it!

There is a open source tool called GeoIP. Its available by default on Debian and Redhat based distros. Install it with the following method.

Debian

 

Redhat

 

Usage

 

As you can see above, it resolves IP to country. This was perfect for the work I was doing but if you want specific city and GPS coordinates you need to download a higher detailed database from Maxmind.

So to update the database perform the following.

 

Now that you have the new database, you need to advise Geoip of the new database file.

Usage

As you can see, more detail than before.

Top 6 common uses for grep | top six uses for grep linux systems administration centos redhat

Grep is the number one tool used by linux systems administrators. I rely on this tool everyday, but its used in many different ways. I decided to list my top six uses.

 

Top use is grep with the recursive switch (grep -r). This is used for searching a particular filesystem path for a particular word. One common reason why I use this switch is when Im searching in a nagios configuration directory for mentions of a hostname. This allows me to find all the locations where a hostname has been mentioned and I can then alter it if needed.

 

This straightforward search allows you to look in a text file and find all the locations where the expression or search word can be found. The results will include the entire line where the expression has been matched.

 

The will do the opposite from he previous command, this will exclude all mentions of the search criteria. This will remove the entire line from the search results.

 

This will match the line but also include a certain number of subsequent lines, the number indicates how many lines after the match you would like included.

 

Again this the opposite of the previous command, this will include a certain number of lines before the match line.

 

This also proves to be very useful, this will remove case sensitivity from your search string.

 

IPTables blocking outbound port to specific host. | centos redhat linux iptables outbound port block drop dport ip

I needed to write a iptables rule to block outbound traffic to a specific host here.

Now I need to write a similar rule which will not block the entire host but just a single port to a host.

The rule is very simlar to the previously state but with the port flag, see below.

 

Howto resize full disk partitions with LVM | lvm vgs pvs lvs redhat resize2fs centos filesystem

One of the most common tasks that I have been performing lately is disk resize, especially in environment which have not been planned well and taking the application into account.

This was the procedure I performed the other day when an incident was raised.

 

Find the problem.

 

Find out if LVM and the volume group has available space.

Confirm the logical volume name.

Issue the command to extend.

Issue the command to resize the file system.

Confirmation it has taken affect.