RHEL6 and SElinux

One of the most important packages to run successfully RHEL6 and SElinux is the setroubleshoot package. It includes useful tools like the setroubleshoot daemon and utils like sealert, sestatus….. So lets see whats the sestatus of my system: [root@rhel1 ~]# sestatus SELinux status:                 enabled SELinuxfs mount:                /selinux Current mode:                   enforcing Mode from config file:          enforcing… Read More »RHEL6 and SElinux

RHEL secondary Name Server

Open /etc/named.conf // // named.conf for Red Hat caching-nameserver // options { directory “/var/named”; dump-file “/var/named/data/cache_dump.db”; statistics-file “/var/named/data/named_stats.txt”; // query-source address * port 53; (only needed when there is a FW between master an slave) allow-transfer {192.168.1.104/24;}; (slaveip) }; // // a caching only nameserver config // controls { inet 127.0.0.1 allow { localhost; }… Read More »RHEL secondary Name Server

RHEL6 as LDAP client with ldap authentication

Edit the file /etc/openldap/ldap.conf URI ldap://$FQDN_OF_SERVER/ (has to be the same fqdn as in the certificate) BASE dc=mydomain,dc=com TLS_CACERTDIR /etc/openldap/cacerts now edit the /etc/nsswitch.conf file to tell linux where to get the login information from: passwd:     files sss ldap shadow:     files sss ldap group:      files sss ldap After that run the command authconfig-gtk Select: User… Read More »RHEL6 as LDAP client with ldap authentication

rhelv6

So rhel6 dropped xen and uses KVM now. Setup is quite easy. Just install the @kvm in kickstart or the “Virtualization” group with yum. The only tricky thing is, if you want to use virt-manager after a fresh install you need to also to install the package xorg-x11-auth 🙂

RHEL6 Caching Name Server

The package caching-nameserver is integrated in the bind package! So these two packages have to be installed: # yum install bind bind-chroot Than set named_write_master_zones 1 # setsebool -P named_write_master_zones 1 Allow queries on port 53 for DNS requests # iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 53 -j ACCEPT… Read More »RHEL6 Caching Name Server

Install KVM on redhat

Installing KVM on RHEL6 is quite a simple process when having a yum repository. The main package is the kvm package (hypervisor). # yum install kvm To manage the vm’s you’ll need a tool called virt. # yum install  virt-manager libvirt libvirt-python python-virtinst libvirt-client xorg-x11-xauth  

RHEL6 Virtualization virsh commands

List all virtual systems: #virsh list Start/Stop virtual os: #virsh start virtosname #virsh shutdown virtosname #virsh destroy virtosname (like a power off) Access a virtual console: # virsh console virtosname Autostart virsh server: # virsh autostart virtosname

Expand luks encrypted filesystems

umount /crypto fsck.ext4 -C 0 -f /dev/mapper/crypto cryptsetup luksClose crypto lvextend -L +100M /dev/cryptovg/crypto cryptsetup luksOpen /dev/cryptovg/crypto crypto cryptsetup -v resize crypto fsck.ext4 -f /dev/mapper/crypto resize4fs /dev/mapper/crypto (you’ll need to install e4fsprogs to use resize4fs) fsck.ext4 -f /dev/mapper/crypto mount /dev/mapper/crypto /crypto

create luks lvm partition

lvcreate -L 500M -n crypto cryptovg Fill your partition with random data: dd if=/dev/urandom of=/dev/ cryptovg /crypto initialize your partition: cryptsetup –verbose –verify-passphrase luksFormat /dev/ cryptovg / crypto open the newly encrypted device: cryptsetup luksOpen /dev/ cryptovg / crypto cryptosec check it’s there: ls -l /dev/mapper | grep cryptosec create a filesystem: mkfs.ext4 /dev/mapper/cryptosec mount… Read More »create luks lvm partition