Skip to content

RHEL6 SELinux cheat sheet

Lot of admin turn SELinux off because it looks complicated. Here is a cheat sheet to make your life easier Two important documentations about Selinux can be found here: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/index.html http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Confined_Services/index.html —————————————————————————– If you work on Centos or Redhat, install the following packages on your system: setroubleshoot.noarch : Helps troubleshoot SELinux problems setroubleshoot-plugins.noarch : Analysis… Read More »RHEL6 SELinux cheat sheet

RHEL6 openldap server

  • by

Please note that all  double quote characters in this example are plain ASCII ” characters not  typographical ones! Step 1: first we need to install the required packages: #yum install openldap-servers migrationtools Step2: As the configuration for LDAP is stored inside the LDAP server itself the configuration has to be done by editing LDIF files… Read More »RHEL6 openldap server

RHEL6 virsh console domain

To use the #virsh console command on a RHEL6 Virtual Server you need to configure the guests. If you do not configure them, this Escape character is ^] Is all you get. For RHEL6  clients you have to configure 2 files: /boot/grub/menu.lst add the modification in bold: default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz serial –unit=0 –speed=115200 terminal –timeout=10… Read More »RHEL6 virsh console domain

RHEL6 vsftp anonymous access selinux

First install the vsftpd package #yum install vsftpd after that edit the /etc/vsftpd/vsftpd.conf anonymous_enable=YES write_enable=YES local_umask=022 anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_file=/var/log/vsftpd.log xferlog_std_format=YES ftpd_banner=Welcome to blah FTP service. listen=YES local_root=/var/ftp/upload pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES then edit tcpwrappers /etc/hosts.allow vsftpd: ALL Lets set the iptables: #iptables -A INPUT -m state –state NEW -m tcp -p tcp… Read More »RHEL6 vsftp anonymous access selinux

RHEL6 and SElinux

One of the most important packages to run successfully RHEL6 and SElinux is the setroubleshoot package. It includes useful tools like the setroubleshoot daemon and utils like sealert, sestatus….. So lets see whats the sestatus of my system: [root@rhel1 ~]# sestatus SELinux status:                 enabled SELinuxfs mount:                /selinux Current mode:                   enforcing Mode from config file:          enforcing… Read More »RHEL6 and SElinux

RHEL secondary Name Server

Open /etc/named.conf // // named.conf for Red Hat caching-nameserver // options { directory “/var/named”; dump-file “/var/named/data/cache_dump.db”; statistics-file “/var/named/data/named_stats.txt”; // query-source address * port 53; (only needed when there is a FW between master an slave) allow-transfer {192.168.1.104/24;}; (slaveip) }; // // a caching only nameserver config // controls { inet 127.0.0.1 allow { localhost; }… Read More »RHEL secondary Name Server

RHEL6 as LDAP client with ldap authentication

  • by

Edit the file /etc/openldap/ldap.conf URI ldap://$FQDN_OF_SERVER/ (has to be the same fqdn as in the certificate) BASE dc=mydomain,dc=com TLS_CACERTDIR /etc/openldap/cacerts now edit the /etc/nsswitch.conf file to tell linux where to get the login information from: passwd:     files sss ldap shadow:     files sss ldap group:      files sss ldap After that run the command authconfig-gtk Select: User… Read More »RHEL6 as LDAP client with ldap authentication

rhelv6

So rhel6 dropped xen and uses KVM now. Setup is quite easy. Just install the @kvm in kickstart or the “Virtualization” group with yum. The only tricky thing is, if you want to use virt-manager after a fresh install you need to also to install the package xorg-x11-auth 🙂

RHEL6 Caching Name Server

The package caching-nameserver is integrated in the bind package! So these two packages have to be installed: # yum install bind bind-chroot Than set named_write_master_zones 1 # setsebool -P named_write_master_zones 1 Allow queries on port 53 for DNS requests # iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 53 -j ACCEPT… Read More »RHEL6 Caching Name Server