Creado por Alex Kaulfuss
hace casi 9 años
|
||
Pregunta | Respuesta |
deny access to ftp for all users outside of example.com | /etc/access.deny "vsftpd: ALL EXCEPT .example.com - service vsftpd restart |
restrict individual user from ftp access | /etc/vsftpd/ftpusers - service vsftpd restart |
allow anonymous ftp access | /etc/vsftpd/vsftpd.conf anonymous_enable=YES #comment# local_enable=YES -service vsftpd restart - chcon -R -t public_content_t /var/ftp/pub |
install ftp | - yum install vsftpd - chkconfig vsftpd on |
install SMTP mail | -yum install postfix - chkconfig postfix on |
configure SMTP mail | /etc/postfix/main.cf myhostname = mail.example.com mydomain = example.com myorigin = $mydomain inet_interfaces = all mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost mynetworks = 192.168.1.0/24, 127.0.0.0/8 - service postfix reload - setsebool -P allow_postfix_local_write_mail_spool on |
packet filtering & NAT | /etc/sysctl.conf net.ipv4.ip_forward = 1 - sysctl -p iptables -t nat -I POSTROUTING -o eth0 -s 192.168.2.0/24 -j MASQUERADE - service iptables save |
set default route | /etc/sysconfig/network-scripts/ifcfg-eth0 GATEWAY=192.168.1.1 (dest.) -service network restart - route -n |
add static route | /etc/sysconfig/network-scripts/route-eth0 ADDRESS0=192.168.0.0 (to) NETMASK0=255.255.255.0 GATEWAY0=192.168.2.1 (via) - service network restart - route -n |
deny access to SSH | /etc/hosts.deny "sshd: host.org" - service sshd restart |
install SSH | - yum install openssh (openssh-server?) - chkconfig sshd on |
enable ip forwarding | /etc/sysctl.conf net.ipv4.ip_forward = 1 - sysctl -p |
set SELINUX to enforcing | /etc/sysconfig/selinux =ENFORCING - reboot - iptables -F - service iptables save |
configure SSH server | /etc/ssh/sshd_config |
secure file with gpg | -gpg2 --gen-key -gpg2 --export [name] > gpg.pub -scp gpg.pub [location] --------------------------------------------------- -gpg2 --import gpg.pub -gpg2 --out [file] --recipient [name] --encrypt [file] -scp [outfile] [location] ------------------------------------------------------ -gpg2 --out [file] --decrypt [file] |
configure a caching-only name server | -yum install -y bind /etc/named.conf listen-on port 53 { any; }; allow-query { any; }; dnssec-validation no; iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT iptables -I INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT |
configure a caching-only name server to forward DNS queries | -yum install -y bind /etc/named.conf listen-on port 53 { any; }; allow-query { any; }; dnssec-validation no; (below the ‘recursion‘ option, add:) forward only; forwarders { 192.168.1.1; }; iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT iptables -I INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT |
deploy a basic CGI application | -yum groupinstall -y "Web server" /var/www/cgi-bin/hello.pl #!/usr/bin/perl print "Content-type: text/html\n\n"; print "Hello, World!"; -chmod 755 /var/www/cgi-bin/hello.pl -iptables -I INPUT -p tcp -m state --state NEW -m tcp —dport 80 -j ACCEPT |
configure a system as an iSCSI initiator that persistently mounts an iSCSI target | -yum install -y iscsi-initiator-utils -iscsiadm -m discoverydb -t st -p [targetserver] -D -grep "Attached SCSI" /var/log/messages -mkfs.ext4 /dev/sda -blkid | grep "/dev/sda" -echo "UUID=..." >> /etc/fstab /etc/fstab UUID=... /mnt ext4 _netdev 0 0 |
SSH: Configure key-based authentication. | -ssh-keygen (-b 2048 -t rsa) -ssh-copy-id -i .ssh/id_rsa.pub user01@server2.example.com /etc/ssh/sshd_config (on 2nd machine) PasswordAuthentication no PubkeyAuthentication yes |
Synchronize time using other NTP peers | -yum install -y ntpd /etc/ntp.conf comment default server lines add my own |
Configure a system to accept logging from a remote system (server) | -yum install rsyslog /etc/rsyslog.conf uncomment: #$ModLoad imtcp AND #$InputTCPServerRun 514 -service rsyslog restart -iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT |
Configure a system to log to a remote system (client) | /etc/rsyslog.conf uncomment 7 lines change "remote-host" to name of syslog server |
user can't schedule cron job | /etc/cron.deny |
permanently mount iso in /root to /mnt/data | -mkdir /mnt/data /etc/fstab /root/boot.iso /mnt/data iso9660 ro,sync,auto 0 0 |
pass argument to kernel | /etc/grub.conf |
Use /proc/sys and sysctl to modify and set kernel runtime parameters. | etc/sysctl.conf net.ipv4.ip_forward = 1 # allow IPv4 forwarding net.ipv4.icmp_echo_ignore_all = 1 # don't respond to a ping net.ipv4.icmp_echo_ignore_broadcasts = 1 # don't respond to a ping to the broadcast address |
alias | /etc/aliases alias: real person -newaliases |
NFS: Provide network shares to specific clients (server side) | -yum groupinstall -y "NFS file server" -iptables (udp111, tcp111, tcp2049) -chkconfig & service start for rpcbind, nfs, & nfslock /etc/exports dir name-OR-IP(rw,no_root_squash) -exportfs -avr |
NFS: Provide network shares to specific clients (client side) | -yum install -y nfs-utils -mount -t nfs server:/home/tools /mnt |
HTTP: Configure a virtual host | -yum groupinstall "Web Server" /etc/httpd/conf/httpd.conf uncomment NameVirt... & virt stanza |
create Samba password | -smbpasswd -a [user] or -echo "password" | --stdin smbpasswd -a [user] |
install Samba | -yum groupinstall -y "CIFS file server" chkconfig & service start for smb, nmb, and winbind |
SMB: Provide network shares to specific clients. | /etc/samba/smb.conf 9 things & directory block -mkdir /shared -chcon -t samba_share_t /shared iptables (udp137 & 138 tcp139 & 445) |
KERBEROS: Configure a system to authenticate using Kerberos. | -yum install -y krb5-workstation pam_krb5 maybe use GUI |
¿Quieres crear tus propias Fichas gratiscon GoConqr? Más información.