RHCE

Descripción

Fichas sobre RHCE, creado por Alex Kaulfuss el 03/02/2016.
Alex Kaulfuss
Fichas por Alex Kaulfuss, actualizado hace más de 1 año
Alex Kaulfuss
Creado por Alex Kaulfuss hace casi 9 años
9
1

Resumen del Recurso

Pregunta Respuesta
deny access to ftp for all users outside of example.com /etc/access.deny "vsftpd: ALL EXCEPT .example.com - service vsftpd restart
restrict individual user from ftp access /etc/vsftpd/ftpusers - service vsftpd restart
allow anonymous ftp access /etc/vsftpd/vsftpd.conf anonymous_enable=YES #comment# local_enable=YES -service vsftpd restart - chcon -R -t public_content_t /var/ftp/pub
install ftp - yum install vsftpd - chkconfig vsftpd on
install SMTP mail -yum install postfix - chkconfig postfix on
configure SMTP mail /etc/postfix/main.cf myhostname = mail.example.com mydomain = example.com myorigin = $mydomain inet_interfaces = all mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost mynetworks = 192.168.1.0/24, 127.0.0.0/8 - service postfix reload - setsebool -P allow_postfix_local_write_mail_spool on
packet filtering & NAT /etc/sysctl.conf net.ipv4.ip_forward = 1 - sysctl -p iptables -t nat -I POSTROUTING -o eth0 -s 192.168.2.0/24 -j MASQUERADE - service iptables save
set default route /etc/sysconfig/network-scripts/ifcfg-eth0 GATEWAY=192.168.1.1 (dest.) -service network restart - route -n
add static route /etc/sysconfig/network-scripts/route-eth0 ADDRESS0=192.168.0.0 (to) NETMASK0=255.255.255.0 GATEWAY0=192.168.2.1 (via) - service network restart - route -n
deny access to SSH /etc/hosts.deny "sshd: host.org" - service sshd restart
install SSH - yum install openssh (openssh-server?) - chkconfig sshd on
enable ip forwarding /etc/sysctl.conf net.ipv4.ip_forward = 1 - sysctl -p
set SELINUX to enforcing /etc/sysconfig/selinux =ENFORCING - reboot - iptables -F - service iptables save
configure SSH server /etc/ssh/sshd_config
secure file with gpg -gpg2 --gen-key -gpg2 --export [name] > gpg.pub -scp gpg.pub [location] --------------------------------------------------- -gpg2 --import gpg.pub -gpg2 --out [file] --recipient [name] --encrypt [file] -scp [outfile] [location] ------------------------------------------------------ -gpg2 --out [file] --decrypt [file]
configure a caching-only name server -yum install -y bind /etc/named.conf listen-on port 53 { any; }; allow-query { any; }; dnssec-validation no; iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT iptables -I INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
configure a caching-only name server to forward DNS queries -yum install -y bind /etc/named.conf listen-on port 53 { any; }; allow-query { any; }; dnssec-validation no; (below the ‘recursion‘ option, add:) forward only; forwarders { 192.168.1.1; }; iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT iptables -I INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
deploy a basic CGI application -yum groupinstall -y "Web server" /var/www/cgi-bin/hello.pl #!/usr/bin/perl print "Content-type: text/html\n\n"; print "Hello, World!"; -chmod 755 /var/www/cgi-bin/hello.pl -iptables -I INPUT -p tcp -m state --state NEW -m tcp —dport 80 -j ACCEPT
configure a system as an iSCSI initiator that persistently mounts an iSCSI target -yum install -y iscsi-initiator-utils -iscsiadm -m discoverydb -t st -p [targetserver] -D -grep "Attached SCSI" /var/log/messages -mkfs.ext4 /dev/sda -blkid | grep "/dev/sda" -echo "UUID=..." >> /etc/fstab /etc/fstab UUID=... /mnt ext4 _netdev 0 0
SSH: Configure key-based authentication. -ssh-keygen (-b 2048 -t rsa) -ssh-copy-id -i .ssh/id_rsa.pub user01@server2.example.com /etc/ssh/sshd_config (on 2nd machine) PasswordAuthentication no PubkeyAuthentication yes
Synchronize time using other NTP peers -yum install -y ntpd /etc/ntp.conf comment default server lines add my own
Configure a system to accept logging from a remote system (server) -yum install rsyslog /etc/rsyslog.conf uncomment: #$ModLoad imtcp AND #$InputTCPServerRun 514 -service rsyslog restart -iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT
Configure a system to log to a remote system (client) /etc/rsyslog.conf uncomment 7 lines change "remote-host" to name of syslog server
user can't schedule cron job /etc/cron.deny
permanently mount iso in /root to /mnt/data -mkdir /mnt/data /etc/fstab /root/boot.iso /mnt/data iso9660 ro,sync,auto 0 0
pass argument to kernel /etc/grub.conf
Use /proc/sys and sysctl to modify and set kernel runtime parameters. etc/sysctl.conf net.ipv4.ip_forward = 1 # allow IPv4 forwarding net.ipv4.icmp_echo_ignore_all = 1 # don't respond to a ping net.ipv4.icmp_echo_ignore_broadcasts = 1 # don't respond to a ping to the broadcast address
alias /etc/aliases alias: real person -newaliases
NFS: Provide network shares to specific clients (server side) -yum groupinstall -y "NFS file server" -iptables (udp111, tcp111, tcp2049) -chkconfig & service start for rpcbind, nfs, & nfslock /etc/exports dir name-OR-IP(rw,no_root_squash) -exportfs -avr
NFS: Provide network shares to specific clients (client side) -yum install -y nfs-utils -mount -t nfs server:/home/tools /mnt
HTTP: Configure a virtual host -yum groupinstall "Web Server" /etc/httpd/conf/httpd.conf uncomment NameVirt... & virt stanza
create Samba password -smbpasswd -a [user] or -echo "password" | --stdin smbpasswd -a [user]
install Samba -yum groupinstall -y "CIFS file server" chkconfig & service start for smb, nmb, and winbind
SMB: Provide network shares to specific clients. /etc/samba/smb.conf 9 things & directory block -mkdir /shared -chcon -t samba_share_t /shared iptables (udp137 & 138 tcp139 & 445)
KERBEROS: Configure a system to authenticate using Kerberos. -yum install -y krb5-workstation pam_krb5 maybe use GUI
Mostrar resumen completo Ocultar resumen completo

Similar

Matemáticasen la VidaCotidiana
Diego Santos
Readings para Preparar el First Certificate (I)
maya velasquez
Autores y obras de las generación del 98
ignaciobll
¿Qué sabes de Roma antígua? - EDUpunto.com
EDUpunto Por: Ernesto De Frías
Fichas de Grandes Filósofos
maya velasquez
Adjectives and Adverbs (regular and irregular examples)
angel.cardenas.r
Independencia de México
Alejanda Aias
Organizador Gráfico
r2p2casa
Ley Orgánica de la Administración Pública Federal.
Miguel Guizar
REPASO CORTO EXAMEN II EDUCACION AMBIENTAL
MIGUEL FORTIN NOLASCO
Guerra Civil
Aitor Llorente