How to use ssh/scp without password on CentOS 6.4

On server (192.168.0.2):

Generate keys:

# ssh-keygen -t rsa

press enter for all

Copy the public key onto the other server (192.168.0.3)

# ssh-copy-id -i /root/.ssh/id_rsa 192.168.0.3

Now you should be able to ssh/scp to 192.168.0.3 on 192.168.0.2 without password.

Advertisements
Posted in Linux Admin Basics | 1 Comment

How to change the numeric order of Network Interface on CentOS 6.4

Edit /etc/udev/rules.d/70-persistent-net.rules:

You can change the NAME into eth0, eth1, eth2, eth3, etc to change the order.

# PCI device 0x10ec:0x8168 (r8169)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”xx:xx:xx:xx:xx:xx”, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth0″

# PCI device 0x10ec:0x8168 (r8169)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”xx:xx:xx:xx:xx:xx”, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth1″

Make sure the network interfaces are matched with their corresponding MAC addresses in  /etc/sysconfig/network-scripts/ifcfg-ethx

The changes will take effect once you reboot the system:

# reboot

Posted in Linux Admin Basics | 1 Comment

Basic Understanding of PATH in Linux

According to LINFO, PATH is an environmental variable in Linux and other Unix-like operating systems that tells the shell which directories to search for executable files in response to commands issued by a user.

For example, when you want to use sed command, you can type sed instead of /bin/sed.

The PATH value is composed of several absolute paths that are separated by colons.  When the user issues a command that is not built in the shell or that is not an executable file’s absolute path, the shell searches through the absolute paths in PATH until it finds the corresponding executable file.

To view PATH:

# echo $PATH

 

You can add a directory to PATH for the current session using:

# PATH=”directory:$PATH”

 

To make the change permanent, edit .bash_profile file in the user’s home directory.

Find the line that starts with “PATH=” and add the directory:

PATH=$PATH:directory

 

then execute:

# . $HOME/.bash_profile

References:

http://www.linfo.org/path_env_var.html
http://www.codecoffee.com/tipsforlinux/articles/11.html

Posted in Linux Admin Basics | Leave a comment

Install and Configure Master and Slave DNS Servers on CentOS 6.4

Assume the master server’s IP is 192.168.1.2, and the slave server’s IP is 192.168.1.3.

Before you start, make sure you have installed caching only DNS server on both the master and slave servers.  Refer to this post for caching only server installation and configuration.  Then configure the master server to act an authoritative DNS server as stated in my past post.

For master server:

# vi /var/named/chroot/etc/named.conf

add the following:

allow-transfer { localhost; 192.168.2.3; };

For slave server:

Configure Slave DNS Server

# vi /var/named/chroot/etc/named.conf

change:
recursion yes;

to:
recursion no;

Edit zone definition:

zone “companycloud.com” IN {
type slave;
file “slaves/companycloud.com”;
masters { 192.168.1.2; };
};

zone “1.168.192.in-addr.arpa” IN {
type slave;
file “slaves/1.168.192.db”;
masters { 192.168.1.2; };
};

For both master and slave server:
# vi /etc/resolv.conf

Edit according to this:
nameserver 127.0.0.1

# service named restart

Check on Slave server:

# cd /var/named/chroot/var/named/slaves
# ls -l

Check if all the data zone files show up correctly.
You can use dig command to see if the DNS servers are working correctly.

Posted in Linux Admin Basics | 1 Comment

Install and Configure Authoritative DNS server on CentOS 6.4

Assume the IP of the authoritative DNS server is 192.168.1.2, and the server IPs used in the data files are 192.168.1.3 and 192.168.1.4.

Before reading the rest of this post, make sure you have installed caching only name server as outlined in my past post.

Create forward lookup zone data:
# cd /var/named/chroot/var/named
# vi companycloud.db

Edit according to the following:

$TTL 1D

@ IN SOA ns.companycloud.com. root.ns.companycloud.com. (
                                                                      2013062901 ; serial
                                                                      1D ; refresh
                                                                      1H ; retry
                                                                      1W ; expire
                                                                      3H ) ; minimum
                        NS              ns.companycloud.com.
ns                     A               192.168.1.2
server1            A               192.168.1.3
server2            A               192.168.1.4

 # chown root:named companycloud.db
# chmod 640 companycloud.db

Create reverse lookup zone data:

# vi 1.168.192.db

Edit according to the following:

$TTL 1D
@ IN SOA ns.companycloud.com. root.ns.companycloud.ca. (
                                                                       2013062901 ; serial
                                                                       1D ; refresh
                                                                       1H ; retry
                                                                       1W ; expire
                                                                       3H ) ; minimum
                      NS                        ns.companycloud.com.
2                  PTR                       ns.companycloud.com.
3                  PTR                       server1.companycloud.com.
4                  PTR                       server2.companycloud.com.

# chmod 640 1.168.192.db
# chown root:named 1.168.192.db

Add the following zone definitions to /var/named/chroot/etc/named.conf:

zone “companycloud.com” IN {
   type master;
   file “companycloud.com.db”;
};

zone “1.168.192.in-addr.arpa” IN {
   type master;
   file “1.168.192.db”;
};

Configure the server to act as an Authoritative Server:
change:
recursion yes;

to:
recursion no;

# service named restart

Test on other server:

forward resolve:

# dig +short @192.168.1.2 server1.companycloud.com
192.168.1.3

reverse resolve:

# dig +short @192.168.1.2 -x 192.168.1.3
server1.companycloud.com.

Reference:
http://zenit.senecac.on.ca/wiki/index.php/NAD710_Lab_5A

Posted in Linux Admin Basics | 1 Comment

How to disable remote root login in Linux

For security purposes, you’ll want to disable remote root login for your server to prevent hacking.

# vi /etc/ssh/sshd_config

find the line: #PermitRootLogin yes

and change it to: PermitRootLogin no

# service sshd restart

Posted in Linux Security | 2 Comments

Install and configure a Kickstart server with Cobbler on CentOS 6.4 (x86_64)

Note: Assume the Kickstart server’s IP is 192.168.1.254, DNS server is 192.168.1.253 and the IP range used for dhcp is 192.168.1.40 to 192.168.1.50.

Install EPEL

The EPEL RPM repository contains extra packages, such as Cobbler, for RHEL/CentOS.

==============EPEL=========http://fedoraproject.org/wiki/EPEL

Run the following:

# rpm -Uhv http://mirror.csclub.uwaterloo.ca/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm

# yum install cobbler cobbler-web pykickstart system-config-kickstart dhcp mod_python wget tftp cman -y

# vi /etc/selinux/config

change:
SELINUX=enforcing
to:
SELINUX=disabled

# setenforce 0

# vi /etc/xinetd.d/tftp
edit:
disable                 = no

# vi /etc/xinetd.d/rsync
edit:
disable = no
flags           = IPv4

# service xinetd restart
# service httpd start

Starting httpd: httpd: Could not reliably determine the server’s fully qualified domain name, using

localhost.localdomain for ServerName

                                                          [  OK  ]

# vi /etc/httpd/conf/httpd.conf

 uncomment the following line:
#ServerName http://www.example.com:80

# service cobblerd start
# chkconfig xinetd on
# chkconfig httpd on
# chkconfig cobblerd on
# cobbler get-loaders
# vi /etc/cobbler/settings
edit the following lines accordingly:
next_server: 192.168.1.254
server: 192.168.1.254
pxe_just_once: 1
manage_dhcp: 1

# vi /etc/cobbler/dhcp.template
edit the file according to the following:
subnet 192.168.1.0 netmask 255.255.255.0 {
   option routers             192.168.1.1;
   option domain-name-servers 192.168.1.253;
   option subnet-mask         255.255.255.0;
   range dynamic-bootp        192.168.1.40 192.168.1.50;
   filename                   “/pxelinux.0”;
   default-lease-time         21600;
   max-lease-time             43200;
   next-server                192.168.1.254;
}

# iptables -F
# iptables -X
remember to configure iptables properly later!

 # service iptables restart
# cobbler check
Depending on personal requirements, perform the appropriate steps.

# service cobblerd restart
# cobbler sync
#cd /tmp
# wget http://centos.westmancom.com/5.9/isos/x86_64/CentOS-5.9-x86_64-bin-DVD-1of2.iso

In this case, I want cobbler to install CentOS 5.9 on other servers.

verify using md5sum

#md5sum CentOS-5.9-x86_64-bin-DVD-1of2.iso > md5.txt
#md5sum -c md5.txt
CentOS-5.9-x86_64-bin-DVD-1of2.iso: OK

# mount -o loop /tmp/CentOS-5.9-x86_64-bin-DVD-1of2.iso /mnt
# cobbler import –path=/mnt –name=CentOS5.9
# cobbler profile remove –name=CentOS5.9-i386
# cobbler profile remove –name=CentOS5.9-x86_64

# cp /root/anaconda-ks.cfg /var/lib/cobbler/kickstarts/centos59.ks

Configure the kickstart file:

# vi /var/lib/cobbler/kickstarts/centos59.ks

Delete all existing content and add the following.  You can edit these info according to your preferences:
#platform=x86, AMD64, or Intel EM64T
# System authorization information
auth  –useshadow  –enablemd5
# System bootloader configuration
bootloader –append=”rhgb quiet” –location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart –all –initlabel
# Use text mode install
text
# Firewall configuration
firewall –enabled –http –ssh
# Run the Setup Agent on first boot
firstboot –disable
# System keyboard
keyboard us
# System language
lang en_US
# Installation logging level
logging –level=info
url –url=http://192.168.1.254/cobbler/ks_mirror/CentOS5.9
# Network information
network –bootproto=dhcp –device=eth0 –onboot=on
# Reboot after installation
reboot
#Root password
rootpw –iscrypted $default_password_crypted
# SELinux configuration
selinux –enforcing
# Do not configure the X Window System
skipx
# System timezone
timezone  America/Toronto
# Install OS instead of upgrade
install
# Disk partitioning information
part /boot –asprimary –fstype=”ext3″ –ondisk=sda –size=500
part swap –fstype=”swap” –ondisk=sda –size=4096
part / –fstype=”ext3″ –grow –size=1 –ondisk=sda

%packages
@base
@core
@development-libs
@development-tools
@editors
@server-cfg
@system-tools
keyutils
iscsi-initiator-utils
trousers
fipscheck
device-mapper-multipath
perl-Convert-ASN1
imake
audit

 # cobbler profile add –name=CentOS5.9-x86_64 –distro=CentOS5.9-x86_64 –kickstart=/var/lib/cobbler/kickstarts/centos59.ks
#cobbler sync

sync starts dhcp

Reference
http://centoshowtos.org/installation/kickstart-cobbler-on-centos-server/

Posted in Linux Admin Basics | Leave a comment