How to use ssh/scp without password on CentOS 6.4

On server (

Generate keys:

# ssh-keygen -t rsa

press enter for all

Copy the public key onto the other server (

# ssh-copy-id -i /root/.ssh/id_rsa

Now you should be able to ssh/scp to on without password.

Posted in Linux Admin Basics | 1 Comment

How to change the numeric order of Network Interface on CentOS 6.4

Edit /etc/udev/rules.d/70-persistent-net.rules:

You can change the NAME into eth0, eth1, eth2, eth3, etc to change the order.

# PCI device 0x10ec:0x8168 (r8169)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”xx:xx:xx:xx:xx:xx”, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth0″

# PCI device 0x10ec:0x8168 (r8169)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”xx:xx:xx:xx:xx:xx”, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth1″

Make sure the network interfaces are matched with their corresponding MAC addresses in  /etc/sysconfig/network-scripts/ifcfg-ethx

The changes will take effect once you reboot the system:

# reboot

Posted in Linux Admin Basics | 1 Comment

Basic Understanding of PATH in Linux

According to LINFO, PATH is an environmental variable in Linux and other Unix-like operating systems that tells the shell which directories to search for executable files in response to commands issued by a user.

For example, when you want to use sed command, you can type sed instead of /bin/sed.

The PATH value is composed of several absolute paths that are separated by colons.  When the user issues a command that is not built in the shell or that is not an executable file’s absolute path, the shell searches through the absolute paths in PATH until it finds the corresponding executable file.

To view PATH:

# echo $PATH


You can add a directory to PATH for the current session using:

# PATH=”directory:$PATH”


To make the change permanent, edit .bash_profile file in the user’s home directory.

Find the line that starts with “PATH=” and add the directory:



then execute:

# . $HOME/.bash_profile


Posted in Linux Admin Basics | Leave a comment

Install and Configure Master and Slave DNS Servers on CentOS 6.4

Assume the master server’s IP is, and the slave server’s IP is

Before you start, make sure you have installed caching only DNS server on both the master and slave servers.  Refer to this post for caching only server installation and configuration.  Then configure the master server to act an authoritative DNS server as stated in my past post.

For master server:

# vi /var/named/chroot/etc/named.conf

add the following:

allow-transfer { localhost;; };

For slave server:

Configure Slave DNS Server

# vi /var/named/chroot/etc/named.conf

recursion yes;

recursion no;

Edit zone definition:

zone “” IN {
type slave;
file “slaves/”;
masters {; };

zone “” IN {
type slave;
file “slaves/1.168.192.db”;
masters {; };

For both master and slave server:
# vi /etc/resolv.conf

Edit according to this:

# service named restart

Check on Slave server:

# cd /var/named/chroot/var/named/slaves
# ls -l

Check if all the data zone files show up correctly.
You can use dig command to see if the DNS servers are working correctly.

Posted in Linux Admin Basics | 1 Comment

Install and Configure Authoritative DNS server on CentOS 6.4

Assume the IP of the authoritative DNS server is, and the server IPs used in the data files are and

Before reading the rest of this post, make sure you have installed caching only name server as outlined in my past post.

Create forward lookup zone data:
# cd /var/named/chroot/var/named
# vi companycloud.db

Edit according to the following:


@ IN SOA (
                                                                      2013062901 ; serial
                                                                      1D ; refresh
                                                                      1H ; retry
                                                                      1W ; expire
                                                                      3H ) ; minimum
ns                     A     
server1            A     
server2            A     

 # chown root:named companycloud.db
# chmod 640 companycloud.db

Create reverse lookup zone data:

# vi 1.168.192.db

Edit according to the following:

@ IN SOA (
                                                                       2013062901 ; serial
                                                                       1D ; refresh
                                                                       1H ; retry
                                                                       1W ; expire
                                                                       3H ) ; minimum
2                  PTR             
3                  PTR             
4                  PTR             

# chmod 640 1.168.192.db
# chown root:named 1.168.192.db

Add the following zone definitions to /var/named/chroot/etc/named.conf:

zone “” IN {
   type master;
   file “”;

zone “” IN {
   type master;
   file “1.168.192.db”;

Configure the server to act as an Authoritative Server:
recursion yes;

recursion no;

# service named restart

Test on other server:

forward resolve:

# dig +short @

reverse resolve:

# dig +short @ -x


Posted in Linux Admin Basics | 1 Comment

How to disable remote root login in Linux

For security purposes, you’ll want to disable remote root login for your server to prevent hacking.

# vi /etc/ssh/sshd_config

find the line: #PermitRootLogin yes

and change it to: PermitRootLogin no

# service sshd restart

Posted in Linux Security | 2 Comments

Install and configure a Kickstart server with Cobbler on CentOS 6.4 (x86_64)

Note: Assume the Kickstart server’s IP is, DNS server is and the IP range used for dhcp is to

Install EPEL

The EPEL RPM repository contains extra packages, such as Cobbler, for RHEL/CentOS.


Run the following:

# rpm -Uhv

# yum install cobbler cobbler-web pykickstart system-config-kickstart dhcp mod_python wget tftp cman -y

# vi /etc/selinux/config


# setenforce 0

# vi /etc/xinetd.d/tftp
disable                 = no

# vi /etc/xinetd.d/rsync
disable = no
flags           = IPv4

# service xinetd restart
# service httpd start

Starting httpd: httpd: Could not reliably determine the server’s fully qualified domain name, using

localhost.localdomain for ServerName

                                                          [  OK  ]

# vi /etc/httpd/conf/httpd.conf

 uncomment the following line:

# service cobblerd start
# chkconfig xinetd on
# chkconfig httpd on
# chkconfig cobblerd on
# cobbler get-loaders
# vi /etc/cobbler/settings
edit the following lines accordingly:
pxe_just_once: 1
manage_dhcp: 1

# vi /etc/cobbler/dhcp.template
edit the file according to the following:
subnet netmask {
   option routers   ;
   option domain-name-servers;
   option subnet-mask;
   range dynamic-bootp;
   filename                   “/pxelinux.0”;
   default-lease-time         21600;
   max-lease-time             43200;
   next-server      ;

# iptables -F
# iptables -X
remember to configure iptables properly later!

 # service iptables restart
# cobbler check
Depending on personal requirements, perform the appropriate steps.

# service cobblerd restart
# cobbler sync
#cd /tmp
# wget

In this case, I want cobbler to install CentOS 5.9 on other servers.

verify using md5sum

#md5sum CentOS-5.9-x86_64-bin-DVD-1of2.iso > md5.txt
#md5sum -c md5.txt
CentOS-5.9-x86_64-bin-DVD-1of2.iso: OK

# mount -o loop /tmp/CentOS-5.9-x86_64-bin-DVD-1of2.iso /mnt
# cobbler import –path=/mnt –name=CentOS5.9
# cobbler profile remove –name=CentOS5.9-i386
# cobbler profile remove –name=CentOS5.9-x86_64

# cp /root/anaconda-ks.cfg /var/lib/cobbler/kickstarts/centos59.ks

Configure the kickstart file:

# vi /var/lib/cobbler/kickstarts/centos59.ks

Delete all existing content and add the following.  You can edit these info according to your preferences:
#platform=x86, AMD64, or Intel EM64T
# System authorization information
auth  –useshadow  –enablemd5
# System bootloader configuration
bootloader –append=”rhgb quiet” –location=mbr
# Clear the Master Boot Record
# Partition clearing information
clearpart –all –initlabel
# Use text mode install
# Firewall configuration
firewall –enabled –http –ssh
# Run the Setup Agent on first boot
firstboot –disable
# System keyboard
keyboard us
# System language
lang en_US
# Installation logging level
logging –level=info
url –url=
# Network information
network –bootproto=dhcp –device=eth0 –onboot=on
# Reboot after installation
#Root password
rootpw –iscrypted $default_password_crypted
# SELinux configuration
selinux –enforcing
# Do not configure the X Window System
# System timezone
timezone  America/Toronto
# Install OS instead of upgrade
# Disk partitioning information
part /boot –asprimary –fstype=”ext3″ –ondisk=sda –size=500
part swap –fstype=”swap” –ondisk=sda –size=4096
part / –fstype=”ext3″ –grow –size=1 –ondisk=sda


 # cobbler profile add –name=CentOS5.9-x86_64 –distro=CentOS5.9-x86_64 –kickstart=/var/lib/cobbler/kickstarts/centos59.ks
#cobbler sync

sync starts dhcp


Posted in Linux Admin Basics | Leave a comment