The above link is to the CIS (Center for Internet Security) PDF document for Redhat Enterprise Linux version 7. It’s essentially a “good practices” document that one should follow when hardening a RHEL 7 server.
The process to reset the root password when you’ve forgotten it has changed in version 7 of Redhat and CentOS Linux.
First you need to reboot and temporarily edit the Grub2 boot loader. Add the following to the end of the line starting with “Linux16”:
Boot using your changes by pressing:
The changes you’ve just made are not permanent.
Once booted, issue the following:
This tutorial demonstrations how to install and use VNC without direct access to the VNC server. In this article we only have SSH access to the server. This means we have no option but to use VNC in a secure manner – via SSH.
Install VNCServer and the desktop environment on the remote server:
yum clean all yum groupinstall 'Server with GUI' yum install tigervnc-server
I haven’t configured X to start on boot though as this is a server and rarely will be accessed using the GUI. Start X from the command line prior to connecting:
We still need to configure the VNC server and our VNC access. CentOS and Redhat 7 have a new way of configuring VNC. The file you should start with is “/etc/sysconfig/vncserver” which will refer you to “/lib/systemd/system/vncserver@.service”. Open that file (/lib/systemd/system/vncserver@.service). You need to make two changes to that file which is simply replaving USER with your real username. Here’s an example with my username “myuser”:
[Service] Type=forking # Clean any existing files in /tmp/.X11-unix environment ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' ExecStart=/sbin/runuser -l mysuer -c "/usr/bin/vncserver %i" PIDFile=/home/myuser/.vnc/%H%i.pid ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
Now we need to run the following commands:
cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service systemctl daemon-reload systemctl enable vncserver@:1.service systemctl start vncserver@:1.service
This one-liner illustrates how to use SSH to tunnel through a firewall that allows only SSH. In this example, we’ll access the website on the other side of that server.
Why do this? If the remote server “remote.server” has a firewall on it or between your workstation and that server and you want to access a web-site on the remote.server, you will have trouble unless you use a very nice feature of SSH – tunnelling.
In this tutorial we’re going to create a ZFS filesystem on Disk1 and then extend it to Disk2. We’re not going to worry about redundancy because this is a tutorial but ZFS does support common RAID types. We’ll configure ZFS for RAID0 (no parity, no redundancy). In the real world, you’d almost certainly use a RAID with redundancy unless your joining disks from a SAN perhaps.
This tutorial is for Redhat or CentOS 7.x.
yum upgrade yum localinstall --nogpgcheck https://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm yum localinstall --nogpgcheck http://archive.zfsonlinux.org/epel/zfs-release.el7.noarch.rpm yum install zfs
List your current ZFS filesystems. I don’t have any so none appear in the results:
If you have problems with modules at this point, try running “yum install kernel*”. Otherwise the “yum upgrade” at the top of this tutorial should help. You may need to reboot to load the new kernel after an upgrade.
Let’s create the first ZFS filesystem where “/dev/sdb” is your first ZFS disk:
zpool create -f zfs_volume /dev/sdb
TIP: You can use create these kinds of RAID:
# RAID0 - striped zpool create -f zfs_volume /dev/sdb /dev/sdc /dev/sdd # RAID1 - mirror zpool create mirror -f zfs_volume /dev/sdb /dev/sdc # RAID5 - striped with parity zpool create raidz -f zfs_volume /dev/sdb /dev/sdc /dev/sdd # RAID6 - striped with two parity zpool create raidz2 -f zfs_volume /dev/sdb /dev/sdc /dev/sdd /dev/sde # RAID10 - striped over mirror zpool create mirror -f zfs_volume /dev/sdb /dev/sdc zpool add mirror -f zfs_volume /dev/sdd /dev/sde
This article demonstrates how to Chroot users for SSH file copies (SCP and RSYNC) on a CentOS or Redhat server. The same process can be used for SSH logins but there needs to be some dependancies in place for that. Try the following site for more details on those dependancies “http://www.techrepublic.com/blog/linux-and-open-source/chroot-users-with-openssh-an-easier-way-to-confine-users-to-their-home-directories/”.
This article demonstrates how to add directories to your log rotation plan. For example, you may have a directory where you put custom logs for your applications or perhaps you want to rotate Magento (shopping platform) logs. You can use this method.
You have to decide your retention and rotation policy. It’s very simple:
1. How often do you want to rotate your log files? In other works, how often do you want to take the log files in a given directory, zip and rename them and then create new ’empty’ log files in their place? Your options are Daily, Weekly, Monthly and Yearly.
2. What is your retention policy? In other words, how many zipped files of each log file do you want to keep? You can choose any number here.
This article discussed removal of the “var/log/system.log” Magento log file. You can find this file in your Magento installation path. A command such as the following would help:
find /var/www -name "system.log"
Tip: replace “/var/www” with the path to your Magento installation.
Removing the “system.log” file has no effect from what i can tell. I’ve found this file to be quiet large on popular sites. Ideally it would be included in “logrotate”. Here’s some discussions on this topic “http://magento.stackexchange.com/questions/52953/delete-system-log-file” and “http://stackoverflow.com/questions/25752519/system-log-and-exception-log-size-and-maintenance”.
This article discussed the issues and solutions relating to restoring email backups relating to Dovecot and Thunderbird. The assumptions here are that a) you have file-level backups of the emails, and b) those emails are in “Maildir” format. It’s too late to recommend you do backups. I assume you have them otherwise you’re in a whole heap of trouble. Well, not really, you do have the Thunderbird copy of the emails. If that’s you, make backups on each workstation and then get started on repairing your mail server.
A very simple task with the correct tool, the tool in question is qemu-img. This tool is pulled in when you install QEMU on Gentoo,Redhat and Ubuntu however on Redhat and Ubuntu there is a separate package for it also. On Gentoo if you only wanted qemu-img and nothing else you could do a build from source.
apt-get install qemu-utils
yum install qemu-img
Now for the magic we need to call qemu-img, and use the convert function with the -f switch which is the format of the input file (vdi for virtualbox images) then -O and that is the output format in this case raw for .img files, then just give it the path to the files.