Linux Wiki

Thursday, 16 March 2017

Configure Networking (IPv4 & IPv6 ) In Redhat enterprise Linux 7

In this post we will discussed how to configure Networking in Redhat Linux 7 with CLI mode.

First of all we will know how to set the hostname to your system.
you can set hostname with command & you can edit file under /etc/hostname to set the name for your computer.
In RHEL 7:- I would like to set my computer name is kaushal.example.com, here is the command to set:-

# hostnamectl set-hostname kaushal.example.com

check with

#hostname or hostnamectl --- this command show information about your hostname/computer name.

# cat /etc/hostname --- you can also check with this command

Now lets discussed configure the IP address so your machine can communicate in network.

# nmcli c show --- this will show the Connection.

# nmcli c modify "Connection name" "Modification" --- To modify current connection.

# nmcli c delete ---- to delete the current connection

# nmcli c up "connection name" ---- Up the connection

# nmcli c down "Connection Name" --- Down the connection

# nmcli c add con-name kaushal ifname eth0 type ethernet autoconnect yes ip4 172.19.10.0/24 gw4 172.19.10.1

con-name is connection name you can give name anything, ifname is interface name, Type mean what type of connection you want to add i want add here ethernet. Autoconnect mean connection will auto connect after reboot the system or shutdown the system. ip4 mean IPv4 IP address with subnet mask. gw4 mean Gateway for IPv4.

Now configure the DNS for your connection/ or modify your connection for name resolving.
# nmcli c modify kaushal ipv4.dns 172.19.10.1 ipv4.method manual

# nmcli c show

# nmcli c up kaushal

Configure IPv6 for your current connection.
# nmcli c modify kaushal ipv6.addresses 2607:f0d0:1002:51::4/24 ipv6.method manual

# nmcli c show | grep ipv6.addresses

How to reset forget root password in Redhat Linux 7

First of all restart your machine & when system boot up continue press the down arrow key from keyboard.

1. Here you will see the kernel press e for edit.

2. find here kernel, at the end of kernel line edit here rd.break

& press Ctrl+x to boot the system to run level 1.

3. Now mount the /sysroot directory with read write here with below mention command.
# mount -o remount rw /sysroot

4. Take the priviladge of /sysroot directory with bellow mention command.
# chroot /sysroot

5. change here password for root with passwd command.
#passwd
type here new password & confirm password(Note:- password will not seen here)

6. After you change the password create a hidden file in / named .autorelavel to re-lavel the selinux & system with new configuration.
# touch /.autorelavel
& type exit twice

Configure SSSD & PAM for Client Authentication

Configure SSSD & PAM for Client Authentication.

Note:- The configuration of file is configured according to my network. You have to configure according to you.

1. install the sssd
apt-get install sssd*

2. go to /etc/sssd
create here file named sssd.conf
edit the file

3. change the permission of sssd.conf file to 0600

4. After that make mkhomedir to create the user home directory when login into the system.
path is /usr/share/pam-config/mkhomedir

5. After configuration done restart the service of sssd and update the pam.

systemctl restart sssd
And update the PAM
pam-auth-update

systemctl status sssd

Very Secure FTP Server (VSFTPD)

FTP is a file transfer protocol which is use to:-

Upload the file & Folder

Download the file & Folder

vsftp Service Deamon is vsftpd

3 A’s Base Security

Authenction

Ip based Authentication using TCP wrapper or IPtables

Autherization

Upload Anonymous

Access FTP by local user

Local user uploading & Downloading

Auditing

Log Message xfer_log message and all other logs

/var/log/xfer_log

Configuration file is /etc/vsftpd/vsftpd.conf

To check the port number of services /etc/services

Mode of FTP

Command Mode <Control Mode>

Data transfer mode

Port 21 and 20

21 is use for connection establishment <Client Request on this port>

20 is use for uploading & downloading

Find the command location of vsftpd

/use/sbin/vsftpd

Note:- Anonymous Bydefault can download file but not upload

#ldd vsftpd ------ to check the library of service

vim /etc/hosts.allow --- allow host list
Syntax of content inside the file

Vsftpd: ALL (if allow all the user)

VSFTPD: 172.16.0.1 (To allow a particular userIP )

Vim /etc/hosts.deny

To deny the user or network create entry here.

Security Mechanism:-

PAM

IPtables

Cryptography

Selinux

TCP Wraper

TCP Wraper:-

Its apply on libwrap.so library file only.

Its work on application layer

Supporting file is /etc/hosts.allow

/etc/hosts.deny

Installation of VSFTPD:-

Yum install vsftpd

Service vsftpd start

#getsebool –a | grep ftp

To check the selinux boolan to on the home directory of user and uploading enable for anonymous user.

If you want to enable home directory for user:-

Setsebool –P (p is here to permanent on) ftp_home_dir on

# vim /etc/vsftpd/vsftpd.conf

configure here server

On Clients

# ftp ip of ftp ser

To connect the server after enter here user and its password.

ftp> get <file name> Download the file

ftp> put <file name> Uploading the file.

ftp> mget file1 file2 Download multiple file.

ftp> bye Exit from ftp.

Check the port service of vsftpd running or not.

Netstat –tulpn

Tcp udp list port number

# vim /etc/vsftpd/chroot_list

Create here entry of those user who have restricting for change the directory in FTP mode.

# vim /etc/vsftpd/ftpusers

Create here entry of those users who have deny to login in the FTP

# vim /etc/vsftpd/user_list

If in /etc/vsftpd/vsftpd.conf

Userlist_deny = no

Userlist_enable = yes

Create here entry of those user you have to login access in FTP.

# vim /etc/initd/vsftpd

Execute the scripts of vsftpd.

How to join a member of Debian clients into Samba Domain Controller.

Pre-Requirement
1. First of All check the date of client machine. Or install NTP client to match the correct date & time between server & client.

2. Give a host name to client machine. Path is /etc/hostname

3. Check your resolv.conf file for DNS entry. Path is /etc/resolv.conf egg:-

4. Check the connectivity between server and client machine.

5. You must have a account with admin access to join the client into domain.

6. Your Kerberos configuration must be configured according to your DC.
To configure the Kerberos:-
create a file in vim /etc/krb5.conf

edit file change realm name and kdc server name according to your domain.
save the file and exit

7. Install samba (client) package

apt-get install samba

Defaults configuration file is under /etc/samba/
8. Rename your /etc/samba/smb.conf file to smb.conf.org

9. now create a new file smb.conf
edit the file

save the file and exit

10. Now we are ready to join the system into domain

net ads join -U username
provide the password for user.

System is join as a client of samba domain controller.
To check is system into domain or not. just see the krb5.keytab file in /etc/ or check the ID of any of domain user.

Samba service status

systemctl status smbd

Ldap Authentication for Owncloud

Configure own cloud to access with centralized ldap authentication. You can say it accessing own cloud with domain authentication. Or how to access ldap with Single sign on.

First of all login into your own cloud console with admin privileges account:-

After logged in expend near your name. and click on admin.

this is the admin panel for own cloud here you can setup security for your server and file sharing document path cron setting and email server configuration etc.. click on LDAP