Centos7

From neil.tappsville.com
Jump to navigationJump to search

Relationship with Fedora, Redhat

Fedora --> Redhat --> Centos, all run by the Redhat company.

  1. Fedora - Free - the main project, and it’s a communitity-based, free distro focused on quick releases of new features and functionality.
  2. Redhat - Paid - the corporate version based on the progress of that project, and it has slower releases, comes with support, and isn’t free.
  3. CentOS - Free - essentially the community version of Redhat. So it’s pretty much identical, but it is free and support comes from the community as opposed to Redhat itself.

Development

To make life super easy for the first cut of something

Disable firewall

service firewalld stop
systemctl disable firewalld

Disable SELinux

 /etc/selinux/config
 SELINUX=enforcing  --> permissive
 Reboot

Interfaces

 vi /etc/sysconfig/network-scripts/ifcfg-eth0
Create a file named /etc/sysconfig/network-scripts/ifcfg-eth0 as follows:
DEVICE=eth0.
BOOTPROTO=none.
ONBOOT=yes.
PREFIX=24.
IPADDR=192.168.2.203.
Restart network service: systemctl restart network

VM interfaces

VMWare interfaces are created in the following order

  • ens192
  • ens224
  • ens256
  • ens161

Default Route

Temporary

$ route del default gw <default_gateway_ip>
$ route add default gw <default_gateway_ip>

Permanent /etc/sysconfig/network GATEWAY=<new_default_gateway_ip>


Static Routes

Temporary ip route add 172.16.5.0/24 via 10.0.0.101 dev eth0 ip route delete 192.168.0.0/16 dev ens256 scope link metric 1005

/etc/sysconfig/network-scripts/route-eth0

 172.16.5.0/24 via 10.0.0.101 dev eth0

Remember to bounce the interface after

ifdown eth0
ifup eth0

Dummy Interface

$ cat /etc/modules-load.d/dummy.conf
# Load dummy.ko at boot
dummy
$ cat /etc/modprobe.d/dummy.conf 
install dummy /sbin/modprobe --ignore-install dummy; /sbin/ip link set name ethdummy1 dev dummy0
$ cat /etc/sysconfig/network-scripts/ifcfg-ethdummy1
NAME=ethdummy1
DEVICE=ethdummy1
MACADDR=00:22:22:ff:ff:ff
IPADDR=10.10.10.1
NETMASK=255.255.255.0
ONBOOT=yes
TYPE=Ethernet
NM_CONTROLLED=no

Optics Diagnostics

Output is similar to a Juniper

ethtool -m [interface]

Screen

Terminal multiplexer. https://linuxize.com/post/how-to-use-linux-screen/

Start a 'window' screen or to give the session a name screen -S 'hello_world' To exit exit [enter] To detach from the session ctrl + a , d)

Show windows/terminals screen -ls Re-attach screen -r [number or sesssion_name]

Scrollback start with -h [numlines] to access - use copy mode ctrl-A, Esacpe , [then up/down], Escape to return.

Locale Problems

This is an issue with Mobaxterm/WSL/Ubuntu not centos which sets the locale as C.UTF-8, but here is a work around - add the following to your .bashrc file (seriously, there is something wrong with mobaxterm and this was the only fix (read: crude workaround)

export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
export LC_CTYPE=en_US.UTF-8

Appears mobaxterm is built from cygwin sources which defaults to C.UTF-8 (which is an extended char set of en_US.UTF-8) - however some centos boxes do not know about the C variant so complain.

Normal fix (that Mobaxterm seems to ignore and set to C.UTF.8)

sudo locale-gen en_US.UTF-8
sudo update-locale LANG=en_US.UTF-8

Packages

list installed yum list installed

Remember to stop the service first :)

 systemctl stop httpd

Add a specific package version

Show what versions are available

 yum list httpd --showduplicates
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.xnet.co.nz
 * centos-sclo-rh: mirror.xnet.co.nz
 * centos-sclo-sclo: mirror.xnet.co.nz
 * epel: mirror.xnet.co.nz
 * extras: mirror.xnet.co.nz
 * remi-php73: mirrors.mediatemple.net
 * remi-safe: mirrors.mediatemple.net
 * updates: mirror.xnet.co.nz
Available Packages
httpd.x86_64                                                                              2.4.6-90.el7.centos                                                                               base
httpd.x86_64                                                                              2.4.41-4.codeit.el7          

To install a particular one

sudo yum install httpd-2.4.6-90.el7.centos

Logging

To logs going to /var/log/messages for a particular service

sudo journalctl -u openli-provisioner.service

To watch a services logs

sudo journalctl --follow -u openli-provisioner.service

Firewall

firewall-cmd --zone=public --add-port=3000/tcp --permanent
firewall-cmd --reload


systemctl

List all enabled services

sudo systemctl list-unit-files | grep enabled


Selinux Policies

Look at audit log for deny messages

sudo ausearch -c 'process/context' --raw

Readable rules

grep context_t /var/log/audit/audit.log | audit2allow -w

Generate rules

grep context_t /var/log/audit/audit.log | audit2allow -M somepolicy

Refer to the following for possible permissions

cat /usr/share/selinux/devel/include/support/obj_perm_sets.spt

Modify the te file, then place it in a folder and run in the same folder:

make -f /usr/share/selinux/devel/Makefile

Import the policy

sudo semodule -i somepolicy.pp

Temporary

1. Set SELinux mode to Permissive temporary (without reboot) The setenforce command is used to change between enforcing and permissive mode. To change to permissive mode:

 setenforce 0