Stile EL7
Jump to navigation
Jump to search
Desktop
yum -y groupinstall "Server with GUI" systemctl set-default graphical.target
Tunnel SSH x11
https://access.redhat.com/solutions/2876371
machine id
more /etc/machine-id systemd-machine-id-setup
systemd
systemctl --type=service --state=running systemctl --type=service --state=failed
Journal
mkdir /var/log/journal systemctl restart systemd-journald.service
Automount Systemd
Modifica in /etc/fstab
//host/share /mount cifs noauto,x-systemd.automount,x-systemd.after=/app,x-systemd.requires=network-online.target,x-systemd.device-timeout=10,x-systemd.idle-timeout=60,.... 0 0
Per attivare le modifiche:
systemctl daemon-reload systemctl restart remote-fs.target systemctl restart local-fs.target
okd kernels
package-cleanup --oldkernels --count=1
Firewall
firewall-cmd --get-services
firewall-cmd --permanent --new-service=oracle firewall-cmd --permanent --service=oracle --set-description="Listener ports 1521 2483" firewall-cmd --permanent --service=oracle --add-port=1521/tcp firewall-cmd --permanent --service=oracle --add-port=2483/tcp firewall-cmd --permanent --zone=public --add-service=oracle
firewall-cmd --permanent --new-service=NRPE firewall-cmd --permanent --service=NRPE --set-description="NRPE port 5666" firewall-cmd --permanent --service=NRPE --add-port=5666/tcp firewall-cmd --permanent --zone=public --add-service=NRPE
firewall-cmd --permanent --zone=public --add-service=snmp firewall-cmd --permanent --zone=public --add-service=ntp firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --reload
firewall-cmd --info-service=cockpit
firewall-cmd --list-services
Modalità diretta, sconsigliata:
firewall-cmd --zone=public --add-port=161/tcp --permanent firewall-cmd --zone=public --add-port=161/udp --permanent firewall-cmd --zone=public --add-port=1521/tcp --permanent firewall-cmd --zone=public --add-port=2483/tcp --permanent firewall-cmd --zone=public --add-port=5666/tcp --permanent
firewall-cmd --reload
Network
nmcli con add type 802-3-ethernet con-name eno33559296 ifname eno33559296 autoconnect yes ipv4 192.168.8.5/24 gw4 192.168.8.254 ipv4.dns 8.8.8.8 ipv4.dns-search emigar.it save yes
nmcli con show uuid 3763e4d6-d4d3-4340-bb7f-9e865f8e102e
snmp
nrpe
Active Directory Join
yum -y install realmd samba samba-common oddjob oddjob-mkhomedir sssd ntpdate ntp adcli
firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --reload
ntpdate -u domain-controller.domain.it
realm discover DOMAIN.IT
realm join --user=administrator@domain.it DOMAIN.IT
sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/' /etc/sssd/sssd.conf
systemctl restart sssd
Per consentire la gestione via group policy AD (in /etc/sssd/sssd.conf):
ad_gpo_access_control = enforcing
Version lock
Per mantenere "formalmente" una versione di RHEL
yum install yum-plugin-versionlock yum downgrade redhat-release-server-7.2 yum versionlock add redhat-release-server-7.2 yum versionlock list yum versionlock status
Rescue Kernel
Controllare /usr/lib/dracut/dracut.conf.d/02-rescue.conf
dracut_rescue_image="yes"
rm -f /boot/vmlinuz-0-rescue-* /boot/initramfs-0-rescue-*.img /etc/kernel/postinst.d/51-dracut-rescue-postinst.sh $(uname -r) /boot/vmlinuz-$(uname -r)
grub2-mkconfig -o /boot/grub2/grub.cfg grep menuentry /boot/grub2/grub.cfg
In base alle menuentry trovate, scegliere quella di default:
grub2-set-default 'Red Hat Enterprise Linux Server (3.10.0-693.5.2.el7.x86_64) 7.6 (Maipo)'
Su sistemi EFI:
grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
Non so come si imposta il default su EFI/UEFI.
hardening
/usr/sbin/authconfig --enablefaillock --update --faillockargs='deny=6 unlock_time=1300'