/home /etc/auto.home --timeout=60
Then, create a new file called /etc/auto.home, and add the following line in it:
* -fstype=nfs,rw,nosuid,soft server:/home/&
Sunday 17 October 2010
Autofs Home Directories
First, as root, you have to edit the file: /etc/auto.master to include the following line:
Then, create a new file called /etc/auto.home, and add the following line in it:
Then, create a new file called /etc/auto.home, and add the following line in it:
Friday 15 October 2010
Thursday 14 October 2010
Squid
yuim install squid -y
chkconfig squid on
vim /etc/squid/squid.conf
Add
acl our_networks src 192.168.0.0/24
http_access allow our_networks
visible_hostname servername.example.com
Port
http_port 3128
Run
squid -z
IPTABLES
Redirect
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -A RH-Firewall-1-INPUT -p tcp --dport 3128 -j ACCEPT
Standard
iptables -A RH-Firewall-1-INPUT -p tcp --dport 3128 -j ACCEPT
SELINUX
If changing squid port either add the port to selinux or set the squid_connect_any boolean
semanage port -a -t http_cache_port_t -p tcp PORTNUM
OR
setsebool -P squid_connect_any=1
chkconfig squid on
vim /etc/squid/squid.conf
Add
acl our_networks src 192.168.0.0/24
http_access allow our_networks
visible_hostname servername.example.com
Port
http_port 3128
Run
squid -z
IPTABLES
Redirect
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -A RH-Firewall-1-INPUT -p tcp --dport 3128 -j ACCEPT
Standard
iptables -A RH-Firewall-1-INPUT -p tcp --dport 3128 -j ACCEPT
SELINUX
If changing squid port either add the port to selinux or set the squid_connect_any boolean
semanage port -a -t http_cache_port_t -p tcp PORTNUM
OR
setsebool -P squid_connect_any=1
Mail - Sendmail
yum groupinstall "Mail Server"
Setup
Comment out
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
FEATURE(`accept_unresolvable_domains')dnl
Masquerade
MASQUERADE_AS(`mydomain.com')dnl
Access
Reject - error message
Discard - no error
Relay
Example
# by default we allow relaying from localhost...
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:127.0.0.1 RELAY
From:example.net REJECT
Connect:example.net REJECT
From:user@domain.com DISCARD
Domaintable
Allows you to map to different domains
the following will forward from example.com to example.org
example.com example.org
Virtusertable
root@example.com root
postmaster@example.com postmaster@noc.example.net
@example.com joe
Setup
Comment out
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
FEATURE(`accept_unresolvable_domains')dnl
Masquerade
MASQUERADE_AS(`mydomain.com')dnl
Access
Reject - error message
Discard - no error
Relay
Example
# by default we allow relaying from localhost...
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:127.0.0.1 RELAY
From:example.net REJECT
Connect:example.net REJECT
From:user@domain.com DISCARD
Domaintable
Allows you to map to different domains
the following will forward from example.com to example.org
example.com example.org
Virtusertable
root@example.com root
postmaster@example.com postmaster@noc.example.net
@example.com joe
Wednesday 13 October 2010
Dovecot
IPTables Ports
If in doubt check /etc/services
pop3 110/tcp
pop3 110/udp
imap 143/tcp
imap 143/udp
pop3s 995/tcp
pop3s 995/udp
imaps 993/tcp
imaps 993/udp
Lock dovecot down to specific users
# vim /etc/pam.d/dovecot
#%PAM-1.0
auth required pam_nologin.so
auth required pam_listfile.so item=user sense=allow file=/etc/dovecot_users onerr=fail
auth include system-auth
account include system-auth
session include system-auth
Testing dovecot
mutt -f imaps://user@server
If in doubt check /etc/services
pop3 110/tcp
pop3 110/udp
imap 143/tcp
imap 143/udp
pop3s 995/tcp
pop3s 995/udp
imaps 993/tcp
imaps 993/udp
Lock dovecot down to specific users
# vim /etc/pam.d/dovecot
#%PAM-1.0
auth required pam_nologin.so
auth required pam_listfile.so item=user sense=allow file=/etc/dovecot_users onerr=fail
auth include system-auth
account include system-auth
session include system-auth
Testing dovecot
mutt -f imaps://user@server
Monday 4 October 2010
IP TABLES
Masquerading
Configure Firewall
iptables -t nat -A POSTROUTING -s <internal subnet>-o <outbound interface> -j MASQUERADE
You will also have to allow the services that you want to provide to the internal network
iptables -A INPUT -s <internal subnet> -p <protocol> --dport <port number> -j ACCEPT
iptables -A INPUT -s 192.168.190.0/24 -p tcp --dport 21 -j ACCEPT
Setup Routing
edit /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p
Configure Firewall
iptables -t nat -A POSTROUTING -s <internal subnet>-o <outbound interface> -j MASQUERADE
You will also have to allow the services that you want to provide to the internal network
iptables -A INPUT -s <internal subnet> -p <protocol> --dport <port number> -j ACCEPT
iptables -A INPUT -s 192.168.190.0/24 -p tcp --dport 21 -j ACCEPT
Setup Routing
edit /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p
Sunday 3 October 2010
X WINDOWS
Install
yum groupinstall "X Window System"
Configure
chkconfig xfs on
service xfs start
system-config-display
test config creation
Xorg -probeonly
create config file in console
Xorg -configure
Run remote X apps
ssh -X user@server
Desktop Managers
yum install switchdesk
Troubleshooting
Logs
/var/log/Xorg.0.log
~.xsession-errors
/var/log/messages
Display not set
export DISPLAY=localhost:0.0
or
export DISPLAY=:0.0
xfs not running - check /tmp or /home to see if they are full
corrupt XFS sconfig - reintall xfs rpm?
rpm -ivh --force xorg*xfs*
yum groupinstall "X Window System"
Configure
chkconfig xfs on
service xfs start
system-config-display
test config creation
Xorg -probeonly
create config file in console
Xorg -configure
Run remote X apps
ssh -X user@server
Desktop Managers
yum install switchdesk
Troubleshooting
Logs
/var/log/Xorg.0.log
~.xsession-errors
/var/log/messages
Display not set
export DISPLAY=localhost:0.0
or
export DISPLAY=:0.0
xfs not running - check /tmp or /home to see if they are full
corrupt XFS sconfig - reintall xfs rpm?
rpm -ivh --force xorg*xfs*
TCP_WRAPPERS
syntax
<daemon list> : <client list> [except <client list>] [: <option>]
.example.com - anyone from example domain
192.168.190. - any ip from the 192.168.190.0 network
192.168.190.0/255.255.255.0 - any ip from the 192.168.190.0 network
ALL - Anyone
user@computer - user from specific computer
Lookup Order
1./etc/hosts.allow
2./etc/hosts.deny
3.allow by default
<daemon list> : <client list> [except <client list>] [: <option>]
.example.com - anyone from example domain
192.168.190. - any ip from the 192.168.190.0 network
192.168.190.0/255.255.255.0 - any ip from the 192.168.190.0 network
ALL - Anyone
user@computer - user from specific computer
Lookup Order
1./etc/hosts.allow
2./etc/hosts.deny
3.allow by default
Subscribe to:
Posts (Atom)