User Tools

Site Tools


unix:linux

Linux

Replace an HD using LVM (CentOS)

Let's suppose you want to replace the disk in a system that uses LVM and has a separate /boot partition. In this case we also presume that /boot is identified in fstab via a label.

  • Insert the new disk (sdb) and replicate the partition layout
  • Replicate the content of the /boot partition to the new disk
  • Label the new boot:
  e2label /dev/sdb1 /boot
  • Extend the volume group (VolGroup00, in this example) with the new partition:
  pvcreate /dev/sdb2
  vgextend VolGroup00 /dev/sdb2
  • Move data from the old partition and remove it:
  pvmove /dev/sda2
  vgreduce VolGroup00 /dev/sda2
  • Fix grub:
  root (hd1,0)
  setup (hd1)
  quit
  • Remove the old disk and reboot

Rescan SCSI bus

for bus in /sys/class/scsi_host/host*/scan ; do
  echo "- - -" > $bus
done

Red Hat/Centos 5/6

Install an init script

chkconfig --add scriptname
chkconfig scriptname on
service scriptname start

Delete an init script

chkconfig --del scriptname

Package management with RPM

rpm -ivh mypkg.rpm   # install
rpm -Uvh mypkg.rpm   # update
rpm -e mypkg         # uninstall
rpm -qa              # list installed packages
rpm -qi mypkg        # package info
rpm -ql mypkg        # package contents
rpm -qlp ./mypkg.rpm # contents of an uninstalled rpm
rpm -q --whatprovides filename # Which package contains filename?

Register to RHN

Older versions

rhn_register

Newer versions

subscription-manager register --proxy="proxy.example.com:8080" --auto-attach

Additional package repositories

EPEL

Enable EPEL on CentOS with:

yum install epel-release

YUM package management

Disable yum autoupdate daemon

service yum-updatesd stop
chkconfig yum-updatesd off

Using yum with proxy

  • Put in /etc/yum.conf a line like:
proxy=http://proxy.example.com:8080/
  • If using RHEL, put in /etc/rhsm/rhsm.conf:
proxy_hostname =proxy.example.com
proxy_port =8080

IPtables cheatsheet

A nice explanation picture borrowed from http://billauer.co.il/ipmasq-html.html

Enabling forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

.. or net.ipv4.ip_forward = 1 in sysctl

Masquerade / SNAT

With masquerade you don't need to know the address of the external interface (good for dynamic IP). Furthermore, when the connection goes down the connection/translation table gets cleared

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

With Source NAT you have to specify the IP of the outgoing interface, and the slate table are retained:

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4

Don't forget to ensure that the FORWARD rule allow NAT traffic, in and out:

iptables -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT

Securing connection

When using – for example – NAT and wanting to allow only outgoing connections:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
iptables -P INPUT DROP
iptables -A FORWARD -i eth1 -o eth1 -j REJECT

Show NAT tables

iptables -L -n -v --line-numbers
iptables -L -n -v -t nat --line-numbers

Block outgoing connections to an host

iptables -A OUTPUT -d 192.0.2.1/32 -p tcp --dport 8080 -j DROP

Delete all the rules

 iptables --flush

Firewalld

  • Is it active?
  firewall-cmd --state
  • What's the active zone?
  firewall-cmd --get-active-zones
  • Which services / ports are on?
  firewall-cmd --zone=work --list-services
  firewall-cmd --zone=work --list-ports

Open temporarily a port (example)

  firewall-cmd --get-active-zones # get the active zone
  firewall-cmd --zone=work --add-port=3000/tcp

To make the change permanent add the permanent flag:

  firewall-cmd --zone=public --add-service=http --permanent

Create and enable a new custom service

Example:

firewall-cmd --permanent --new-service=ap-gre-pptp
firewall-cmd --permanent --service=ap-gre-pptp --set-description='GRE for PPTP'
firewall-cmd --permanent --service=ap-gre-pptp --set-short='AP HACK - GRE for PPTP'
firewall-cmd --permanent --service=ap-gre-pptp --add-protocol=gre
firewall-cmd --permanent --zone=work --add-service=ap-gre-pptp

New Linux networking commands

Deprecated   Replacement command(s)
----------   -----------------------
arp	     ip n (ip neighbor)
ifconfig     ip a (ip addr), ip link, ip -s (ip -stats)
iptunnel     ip tunnel
iwconfig     iw
nameif       ip link, ifrename
netstat	     ss, ip route (for netstat-r), ip -s link (for netstat -i), ip maddr (for netstat-g)
route	     ip r (ip route)

Systemd

See the Systemd cheatsheet.

SElinux

See the SELinux cheatsheet.

unix/linux.txt · Last modified: 2017/07/10 11:43 by ap

Informativa sui cookie