automount SAMBA and NFS server

First install automount service:
# yum install -y autofs
The main configuration file is auto.master.
# vi /etc/auto.master
There I will setup the home directory of LDAP users to be setup by the /etc/auto.guests file.
/home/guests /etc/auto.guests
Now setup the content of the file /etc/auto.guests
In first position I will use a * which means anything. On exam use a NFS server. At end of line use & which means any file.
* -rw nfsserver:/home/guests/&
on SAMBA use the following which are a little more complicated:
* -fstype=cifs,username=ldapuser,password=password ://server.example.com/data/&
The structure of file is the same. First is directory which by * means anything. Then there is alist of mount options
fstype=cifs tell automount that is a SAMBA server.
username=ldapuser,password=password – completly open the share to all LDAP users.
://server.example.com/data/& – this is the path to SAMBA server.

Configuring NFS and automount
Setup the NFS environment. First search the server packages:
# yum search nfs
This will tell us what we need. We need a nfs-utils t create a small NFS server.
# yum install -y nfs-utils
Create the file /etc/exports
# vi /etc/exports
Here I say what I’m exporting /data
mount options -rw
to whom I want to open it *(rw,no_root_squash)
Here I can put an IP address because NFS works with local machines only.
/data -rw *(rw,no_root_squash)
Start the server:
# systemctl start nfs
If is not starting, check the status with:
# systemctl status -l nfs
!!!!! Create the directory in order to share it before starting the server:
# mkdir /data
# cd /data
# touch file1
# systemctl start nfs
On client I will connect to NFS
# showmount -e localhost
This is show the mounts that are exported to server with localhost.
Mount the directory from NFS server to the mount point /mnt:
# mount localhost:/data /mnt
Now I should see the files from mount point:
# ls /mnt
Create automount to NFS environment:
edit the file /etc/auto.master and add the line:
/nfsserver /etc/auto.nfsserver
Create the file with name:
# vi /etc/auto.nfsserver
What I want to do? If somebody will go to directory blah on nfs server, will go to remote host /data
blah -rw localhost:/data
restart teh autofs:
# systemctl restart autofs
Automount have created the directory automatically:
# cd /nfsserver
Now there is nothing there but if I use:
# cd blah
Will go to directory

LDAP client connection

I have the DNS name : server.exemple.com
I have top domain: .com
I have subdomain: exemple
I have a leave object: server
In LDAP can have something like:
lisa.example.com
In LDAP is not write that way. This is DNS way. In LDAP.
the domain will be dc (domain container)
dc=com
dc=example
For leave objects will use “common name”: cn=server
cn=lisa,dc=example,dc=com
Is not using “.”, is using “,”.
When setup the connection to LDAP must setup the “base context”. This is like search domain in DNS. Is the starting point where the client should look for objects.
The base content must be setup before and then the user will use it to login.
Steps to login to LDAP:
1. find the binary for login:
# which login
Those binaries are used by user to connect to anything.
Those binaries is using library files. Find the library files:
# ldd /bin/login
The libpam.so library is a plugin to login which add functionality to login command.
PAM is from Pluggable Authentication Modules.
The authentication module is in /etc/pam.d/ directory. Here are configuration files for any kind on authentication. Here is the configuration file for login:
# /etc/pam.d/login
Here is defined what is happening when system is starting. “auth” is the common definition for login procedure of any process which is related to user authentication.
Check the system-auth file:
# vi /etc/pam.d/system-auth
The line with pam.unix.so is telling Linux to check local login mechanism. If that is not successful the user will go to pam_ldap.so. This will search the user to LDAP. This is how internal programs know about LDAP.

Use:
# authconfig
or
# authconfig-tui
graphical interface configuration:
# yum install authconfig-gtk -y
Need additional packages (Name Server Cache Daemon). Is caching the information on local server during working with Authentication.
Also we need nss-pam-ldap. This will resolve local name resolution and send to LDAP. Also we need the libraries for make local authentication: pam_ldap. I need all of these.
# yum install nscd nss-pam-ldap pam_ldap -y
Now I can lunch the graphical authconfig:
# authconfig-gtk
or can use authconfig-gui but on exam is easy with gtk.
I have to setup the user account to use LDAP database.
The error with /lib64/security/pam_krb5.so is related to kerberos and since we are not using, is OK. But in order to have the package complete, is ok to be installed.
Kerberos is in RHCE course.
Authentication method to LDAP password.
LDAP Search Base DN: dc=example,dc=com
LDAP server name. IP addresses is not working: ldap://server.example.com. Is not working with name because the name should match the name from certificate and the certificate is for name not the IP.
Check TLS to encrypt connection, download certificate from ftp://server.example.com/pub/certification.pem. Click Apply.

Modifying nslcd Configuration
Many things happening when connecting using LDAP process. Those are related to nslcd process:
# systemctl status nslcd
The file /etc/nsswitch.conf is the configuration file used by client in order to connect to LDAP server.

Is show that first is loking in file system and after that in sss (is not used anymore) and after that in ldap.
pam – pluggable authntication modules – is using also nslcd.
The directory /etc/pam.d/ have configuration files for LDAP.
the file /etc/pam.d/login have the definition on what should happen when user will login. The most important is system-auth
To find the LDAP server we need the nslcd.
# less /etc/nslcd.conf
There is an nscd file which is not related to LDAP.
Here is the URI and base context of LDAP server.
Also there are information about downloaded certificate.
Check also /var/log/messages

useradd

# useradd –help
-e wait an expiration date but not say the format.
# man useradd
/-e YYYY-MM-DD
Since the user is a C programmer want the C shell:
# useradd -c myuser -e 2015-12-05 -s /bin/tcsh laura
Add people to group
# usermod –help
-g – is for primarry group
-G – is a new list of secondary should not be use because will OVERWRITE the current groups.
-a should be used because is appending.
# id laura
# usermod -aG account laura
/etc/passwd – every user account have his own account.
/etc/shadow – is for passwords. Password is hash
/etc/group
/etc/login.defs – definitions for creating users.
/etc/default/useradd – this is the default for useradd.
skeleton from home directory.
/etc/skel – is used for copy files into new users directory.
Can add files here which will be used for creating users.
# passwd –help
-d delete, -l lock,, -e expire, -w warning, etc.
# chage -E 2015-07-01 laura
# /etc/shadow – have the details about the account of user.
4. expire password in 40 days. Not the account to expire
# passwd -x 90 lisa

connection using ssh

# ssh localhost – connect to localhost
accept keyFingerprint. This is because the key cannot be verified.
# exit – exit from ssh connection
# ssh -p 2022 user@server.com
Key fingerprint is stored into:
# ~/.ssh/known_hosts
If the key fingerprint is wrong, there will be: Add correct host key in …… this is happening because the server has been installed on same IP address and key fingerprint from computer don’t match the key fingerprint from server. In order to restore the error, delete the key fingerprint from client. Identify the line from
# ~/.ssh/known_hosts
and delete it using dd from vim.
On server check the settings from:
# vim /etc/ssh/sshd_config

Create public/private key pair.
# ssh-keygen
The private key /home/user/.ssh/id_rsa will be created. Enter the passphrase in order to use this key.
The public key is created:
/home/user/.ssh/id_rsa.pub.
Copy public key to server:
# ssh-copy-id localhost
Use the password for remote user.
In order to copy to a remote host:
# ssh-copy-id -p 9822 user@domain.com
The option -i is useful when the file.pub is not located and have to manually insert the path to that file.
Test it:
# ssh -p 9822 user@domain.com
scp is for secure copy. Is used for copy files:
# scp -P 9822 /local/filename nameOfServer:/path/to/file
Is using “P” for port and not “p” because “p” is used for preserve the files attributes

test it:
1. Open a console and login as root.
ctrl+alt+F2 and login as root.
ctrl+alt+F1 – return to console.
2. from console login to localhost.
# ssh localhost
3. exit to close the session
# exit
4. create a ssh key pair.
# ssh-keygen > file for private > password (could be none)
5. use the key pair in order to login.
# ssh-copy-id localhost

working with cut, translate, sed, awk

# cut -f 1 filename – filter a file.
Cut is using a separator for fields.
# cut -f 1 -d : /etc/passwd

# tr – translate is replace characters. It works with pipe | in order to work with the output from other command.
# echo hello | tr a-z A-Z
This command is show all uppercase.
This is working ok if there are not different letters.
# echo hello | tr [:lower:] [:upper:]
# man tr
and awk was for file processing. Now there are not used anymore.
# sed 2q /etc/passwd
show the first 2 lines from file
# sed -n /^root/p /etc/passwd
Sed is not using anymore because there are other commands which are nice: grep.
# cp /etc/passwd ~
Replace an user with something else:
# sed -i ‘s/linda/julia/g’ passwd
awk is doing many things which can be done with other tools. Cutting information:
# ps aux | grep apache
# ps aux | grep apache | cut -f 2
or
# ps aux | grep apache | awk ‘{ print $2 }’

1. Use head and tail to display the 5th line of file /etc/passwd
# head -n 5 /etc/passwd | tail -n 1
2. use sed to do the same.
# sed -n ‘5p’ /etc/passwd
3. use awk to filter the first column out of the results of command ps aux
# ps aux | awk ‘{ print $1 }’
4. use grep to show the names of all files in /etc that have lines starting with the text ‘root’
# cd /etc
# grep ^root * 2> /dev/null

work with tar

tar is tape archive
c- create
v – verbose
f – name of file
# tar cvf /home/user.tar /directoryToBeCreated
# file fileName (show shich kind of file is)
z is for compression to tgz
# tar czf /home/user.tar /directoryToBeCreated
Before check what is in side:
# tar tvf filename
The directory names are relative.
Extract:
# tar xvf
Ordering is important !!!!
-C switch to specific directory:
# tar xvf archiveName.tar -C /tmp
I’m backup the configuration files and after that If I’m removing a configuration file, I can restore it like this:
# tar xvf /root/etc.tar -C / etc/wgetrc
(I’m using etc/wgetrc in order to extract only a file from archive).

links

# ls -il /etc/hosts
-l long listing and -i is inode
# ln sourceFile destinationFile
# ln /etc/hosts computers
symbolic:
# ls -s sourceFile destinationFile
# ls -s /etc/hosts computers
On soft links the permissions are differents and in pointing to another inode.
Normal user cannot create hard links for /etc/shadow.
Can link to files where you have at least READ permissions.

Install Oracle Virtualbox Additions on Centos 7 Guest VM

Update and install dependencies
yum -y update kernel*
reboot -r now
yum install -y gcc kernel-devel kernel-headers dkms make bzip2 perl
export KERN_DIR=/usr/src/kernels/`uname -r`

or Install dependencies
# sudo yum groupinstall “Development Tools”
# sudo yum install kernel-devel

Mount the Virtualbox Additions CD ISO

# su –
# mkdir /media/cdrom/
# mount /dev/cdrom /media/cdrom/
# cd /media/cdrom/
# ./VBoxLinuxAdditions.run

# yum install VirtualBox-4.1

https://wiki.centos.org/HowTos/Virtualization/VirtualBox
https://www.gaggl.com/2014/07/install-virtualbox-additions-on-centos-7-guest-vm/

CentOS 7 VirtualBox Guest Additions Installation

To change or not to change…

2015-10-18_11-14-46
Once in a while I’m receiving notifications in order to approve the new therms and conditions of a well known search engine. This in not so bothering to me but what is bothering is the way they do it. Is so tricky and pervert. They don’t say what exactly they changed and they don’t say that they change it 🙂 but they let you know that they change it. So…what is status? Have they changed something? There is an historical with all changes in past 10 years?
And what I like is that they call it a “privacy reminder”. This means that they have done something to my privacy rights but they don’t say what and they just remind me that something is not OK and I should read….

SSH without password using Putty

Those to links are useful:
http://www.howtoforge.com/how-to-configure-ssh-keys-authentication-with-putty-and-linux-server-in-5-quick-steps
http://www.tonido.com/blog/index.php/2009/02/20/ssh-without-password-using-putty/#.VcMLSvmqpn8