/bin/sed -i.bak -e 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
Wednesday, October 21, 2015
Friday, October 09, 2015
Disable IPv6 on Linux
Sometime you may want to disable IPV6 on your Linux server.
To check if IPV6 is running on your system
Run the following command.
#ifconfig - This is show the ipv4 and ipv6 address
To disable ipv6
vi /etc/sysctl.conf
Add the following lines at the bottom of the config file
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
After saving the file, run the following command to apply the new changes.
#sysctl -p
To confirm the changes are applied, run the command
#ifconfig - This should not show ipv6 address any more
To check if IPV6 is running on your system
Run the following command.
#ifconfig - This is show the ipv4 and ipv6 address
To disable ipv6
vi /etc/sysctl.conf
Add the following lines at the bottom of the config file
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
After saving the file, run the following command to apply the new changes.
#sysctl -p
To confirm the changes are applied, run the command
#ifconfig - This should not show ipv6 address any more
Monday, June 15, 2015
Securing Linux
Stop all unwanted services
#chkconfig --list
|grep '3:on'
#chkconfig cups off
#chkconfig postfix
off
#chkconfig atd off
#chkconfig ip6tables
off
#chkconfig
lvm2-monitor off
#chkconfig mdmonitor
off
#chkconfig rpcidmapd
off
#chkconfig nfslock
off
#chkconfig mcelogd
off
#chkconfig xinetd
off
#chkconfig inetd off
Remove all unwanted packages
#rpm -e
Disable Root login
#vi
/etc/ssh/sshd_config
PermitRootLogin no
#service sshd
restart
Create a service account
with Sudo Access
- Create a service account
#useradd
#passwd
(provide a strong password)
- Provide Sudo Access to service account _ In this case i have given all root access
#visudo
lbadmin
ALL=(ALL) ALL
Disable alt+ctrl+del key
switch for reboot
#vi
"/etc/init/control-alt-delete.conf"
Hash both the lines
#start on control-alt-delete
#exec /sbin/shutdown -r now
"Control-Alt-Delete pressed"
Allow ssh access only from
specific subnets or IP address
#vi /etc/hosts.allow
sshd:
#vi /etc/hosts.deny
sshd: ALL
Restrict access to server for specific subnet.
# Generated by
iptables-save v1.4.7 on Fri Jun 12 15:39:00 2015
*filter
:INPUT ACCEPT
[75:5272]
:FORWARD ACCEPT
[0:0]
:OUTPUT ACCEPT
[68:5268]
-A INPUT -m state
--state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j
ACCEPT
-A INPUT -i lo -j
ACCEPT
-A INPUT -m state
--state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m
tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m
tcp --dport 443 -j ACCEPT
-A OUTPUT -p udp
--dport 123 -j ACCEPT
-A INPUT -p udp
--sport 123 -j ACCEPT
-A OUTPUT -p tcp
--dport 123 -j ACCEPT
-A INPUT -p tcp
--sport 123 -j ACCEPT
-A INPUT -j REJECT
--reject-with icmp-host-prohibited
-A FORWARD -j REJECT
--reject-with icmp-host-prohibited
COMMIT
Set IP tables to
start at reboot
#chkconfig iptables
on
Apply the new IP table rules by running command
#service iptables
start
Check all accounts have
password set to them. No account should be without password less loging
grep -v ':x:'
/etc/passwd
Tuesday, March 17, 2015
Cannot initiate the connection to 80:80 (0.0.0.80)
When running apt-get update command, if you receive the below mentioned error
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/trusty-backports/restricted/i18n/Translation-en_US Cannot initiate the connection to 80:80 (0.0.0.80). - connect (22: Invalid argument)
Edit the following file
vi /etc/apt/apt.conf
Hash out the following entry
#Acquire::http::Proxy "ProxyIP:ProxyPort";
Now try #apt-get update, this should update the repository informaiton
Tuesday, February 24, 2015
Tuesday, February 17, 2015
Monday, February 16, 2015
Windows 8 and Windows 2012 rebooting issue on Proxmox VM
When you boot any VM and try to install Windows 8 or Windows 2012, the VMs will go into a continuous reboot. This is due to the missing CPU flag settings.
To fix this issue modify the VM configuration file of the VM
cd /etc/pve/qemu-server
vi 106.conf ( Assuming 106.conf is the VM on which you are installing Win8 or Win2012)
balloon: 1024
bootdisk: ide0
cores: 2
args: -cpu qemu64,+sep,+cx16,+lahf_lm
ide0: PROXMOX6_VMVOL:106/vm-106-disk-1.qcow2,format=qcow2,size=32G
ide2: ISO:iso/Windows_8.1_x64.iso,media=cdrom,size=5227698K
memory: 2048
name: OPSI-Windows8
net0: virtio=DA:3B:63:57:3C:6F,bridge=vmbr0,tag=103
ostype: other
sockets: 1
To fix this issue modify the VM configuration file of the VM
cd /etc/pve/qemu-server
vi 106.conf ( Assuming 106.conf is the VM on which you are installing Win8 or Win2012)
balloon: 1024
bootdisk: ide0
cores: 2
args: -cpu qemu64,+sep,+cx16,+lahf_lm
ide0: PROXMOX6_VMVOL:106/vm-106-disk-1.qcow2,format=qcow2,size=32G
ide2: ISO:iso/Windows_8.1_x64.iso,media=cdrom,size=5227698K
memory: 2048
name: OPSI-Windows8
net0: virtio=DA:3B:63:57:3C:6F,bridge=vmbr0,tag=103
ostype: other
sockets: 1
Subscribe to:
Posts (Atom)