Notes and Tips To list all services firewalld is aware in an easy to read format use command firewall-cmd –get-services | tr ” ” “\n” Default firewalld service .xml files can be found under /usr/lib/firewalld/services For all commands that support the –zone= option if no zone is provided it will use the default zone. To…
Shell Script to Locate and Check the Version of all Java Binaries
Rather your public or private industry at some point your system will be audited. As part of this audit there may include a search for old versions of Java that have not been patched. Even though you may patch your OS consistently often COTS software such at Symantec NetBackup, Oracle and so on will install…
Script to Find World Writable Files
Notes Script works on all Linux operating systems In the middle of the while loop you can add something like chmod o-w ${file} to remove the world writable flag
1 2 3 4 5 6 7 8 9 10 11 12 13 |
#!/bin/bash ########################################################### # Purpose: Searches mounted filesystems for files that are # world writable ########################################################### # Ignores filesystem types that should not be scanned for fs in $(mount -v | egrep -v "nfs|oracle|tmpfs|lofs|ctfs|objfs|fd|devfs|mntfs|sharefs|odm|proc|devpts|sysfs" | awk '{print $3}'); do find ${fs} -xdev -type f -perm -o+w -name "*" -print0 | while IFS= read -r -d '' file; do ls -l "${file}" done done |
Secure Your SSH Server
Before Beginning Backup your /etc/ssh/sshd_config file before making any changes For more detailed info on the options in this guide check the sshd_config man page man sshd_config Do not blindly set these security settings design them around your environments security policy Step 1: Disable Root Login Before disabling PermitRootLogin make sure you have an generic…
Bind mysql Port to Localhost
Step 1: Verify that mysql port 3306 is listening on all ports using netstat and/or nmap.
1 2 |
netstat -antp | grep 3306 |
Output will resemble
1 2 |
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 27038/mysqld |
Nmap is generally run from an remote system.
1 2 |
nmap www.example.com | grep 3306 |
Output will resemble
1 2 |
3306/tcp open mysql |
Step 2: Backup your /etc/my.cnf file.
1 2 |
cp /etc/my.cnf /etc/my.cnf.orig |
Step 3: Open your /etc/my.cnf file with vi.
1 2 |
vi /etc/my.cnf |
Step 4: Add the line…
Troubleshooting VAS/QAS on Red Hat Enterprise Linux and Solaris
This document details the basic steps used to troubleshoot Quest Authentication Services (QAS) also known as Vintela Authentication Services (VAS). Important Files Files Details /etc/opt/quest/vas/host.keytab Encrypted host key /etc/opt/quest/vas/group-override Maps accounts to groups /etc/opt/quest/vas/users.allow Lists groups that are granted access to the server /etc/opt/quest/vas/xjoin.keytab File used to join server to domain /etc/opt/quest/vas/vas.conf Primary VAS configuration…
Increase System Entropy on RHEL & CentOS 6 and 7
The document details the process of creating entropy using the Intel rdrand instruction set built into certain Intel CPUs. Entropy is the randomness of the data that is used when an application or operating system uses cryptography. An example would be SSL connections to your web server. Verify CPU Supports the rdrand Instruction In this…
-
Recent Posts
Categories
- Audit
- Backups
- Clustering
- Development
- FreeBSD
- FreeIPA
- GlusterFS
- Guru Labs
- IPV6
- Katello
- Linux
- Linux
- Linux
- Logical Volume Manager
- mysql
- Networking
- Pacemaker
- Performance Monitoring
- Red Hat Enterprise Linux
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Satellite Server 6
- Red Hat Summit
- Security
- Shell Scripting
- Solaris
- Storage Management
- Training
- Troubleshooting
- Uncategorized
- VAS/QAS Administration
- VERITAS Cluster Server
- VERITAS InfoScale
- VERITAS NetBackup
Tags
agent backup centos 6 cluster clusvcadm cman df fence fencing filesystem find fstype gl236 glusterfs guru labs hammer-cli hardening HP ILO infoscale oracle ownership pacemaker pcp pcs permissions pmcd QAS red hat 6 resource resources rgmanager rhel rhel 6 rhel 7 scripting security ssh storage sync-plan tarsnap training VAS vcs veritas