I currently work in an environment that has used Linux for more than a decade. Everybody in the office uses different distros on their desktops as well as the servers. As such, the choices of distribution tend to revolve around a number of things in no particular order: History – Obviously systems like RedHat and … Read more
Try this command firewall-cmd –permanent –zone=public –add-rich-rule=” rule family=”ipv4″ source address=”1.2.3.4/32″ port protocol=”tcp” port=”4567″ accept” Check the zone file later to inspect the XML configuration cat /etc/firewalld/zones/public.xml Reload the firewall firewall-cmd –reload
CentOS 7 is using FirewallD now! Use the –permanent flag to save settings. Example: firewall-cmd –zone=public –add-port=3000/tcp –permanent Then reload rules: firewall-cmd –reload
Update: 2 more things that have popped up in the comments and in follow-up questions: Using auditd this way will dramatically increase your log volume, especially if the system is heavily in use via commandline. Adjust your log retention policy. Auditd logs on the host where they are created are just as secure as other … Read more
All users: $ getent passwd All groups: $ getent group All groups with a specific user: $ getent group | grep username
This means people are trying to brute-force your passwords (common on any public-facing server). It shouldn’t cause any harm to clear out this file. One way to reduce this is to change the port for SSH from 22 to something arbitrary. For some additional security, DenyHosts can block login attempts after a certain number of … Read more
You must begin with the partition unmounted. If you can’t unmount it (e.g. it’s your root partition or something else the system needs to run), use something like System Rescue CD instead. Run parted, or gparted if you prefer a GUI, and resize the partition to use the extra space. I prefer gparted as it … Read more
The primary (historical) reasons for partitioning are: to separate the operating system from your user and application data. Until the release of RHEL 7 there was no supported upgrade path and a major version upgrade would require a re-install and then having for instance /home and other (application) data on separate partitions (or LVM volumes) … Read more
It’s not a good idea to edit /etc/profile for things like this, because you’ll lose all your changes whenever CentOS publishes an update for this file. This is exactly what /etc/profile.d is for: echo ‘pathmunge /usr/lib/ruby-enterprise/bin’ > /etc/profile.d/ree.sh chmod +x /etc/profile.d/ree.sh Log back in and enjoy your (safely) updated $PATH: echo $PATH /usr/lib/ruby-enterprise/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin which ruby … Read more
Systems using systemd (CentOS >=7) will have the reboot, shutdown and halt commands symlinked to systemctl to handle the reboot. The systemctl program will detect the use of the symlink and run the systemctl command with the correstponing arguments. For the difference between the commands see the manpage for systemctl (man systemctl) for it is … Read more