Try this command firewall-cmd –permanent –zone=public –add-rich-rule=” rule family=”ipv4″ source address=”1.2.3.4/32″ port protocol=”tcp” port=”4567″ accept” Check the zone file later to inspect the XML configuration cat /etc/firewalld/zones/public.xml Reload the firewall firewall-cmd –reload
CentOS 7 is using FirewallD now! Use the –permanent flag to save settings. Example: firewall-cmd –zone=public –add-port=3000/tcp –permanent Then reload rules: firewall-cmd –reload
Update: 2 more things that have popped up in the comments and in follow-up questions: Using auditd this way will dramatically increase your log volume, especially if the system is heavily in use via commandline. Adjust your log retention policy. Auditd logs on the host where they are created are just as secure as other … Read more
This means people are trying to brute-force your passwords (common on any public-facing server). It shouldn’t cause any harm to clear out this file. One way to reduce this is to change the port for SSH from 22 to something arbitrary. For some additional security, DenyHosts can block login attempts after a certain number of … Read more
You must begin with the partition unmounted. If you can’t unmount it (e.g. it’s your root partition or something else the system needs to run), use something like System Rescue CD instead. Run parted, or gparted if you prefer a GUI, and resize the partition to use the extra space. I prefer gparted as it … Read more
It’s not a good idea to edit /etc/profile for things like this, because you’ll lose all your changes whenever CentOS publishes an update for this file. This is exactly what /etc/profile.d is for: echo ‘pathmunge /usr/lib/ruby-enterprise/bin’ > /etc/profile.d/ree.sh chmod +x /etc/profile.d/ree.sh Log back in and enjoy your (safely) updated $PATH: echo $PATH /usr/lib/ruby-enterprise/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin which ruby … Read more
Systems using systemd (CentOS >=7) will have the reboot, shutdown and halt commands symlinked to systemctl to handle the reboot. The systemctl program will detect the use of the symlink and run the systemctl command with the correstponing arguments. For the difference between the commands see the manpage for systemctl (man systemctl) for it is … Read more
Use the ntp daemon. Run yum install ntp and ensure that the service is started via ntsysv or chkconfig ntpd on. To get an immediate sync, run ntpdate time.apple.com (or something similar).
su – yum install gcc-c++ openssl-devel cd /usr/local/src wget http://nodejs.org/dist/node-latest.tar.gz tar zxvf node-latest.tar.gz (cd into extracted folder: ex “cd node-v0.10.3″) ./configure make make install Note that this requires Python 2.6+ to use ./configure above. You can modify the “configure” file to point to python2.7 in line 1 if necessary. To create an RPM package, you … Read more
I was looking at using HAProxy and Nginx for load balancing, and I had some questions: Should I use JUST HAProxy over Nginx for the proxy server? Is there any reason to have HAProxy and Nginx installed on the same proxy server? Thanks