The following command
systemctl restart auditd
Returns the following error on CentOS
Failed to restart auditd.service: Operation refused, unit auditd.service may be requested by dependency only (it is configured to refuse manual start/stop).
See system logs and 'systemctl status auditd.service' for details.
Work around is to use service for the restart
service auditd restart
Install the open vm tools from the distros repos
if your on Fedora you’ll need to use dnf instead of yum.
yum install open-vm-tools
Enable tools on boot up
systemctl enable vmtoolsd
systemctl enable vmtoolsd
dnf install qemu-img -y
Convert the image. Change vmimage to your image name.
qemu-img convert -f qcow2 -O vmdk vmimage.qcow2 vmimage.vmdk
Posted in Linux, VMware |
Tagged centos, convert, fedora, image, linux, qcow2, qemu, redhat, vmdk, vmware |
Notes from repairing a Fedora drive.
Mount system in chroot.
If the system is a raid drive and your not able to access it refer to
this post. May just need to install the raid utilities.
For mounting the chroot environment refer to
Repairing grub yum install grub2-efi-*
Install grub. Change /sda to your drive, may need to specify the efi partition.
If your boot and efi partitions are mounted.
grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
The reason is probably because the chrooted environment can’t resolve DNS.
Test it with
If it is not resolving, edit “/etc/resolv.conf” and change/add your nameserver. Or just replace everything in it with
echo "nameserver 22.214.171.124" > /etc/resolv.conf
It should now be able to resolve and you should be able to use yum, or dnf.
Posted in CentOS, Fedora, Linux, RedHat |
Tagged centos, chroot, chrooted, dnf, fedora, linux, redhat, yum |
semanage is part of the policycoreutils-python package, as is seen when you run “yum provides semanage”. So you need to install the package to get the semanage functionality.
yum install policycoreutils-python
You should be good to go.
Setup SFTP Server
When finished you’ll have a SFTP server setup that is configured so the users are in a chroot environment, and can not ssh, or telnet to the server.
Install SSH server if it is not already
yum install openssh-server openssh-client
Create group that is limited to sftp so they can’t ssh, scp etc.
Add chroot settings to /etc/ssh/sshd_config. The %u is a variable, which is the users username.
Match Group sftpusers
Make ftp directory
Add SFTP user
useradd -g sftpusers -d /sftp -s /sbin/nologin newsftpuser
Create password for new user
Create directory for user
Create directory to put ftp files
chown newsftpuser:sftpusers /ftp/newsftpuser/files/
systemctl restart sshd
Should be good to go. Test it by logging in with your favorite FTP client.
yum install mod_ssl -y
Create Directory for SSL key.
chmod 700 /etc/ssl/key
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt
Fill out the info or what is applicable.
Now edit the LibreNMS Apache config file /etc/httpd/conf.d/librenms.conf
All you have to do is add the following three lines under the VirtualHost and change *:80 to *:443.
SSL CertificateKeyFile /etc/pki/tls/private/localhost.key
So when your finished the file should look like this.
CustomLog /opt/librenms/logs/access_log combined
Require all granted
Options FollowSymLinks MultiViews
Don’t forget to allow https/port 443 traffic through the firewall. Guide
If you have any issues, you may need to chmod the key and crt file.
chmod 644 /etc/pki/tls/certs/localhost.crt
chmod 644 /etc/pki/tls/private/localhost.key
You should now be able to access LibreNMS using https. Note, you’ll need to allow an exception in your browser for your self signed certificate.
Posted in CentOS, Fedora, LibreNMS, Linux, RedHat |
Tagged centos, cert, https, librenms, linux, nms, openssl |
Debian / Ubuntu sudo apt-get install -y openssh-server
RPM based Distros, Fedora / CentOS / RedHat sudo dnf install -y openssh-server
or use yum
sudo yum install -y openssh-server
Start ssh service sudo systemctl start sshd
By default the SSH service should start when the system starts, but if not try the following command to enable the service on boot up.
Debian / Ubuntu
systemctl enable ssh
Fedora, CentOS, RedHat
systemctl enable sshd
Change SSH port
Not necessary, but it is a good idea to change the default ssh port. To change the port edit the sshd file.
If you change the port, you’ll need to allow it in the firewall (
firewalld, iptables) and if SELinux is enabled, semanage.
Posted in CentOS, Command Line, Debian, Fedora, Linux, RedHat, Ubuntu |
Tagged centos, debian, fedora, linux, openssh, redhat, ssh, sshd, ubuntu |