Can’t restart auditd with systemctl

Posted on October 26, 2018 by admin

The following command

systemctl restart auditd

Returns the following error on CentOS

Failed to restart auditd.service: Operation refused, unit auditd.service may be requested by dependency only (it is configured to refuse manual start/stop).
See system logs and 'systemctl status auditd.service' for details.

Work around is to use service for the restart

service auditd restart

Install VMware tools on CentOS VM

Posted on August 10, 2018 by admin

Install the open vm tools from the distros repos

if your on Fedora you’ll need to use dnf instead of yum.

yum install open-vm-tools

Enable tools on boot up

systemctl enable vmtoolsd

Start service

systemctl enable vmtoolsd

Install NTP on CentOS

Posted on August 3, 2018 by admin

Install NTP

yum install ntp -y

Enable ntpd service

systemctl enable ntpd

Convert .qcow2 to .vmdk for VMware

Posted on July 26, 2018 by admin

Install qemu-img

dnf install qemu-img -y

Convert the image. Change vmimage to your image name.

qemu-img convert -f qcow2 -O vmdk vmimage.qcow2 vmimage.vmdk

Repairing Fedora grub from chroot

Posted on July 24, 2018 by admin

Notes from repairing a Fedora drive.

Mount system in chroot.

If the system is a raid drive and your not able to access it refer to this post. May just need to install the raid utilities.

For mounting the chroot environment refer to this post

Repairing grub

yum install grub2-efi-*

Install grub. Change /sda to your drive, may need to specify the efi partition.

grub2-install /dev/sda

If your boot and efi partitions are mounted.

grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

Reboot.

DNF/YUM not working in chroot environment

Posted on July 24, 2018 by admin

The reason is probably because the chrooted environment can’t resolve DNS.

Test it with

ping incredigeek.com

If it is not resolving, edit “/etc/resolv.conf” and change/add your nameserver. Or just replace everything in it with

echo "nameserver 4.2.2.2" > /etc/resolv.conf

It should now be able to resolve and you should be able to use yum, or dnf.

yum update

Install semanage on CentOS 7

Posted on April 26, 2018 by admin

semanage is part of the policycoreutils-python package, as is seen when you run “yum provides semanage”. So you need to install the package to get the semanage functionality.

yum install policycoreutils-python

You should be good to go.

Setup Secure FTP server on CentOS

Posted on February 26, 2018 by admin

Setup SFTP Server

When finished you’ll have a SFTP server setup that is configured so the users are in a chroot environment, and can not ssh, or telnet to the server.

Install SSH server if it is not already

yum install openssh-server openssh-client

Create group that is limited to sftp so they can’t ssh, scp etc.

groupadd sftpusers

Add chroot settings to /etc/ssh/sshd_config. The %u is a variable, which is the users username.

Match Group sftpusers
ChrootDirectory /sftp/%u
ForceCommand internal-sftp

Make ftp directory

mkdir /sftp

Add SFTP user

useradd -g sftpusers -d /sftp -s /sbin/nologin newsftpuser

Create password for new user

passwd newsftpuser

Create directory for user

mkdir /sftp/newsftpuser

Create directory to put ftp files

mkdir /sftp/newsftpuser/files

Change permissions

chown newsftpuser:sftpusers /sftp/newsftpuser/files/

Restart sshd

systemctl restart sshd

Should be good to go. Test it by logging in with your favorite FTP client.

Add Self Signed SSL certificate to LibreNMS in CentOS

Posted on February 8, 2018 by admin

Install mod_ssl

yum install mod_ssl -y

Create Directory for SSL key.

mkdir /etc/ssl/key
chmod 700 /etc/ssl/key

Create certificate.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt

Fill out the info or what is applicable.

Now edit the LibreNMS Apache config file /etc/httpd/conf.d/librenms.conf

All you have to do is add the following three lines under the VirtualHost and change *:80 to *:443.

SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSL CertificateKeyFile /etc/pki/tls/private/localhost.key

So when your finished the file should look like this.

<VirtualHost *:443>
 DocumentRoot /opt/librenms/html/
 ServerName server_hostname_or_IP
 SSLEngine on
 SSLCertificateFile /etc/pki/tls/certs/localhost.crt
 SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
 CustomLog /opt/librenms/logs/access_log combined
 ErrorLog /opt/librenms/logs/error_log
 AllowEncodedSlashes NoDecode
 <Directory "/opt/librenms/html/">
 Require all granted
 AllowOverride All
 Options FollowSymLinks MultiViews
 </Directory>
</VirtualHost>

Don’t forget to allow https/port 443 traffic through the firewall. Guide here

If you have any issues, you may need to chmod the key and crt file.

chmod 644 /etc/pki/tls/certs/localhost.crt
chmod 644 /etc/pki/tls/private/localhost.key

You should now be able to access LibreNMS using https. Note, you’ll need to allow an exception in your browser for your self signed certificate.

https://LibreNMS_IP_Address

Install SSH Server on Linux (Debian, Ubuntu, Fedora, CentOS, RedHat)

Posted on November 17, 2017 by admin

Debian / Ubuntu

sudo apt-get install -y openssh-server

RPM based Distros, Fedora / CentOS / RedHat

sudo dnf install -y openssh-server

or use yum

sudo yum install -y openssh-server

Start ssh service

sudo systemctl start sshd

By default the SSH service should start when the system starts, but if not try the following command to enable the service on boot up.

Debian / Ubuntu

systemctl enable ssh

Fedora, CentOS, RedHat

systemctl enable sshd

Change SSH port

Not necessary, but it is a good idea to change the default ssh port. To change the port edit the sshd file.

vi /etc/ssh/sshd_config

If you change the port, you’ll need to allow it in the firewall (firewalld, iptables) and if SELinux is enabled, semanage.

Incredigeek

Tag Archives: centos