{"id":5979,"date":"2016-06-24T22:55:34","date_gmt":"2016-06-24T14:55:34","guid":{"rendered":"http:\/\/rmohan.com\/?p=5979"},"modified":"2016-06-24T22:55:34","modified_gmt":"2016-06-24T14:55:34","slug":"centos-6-8-notes-rhel6-8-notes","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=5979","title":{"rendered":"centos 6.8 NOTES RHEL6.8 NOTES"},"content":{"rendered":"<p>###########################<br \/>\n### RHEL\/CentOS install ###<br \/>\n###########################<\/p>\n<p>### Link for netinstall ##<br \/>\nhttp:\/\/ftp.astral.ro\/distros\/centos\/6.8\/os\/x86_64\/<\/p>\n<p>###########<br \/>\n### yum ###<br \/>\n###########<\/p>\n<p>yum update\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# update toate pachetele si dependintele lor<br \/>\nyum search nume_pachet\u00a0\u00a0 \u00a0# cauta un anume pachet, pot fi mai multe pachete trecute<br \/>\nyum info nume_pachet\u00a0\u00a0 \u00a0# afiseaza detalii despre un anume pachet<br \/>\nyum list nume_pache\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# afiseaza informatii despre un anumit pachet, instalat sau nu<br \/>\nyum list nume_pachet\\* \u00a0\u00a0 \u00a0# afiseaza informatii despre toate pachetele care incep cu un nume<br \/>\nyum list all\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# afiseaza toate pachetele disponibile<br \/>\nyum list installed &#8220;*nume_pachet*&#8221;\u00a0 # afiseaza pachetele instalate care contine un nume<br \/>\nyum list installed | grep reponame\u00a0 # afiseaza pachetele instalate dintr-un repo<br \/>\nyum list available\u00a0\u00a0 \u00a0# afiseaza pachetele disponibile in functie de repo-urile instalate<br \/>\nyum repolist\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# afiseaza repo-urile instalate<br \/>\nyum gruplist\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# afiseaza<br \/>\nyum install nume_pachet\\* # instaleaza toate pachetele care incep cu un nume<br \/>\nyum downgrade nume_pachet<br \/>\nyum provides &#8220;*\/nume_pachet&#8221; # afiseaza fisierele care le detine un pachet<br \/>\nyum -v grouplist kde\\*\u00a0 # listeaza toate pachetele ce tin de KDE<br \/>\nyum groupinstall &#8220;KDE Software Compilation&#8221; # instaleaza toate pachetele ce tin de KDE<br \/>\nyum groupinstall kde-desktop<br \/>\nyum install @kde-desktop\u00a0 # @ pentru a instala un grup<br \/>\nyum remove nume_pachet<br \/>\nyum groupremove &#8220;KDE Software Compilation&#8221;<br \/>\nyum groupremove kde-desktop<br \/>\nyum remove @kde-desktop<br \/>\nyum history list<br \/>\nyum history list nume_pachet<br \/>\nyum repolist all\u00a0 # list all repositories set up on your system<br \/>\nyum &#8211;exclude=packagename\\* &#8230;<\/p>\n<p>################<br \/>\n### yum.conf ###<br \/>\n################<\/p>\n<p>### skip updating packages ###<br \/>\nyum -x nume_pachet update<br \/>\nyum &#8211;exclude=nume_pachet update<\/p>\n<p>sudo vim \/etc\/yum.conf\u00a0 # permanent<br \/>\n_______<br \/>\n[main]<br \/>\nexclude=nume_pachet1* nume_pachet2*<br \/>\n_______<br \/>\nyum &#8211;disableexcludes=all update\u00a0 # disable exclude to check for an update<\/p>\n<p>### Remove Old Kernels ###<br \/>\n# Package-cleanup set count as how many old kernels you want left #<br \/>\npackage-cleanup &#8211;oldkernels &#8211;count=2<\/p>\n<p># Make Amount of Installed Kernels Permanent #<br \/>\nvim \/etc\/yum.conf # and set installonly_limit:<br \/>\ninstallonly_limit=2<\/p>\n<p>### Removing dependencies ###<br \/>\nsudo vim \/etc\/yum.conf<br \/>\n______________________________<br \/>\n[main]<br \/>\nclean_requirements_on_remove=1<br \/>\n______________________________<\/p>\n<p>###########<br \/>\n### RPM ###<br \/>\n###########<\/p>\n<p>rpm -ivh package-2.7.9-5.el6.2.i686.rpm\u00a0 # Install an RPM Package<br \/>\n-i : install a package<br \/>\n-v : verbose for a nicer display<br \/>\n-h: print hash marks as the package archive is unpacked<\/p>\n<p>rpm -qpR package-5.2.2-1.noarch.rpm\u00a0\u00a0 # check dependencies of RPM Package before Installing<br \/>\n-q : Query a package<br \/>\n-p : List capabilities this package provides.<br \/>\n-R: List capabilities on which this package depends..<\/p>\n<p>rpm -ivh &#8211;nodeps package-5.2.2-1.noarch.rpm\u00a0 # Install a RPM Package Without Dependencies<br \/>\n\u2013nodeps (Do not check dependencies)<\/p>\n<p>rpm -q package\u00a0\u00a0 # check an Installed RPM Package<br \/>\nrpm -ql package\u00a0 # List all files of an installed RPM package<\/p>\n<p>rpm -qa &#8211;last\u00a0 # List Recently Installed RPM Packages<br \/>\nrpm -qa\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# List All Installed RPM Packages<\/p>\n<p>rpm -Uvh package-3.5.0-2.el6.centos.i686.rpm\u00a0 # Upgrade a RPM Package<\/p>\n<p>rpm -evv package\u00a0 # Remove a RPM Package<br \/>\nrpm -ev &#8211;nodeps package\u00a0 # Remove an RPM Package Without Dependencies<br \/>\n-e (erase)<\/p>\n<p>rpm -qi package\u00a0 # Query a Information of Installed RPM Package<br \/>\n-qi (query info)<\/p>\n<p>rpm -qf \/usr\/bin\/package\u00a0 # Query a file that belongs which RPM Package<br \/>\n-qf (query file)<\/p>\n<p>rpm -qip package-1.3.3-1.noarch.rpm\u00a0 # Information of RPM Package Before Installing<br \/>\n-qip (query info package)<\/p>\n<p>rpm -qdf \/usr\/bin\/vmstat\u00a0 # Query documentation of Installed RPM Package<br \/>\n-qdf (query document file)<\/p>\n<p>rpm -Vp package-1.3.3-1.noarch.rpm\u00a0 # Verify a RPM Package<br \/>\n-Vp (verify package)<br \/>\nrpm -Va\u00a0 # Verify all RPM Packages<\/p>\n<p>rpm -qa gpg-pubkey*\u00a0 # List all Imported RPM GPG keys<\/p>\n<p>######################<br \/>\n### YUM &amp; RPM tips ###<br \/>\n######################<\/p>\n<p>#Query packages not from CentOS #<br \/>\nrpm -qa &#8211;qf &#8216;%{NAME} %{VENDOR}\\n&#8217; | grep -v CentOS<\/p>\n<p># Reset File Permissions #<br \/>\nrpm &#8211;setperms &lt;packagename&gt;<\/p>\n<p># View the Changelog of a package #<br \/>\nrpm -q &#8211;changelog &lt;packagename&gt; | less<\/p>\n<p># quickly list documentation relating to a package #<br \/>\nrpm -qd &lt;packagename&gt;<\/p>\n<p># Query Package Install Order and Dates #<br \/>\nrpm -qa &#8211;last &gt; ~\/RPMS_by_Install_Date<\/p>\n<p># Query Available Packages from a Repo #<br \/>\nyum &#8211;disablerepo &#8220;*&#8221; &#8211;enablerepo &#8220;rpmforge&#8221; list available<\/p>\n<p># Enable or Disable a Repo from the Command Line #<br \/>\nyum-config-manager &#8211;enable c6-media<br \/>\nyum-config-manager &#8211;disable c6-media<\/p>\n<p># Show all installed GPG keys #<br \/>\nrpm -q gpg-pubkey &#8211;qf &#8216;%{name}-%{version}-%{release} &#8211;&gt; %{summary}\\n&#8217;<\/p>\n<p>### package-cleanup ###<br \/>\npackage-cleanup &#8211;orphans<br \/>\npackage-cleanup &#8211;leaves<br \/>\npackage-cleanup &#8211;dupes<br \/>\npackage-cleanup &#8211;problems<br \/>\npackage-cleanup &#8211;oldkernel<\/p>\n<p>### Fonts config ###<br \/>\nvim ~\/.fonts.conf<br \/>\n__________________________________________<br \/>\n&lt;?xml version=&#8217;1.0&#8242;?&gt;<br \/>\n&lt;!DOCTYPE fontconfig SYSTEM &#8216;fonts.dtd&#8217;&gt;<br \/>\n&lt;fontconfig&gt;<br \/>\n&lt;match target=&#8221;font&#8221;&gt;<br \/>\n&lt;edit mode=&#8221;assign&#8221; name=&#8221;rgba&#8221;&gt;<br \/>\n&lt;const&gt;rgb&lt;\/const&gt;<br \/>\n&lt;\/edit&gt;<br \/>\n&lt;\/match&gt;<br \/>\n&lt;match target=&#8221;font&#8221;&gt;<br \/>\n&lt;edit mode=&#8221;assign&#8221; name=&#8221;hinting&#8221;&gt;<br \/>\n&lt;bool&gt;true&lt;\/bool&gt;<br \/>\n&lt;\/edit&gt;<br \/>\n&lt;\/match&gt;<br \/>\n&lt;match target=&#8221;font&#8221;&gt;<br \/>\n&lt;edit mode=&#8221;assign&#8221; name=&#8221;hintstyle&#8221;&gt;<br \/>\n&lt;const&gt;hintslight&lt;\/const&gt;<br \/>\n&lt;\/edit&gt;<br \/>\n&lt;\/match&gt;<br \/>\n&lt;match target=&#8221;font&#8221;&gt;<br \/>\n&lt;edit mode=&#8221;assign&#8221; name=&#8221;antialias&#8221;&gt;<br \/>\n&lt;bool&gt;true&lt;\/bool&gt;<br \/>\n&lt;\/edit&gt;<br \/>\n&lt;\/match&gt;<br \/>\n&lt;match target=&#8221;font&#8221;&gt;<br \/>\n&lt;edit mode=&#8221;assign&#8221; name=&#8221;lcdfilter&#8221;&gt;<br \/>\n&lt;const&gt;lcddefault&lt;\/const&gt;<br \/>\n&lt;\/edit&gt;<br \/>\n&lt;\/match&gt;<br \/>\n&lt;\/fontconfig&gt;<br \/>\n__________________________________________<\/p>\n<p>### Add an user to SUDOERS ###<br \/>\nsu &#8211;<br \/>\nvisudo<br \/>\nsergiu\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0ALL=(ALL)\u00a0\u00a0 \u00a0ALL<\/p>\n<p>Or add the user to wheel group and enable wheel from visudo<\/p>\n<p>#############<br \/>\n### Repos ###<br \/>\n#############<br \/>\nrpm -Uvh http:\/\/dl.fedoraproject.org\/pub\/epel\/6\/x86_64\/epel-release-6-8.noarch.rpm<\/p>\n<p># Multimedia #<br \/>\nrpm -Uvh http:\/\/pkgs.repoforge.org\/rpmforge-release\/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm<\/p>\n<p>rpm -Uvh http:\/\/li.nux.ro\/download\/nux\/dextop\/el6\/x86_64\/nux-dextop-release-0-2.el6.nux.noarch.rpm<br \/>\nsudo wget http:\/\/li.nux.ro\/download\/nux\/misc\/nux-misc.repo -P \/etc\/yum.repos.d\/<br \/>\nsudo yum &#8211;enablerepo=nux-dextop-testing install xbmc<\/p>\n<p># nVidia driver #<br \/>\nrpm -Uvh http:\/\/elrepo.org\/elrepo-release-6-5.el6.elrepo.noarch.rpm<br \/>\nhttp:\/\/elrepo.org\/linux\/extras\/el6\/x86_64\/RPMS\/\u00a0\u00a0 # extras<br \/>\nhttp:\/\/elrepo.org\/linux\/testing\/el6\/x86_64\/RPMS\/\u00a0 # testing<br \/>\nsudo yum install kmod-nvidia<br \/>\nsudo yum install nvidia-x11-drv<\/p>\n<p># Last kernel &amp; lts kernel #<br \/>\nhttp:\/\/elrepo.org\/linux\/kernel\/el6\/x86_64\/RPMS\/\u00a0\u00a0 # kernel<br \/>\nsudo yum remove kernel-headers kernel-firmware<br \/>\nsudo yum &#8211;enablerepo=elrepo-kernel install kernel-ml kernel-ml-devel kernel-ml-headers kernel-ml-firmware\u00a0 # for last kernel<br \/>\nsudo yum &#8211;enablerepo=elrepo-kernel install kernel-lt kernel-lt-devel kernel-lt-headers kernel-lt-firmware\u00a0 # for lts kernel<\/p>\n<p># Others #<br \/>\nrpm -Uvh http:\/\/download1.rpmfusion.org\/free\/el\/updates\/6\/x86_64\/rpmfusion-free-release-6-0.1.noarch.rpm http:\/\/download1.rpmfusion.org\/nonfree\/el\/updates\/6\/x86_64\/rpmfusion-nonfree-release-6-0.1.noarch.rpm\u00a0\u00a0 \u00a0# (not needed if nux-dextop is installed)<\/p>\n<p>### Install Google Chrome ###<br \/>\nwget http:\/\/chrome.richardlloyd.org.uk\/install_chrome.sh<br \/>\nchmod u+x install_chrome.sh<br \/>\n.\/install_chrome.sh<br \/>\nsudo grep chrome \/var\/log\/audit\/audit.log | audit2allow -M mypol<br \/>\nsudo semodule -i mypol.pp<\/p>\n<p>### Install Chromium ###<br \/>\ncd \/etc\/yum.repos.d<br \/>\nwget http:\/\/people.centos.org\/hughesjr\/chromium\/6\/chromium-el6.repo<br \/>\nyum install chromium<br \/>\nsudo setsebool -P mmap_low_allowed 1<\/p>\n<p>### Install lastest Firefox ###<br \/>\nrpm -Uvh http:\/\/rpms.famillecollet.com\/enterprise\/remi-release-6.rpm<br \/>\nyum &#8211;enablerepo=remi install firefox<\/p>\n<p>### Others ###<br \/>\nyum install bash-completion<br \/>\nyum install nautilus-open-terminal<br \/>\nyum install flash-plugin<br \/>\nyum install gconf-editor<br \/>\nyum install gnome-utils<br \/>\nyum install file-roller<br \/>\nyum install ntfsprogs<\/p>\n<p>### Apps ###<br \/>\nyum install pidgin pidgin-plugin-pack skype<br \/>\nyum install geany filezilla transmission mc<br \/>\nyum install radiotray tv-maxe xbmc clementine<\/p>\n<p>### xscrennsaver ###<br \/>\nyum remove gnome-screensaver<br \/>\nyum install xscreensaver<br \/>\nxscreensaver -nosplash\u00a0 # open Startup Applications and add Xscreensaver to startup<\/p>\n<p>### Change the hostname ###<br \/>\nhostname\u00a0\u00a0 # to check your hostname<br \/>\nsudo hostname RedHat<br \/>\nvim \/etc\/sysconfig\/network<\/p>\n<p>### Dropbox ###<br \/>\nvim \/etc\/sysconfig\/dropbox\u00a0 # DROPBOX_USERS=&#8221;sergiu&#8221;<br \/>\necho &#8216;-b \/usr\/libexec\/dropbox\/&#8217; &gt; \/etc\/prelink.conf.d\/dropbox.conf<br \/>\nyum &#8211;enablerepo rpmforge reinstall dropbox<\/p>\n<p>### Install LibreOffice 4.1.2 ###<br \/>\nwget http:\/\/download.documentfoundation.org\/libreoffice\/stable\/4.1.2\/rpm\/x86_64\/LibreOffice_4.1.2_Linux_x86-64_rpm.tar.gz<br \/>\ntar -xvf LibreOffice_4.1.2*<br \/>\ncd LibreOffice_4.1.2*<br \/>\nyum localinstall RPMS\/*.rpm RPMS\/desktop-integration\/libreoffice4.1-freedesktop-menus-4.1.2*.noarch.rpm<\/p>\n<p>### Install vbox additions ###<br \/>\nyum install gcc kernel-devel kernel-headers dkms make bzip2<br \/>\nKERN_DIR=\/usr\/src\/kernels\/`uname -r`<br \/>\nexport KERN_DIR<br \/>\ncd \/media\/VirtualBoxGuestAdditions<br \/>\n.\/VBoxLinuxAdditions.run<\/p>\n<p>### Remove boot splash screen ###<br \/>\nvim \/etc\/grub.conf\u00a0 # remove \u2018rhgb\u2019 and \u2018quiet\u2019<\/p>\n<p>### Remove Desktop icons ###<br \/>\nyum install gconf-editor<br \/>\napps &gt; nautilus &gt; desktop<\/p>\n<p>### Multimedia support ###<br \/>\nsudo yum install gstreamer gstreamer-plugins-base gstreamer-plugins-good gstreamer-plugins-bad-free<br \/>\nsudo yum install gstreamer-plugins-bad gstreamer-plugins-ugly gstreamer-ffmpeg<\/p>\n<p>### Save alsamixer settings ###<br \/>\nsudo alsactl store<br \/>\nls -Z \/etc\/asound.*\u00a0 # to see SElinux label<\/p>\n<p>sudo vim \/etc\/pulse\/daemon.conf<br \/>\n_______________________________<br \/>\nenable-remixing = yes<br \/>\nenable-lfe-remixing = yes<br \/>\ndefault-sample-format = s32le<br \/>\ndefault-sample-rate = 48000<br \/>\ndefault-sample-channels = 6<br \/>\ndefault-fragments = 8<br \/>\ndefault-fragment-size-msec = 5<br \/>\n________________________________<\/p>\n<p>pulseaudio -k\u00a0 # restart pulseaudio<\/p>\n<p>### Disable window move with alt + left mouse button ###<br \/>\n# conf-editor<br \/>\n# \/apps\/metacity\/general<br \/>\n# &#8220;mouse_button_modifier&#8221; option change &lt;Alt&gt; to &lt;Super&gt;<\/p>\n<p>####################################<br \/>\n### CentOS Protection &amp; Security ###<br \/>\n####################################<br \/>\n# Securing and Hardening Red Hat Linux Production Systems<br \/>\nhttp:\/\/www.puschitz.com\/SecuringLinux.shtml<br \/>\nhttps:\/\/access.redhat.com\/site\/documentation\/en-US\/Red_Hat_Enterprise_Linux\/6\/html\/Security_Guide\/index.html<\/p>\n<p>### SElinux ###<br \/>\nTwo important documentations about Selinux can be found here:<br \/>\nhttp:\/\/docs.redhat.com\/docs\/en-US\/Red_Hat_Enterprise_Linux\/6\/html\/Security-Enhanced_Linux\/index.html<br \/>\nhttp:\/\/docs.redhat.com\/docs\/en-US\/Red_Hat_Enterprise_Linux\/6\/html\/Managing_Confined_Services\/index.html<\/p>\n<p># You can view current status of SELinux mode from the command line using these:<br \/>\nsystem-config-selinux<br \/>\ngetenforce\u00a0 # if you get back a 1 selinux is turned on if you get back a 0 its turned off<br \/>\nsestatus<\/p>\n<p># If it is disabled, enable SELinux using the following command.<br \/>\nsetenforce enforcing\u00a0 # changes do not persist through a system reboot<br \/>\nTo make changes persistent through a system reboot, edit the &#8216;SELINUX=&#8217; line in\u00a0 \/etc\/selinux\/config for either &#8216;enforcing&#8217;, &#8216;permissive&#8217;, or &#8216;disabled&#8217;. For example: &#8216;SELINUX=permissive&#8217;<\/p>\n<p># SElinux logs (\/var\/log\/audit\/audit.log) #<br \/>\nyum install setroubleshoot<br \/>\nsetroubleshootd<br \/>\nsealert -a \/var\/log\/audit\/audit.log\u00a0 # if you only have a console available and no X-Window System<br \/>\nsealert -b\u00a0 # if you have gui<\/p>\n<p># SElinux re-labelling #<br \/>\ntouch \/.autorelabel<br \/>\nsudo reboot<\/p>\n<p>### Password Protect Grub and Single-User Mode ###<br \/>\n# It is highly important to protect your bootloader.<br \/>\n# There is a magic kernel parameter called init=\/bin\/sh. This makes any user\/login restrictions totally useless. Then mount -o remount,rw \/<\/p>\n<p>grub-crypt<br \/>\nvim \/etc\/grub.conf<br \/>\n______________________________________________<br \/>\ndefault=0<br \/>\ntimeout=2<br \/>\nsplashimage=(hd0,0)\/grub\/splash.xpm.gz<br \/>\nhiddenmenu<br \/>\npassword &#8211;encrypted $6$w1lrwrXOMm5ueR4M$&#8230;..<br \/>\n______________________________________________<\/p>\n<p>vim \/etc\/sysconfig\/init<br \/>\n_______________________<br \/>\nPROMPT=no<\/p>\n<p>SINGLE=\/sbin\/sulogin<br \/>\n_______________________<\/p>\n<p>### Modifying fstab ###<\/p>\n<p>vim \/etc\/fstab<br \/>\n____________________________________________________________________<br \/>\n\/dev\/sda1\u00a0\u00a0 \u00a0\/boot\u00a0\u00a0 \u00a0ext4\u00a0\u00a0 \u00a0defaults,nosuid,noexec,nodev\u00a0\u00a0 \u00a01 2<br \/>\n\/dev\/sda2\u00a0\u00a0 \u00a0swap\u00a0\u00a0 \u00a0swap\u00a0\u00a0 \u00a0defaults\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a00 0<br \/>\n\/dev\/sda3\u00a0\u00a0 \u00a0\/\u00a0\u00a0 \u00a0ext4\u00a0\u00a0 \u00a0defaults\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a01 1<br \/>\n\/dev\/sda4\u00a0\u00a0 \u00a0\/home\u00a0\u00a0 \u00a0ext4\u00a0\u00a0 \u00a0defaults,nosuid,nodev\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a01 2<\/p>\n<p># Others partitions<br \/>\n\/tmp\u00a0\u00a0 \u00a0ext4\u00a0\u00a0 \u00a0defaults,nosuid,noexec,nodev\u00a0\u00a0 \u00a01 2<br \/>\n\/var\/tmp ext4\u00a0\u00a0 \u00a0defaults,nosuid,noexec,nodev\u00a0\u00a0 \u00a01 2<br \/>\n\/var\u00a0\u00a0 \u00a0ext4\u00a0\u00a0 \u00a0defaults,nosuid\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a01 2<br \/>\n\/var\/www ext4\u00a0\u00a0 \u00a0defaults,nosuid,nodev\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a01 2<br \/>\n\/dev\/shm\u00a0\u00a0 \u00a0tmpfs\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0defaults\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a00 0<br \/>\ndevpts\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\/dev\/pts devpts\u00a0\u00a0 \u00a0gid=5,mode=620\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a00 0<br \/>\nsysfs\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\/sys\u00a0\u00a0 \u00a0sysfs\u00a0\u00a0 \u00a0defaults\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a00 0<br \/>\nproc\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\/proc\u00a0\u00a0 \u00a0proc\u00a0\u00a0 \u00a0defaults\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a00 0<\/p>\n<p>____________________________________________________________________<br \/>\n# Note that some packages (building nvidia-dkms for example) may require exec on \/var<\/p>\n<p># Keep \/boot as read-only #<br \/>\n# Note that you need to reset the change to read-write if you need to upgrade the kernel in future<br \/>\n\/dev\/sda1\u00a0\u00a0 \u00a0\/boot\u00a0\u00a0 \u00a0ext4\u00a0\u00a0 \u00a0defaults,nosuid,noexec,nodev,ro\u00a0\u00a0 \u00a01 2<\/p>\n<p>### Disable Control -Alt -Delete keys on the console mode ###<br \/>\nvim \/etc\/init\/control-alt-delete.conf<br \/>\n______________________________<br \/>\n# start on control-alt-delete<br \/>\n# exec \/sbin\/shutdown -r now &#8220;Control -Alt -Delete pressed&#8221;<br \/>\n______________________________<\/p>\n<p>### Umask restrictions\u00a0 ###<br \/>\n# Set a umask of 077 for maximum security, which makes new files not readable by users other than the owner.<br \/>\nperl -npe &#8216;s\/umask\\s+0\\d2\/umask 077\/g&#8217; -i \/etc\/bashrc<br \/>\nperl -npe &#8216;s\/umask\\s+0\\d2\/umask 077\/g&#8217; -i \/etc\/csh.cshrc<\/p>\n<p>### Find users with empty passwords ###<br \/>\nawk -F: &#8216;($2 == &#8220;&#8221;) {print}&#8217; \/etc\/shadow\u00a0\u00a0\u00a0 # Shouldn&#8217;t see anything amiss here<br \/>\nawk -F: &#8216;($3 == &#8220;0&#8221;) {print}&#8217; \/etc\/passwd\u00a0\u00a0 # Only the root user has uid 0. No other user should ever have uid 0<\/p>\n<p>### Disable USB mass storage ###<br \/>\necho &#8220;Disabling USB Mass Storage&#8221;<br \/>\necho &#8220;blacklist usb-storage&#8221; &gt; \/etc\/modprobe.d\/blacklist-usbstorage<\/p>\n<p>### Disable USB stick to detect ###<br \/>\nvim \/etc\/modprobe.d\/no-usb<br \/>\n_____________________________<br \/>\ninstall usb-storage \/bin\/true<br \/>\n_____________________________<\/p>\n<p>### Narrowing rights ###<br \/>\nchmod 700 \/root\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# before 0550 dr-xr-x&#8212;<br \/>\nchmod 700 \/var\/log\/audit\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# before 0750 drwxr-x&#8212;<br \/>\nchmod 740 \/etc\/rc.d\/init.d\/iptables\u00a0\u00a0 \u00a0# before 0755 -rwxr-xr-x<br \/>\nchmod -R 700 \/etc\/skel\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# before 0755 drwxr-xr-x<br \/>\nchmod 640 \/etc\/security\/access.conf\u00a0\u00a0 \u00a0# before 0644 -rw-r&#8211;r&#8211;<br \/>\nchmod 600 \/etc\/sysctl.conf\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# before 0644 -rw-r&#8211;r&#8211;<\/p>\n<p>########################<br \/>\n### Network Security ###<br \/>\n########################<\/p>\n<p>### Sysctl ###<br \/>\nvim \/etc\/sysctl.conf<br \/>\n_______________________________________________<br \/>\n### ipv4 Security options ###<\/p>\n<p># Disable IP Source Routing #<br \/>\n# Source Routing is used to specify a path or route through the network from source to destination.<br \/>\n# This feature can be used by network people for diagnosing problems.<br \/>\n# However, if an intruder was able to send a source routed packet into the network, then he could intercept the replies and your server might not know that it&#8217;s not communicating with a trusted server.<br \/>\nnet.ipv4.conf.all.accept_source_route = 0<br \/>\nnet.ipv4.conf.default.accept_source_route = 0<\/p>\n<p># Disable ICMP Redirect Acceptance #<br \/>\n# ICMP redirects are used by routers to tell the server that there is a better path to other networks than the one chosen by the server.<br \/>\n# However, an intruder could potentially use ICMP redirect packets to alter the hosts&#8217;s routing table by causing traffic to use a path you didn&#8217;t intend.<br \/>\nnet.ipv4.conf.all.accept_redirects = 0<\/p>\n<p># Enable IP Spoofing Protection #<br \/>\n# IP spoofing is a technique where an intruder sends out packets which claim to be from another host by manipulating the source address.<br \/>\n# IP spoofing is very often used for denial of service attacks.<br \/>\nnet.ipv4.conf.all.rp_filter = 1<br \/>\nnet.ipv4.conf.default.rp_filter = 1<\/p>\n<p># Enable Ignoring to ICMP Requests #<br \/>\nnet.ipv4.icmp_echo_ignore_all = 1<\/p>\n<p># Enable Ignoring Broadcasts Request #<br \/>\nnet.ipv4.icmp_echo_ignore_broadcasts = 1<\/p>\n<p># Enable Bad Error Message Protection #<br \/>\nnet.ipv4.icmp_ignore_bogus_error_responses = 1<\/p>\n<p># Enable Logging of Spoofed Packets, Source Routed Packets, Redirect Packets #<br \/>\nnet.ipv4.conf.all.log_martians = 1<\/p>\n<p># This help a little wtih SYN flood attacks. This suppliments a good firewall ruleset #<br \/>\nnet.ipv4.tcp_syncookies = 1<\/p>\n<p># This is a server, not a router. Disable packet forwarding #<br \/>\nnet.ipv4.ip_forward = 0<\/p>\n<p># Others ipv4 security options #<br \/>\nnet.ipv4.conf.all.send_redirects = 0<br \/>\nnet.ipv4.conf.all.secure_redirects = 0<br \/>\nnet.ipv4.conf.default.accept_redirects = 0<br \/>\nnet.ipv4.conf.default.secure_redirects = 0<br \/>\nnet.ipv4.conf.default.send_redirects = 0<br \/>\nnet.ipv4.tcp_max_syn_backlog = 1280<br \/>\nnet.ipv4.tcp_timestamps = 0<\/p>\n<p>### ipv6 Security options ###<br \/>\nnet.ipv6.conf.all.disable_ipv6 = 1<\/p>\n<p>### Memory\/Swap Use ###<br \/>\nvm.swappiness = 1<br \/>\nvm.vfs_cache_pressure = 50<br \/>\n_______________________________________________<\/p>\n<p>sysctl -p<\/p>\n<p>### IPTables ###<br \/>\nsudo vim \/etc\/sysconfig\/iptables<br \/>\n____________________________________________________________________________<br \/>\n#Drop anything we aren&#8217;t explicitly allowing. All outbound traffic is okay<br \/>\n*filter<br \/>\n:INPUT DROP [0:0]<br \/>\n:FORWARD DROP [0:0]<br \/>\n:OUTPUT ACCEPT [0:0]<br \/>\n:RH-Firewall-1-INPUT &#8211; [0:0]<br \/>\n-A INPUT -j RH-Firewall-1-INPUT<br \/>\n-A FORWARD -j RH-Firewall-1-INPUT<br \/>\n-A RH-Firewall-1-INPUT -i lo -j ACCEPT<br \/>\n-A RH-Firewall-1-INPUT -p icmp &#8211;icmp-type echo-reply -j ACCEPT<br \/>\n-A RH-Firewall-1-INPUT -p icmp &#8211;icmp-type destination-unreachable -j ACCEPT<br \/>\n-A RH-Firewall-1-INPUT -p icmp &#8211;icmp-type time-exceeded -j ACCEPT<br \/>\n# Accept Pings<br \/>\n-A RH-Firewall-1-INPUT -p icmp &#8211;icmp-type echo-request -j ACCEPT<br \/>\n# Log anything on eth0 claiming it&#8217;s from a local or non-routable network<br \/>\n# If you&#8217;re using one of these local networks, remove it from the list below<br \/>\n-A INPUT -i eth0 -s 10.0.0.0\/8 -j LOG &#8211;log-prefix &#8220;IP DROP SPOOF A: &#8221;<br \/>\n-A INPUT -i eth0 -s 172.16.0.0\/12 -j LOG &#8211;log-prefix &#8220;IP DROP SPOOF B: &#8221;<br \/>\n-A INPUT -i eth0 -s 192.168.0.0\/16 -j LOG &#8211;log-prefix &#8220;IP DROP SPOOF C: &#8221;<br \/>\n-A INPUT -i eth0 -s 224.0.0.0\/4 -j LOG &#8211;log-prefix &#8220;IP DROP MULTICAST D: &#8221;<br \/>\n-A INPUT -i eth0 -s 240.0.0.0\/5 -j LOG &#8211;log-prefix &#8220;IP DROP SPOOF E: &#8221;<br \/>\n-A INPUT -i eth0 -d 127.0.0.0\/8 -j LOG &#8211;log-prefix &#8220;IP DROP LOOPBACK: &#8221;<br \/>\n# Accept any established connections<br \/>\n-A RH-Firewall-1-INPUT -m state &#8211;state ESTABLISHED,RELATED -j ACCEPT<br \/>\n# Accept ssh traffic. Restrict this to known ips if possible.<br \/>\n#-A RH-Firewall-1-INPUT -m state &#8211;state NEW -m tcp -p tcp &#8211;dport 22 -j ACCEPT<br \/>\n#Log and drop everything else<br \/>\n-A RH-Firewall-1-INPUT -j LOG<br \/>\n-A RH-Firewall-1-INPUT -j DROP<br \/>\nCOMMIT<br \/>\n______________________________________________________________________________<\/p>\n<p>### Detecting Listening Network Ports ###<br \/>\nnetstat -tulpn<\/p>\n<p>### Services configuration ###<br \/>\nchkconfig &#8211;list\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# list all known services<br \/>\nchkconfig &#8211;list | grep 3:on\u00a0\u00a0 \u00a0# list running services<br \/>\nchkconfig [service] on\/off\u00a0\u00a0 \u00a0# turn on \/ off service<\/p>\n<p>for i in atd blk-availability bluetooth mdmonitor lvm2-monitor iscsi iscsid nfslock rpcbind rpcgssd rpcidmapd livesys livesys-late pcscd openct postfix fcoe ip6tables; do service $i stop; chkconfig $i off; done<\/p>\n<p>##############<br \/>\n### Others ###<br \/>\n##############<\/p>\n<p>### Wake-on-lan ###<br \/>\necho &#8216;\/usr\/sbin\/ethtool -s eth0 wol g&#8217; &gt;&gt; \/etc\/rc.d\/rc.local<br \/>\nor<br \/>\nvim \/etc\/sysconfig\/network-scripts\/ifcfg-eth0<br \/>\n_____________________<br \/>\nDEVICE=eth0<br \/>\nTYPE=EThernet<br \/>\nONBOOT=yes<br \/>\nETHTOOL_OPTS=&#8221;wol g&#8221;<br \/>\n______________________<br \/>\nchkconfig network on<\/p>\n<p>Wake up the computer from internet<br \/>\nThis involves enabling port forwarding of UDP port 9 to the destination computer in the router&#8217;s administration webpage.<br \/>\nTo fully benefit from WOL you should configure a dynamic DNS service.<br \/>\nJust make sure to use your dynamic DNS provided address and the destination computer&#8217;s MAC.<\/p>\n<p>### Wine &amp; wine fonts ###<br \/>\nrpm -ev &#8211;nodeps wine-tahoma-fonts.noarch<\/p>\n<p>sudo setsebool -P wine_mmap_zero_ignore 1<br \/>\nsudo grep wine-preloader \/var\/log\/audit\/audit.log | audit2allow -M mypol<br \/>\nsudo semodule -i mypol.pp<\/p>\n<p>wget http:\/\/files.polosatus.ru\/winefontssmoothing_en.sh<br \/>\nbash winefontssmoothing_en.sh<\/p>\n<p># Wine bottles #<br \/>\nenv WINEPREFIX=~\/.wine\/CounterStrike wine CounterStrike1.6.exe<\/p>\n<p>### dd ###<br \/>\n# format a USB #<br \/>\ndd if=\/dev\/zero of=\/dev\/sdX<br \/>\n# see the progress of dd #<br \/>\nps -A | grep dd<br \/>\nsudo kill -USR1 {nr of PID}<\/p>\n<p>### mc ###<br \/>\ngnome-terminal &#8211;geometry=239&#215;68 -e &#8220;mc -S featured.ini&#8221;<\/p>\n<p>### GIT HUB ###<br \/>\nssh-keygen -t rsa -C &#8220;contact.sergiuniculescu@gmail.com&#8221;<br \/>\nvim ~\/.ssh\/id_rsa.pub\u00a0 # copy key and paste it to github.com<\/p>\n<p>git config &#8211;global user.name &#8220;Sergiu Niculescu&#8221;<br \/>\ngit config &#8211;global user.email contact.sergiuniculescu@gmail.com<\/p>\n<p>### Kernel compile ###<br \/>\nyum install gcc ncurses ncurses-devel<br \/>\nyum update<br \/>\nwget http:\/\/www.kernel.org\/pub\/linux\/kernel\/v3.0\/linux-3&#8230;<br \/>\ntar -jxvf linux-3*<br \/>\ncd linux-3*<br \/>\nmake menuconfig\u00a0\u00a0 # allows you to select the already running kernel\u2019s configuration file (resides in \/boot\/), and accepts the defaults for all options that were introduced between the old and the new version of the kernel<br \/>\nmake oldconfig\u00a0\u00a0\u00a0 # automatically finds the configuration file in \/boot\/ and asks you questions for all the new configuration options<br \/>\nmake<br \/>\nmake modules_install install<\/p>\n<p>### Find commands ###<br \/>\nfind \/home -iname name\u00a0\u00a0 \u00a0# Files Using Name and Ignoring Case<br \/>\nfind \/ -type d -name directory_name\u00a0 # Find Directories Using Name<br \/>\nfind \/ -perm \/u=r\u00a0 # Find all Read Only files<br \/>\nfind \/ -perm \/a=x\u00a0 # Find all Executable files<br \/>\nfind . -type f -perm 0777 -print\u00a0 # Find all the files whose permissions are 777<br \/>\nfind \/ -type f -perm 0777 -print -exec chmod 644 {} \\;\u00a0 # Find all 777 permission files and use chmod command to set permissions to 644<br \/>\nfind \/ -type d -perm 777 -print -exec chmod 755 {} \\;\u00a0\u00a0 # Find Directories with 777 Permissions and Chmod to 755<br \/>\nfind . -type f -name &#8220;tecmint.txt&#8221; -exec rm -f {} \\;\u00a0\u00a0\u00a0 # To find a single file called tecmint.txt and remove it<br \/>\nfind . -type f -name &#8220;*.mp3&#8221; -exec rm -f {} \\;\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# Find and remove Multiple File with extension &#8220;.mp3&#8221;<br \/>\nfind \/tmp -type f -empty\u00a0\u00a0 \u00a0# To file all empty files under certain path<br \/>\nfind \/tmp -type d -empty\u00a0\u00a0 \u00a0# To file all empty directories under certain path<br \/>\nfind \/tmp -type f -name &#8220;.*&#8221;\u00a0\u00a0 \u00a0# File all Hidden Files<br \/>\nfind \/ \\( -perm -4000 -o -perm -2000 \\) -print\u00a0\u00a0 \u00a0 # Identify unwanted SUID and SGID Binaries<br \/>\nfind \/ -path -prune -o -type f -perm +6000 -ls\u00a0\u00a0 # Identify unwanted SUID and SGID Binaries<br \/>\nfind \/dir -xdev -type d \\( -perm -0002 -a ! -perm -1000 \\) -print\u00a0\u00a0 # Identify world writable files<br \/>\nfind \/dir -xdev \\( -nouser -o -nogroup \\) -print\u00a0\u00a0 # Identify orphaned files and folders<\/p>\n<p>### Netstat commands ###<br \/>\nnetstat -a | more\u00a0\u00a0 \u00a0# Listing all the LISTENING Ports of TCP and UDP connections<br \/>\nnetstat -at\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# Listing only TCP (Transmission Control Protocol) port connections<br \/>\nnetstat -au\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# Listing only UDP (User Datagram Protocol ) port connections<br \/>\nnetstat -l\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# Listing all active listening ports connections<br \/>\nnetstat -lt\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# Listing all active listening TCP ports<br \/>\nnetstat -lu\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# Listing all active listening UDP ports<br \/>\nnetstat -lx\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# Listing all active UNIX listening ports<br \/>\nnetstat -s\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# Showing Statistics by Protocol<br \/>\nnetstat -r\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0# Display Kernel IP routing table<\/p>\n<p>### Change the MAC address of Network Interface ###<br \/>\nifconfig eth0 hw ether AA:BB:CC:DD:EE:FF<\/p>\n<p>### Mount an ISO Image ###<br \/>\nmount -t iso9660 -o loop \/home\/tecmint\/Fedora-18-i386-DVD.iso \/mnt\/iso\/<br \/>\nsudo umount \/mnt\/iso<\/p>\n<p>### Mount a partition with read-write permission ###<br \/>\nmount -o remount,rw \/<\/p>\n<p>### Clone the boot partition ###<br \/>\nsudo dd if=\/dev\/sdb1 of=\/dev\/sdc1 bs=4096 conv=notrunc,noerror<br \/>\ndd if=\/dev\/sdb of=mbr.img bs=512 count=1<br \/>\ndd if=mbr.img of=\/dev\/sdc bs=446 count=1\u00a0 # If you only want to restore the boot loader<br \/>\ndd if=mbr.img of=\/dev\/sdc bs=1 skip=446 count=64\u00a0 # To restore only the partition table<\/p>\n<p>### rsync ###<br \/>\nrsync -a &#8211;progress rsync:\/\/ftp.astral.ro\/distros\/centos\/6.8\/os\/x86_64\/ \/opt\/mirror\/centos<\/p>\n<p>system-config-kickstart\u00a0 #\u00a0 A graphical interface for making kickstart files<\/p>\n<p>#############<br \/>\n### Games ###<br \/>\n#############<\/p>\n<p>### UrbanTerror ###<br \/>\ntar -xjvf UrbanTerror42.tar.gz<br \/>\ncd UrbanTerror42<br \/>\nchmod u+x UrTUpdater_Ded.x86_64 Quake3-UrT.x86_64<br \/>\n.\/UrTUpdater_Ded.x86_64<br \/>\n.\/Quake3-UrT.x86_64<\/p>\n","protected":false},"excerpt":{"rendered":"<p>########################### ### RHEL\/CentOS install ### ###########################<\/p>\n<p>### Link for netinstall ## http:\/\/ftp.astral.ro\/distros\/centos\/6.8\/os\/x86_64\/<\/p>\n<p>########### ### yum ### ###########<\/p>\n<p>yum update # update toate pachetele si dependintele lor yum search nume_pachet # cauta un anume pachet, pot fi mai multe pachete trecute yum info nume_pachet # afiseaza detalii despre un anume pachet yum list nume_pache # afiseaza [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5979"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5979"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5979\/revisions"}],"predecessor-version":[{"id":5981,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5979\/revisions\/5981"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5979"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5979"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5979"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}