Chapter 2 - A few extra things
----kickstart configuration-----[root@server01 ~]# cp -p anaconda-ks.cfg ks.cfg
[root@server01 ~]#
[root@server01 ~]# vi ks.cfg
[root@server01 ~]# sdiff anaconda-ks.cfg ks.cfg
# Kickstart file automatically generated by anaconda. # Kickstart file automatically generated by anaconda.
#version=DEVEL #version=DEVEL
install install
cdrom | #cdrom
> nfs --server=192.168.122.1 --dir=/inst
lang en_US.UTF-8 lang en_US.UTF-8
keyboard us keyboard us
network --onboot no --device eth0 --noipv4 --noipv6 | network --onboot no --device eth0 --noipv4 --noipv6 --bootpro
rootpw --iscrypted $6$/RD38laSgHExXHeW$WoTnJyaDCYWbuToeQ0RJi rootpw --iscrypted $6$/RD38laSgHExXHeW$WoTnJyaDCYWbuToeQ0RJi
firewall --service=ssh firewall --service=ssh
authconfig --enableshadow --passalgo=sha512 authconfig --enableshadow --passalgo=sha512
selinux --enforcing selinux --enforcing
timezone --utc America/Chicago timezone --utc America/Chicago
bootloader --location=mbr --driveorder=sda --append="crashker bootloader --location=mbr --driveorder=sda --append="crashker
# The following is the partition information you requested # The following is the partition information you requested
# Note that any partitions you deleted are not expressed # Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is # here so unless you clear all partitions first, this is
# not guaranteed to work # not guaranteed to work
#clearpart --linux --drives=sda | # clearpart --linux --drives=sda
> clearpart --all --initlabel --drives=sda
#part /boot --fstype=ext4 --size=500 | part /boot --fstype=ext4 --size=500
#part pv.008002 --grow --size=1 | part pv.008002 --grow --size=1
#volgroup vg_server01 --pesize=4096 pv.008002 | volgroup vg_server01 --pesize=4096 pv.008002
#logvol /home --fstype=ext4 --name=lv_home --vgname=vg_server | logvol /home --fstype=ext4 --name=lv_home --vgname=vg_server0
#logvol / --fstype=ext4 --name=lv_root --vgname=vg_server01 - | logvol / --fstype=ext4 --name=lv_root --vgname=vg_server01 --
#logvol swap --name=lv_swap --vgname=vg_server01 --grow --siz | logvol swap --name=lv_swap --vgname=vg_server01 --grow --size
repo --name="Red Hat Enterprise Linux" --baseurl=cdrom:sr0 - repo --name="Red Hat Enterprise Linux" --baseurl=cdrom:sr0 -
> shutdown
> firstboot --disabled
%packages %packages
@base @base
@client-mgmt-tools @client-mgmt-tools
@console-internet @console-internet
@core @core
@debugging @debugging
@basic-desktop @basic-desktop
@desktop-debugging @desktop-debugging
@desktop-platform @desktop-platform
@directory-client @directory-client
@mail-server @mail-server
@ftp-server @ftp-server
@fonts @fonts
@hardware-monitoring @hardware-monitoring
@internet-browser @internet-browser
@java-platform @java-platform
@large-systems @large-systems
@network-file-system-client @network-file-system-client
@php @php
@performance @performance
@perl-runtime @perl-runtime
@server-platform @server-platform
@server-policy @server-policy
@virtualization @virtualization
@virtualization-client @virtualization-client
@virtualization-platform @virtualization-platform
@virtualization-tools @virtualization-tools
@web-server @web-server
@x11 @x11
mtools mtools
pax pax
python-dmidecode python-dmidecode
oddjob oddjob
sgpio sgpio
genisoimage genisoimage
abrt-gui abrt-gui
certmonger certmonger
pam_krb5 pam_krb5
krb5-workstation krb5-workstation
perl-DBD-SQLite perl-DBD-SQLite
certmonger certmonger
perl-CGI perl-CGI
%end \ %end
[root@server01 ~]#
[root@server01 ~]# cp -p ks.cfg /var/ftp/pub/
[root@server01 ~]# service vsftpd start
Starting vsftpd for vsftpd: [ OK ]
[root@server01 ~]#
[root@server01 ~]# chmod +r /var/ftp/pub/ks.cfg
[root@server01 ~]#
[root@server01 ~]# chcon --reference /var/ftp/pub/ /var/ftp/pub/ks.cfg
[root@server01 ~]#
[root@server01 ~]# iptables -F
[root@server01 ~]#
[root@server01 ~]# yum install system-config-kickstart -y
[root@server01 ~]# yum install system-config-kickstart
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.ftp://ftp.redhat.com/pub/redhat/linux/beta/6Server/en/os/SRPMS/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'ftp.redhat.com'"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhel-source-beta. Please verify its path and try again
[root@server01 ~]#
[root@server01 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search ad.savvis.net
nameserver 24.217.0.5
nameserver 24.217.201.67
[root@server01 ~]# yum install system-config-kickstart
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
<...>
[root@server01 ~]# yum install system-config-kickstart
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
So, that was a lab for configuring a kickstart file from the original anaconda-ks.cfg which is on every linux box, and tells you the way it was originally setup and configured .
Trying to validate it with the GUI tool "system-config-kickstart" , if I have a way to validate my configurations on RHEL, I will know whether or not they are correct . :)
Ok, so there is a problem obviously with my yum remote repo...hmmmm...could have swore this worked the other day, and I know I did not change the ftp url, anyhow, just go get the correct url, and fix it in the appropriate "/etc/yum.repos.d/" file ...I found out what the correct ftp url is, just by browsing ...
So chaged it to that, and run "yum clean all" again ...the more errors and problems we encounter, the more we learn ..!
So speaking of errors, let's add an intentional error into our ks.cfg we built, and try to load it with the system-kickstart admin tool .
[root@server01 ~]# more ks.cfg
# Kickstart file automatically generated by anaconda.
#version=DEVEL
install
#cdrom
nfs --server=192.168.122.1 --dir=/inst
lang en_US.UTF-8
keyboard us
network --onboot no --device eth0 --noipv4 --noipv6 --bootproto static --ip 192.
168.122.150 --hostname tester1.example.com
rootpw --iscrypted $6$/RD38laSgHExXHeW$WoTnJyaDCYWbuToeQ0RJicVoAZKa7773e2Lg2rtr
iGaF.Yx/O9OIq3j6XcbFlNTq1ia11j06lVjzz1LyZIiS81
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
timezone --utc America/Chicago
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet
"
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
# clearpart --linux --drives=sda
clearpart --all --initlabel --drives=sda
error --intentional
Looks like a great way to check basic kickstart syntax to me, lmao.....your welcome ! :D...sweeeeet !
Configuring SSH - Extra
Main configuration file : /etc/ssh/ssh_config
[root@server01 ~]# cd /etc/ssh/
[root@server01 ssh]# ls -lrt
total 156
-rw-------. 1 root root 3872 Apr 4 2011 sshd_config
-rw-r--r--. 1 root root 2047 Apr 4 2011 ssh_config
-rw-------. 1 root root 125811 Apr 4 2011 moduli
-rw-r--r--. 1 root root 627 Jun 6 07:12 ssh_host_key.pub
-rw-------. 1 root root 963 Jun 6 07:12 ssh_host_key
-rw-------. 1 root root 1675 Jun 6 07:12 ssh_host_rsa_key
-rw-r--r--. 1 root root 382 Jun 6 07:12 ssh_host_rsa_key.pub
-rw-------. 1 root root 668 Jun 6 07:12 ssh_host_dsa_key
-rw-r--r--. 1 root root 590 Jun 6 07:12 ssh_host_dsa_key.pub
[root@server01 ssh]#
Four SSH Directives Important :
1. Access Control :
Host *
2. GSSAPI Cleint/Server Authentication :
[root@server01 ssh]# grep GSSAPI ssh_config | grep -v "#"
GSSAPIAuthentication yes
3. X Windows X11 Support
[root@server01 ssh]# grep X11 ssh_config | grep -v "#"
ForwardX11Trusted yes
4. A group of environmental variables for the client :
[root@server01 ssh]# grep SendEnv ssh_config
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
SendEnv XMODIFIERS
[root@server01 ssh]#
I am not going to go into the basic examples and commands of SSH much right now since it is so widely used, if you're really interested, I wrote an article on IBM DEV some years ago, so take a look here : http://www.ibm.com/developerworks/aix/library/au-sshsecurity/
My books says that for the exam, it is a good idea to install : 'telnet mutt elinks lftp nmap'
So let's do that right quick :
[root@server01 ssh]# yum install telnet nmap mutt elinks lftp -y
<..>
Installed:
lftp.x86_64 0:4.0.9-1.el6 mutt.x86_64 5:1.5.20-2.20091214hg736b6a.el6
nmap.x86_64 2:5.21-3.el6 telnet.x86_64 1:0.17-46.el6
Dependency Installed:
tokyocabinet.x86_64 0:1.4.33-6.el6 urlview.x86_64 0:0.9-7.el6
Complete!
Basic usage 'telnet nmap mutt elinks lftp'
telnet example:
[root@server01 ssh]# service vsftpd start
Starting vsftpd for vsftpd: [ OK ]
[root@server01 ssh]# telnet localhost 21
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 (vsFTPd 2.2.2)
nmap example:
[root@server01 ssh]# nmap localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2012-06-07 07:03 CDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000011s latency).
Hostname localhost resolves to 2 IPs. Only scanned 127.0.0.1
Not shown: 995 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
[root@server01 ssh]#
(gee, suddenly, I feel so 'naked' ...omg !)
mutt example:
mutt -f pop://unixman@pop.charter.net
After I enter my password, I am popping my mail like nobody's business ...
Holy crap, I really need to clean out that inbox, 1631 messages ? (That's alot of spam and alot of pr0n) ...lol !
When it finishes, I could even check my mail from here....sweet ...
Wendy Goessling said something about me ??? ....fml.
Just hit 'x' to exit from the mutt mail reader .
elinks example :
[root@server01 ssh]# service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.0.12 for ServerName
[ OK ]
[root@server01 ssh]# elinks http://localhost/inst/RHEL_6.1_x86_64_Disc_1/
Good way to see if your apache website is working ...now lastly to test lftp, this is a new one for me, they say tis an improvement over ftp ...hmmm...ok :
[root@server01 ssh]# lftp ftp.redhat.com
open `ftp.redhat.com' [Resolving host address...]
[root@server01 ssh]# lftp ftp.redhat.com
lftp ftp.redhat.com:~>
lftp ftp.redhat.com:~> ls
lrwxrwxrwx 1 ftp ftp 1 Dec 19 2009 pub -> .
drwxr-xr-x 25 ftp ftp 4096 Apr 09 19:28 redhat
lftp ftp.redhat.com:/> cd redhat/
lftp ftp.redhat.com:/redhat> ls
drwxr-xr-x 7 ftp ftp 4096 Oct 12 2011 brms
drwxr-sr-x 5 ftp ftp 4096 Mar 11 2007 dst2007
drwxr-xr-x 5 ftp ftp 4096 Mar 24 2010 gnupro
drwxr-xr-x 3 ftp ftp 4096 Jun 23 2011 hibernate
drwxr-xr-x 9 ftp ftp 4096 Jun 05 21:29 jbcp
lrwxrwxrwx 1 ftp ftp 11 Nov 04 2008 jbdevstudio -> rhdevstudio
drwxr-xr-x 3 ftp ftp 4096 Apr 09 19:28 jbdg
drwxr-xr-x 14 ftp ftp 4096 May 29 12:06 jbds
drwxr-xr-x 12 ftp ftp 4096 May 15 13:26 jbeap
drwxr-xr-x 7 ftp ftp 4096 Dec 09 2011 jbewp
drwxr-xr-x 5 ftp ftp 4096 Jun 22 2011 jbews
drwxr-xr-x 15 ftp ftp 4096 May 16 19:37 jon
drwxr-xr-x 2 ftp ftp 4096 Feb 14 2005 ldapsdk
drwxr-xr-x 8 ftp ftp 4096 May 15 2006 linux
drwxrwsr-x 5 ftp ftp 4096 Oct 17 2011 metamatrix
drwxr-xr-x 2 ftp ftp 4096 Aug 17 2002 mirror-tools
drwxr-xr-x 2 ftp ftp 4096 Dec 22 2008 ovirt
drwxr-xr-x 3 ftp ftp 4096 Aug 10 2007 rhdevstudio
drwxr-xr-x 3 ftp ftp 4096 Apr 15 2010 rhel
drwx------ 2 ftp ftp 4096 Nov 06 2011 rhtemp
drwxr-xr-x 2 ftp ftp 4096 Dec 13 2010 satellite
drwxr-xr-x 9 ftp ftp 4096 Jan 10 17:52 soa-p
drwxr-xr-x 3 ftp ftp 4096 Sep 12 2006 support
drwxr-xr-x 2 ftp ftp 4096 Jul 24 2008 thincrust
lftp ftp.redhat.com:/redhat>
No comments:
Post a Comment