Table of Contents

Grundlagen für Redhat / CentOS7


Basis Know-How Redhat Systems

System Aktualisieren / Warten

Grundlegende Systemwartung, durch Installation, von aktuellen Paketen und Upgraden des Kernels.

Upgrade System and Packages:

# yum update -y

Autocomplete in Shell aktivieren

Will man die automatische Syntax Erweiterung durch drücken von “Tab, Tab” einrichten, so müssen lediglich folgende zwei Packete auf dem System installiert werden; und ein relogin nach der erfolgreichen Installation durchgeführt werden.

# yum install bash-completion.noarch
# yum install bash-completion-extras.noarch

motd - Message of the day

Eigene motd (Login-Nachricht), nach dem Aufbau einer neuen SSH-Verbindung anzeigen lassen:

# echo '
 ##############################################################################
 #                                                                            #
 #                 This is the admin-server of Michael Reber.                 #
 #                                                                            #
 #                                ATTENTION:                                  #
 #                                                                            #
 #             Unauthorized access to this system is prohibited !             #
 #                                                                            #
 #    This system is actively monitored and all connections may be logged.    #
 #         By accessing this system, you consent to this monitoring.          #
 #                                                                            #
 ##############################################################################

' > /etc/motd

Neuer User anlegen

Benutzer anlegen und setzen von Passwort.

# adduser michael
# passwd michael

Root Privilegien für User:

As root, run this command to add your new user to the wheel group (substitute the highlighted word with your new user):

# usermod -aG wheel michael

Now your user can run commands with super user privileges!

Root Privilegien für User & without PW:

# echo "michael ALL=NOPASSWD: ALL" > /etc/sudoers.d/michael

Die Grösse eines Ordners anzeigen

Zeigt die effektive Grösse - human readable und rekursiv über alle Files dar.

# du -hs foswiki/

4.6G    foswiki/

SSH Login auf Server mit DNS oder User-Hash Problemen

Das normale Login auf einen Linux Server via SSH:

# ssh vrh7f

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for vb7gl9 has changed,
and the key for the corresponding IP address 172.18.13.12
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:o7win3mceJwnnehEyiVaOM6ePdiKOWivbtUMhxHVr58.
Please contact your system administrator.
Add correct host key in /home/rebermi/.ssh/known_hosts to get rid of this messag                                                                                 e.
Offending RSA key in /etc/ssh/ssh_known_hosts:778
RSA host key for vb7gl9 has changed and you have requested strict checking.
Host key verification failed.


Trotz Error auf Server einloggen:

# ssh -o stricthostkeychecking=no vrh7f

Systemverwaltung

Wichtige Tools, zum konfigurieren, abändern der System Einstellungen.

Wechseln der Zeitzone

  1. Die aktuelle System-Zeitzone (Timezone) kann man sehr einfach anschauen:
    # timedatectl
  2. Wenn man nun auf eine neue Timezone zu wechseln möchte, macht es sinn, sich zuerst die verfügbaren Zeitzonen anzuzeigen lassen:
    # timedatectl list-timezones
  3. Um nun die aktuelle Timezone (Zeitzone) zu wechseln, verwendet man set-timezone zusammen mit der gewünschten TIMEZONE. Beispiel für die Schweiz:
    # timedatectl set-timezone Europe/Zurich

System Information

Möglichkeiten, um das eigene System ein bisschen zu analisieren; Informationen abzurufen.

Show Uptime

# uptime

 11:09:46 up 81 days, 17:13,  1 user,  load average: 0.04, 0.10, 0.08

Show Kernel Version and Architecture

  1. Display the current Kernel Version:
    # uname -a

    Linux vstif2.pnet.ch 3.10.0-514.21.1.el7.x86_64 #1 SMP Sat Apr 22 02:41:35 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
    

  2. Show System Server Release Version:
    # cat /etc/redhat-release

    Red Hat Enterprise Linux Server release 7.4 (Maipo)
    

Show Disk Partitions details

# df -h

Filesystem              Size  Used Avail Use% Mounted on
/dev/mapper/vgsys-root  8.0G  2.1G  6.0G  26% /
devtmpfs                910M     0  910M   0% /dev
tmpfs                   920M     0  920M   0% /dev/shm
tmpfs                   920M   97M  824M  11% /run
tmpfs                   920M     0  920M   0% /sys/fs/cgroup
/dev/mapper/vgsys-var   8.0G  2.1G  6.0G  26% /var
/dev/mapper/vgsys-opt   9.5G  184M  9.3G   2% /opt
/dev/mapper/vgsys-tmp   4.0G   33M  4.0G   1% /tmp
/dev/mapper/vgsys-home  8.0G  7.1G  922M  89% /home
/dev/vda1               509M  195M  315M  39% /boot
tmpfs                   184M     0  184M   0% /run/user/37198

Show all Disks and relation

Zeigt alle Disks an, auch welche die unpartitioniert sind, und nicht gemountet sind!

# lsblk

NAME                  MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda                     8:0    0   80G  0 disk
├─sda1                  8:1    0  512M  0 part /boot
└─sda2                  8:2    0 79.5G  0 part
  ├─vgsys-root        253:0    0    8G  0 lvm  /
  ├─vgsys-swap        253:1    0    2G  0 lvm  [SWAP]
  ├─vgsys-opt         253:2    0 49.5G  0 lvm  /opt
  ├─vgsys-tmp         253:3    0    4G  0 lvm  /tmp
  ├─vgsys-home        253:4    0    8G  0 lvm  /home
  └─vgsys-var         253:5    0    8G  0 lvm  /var
sdb                     8:16   0   80G  0 disk
└─vg_data01-lv_data01 253:6    0   80G  0 lvm  /data01
sr0                    11:0    1 1024M  0 rom

Show Open Ports

# netstat -napl

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd
tcp        0      0 10.1.100.181:22         0.0.0.0:*               LISTEN      900/sshd
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      17361/sshd: rebermi
tcp        0     64 10.1.100.181:22         10.224.204.222:31477    ESTABLISHED 17358/sshd: rebermi
tcp        0      0 10.1.100.181:47656      172.27.130.12:61613     ESTABLISHED 17664/ruby
tcp        0      0 10.1.100.181:43540      172.27.49.65:9997       ESTABLISHED 15129/splunkd
tcp6       0      0 :::9000                 :::*                    LISTEN      29798/nsrexecd
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd
tcp6       0      0 :::9269                 :::*                    LISTEN      29798/nsrexecd
tcp6       0      0 ::1:6010                :::*                    LISTEN      17361/sshd: rebermi
tcp6       0      0 :::7937                 :::*                    LISTEN      29798/nsrexecd
tcp6       0      0 :::7938                 :::*                    LISTEN      29798/nsrexecd
udp        0      0 0.0.0.0:111             0.0.0.0:*                           6061/rpcbind
udp        0      0 10.1.100.181:123        0.0.0.0:*                           26924/ntpd
udp        0      0 127.0.0.1:123           0.0.0.0:*                           26924/ntpd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           26924/ntpd
udp        0      0 0.0.0.0:724             0.0.0.0:*                           6061/rpcbind
udp6       0      0 :::111                  :::*                                6061/rpcbind
udp6       0      0 ::1:123                 :::*                                26924/ntpd
udp6       0      0 :::123                  :::*                                26924/ntpd
udp6       0      0 :::724                  :::*                                6061/rpcbind
udp6       0      0 :::7938                 :::*                                29798/nsrexecd
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  2      [ ACC ]     STREAM     LISTENING     11522    1/systemd            /run/lvm/lvmetad.socket
unix  2      [ ACC ]     STREAM     LISTENING     11275    1/systemd            /run/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     14389    649/gssproxy         /run/gssproxy.sock
unix  2      [ ACC ]     STREAM     LISTENING     30777543 17361/sshd: rebermi  /tmp/ssh-v94wMvs2vd/agent.17361
unix  2      [ ACC ]     STREAM     LISTENING     14191    1/systemd            /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     14388    649/gssproxy         /var/lib/gssproxy/default.sock
unix  2      [ ACC ]     STREAM     LISTENING     14194    1/systemd            /var/run/rpcbind.sock
unix  2      [ ]         DGRAM                    6831     1/systemd            /run/systemd/notify
unix  2      [ ]         DGRAM                    6833     1/systemd            /run/systemd/cgroups-agent
unix  2      [ ACC ]     STREAM     LISTENING     6842     1/systemd            /run/systemd/journal/stdout
unix  2      [ ACC ]     STREAM     LISTENING     11451    1/systemd            /run/lvm/lvmpolld.socket
unix  5      [ ]         DGRAM                    6845     1/systemd            /run/systemd/journal/socket
unix  9      [ ]         DGRAM                    6847     1/systemd            /dev/log
unix  2      [ ]         DGRAM                    11466    1/systemd            /run/systemd/shutdownd
unix  2      [ ACC ]     SEQPACKET  LISTENING     11518    1/systemd            /run/udev/control
unix  2      [ ]         DGRAM                    14377    649/gssproxy
unix  3      [ ]         DGRAM                    12481    494/systemd-udevd
unix  3      [ ]         STREAM     CONNECTED     14366    459/systemd-journal  /run/systemd/journal/stdout
unix  3      [ ]         DGRAM                    12480    494/systemd-udevd
unix  2      [ ]         DGRAM                    12461    494/systemd-udevd
unix  3      [ ]         STREAM     CONNECTED     14365    647/dbus-daemon
unix  2      [ ]         DGRAM                    30777608 17397/sudo
unix  3      [ ]         STREAM     CONNECTED     14402    647/dbus-daemon
unix  3      [ ]         STREAM     CONNECTED     14102    626/auditd
unix  3      [ ]         STREAM     CONNECTED     14258    459/systemd-journal  /run/systemd/journal/stdout
unix  2      [ ]         DGRAM                    25345848 647/dbus-daemon
unix  3      [ ]         STREAM     CONNECTED     12107    481/lvmetad
unix  3      [ ]         STREAM     CONNECTED     2557415  459/systemd-journal  /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     25694704 15129/splunkd
unix  3      [ ]         STREAM     CONNECTED     2557414  29726/crond
unix  2      [ ]         DGRAM                    15260    662/polkitd
unix  2      [ ]         DGRAM                    27844357 26924/ntpd
unix  3      [ ]         DGRAM                    25694716 15134/[splunkd pid=
unix  3      [ ]         STREAM     CONNECTED     14376    1/systemd
unix  3      [ ]         STREAM     CONNECTED     14758    661/systemd-logind
unix  3      [ ]         STREAM     CONNECTED     14393    -
unix  3      [ ]         STREAM     CONNECTED     14759    459/systemd-journal  /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     14404    647/dbus-daemon      /var/run/dbus/system_bus_socket
unix  3      [ ]         DGRAM                    25694715 15129/splunkd
unix  3      [ ]         STREAM     CONNECTED     16427    459/systemd-journal  /run/systemd/journal/stdout
unix  2      [ ]         DGRAM                    14793    661/systemd-logind
unix  3      [ ]         STREAM     CONNECTED     25694714 15134/[splunkd pid=
unix  2      [ ]         DGRAM                    2557417  29726/crond
unix  3      [ ]         STREAM     CONNECTED     25694713 15129/splunkd
unix  3      [ ]         STREAM     CONNECTED     25694705 15129/splunkd
unix  3      [ ]         STREAM     CONNECTED     14395    649/gssproxy         /run/gssproxy.sock
unix  3      [ ]         STREAM     CONNECTED     12108    459/systemd-journal  /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     18263    893/python
unix  3      [ ]         STREAM     CONNECTED     30777525 17361/sshd: rebermi
unix  3      [ ]         STREAM     CONNECTED     18264    647/dbus-daemon      /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     14812    661/systemd-logind
unix  2      [ ]         DGRAM                    30777518 17358/sshd: rebermi
unix  3      [ ]         STREAM     CONNECTED     14101    626/auditd
unix  3      [ ]         STREAM     CONNECTED     30777526 17358/sshd: rebermi
unix  2      [ ]         DGRAM                    14100    626/auditd
unix  3      [ ]         STREAM     CONNECTED     14403    647/dbus-daemon
unix  3      [ ]         STREAM     CONNECTED     14257    649/gssproxy
unix  3      [ ]         STREAM     CONNECTED     14813    647/dbus-daemon      /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     16426    900/sshd
unix  3      [ ]         STREAM     CONNECTED     16106    893/python
unix  3      [ ]         STREAM     CONNECTED     12451    494/systemd-udevd
unix  3      [ ]         STREAM     CONNECTED     15061    647/dbus-daemon      /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     12452    459/systemd-journal  /run/systemd/journal/stdout
unix  2      [ ]         DGRAM                    29758906 1/systemd
unix  3      [ ]         STREAM     CONNECTED     16107    459/systemd-journal  /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     15060    662/polkitd

Show Installed Packages

# rpm -qa

pyserial-2.6-6.el7.noarch
libblkid-2.23.2-43.el7.x86_64
tfm-rubygem-rails-i18n-4.0.8-1.el7sat.noarch
basesystem-10.0-7.el7.noarch
pulp-selinux-2.8.7.14-1.el7sat.noarch
gawk-4.0.2-4.el7_3.1.x86_64
tfm-rubygem-sprockets-rails-2.3.3-1.el7sat.noarch
libsndfile-1.0.25-10.el7.x86_64
libsemanage-2.5-8.el7.x86_64
tfm-rubygem-highline-1.6.21-4.el7sat.noarch
rubygem-bundler_ext-0.3.0-7.el7sat.noarch
fuse-2.9.2-8.el7.x86_64
tfm-rubygem-will_paginate-3.0.7-1.el7sat.noarch
popt-1.13-16.el7.x86_64
cairo-1.14.8-2.el7.x86_64
libmspack-0.5-0.5.alpha.el7.x86_64
tfm-rubygem-trollop-2.0-5.el7sat.noarch
libcap-ng-0.7.5-4.el7.x86_64
geronimo-jms-1.1.1-19.el7.noarch
python-libs-2.7.5-58.el7.x86_64
tfm-rubygem-facter-2.4.0-3.el7sat.x86_64
findutils-4.5.11-5.el7.x86_64
apache-commons-logging-1.1.2-7.el7.noarch
openldap-2.4.44-5.el7.x86_64
tfm-rubygem-awesome_print-1.0.2-13.el7sat.noarch
tomcat-7.0.76-2.el7.noarch
ruby-2.0.0.648-30.el7.x86_64
tfm-rubygem-formatador-0.2.1-9.el7sat.noarch
unzip-6.0-16.el7.x86_64
fuse-libs-2.9.2-8.el7.x86_64
tfm-rubygem-fog-vsphere-0.6.3-1.el7sat.noarch
qrencode-libs-3.4.1-3.el7.x86_64
openssl-1.0.2k-8.el7.x86_64
redhat-release-server-7.4-18.el7.x86_64
tfm-rubygem-activerecord-session_store-0.1.2-1.el7sat.noarch
cracklib-2.9.0-11.el7.x86_64
python-pulp-oid_validation-2.8.7.14-1.el7sat.noarch
libcgroup-0.41-13.el7.x86_64
tfm-rubygem-hammer_cli_katello-0.0.22.29-1.el7sat.noarch
libutempter-1.1.6-4.el7.x86_64
puppet-3.8.6-2.el7sat.noarch
setroubleshoot-plugins-3.0.65-1.el7.noarch
tfm-rubygem-ancestry-2.0.0-4.el7sat.noarch
..

Show Contents of one Installed Package

rpm -ql PACKAGENAME

# rpm -ql httpd

/etc/httpd
/etc/httpd/conf
/etc/httpd/conf.d
/etc/httpd/conf.d/README
/etc/httpd/conf.d/autoindex.conf
/etc/httpd/conf.d/userdir.conf
/etc/httpd/conf.d/welcome.conf
/etc/httpd/conf.modules.d
/etc/httpd/conf.modules.d/00-base.conf
/etc/httpd/conf.modules.d/00-dav.conf
/etc/httpd/conf.modules.d/00-lua.conf
/etc/httpd/conf.modules.d/00-mpm.conf
/etc/httpd/conf.modules.d/00-proxy.conf
/etc/httpd/conf.modules.d/00-systemd.conf
/etc/httpd/conf.modules.d/01-cgi.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/magic
/etc/httpd/logs
/etc/httpd/modules
/etc/httpd/run
/etc/logrotate.d/httpd
/etc/sysconfig/htcacheclean
/etc/sysconfig/httpd
/run/httpd
/run/httpd/htcacheclean
/usr/lib/systemd/system/htcacheclean.service
/usr/lib/systemd/system/httpd.service
/usr/lib/tmpfiles.d/httpd.conf
/usr/lib64/httpd
/usr/lib64/httpd/modules
/usr/lib64/httpd/modules/mod_access_compat.so
/usr/lib64/httpd/modules/mod_actions.so
/usr/lib64/httpd/modules/mod_alias.so
/usr/lib64/httpd/modules/mod_allowmethods.so
/usr/lib64/httpd/modules/mod_asis.so
..

Show what exactly a Package does on installation

rpm -qp –scripts PACKAGENAME

# rpm -qp --scripts patchman-1.0.20-1.noarch.rpm

postinstall scriptlet (using /bin/sh):
#!/bin/sh

if [ ! -e /etc/httpd/conf.d/patchman.conf ] ; then
    cp /etc/patchman/apache.conf.example /etc/httpd/conf.d/patchman.conf
fi

if ! grep /usr/lib/python2.7/site-packages /etc/httpd/conf.d/patchman.conf >/dev/null 2>&1 ; then
    sed -i -e "s/^\(Define patchman_pythonpath\).*/\1 \/usr\/lib\/python2.7\/site-packages/" \
    /etc/httpd/conf.d/patchman.conf
fi

service httpd reload

patchman-set-secret-key
chown apache /etc/patchman/local_settings.py

mkdir -p /var/lib/patchman/db
patchman-manage collectstatic --noinput

patchman-manage makemigrations
patchman-manage migrate --run-syncdb

chown -R apache:apache /var/lib/patchman
chcon --type httpd_sys_rw_content_t /var/lib/patchman/db/patchman.db

echo
echo "Remember to run 'patchman-manage createsuperuser' to create a user."
echo


Redhat Dokumentation zum Thema