reset root user password rhel7 Centos 7

BY ARK · PUBLISHED MAY 12, 2016 · UPDATED MAY 12, 2016

reset root user password rhel7 and centos 7.  Some times if you forgot root user password, you can’t reset root user password from any other user since Linux is not allowed to reset the root user password from other Normal / Administrator user.

If your going to write RHCSA (Red hat Certified System Administrator) and RHCE (Red hat Certified Engineer) certifications this is the first step you have to resolve.

reset root user password procedure

When you type wrong password above authentication failure screen will appear. Then in the top right corner there is a power button will appear as shown in below screenshot, click on power button then click restart

Click Restart

Server will restart.

When server is loading boot menu then press any key (Arrow Key / Space Bar) to stop the boot menu, then press ‘e’ to edit the kernel line. Whenever kernel lines are edited below screen will appear

in kernel line where you see “linux16” word go to end of that line and type rd.break console=tty1 then press CTRL+X

server will continue to boot in single user mode. File system in this mode will be in Read Only mode. So we have to remount the file system as Read / Write then only we can able to make a change in configuration files. when we change an Password of root user encrypted password will be stored in /etc/shadow.

switch_root# mount -o remount,rw /sysroot

above command will mount an file system as read-write

switch_root# chroot /sysroot

above command will change as actual root

sh-4.2# passwd

above command will change the password of root user

Now root password is changed. 

Note: In RHEL7 by default SELinux is in enforcing state so we have to relabel the SELinux then only server will boot properly when you reboot to do that follow the below steps

Read More  What is a Shell & Shell script very basic to learn for freshers

sh-4.2# touch /.autorelabel

Above mentioned command will create an hidden file under the slash which means SELinux will auto matically relabel the SELinux policy when server is booting.

That’s it After the successful boot of server use new password to login.

Secure web Server using SSL certification in RHEL 7

Installing and configuring Secure web Server in RHEL 7. SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When we installed an web server with SSL (Secure Socket Later) certificate it shows an padlock in starting of the address bar and HTTPS protocol. As shown in the below figure.

For an standard SSL it will not show an PadLcok but it will show an https protocol.

How SSL certificate provides more security to website

1.     A browser attempts to connect a web site secured with SSL. The browser requests that the we server identify itself.

2.     There are two types of keys will be placed in server one is public key, Second one is private key. Public key of copy will be installed with the browser installation itself because most of CA (Certification authorities) will be listed in web browsers. When client request for an web page request first reach to DNS server it will verify the IP address details then transfer the request to Web server web server will send an SSL certificate (Public key token) client launches with HTTPS website.

3.     Now server and client data will be encrypted with 2048 bit

  

If you would like to see an listed Certificate authorities in Google chrome Settings → Show Advanced Settings → HTTPS/SSL → Manage Certificates (Screenshot is shown below)

 

Above listed certificates are pre-loaded when you install an browser

Now Let’s Go back our real installation and configuration of Secure web server using SSL certification in RHEL 7

First install an http packages

[root@TechTutorial ~]# yum install http*

[root@TechTutorial ~]# systemctl enable httpd.service

[root@TechTutorial ~]# systemctl start httpd.service

[root@TechTutorial ~]# systemctl status httpd.service 

httpd.service - The Apache HTTP Server

 Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)

 Active: active (running) since Tue 2016-03-08 15:39:00 IST; 6s ago

 Main PID: 6694 (httpd)

Now create an sample html file in default web location /var/www/html/ directory 

[root@TechTutorial html]# vim /var/www/html/index.html 

<h1>Secure Site</h1>

</h2> Secure Site is Opened </h2>

:wq (Save & Exit)

Permit Firewall to connect web server from client

[root@TechTutorial html]# firewall-cmd --permanent --add-service=https

success

[root@TechTutorial html]# firewall-cmd --reload

success

In RHEL 7 we can mention directly the service name which will automatically enables the appropriate port number in the backend

This is purely demo purpose only (Generating an SSL Certificate)

[root@TechTutorial private]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/apache.key -out /etc/pki/tls/certs/apache.crt

Generating a 2048 bit RSA private key

............................................+++

.......................................................................................+++

writing new private key to '/etc/pki/tls/private/apache.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:IN

State or Province Name (full name) []:Telangana

Locality Name (eg, city) [Default City]:Hyderabad

Organization Name (eg, company) [Default Company Ltd]:ArkIT

Organizational Unit Name (eg, section) []:IT

Common Name (eg, your name or your server's hostname) []:TechTutorial.arkit.com

Email Address []:

After you enter the request, you will be taken to a prompt where you can enter information about your website. Before we go over that, let’s take a look at what is happening in the command we are issuing:

openssl: This is the basic command line tool for creating and managing OpenSSL certificates, keys, and other files.
req -x509: This specifies that we want to use X.509 certificate signing request (CSR) management. The “X.509” is a public key infrastructure standard that SSL and TLS adhere to for key and certificate management.
-nodes: This tells OpenSSL to skip the option to secure our certificate with a passphrase. We need Apache to be able to read the file, without user intervention, when the server starts up. A passphrase would prevent this from happening, since we would have to enter it after every restart.
-days 365: This option sets the length of time that the certificate will be considered valid. We set it for one year here.
-newkey rsa:2048: This specifies that we want to generate a new certificate and a new key at the same time. We did not create the key that is required to sign the certificate in a previous step, so we need to create it along with the certificate. The rsa:2048 portion tells it to make an RSA key that is 2048 bits long.
-keyout: This line tells OpenSSL where to place the generated private key file that we are creating.
-out: This tells OpenSSL where to place the certificate that we are creating.

Fill out the prompts appropriately. The most important line is the one that requests the Common Name. You need to enter the domain name that you want to be associated with your server. You can enter the public IP address instead if you do not have a domain name.

Ensure that file are generate and kept under the below directory path

/etc/pki/tls/certs/

Now Copy the ssl.conf file from /etc/httpd/conf.d/ssl.conf to any temp location (Example /tmp) then edit the file.

[root@TechTutorial ~]# cp /etc/httpd/conf.d/ssl.conf /opt/

in Default ssl.conf file delete lines from 1 to 69 until ‘SSLEngine on‘ Key word appears 

below is the finall configuration file for configuring the SSL certificate

[root@TechTutorial opt]# vim /etc/httpd/conf.d/arkit.conf

<VirtualHost *:443>

 ServerAdmin root@localhost

 ServerName TechTutorial.arkit.com

 DocumentRoot /var/www/html

SSLEngine on

SSLProtocol all -SSLv2

SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

SSLHonorCipherOrder on

SSLCertificateFile /etc/pki/tls/certs/arkit.com.crt

SSLCertificateKeyFile /etc/pki/tls/private/arkit.com.key

SSLCertificateChainFile /etc/pki/tls/certs/arkit.com.csr

</VirtualHost>

:wq (Save & Exit)

Restart the web service (http.service) to reflect the changes

Client Side

Browse the website which should load with https://arkit.co.in

That’s it. you successfully configure secure web server with SSL certificate in RHEL 7 / Centos 7

Configure YUM Repository for Network Installation Using FTP and HTTP - Redhat Linux RHCE

YUM is the Linux package management tool that help to install or update the packages, it does automatic installation of dependent packages which is required by main installation package. To setup the YUM repository we need one server system where all the packages are hosted and the client system where you want to install or update the packages.

COPYING THE PACKAGES:

 In order to enable YUM repository through FTP or HTTP / Apache we have to copy the RPM packages to both the places. 

SERVER Side:

Install FTP server packages. 

~]# yum install vsftpd*

Start the FTP service
~]# service vsftpd restart
Shutting down vsftpd:                                      [FAILED]
Starting vsftpd for vsftpd:                                [  OK  ]
~]# chkconfig vsftpd on
~]# service iptables stop

Now Install HTTP server packages

~]#yum install http*
~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

Edit Apache configuration file to enable the indexes.

~]#vi /etc/httpd/conf/httpd.conf

From

~]#Options Indexes FollowSymLinks

To

~]#Options All Indexes FollowSymLinks

Remove the welcome page.

~]#rm -rf /etc/httpd/conf.d/welcome.conf

Restart the httpd service after changing the settings

~]#service httpd restart

Verify the above using the web browser by visiting ftp://ip-address or http://ip-address.

Copy the packages to FTP Path

Assuming  /media/RHEL is the Mount of the CD/DVD of installation media.

~]# cp -Rv /media/RHEL/Server/* /var/ftp/pub/ 

copy the packages to HTTP path as well

~]#cp -Rv /media/RHEL/Server/* /var/www/html/

Creating Repository:

  After hosting the packages, we need to create the repository of the packages that you have copied from the disc. CreateRepo is the tool that help you to create the XML based rpm meta structure repository, It is like an index file that point to the rpm files. This XML files used for resolving the dependency packages which is required by main package.Install CreateRepo package.

install the below RPM's before running createrepo command

~]#rpm -Uvh deltarpm-**.el6.x86_64.rpm python deltarpm-**.el6.x86_64.rpm createrepo-**.rpm 
 
For FTP

~]#createrepo -v /var/ftp/pub/

For HTTP

~]# createrepo -v /var/www/html/

after completing the repository creation Go to client side configure the client to get repo from server

Client Side Configuring Repository:

Once created the repository, just go on to the client machine and add the repository file under the /etc/yum.repos.d directory. Change ipadress to your server ip address..

~]# vi /etc/yum.repos.d/remoteftp.repo

#FTP 

[remote] name=RHEL FTP
baseurl=ftp://192.168.0.151
enabled=1
gpgcheck=0

~]# vi /etc/yum.repos.d/remotehttp.repo

#HTTP 

[remote] name=RHEL Apache
baseurl=http://192.168.0.151
enabled=1
gpgcheck=0

Install Packages using YUM:

~]#yum install PackageName

Conclusion:

From the above you could see the MySQL Server packages installed with all dependent packages, It performs the same task that RPM can. It provides a easy installation of packages in single command line. If you face any problem on FTP or Apache, do disabling the iptables

PXE Boot server configuration step by step Guide

BY ARK · PUBLISHED MARCH 20, 2016 · UPDATED JANUARY 8, 2017

Preboot eXecution Environment (PXE Boot, sometimes pronounced as pixie) specification describes a standardized client-server environment that boots a software assembly, retrieved from a network, on PXE-enabled clients. On the client side it requires only a PXE-capable network interface controller (NIC), and uses a small set of industry-standard network protocols such as DHCP and TFTP.

The concept behind the PXE originated in the early days of protocols like BOOTP/DHCP/TFTP, and as of 2015 it forms part of the Unified Extensible Firmware Interface (UEFI) standard. Given fast and reliable local area networks (LANs), PXE is the most frequent choice for operating system booting, installation and deployment.

Assume if there is no PXE Boot server we have to have more OS CD/DVD’s to install multiple clients and require manual intervention to configure partitions, software packages users creation so an.

PXE Boot is very useful when we looking to re-image / install more clients yet a time.

Server OS – RHEL 7 / Centos 7

Note: Observe carefully and do not miss even single character of config files, which may result un-successful PXE Boot Server.

PXE Boot Advantages :

1.     No need to carry Installation media all the times

2.     Less manual intervention required

3.     No need to monitor installation process

Let’s see the procedure how to configure PXE Boot server

Step 1: Assign static IP address to PXE Boot Server

using below command we can assign static IP address to server in RHEL7 / Centos 7

[root@Ark-PXEBootServer ~]# nmcli connection modify eno16777736 ipv4.addresses 192.168.4.13/24 ipv4.gateway 192.168.4.2 ipv4.dns 192.168.4.12 ipv4.method manual connection.autoconnect yes

Bring down and bring up interface connection to reflect changes OR restart network service systemctl restart network.service

[root@Ark-PXEBootServer ~]# nmcli connection show

NAME UUID TYPE DEVICE

eno16777736 c3d606c9-1e71-4c62-8280-7b2380d11b97 802-3-ethernet eno16777736

[root@Ark-PXEBootServer ~]# nmcli connection down eno16777736

[root@Ark-PXEBootServer ~]# ip a

Step 2: Install FTP server and copy OS CD / DVD content to FTP path

mount the installation media to your server and copy the total content to FTP path

[root@Ark-PXEBootServer ~]# mount /dev/sr0 /run/media/root/

[root@Ark-PXEBootServer ~]# rpm -ivh /run/media/root/RHEL-7.1\ Server.x86_64/Packages/vsftpd-3.0.2-9.el7.x86_64.rpm

[root@Ark-PXEBootServer ~]# cd /run/media/root/RHEL-7.1\ Server.x86_64/

[root@Ark-PXEBootServer ~]# cp -Rvf * /var/ftp/pub/

Now create an YUM server using copied packages

[root@Ark-PXEBootServer ~]# cd /etc/yum.repos.d/

[root@Ark-PXEBootServer ~]# vim localyum.repo

[localyum]

name=local yum server

baseurl=file:///var/ftp/pub/

enable=1

gpgcheck=0

:wq  (Save & Exit)

[root@Ark-PXEBootServer ~]# cd /var/ftp/pub/repodata/

[root@Ark-PXEBootServer ~]# cp 527a8b3063d516bd9d4cf33ebf5f8c5a0e83fecb48babbb9e84c7c573004b3f4-comps-Server.x86_64.xml /var/ftp/pub/comps-Server.x86_64.xml

[root@Ark-PXEBootServer ~]# rpm -ivh /var/ftp/pub/Packages/createrepo-0.9.9-23.el7.noarch.rpm

[root@Ark-PXEBootServer ~]# createrepo -vg /var/ftp/pub/comps-Server.x86_64.xml /var/ftp/pub/

[root@Ark-PXEBootServer ~]# yum grouplist

Step 3: Install and configure httpd / Apache / Web server

Install required packages and point the copied packages to web server default location. Permit SeLinux.

[root@Ark-PXEBootServer ~]# yum install httpd system-config-kickstart -y

[root@Ark-PXEBootServer ~]# ln -s /var/ftp/pub/ /var/www/html/

[root@Ark-PXEBootServer ~]# systemctl restart vsftpd.service

[root@Ark-PXEBootServer ~]# systemctl status vsftpd.service

[root@Ark-PXEBootServer ~]# systemctl enable vsftpd.service

[root@Ark-PXEBootServer ~]# systemctl restart httpd.service

[root@Ark-PXEBootServer ~]# systemctl status httpd.service

[root@Ark-PXEBootServer ~]# systemctl enable httpd.service

[root@Ark-PXEBootServer ~]# restorecon -Rvf /var/www/html/

[root@Ark-PXEBootServer ~]# restorecon -Rvf /var/ftp/pub/

[root@Ark-PXEBootServer ~]# systemctl restart vsftpd.service 

[root@Ark-PXEBootServer ~]# systemctl restart httpd.service

Step 4: Generate unattended configuration file

To generate un-attended configuration file we have to use kickstart config tool

Required GUI to launch this tool

Login to your server using GUI support and run below command

[root@Ark-PXEBootServer ~]# system-config-kickstart

as shown in above screen select system language, keyboard language and root password

provide IP address and location of your DVD content path

Select install new boot loader

Select Clear Master boot Record and Click on Add

Add paritions ” /, /boot and swap” by repeating Add button

Click on Add Network Device and provide Network device name and Type

Authentication tab no need select anything leave it as it is

Select the option if you want enable Firewall configuration after the client installation

in this GUI tool there is no option to include packages, we have to add them by manually

in Post installation Script if you want to execute any script after the installation you can include them

Save the file to /var/ftp/pub/  location

Now edit the configuration file and add packages list to that config file

we can make use of anaconda-ks.cfg file add blod characters to your /var/ftp/pub/auto.cfg file

[root@ldapclient1 pub]# vim /var/ftp/pub/auto.cfg

#platform=x86, AMD64, or Intel EM64T

#version=DEVEL

# Install OS instead of upgrade

install

# Keyboard layouts

keyboard 'us'# Reboot after installation

reboot

# Root password

rootpw --iscrypted $1$AWgTZ0t6$q/EdV2HgySO.sNxekJdEb.

# System timezone

timezone Asia/Kolkata

# Use network installation

url --url="http://192.168.4.13/pub"

# System language

lang en_US

# Firewall configuration

firewall --disabled

# Network information

network --bootproto=dhcp --device=eth0

# System authorization information

auth --useshadow --passalgo=sha512

# Use graphical install

graphical

firstboot --disable

# SELinux configuration

selinux --enforcing

# System bootloader configuration

bootloader --location=mbr

# Clear the Master Boot Record

zerombr

# Partition clearing information

clearpart --all

# Disk partitioning information

part /boot --fstype="xfs" --size=200

part / --fstype="xfs" --size=10000

part swap --fstype="swap" --size=2000

%packages

@base

@compat-libraries

@core

@desktop-debugging

@dial-up

@fonts

@gnome-desktop

@guest-agents

@guest-desktop-agents

@input-methods

@internet-browser

@multimedia

@print-client

@x11

chrony

kexec-tools

kexec-tools

%end

%post

useradd ravi

echo "ravi" |passwd --studin redhat

%end

Step 5: Install and configure tftp Server and DHCP server

Xinetd listens for incoming requests over a network and launches the appropriate service for that request

DHCP – Dynamic Host Configuration Protocol – to assign automatic IP address to PXE Boot client

Trivial File Transfer Protocol (TFTP) is a simple, lockstep, File Transfer Protocol which allows a client to get from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. TFTP has been used for this application because it is very simple to implement

[root@Ark-PXEBootServer ~]# yum install syslinux xinetd tftp-server dhcp -y

[root@Ark-PXEBootServer ~]# mkdir /var/lib/tftpboot/pxelinux.cfg

[root@Ark-PXEBootServer ~]# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/

Enable TFTP service to run under the xinetd service

[root@Ark-PXEBootServer ~]# vim /etc/xinetd.d/tftp

[root@Ark-PXEBootServer ~]# cat /etc/xinetd.d/tftp

# default: off

# description: The tftp server serves files using the trivial file transfer \

# protocol. The tftp protocol is often used to boot diskless \

# workstations, download configuration files to network-aware printers, \

# and to start the installation process for some operating systems.

service tftp

{

 socket_type = dgram

 protocol = udp

 wait = yes

 user = root

 server = /usr/sbin/in.tftpd

 server_args = -s /var/lib/tftpboot

 disable = no

 per_source = 11

 cps = 100 2

 flags = IPv4

}

[root@Ark-PXEBootServer ~]# systemctl restart xinetd.service

[root@Ark-PXEBootServer ~]# systemctl enable xinetd.service

Configure the DHCP server, below mentioned configuration we have to modify in dhcp configuration file. (block and Bold characters)

[root@Ark-PXEBootServer ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf

cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y

[root@Ark-PXEBootServer ~]# vim /etc/dhcp/dhcpd.conf

################################ DHCP SERVER CONFIG START ############################

# dhcpd.conf

#

# Sample configuration file for ISC dhcpd

#

Allow booting;

Allow bootp;

authoritative;

# option definitions common to all supported networks...

option domain-name "example.org";

option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;

max-lease-time 7200;

# Use this to enble / disable dynamic dns updates globally.

#ddns-update-style none;

# If this DHCP server is the official DHCP server for the local

# network, the authoritative directive should be uncommented.

#authoritative;

# Use this to send dhcp log messages to a different log file (you also

# have to hack syslog.conf to complete the redirection).

log-facility local7;

# No service will be given on this subnet, but declaring it helps the

# DHCP server to understand the network topology.

subnet 10.152.187.0 netmask 255.255.255.0 {

}

# This is a very basic subnet declaration.

subnet 192.168.4.0 netmask 255.255.255.0 {

 range 192.168.4.1 192.168.4.50;

 option routers 192.168.4.13;

 default-lease-time 21600;

 max-lease-time 43200;

}

# This declaration allows BOOTP clients to get dynamic addresses,

# which we don't really recommend.

subnet 192.168.4.0 netmask 255.255.255.0 {

 range dynamic-bootp 192.168.4.101 192.168.4.200;

 option broadcast-address 192.168.4.255;

 option routers 192.168.4.13;

 option domain-name "arkit.co.in";

 option domain-name-servers 192.168.4.12;

 default-lease-time 21600;

 max-lease-time 43200;

 filename "pxelinux.0";

 next-server 192.168.4.13;

}

###################### DHCP SERVER CONFIG FILE ############################

Verify the dhcp configuration and restart the service

[root@Ark-PXEBootServer ~]# dhcpd configtest

[root@Ark-PXEBootServer ~]# systemctl restart dhcpd.service

[root@Ark-PXEBootServer ~]# systemctl status dhcpd.service

Step 6: Configure boot menu and image for remote PXE Boot client

Configure and design the boot menu, this menu is visible yet the client side

[root@Ark-PXEBootServer ~]# cd /var/ftp/pub/images/pxeboot/

[root@Ark-PXEBootServer pxeboot]# cp initrd.img vmlinuz /var/lib/tftpboot/

[root@Ark-PXEBootServer pxeboot]# cp /usr/share/syslinux/menu.c32 /var/lib/tftpboot/

[root@Ark-PXEBootServer isolinux]# cd /var/ftp/pub/isolinux/

[root@Ark-PXEBootServer isolinux]# cp -rvf * /var/lib/tftpboot/

[root@Ark-PXEBootServer isolinux]# vim /var/lib/tftpboot/pxelinux.cfg/default

[root@Ark-PXEBootServer isolinux]# cat /var/lib/tftpboot/pxelinux.cfg/default

default vesamenu.c32

timeout 600

display boot.msg

menu background splash.jpg

menu title Welcome to the RHEL 7 PXE Installation!

label local

menu label boot from ^local drive

menu default

localboot 0xffff

label ws

menu label Unattend Installation of RHEL7

kernel vmlinuz

append biosdevname=0 ksdevice=link load_ramdisk=1 initrd=initrd.img network ks=http://192.168.4.13/pub/auto.cfg noipv6

label si

menu label RHEL 7 ^Standard Installation

kernel vmlinuz

append biosdevname=0 ksdevice=link load_ramdisk=1 initrd=initrd.img

[root@Ark-PXEBootServer isolinux]# systemctl restart xinetd

[root@Ark-PXEBootServer isolinux]# systemctl status xinetd

Step 7: Enable firewall ports

Enable ftp, dhcp, http, nfs and 4011 port from firewall

[root@ldapclient1 ~]# firewall-cmd --permanent --add-service=ftp

success

[root@ldapclient1 ~]# firewall-cmd --permanent --add-service=tftp

success

[root@ldapclient1 ~]# firewall-cmd --permanent --add-service=dhcp

success

[root@ldapclient1 ~]# firewall-cmd --permanent --add-service=nfs

success

[root@ldapclient1 ~]# firewall-cmd --permanent --add-port=4011/tcp

success

[root@ldapclient1 ~]# firewall-cmd --reload

success

That’s it. PXE Boot server is configured successfully

Process Management

•       System Defined Process

•        User Defined Process

System defined process is called as daemon. It is a program running for the service. It will start when booting the operating system, we can also start manually.

             

           User defined process is called executing commands.

Init is the parent process for all the processes. Process id is 0 always.

$ ps     -           it will display the process status correct terminal

ps Command Output

pts/0   -           sudo terminal

         The sudo Terminal command can be used by administrators to execute commands as a different user (for example, as root). When executing this command, you will be prompted to enter the password for the administrator account you are currently logged in as.

tty/1    -           virtual terminal

ps command options 

                                        ps –a (a = all the processes)

                                    ps –f    - full description of the process

                                    ps –af

                                    ps –u  - for user processes

                                    ps –x   - system processes

                                    ps –aux            - all terminals system processes

To see the background running processes

$ jobs  -           to see background processes

$ fg

$ top -           it will display dynamic running processes correct time, system up time and number of users logged in, CPU load memory and processes.

enter to the top by enter the top command 

when your in top press SHIFT+F to see all the available top options 

top options

Killing the processes:

     When you want to kill the process you should have privileges to kill the process. Find process its related PID's using ps command.

# kill -9 <PID>         - kill the process using Process ID

# kill –a <name>     - kill the process using process name

creating secret website using Apache server in RHEL 7

BY ANKAM RAVI KUMAR · MAY 20, 2016

creating secret website means Installing and configuring Apache server and host an web site but web site would not accessible from all the hosts and its not visible even to the other hosts.

Why we have to host such a type of web site..?

We know maintaining confidential information as confidentially is very impotent, such a type of information can’t be shared / see by others who are not authorized to see. In this cases we can host a web site which will not be accessible from any other hosts, we can allow only certain IP addresses to access the web site.

creating secret website using Apache server in RHEL 7 procedure

To install and configure normal web site using Apache in RHEL 7 see this article

Requirements to create secret web site

§  List of IP addresses to allow access

§  Httpd / Apache service should be in running state

§  Red Hat Enterprise Linux Version 7

Web server installation process, install required packages, enable and start the service

[root@TechTutorial ~]# yum install httpd*

[root@TechTutorial ~]# systemctl enable httpd.service

[root@TechTutorial ~]# systemctl start httpd.service

[root@TechTutorial ~]# systemctl status httpd.service 

httpd.service - The Apache HTTP Server

   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)

   Active: active (running) since Tue 2016-03-08 15:39:00 IST; 6s ago

 Main PID: 6694 (httpd)

Create a New directory under /var/www/html/ path. In this example i am going to create directory name called ‘secret’ which may be any name as you like

[root@TechTutorial ~]# mkdir /var/www/html/secret

Create a sample HTML file for testing purpose under /vat/www/html/secret directory with name Index.html, because index.html name is already by default mentioned in httpd configuration file

[root@TechTutorial html]# vim /var/www/html/secret/index.html 

<h1>Secret Web Server</h1>

</h2> Just Testing</h2>

Save the file and Exit :wq!

Permit firewall ports to communicate with clients

[root@TechTutorial html]# firewall-cmd --permanent --add-service=http

success

[root@TechTutorial html]# firewall-cmd --permanent --add-service=https

success

[root@TechTutorial html]# firewall-cmd --reload

success

Configuring the secret web site, Create file with .conf extension under /etc/httpd/conf.d/secret.conf in this example i am using secret.conf file. Now edit the file and write below configuration in it.

[root@TechTutorial ~]# vim /etc/httpd/conf.d/secret.conf 

<VirtualHost *:80>

    ServerAdmin     root@localhost

    ServerName    TechTutorial.arkit.co.in

    DocumentRoot    /var/www/html

</VirtualHost>

<Directory </var/www/html/secret">

    Order allow,deny

    Allow from desktop.arkit.co.in

    Deny from all

</Directory>

As per the above configuration file we are denying all other machines to access web site except desktop.arkit.co.in in place of domain name we can also give IP address

Read More  Linux Interview Questions and Answers

Note: Use allow access in the top and then deny because if you mention deny first then you have to write deny rule for all other IP addresses. Simple deny all except particular hosts / IP’s.

Restart Apache service to reflect the changes

[root@TechTutorial ~]# systemctl restart httpd.service

Test Web site from client

In this case Website will only be accessible from desktop.arkit.co.in machine it will not accessible from any other machine.

samba share multi user access

BY ARK · MAY 29, 2016

In previous article we discussed about creating and configuring SMB / CIFS share with single user support which CIFS share can’t be accessed by multiple users. In this article we are going to discuss about samba share multi user access which means SMB / CIFS share can be accessed by multiple users with in the server OR from client.

Creating SMB / CIFS share means it should be accessible from UNIX and Windows platforms. Samba Share user access must be identified with valid users and groups by checking their passwords then controls by comparing their access rights to the permissions on files and directories.

SMB / CIFS share features

§  Active File sharing

§  Faster data transfer in low band width network

§  Secure Data Transfer with user credential

§  Node Fault tolerance

§  Scalable

Samba Server Profile

§  Packages required: samba*

§  Port Number: 445

§  Daemon Name: smb

§  config File Location: /etc/samba/smb.conf

Let’s see how to create samba share multi user access

[root@ArkIT ~]# yum install samba*

Dependencies Resolved

======================================================================

 Package Arch Version Repository Size

======================================================================

Installing:

 samba x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 555 k

 samba-client x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 515 k

 samba-python x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 1.9 M

 samba-winbind x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 438 k

 samba-winbind-clients x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 120 k

 samba-winbind-modules x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 100 k

Installing for dependencies:

 iniparser x86_64 3.1-5.el7 ARKIT.CO.IN 14 k

 pyldb x86_64 1.1.17-2.el7 ARKIT.CO.IN 36 k

 python-tdb x86_64 1.3.0-1.el7 ARKIT.CO.IN 15 k

 python-tevent x86_64 0.9.21-3.el7 ARKIT.CO.IN 16 k

Transaction Summary

===================================================================

Install 6 Packages (+4 Dependent packages)

Installed:

 samba.x86_64 0:4.1.12-21.el7_1 samba-client.x86_64 0:4.1.12-21.el7_1 samba-python.x86_64 0:4.1.12-21.el7_1 samba-winbind.x86_64 0:4.1.12-21.el7_1

 samba-winbind-clients.x86_64 0:4.1.12-21.el7_1 samba-winbind-modules.x86_64 0:4.1.12-21.el7_1

Dependency Installed:

 iniparser.x86_64 0:3.1-5.el7 pyldb.x86_64 0:1.1.17-2.el7 python-tdb.x86_64 0:1.3.0-1.el7 python-tevent.x86_64 0:0.9.21-3.el7

Complete!

Now Enable and Start SMB service. Enabling service which will automatically start the smb service immediate after server reboot.

[root@server ~]# systemctl enable smb.service

ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'

[root@server ~]# systemctl start smb.service

[root@server ~]# systemctl status smb.service

smb.service - Samba SMB Daemon

 Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled)

 Active: active (running) since Sun 2016-05-29 17:55:17 IST; 9s ago

 Main PID: 4065 (smbd)

Make an directory to share using SMB / CIFS

[root@server ~]# mkdir /arkit-multiuser

By default SELinux is enabled. SELinux will not allow to share directory with other network client without proper SELinux security policies

[root@server ~]# semanage fcontext -a -t samba_share_t "/arkit-multiuser(/.*)?"

[root@server ~]# restorecon -vRF /arkit-multiuser/

restorecon reset /arkit-multiuser context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0

[root@server ~]# ls -ldZ /arkit-multiuser/

drwxr-xr-x. root root system_u:object_r:samba_share_t:s0 /arkit-multiuser/

SELinux context for SMB / CIFS share is samba_share_t

Enabling the firewall ports to communicate with clients

[root@server ~]# firewall-cmd --permanent --add-service=samba

success

[root@server ~]# firewall-cmd --reload

success

Adding normal users and converting them as Samba users

[root@server ~]# useradd ravi

[root@server ~]# useradd ramana

[root@server ~]# useradd srikanth

[root@server ~]# smbpasswd -a ravi

New SMB password:

Retype new SMB password:

Added user ravi.

[root@server ~]# smbpasswd -a ramana

New SMB password:

Retype new SMB password:

Added user ramana.

[root@server ~]# smbpasswd -a srikanth

New SMB password:

Retype new SMB password:

Added user srikanth.

To verify Samba user 

[root@server ~]# pdbedit -L -v ravi

Unix username: ravi

NT username:

Account Flags: [U ]

User SID: S-1-5-21-3339526382-645010227-446471857-1000

Primary Group SID: S-1-5-21-3339526382-645010227-446471857-513

Full Name:

Home Directory: \\server\ravi

HomeDir Drive:

Logon Script:

Profile Path: \\server\ravi\profile

Domain: SERVER

Account desc:

Workstations:

Munged dial:

Logon time: 0

Logoff time: Wed, 06 Feb 2036 20:36:39 IST

Kickoff time: Wed, 06 Feb 2036 20:36:39 IST

Password last set: Sun, 29 May 2016 18:07:47 IST

Password can change: Sun, 29 May 2016 18:07:47 IST

Password must change: never

Last bad password : 0

Bad password count : 0

Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Creating common group and add user to group provide access

[root@server ~]# groupadd IT

[root@server ~]# usermod -aG IT ravi

[root@server ~]# usermod -aG IT ramana

Configuring the Samba share with multi user support. Edit the configuration file and add the configuration yet end of config file

[root@server ~]#vim /etc/samba/smb.conf

[multiuser]

 comment = Information Technology Team

 path = /arkit-multiuser

 write list = @IT

 hosts allow = 192.168.4.

Save and Exit 

That’s about server side configuration

Now client side configuration

[root@server ~]# yum install cifs-utils

Installed:

 cifs-utils.x86_64 0:6.2-7.el7

Complete!

Now create an file in /root with username and password and restrict access to other user

[root@server ~]# vim /root/access

[root@server ~]# chmod 600 /root/access

[root@server ~]# ls -l /root/access

-rw-------. 1 root root 30 May 29 18:24 /root/access

[root@server ~]# cat /root/access

username=ravi

password=redhat

[root@server ~]#

Open /etc/fstab file and mount the samba share permanently 

[root@Client ~]#vim /etc/fstab

//192.168.4.20/multiuser /mnt/coss cifs,credentials=/root/access,defaults,multiuser,sec=ntlmssp 0 0

Save & Exit

[root@Client ~]# mount -a

now let login to other user and check the CIFS share visibility and access

[root@Client ~]# cifscreds add 192.168.4.20

Check using df command

That’s it. 

Conclusion

samba share multi user access SMB / CIFS has been created. Now you learned that creating and configuring samba multi user access