User:Tom/RHCE EX300-2: Difference between revisions

From RoggeWiki
Jump to navigation Jump to search
Line 28: Line 28:
  /etc/pamd.d/
  /etc/pamd.d/
  /etc/sssd/sssd.conf          Daemon used for retrieving and caching user and authentication information.
  /etc/sssd/sssd.conf          Daemon used for retrieving and caching user and authentication information.
                               Install sssd service before using the authcong utilities (yum install group "Directory Client".
                               Install sssd service before using the authcong utilities (yum install group "Directory Client").
  /etc/sysconfig/authconfig
  /etc/sysconfig/authconfig
   
   

Revision as of 20:36, 6 June 2017

25 Configuring Kerberos

KDC     Key Distribution Center. A central key server. Issues tickets.
Realm   All hosts taht use the same KDC to get tickets.
TGT     Ticket Granting Ticket

Principal name nfs/server.example.com@EXAMPLE.COM
User name      tom@EXAMPLE.COM
Commands
authconfig                Configure LDAP authentication with Kerberos authorization.
authconfig --test         Get an overview of the current configuration and see what services are used.
authconfig-tui
authconfig-gtk

klist                      Lists cached Kerberos tickets.
Files
/etc/krb5.keytab             Needed by a server hosting Kerberized services. Contains names of all service principals on that server.

/etc/nslcd.conf              Alternative for sssd.
/etc/nsswitch.conf 
/etc/openldap/cacerts        Stores root certificate authorities
/etc/openldap/ldap.conf      LDAP client configuration
/etc/pamd.d/
/etc/sssd/sssd.conf          Daemon used for retrieving and caching user and authentication information.
                             Install sssd service before using the authcong utilities (yum install group "Directory Client").
/etc/sysconfig/authconfig


...

34 DNS

Unbound is the preferred package.

Install, enable and start unbound. 

/etc/unbound/unbound.conf

35 MariaDB

install mariadb mariadb-server mariadb test
systemctl start mariadb
systemctl enable mariadb

Italic text 

firewall-cmd --add-service mysql --permanent

mysql_secure_installation
/usr/libexec/mysqld --help --verbose          Information about all the settings

show databases;
use databases;
create database dbname;
create tsble tablename (name varchar(40),place varchar(40));
describe tablename;

delete from tablename where field = ' value ';
update tablename set field = value where field2 = ' value ';
insert into tablename (field1,field2) values(' value1 ',' value2 ');

where clause = <> > >= <  >= BETWEEN LIKE IN

create user username@'localhost' identified by password;
drop user 'username'@'localhost';
grant select,update,delete,insert on *.* to username@'localhost';  
grant all priviliges on ...

mysqldump -u root =p -p database --databases >dumpfileItalic text
drop database databasename;
create database databasename;
mysql -u root -p -p databasename <dumpfile;

36 NFS

37 Samba

man mount.cifs credentials= option

38 SMTP Server

39 Configure SSH

semanage port, man sshd_config, ssh-agent, ssh-add, ssh tunnel.

40 Time synchronisation

Chronyd daemon, chronyc command. ntp port 123. start, enable, firewall-cmd --add-service 


List commands
getsebool -a                      List all selinux booleans
seinfo                            SELinux policy query tool
         --all
         -r                       List all roles
         -t                       List all types (*-t)
         -u                       List all users
semanage boolean --list           List SELinux booleans with comments
semanage fcontext -l              List all current rules
Retrieved from "https://wiki.roggeman.nl/index.php?title=User:Tom/RHCE_EX300-2&oldid=5197"