Pages

May 30, 2007

Configure openvpn easy way

Hi! In this tip I show you working config files for openvpn (Linux server and Linux client, it should works for other OS with minimal modification). However, it doesnt include keys and their generating ;-)

May 20, 2007

Minimal smb.conf for Linux

This tip is for setting up anonymous share using samba 3 under Linux with really minimal smb.conf. I assume you want to share directory /data read only. For sharing it read-write, make sure it has correct permissions (chmod 777 /data) and uncomment last line :-)
cat /etc/samba/smb.conf
[global]
 netbios name = darkstar
 server string = darkstar
 guest ok = yes
 security = share
[data]
 path = /data
# read only = no

Edit in 2016: For Fedora 23, you need to change this config for

cat /etc/samba/smb.conf
[global]
 netbios name = darkstar
 server string = darkstar
 guest ok = yes
 security = user
 map to guest = bad user
[data]
 path = /data
# read only = no


Also you need to change selinux fcontext of shared directory:

# semanage fcontext -a -t samba_share_t  "/data(/.*)?"
# restorecon -Rv /data
### this third line may be needed if /data is managed by local user
# setsebool -P samba_enable_home_dirs 1

May 12, 2007

Basic firewall for Linux workstation

This shell script is something like good starting point firewall for Linux workstation. Adjust it on your own. Execute it at start of system.

You need kernel 2.4 or 2.6 with netfilter and state matching enabled (default on all distros known to me). Allowed incoming ssh is for sysadmins a _must_. Also ping helps to diag problem. If you need more complex firewall, try to think about blocking also outgoing connection. Also for servers and routers this script is not sufficient.
cat /etc/rc.d/rc.firewall
#!/bin/sh
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# enable incoming ssh and echo requests (ping)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT

May 2, 2007

How to monitor server using command line

This tip full of commands is mainly for Linux admins, but you may find utility sar very useful also in Solaris environment. They will help you find a bottleneck of your system, so read on..