May 30, 2007
Configure openvpn easy way
Hi! In this tip I show you working config files for openvpn (Linux server and Linux client, it should works for other OS with minimal modification). However, it doesnt include keys and their generating ;-)
May 20, 2007
Minimal smb.conf for Linux
This tip is for setting up anonymous share using samba 3 under Linux with really minimal smb.conf. I assume you want to share directory /data read only. For sharing it read-write, make sure it has correct permissions (chmod 777 /data) and uncomment last line :-)
Edit in 2016: For Fedora 23, you need to change this config for
cat /etc/samba/smb.conf
Also you need to change selinux fcontext of shared directory:
Edit in 2020:
Also on client Windows 10 Enterprise and Education, you have to
cat /etc/samba/smb.conf [global] netbios name = darkstar server string = darkstar guest ok = yes security = share [data] path = /data # read only = no
Edit in 2016: For Fedora 23, you need to change this config for
cat /etc/samba/smb.conf
[global]
netbios name = darkstar
server string = darkstar
guest ok = yes
security = user
map to guest = bad user
[data]
path = /data
# read only = no
Also you need to change selinux fcontext of shared directory:
# semanage fcontext -a -t samba_share_t "/data(/.*)?" # restorecon -Rv /data ### this third line may be needed if /data is managed by local user # setsebool -P samba_enable_home_dirs 1
Edit in 2020:
# cat /etc/samba/smb.conf [global] server string = darkstar guest ok = yes security = user workgroup = workgroup guest account = nobody map to guest = bad user
Also on client Windows 10 Enterprise and Education, you have to
Go into Local Group Policy Editor (gpedit.msc) Navigate into Administrative Templates - Network - Lanman Workstation. Then the Setting : Enable insecure guest logons has to be set to "Enable".
On client Windows 10 Home and Pro its enabled by default.
May 12, 2007
Basic firewall for Linux workstation
This shell script is something like good starting point firewall for Linux workstation. Adjust it on your own. Execute it at start of system.
You need kernel 2.4 or 2.6 with netfilter and state matching enabled (default on all distros known to me). Allowed incoming ssh is for sysadmins a _must_. Also ping helps to diag problem. If you need more complex firewall, try to think about blocking also outgoing connection. Also for servers and routers this script is not sufficient.
You need kernel 2.4 or 2.6 with netfilter and state matching enabled (default on all distros known to me). Allowed incoming ssh is for sysadmins a _must_. Also ping helps to diag problem. If you need more complex firewall, try to think about blocking also outgoing connection. Also for servers and routers this script is not sufficient.
cat /etc/rc.d/rc.firewall
#!/bin/sh
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# enable incoming ssh and echo requests (ping)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
May 2, 2007
How to monitor server using command line
This tip full of commands is mainly for Linux admins, but you may find utility sar very useful also in Solaris environment. They will help you find a bottleneck of your system, so read on..
April 15, 2007
Install network LaserJet fast way
In this tip for Linux and Solaris admins, we are going to install network LaserJet printer into system. I assume printer has own ip address (for example 11.22.33.44). Be sure you have CUPS 1.1 installed. Now type:
lpadmin -p LaserJet -E -v socket://11.22.33.44 -m laserjet.ppd
That's all, you can modify your configuration at location http://localhost:631/admin
lpadmin -p LaserJet -E -v socket://11.22.33.44 -m laserjet.ppd
That's all, you can modify your configuration at location http://localhost:631/admin
April 11, 2007
Alternate break sequence for Solaris (8,9,10)
Have you been in situation, when you were connected to Sparc machine using terminal, which didn't allow you to send break sequence ? Well, this tip may help you. To bring the system to the OK prompt send the following key sequences:
To enable this feature, be sure to have this in file /etc/default/kbd
<cr> ~ ^b (enter tilde ctrl+b)
To enable this feature, be sure to have this in file /etc/default/kbd
KEYBOARD_ABORT=alternate
March 30, 2007
Burn .iso under Linux 2.6.18 fast way
This tip is very simple, I assume you have cdrecorder device /dev/hdc, so type as root this:
cdrecord -v dev=/dev/hdc speed=12 -dao driveropts=burnfree -eject -data /path/to/isofile.iso
cdrecord -v dev=/dev/hdc speed=12 -dao driveropts=burnfree -eject -data /path/to/isofile.iso
March 23, 2007
How to create MySQL snapshot
Because people always ask me how to backup their database, I decided to write this minimalistic howto. It will do correct snapshot even if you have MyISAM or InnoDB tables, version of MySQL doesn't matter (3.23, 4.0, 4.1, 5.0). Howto has only 4 steps, so read on..
I assume your MySQL data dir is /var/lib/mysql and you have enough space in /tmp. Open two terminals, in the first one connect to MySQL and do these steps:
1. (optional) read third section of page
2. terminal one: FLUSH TABLES WITH READ LOCK; #do NOT exit mysql prompt
3. terminal two: tar -cvzf /tmp/mysql-snapshot.tar.gz /var/lib/mysql
4. terminal one: UNLOCK TABLES;
Now you have correct snapshot (/tmp/mysql-snapshot.tar.gz) of your MySQL DB.
I assume your MySQL data dir is /var/lib/mysql and you have enough space in /tmp. Open two terminals, in the first one connect to MySQL and do these steps:
1. (optional) read third section of page
2. terminal one: FLUSH TABLES WITH READ LOCK; #do NOT exit mysql prompt
3. terminal two: tar -cvzf /tmp/mysql-snapshot.tar.gz /var/lib/mysql
4. terminal one: UNLOCK TABLES;
Now you have correct snapshot (/tmp/mysql-snapshot.tar.gz) of your MySQL DB.
Subscribe to:
Posts (Atom)