Tag Archives: RHCE

How To Use Kerberos to Control Access to NFS Network Shares

Secure NFS with Kerberos

By default NFS is not very secure, there’s no real authentication and access is granted based on hostname or IP address, information is sent over the network in plain text, and it’s also fairly easy to fake your UID/GID.

By making use of Kerberos we can secure NFS as this provides authentication, encryption and integrity.

Read more »

How To Configure Linux To Authenticate Using Kerberos

Configure Linux for Kerberos authentication

Kerberos is an authentication protocol that can provide secure network login or SSO for various services over a non-secure network. Kerberos works with the concept of tickets which are encrypted and can help reduce the amount of times passwords need to be sent over the network.

These tickets are issued throughout the Kerberos realm by a centralised key distribution center (KDC). Here we will cover how to setup a KDC and obtain a Kerberos ticket from a client system in CentOS Linux.

Read more »

Produce And Deliver System Utilization Reports (processor, memory, disk, and network)

Produce and deliver system utilization reports - RHCE Linux

The sysstat package in Linux automatically logs various system resource information, including processor, memory, disk and network.

We can process these logs with the ‘sadf’ command in order to generate basic reports which outline system resource usage over a defined period of time.

Read more »

How To Provide SMB/CIFS Network Shares For Group Collaboration

Samba group collaboration

Samba is an open source implementation of the server message block (SMB) and common internet file system (CIFS) protocols, it allows us to access Windows file share resources from Linux.

With Samba we can export specific directories within a file system over the network to other Windows or Linux clients, allowing us to share various files over the network between different operating systems.

Here we’re going to cover setting up a samba file share that allows for group collaboration. Users within a particular group will be able to create content within a samba share that other users within the same group will be able to access and modify.

Read more »

How To Provide SMB/CIFS Network Shares To Specific Clients

Samba for specific clients

Samba is an open source implementation of the server message block (SMB) and common internet file system (CIFS) protocols, it allows us to access Windows file share resources from Linux.

With Samba we can export specific directories within a file system over the network to other Windows or Linux clients, allowing us to share various files over the network between different operating systems.

It is important to configure this properly and secure it as much as possible so that only the required clients and users have access to the SMB/CIFS share, otherwise it may be possible for anyone to mount and access the data.

To do this we are going to use the /etc/samba/smb.conf file on the SMB/CIFS server and lock down shares to only be accessible by specific IP addresses and user accounts.

Read more »

How To Use Firewalld Rich Rules And Zones For Filtering And NAT

Use Firewalld Rich Rules And Zones For Filtering And NAT

Here we cover the RHCE exam objective “Use firewalld and associated mechanisms such as rich rules, zones and custom rules, to implement packet filtering and configure network address translation (NAT)” in Red Hat Enterprise Linux (RHEL) 7.

Read more »

Configure Additional Options Described In Documentation For SSH In Linux

Configure Additional Options Described In Documentation For SSH In Linux

Here we are going to take a look at some of the options available to us when configuring OpenSSH server and discuss what they actually do, as per the RHCE objective.

Read more »

How To Configure An iSCSI Target And Initiator In Linux

How To Configure iSCSI Target And Initiator In Linux

With an iSCSI target we can provide access to disk storage on a server over the network to a client iSCSI initiator. The iSCSI initiator will then be able to use the storage from the iSCSI target server as if it were a local disk.

Here we cover how you can set up both an iSCSI target and an iSCSI initiator in Linux and connect them together.

Read more »

How To Provide NFS Shares For Group Collaboration

How To Provide NFS Network Shares For Group Collaboration and Sharing

Previously we have covered how to provide NFS shares to specific clients, here we are going to expand upon this and cover how an NFS share can be shared with members in a group for collaboration purposes.

This will be done primarily with the use of set group ID (Set GID), as using this results in all files and directories created within the group share being automatically set with the same group owner as the share itself.

Read more »

Use /proc/sys and sysctl to modify and set kernel runtime parameters

Use sysctl to modify kernel runtime parameters

The Linux kernel is optimized so that it can perform generic tasks and work well with an average workload without any modification out of the box, however you can optionally further optimize and tweak various kernel runtime parameters to increase the performance level, allowing you to squeeze out as much performance as possible.

Here we’re going to discuss the /proc/sys file system and how you can modify kernel runtime parameters to modify and tune Linux.

Read more »