In Linux it is possible to aggregate multiple network links together into a single logical link which can either increase network throughput or redundancy. For example we can assign an IP address to a group of two network interfaces to double our throughput, or reserve one interface for backup purposes so if the first one fails we can fail over.
Here we’re going to cover how to create and configure a network team with two different network interfaces.
In the past many system administrators have simply resorted to disabling IPv6 rather than properly configuring it, continuing to rely on the older IPv4 which has worked just fine for a very long time. As the IPv4 address space has since become exhausted, administrators are starting to slowly take up IPv6 out of necessity.
Here we’re going to cover how to configure IPv6 addressing in Linux and provide some basic tips and advice for troubleshooting IPv6 network issues.
There are many different services such as Kerberos that depend on the time of a Linux system being accurate in order to function correctly. It is therefore important to ensure that system time is synchronized with an external source so that it can be kept accurately up to date, this is done with the network time protocol (NTP).
Here we are going to cover how to configure chronyd or ntpd in Linux to connect to an NTP server and keep time in sync. Read more »
By default SELinux policy defines the ports that a particular service is allowed bind to and make use of with port labeling. This increases system security by preventing random services or malicious code from being able to bind to a well known defined port that may otherwise be used by a legitimate service.
In order to change a service to use a non standard port we must change SELinux policy and specify the SELinux port types that are allowed to use specific ports.
Most web pages don’t serve only simple static content, they typically process and display all sorts of different dynamically generated contents. This is usually done via scripting, whereby the web server will process and execute a script and the result will be displayed to the user.
While CGI (Common Gateway Interface) is fairly old it does allow the web server to execute various types of scripts. Scripts such as PHP, Perl or Python can be used for example, allowing us to combine the power of scripting into our web pages.
By default Apache will serve content out to anyone that requests it which essentially makes it public. We can add some additional simple configuration to create a private directory that can only be accessed based on source IP address, or with a username and password combination, or even based on user group membership.
This quick guide will show you how to perform very simple SQL queries against a MariaDB/MySQL database as per the RHCE exam objective and is not designed to be an in depth SQL tutorial.
Here we will cover using basic SQL queries such as show, create, select, insert, update, delete, describe, and drop which will allow us to define a basic database schema.
By default all network traffic will normally be configured to route via the default gateway, that is the router attached to the network interface. It may not always be the case that you want all traffic to take the same path, in these instances we can set additional static routes that will forward specific traffic out of a different interface rather than the default gateway. This may be required if you need to be able to reach a particular network that your default gateway router does not know about.
Here we’re going to cover how to configure a static route in Linux.
Read more »
With NFS we can export specific directories within a file system over the network to other clients allowing us to share various files over the network. It is important to configure this properly and secure it as much as possible so that only the required clients have access to the NFS share, otherwise it may be possible for anyone to mount it and access the data.
To do this we are going to use the /etc/exports file on the NFS server and lock down shares to only be accessible by specific IP addresses.
Read more »
Rather than having individual Linux systems in your network sending mail out directly to the Internet, we can instead configure them to forward mail to a central mail relay server. Such systems are known as null clients, and these do not accept local delivery of any messages, they only forward mail out to a relay server.
This has various benefits, such as centralizing mail logs onto one server and only requiring the firewall to allow outbound port 25 for SMTP on one server rather than allowing all servers to connect out to the Internet on port 25. This means that the mail relay server can sit inside your DMZ network to send mail out while access remains locked down to the rest of your internal network.
Here we are going to cover how to configure a null client by using Postfix to forward mail to a central relay server that exists in our local network. Read more »