Friday, 30 August 2013

Centos 6/RHEL install Copy Cloud Storage Client

Copy is a cloud storage solution which aims to rival Dropbox. It offers considerably more free storage at 15GB with an extra 5GB available if you install additional apps or give recommends, so much more free storage is available if needed.

It has a number of different clients to use on your Centos 6 box but the one we use here is the QT based GUI/Tray client called CopyAgent demonstrated on the Live CD, as my usual Centos Minimal Fluxbox system is currently in repose, hopefully I will get it back shortly. It is available in both 32 and 64 bit formats.

To use it on Centos 6 or RHEL create a free Copy account using your regular Email address. Once done you can download the Copy app for Linux from the link provided. You can install it on your standard setup or even on the Centos Live CD and it works fine on either. It has a command line client in addition to a GUI.

Once your account is created you will see the link for the Linux app in tgz format, so download it to your home folder, open up a terminal as root and cd to your /opt directory

$ sudo su

# cd /opt

# tar xzf /home/centoslive/copy_agent-1.35.0524.tgz

Now cd in to the /opt/copy/x86 (or x86_64) folder to run the setup installation file.

#  cd /copy/x86

#  ./CopyAgent


Copy setup screen Centos 6
























 Copy cloud storage installation Centos 6






















Copy cloud storage installation Centos 6

























Copy cloud storage PDF guide Centos 6



























This will create a folder on your computer called 'Copy.'
As long as the Copy application is running and you are logged in to your account, any file you place in the “Copy” folder will automatically upload to the cloud and be accessible via Copy.com and any other computer that you have running Copy.

The contents of your Copy cloud storage folder can be shared by simply right clicking on the file and selecting a share option, either Public or Private, the file will be available for download via the link address given to you. This a particularly welcome and useful feature, enabling easy and controlled file sharing.

So if you need a little more storage than you have already, head over to Copy and grab your free 20GB. It can be run together in tandem with Dropbox on Centos so you can compare the two services if required.

Fluxbox users can  see Fluxbox key bindings for more.







Tuesday, 20 August 2013

Centos 6/RHEL create a custom share folder for a specific user Samba

Sharing a home directory with Samba has its advantages, but it is not perfect for every scenario.

You may want to create a shared folder that is used by one or more users to store documents, images, or to act as a repository for your media files or you might need to provide limited permissions, read-only access, or a global directory for a group of users. Here we look at creating a custom share folder that can be used to augment your networking environment.

It is assumed that Samba is already installed and that it is configured to run as a standalone server.

We will look at both individual access and group access to a customized share folder of your choice.

Individual Access

To begin, log in as root and create a new directory by typing the following

# mkdir/home/<foldername>

Assign the ownership of this folder to a particular user and group. Set the permissions using values to suit your own setup

# chown <username> /home/<foldername> && chgrp <groupname> /
home/<foldername> && chmod 0770 /home/<foldername>

When you have finished, open the Samba configuration file

# vi/etc/samba/smb.conf

Scroll down to the bottom of the file and add the following lines, remember to customize the comment, the foldername value, and replace username and groupname with the same values as used in the previous step.

[foldername]
comment = your foldername description
path = /home/foldername/
browseable = yes
guest ok = no
writable = yes
create mask =0666
directory mask =0770
valid users = username
force group = groupname
forceuser = username

You may want to customize the preceding values to suit your setup.

Any new directory created will be given the permissions of 0770, while any new file added will have the permissions set to 0666. The only valid users that can connect to this share folder are defined by the username value while all files and directories will have the group name of groupname applied to it.

When you have finished, save the configuration file before restarting the
Samba server like so service smb start && service nmb start.

Group Access

If you are intending to enable multiple user access, then you can enhance this to include more users by listing the relevant usernames, like so

valid users = username1, username2, username3

Alternatively, you can specify the @ parameter as below

valid users = @groupname

This states that anyone who is a member of groupname is a valid user for the share folder concerned. Your modified configuration statement could look similar to this

[folder_name]
comment = folder_name description
writable = yes
valid users = @groupname
path = /home/samba/folder_name
create mode = 0660
directory mode = 0770

If you wanted a particular share to be accessible by the users of multiple groups, then the code would look more like this

[folder_name]
comment = folder_name description
writable = yes
valid users = @groupname1, @groupname2, @groupname3
path = /home/samba/folder_name
create mode = 0660
directory mode = 0770

To use the group access feature, users must be members of the same group as Samba cannot overrule the existing rules set by CentOS.

Remember to restart the service as below

# service smb start && service nmb start


Saturday, 17 August 2013

Centos 6/RHEL hiding folders and files in Samba

If you are using Samba for file sharing on a network, you may want to hide files and folders for a variety of reasons, this can be easily achieved in a few steps.

This assumes that you have Samba installed and configured

First, log in as root and simply open your current Samba configuration file
 
# vi /etc/samba/smb.conf

In the [global] section of the Samba configuration file, add the following line in order to hide all dot (.) files

hide dot files = yes

Having done this, you should now include the veto files option. To do this, add the following lines, customising the values shown to suit your setup.

veto files = /.*/foldername/filename.txt/filename.???/
delete veto files = yes

When done, save the file before restarting the Samba server

# service smb start && service nmb start

Samba is customisable and enables you to determine the type of network service you wish to provide.

The addition of a few small lines will not only hide .dot files, they will ensure that a full range of other files and directories are removed from view as dictated by your needs.

Wednesday, 14 August 2013

Centos 6/RHEL set up a network recycle bin for Samba

A network does not have a recycle bin and the action of deleting a file from a shared folder on your network will result in the permanent loss of that data. So here we look at creating a holding area for files and folders and enable you to recover data that was accidentally deleted through a simple implementation of Samba's recycling process, CentOS will treat those files in the same way as though you were deleting a file on your desktop.

This assumes that you have Samba installed and set up.

First log in as root and create a folder called recycle-bin in the home directory

# mkdir /home/recycle-bin

Assign the correct permissions to this folder

# chmod 0775 /home/recycle-bin

Open your current samba configuration file by typing

# vi/etc/samba/smb.conf

Scroll down and before the end of the [global] section and the beginning of the
[homes] section, add the following lines

vfs object = recycle
recycle:repository = /home/recycle-bin/%U
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = Yes
recycle:maxsize = 0
recycle:exclude = *.tmp
recycle:exclude_dir = /tmp, /recycle-bin
recycle:noversions = *.tmp, *.temp

Finally, at the end of the configuration file add the following lines in order to make the recycle bin available to your network users

[recycle-bin]
path = /home/recycle-bin
public = yes
writable = yes
browsable = yes

Save and close the file before restarting Samba

Service smb restart && service nmb restart

Tuesday, 13 August 2013

Cento 6/RHEL add, delete or disable a Samba user

Configured as a standalone server, Samba's resources will be made available in either share mode or in user mode. This means that all passwords are associated with an existing system account, so start by creating a new CentOS user.

Log in as root and create a new system group by typing

# groupadd sambausers

Now create a new system user and add them to the new group

# useradd username -m -G sambausers

This will create a new user profile and establish an associated user ID, make the relevant home directory (-m), set the default shell to bash, and add them to a group called sambausers.

Now to create a Samba password for the new user

# smbpasswd -a username

The user name being the name set up earlier, at the prompt give the password you wish to use.

Samba does not manage usernames, but it enables you to create a password for a valid system user account. The Samba user is inextricably tied to this account so first we create a new CentOS group.

All system users should belong to a group and in this instance we create a group called sambausers.

We all know that servers can maintain any number of users, but by creating a relationship between them, you can provide a common rule that will enable the members of the same group to read, write, and execute specific files and directories.

In many respects, groups represent the principle component of an organization, and this not only makes the task of administration much easier, but it also enables you to develop a subset of user-based rights that is based on a group privilege.
Disable and Delete a Samba user


To disable a samba user, log in as root and type

# smbpasswd -d username

To delete a Samba user, log in as root and type

# smbpasswd -x username

By deleting the password you will not be removing the associated user profile (username) from the server or affecting the relevant home directory and its contents. 

So there is always an option of re-enabling the account at any time. However, if you would like to delete these items permanently, then you must use the following command

# userdel –r username

Use the –r flag to delete the user, the associated home directory and the mail spool.

Monday, 12 August 2013

Centos 6/RHEL install and configure Samba file sharing

A common way to share files across different computer systems is to install and configure Samba as a standalone file server.

Standalone servers are configured to provide local authentication and access control to all the resources they maintain.
 
They are independent of all domain controllers and where a standalone server is expected to function like a workgroup server, a simple configuration is all that is required in order that all data served will be readily accessible to the entire user base.

Samba is a very popular open source distribution and we look at how to deliver an instant approach to file sharing that provides seamless integration for any number of users on any type of modern computer across your entire working environment.

This assumes that you are using a Static IP address.

If you are running a firewall, you will need to confirm that the firewall has been disabled, removed, or the appropriate ports are open. Similarly, if you are running SELinux, then you should confirm that it has been disabled or it is now running in permissive mode.

First download and install the necessary packages
   
$ sudo yum install samba samba-client samba-commmon

Now rename the original configuration file

$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

Create a new configuration file in your preferred text editor

See Vi and Vim commands

$ sudo vi/etc/samba/smb.conf

Build your new configuration by adding the following lines, substituting the values shown with your own

[global]
unix charset = UTF-8
dos charset = CP932
workgroup = <WORKGROUP_NAME>
server string = <MY_SERVERS_NAME>
176
Chapter 6
netbios name = <MY_SERVERS_NAME>
dns proxy = no
wins support = no
interfaces = 127.0.0.0/8 XXX.XXX.XXX.XXX/24 ethX
bind interfaces only = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %d

MY_SERVERS_NAME refers to the name of your server. In most
situations this could be in the form of FILESERVER or SERVER1
and so on.
ethX refers to the name of your primary Ethernet interface. In
most situations this could be eth0 although here I am on wlan0.
XXX.XXX.XXX.XXX/XX refers to the primary network address.
This will be something similar to 192.168.1.100/24.

Now configure Samba as a standalone server. Continue to
add the following lines to your main configuration file

security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\
spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = no

We do not want to configure Samba as a domain
master or master browser so we add the following

domain master = no
local master = no
preferred master = no
os level = 8

Now add support for home directory sharing by enabling valid users to access their home directories. This feature will support the appropriate read/write permissions and all folders will remain private from other users. Add the following.

[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mask =0755
directory mask =0755

Save and close the file then enable Samba on boot.

$ sudo chkconfig smb on && chkconfig nmb on

Start the Samba server by typing as root

# service smb start && service nmb start

You can test the configuration changes by typing the following

$ testparm

Disable Printing

Samba provides support for printing by default and it will try to connect to a printer regardless as to whether a printer is connected to your server or not. So, unless you are intending to
install CUPS, you should consider disabling printer sharing in order to avoid any unnecessary error messages being recorded in the Samba logfiles.

Log in as root and open the main Samba configuration file

# vi/etc/samba/smb.conf

Scroll down to the end of the global section and comment oot the section on printer support

load printers = no
printing = bsd
printcap name = /dev/null
disablespoolss = yes
show add printer wizard = no

If using the default Samba configuration, comment out the following

;load printers = yes
;printing = cups
;printcap name = cups
182
Chapter 6
Then remove or comment out the [printers] section, like so:
;[printers]
;comment = All Printers
;path = /var/spool/samba
;browseable = no
;public = yes
;guest ok = no
;writable = no
;printable = yes
;printer admin = root

Save and close the file then restart the server

# service smb restart && service nmb restart

Relaxing the rules for SELinux

SELinux will prevent users from accessing their home directory. There is the option to disable SELinux, but if you do intend to keep this service running you will be required to relax the conditions that SELinux employs on your server.

So log in as root and check the mode by typing

# getenforce

If it is set to Enforcing, then reset it to Permissive by typing the following

# setenforce 0

Now type the following command to enable the home directories

# setsebool samba_enable_home_dirs on

In addition to this, if you are trying to enable Samba as a domain controller, use

# setsebool -P samba_domain_controller on

Remember, if SELinux is enabled and you do not execute the preceding commands, your users will continue to experience errors when trying to access the server.

Opening the firewall

If you are running IPTables, you will need to configure your firewall in order to allow access to your Samba server. To do this, log in as root and type the following commands to open ports

137, 138, 139, and 445

iptables -A INPUT -s XXX.XXX.XXX.0/24 -m state –state NEW -p udp --dport
137 -j ACCEPT
iptables -A INPUT -s XXX.XXX.XXX.0/24 -m state –state NEW -p udp --dport
138 -j ACCEPT
iptables -A INPUT -s XXX.XXX.XXX.0/24 -m state –state NEW -p tcp --dport
139 -j ACCEPT
iptables -A INPUT -s XXX.XXX.XXX.0/24 -m state –state NEW -p tcp --dport
445 -j ACCEPT

Now save your new rules by typing

# service iptables save

Restart IPTables

# service iptables restart

Assigning the master browser

In a mixed operating system environment it is not always advisable to make Samba the master browser, but it may be the case that this small addition may serve to improve the
overall performance of both CentOS and your network in general.

To do this, log in as root and open the main Samba configuration file in your favorite text editor as below.

# vi/etc/samba/smb.conf

Now scroll down to the global section and make the following changes

domain master = no
local master = yes
preferred master = yes
wins support = no
os level = 65

Save and close the file, then restart the server

# service smb restart && service nmb restart

If you have more than one Samba server running on your network, then only one server should be elected as the primary master browser and given the os level stated earlier.

Adding user to password

The password to access the Samba can be setup to use the same or different password than your local account. In the image below you will see the -a option, this will tell Samba to add the users account which in this case is centoslive to the smbpasswd.
 






Saturday, 10 August 2013

Centos 6/RHEL install and setup MariaDB enable remote connection

MariaDB is the robust, scalable, and reliable drop in replacement for MySQL with extra features including batched key access, block hash join, User-set memory limits, Null-rejecting conditions, In-to-exists, Semi-join, Materialisation and much more. It is used by a number of projects including Jelastic, MediaWiki, Moodle, Zend Framework, Drupal and others. Recently, the mighty federation backed Google are relinquishing their old MySQL kit for shiny new MariaDB relational relations.  It is available for Centos 6/RHEL (and others ) via the MariaDB repo.

So first go the MariaDB site and select a suitable version of the repo file for your setup.

Open up vi editor and copy/paste the details in to it.

Vi and Vim commands

$ sudo vi /etc/yum.repos.d/mariadb.repo

Run yum update, then install MariaDB

$ sudo yum -y update

$ sudo yum -y install MariaDB MariaDB-server

Start the server and set to start on boot.

$ sudo service mysql start

$ sudo chkconfig --levels 235 mysql on

Using the MySQL Secure installation

$ sudo /usr/bin/mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we\'ll need the current
password for the root user.  If you\'ve just installed MariaDB, and you haven\'t set the root password yet, the password will be blank, so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from \'localhost\'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named \'test\' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you\'ve completed all of the above steps, your MariaDB installation should now be secure.

Thanks for using MariaDB!

Connecting to MariaDB

 mysql -u root -p

or

 mysql -h localhost -u root -p

Enable remote connection

$ sudo vi /etc/sysconfig/iptables

Enter the following lines

-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

$ sudo service iptables restart

Friday, 9 August 2013

Centos 6/RHEL configure remote access to Postgresql with Host Based Authentication

PostgreSQL can be configured to allow remote access using a method called Host Based Authentication and here we look at client authentication in order to provide the access rights.


Centos 6 Restart Posgresql
First open the Host Based Authentication configuration file

vi /var/lib/pgsql/data/pg_hba.conf


And alter the values to appear similar to below

# TYPE DATABASE  USER      CIDR-ADDRESS    METHOD

# "local" is for Unix domain socket connections only
local     all     all                       trust
# IPv4 local connections:
host      all     all       127.0.0.1/32    trust
host      all     all     192.168.0.0/24    md5

# IPv6 local connections:
host      all     all      
::1/128         indent

Save and close the file.

The IPv4 entry above as an example gives the range of available addresses to use from the router, so typically the above entry would suit an IP address of 192.168.0.100

Each of the above records specifies a connection type, database name, a user name, a client IP address range, and the authentication method. An IP address range may not always be relevant but PostgreSQL will read this file in order and if record indicates that access is not allowed, then access will be denied.         

There are several different methods of authentication
  •  trust: allows the connection unconditionally and it enables anyone to connect with the database server without the need for a password.
  •  reject: allows the database server to reject a connection unconditionally. A feature that remains useful when filtering certain IP addresses or certain hosts from a group.  
  •  md5: implies that the client needs to supply an MD5-encrypted passwordfor authentication.
Now open the PostgreSQL configuration file

# vi /var/lib/pgsql/data/postgresql.conf

And adjust the following


listen_addresses = '*'
port = 5432


Remote connections will not be possible unless the server
is started with an appropriate value for listen_addresses, and here we adjusted the default value from a loopback address to allow the server to listen to all IP addresses (signified by the use of a star symbol or *) on the 5432 port.


Save and close the file , and restart the server.

$ sudo service postgresql restart

So with Host Based Authentication set up you will have the ability to access your PostgreSQL server both locally and remotely.

Wednesday, 7 August 2013

Centos 6/RHEL install and access Postgresql

PostgreSQL is an Open Source Object-Relational Database Management System and is available from the standard Centos repo.

It's architecture and large array of features make it an attractive solution for many companies who are concerned with data integrity.  

Postgres is an easy-to-install database system and uses a
template system which supports a large part of the SQL standard.
To install it in Centos 6, log in as root and type.

# yum install postgresql postgresql-server


Now enable the database server at boot by typing

# chkconfig postgresql on

Then initialize the database

# service postgresql initdb

Start the database by typing

# service postgresql start

Now assign your current CentOS user account as a database user

Connect to the database using the following command

$ sudo su ­ postgres


A new database will be created by cloning the standard system database so launch the psql command-line utility.

-bash-4.1$ psql template1

Now issue a command to create a database, so by substituting the relevant values with those associated with your system user account

CREATE USER <username> WITH PASSWORD '<password>'

Create your first database, replacing the <database-name> value with something more appropriate

CREATE DATABASE <database-name>

Now complete the user setup by assigning the correct privileges, substituting the relevant values with those used previously


GRANT ALL PRIVILEGES ON DATABASE <database-name> to <username>


When finished, quit by typing


 \q


-bash-4.1$ exit
exit 


Changing logging parameters

You can alter the logging parameters to customise the recorded values.

$ sudo vi /var/lib/pgsql/data/postgresql.conf

Scroll down and find the following line

log_line_prefix


Now uncomment and change this line to read


log_line_prefix = '%d %u %t'


This will use the database name, username, and timestamp format when writing the log files,

Save the file and restart the database server

$ sudo service postgresql restart


Connecting to Postgresql

Connecting to Postgresql is different to connecting to MySql,
to access to access the database, first issue the folowing

$ sudo so postgres

Now access the interactive screen by typing

psql template1

-bash-4.1$ psql template1

Password:

psql (8.4.13)


Type "help" for help.


template1=#


From here you can use SQL to complete any template related task, you can quit the terminal by typing

\q


This command will return you to the postgres user prompt, which you can close at any time by issuing the following command


exit


Accessing a specific database as a specific user

If you wish to access a specific database as a specific user you would begin by accessing the main terminal as postgresql user

$ sudo su ­ postgres

Having done this you would access the relevant database by using the appropriate user in the following way


psql -d <database-name> -U <username> ­W


Complete this process by submitting your password when requested 


The entire process may look similar to below


$ sudo su - postgres


-bash-4.1$ psql -d <database-name> -U <username> -W


Password for user <username>


psql (8.4.13)


Type "help" for help


<database-name>=>


Creating a copy of a database in PostgreSQL
  
You can use any existing database on the server as a template when creating a new database.

To do this, simply access the psql console as postgres user, and issue the following command.


CREATE DATABASE <new-database-name> WITH TEMPLATE <original-database-name> OWNER <username>;

The original database needs to be idle in order for this command to work properly.
 




See the PostgreSql site for more



Sunday, 4 August 2013

Centos 6/RHEL install & run Mailx

E-mail capability for the root user is not activated by default and you may find it useful to ensure that this service is enabled and able to send messages.

You may be required to generate e-mail reports that should be issued to, or generated on the behalf of the root user, while those of you who enjoy the benefit of e-mail in order to issue notices will want a convenient solution that may not require a comprehensive mail server. E-mail capability is essential to every aspect of the administrator's role and this post looks at activating the root's e-mail and enabling all messages to be sent to a destination of your choice.

We install and set up mailx, a sending and recieving facility for mail on a Linux system.


First download mailx with yum

$ sudo yum -y install mailx

Open up the aliases file to add an address

$ sudo vi /etc/aliases

Scroll down to the person who gets roots email

# root:       marc

Uncomment the line and change the value to your choice

root     example@yourdomain.com

You can also send it to existing users as below

root:      username1, username2

Save and close the file, then run the following to implement changes.

newaliases

Now send a test Email to check it works properly.

# echo "Test Email" | mail -s "This is a test email." externalemail@domain.com

You can check if anything is in the mailbox with

$ mailq
Mail queue is empty






And not forgetting the manual pages


$ man mailx

Quick and easy set up of the Mailx program.



Friday, 2 August 2013

Centos6/RHEL install Gnome Desktop

While the Fluxbox. Thunar and Rxvt Desktop is fine for most users purposes, being pretty much the fastest performing of all the various Desktop environments, some users may prefer to use a different one for a variety of reasons, ie accessibility, and may want to use the Gnome Desktop, which is also a popular addition in Centos 6.

64-bit users should be aware that the desktop environment will result in your system using a mixture of 32-bit and 64-bit software. This may change over time, but at the time of writing this book, most desktop applications are still 32-bit.

To install the GNOME desktop environment, log in as root and type the following command to install the necessary packages and dependencies

# yum groupinstall "Desktop" "X Window System" "Fonts" "Desktop Platform"

This will install around 530 MB of packages, but for you to begin
using the desktop environment at boot, you will need to change the runlevel.

A runlevel is a preset operating state that determines which programs are executed at system start-up. In this case, we are intending to execute the desktop environment so to do this, open up innitab

# vi /etc/inittab

Now scroll down towards the bottom of this file and locate the following

id:3:initdefault

Change this line to read

id:5:initdefault

Save and close the file

You will need to add some software in order to enhance your enjoyment of the desktop environment, so issue the command

# yum groupinstall "General Purpose Desktop" "Graphical
Administration Tools"

Finally, you will need to reboot your computer in order to allow the changes to take
immediate effect

# reboot

Centos 6/RHEL disable SELinux

Security-Enhanced Linux  is  a robust security mechanism that is enabled by default. It improves, and as the name implies, enhances the security of the server but sometimes the need arises to disable it in order to install a new package such as cPanel, DirectAdmin, or Plesk, or to speed up the process of server management. This is not something you would normally do and in some circles it is frowned upon but occasionally you may feel it is the best solution.

The three enforcement levels for SELinux are

enforcing
permissive
disabled

Here we are going to set it to disabled in order to perform the required task.

To determine the current state of SELinux you can run

$ getenforce
Enforcing

So open up in the editor as follows

$ sudo vi /etc/sysconfig/selinux

Scroll down to find the line that reads

SELINUX=

Change the line to read

SELINUX=disabled

So the file should appear as below

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#
enforcing - SELinux security policy is enforced.
#
permissive - SELinux prints warnings instead of enforcing.
#
disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#
targeted - Targeted processes are protected,
#
mls - Multi Level Security protection.
SELINUXTYPE=targeted

That's it, now reboot the system

# reboot

SELinux is enabled during the boot process and has three running states

Enforcing - Enforces security and and access policies around files and processes

Permissive - This level allows operations that would otherwise be blocked, report messages are sent to /var/log/audit/audit.log indicating which operations would have to be blocked. In this state the mechanism that labels files and processes according to SELinux policies is still active.

Disabled - This level completely disables SELinux, permitting all operations and disabling logging and file labeling.







Thursday, 1 August 2013

Centos 6/RHEL Samba hide files and folders

Managing a network often implies the need to hide files and folders from users for a wide variety of reasons.

This assumes that Samba is already installed and it is configured
to run as a standalone server.

The typical method of hiding files is to use a dot (.) as the first character in the filename

However. in circumstances where a user has specified the option to see such files, then
our intentions can be circumvented. It is for this reason that we will also be using the
veto files option

First log in as root and open your current Samba configuration file
by typing

vi /etc/samba/smb.conf

Within the [global] section of the Samba configuration file, add the following line
in order to hide all dot (.) files

hide dot files = yes

Now include the veto files option. To do this, add
the following lines but remember to customize the values shown to suit your needs

veto files = /.*/foldername/filename.txt/filename.???/
delete veto files = yes

Save the file before restarting the Samba server

$ sudo service smb start && service nmb start

Centos 6/RHEL install and configure Samba as a standalone server

A common way to share files across different computer systems is to install and configure Samba as a standalone file server.

Standalone servers are configured to provide local authentication and access control to all the resources they maintain.

They are independent of all domain controllers and where a standalone server is expected to function like a workgroup server, they can use either a simple or complicated configuration in order that all data served will be readily accessible to the entire user base.

Samba on Centos 6
Samba remains a very popular open source distribution and here we look at how to deliver an instant approach to file sharing that provides seamless integration for any number of users on any type of modern computer across your entire working environment.

This assumes that you are using a Static IP address.
If you are running a firewall, you will need to confirm that the firewall has been disabled, removed, or the appropriate ports are open. Similarly, if you are running SELinux, then you should confirm that it has been disabled or it is now running in permissive mode.

First download and install the necessary packages
   
$ sudo yum install samba samba-client samba-commmon

Now rename the original configuration file

$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

Create a new configuration file in your preferred text editor

$ sudo vi/etc/samba/smb.conf

Build your new configuration by adding the following lines, substituting the values shown with your own.

[global]
unix charset = UTF-8
dos charset = CP932
workgroup = <WORKGROUP_NAME>
server string = <MY_SERVERS_NAME>
176
Chapter 6
netbios name = <MY_SERVERS_NAME>
dns proxy = no
wins support = no
interfaces = 127.0.0.0/8 XXX.XXX.XXX.XXX/24 ethX
bind interfaces only = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %d

MY_SERVERS_NAME refers to the name of your server. In most
situations this could be in the form of FILESERVER or SERVER1
and so on.
ethX refers to the name of your primary Ethernet interface. In
most situations this could be eth0.
XXX.XXX.XXX.XXX/XX refers to the primary network address.
This will be something similar to 192.168.1.100/24.

Now configure Samba as a standalone server. Continue to
add the following lines to your main configuration file

security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\
spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = no

We do not want to configure Samba as a domain
master or master browser so we add the following

domain master = no
local master = no
preferred master = no
os level = 8

Now add support for home directory sharing by enabling valid users to
access their home directories. This feature will support the appropriate read/write
permissions and all folders will remain private from other users. Add as below

[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mask =0755
directory mask =0755

Save and close the file then ensure
that the samba service will start during the boot process.

$ sudo chkconfig smb on && chkconfig nmb on

Start the Samba server by typing as root

# service smb start && service nmb start

See also Samba hide files and folders.