The Network Time Protocol or NTP is essential for synchronizing system clocks across your environment. Having a reliable and accurate time service is not only important for many different applications but for logging and auditing as well. In RHEL 8, Chrony is used for implementing NTP. In Part 1, we will review setting this service up as a client and look at the basic functionality of the chronyc command to interact with the chrony daemon, chronyd.
Continue reading RHEL 8 and Chrony – Part 1
Sometimes, due to some new specific server requirements, you will find it necessary to increase your swap space. Even if your swap partition is setup as a Logical Volume, your requirements may exceed what is available. This is where creating a new swap file is the best option. In this example, we are going to add a new 12GB swap file.
Verify the total amount of used and free physical and swap memory with the free command and the -h human-readable flag
# free -ht
total used free shared buff/cache available
Mem: 755G 321G 3.0G 62G 430G 670G
Swap: 4G 1G 3G
Total: 771G 322G 6G
Display the swap usage summary by device using swapon. Same as cat /proc/swaps
Continue reading Add a Swap File to RHEL/CentOS
As PowerShell becomes the go-to utility for administrators, it is important to maintain an audit record of previously executed commands. Preserving these logs is also key when it comes to security. As an ever increasing number of network compromises are employed to use native programs to support an exploit in what is referred to as “Living off the Land” (PowerShell falls into this group), it is necessary to cache historical logs which will be indispensable during an investigation. This post will discuss the important steps to enable PowerShell logging across all your systems using Group Policy.
CFEngine is an open source tool for system configuration management and is used in large scale environments with hundreds of servers. This has continued to be an important part of system administration. With the advent of virtualization, the number of servers now have the ability to scale well beyond the physical limitations of the data center and the concept of manually administering more than 100+ servers quickly becomes unfeasible for a single admin. The list of capabilities for CFEngine is nearly limitless but some of the main tasks include basic operating system configuration and maintenance, management of system users, customizable control of security and software/patching installation.
Due to the complexity of CFEngine, this will be a multi-posting topic. I have decided to go with CFEngine as opposed to Chef or Puppet due to its maturity and scalability. It was first written in 1993 and is very fast since it is written in C and does not rely on Ruby like the other two configuration management programs. There is also a large community user base from which to draw upon since the automation of tasks in the sysadmin work is generally not unique. Continue reading CFEngine Part 1
Sometimes you find yourself in a situation where you need to take an ISO image and utilize it like a CD or DVD. The popularity of virtual machines and the ability to manipulate larger files over high speed Internet increase the chances that you’ll have to work with an ISO image from time to time. Being able to mount an ISO image as though it were an inserted CD/DVD can make manipulating these kinds of files a bit easier– especially if your computer doesn’t have a CD/DVD ROM drive installed.
Let’s say you have a third party program you need to install, but the vendor only gives you an ISO file. Let’s say the name of the file is thirdparty.iso and you have downloaded that file to /export/home/myhome. Here’s an easy way to utilize this file under Solaris: Continue reading How to Mount and ISO Image in Solaris and Linux
Although most of my test servers are registered with RackSpace, I thought that it would be a good idea to review AWS for some of my less technical colleagues that are interested in gently stepping into the Cloud Server arena. AWS offers a free tier service for 12 months using the t1.micro instance for 750 hours. However, a credit card will be required to setup an account so they may easily charge you if you decide to upgrade to another service level. Although this straightforward 25 step process will help you get up running with a RHEL 6.4 server, you should read the AWS documentation and FAQs to understand how the system works and pricing levels.
1. Go to the Amazon website and click “Get Started for Free“,
In part one of this topic, we discussed how to manage a sub-delegation for reverse DNS records once your ISP provides this service for you. Here in part two, we’ll discuss how to provide the sub-delegation of a reverse DNS range to another user. So in this situation, think of yourself as the provider offering the service for a customer or end user.
After you have received the request from the customer, you will need to confirm that they have created the proper zone for the Continue reading How to Sub-Delegate Reverse DNS Records Part 2
Let’s say you have acquired a static IP range from your ISP. Now that you have that range, you decide you also want to control the PTR records for these addresses as well. But, PTR records typically belong to the ISP. However, you do not want to depend on the ISP for each change you’d like to make; you want more control. How can your gain more control over those PTR records?
The way to gain this control is through DNS Sub-Delegation. DNS Sub-Delegation is when your ISP forwards PTR requests to your name server so that you can have control over your record updates. In other words, the ISP delegates their authority over their PTR records to your DNS server.
If you understood the implications of that last sentence, you’ll realize that you will need your own local DNS service that controls your domain. After all, if you don’t control your own domain, how are you going to control the PTR records once they are delegated to you? In this post, we’ll assume that you will manage your PTR records with your own DNS server. Continue reading How to Sub-Delegate Reverse DNS Records Part 1
Many network devices such as Cisco routers and switches use tftp in order to download their IOS config updates. tftp can also be used for network based installs or for booting up diskless systems. Knowing how to setup a tftp server comes in quite handy when circumstances like these arise.
Let’s say we’re dealing with a private network– 192.168.100.0/24. We’ll designate our tftp server and tftp test client as 192.168.100.5 and 192.168.100.105 respectively. You will need superuser privileges on both your server and client in order to successfully perform all of these commands.
Log on to 192.168.100.5 and download the necessary programs; make sure they survive reboots:
# yum install tftp-server xinetd
# chkconfig tftp on Continue reading How to Setup a TFTP Server Under CentOS/RHEL 6 ipfilter. Now, with Solaris 10 it has become the default, built-in with the OS. I wanted to do a short post about adding configuration settings for ipv6 and plan to cover ipv4 in detail in a later post.ipfilter must run it’s ipv6 rules under a separate file. In Solaris 10, the default location for the filter rules is in /etc/ipf and the firewall rules are located in the files ipf.conf and ipf6.conf for ipv4 and ipv6 respectfully. Here is a sample of the current file on one of my servers,
#
# ipf6.conf
#
# IPv6 Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax. Continue reading ipfilter and ipv6 
The Network Logician 