Thursday, February 2, 2012

Sample BIND config

/etc/named.conf

 options {
    listen-on port 53 { 127.0.0.1; 192.168.122.140; };
    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; };
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "penoycentral.net" {
    type master;
    file "penoycentral.net.zone";
    };

zone "122.168.192.in-addr.arpa" IN {
    type master;
    file "192.168.122.zone";
};

include "/etc/named.rfc1912.zones";


/var/named/penoycentral.net.zone

 $TTL 1D
penoycentral.net. IN SOA centos01.penoycentral.net. root.penoycentral.net (
04 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@    IN NS centos01
centos01 IN A 192.168.122.140
centos02 IN A 192.168.122.8
rhel01 IN A 192.168.122.122
rhel02 IN A 192.168.122.120

/var/named/192.168.122.zone
 $TTL 1D
@ IN SOA centos01.penoycentral.net. root.penoycentral.net (
2012020202 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
    IN NS    centos01.penoycentral.net.
140    IN PTR    centos01.penoycentral.net.
8    IN PTR    centos02.penoycentral.net.
 To check zone config
named-checkzone penoycentral.net penoycentral.net.zone
named-checkzone penoycentral.net 192.168.122.zone
named-checkconf /etc/named.conf

Friday, August 26, 2011

Finally passed RHCE

It has been a long day for me.. RHCSA exam in the morning and RHCE exam in the afternoon. Finally after months of self study and 4 days on the rapid track course, i nailed both exam.
Pretty much to say that i'm so proud  on the cert. This is not the type of exam that you will just choose among the multiple choice or configure in a simulated environment. It will test your knowledge on how well you understood Redhat.
On future takers, i advised you to know the exam objectives inside and out. SELinux looks like intimidating at first, but as soon as you understand how it works,it will be a piece of cake for you :)

Materials/books used


RHCSA/RHCE Red Hat Linux Certification Study Guide (Exams EX200 & EX300), 6th Edition (Certification Press)  -- Michael Jang
Highly recommend!!! Comes with a CD with pdfs and labs exams at the end of every chapter. My fav source of info for the exam.

Hands-on Guide to the Red Hat® Exams: RHCSA™ and RHCE® Cert Guide and Lab Manual (Certification Guide) -- Damian Tommasino
Lots of errors, but hey, as soon as you pointed the errors in the book, it just shows that you know your stuffs. Used to counter check configs and setup.

RH300 RHCE Rapid Track course
Final review for the exam. It cost much but highly recommended also. It guides me and helps to fill in the gaps on what i have learned already on my home lab. Before taking the course, i advised that you first do your home work. Learn the exam objectives, build your own home lab, simulate the configs as advised on Michael and Damian's book. In this way when you attend the course, you can ask all the questions that you have on your instructor. This is fast-paced course so make full use of it.

texastwister/OpenRHCE - GitHub - This is a beast study guide. I used this as a last minute review before taking the exam. Reading the whole week while in the train :) Highly recommended also

As  always, we signed the Non-disclosure Agreement so i will not divulge anything specific about the exam. I might update this blog,but will not be on the RHCE exam specific anymore.
Study!!! study!!!! study!!!!! lab!!!! lab!!!! lab!!!! simulate!!!! simulate!!!! and always follow the KISS principle..

Wednesday, August 17, 2011


###NTP####


/etc/ntp.conf
server


to sync time to the internet time server
service ntpd stop
ntpdate 0.fedora.pool.ntp.org
service ntpd start

to check ntp
ntpq -p


set iptables
iptables -I INPUT -m udp -p udp --dport 123 -j ACCEPT
iptables -I INPUT -m tcp -p tcp --dport 123 -j ACCEPT

Saturday, August 13, 2011

Setting up LDAP Server for Authencation

Although LDAP server is not part of the exam, we need to learn how to setup our server as a client. You can check out Laurent Domb OSS Blog if you want to configure LDAP authentication server in your labs.

Lab Postfix Sample config

dovecot.conf
[root@rhel01 dovecot]# grep -v ^# /etc/dovecot/dovecot.conf
!include conf.d/*.conf
protocols = imap pop3
listen = 192.168.122.122
dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}

/etc/postfix/main.cf
[root@rhel01 postfix]# grep -v ^# main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = rhel01.penoycentral.net
mydomain = penoycentral.net
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost, mail.penoycentral.net
unknown_local_recipient_reject_code = 550
mynetworks = 192.168.1.0/24, 192.168.122.0/24, 127.0.0.1/8
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES



DNS penoycentral.net zone config for the mailserver to work properly
[root@wk named]# cat /var/named/penoycentral.net.zone
$TTL 1D
@ IN SOA penoycentral.net. root.penoycentral.net (
2011091302 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS wk.penoycentral.net.
wk IN A 192.168.1.70
@ IN MX 10 mail.penoycentral.net.
rhel01 IN A 192.168.122.122
rhel02 IN A 192.168.122.120
mail IN CNAME rhel01

To check if MX records setup properly in the domain
[root@rhel02 /]# nslookup
> set type=mx
> penoycentral.net
Server: 192.168.1.70
Address: 192.168.1.70#53

penoycentral.net mail exchanger = 10 mail.penoycentral.net.


#### postfix usefull commands #####

delete mailq
#postsuper -d

Creating Simple RPM Part 2


Needed packages
1. rpm-build
2. rpmdevtools


Create RPM Howto
* run rpmdev-setuptree creates rpmbuild directories
1. create directory and the file inside the created dir

mkdir ~/Hello-1.0
touch ~/Hello-1.0/hello
chmod +x ~/Hello-1.0/hello

2. create the gzip-compressed tar and copy to the SOURCE dir

tar cvzf Hello-1.0.tar.gz ~/Hello-1.0
cp Hello-1.0.tar.gz ~/rpmbuild/SOURCES


3. create the spec file
rpmdev-newspec

4. copy the sample spec file to the package spec
cp newpackage.spec hello.spec

5. Edit hello.spec
Name: Hello
Version: 1.0
Release: 1%{?dist}
Summary: Hellow RPM

Group: Miscellaneous
License: GPL
URL: www.penoycentral.net
Source0: Hello-1.0.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

%description
A sample RPM for RHCE exam

%prep
%setup -q


%build


%install
rm -rf $RPM_BUILD_ROOT
install -d -m 0755 $RPM_BUILD_ROOT/opt/Hello-1.0
install -m 0755 hello $RPM_BUILD_ROOT/opt/Hello-1.0/hello

%clean
rm -rf $RPM_BUILD_ROOT


%files
%dir /opt/Hello-1.0
%defattr(-,root,root,-)
/opt/Hello-1.0/hello


6. Build the source rpm
rpmbuild -ba ~/rpmbuild/SPECS/hello.spec

7. RPM package can now be found in ~/rpmbuild/RPMS/x86_64/Hello-1.0.rpm

Thursday, July 28, 2011

System Messages

facility.level


###
facility
###
user - messages generated by user processes. Default facility
kern - kernel messages
daemon - system daemons
auth - authorization system(login,su,getty)
lpr - generates messages from the line printer spoooling systemlpr and lpc
news - reserved for the usenet network news system
uucp - uucp system does not currently used
audit - audit facility
local0-7 - reserved for local use
mark - timestamp messages
* - indicates all facilities except mark


###
level
###
emerg - panic conditions that would normally be broadcast to all users
alert - conditions need to be corrected immediately such as corrupted database
crit - warnings about critical conditions, such as disk errors
err - other errors
warning -warning messages
notice - not error conditions but need handling such failed login
info - informational messages
debug - normally used when debugging programs
none - does not send messages