jordi jclaret
jclaret
/ Restricting USB Device Access
Last active
February 17, 2020 23:13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| virsh list --all | |
| virsh start vm_machine | |
| virsh domifaddre vm_machine | |
| yum install usbguard udisks2 usbutils | |
| systemctl enable usbguard | |
| systemctl start usbguard | |
| usbguard list-rules | |
| usbguard list-devices | |
| usbguard list-devices --block | |
| usbguard list-devices --blocked |
jclaret
/ Protecting Data with LUKS and NBDE
Last active
February 16, 2020 00:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Kickstart | |
| autopart --type=lvm --encrypted --passphrase=PASSPHRASE | |
| part /home --fstype=ext4 --size=10000 --onpart=vda2 --encrypted --passphrase=PASSPHRASE | |
| part pv.01 --size=10000 --encrypted --passphrase=PASSPHRASE | |
| # After Installation | |
| cryptsetup luksFormat /dev/vdb1 | |
| cryptsetup luksDump /dev/vdb1 | |
| cryptsetup luksOpen /dev/vdb1 example | |
| cryptsetup luksClose example | |
| parted -l |
jclaret
/ Baseline Standard Operating Environment
Created
February 15, 2020 13:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SOE | |
| Recommended practice is to create a standard operating environment (SOE). | |
| The SOE is a standardized baseline installation that consists only of the software packages required for all your server installations | |
| * A minimal installation | |
| * Kickstart Installation | |
| * Configuring SSH Key-based Authentication | |
| * Customizing Your SSH Service Configuration | |
| ** Prohibiting the root User from Logging in Using SSH | |
| ** Prohibiting Password Authentication Using SSH | |
| * Using the su Command to Gain Privileges |
jclaret
/ Using YUM to Manage Security Errata
Last active
September 5, 2022 13:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| yum updateinfo | less -NFiX | |
| yum check-update --security | |
| yum updateinfo --security | |
| yum updateinfo list --security | less -NFiX | |
| yum updateinfo list updates | grep Critical | |
| yum list available kernel | |
| uname -r | |
| yum update --security | |
| reboot | |
| yum update-minimal --advisory RHSA-2018:1965 --security |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ git clone https://github.com/shudarshon/ansible_role.git | |
| $ cd ansible_role/roles/tomcat | |
| $ virtualenv --python=/usr/bin/python .venv | |
| $ source .venv/bin/activate | |
| $ pip install ansible | |
| $ pip install molecule | |
| $ pip install docker |
jclaret
/ Red Hat High Availability Clustering - Controlling Complex Resource Groups
Last active
March 5, 2019 18:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pcs constraint location firstweb prefers clu03.local.net=200 | |
| pcs resource defaults resource-stickiness=500 | |
| pcs constraint location firstweb prefers clu02.local.net=499 | |
| pcs constraint location firstweb avoids clu01.local.net=499 | |
| pcs cluster standby clu02.local.net | |
| pcs cluster unstandby clu02.local.net | |
| pcs constraint --full | |
| pcs constraint |
jclaret
/ Red Hat High Availability Clustering - Troubleshooting High-availability Clusters
Last active
March 5, 2019 15:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pcs status | |
| pcs resource failcount show firstwebserver | |
| pcs resource show --full | |
| pcs resource debug-start firstwebserver --full | |
| pcs resource show firstwebserver | |
| pcs resource update firstwebserver configfile=/etc/httpd/conf/httpd.conf | |
| pcs resource failcount show firstwebserver | |
| pcs resource failcount reset firstwebserver | |
| firewall-cmd --list-all |
jclaret
/ Red Hat High Availability Clustering - Creating and Configuring Resources
Last active
March 5, 2019 14:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pcs resource | |
| pcs resource --help | |
| pcs resource list | |
| pcs resource describe Filesystem | |
| pcs resource create myfs Filesystem device=/dev/vg_cluster/lv_cluster_data01 directory=/data fstype=xfs options=ro --group mygroup | |
| pcs resource show | |
| pcs resource show myfs | |
| pcs resource update myfs directory=/data | |
| pcs resource delete myfs |
jclaret
/ Red Hat High Availability Clustering - Managing Fencing
Last active
September 6, 2021 12:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pcs stonith list | |
| pcs stonith describe fence_rhevm | |
| ls /usr/sbin/fence* | |
| pcs stonith create name fencing_agent parameters | |
| pcs stonith create rhev-fence fence_rhevm ipaddr=engine.local.net ipport=443 ssl_insecure=1 ssl=1 inet4_only=1 login=admin@internal passwd=PASSWD pcmk_host_map="clu01:clu01.local.net;clu02:clu02.local.net;clu03:clu03.local.net" pcmk_host_check=static-list pcmk_host_list="clu01.local.net,clu02.local.net,clu03.local.net" power_wait=3 op monitor interval=90s | |
| pcs stonith update rhev-fence fence_rhevm api_path=/ovirt-engine/api disable_http_filter=1 ipaddr=engine.local.net ipport=443 ssl_insecure=1 ssl=1 inet4_only=1 login=admin@internal passwd=PASSWORD pcmk_host_map="clu01.local.net:clu01.local.net;clu02.local.net:clu02.local.net;clu03.local.net:clu03.local.net" pcmk_host_check=static-list pcmk_host_list="clu01.local.net,clu02.local.net,clu03.local.net" power_wait=3 op monitor interval=90s | |
| fence_rhevm -o status -a engine.local.net --username=admin@internal --password=PASSWORD --ipport=443 -n clu |
jclaret
/ Red Hat High Availability Clustering - Managing Cluster Nodes and Quorum
Last active
March 4, 2019 21:23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pcs cluster start | |
| pcs cluster stop clu01.local.net | |
| pcs cluster stop --all | |
| pcs cluster start --all | |
| pcs cluster enable | |
| pcs cluster disable clu01.local.net | |
| pcs cluster disable --all | |
| pcs cluster node remove clu03.local.net | |
| pcs stonith delete clu03.local.net |