Use this command to find your active zone(s):
firewall-cmd --get-active-zones
It will say either public, dmz, or something else. You should only apply to the zones required.
In the case of dmz try:
firewall-cmd --zone=dmz --add-port=2888/tcp --permanent
Otherwise, substitute dmz for your zone, for example, if your zone is public:
firewall-cmd --zone=public --add-port=2888/tcp --permanent
Then remember to reload the firewall for changes to take effect.
firewall-cmd --reload
In recent CentOS version 6.3 is an unresolved bug, which causes the network card to freeze the server.
Following message appears in /var/log/messages
kernel
To work around the problem you will need to turn off Active-State Power Management (ASPM)
(Feature that saves power in the Peripheral Component Interconnect Express (PCI Express or PCIe) subsystem by setting a lower power state for PCIe links when the devices to which they connect are not in use)
For GRUB bootloader edit the following file: /boot/grub/grub.conf and append pcie_aspm=off to the end of kernel boot line.
For example:
kernel /vmlinuz-2.6.32-279.el6.x86_64 ro root=UUID=81e9e0a2-0a51-4d75-955d-909aaf848192 rd_NO_LUKS KEYBOARDTYPE=pc KEYTABLE=us LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_NO_DM rd_MD_UUID=c6855f45:016a63bb:2d79bfb2:07371ed8 rd_NO_LVM rd_MD_UUID=5d5a434e:6c20cfcd:51340c3f:29c29151 pcie_aspm=off
To verify the change, reboot the server and run the following command:
dmesg | grep PCIe PCIe ASPM is disabled
If your output is different, the change in grub.conf did not take an effect.
1) Install the following:
xorg-x11-xauth
xorg-x11-fonts-*
xorg-x11-utils
2) Enable the following in the sshd_config file
X11Forwarding yes
3) Use an appropriate X-Server on your desktop
nJoy 😉
About WordPress
WordPress is a free and open source website and blogging tool that uses php and MySQL. It was created in 2003 and has since then expanded to manage 22% of all the new websites created and has over 20,000 plugins to customize its functionality.
Gather a list of ips which fail logins and drop from firewall for the future
lastb | awk '{ FS == "[ \t]+" ; print $3; }' | egrep -o '([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}'| grep -v "192.168." | sort | uniq | xargs -n 1 -I {} iptables -A INPUT -s {} -j DROP
if you want to make it permanent simply
[root@DellR510-3 ~]# /sbin/service iptables save
That’s it.
nJoy 😉
Just a simple command:
rndc retransfer domain.com
nJoy 😉
This was a weird one. It took me ages to discover why SSH X11 died at some point after tuning a box.
It so happens that disabling IPv6 ( not used on my networks) is assumed in SSH at some point and if you disable it (which many people say is a way to avoid systems using IPv6 to other boxes and ignore IPv4 provisions like firewall settings, routes etc..)
So re-enable the IPv6 in /etc/sysctl.conf or /etc/sysconfig/network or other networking script locations, if you need this functionality.
If i find any other counter indication I’ll drop a note and link.
nJoy 😉
The ssh password-less login works in a  simple way. Though sometime people find it confusing.
The basics:
> Â Client side has a private key pointed to by
> Â Server side has the public key of the client.
On your client box create a public and private key set using (for putty) puttygen. (In linux all you need to use is ssh-keygen.
Please look at the page here : https://www.puttygen.com
On the server :
If not already there create a folder /<user_home>/.ssh  e.g. /root/.ssh and in that folder create a file named authorized_keys. This file will store all the public keys that a given user with matching private key, can use. Easy way echo “<paste here>” >  ~/.ssh/authorized_keys
mkdir ~/.ssh
echo “ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBz7Pml97wSzFMSr1W84rA0Mm8MY8I1jKdAmMcF4sw5GilormHJQRYI8siT1XPaLJFAO20ziZg9YrJFp+roKC34gpe1myFWUz944iucrLIQznZwPDJbMKxQXwzj1LUPmt7eXPzwM1ztvcG8HOoZlTt2B6hOAVWAHxlZNzPq/9y1Fw== rsa-key-20131124” > ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chmod 700 /~/.ssh
Once this is done you can add the private key to the client under ssh -> Auth -> private key.
Select back the session and save it as usual in Putty.
If you get the error “Server refused our key” it probably means you still have SElinux enabled.
To fix this:
restorecon -R -v /root/.ssh
Â
That should work.
nJoy 😉
When I needed ImageMagick on Centos the default installer came with a version some 400 verison back.
Installing the latest version was a bit wiry so here it goes:
wget “http://www.imagemagick.org/download/linux/CentOS/i386/ImageMagick-6.8.6-9.i386.rpm”
yum install bzip2-devel freetype-devel libjpeg-devel libpng-devel libtiff-devel giflib-devel zlib-devel ghostscript-devel djvulibre-devel libwmf-devel jasper-devel libtool-ltdl-devel libX11-devel libXext-devel libXt-devel lcms-devel libxml2-devel librsvg2-devel OpenEXR-devel
yum install fftw-3.2.1-3.1.el6
download libltdl3-1.4.3-9sls.i586.rpm
wget “ftp://ftp.pbone.net/mirror/ftp.rpmhelp.net/pub/releases/1.0-CURRENT/i586/RPMS/libltdl3-1.4.3-9sls.i586.rpm”
install it :
yum install libltdl3-1.4.3-9sls.i586.rpm
Â
yum install ImageMagick-6.8.6-9.i386.rpm
Â
Voila.
nJoy;
When not sure which route is applied on CentOS use:
ip -s route show cache 192.168.14.24
nJoy 😉