- Create a logical volume: lvcreate -L 500M -n crypto cryptovg
- Fill the logical volume with random data: dd if=/dev/urandom of=/dev/cryptovg/crypto
- Initialize the logical volume: cryptsetup --verbose --verify-passphrase luksFormat /dev/cryptovg/crypto
- Open the newly encrypted device: cryptsetup luksOpen /dev/cryptovg/crypto cryptosec
- Check that it’s there: ls -l /dev/mapper | grep cryptosec
- Create a filesystem: mkfs.ext4 /dev/mapper/cryptosec
- Mount it: mount /dev/mapper/cryptosec /media/cryptosec
- Check that it’s visible: df -h | grep cryptosec
- Add the following to /etc/crypttab: cryptosec /dev/cryptovg/crypto none
- Edit your /etc/fstab, removing the old entry for /dev/cryptovg/crypto and adding /dev/mapper/cryptosec /media/cryptosec ext4 defaults 1 2
- Restore default SELinux security contexts: /sbin/restorecon -v -R /media/cryptosec
- Reboot: shutdown -r now
- The entry in /etc/crypttab makes your computer ask your luks passphrase on boot. Enter your password when asked. Login as root and restore your backup.
How to create a LUKS LVM Partition
How to remove all non-alphanumeric characters from a string of characters
echo "1a2@b3$c" | tr -dc '[:alnum:]'
How to send an email from the command line (with attachments)
All on one line:
echo "Message body goes here" | mutt -s "The Subject Line"
-a /path/to/file.tar.gz recipient@mail.server.com
How to create an SSH tunnel for vncviewer
What I'm doing is using a vncviewer to connect to a vncserver, via an intermediary host (such as a firewall), using a SSH Tunnel between HostA and HostC, to encrypt communications.
I have the same unprivileged userid on all three hosts. Also, I used ssh keys for authentication, just to speed things up. Otherwise, you can specify username@host and enter the password when asked.
$ ssh -N -T -X -f HostB.example.com -L 5905:HostC.example.com:5905 --sleep +30m
$ vncviewer localhost:5905 &
Change the “+30m” to however long you want the ssh tunnel to stay open. You can also use “+8h” or “+1d”.
+----------+ +----------------+ +-------------+
| Host A | | | | Host C |
| |---->| Host B |---->| destination |
| vncviewer| | "intermediary" | | vncserver |
+----------+ +----------------+ +-------------+
SED Links
SED - An introduction and tutorial: http://www.grymoire.com/Unix/Sed.html
The SED FAQ: http://sed.sourceforge.net/sedfaq.html
Useful one-line scripts for SED: http://sed.courceforge.net/sed1line.txt
The SED FAQ: http://sed.sourceforge.net/sedfaq.html
Useful one-line scripts for SED: http://sed.courceforge.net/sed1line.txt
RHEL6: vsftpd anonymous access with selinux
First install the vsftpd package:
yum install vsftpd
and edit /etc/vsftpd/vsftpd.conf
How to disable/enable IPv6 support in RHEL 6
Disabling IPv6 support in Red Hat Enterprise Linux 6
Create a file /etc/modprobe.d/ipv6.conf with the following contents:
options ipv6 disable=1
For completeness, it is a good idea to configure the ip6tables service not to start at boot by issuing the following command:
options ipv6 disable=1
For completeness, it is a good idea to configure the ip6tables service not to start at boot by issuing the following command:
RHEL6/CentOS Caching Name Server
Install the bind-chroot package (which will call the bind package as a dependency):
# yum install bind-chroot
Then make SELinux happy. Set named_write_master_zones to 1:
How to setup a simple OpenLDAP server for your home lab
Some certification tests may require you to know how to setup an LDAP client. Rather hard to do in your home lab if you don't have an LDAP Server! Here's some basic instructions on how to setup something that will work.
Subscribe to:
Posts (Atom)