Showing posts with the label RHEL

Password Policy in RHEL 7

In Red Hat Enterprise Linux 7, the pam_pwquality PAM module replaced pam_cracklib, which was used in Red Hat Enterprise Linux 6 as a default module for password quality checking. It uses the same back end as pam_cracklib.
The code was originally based on pam_cracklib module, and the module is backwards compatible with its options.

The pam_pwquality module can be customized and configured in the file /etc/security/pwquality.conf. The possible options in the file are: difok Number of characters in the new password that must not be present in the old password. (default 5)

minlen Minimum acceptable size for the new password (plus one if credits are not disabled which is the default). (See pam_pwquality(8).) Cannot be set to lower value than 6. (default 9)

dcredit The maximum credit for having digits in the new password. If less than 0 it is the minimum number of digits in the new password. (default 1)

ucredit T…

localtimeUpon a successful login into the VM system, changing the Timezone to which the system’s time is configured can be accomplished by changing the /etc/localtimelink. NOTE
Since the implementation of systemd in RHEL7, changing the system’s default
timezone manually is not persistent; as the /etc/localtime link gets recreated
by systemd after a reboot, the user must use timedatectl to make the desired
change persistentTo change the default timezone to the timezone of Chicago, for example, execute the following as the root user:# cd /etc/ # ls -alh localtime /etc/localtime -> ../usr/share/zoneinfo/America/NewYork # unlink /etc/localtime # ln -s /usr/share/zoneinfo/America/Chicago /etc/localtime /etc/localtime -> ../usr/share/zoneinfo/America/Chicago In the above example, we have changed the timezone from the previous value, pointing to the timezone to which “NewYork” belongs, to the timezone of Chicago.The systemd Method for Changing the Default TimezoneSynops…

Recover Fedora21 after Removing swap LVM Partition

"God" help you if you make the mistake, as I did today on a newly-installed Fedora21 system, to delete an LVM swap partition without taking the proper precautions before rebooting. If you are in this position, or have been in the past, you've come face to face with the dracut rescue shell and its limited set of "shell" commands. While the rescue shell offers some potentially useful functions (commands), I could not successfully use it to implement any of the advised steps from manual pages and internet forums I came across when searching for a solution to this problem.
The Fedora Wiki page on "How to debug Dracut problems" suggested activating the root and any other logical volumes by executing  # lvm vgscan # lvm vgchange -ay "With the root volume available, you may continue booting the system by exiting the dracut shell" exit Though, in fairness, that resolution was dealing with unlocking an encrypted root volume with an additional …

How to Reset Root Password in RHEL7

Without a doubt, one of the most powerful and essential tools a system's administrator has is the ability to gain root privileges. While it's generally a bad idea, to say the least, to perpetually operate as the root user on any given system, being able to log in as the root user on the command console is essential at times. Therefore, it's frustrating to be in the position as a system administrator if you've forgotten or otherwise lost the password and are, subsequently, unable to gain escalated privileges on a system.
Since the shift to grub2, as well as other changes with the init system, the method of gaining access to a system for such low-level purposes has changed.
Reboot the system, wait for the grub menu, press the letter 'E' on the keyboard to edit the menuentry. Then, scroll down to the bottom of the screen to the line starting with linux and append the space-separated kernel commands rw and init=/bin/bash
before hitting the F10 key to boot the …

Backups in RHEL7 on XFS Filesystem

The default storage setup in a new Red Hat Enterprise Linux 7 installation is an LVM partitioning scheme with an XFS boot partition outside of the LVM scheme, and the root and home partitions comprising the main volume group on an XFS filesystem. This is a departure from the previous default filesystem type ext4.

Some important behavioral and administrative differences between the ext4 filesystem and the xfs filesystem are addressed in the RedHat Documentation, chapter 6 in the “Storage Administration Guide” specifically. The key items addressed pertain to Filesystem repair, Metadata error behavior, Quotas, Filesystem resize and Inode numbers among other things.
One nice feature of the XFS filesystem is the native backup and restoration feature with the xfsdump and xfsrestore utilities, respectively. The xfsdump utility supports incremental backups to tape drives or regular file images. The incremental backups are possible due to the use of different dump levels. To perform a fu…

Set Focus to Follow Mouse Cursor in GNOME 3

Install dconf-editor in RHEL or Fedora, then go to org -> gnome -> desktop -> wm -> preferences and make sure auto-raise check-box is checked on.
Also, change the focus-mode to sloppy or mouse.
The window focus mode indicates how windows are activated. It has three possible values; "click" means windows must be clicked in order to focus them, "sloppy" means windows are focused when the mouse enters the window, and "mouse" means windows are focused when the mouse enters the window and unfocused when the mouse leaves the window.
There's a nice, detailed write-up available on Auto Raise Delay:
The time delay before raising a window if auto-raise is set to true. The delay is given in thousandths of a second.

Focus Mode:
The window focus mode indicates how windows are activated. It has three possible values; “click” means windows must be clicked in order to focus them, “sloppy” means windows are focused when the mouse e…

wpa_supplicant and wifi in RHEL 7

If you have a desktop environment set up in Red Hat Enterprise Linux 7, chances are that you might have GNOME installed as it is the "default".  NetworkManager is pulled in as a dependency package of GNOME and it's integrated into gnome-shell in the top panel as a widget.  While NetworkManager is a great tool as it consolidates many different networking tools and facilitates the network configuration for many different use-cases, there might be instances where its broad reach becomes an obstacle rather than a benefit to system administrators.  One such instance is when dealing with network bridging.

Recently I was trying to set up a network bridge on my laptop, as it's equipped with a wifi adapter and an ethernet adapter, in order to dedicate the ethernet interface to a virtual machine in Red Hat 7--or at least to "share" it.  Bridged networking (also known as physical device sharing) is used to dedicate a physical device to a virtual machine. 
So, since w…

Install NVidia drivers in RHEL

NVidia drivers for GPUs (Video Cards) are proprietary software and, therefore, are like a thorn in the eye of the OpenSource/Linux community. Given the nature of said drivers, Linux distributions do not provide support for nVidia's drivers; however, the nouveau project is an open-source alternative to nVidia's proprietary drivers, though it's still very much in development and 3D support, while it's greatly improved in recent years, is lacking.

There are two ways to get the nVidia drivers installed onto a system running RedHat:
Download the binary package directly from nvidia and execute the installation procedure with sh NVIDIA-Linux-.runInstall the Community Enterprise Linux Repository elrepo and install the kmod-nvidia package
yum install kmod-nvidia

The second method is usually preferred as, similar to rpmfusion and Fedora,
they are preformated in rpm format they can be installed/updated/uninstalled with yum package managerare optimized to work with Enteprise Linux…

fail2ban configuration in Fedora/RHEL

The configuration files in Fedora20 for fail2ban are located in the /etc directory under /etc/fail2ban/
with further sub-directories for actions, filters and jails.drwxr-xr-x.2 root 4.0K May 162014 action.d drwxr-xr-x.2 root 4.0K Mar 192014 fail2ban.d drwxr-xr-x.2 root 4.0K May 162014 filter.d drwxr-xr-x.2 root 4.0K Mar 192014 jail.d -rw-r--r--.1 root 2.1K Mar 142014 fail2ban.conf -rw-r--r--.1 root 33 Dec 1000:16 fail2ban.local-rw-r--r--.1 root 14K Dec 1001:06 jail.conf -rw-r--r--.1 root 16K Dec 1000:54 jail.conf.rpmnew -rw-r--r--.1 root 805 Dec 1007:48 jail.local-rw-r--r--.1 root 1.5K Mar 142014 paths-common.conf -rw-r--r--.1 root 606 Mar 142014 paths-debian.conf -rw-r--r--.1 root 649 Mar 142014 paths-fedora.conf -rw-r--r--.1 root 1.2K Mar 142014 paths-freebsd.conf -rw-r--r--.1 root 290 Mar 142014 paths-osx.confNOTE: In order to preserve your edits and customizations you should create separate *.local files, as the normal *.conf files (may) get overwritten during an upgrade.…