Pages

Showing posts with label file system. Show all posts
Showing posts with label file system. Show all posts

Wednesday, November 21, 2018

Fix RPM Database finding for UEFI file types

I ran into an issue the other day when was hardening a server. I couldn't change the file permissions on a few files to what the RPM database says is the default. This was in regard to the /boot/efi files or UEFI file types.

This is the check: rpm -Va

The security rule: RHEL-07-010010 "The Red Hat Enterprise Linux operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values." Basically the the check is to ensure the files have the default file permissions or less.
 
Also works for Red Hat 6
RHEL-06-000516, RHEL-06-000517, RHEL-06-000518, RHEL-06-000519

The Fix

Add the line below to /etc/fstab
UUID=####       /boot/efi     vfat umask=0177,shortnames=winnt  0 0

Unmount and mount /boot/efi
root@earth> umount /boot/efi
root@earth> mount /boot/efi


Some other reference materials.
Could not change permission for /boot/efi/EFI/redhat/grub.conf
Why do /boot/efi content always show up in rpm -Va output in UEFI enabled system?

How to lookup UUIDs
https://liquidat.wordpress.com/2007/10/15/short-tip-get-uuid-of-hard-disks/
https://liquidat.wordpress.com/2013/03/13/uuids-and-linux-everything-you-ever-need-to-know/
at No comments:
Labels: , , , ,

Thursday, September 15, 2016

Setting up NFS & automount on RHEL


I believe that any Linux or UNIX server should start a very minimal build. Meaning that a server should only have the programs or packages installed that are needed for the operation of the server. To make some of my servers a little more functional I decided to install NFS and automount. This is so users can automount home directories and  mount external shares.

Follow the steps below to install NFS and autofs, so you can mount the NFS shares and mount home directories. The example below is on a RHEL 6 server.


To be able to mount NFS share you will need the following packages.
autofs
nfs-utils
nfs-utils-lib

Dependencies:
Hesiod
keyutils
libgssglue
libtirpc
python-argparse
rpcbind

Install the packages
root@server> yum install autofs  nfs-utils  nfs-utils-lib

To enable NFS shares you must add them to the /etc/fstab file. Example below.
10.12.12.8:/share /export/share  nfs noauto,nosuid,nodev,noguid,noxattr,timeout,sloppy 0 0
10.12.12.6:/cifs  /export/cifs  nfs noauto,nosuid,nodev,noguid,noxattr,timeout,sloppy 0 0
repos:/linux_repos /export/repos   nfs auto,ro,nosuid,nodev,noguid,noxattr,timeout,sloppy 0 0

To setup the automount funtion you need to edit the auto.home and auto.master files.
 Add the hostname or IP address line to /etc/auto.home
*             10.10.10.2:/home/&

Add this line to /etc/auto.master
/export/home /etc/auto.home -nolock,nosuid,noguid,nodev,nobrowse,noxattr --timeout 10

Restart services
root@server> service autofs restart
root@server> service rpcbind start
root@server> service nfs start

Ensure that autofs starts at boot
root@server> chkconfig –list autofs

Make mount points
Make the mount pint for all the mount points listed in the /etc/fstab file..
root@server> mkdir /export/share
root@server> mkdir /export/cifs
root@server> mkdir /export/repos


Note- make sure any host names used are added to the /etc/hosts file.

After following the steps above evey should be working. test the configuration by loggingin or becoming a user with a non local home directory. Also try to mount the shares.
root@server> mount /export/share

Check to see if the mount was successful.
root@server> df -h | grep share
Filesystem            Size  Used Avail Use% Mounted on
10.12.12.8:/share  9.8G  1.9G  7.5G  20%   /export/share

Please let me know if you have any questions.


at No comments:
Labels: , , , ,

Monday, April 22, 2013

Mount an ISO in Solaris 10

Sometime I run into an issue were I need to install a program and the only installer I can find is on a CD or DVD. Unfortunately most servers don't have CD/DVD players. I can usually download the media, in the form of an ISO from the vender website. Then the issue is how do I get the application out of the ISO if you don't have a CD or DVD drive. Luckily for me, most UNIX based Operating Systems can mount a ISO. In much the same way you would mount an NFS (Network File System) or other external volumes, like a CD/DVD drive. As the title suggests this How-to will focus on doing this on a Solaris 10 server.

Mounting an ISO

# lofiadm -a /path/to/cd.iso
/dev/lofi/1
Now you can mount the ISO. # mount -o ro -F hsfs /dev/lofi/1 /mnt

Unmount and detach the images

# umount /mnt
# lofiadm -d /dev/lofi/1
Useful links
http://www.cyberciti.biz/faq/howto-mount-sun-solaris-cd-iso-image/
http://bradthemad.org/tech/notes/solaris_mount_iso.php
at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)