1) přilášení root přes konzoli
2) přihlášení root přes ssh
3) použití příkazu su na root
4) použití příkazu sudo na root
relace, které pro session využijí include systém-auth nepotřebují specifickou řádku v definici pam stacku. při default by byl posup následující:
[root@myczsl0bl0clcs1 pam.d]# grep system-auth * | grep session
atd:session include system-auth
chfn:session include system-auth
chsh:session include system-auth
crond:session include system-auth
ekshell:session include system-auth
gssftp:session include system-auth
kshell:session include system-auth
login:session include system-auth
ppp:session include system-auth
remote:session include system-auth
run_init:session include system-auth
sshd:session include system-auth
su:session include system-auth
doplnění řádku:
[root@myczsl0bl0clcs1 pam.d]# cat /etc/pam.d/system-auth | grep session | grep tty
session required pam_tty_audit.so disable=* enable=root open_only
login, sshd a su použijí pam_tty_audit, volají totiž include system-auth, ale sudo system-auth nevolá, proto by mělo být použití modulu pam_tty_audit doplněno separátně
[root@myczsl0bl0clcs1 pam.d]# cat /etc/pam.d/sudo | grep session | grep tty_audit
session required pam_tty_audit.so disable=* enable=root open_only
[ add comment ] ( 4 views ) | [ 0 trackbacks ] | permalink
yum install e4fsprogs
[ add comment ] ( 5 views ) | [ 0 trackbacks ] | permalink
http://www.redhat.com/security/updates/errata/
[ add comment ] ( 6 views ) | [ 0 trackbacks ] | permalink
Install RPM Forge repo
http://wiki.centos.org/AdditionalResour ... 92d1398e01
http://nagioswiki.com/wiki/index.php/In ... RE_via_RPM
nrpe RPM: http://packages.sw.be/nagios-nrpe/
plugins RPM: http://packages.sw.be/nagios-plugins/
[ add comment ] ( 5 views ) | [ 0 trackbacks ] | permalink
the default network-bridge will be commented out and replaced by our script
[root@xen xen]# cd /etc/xen
[root@xen xen]# vi xend-config.sxp
# It is possible to use the network-bridge script in more complicated
# scenarios, such as having two outgoing interfaces, with two bridges, and
# two fake interfaces per guest domain. To do things like this, write
# yourself a wrapper script, and call network-bridge from it, as appropriate.
#
#(network-script network-bridge) <- commented out
(network-script network-wrapper) <- added
the interfaces bridged for xen will be:
[root@xen xen]# cd scripts/
[root@xen scripts]# cat network-wrapper
#!/bin/bash
dir=$(dirname "$0")
"$dir/network-bridge" "$@" vifnum=1
"$dir/network-bridge" "$@" vifnum=2
"$dir/network-bridge" "$@" vifnum=3
"$dir/network-bridge" "$@" vifnum=4
"$dir/network-bridge" "$@" vifnum=5
"$dir/network-bridge" "$@" vifnum=6
"$dir/network-bridge" "$@" vifnum=7
"$dir/network-bridge" "$@" vifnum=8
"$dir/network-bridge" "$@" vifnum=9
[ add comment ] ( 5 views ) | [ 0 trackbacks ] | permalink
[root@fw zoneinfo]# rm /etc/localtime
rm: remove symbolic link `/etc/localtime'? y
[root@fw zoneinfo]# ln -s /usr/share/zoneinfo/Europe/Prague /etc/localtime
[ add comment ] ( 5 views ) | [ 0 trackbacks ] | permalink
# cat /etc/modprobe.conf | grep bond
alias bond0 bonding
options bond0 miimon=100 mode=active-backup
# cat /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
BOOTPROTO=none
IPADDR=
NETMASK=
BROADCAST=
NETWORK=
TYPE=Ethernet
USERCTL=no
PEERDNS=no
ONBOOT=yes
cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
USERCTL=no
ONBOOT=yes
# cat /etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE=eth2
HWADDR=
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
USERCTL=no
ONBOOT=yes
[ add comment ] ( 8 views ) | [ 0 trackbacks ] | permalink
- The command line management and monitoring tools, dsconf(1M) and dpconf(1M), require only LDAP access to the servers that you manage.
- DSCC is a web application. DSCC runs inside the framework known as Sun Java Web Console. You typically install DSCC on only one system in your deployment. You then manage all your servers from that installation of DSCC.
- DSCC requires LDAP access to the servers for online management operations. DSCC also requires Java Management Extension (JMX) access to agents installed alongside the servers. The agents perform server process management operations on behalf of DSCC, operations that cannot be performed through LDAP on a running server. DSCC contacts the agents over the network using a specific port number.
- The agents run inside a common agent container on the server system. This common agent container provides its agents with a single external port for management applications. The common agent container also consolidates resources to save resources on systems where multiple local agents share the container. For troubleshooting purposes, a common agent container can be managed independently using the cacaoadm command.
- When you install DSCC you also install Directory Server software. DSCC uses its own private instance of Directory Server to store configuration information.
- When you install DSCC on the administration host, you must be root. However, you can then use DSCC installed on the administration host to manage server hosts installed as non-root.
Directory Service Control Center not initialized: App server was runnig as a non-root user and directory server was runnig as a different non-root user. It worked when both these non-root users are set to identical. Sun Java System Directory Server Discussion Thread.
[ add comment ] ( 3 views ) | [ 0 trackbacks ] | permalink
http://www.temnokomornik.com/
[ add comment ] ( 7 views ) | [ 0 trackbacks ] | permalink
* show all ACLs in dc=example,dc=com
[root@dhcppc2 ~]# ldapsearch -h localhost -p 3200 -D "cn=Directory Manager" -w dsInstanceEXAMPLE -b "dc=example,dc=com" -s sub "(objectClass=*)" aci
* show all objectclassed available in schema
ldapsearch -h localhost -p 3200 -D "cn=Directory Manager" -w dsInstanceEXAMPLE -b "cn=schema" -s sub "(objectClass=*)" objectClasses
[ add comment ] ( 6 views ) | [ 0 trackbacks ] | permalink