Oracle Linux/Quick Reference

Revision as of 12:00, 16 November 2018

yum

update repo cache (agt-get update equivalent)

~$ yum check-update

update all packages

~$ yum update

install software

~$ yum install lynx

search for software

~$ yum search apache

remove software

~$ yum remove lynx

search for package by command

~$ yum whatprovides dig

search for installed packages

~$ yum list installed | grep nfs-utils

show available versions from repo with their details

~$ yum -v list nfs-utils --show-duplicates 

Add user & add to sudoers

add user

~$ useradd user

you can also add the user, define their home directory, and add them to a group in one line.

~$ useradd username -d <customer_home_dir_path> -G <group_names>

set password for user

~$ passwd user

add to sudoers

~$ visudo
...
user ALL=(ALL) ALL

or use the wheel group. Uncomment it:

## Allow people in the group wheel to run all commands
%wheel     ALL=(ALL)     ALL

Add user to the group

~$ sudo usermod -a -G [group] [user]
i.e. sudo usermod -a -G sudo Joe

check to verify they are part of the group
~$ getent group sudo
sudo:x:27:Bob,Joe

determine packages installed & search

~$ rpm -qa | less | grep term

configure date/time

~$ sudo date -s "2 OCT 2006 18:00:00"

netstat

determine gateway

~$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.45.9.1       0.0.0.0         UG        0 0          0 eth0
10.45.9.0       0.0.0.0         255.255.255.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0

disable selinux

Check Status

~$ $ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

temporarily disable

~$ setenforce 0
or
~$ setenforce Permissive

permanently disable

~$ /etc/selinux/config
 change SELinux=enforcing to SELinux=disabled

check linux version

~$ rpm -qf /etc/redhat-release

release and renew ip (dhcp)

release

~$ sudo dhclient -v -r eth0

renew

~$ sudo dhclient -v eth0

update hostname

Normally you only need to update the hostname in (1) place:

~$ sudo vim /etc/hostname
hostname.localhost

However, you may need to change it in these other places (or it may already be changed there)
Make sure your hostname is defined in /etc/sysconfig/network

HOSTNAME=server.fqdn.com

Also for the network config, put your FQDN in the hosts file @ /etc/hosts

127.0.0.1   server.fqdn.com
::1   server.fqdn.com
OR
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
ip.address	fqdn.hostname

check and change DNS servers

~$ sudo vi /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4

Install epel repo

~$ yum install epel-release

Add & configure LDAP authentication for SSH

references

https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-sssd-ldap.html
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=66854729 https://www.jethrocarr.com/2010/11/17/automatically-creating-home-directories-at-login-time/

Install SSSD

~$ sudo yum install sssd sssd-client

Configure SSSD

You can opt to manually edit the configuration file, like is seen in this link.
Or you can use authconfig to configure it for you, like so:

authconfig --enablesssd --enablesssdauth --enablelocauthorize --enableldap --enableldapauth --ldapserver=<ldap_host> --enableldaptls --ldapbasedn=dc=my-company,dc=my-org --enableshadow --enablerfc2307bis --enablemkhomedir --enablecachecreds --update

You may need to start or restart the service

~$ sudo service sssd restart

Home Directories

Make sure you use the switch --enablemkhomedir when you use authconfig if you want users to have their own home directory.

Sudo access

If you want users to have sudo access, providing you already have a group in your LDAP, you can the group to your sudoers file.
Check to see if sssd has imported the groups from your ldap:

~$ getent group

Once you see the group name with the users you want to add, just edit the sudoers file

~$ visudo

Make sure you add it like so:

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
%new_sudoer_group ALL = (ALL) ALL

Add Service to auto start on boot

list current state

~$ sudo chkconfig --list <service name; ie. mysqld>

set service to start on boot

~$ sudo chkconfig --level 345 <service name; ie. mysqld> on

Common packages to install on fresh (minimal) install

~$ sudo yum install telnet net-tools vim tcpdump bind-utils redhat-lsb-core wget -y

bash for loop examples

Get a list of file names with the full path, then for each, print the filename and path and then search for a string, printing any matching lines.

~$ for i in $(find / -name "*.ldif"); do echo $i && grep localdomain $i; done
/etc/openldap/slapd.d/cn=config.ldif
/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif
olcSuffix: dc=localhost,dc=localdomain
olcRootDN: cn=ldapadmin,dc=localhost,dc=localdomain
/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif
 nal,cn=auth" read  by dn.base="cn=ldapadmin,dc=localhost,dc=localdomain" read  by * n
/etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif
/etc/openldap/slapd.d/cn=config/cn=schema/cn={10}ppolicy.ldif