Category Archives: Centos Notes

This is my personal notes using centos.

NTP offset monitoring bash script

#!/bin/bash
# Created by Rodel
# 27/08/2020
MAIL=`which mail`
THIS_SERVER=`hostname -s`
RCPTS="rodel@test.com"
check_ntp_return_value () {
        ntpq_count=$(ntpq  -p |grep  -e '*'|awk  '{print $9}' | wc -l)
#       ntpq_count="0"
        if [ "$ntpq_count" -ne "0" ];
                then
                        check_ntp_offset;
                else
                        message=$(echo "No NTP master ip address assign <example: *192.168.0.x>. Please login to the server and check. Thank you.")
                        send_email "$message";
        fi
}
check_ntp_offset () {
        ntpq_p=$(ntpq  -p |grep  -e '*'|awk  '{print $9}')
        ntpq_p=${ntpq_p%.*}
#       ntpq_p="6001"
        ntpq_server=$(ntpq  -pn |grep  -e '*'|awk  '{print $1}' | sed 's/*//g')
        if [ "$ntpq_p" -gt "6000" ];
                then
                        message1=$(echo "Critical - `hostname` Offset value is $ntpq_p greater than 6000 milliseconds")
                        message2=$(ntp_sync)
                                                send_email "$message1 \n\n Executing ntpdate...\n$message2";
                else
                        exit 0
        fi
}

ntp_sync () {
#       ntpdate -q $ntpq_server >> /dev/null 2>&1
        ntpdate -q $ntpq_server
}
send_email () {
        STR2="${1}"
        echo -e "${STR2}" | ${MAIL} -s "[${THIS_SERVER}] NTP Synchronization Alert" "${RCPTS}"
}
check_ntp_return_value

How to create CentOS Local Repository Server

mkdir /mnt/iso

mount /dev/cdrom /mnt/iso

mkdir /home/repos/LocalRepo/CentOS/7.0/ -p

cp -ar /mnt/iso/Packages/* /home/repos/LocalRepo/CentOS/7.0/

umount /dev/cdrom /mnt/iso

cd /home/repos/LocalRepo/CentOS/7.0/

rpm -i deltarpm-3.6-3.el7.x86_64.rpm

rpm -i libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm

rpm -i python-deltarpm-3.6-3.el7.x86_64.rpm

rpm -i createrepo-0.9.9-28.el7.noarch.rpm

vi /etc/yum.conf

file:///home/repos/LocalRepo/CentOS/7.0

yum install apr-1.4.8-3.el7.x86_64.rpm apr-util-1.5.2-6.el7.x86_64.rpm httpd-tools-2.4.6-67.el7.centos.x86_64.rpm mailcap-2.1.41-2.el7.noarch.rpm httpd-2.4.6-67.el7.centos.x86_64.rpm

systemctl start httpd

systemctl status httpd

systemctl enable httpd

ln -s /home/repos/LocalRepo/CentOS/7.0/ /var/www/html/CentOS7.0

vi localrepo.repo

[localrepo]

name=Custom Repository

baseurl=file:///var/www/html/CentOS7.0

gpgcheck=0

enabled=1

createrepo -v /var/www/html/CentOS7.0/

yum repolist

vi /etc/yum.conf

#file:///home/repos/LocalRepo/CentOS/7.0

systemctl stop firewalld

systemctl disable firewalld

vi /etc/sysconfig/selinux

SELINUX=disabled

yum install vsftpd

systemctl start vsftpd

systemctl status vsftpd

systemctl enable vsftpd

yum repolist

yum install yum-utils.noarch

yum-config-manager –disable “CentOS-7 – Base”

Disable FirewallD and enable/import IPTables rules

1) Clear the default firewall rules in FirewallD.

#iptables -F
#iptables -t nat -F

2) Disable firewalld.

#systemctl stop firewalld
#systemctl disable firewalld
#systemctl mask firewalld

3) Install iptables-services.

#yum install iptables-services
#systemctl start iptables
#systemctl enable iptables

4)Clear again the iptables rules.

#iptables -F
#iptables -t nat -F

5) Import iptable rules and saved it or create a new iptable rules.

#iptables-restore < iptables
#service iptables save
#service iptables stop
#service iptables start

 

Add restricted user in linux manually.

The code below will only allow the following commands.
ping
ssh
telnet
traceroute
ifconfig
route


Add_Restricted_User.sh


#!/bin/sh
# Add restricted user in linux manually.
# August 13, 2015
# Created by Rodel

for a in `cat /opt/scripts/Add_Restricted_User/serverlist.txt`;
do
for b in `cat /opt/scripts/Add_Restricted_User/usernames.txt`;
do echo $a $b; ssh $a "useradd -s /bin/rbash '$b'; echo -e '$b:mypassword' | chpasswd;\
cd /home/$b;\
rm -rf .bash_logout .bash_profile .bashrc .profile .bash_login .emacs .mozilla;\
mkdir /home/$b/bin;\
cd /home/$b/bin;\
ln -s /bin/ping ping;\
ln -s /usr/bin/ssh ssh;\
ln -s /usr/bin/telnet telnet;\
ln -s /bin/traceroute traceroute;\
ln -s /sbin/ifconfig ifconfig;\
ln -s /sbin/route route;\
chmod 2070 -R /home/$b;\
chown root:$b /home/$b;\
chown root:root /home/$b/bin -Rf;\
chmod -Rf 755 /home/$b/bin;\
chmod u+s /home/$b/bin/ping;"
rsync -azP .profile root@$a:/home/$b;\
ssh $a "chown root:$b /home/$b/.profile && chmod 750 /home/$b/.profile";done
done

.profile environmental settings.
export PATH=$HOME/bin
export PS1="[\u@\h \W]$ "
export HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S - '
export PROMPT_COMMAND='history -n;history -a'
export HISTSIZE=10000
alias netinfo='echo -e "Ifconfig\n"; ifconfig -a; echo -e "Route\n"; route -n'
alias alias=""

readonly PROMPT_COMMAND
readonly HISTSIZE
readonly HISTFILE
readonly HOME
readonly HISTIGNORE
readonly HISTCONTROL
echo -e "\nAvailable Commands:\nping\nssh\ntelnet\ntraceroute\nnetinfo - print network info\n\n"

Allow incoming/outgoing SNMP traffic in IPTables

Allow outgoing SNMP traffic in IPTables

iptables -A INPUT -i eth0 -p udp -s--sport 161:162 -d
--dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p udp -s --sport 1024:65535 -d
--dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT

Allow incoming SNMP traffic in IPTables

iptables -A INPUT -i eth0 -p udp -s 152.102.124.31 --dport 161:162 -j ACCEPT
iptables -A OUTPUT -p udp -d 152.102.124.31 --dport 1024:65535 -j ACCEPT

Allow Incoming/Outgoing ICMP traffic in IPTables

Enable or allow ICMP ping incoming client request.

iptables -A INPUT -i eth0 -p icmp --icmp-type 8 -s-d
-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -p icmp --icmp-type 0 -s -d
-m state --state ESTABLISHED,RELATED -j ACCEPT

Allow or enable outgoing ping request.

iptables -A INPUT -i eth0 -p icmp --icmp-type 0 -s-d
-m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -p icmp --icmp-type 8 -s -d
-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT