Category: Linux

Enroll exotic servers to FreeIPA

Following procedure describe enrollment procedure to enroll Linux servers to FreeIPA. Most popular distributions have freeipa-client for them. this procedure designed for SLES, but similar concept should work with other distros. Preparation: Install SLES with following modules (or activate mentioned modules) Choose system role: minimal. Use XFS (or other you prefer. do not use btrfs). […]

FreeIPA in docker to auth your Linux servers in one place

Scenario: Customer have pack of Linux servers with local auth. Goal is to deploy FreeIPA cluster to authenticate and authorize users to access to Linux servers. Solution should be Dockerized. Solution: deploy 1 Master FreeIPA server and 2 replica FreeIPA servers in Docker containers. After that – enroll Linux servers to FreeIPA. Preparation: Use Ubuntu […]

Protect your WordPress-based web site from AI-bots

Scenario: Customer web-site hit hard by AI bots. Server run Apache. Only one virtual host present. Task is to protect service from AI-bots at the same time allow normal traffic. Configuration fragment of Apache server: Solution implementation steps: Implementation (following process for SLES. for other Linux distro it is pretty similar with minimal adjustments). Install […]

How to install specific application to docker container

Sometimes we need to add some application to pre-configured docker container. We can do this with “docker build” in a few easy steps. Step 1. Create Dockerfile. In it add source docker container to add requsted application installation procedure. Sampe Dockerfile Step 2. Build docker container from Dockerfile. Step 3. Modify docker-compose.yml file. replace original […]

VRRP on Linux. Use Keepalived for HA and load balancing.

VRRP – Virtual Redundancy Routing Protocol in Linux systems could be implemented with keepalived. Also, keepalived could be used to implement High Availability (active/passive) or load balancing (active/active). Four aspects need to be configured on a VRRP HA server: keepalived, iptables, sysctl and the service itself (rsyslog in this case). Sysctl. The host’s kernel needs […]

Case: revew firewall configuration

Case: Customer concerns about firewall configuration. Firewall implemented on Linux server. Firewall includes NAT. Discovery: During review of firewall configuration I discovered following – total number of lines in configuration are ~5500. Some rules grouped in groups (chains). Some groups have no rules in them. Many rules never have had traffic passing through them. Advice […]

Case: remote execution in Linux

Case: Customer have appliance from vendor running Linux. Customer have no access (restricted by agreement with vendor) to scheduler on server. Customer want periodically gather some information from applience and use it. Solution: Create shell script on Linux server, owned by customer. Schedule it on customers server. In mentioned script use remote execution to gather […]

How to deploy Oxidized server in Docker container

Oxidized is a network device configuration backup tool. Wery useful, when you have hundreeds of switches/routers and want to keep configuration of mentioned devices and configuration version history. Open ports 80/tcp and 443/tcp: #firewall-cmd –add-port=80/tcp #firewall-cmd –add-port=443/tcp #firewall-cmd –runtime-to-permanent #firewall-cmd –reload Create directory for service: #mkdir /opt/oxidized Create shell script for Oxidized and make it […]

Modify NAT Iptables rules at Linux server

Check current configuration. Maybe rule already present? #iptables -t nat -L -n Save current configuration to file. #iptables-save > /etc/sysconfig/some_file_you_want Edit configuration file. #vi /etc/sysconfig/some_file_you_want For Destination NAT add record to PREROUTING section. Sample: All incoming traffic to IP 10.10.10.10 and port tcp/443 NAT-ed to IP 192.168.0.10 port tcp/10000 -A PREROUTING -d 65.87.230.18/32 -p tcp […]