To remove specific iptables rule from Pre-Routing chains, first display all Pre-Routing chains using a following iptables command:
iptables -t nat --line-numbers -L
This will display all Pre-Routing chains with relevant line numbers. To remove a specific Pre-Routing rule, you can use the corresponding line number. For example below command will remove Pre-Routing NAT chain with line number 1.
iptables -t nat -D PREROUTING 1
In this article, we are going to build Apache service (2.4.16) with custom settings and install it on RHEL 7.0 from scratch with SSL support. Before we start, let’s install dependencies required.
Post build packages required,
yum groupinstall “Development Tools”
yum install openssl-devel
yum install pcre-devel
If you have an Apache (httpd) application that needs to access a remote Database, you will have to change the SELinux policy as described bellow to allow Apache access to network databases. You have to edit the SELinux boolian settings for this.
First, check if the “httpd_can_network_connect_db” boolian set to “on”.
[root@testsrv ~]# getsebool -a | grep httpd_can_network_connect_db
httpd_can_network_connect_db --> off
By default, this is set to off. To enable network database access for Apache, execute bellow command.
setsebool -P httpd_can_network_connect_db on
Note, that “-P” is added to permanently change this setting therefore on system reboot this setting will be preserved.
If the database that the application is trying to reach is other than the default port (eg. mysql: 3306), you have to edit the SELinux Policy as described bellow.
Assume the application trying to connect to a mysql database and custom port is 1234. To get the current settings for mysql in SELinux policy,
semanage port -l | grep mysqld_port_t
To add new custom port to this mysql port group,
semanage port -a -t mysqld_port_t -p tcp 1234
Later on if you need to remove any custom port that entered in a port group, (eg: mysql:1234)
semanage port -d -t mysqld_port_t -p tcp 12345
Let’s assume we have a folder /opt/docs/ and we have to create bellow folder tree, which are used by Accounts, HR and Sales divisions. Each folder is accessible to respective devisions only and others must not have any access to it.
/opt/docs/
|-- Accounts
| `-- Employee
|-- HR
| `-- Employee
`-- Sales
`-- Customers
To make the folder strcuture,
mkdir -p /opt/docs/Accounts/Employee
mkdir -p /opt/docs/HR/Employee
mkdir -p /opt/docs/Sales/Customers
To change ownerships to respective divisions,
chown -R accounts:accounts /opt/docs/Accounts/Employee
chown -R hr:hr /opt/docs/HR/Employee
chown -R sales:sales /opt/docs/Sales/Customers
To set access permissions only to respective divisions,
find /opt/docs/ -type d -exec chmod -v 0770 ‘{}’ \; # directory permissions
find /opt/docs/ -type f -exec chmod -v 0660 ‘{}’ \; # file permissions
If you need to configure the Security level and firewall of your Red Hat system and you only has a SSH access to the system, use bellow command as a privileged user.
system-config-securitylevel-tui
Let’s consider a situation where you need to configure a secure FTP service in your Linux server without installing any new packages to the system. Easy way of achieving this scenario is by configuring a SFTP CHROOT service in your Linux system. By Default all Linux systems are pre configured with SSH service. There for you only need to edit the existing configuration for this purpose.
1) Modify “/etc/ssh/sshd_config” file to reflect bellow changes
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Lets assume we have two web developers working on the same web project and they will need a single shared location to store and collaborate their development work with each other. In bellow example I have taken “/var/web-dev” as the shared location and it’s owned by Apache user (www-data). Two developers, danny and penny, needs to store their development work in “/var/web-dev”.
Assuming we already has logins for danny and penny, we have to add them to Apache user group.
usermod -aG www-data danny
usermod -aG www-data penny
To Install software to Red Hat 5 Enterprise Linux when your installation is not registered with Red Hat Network, simple solution is to install the software from the installation DVD.
If you have an ISO file of the installed OS version, mount it to /mnt/cd
Then create a file “iso.repo” in /etc/yum.repos.d
[base]
name=DVDROM
baseurl=file:///mnt/cd/Server
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
