redhat

Security Vulnerability Remediation – rlogin

Rlogin starts a terminal session on remote hosts. This appears as a HIGH vulnerability to some security scanners like Nessus. This is a real easy vulnerability to correct. Just comment out login in the /etc/inetd.conf file.

vi  /etc/inetd.conf

Search for the login entry

/login

Output

login  stream  tcp6    nowait  root    /usr/sbin/rlogind       rlogind

Comment it out

#login  stream  tcp6    nowait  root    /usr/sbin/rlogind       rlogind

Save and close

:wq!
redhat

How To Install GUI on Red Hat or CentOS

So you installed Red Hat or CentOS 7 using minimal install and all has been well. Now, you find that you’d like to install the GUI and don’t want to re-install the OS from scratch. No problem.

Start by installing yum-utils

yum install yum-utils

To list software groups, enter

yum grouplist

Output will be similar to this

Loaded plugins: fastestmirror
There is no installed groups file.
Maybe run: yum groups mark convert (see man yum)
Loading mirror speeds from cached hostfile
 * base: mirror.cisp.com
 * extras: mirror.fdcservers.net
 * updates: www.gtlib.gatech.edu
Available environment groups:
   Minimal Install
   Compute Node
   Infrastructure Server
   File and Print Server
   Basic Web Server
   Virtualization Host
   Server with GUI
   GNOME Desktop
   KDE Plasma Workspaces
   Development and Creative Workstation
Available Groups:
   Compatibility Libraries
   Console Internet Tools
   Development Tools
   Graphical Administration Tools
   Legacy UNIX Compatibility
   Scientific Support
   Security Tools
   Smart Card Support
   System Administration Tools
   System Management
Done

To install “Server with GUI” group, enter:

yum groupinstall "Server with GUI"

Once the installation is finished, you need to change system’s runlevel to runlevel 5. Changing runlevel on RHEL 7 and CentOS 7 is done by use of systemctl command.

systemctl enable graphical.target --force

Depending on your previous installations you may need to accept Redhat License after you reboot your system.

GUI-install-license-infoGUI-install-license-info-accept

CentOS 7

Simple Backup Script for Apache Web Server /w Mysql DB

Share on LinkedIn

This script may not be as clean as others but it gets the job done.

The purpose of this script is to backup both your entire web directory and database to a compressed file with date stamps. What you do with it from there is up to you.

Target: Web Directory and specific DB Instance – MUST know database name for this script

Environment Settings
Create /temp and /backups directories in /

mkdir temp
mkdir backups

See what’s in the directory by running the ls command

ls

Output will be similar to this:

backups bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys temp tmp usr var

Create Script in / directory

vi My-Backup-Script.sh

The only items that need to be changed in this script are the items in ‘red‘.

#! /bin/bash
TIMESTAMP=$(date +"%F")
BACKUP_DIR=/temp/My-Backup-$TIMESTAMPMYSQL_USER="your-db-username"
MYSQL=/usr/bin/mysql
MYSQL_PASSWORD="your-db-username-password"
MYSQLDUMP=/usr/bin/mysqldump
DATABASE=your-db-name

mkdir -p "$BACKUP_DIR/mysql"
$MYSQLDUMP --force --opt --user=$MYSQL_USER -p$MYSQL_PASSWORD $DATABASE | gzip > "$BACKUP_DIR/mysql/$DATABASE.gz"

mkdir -p "$BACKUP_DIR/web_dir"
SRCDIR=/var/www/html/
DESTDIR=$BACKUP_DIR/web_dir/
FILENAME=My-WWW-Backup-$TIMESTAMP.tgz
tar --create --gzip --file=$DESTDIR$FILENAME $SRCDIR

tar --create --gzip --file=/backups/My-Backup-$TIMESTAMP.tgz $BACKUP_DIR

rm -rf /temp/*

wait
echo "Backup of DB and Web Directory Complete!"

Make Script Executable

chmod +x My-Backup-Script.sh

Run cron job every day at 1130pm

sudo crontab -e

Add the following to your cronjob:

MAILTO=""
30 23 * * * /bin/bash /My-Backup-Script.sh

To Extract Backup files, you will need tar -zxvf for the main file and web directory file. You will need to use gzip -d for the database file.

CentOS 7

How To Change Mysql Root Password

Share on LinkedIn

To change or update the root mysql user password from thispw, you can set the new password to thatpw by running this command:

mysqladmin -u root -p'thispw' password 'thatpw'

That’s it.