Pages
▼
May 30, 2007
Configure openvpn easy way
Hi! In this tip I show you working config files for openvpn (Linux server and Linux client, it should works for other OS with minimal modification). However, it doesnt include keys and their generating ;-)
May 20, 2007
Minimal smb.conf for Linux
This tip is for setting up anonymous share using samba 3 under Linux with really minimal smb.conf. I assume you want to share directory /data read only. For sharing it read-write, make sure it has correct permissions (chmod 777 /data) and uncomment last line :-)
Edit in 2016: For Fedora 23, you need to change this config for
cat /etc/samba/smb.conf
Also you need to change selinux fcontext of shared directory:
Edit in 2020:
Also on client Windows 10 Enterprise and Education, you have to
cat /etc/samba/smb.conf [global] netbios name = darkstar server string = darkstar guest ok = yes security = share [data] path = /data # read only = no
Edit in 2016: For Fedora 23, you need to change this config for
cat /etc/samba/smb.conf
[global]
netbios name = darkstar
server string = darkstar
guest ok = yes
security = user
map to guest = bad user
[data]
path = /data
# read only = no
Also you need to change selinux fcontext of shared directory:
# semanage fcontext -a -t samba_share_t "/data(/.*)?" # restorecon -Rv /data ### this third line may be needed if /data is managed by local user # setsebool -P samba_enable_home_dirs 1
Edit in 2020:
# cat /etc/samba/smb.conf [global] server string = darkstar guest ok = yes security = user workgroup = workgroup guest account = nobody map to guest = bad user
Also on client Windows 10 Enterprise and Education, you have to
Go into Local Group Policy Editor (gpedit.msc) Navigate into Administrative Templates - Network - Lanman Workstation. Then the Setting : Enable insecure guest logons has to be set to "Enable".
On client Windows 10 Home and Pro its enabled by default.
May 12, 2007
Basic firewall for Linux workstation
This shell script is something like good starting point firewall for Linux workstation. Adjust it on your own. Execute it at start of system.
You need kernel 2.4 or 2.6 with netfilter and state matching enabled (default on all distros known to me). Allowed incoming ssh is for sysadmins a _must_. Also ping helps to diag problem. If you need more complex firewall, try to think about blocking also outgoing connection. Also for servers and routers this script is not sufficient.
You need kernel 2.4 or 2.6 with netfilter and state matching enabled (default on all distros known to me). Allowed incoming ssh is for sysadmins a _must_. Also ping helps to diag problem. If you need more complex firewall, try to think about blocking also outgoing connection. Also for servers and routers this script is not sufficient.
cat /etc/rc.d/rc.firewall
#!/bin/sh
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# enable incoming ssh and echo requests (ping)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
May 2, 2007
How to monitor server using command line
This tip full of commands is mainly for Linux admins, but you may find utility sar very useful also in Solaris environment. They will help you find a bottleneck of your system, so read on..