Category Archives: Service Configurations

Samba Server and Clients

Leave a reply

Samba is a open-source software that can be used on both Windows and Linux for sharing files, folders, and printers between them. It has been used for many years with several different protocols (SMB/CIFS protocol), as well as their subcategories.

  • Let’s install samba server, client and policycoreutils for SELinux

[admin@localhost ~]$ sudo dnf install samba samba-client policycoreutils-python-utils

  • Create sambashare directory in under “ / “ as follows give necessary permission.

sudo mkdir /sambashare

sudo chmod -R 777 sambashare/

  • Check the SELinux boolean for samba and enable them if they are not enable.

[admin@localhost ~]$ getsebool -a | grep samba_export

samba_export_all_ro –> off

samba_export_all_rw –> off

[admin@localhost ~]$ getsebool -a | grep samba_share_nfs

samba_share_nfs –> off

[admin@localhost ~]$ sudo setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 samba_share_nfs=1

[admin@localhost ~]$ getsebool -a | grep samba_export

samba_export_all_ro –> on

samba_export_all_rw –> on

[admin@localhost ~]$ getsebool -a | grep samba_share_nfs

samba_share_nfs –> on

  • Add approriate SELinux context for sambashare folder.

[admin@localhost ~]$ sudo semanage fcontext -at samba_share_t “/sambashare/(/.*)?”

[admin@localhost ~]$ restorecon /sambashare/

[admin@localhost ~]$ ll -Zd /sambashare/

drwxr-xr-x. 2 root root unconfined_u:object_r:default_t:s0 4096 Jul 6 21:44 /sambashare/

  • Allow the Samba Service via Firewall

[admin@localhost ~]$ sudo firewall-cmd –permanent –add-service=samba

[sudo] password for admin:

success

[admin@localhost ~]$ sudo firewall-cmd –reload

success

  • Test the Samba Configuration settings.

[admin@localhost ~]$ testparm

Load smb config files from /etc/samba/smb.conf

Loaded services file OK.

Weak crypto is allowed

Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters

[global]

interfaces = lo enp0s4 192.168.1.

log file = /var/log/samba/%m.log

security = USER

server string = 192.168.1.123

workgroup = SAMBA

idmap config * : backend = tdb

hosts allow = 127. 192.168.1.124

[sambashare]

comment = /sambashare

guest ok = Yes

path = /sambashare

read only = No

valid users = user1

write list = user1

  • Create Samba user and password

[admin@localhost ~]$ sudo useradd user1

[sudo] password for admin:

[admin@localhost ~]$ sudo smbpasswd -a user1

New SMB password:

Retype new SMB password:

Added user user1.

  • The “pdbedit” program is used to manage the user’s accounts stored in the “sam” database and can be run only by root.

[admin@localhost ~]$ sudo pdbedit -Lv

Unix username: user1

NT username:

Account Flags: [U ]

User SID: S-1-5-21-732476358-3035687843-3070369674-1000

Primary Group SID: S-1-5-21-732476358-3035687843-3070369674-513

Full Name:

Home Directory: \\localhost\user1

HomeDir Drive:

Logon Script:

Profile Path: \\localhost\user1\profile

Domain: LOCALHOST

Account desc:

Workstations:

Munged dial:

Logon time: 0

Logoff time: Wed, 06 Feb 2036 15:06:39 GMT

Kickoff time: Wed, 06 Feb 2036 15:06:39 GMT

Password last set: Tue, 07 Jul 2020 00:16:25 BST

Password can change: Tue, 07 Jul 2020 00:16:25 BST

Password must change: never

Last bad password : 0

Bad password count : 0

Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

[admin@localhost ~]$

  • Enable and start the samba service

[admin@localhost ~]$ sudo systemctl start/enable smb

[admin@localhost ~]$ sudo systemctl status smb

● smb.service – Samba SMB Daemon

Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)

Active: active (running) since Tue 2020-07-07 00:20:11 BST; 9s ago

Samba Client on Linux

  • Installing Samba Client

[root@localhost ]# dnf install samba samba-client cifs-utils

  • Mount sambashare folder in Samba Server with /mnt

[root@localhost ~]# mount //192.168.1.123/sambashare /mnt –verbose -o user=user1,pass=123456

mount.cifs kernel mount options: ip=192.168.1.123,unc=\\192.168.1.123\sambashare,user=user1,pass=********

[root@localhost ~]# df -h

Filesystem Size Used Avail Use% Mounted on
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 17M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/sda3 6.1G 1.4G 4.4G 25% /
tmpfs 378M 0 378M 0% /run/user/0
//192.168.1.123/sambashare 6.1G 1.8G 4.4G 29% /mnt
  • Samba server auto mount (with credential file)

[root@localhost ~]# vi /etc/samba/sharecred

user=user1

pass=123456

[root@localhost ~]# vi /etc/fstab

UUID=13eb116b-abb0-4d7e-895a-fd5bee45cc30 swap swap defaults 0 0

//192.168.1.123/sambashare /mnt cifs rw,credentials=/etc/samba/sharecred 1 1

  • Mount the above share as below

[root@localhost ~]# mount -a

[root@localhost ~]# df -h

Filesystem Size Used Avail Use% Mounted on
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 17M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/sda3 6.1G 1.4G 4.4G 25% /
tmpfs 378M 0 378M 0% /run/user/0
/dev/sda1 976M 133M 777M 15% /boot
//192.168.1.123/sambashare 6.1G 1.8G 4.3G 29% /mnt

Samba Client on Windows

  • Add samba window client into smb.conf file as follows. It has IP address of 192.168.1.106.

[admin@localhost ~]$ sudo vi /etc/samba/smb.conf

  • Then enter the samba server (with IP 192.168.1.123) for search as follows.
  • Now enter the samba username and password to login to samba server

NFS Server setup on CentOS 8

Leave a reply

A Network File System (NFS) is a distributed file system that can access a network on multiple platforms. With NFS, we can mount remote directories onto our systems and work with the files on the remote machine as if they were local files. An NFS protocol is not encrypted by default, and unlike Samba, it does not provide user authentication. Access to the server is restricted by the clients’ IP addresses or hostnames.

  • Creating two directories

[root@localhost ~]# mkdir -p /var/nfs/{HD1,HD2}

[root@localhost ~]# ls -l /var/nfs/

total 8

drwxr-xr-x. 2 root root 4096 Jul 5 14:54 HD1

drwxr-xr-x. 2 root root 4096 Jul 5 14:54 HD2

  • Install of NFS utils

[root@localhost ~]# dnf install nfs-utils

  • Configuure Selinux
  • Configure the firewall
  • Configure “/etc/exports” file

[root@localhost ~]# vi /etc/exports

Mount directory in NFS ServerMount with any clientMount with 192.168.1.122
/var/nfs/HD1*(rw,no_root_squash)192.168.1.122(rw,no_root_squash)
/var/nfs/HD2*(sync)192.168.1.122(sync)

rw – allows both read and write access on the file system.

sync – tells the NFS server to write operations (writing information to the disk) when requested (applies by default).

all_squash – maps all UIDs and GIDs from client requests to the anonymous user.

no_all_squash – used to map all UIDs and GIDs from client requests to identical UIDs and GIDs on the NFS server.

root_squash – maps requests from root user or UID/GID 0 from the client to the anonymous UID/GID.

  • Enable and start rpcbind and nfs-server services.

[root@localhost ~]# systemctl start rpcbind

[root@localhost ~]# systemctl status rpcbind

● rpcbind.service – RPC Bind

Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)

Active: active (running) since Sun 2020-07-05 15:32:54 BST; 11s ago

[root@localhost ~]# systemctl status nfs-server

● nfs-server.service – NFS server and services

Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)

Active: active (exited) since Sun 2020-07-05 15:33:31 BST; 7s ago

  • Export Directories

[root@localhost ~]# exportfs -var

exporting *:/var/nfs/HD2

exporting *:/var/nfs/HD1

Configure NFS client

  • Installation

[root@localhost ~]# dnf install nfs-utils

  • Enable and start rpcbind and nfs-server services.

[root@localhost ~]# systemctl start rpcbind
[root@localhost ~]# systemctl status rpcbind

[root@localhost ~]# mkdir -p /mnt/{Disk1,Disk2}

[root@localhost ~]# vi /etc/fstab

UUID=e0c30f93-10da-4e89-8024-107ca98298cb swap swap defaults 0 0

192.168.1.122:/var/nfs/HD1 /mnt/Disk1 nfs defaults 0 0

192.168.1.122:/var/nfs/HD2 /mnt/Disk2 nfs defaults 0 0

IP forwarding on CenOS 8

Leave a reply

IP forwarding or IP routing is a process that decides where data packets or datagrams have to be delivered. The process uses routing information to make decisions, and it’s designed to send packets over multiple networks. Generally, networks are separated by routers.

In this setup, we have three machines. One is for the DHCP server, the other one is for routing configured and the last one is for the client. All those machines are in the same VLAN with the subnet 172.168.30.0.

First of all, let’s install the following packages to help all of the processes run smoothly.

[root@localhost]# dnf install -y net-tools bind-utils nc

  • Now, let’s configure Network adapters of routing enable machine. (enp0s3, enp0s8)

cd /etc/sysconfig/network-scripts/

[root@localhost network-scripts]# vi ifcfg-enp0s3 (Connecting to outside gateway)

# Generated by dracut initrd

NAME=enp0s3

DEVICE=enp0s3

ONBOOT=yes

NETBOOT=yes

IPV6INIT=yes

BOOTPROTO=dhcp

TYPE=Ethernet

ZONE=external

PROXY_METHOD=none

BROWSER_ONLY=no

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_FAILURE_FATAL=no

UUID=3c36b8c2-334b-57c7-91b6-4401f3489c69

[root@localhost network-scripts]#cp ifcfg-enp0s3 ifcfg-enp0s8

[root@localhost network-scripts]# vi ifcfg-enp0s8 (Connecting to virtual LAN :-LAN 100)

# Generated by dracut initrd

NAME=”enp0s8″

DEVICE=”enp0s8″

ONBOOT=yes

NETBOOT=yes

IPV6INIT=yes

BOOTPROTO=static

TYPE=Ethernet

IPADDR=172.168.30.1

NETMASK=225.255.255.0

DNS1=8.8.8.8

DNS2=8.8.4.4

ZONE=internal

  • Configure IP forwading

[root@localhost ~]#vi /etc/sysctl.conf

# sysctl settings are defined through files in

# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.

# Vendors settings live in /usr/lib/sysctl.d/.

# To override a whole file, create a new file with the same in

# /etc/sysctl.d/ and put new settings there. To override

# only specific settings, add a file with a lexically later

# name in /etc/sysctl.d/ and put new settings there.

# For more information, see sysctl.conf(5) and sysctl.d(5).

net.ipv4.ip_forward=1

[root@localhost ~]# vi /etc/sysctl.d/99-sysctl.conf

# sysctl settings are defined through files in

# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.

# Vendors settings live in /usr/lib/sysctl.d/.

# To override a whole file, create a new file with the same in

# /etc/sysctl.d/ and put new settings there. To override

# only specific settings, add a file with a lexically later

# name in /etc/sysctl.d/ and put new settings there.

# For more information, see sysctl.conf(5) and sysctl.d(5).

net.ipv4.ip_forward=1

Checking IP forwarding configuration variable.

[root@localhost ~]# sysctl -p

net.ipv4.ip_forward = 1

Or

[root@localhost ~]# cat /proc/sys/net/ipv4/ip_forward

1

[root@localhost ~]# systemctl restart NetworkManager

  • Firewall Configuration

[root@localhost ~]# systemctl status firewalld

● firewalld.service – firewalld – dynamic firewall daemon

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)

Active: active (running) since Wed 2020-07-01 16:53:04 BST; 2h 4min ago

firewall-cmd –change-interface=enp0s3 –zone=external –permanent

firewall-cmd –set-default-zone=internal

firewall-cmd –direct –permanent –add-rule ipv4 nat POSTROUTING 0 -o enp0s3 -j MASQUERADE

firewall-cmd –direct –permanent –add-rule ipv4 filter FORWARD 0 -i enp0s8 -o enp0s3 -j ACCEPT

firewall-cmd –direct –permanent –add-rule ipv4 filter FORWARD 0 -i enp0s3 -o enp0s8 -m state –state RELATED,ESTABLISHED -j ACCEPT

firewall-cmd –reload

The client machine does not have any configuration – it is just set up to accept the DHCP IP address. However, it is capable of accessing the internet via a routing machine (as mentioned below).

Reference

  • IP Subnet calculator.

http://www.subnet-calculator.com

DHCP Server on CentOS 8

Leave a reply

DHCP (Dynamic Host Configuration Protocol) Server can automatically assign a previously defined IP addresse to the devices attached on a Local Area Network(LAN). Let’s see how we can set up a DHCP server.

Step 1 Installation

[root@localhost ~]# dnf install dhcp-server

Step 2 Configure the Network Adapter

[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-enp0s8

# Generated by dracut initrd

NAME=”enp0s8″

DEVICE=”enp0s8″

ONBOOT=yes

NETBOOT=yes

IPV6INIT=yes

BOOTPROTO=static

TYPE=Ethernet

IPADDR=172.168.10.1

NETMASK=225.255.255.0

Restart the Network Manager Service.

[root@localhost ~]# systemctl restart NetworkManager

Step 3 Configure the configuration file.

cp /usr/share/doc/dhcp*/dhcpd.conf.sample /etc/dhcp/dhcpd.conf

[root@localhost ~]# vi /etc/dhcp/dhcpd.conf

# Set DNS name and DNS server’s IP address or hostname

# Declare DHCP Server

authoritative;

# The default DHCP lease time

default-lease-time 600;

# Set the maximum lease time

max-lease-time 7200;

# Define the subnet of the DHCP server interface (Network address and subnet mask)

subnet 172.168.10.0 netmask 255.255.255.0{

# Define the range of IP addresses

range 172.168.10.100 172.168.10.200;

#Define the Domain Name Servers(DNS)

option domain-name-servers 8.8.8.8,8.8.4.4;

# Define the gateway

option routers 172.168.10.1;

# Define the broadcast address

option broadcast-address 172.168.10.255;

}

# Fixed Host IP Address assigning

host myclient2 {

# Define the MAC address

hardware ethernet 08:00:27:5a:54:1d;

# Define Fixed IP address

fixed-address 172.168.10.200;

}

Step 4 Enable and activate the dhcp seervice

[root@localhost ~]# systemctl start/enable dhcpd

[root@localhost ~]# systemctl status dhcpd

● dhcpd.service – DHCPv4 Server Daemon

Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; enabled; vendor preset: disabled)

Active: active (running) since Wed 2020-07-01 23:36:18 BST; 1h 9min ago

Step 5 Adjustt the firewall

[root@localhost ~]# firewall-cmd –permanent –add-service=dhcp

success

Or

[root@localhost ~]# firewall-cmd –permanent –add-port=67/tcp

success

[root@localhost ~]# firewall-cmd –reload

success

Step 6 Testing the DHCP

Now, I have two clients on my network. I let one of them get an IP address assigned by the DHCP Server, and the other one specifically assigned to a MAC address (with 08:00:27:5a:54:1d) which is not going to assign to a DHCP Server on any other machines.

Client 1

Client 2

MAC Address is 08:00:27:5a:54:1d

Logwatch on Centos 8

Leave a reply

Logwatch is an application that can summaries the actives in log files and generates output according to our requirement. Further, we can redirect this output in many ways such as email, text and screen output. Let’s see install logwatch and play around with it.

Logwatch sample configuration can copy from below directory if necessary.

Configure “/etc/logwatch/conf/logwatch.conf” file as requires, if not, it applies default values to create a report.

Finally type logwatch to access the log report as below.

Manual method

Logwatch can be run manually at any time by inputting the logwatch command to your console. This command can be appended with a number of options to change the default output to suit your needs:

–detail level

This is the detail level of the report. level can be a positive

integer, or high, med, low, which correspond to the integers 10,

5, and 0, respectively.

–service service-name

This will force Logwatch to process only the service specified

in service-name (i.e. login, pam, identd, …). Logwatch will

therefore also process any log-file-groups necessary to process

these services. This option can be specified more than once to

specify multiple services to process. A useful service-name is

All which will process all services (and logfile-groups) for

which you have filters installed.

–mailto address

Mail the results to the email address or user specified in

address.

–range range

You can specify a date-range to process. Common ranges are Yes‐

terday, Today, All, and Help. Additional options are listed

when invoked with the Help parameter.

–archives

Each log-file-group has basic logfiles (i.e. /var/log/messages)

as well as archives (i.e. /var/log/messages.? or /var/log/mes‐

sages.?.gz). When used with “–range all”, this option will

make Logwatch search through the archives in addition to the

regular logfiles. For other values of –range, Logwatch will

search the appropriate archived logs.

–hostlimit host1,host2

Limit report to hostname – host1, host2.

–hostname hostname

Use hostname for the reports instead of this system’s hostname.

In addition, if HostLimit is set in the logwatch.conf configura‐

tion file (see MORE INFORMATION, below), then only logs from

this hostname will be processed (where appropriate).

–html_wrap num-characters

Number of characters that html output should be wrapped to.

Default is 80.

–numeric

Inhibits additional name lookups, displaying IP addresses numer‐

ically.

–no-oldfiles-log

Suppress the logwatch log, which informs about the old files in

logwatch tmpdir.

–usage

Displays usage information

–help same as –usage.

Reference

  • Monitor System Logs with Logwatch

https://www.linode.com/docs/uptime/monitoring/monitor-systems-logwatch/

Tripwire Installation on CentOS 8

Leave a reply

Step1

This is a rather common piece of software for intrusion detection – it has been with Linux community several years in fact. Let’s see how it set up in CentOS 8 environment.

Step2

[root@localhost ~]# tripwire-setup-keyfiles

  • Setting up the Site Key Passphrase
  • Setting up the Local Keyfile Passphrase
  • Setting up the Policy File..

Step3

  • Configuration of the tripwire config file (Text version)

[root@localhost ~]# vi /etc/tripwire/twcfg.txt

I have changed the “REPORTLEVEL = 4”

Step 4

  • Regenerating the configuration file.

[root@localhost tripwire]# vi twpolmake.pl

#!/usr/bin/perl
# Tripwire Policy File customize tool
# —————————————————————-
# Copyright (C) 2003 Hiroaki Izumi
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place – Suite 330, Boston, MA 02111-1307, USA.
# —————————————————————-
# Usage:
# perl twpolmake.pl {Pol file}
# —————————————————————-
#
$POLFILE=$ARGV[0];


open(POL,”$POLFILE”) or die “open error: $POLFILE” ;
my($myhost,$thost) ;
my($sharp,$tpath,$cond) ;
my($INRULE) = 0 ;


while (<POL>) {
chomp;
if (($thost) = /^HOSTNAME\s*=\s*(.*)\s*;/) {
$myhost = `hostname` ; chomp($myhost) ;
if ($thost ne $myhost) {
$_=”HOSTNAME=\”$myhost\”;” ;
}
}
elsif ( /^{/ ) {
$INRULE=1 ;
}
elsif ( /^}/ ) {
$INRULE=0 ;
}
elsif ($INRULE == 1 and ($sharp,$tpath,$cond) = /^(\s*\#?\s*)(\/\S+)\b(\s+->\s+.+)$/) {
$ret = ($sharp =~ s/\#//g) ;
if ($tpath eq ‘/sbin/e2fsadm’ ) {
$cond =~ s/;\s+(tune2fs.*)$/; \#$1/ ;
}
if (! -s $tpath) {
$_ = “$sharp#$tpath$cond” if ($ret == 0) ;
}
else {
$_ = “$sharp$tpath$cond” ;
}
}
print “$_\n” ;
}
close(POL) ;

[root@localhost tripwire]# perl twpolmake.pl twpol.txt > twpol.txt.new

Step 5

  • Create database

Step 6

  • Attention on the integrity check daily.

Step 7

  • Results are saved under the directory below

[root@localhost tripwire]# ls /var/lib/tripwire/report

localhost.localdomain-20200608-180500.twr

Step 8

  • Updating the database with a specific report

Step 9

  • Change the permission on following files and remove the files below

[root@localhost ~]# cd /etc/tripwire/

[root@localhost tripwire]# chmod 600 localhost.localdomain-local.key site.key tw.cfg tw.pol

[root@localhost tripwire]# rm twcfg.txt twpol.txt

rm: remove regular file ‘twcfg.txt’? y

rm: remove regular file ‘twpol.txt’? Y

Step 9

  • Re-create twcfg.txt and twpol.txt

[root@localhost tripwire]# twadmin –print-polfile >twpol.txt

[root@localhost tripwire]# twadmin –print-cfgfile >twcfg.txt

Step 10

  • Modifying policy and configuration files.

Step 11

  • Update the changes (or accept the changes)

[root@localhost tripwire]# tripwire –update –twrfile /var/lib/tripwire/report/localhost.localdomain-20200608-194635.twr

The report contains no new data, so the database will not be updated.

[root@localhost tripwire]# tripwire –update –twrfile /var/lib/tripwire/report/localhost.localdomain-20200608-194635.twr

Please enter your local passphrase:

Wrote database file: /var/lib/tripwire/localhost.localdomain.twd

Step 12

  • Print the tripwire database

[root@localhost tripwire]# twprint –print-dbfile

Reference

  • Server-world.info, 2019/12/16

Tripwire : Install

  • Toms, 19/01/2017

Configure Tripwire on CentOS 7

https://www.lisenet.com/

Upgrade CentOS 7 to CentOS 8

Leave a reply

This is a preliminary update process. However, if you update the production system, there may be more factors that will need to be considered due to the pre-installation packages and settings of an older system, where we’ll have to do some additional work on them. This is not like a fresh installation, and it might be complicated depending on which factors take place.

  • Update the enitre system before the upgrade.
  • Go to “/etc/sysconfig/selinux” disable the SELinux and reboot the system.

# vi etcsysconfig/selinux (Or setenforce 0)

  • Install the pre-requisite packages for the upgrade process.
  • Remove the unused and duplicate packages and configurations (if any)

On my machine, I couldn’t find any unused or older packages

  • Identify the packages that are not relied upon by any other installed packages, and remove them.
  • Identify the older or duplicate packages that are not available in the configured yum repositories and clear them all (in my one none of them have been identified).
  • Replace the package management from YUM to DNF by below steps.
  • Create the cache for DNF repositories.
  • Upgrade all the packages to it’s latest version. (My one, it marked as none)
  • Upgrade the Yum repositories from centOS 7 to centOS 8 by using the following step.
  • Upgrade the EPEL repositories for 7 to 8
  • Remove the old Kernels in the system.
  • Begin the system upgrade process

There are some errors identified in the upgrade process. Some of the old packages have a conflict with the new ones. We have to remove them one-by-one, before re-run the upgrade process.

  • And, then run the system upgrade command as below. It will install all the necessary packages.
  • Now install the centos 8 kernel core packages
  • Install Minimal and Core package groups on the server.
  • Install the new kernel as follows:
  • Install the GCC( GNU Compiler Collection) packages
  • This change causes extra information to be stored in binary files compiled by gcc.
  • Config-manager can install as below, how ever, it is already installed with “yum-utils” and updated.

Enabled the following repositories as showed on below. (Certain repositories are optional)

  • Finally, update the system and reboot.
  • Now you can verify the update as below.

References

  1. Ahmer Mansoor, January 18, 2020

How to upgrade CentOS 7 to CentOS 8 Server

  1. James Kiarie, November 11, 2019

How to Upgrade CentOS 7 to CentOS 8

Squirrelmail Configuration on Postfix

Leave a reply

First, install and configure the postfix server (which is in the article published on 19 May 2020). Then download SquirrelMail by going to http://rpmfind.net and search for squirrel mail rpm packages. Alternatively, go to my GitHub link and download the rpm plus the dependencies (using git).

Method 1 (for download)

[root@mailserver ~]# dnf install wget http://rpmfind.net/linux/fedora/linux/releases/32/Everything/x86_64/os/Packages/s/squirrelmail-1.4.23-3.fc32.20190710.noarch.rpm

Method 2 (for download)

You can also download squirrelmail with it’s dependencies by using following Github link:

https://github.com/ade9alwis/squirrelMail.git

  • Check that the http service is enabled and running.
  • Add the following configuration to end of the “/etc/httpd/conf/httpd.conf” file.

#Alias /webmail /usr/share/squirrelmail

<Directory /usr/share/squirrelmail>

Options Indexes FollowSymLinks

RewriteEngine on

AllowOverride All

DirectoryIndex index.php

Order allow,deny

Allow from all

</Directory>

  • Verify the configuration as following.
  • Squirrelmail configuration

Change the directory as follows and run the script “conf.pl”.

Then, you will see the configurations menu. Be sure to search through the different options and familiarise with them.

Now let’s configuration the organization name. Select Option 1 and enter the name: “example.com”.

Then press S to save and R to return to the main menu.

Let’s configure the Server Settings. Go to option 2, and then under that, option 1. Change option 1 from localhost to blank and Save(S) and return(R).

To configure the Server Settings, go to option 2 and under that, option 2 again – SMTP protocol rather than Sendmail, and then Save(s) and Quit(Q).

Restart the sever to activate the SELinux configuration and check that all of the below services are up and running.

  • Postfix
  • Dovecot
  • Httpd

Finally, we can access webmail by entering its IP address or domain name (Adjust the host file) as below.

http://10.111.125.110/webmail or http://example.com/webmail

Now let’s send mail from Tom to Jerry.

Configure Postfix on CentOS 8

Leave a reply

Originally developed by IBM, Postfix is a one of the popular mail servers that’s still used in the market.

Step 1

  • Firstly, we’ll have to disable SELinux and adjust the firewall.

Step 2

Update the machine and install the following packages (postfix, telnet, mailx, devecot) as shown.

Step 3

Do the following configurations as I have mentioned below the hostname, domain and “/etc/hosts” files.

Configure the host file with your IP and FQDN, and make sure entry is working by pinging your FQDN.

Step 4

Configure the following config files as below.

#vi /etc/postfix/main.cf

  • Uncomment lines 94, 102 and 117 respectively and make the necessary configurations.
  • Check that lines 132 and 138 are unchecked. Uncheck them if this isn’t the case.
  • In here, comment line 183 and uncomment line 184 as seen below.
  • Now adjust the network setting according to your system (like the setup here).
  • Make sure to unchecked line 438 as below.

Step 5

Add two users to verify the configurations and start or restart Postfix.

Step 6

Let’s send a message from “tom” to the user john via telnet as below.

Check that john has received the message by using the “cat” command as follows.

Step 7

Do the below configurations.

  • Go “ /etc/dovecot/dovecot.conf “ and uncomment line number 24 as follows:

vi /etc/dovecot/dovecot.conf

  • After that, configure the “/etc/dovecot/conf.d/10-mail.conf “ file line 24 as mentioned.

vi /etc/dovecot/conf.d/10-mail.conf

  • Next configure lines 10 and 100 of the file“/etc/dovecot/conf.d/10-auth.conf”.
  • Finally, configure lines 91 and 92 of the “ /etc/dovecot/conf.d/10-master.conf” file. (uncomment both and the assigned user and group themas postfix)

Step 8

  • Make sure dovecot service is running and enable. Check that the mail is being received.

In this stage, we can see clearly Tom’s message being delivered to John. The mail receiving protocols should be functioning too.