Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- systemeinstellungen_bei_centos_7 [2018/09/28 23:44]
jochen [Postfix]
+++ systemeinstellungen_bei_centos_7 [2022/04/25 20:28] (aktuell)
@@ Zeile 8: / Zeile 8: @@
 ==== zusätzliche Pakete ====
+  * acpid
   * bash-completion
-  * vim
-  * rsync
   * epel-release
+  * rsync
+  * vim
   * wget
   * xinetd
@@ Zeile 33: / Zeile 34: @@
 </code>
+==== Useranlage ====
+<code>
+[root@virtserv]# useradd -u 1010 -m backuppc
+[root@virtserv]# su - backuppc
+[backuppc@virtserv ~]$ scheffe@backuppc4
+The authenticity of host 'backuppc4 (192.168.13.41)' can't be established.
+ECDSA key fingerprint is SHA256:kbl36qOtGqCKzFTf9shprve4bw3LemJCfGTfY9Iy/R4.
+ECDSA key fingerprint is MD5:a5:32:de:b1:72:4c:c2:c6:f3:68:15:95:ce:0f:57:1d.
+Are you sure you want to continue connecting (yes/no)? no
+Host key verification failed.
+[backuppc@virtserv ~]$ cd .ssh/
+[backuppc@virtserv .ssh]$ vi authorized_keys
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArYzOt9RYxEvLeZ2s1pr94f1AaS6ebhol3fi+oZasUBIJezVK29dX6t+i+U0cejxr+mR8wCHfQHB02iOyxQ6fk0jn119UuViqFwSVpTIpQRl61MoZFnpThbwHihPsmggHATnuGn7V0F5ZN/9szh2OZDuqnP3rS7e7kr/wqgwNqcoBTSZSCv88WPR8k4sdNdqWS9WruEUVIwtMbwz/NH0OVpOYvDWi4LzLVhc9rTLTU1ShfpEQDbrv5Lhfcl273eHpXdF1eH3SlqhJbciRuFR9sL6pUsSXFUncuGQOK8xBx9nt4D5qEuPX2Lhf/3MXcgld1CeafaXJK5N47cTLc7BFgw== backuppc@backup.lan.klotzbuecher.biz
+[backuppc@virtserv .ssh]$ chmod 600 authorized_keys
+</code>
 ==== SSH ====
+in /etc/ssh/sshd_config
+<code>
+# no default banner path
+#Banner none
+</code>
+auf folgendes ändern:
+<code>
+# no default banner path
+Banner /etc/issue.net
+</code>
+In /etc/issue.net geben wir einen Hinweistext aus, der beim Login per SSH erscheint.
+<code>
+[root@server ~]# cat /etc/issue.net
+ ##############################################################################
+ #                                                                            #
+ #                       This is a private home server.                       #
+ #                                                                            #
+ #             Unauthorized access to this system is prohibited !             #
+ #                                                                            #
+ #    This system is actively monitored and all connections may be logged.    #
+ #         By accessing this system, you consent to this monitoring.          #
+ #                                                                            #
+ ##############################################################################
+</code>
 ==== Postfix ====
 folgendes in /etc/postfix/main.cf am Ende hinzufügen. Dadurch kann der Server Mails am Mailserver einwerfen, jedoch keine empfangen.
@@ Zeile 48: / Zeile 91: @@
 </code>
 ==== Sudoers ====
+<code>
+[root@server ~]# visudo -f /etc/sudoers.d/backuppc
+# Allows backuppc to do backups and restores
+# BackupPC 3
+#backuppc  ALL=NOPASSWD: /usr/bin/rsync --server *
+# BackupPC 4
+backuppc  ALL=NOPASSWD: /usr/bin/rsync *
+</code>
 ==== vim ====
 Globale Einstellungen für vim können in der /etc/vim/vimrc durcgeführt werden.
@@ Zeile 55: / Zeile 107: @@
 <code>set background=dark</code>
 ==== Repo ====
+Für die CentOS7-Repos Base, Updates, Extras sowie für das Epel-Repo gibt es einen lokalen Spiegel. Um den lokalen Spiegel nutzen zu können, müssen die repo-Dateien angepaßt werden.
+<code>
+[root@server ~]# more /etc/yum.repos.d/CentOS-Base.repo
+# CentOS-Base.repo
+#
+# The mirror system uses the connecting IP address of the client and the
+# update status of each mirror to pick mirrors that are updated to and
+# geographically close to the client.  You should use this for CentOS updates
+# unless you are manually picking other mirrors.
+#
+# If the mirrorlist= does not work for you, as a fall back you can try the
+# remarked out baseurl= line instead.
+#
+#
+[base]
+name=CentOS-$releasever - Base (local)
+baseurl=http://repo.lan.klotzbuecher.biz/repos/CentOS/7/os/x86_64/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+#released updates
+[updates]
+name=CentOS-$releasever - Updates (local)
+baseurl=http://repo.lan.klotzbuecher.biz/repos/CentOS/7/updates/x86_64/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+#additional packages that may be useful
+[extras]
+name=CentOS-$releasever - Extras (local)
+baseurl=http://repo.lan.klotzbuecher.biz/repos/CentOS/7/extras/x86_64/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+#additional packages that extend functionality of existing packages
+[centosplus]
+name=CentOS-$releasever - Plus
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+</code>
+<code>
+[root@server ~]# more /etc/yum.repos.d/epel.repo
+[epel]
+name=Extra Packages for Enterprise Linux 7 - $basearch
+baseurl=http://repo.lan.klotzbuecher.biz/repos/epel/7/
+enabled=1
+gpgcheck=1
+gpgkey=http://repo.lan.klotzbuecher.biz/repos/epel/RPM-GPG-KEY-EPEL-$releasever
+</code>
+==== Firewall ====
+Port 6556 für Überwachung
+<code>
+[root@virtserv]# firewall-cmd --add-port=6556/tcp
+[root@virtserv]# firewall-cmd --permanent --add-port=6556/tcp
+</code>
+==== xinetd ====
+Zugriff von check_mk beschränken
+==== bashrc ====

jokl

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Unterschiede

Seiten-Werkzeuge