mirror of
https://github.com/IntenseWebs/servercode.git
synced 2024-07-07 04:43:00 -05:00
Update SSH, Firewall & FreeIPA
This commit is contained in:
parent
01a9fc6592
commit
8902985689
|
@ -101,3 +101,4 @@ Running ssh-agent OpenSSH Authentication Agent
|
|||
ssh-add -l
|
||||
ssh-add -L
|
||||
|
||||
Could be multiple things; here are just a couple. 1. If you were using authorized_keys, were they copied to new user on Rocky? 2. Is sshd enabled on Rocky? systemctl status sshd 3. Firewall opened on Rocky? firewall-cmd --add-service=ssh --permanent 4. Permissions need reset on .ssh & authorized_keys; happens a lot more than you may realize. 5. Hopefully not root ssh login? Check /etc/ssh/sshd_config PasswordAuthentication PermitRootLogin Values
|
||||
|
|
|
@ -32,3 +32,5 @@ firewall-cmd --zone=internal --add-source=192.168.1.0/24
|
|||
firewall-cmd --zone=public --remove-service=ssh
|
||||
firewall-cmd --zone=public --remove-service=dhcpv6-client
|
||||
firewall-cmd --runtime-to-permanent
|
||||
firewall-cmd --add-service=cockpit --permanent
|
||||
firewall-cmd --reload
|
||||
|
|
19
freeipa.md
19
freeipa.md
|
@ -1,39 +1,46 @@
|
|||
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/index
|
||||
https://youtu.be/xzfHRJNjqDI
|
||||
https://www.freeipa.org/page/Howto/ISC_DHCPd_and_Dynamic_DNS_update
|
||||
# FreeIPA requires over 2Gb+ in /usr - Change to root, Check DNS
|
||||
systemd-resolve --status enp1s0
|
||||
firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps
|
||||
firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps --permanent
|
||||
dnf install freeipa-server freeipa-server-dns nfs-utils
|
||||
ipa-server-install --mkhomedir
|
||||
|
||||
Setup complete
|
||||
|
||||
Next steps:
|
||||
Setup complete: Next steps:
|
||||
1. You must make sure these network ports are open:
|
||||
TCP Ports:
|
||||
* 80, 443: HTTP/HTTPS
|
||||
* 389, 636: LDAP/LDAPS
|
||||
* 88, 464: kerberos
|
||||
* 53: bind
|
||||
* 7389: Dogtag Certificate System - LDAP
|
||||
UDP Ports:
|
||||
* 88, 464: kerberos
|
||||
* 53: bind
|
||||
* 123: ntp
|
||||
|
||||
2. You can now obtain a kerberos ticket using the command: 'kinit admin'
|
||||
This ticket will allow you to use the IPA tools (e.g., ipa user-add)
|
||||
and the web user interface.
|
||||
|
||||
Be sure to back up the CA certificates stored in /root/cacert.p12
|
||||
These files are required to create replicas. The password for these
|
||||
files is the Directory Manager password
|
||||
The ipa-server-install command was successful
|
||||
|
||||
#REBOOT
|
||||
reboot
|
||||
fips-mode-setup --enable
|
||||
reboot
|
||||
fips-mode-setup --check
|
||||
update-crypto-policies --show
|
||||
|
||||
kinit admin
|
||||
klist
|
||||
|
||||
# REPLICA - Server A can be installed with a CA and DNS services, while Replica A can be based on Server A's configuration but not host either DNS or CA services. Replica B can be added to the domain, also without CA or DNS services. At any time in the future, a CA or DNS service can be created and configured on Replica A or Replica B.
|
||||
|
||||
__________________________________________________________
|
||||
|
||||
# Setup for client:
|
||||
sudo yum -y install freeipa-client ipa-admintools
|
||||
firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps
|
||||
|
|
5
misc.txt
5
misc.txt
|
@ -53,7 +53,10 @@ sudo alsactl init
|
|||
pacmd list-cards
|
||||
sudo pacmd list-cards
|
||||
sudo apt-get install alsa-tools-gui
|
||||
|
||||
---------------------------------------------
|
||||
sudo dnf install akmod-nvidia
|
||||
sudo dnf install xorg-x11-drv-nvidia-cuda
|
||||
---------------------------------------------
|
||||
source /etc/profile.d/bash_completion.sh
|
||||
|
||||
cat >> ~/.inputrc <<'EOF'
|
||||
|
|
Loading…
Reference in New Issue
Block a user