I'm using fedora 20, and I like very light desktop managers. One of my favorite is LXDE.
If you didn't install LXDE spin you have to install this desktop by yourself.
# yum install @lxde-desktop
// setup default display manager
# cd /etc/systemd/system;
# unlink display-manager.service
# ln -s /usr/lib/systemd/system/lxdm.service display-manager.service
// is someone don't like to write password
# vim /etc/lxdm/lxdm.conf
// uncomment and change line
autologin=username
// reboot and enjoy!
wtorek, 13 stycznia 2015
Devilspie replacement, xdotool!
Sometimes we need to do something with windows or mouse on Linux by command line (for example for systems like ads display, move the cursor from center of screen)
Devilspie is nice tool to do it, but there is another one: xdotool - nice to know!
// install app
yum -y install xdotool
// read some docs
http://www.semicomplete.com/projects/xdotool/xdotool.xhtml#mouse_commands
// hide cursor
xdotool mousemove 2000 2000
// install app
yum -y install xdotool
// read some docs
http://www.semicomplete.com/projects/xdotool/xdotool.xhtml#mouse_commands
// hide cursor
xdotool mousemove 2000 2000
poniedziałek, 8 grudnia 2014
Understanding puppet part 1
First two youtube movies - and I know much more...
"don't automate your automation" :)
"don't automate your automation" :)
poniedziałek, 17 listopada 2014
RHCSE - firewall
Short reference to firewalld:
yum install iptables-services
systemctl start iptables
systemctl start ip6tables
systemctl enable iptables
systemctl enable ip6tables
systemctl enable firewalld
systemctl start firewalld
Zones list with description (https://fedoraproject.org/wiki/FirewallD#Dynamic_firewall_with_FirewallD)
drop - Any incoming network packets are dropped, there is no reply. Only outgoing network connections are possible.
block - Any incoming network connections are rejected with an icmp-host-prohibited message for IPv4 and icmp6-adm-prohibited for IPv6. Only network connections initiated within this system are possible.
public - For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
external - For use on external networks with masquerading enabled especially for routers. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
dmz - For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted.
work - For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
home - For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
internal - For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.
trusted - All network connections are accepted.
firewall-cmd --get-services (to list all avaliable services)
firewall-cmd [--zone=] --add-interface=
firewall-cmd [--zone=] --change-interface=
firewall-cmd [--zone=] --remove-interface=
firewall-cmd [--zone=] --query-interface=
firewall-cmd --panic-ooff
firewall-cmd [--zone=] --add-service=
To delete --remove-service and to query --query-service
If there is no service and you have to open specified port just use:
--add-port --remove-port --query-port
Disable firewalld and install iptables service:
systemctl disable firewalldyum install iptables-services
systemctl start iptables
systemctl start ip6tables
systemctl enable iptables
systemctl enable ip6tables
Reverse - use firewalld instead of iptables:
systemctl disable iptablessystemctl enable firewalld
systemctl start firewalld
Working with firewall-cmd:
firewall-cmd --list-all-zones (to list all avaliable zones) or firewall-cms --get-zonesZones list with description (https://fedoraproject.org/wiki/FirewallD#Dynamic_firewall_with_FirewallD)
drop - Any incoming network packets are dropped, there is no reply. Only outgoing network connections are possible.
block - Any incoming network connections are rejected with an icmp-host-prohibited message for IPv4 and icmp6-adm-prohibited for IPv6. Only network connections initiated within this system are possible.
public - For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
external - For use on external networks with masquerading enabled especially for routers. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
dmz - For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted.
work - For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
home - For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
internal - For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.
trusted - All network connections are accepted.
firewall-cmd --get-services (to list all avaliable services)
Managment of zone / interface:
firewall-cmd --get-zone-of-interface=p3p1 (get zone assigned to p3p1 interface - old eht0 in my environment)firewall-cmd [--zone=
firewall-cmd [--zone=
firewall-cmd [--zone=
firewall-cmd [--zone=
Panic mode:
firewall-cmd --panic-onfirewall-cmd --panic-ooff
Zone / service management:
If no zone is specified default zone is used (firewall-cmd --get-default-zone)firewall-cmd [--zone=
To delete --remove-service and to query --query-service
If there is no service and you have to open specified port just use:
--add-port --remove-port --query-port
For router:
firewall-cmd [--zone=] --add-masquerade / --remove-masquerade / --query-masquerade
All changes made by firewall-cmd work with no need of restart of firewall service, but are not pernament by default. If you need save them use --pernamet parameter of firewall-cmd.
How to make changes pernament:
All changes made by firewall-cmd work with no need of restart of firewall service, but are not pernament by default. If you need save them use --pernamet parameter of firewall-cmd.Configuration files:
Current configuration files of zonez are kept in: /etc/firewalld/zones, but default settings in /usr/lib/firewalldpiątek, 5 kwietnia 2013
Checking files with .sign keys
Question: how to verify file with .sign key (for example updates downloaded from dell sites)
- first you have to generate your own certificate with gpg: gpg --gen-key
- download public key (ex: http://lists.us.dell.com/linux-security-publickey.txt)
- import public key gpg --import linux-security-publickey.txt
- sign public key: gpg --edit-key linux-security@dell.com then fpr (for check fingerprint) and (sign for signature check)
- check file with gpg command:
gpg --verify PER210_BMC_FRMW_LX_R278576.BIN.sign PER210_BMC_FRMW_LX_R278576.BIN
Result in Polish:
gpg: Podpisano w pon, 16 sie 2010, 13:41:21 CEST kluczem DSA o numerze 23B66A9D
gpg: Poprawny podpis złożony przez ,,Dell, Inc. (Product Group) ''
niedziela, 20 listopada 2011
Subskrybuj:
Posty (Atom)