wtorek, 13 stycznia 2015

LXDE as default desktop

I'm using fedora 20, and I like very light desktop managers. One of my favorite is LXDE.
If you didn't install LXDE spin you have to install this desktop by yourself.

# yum install @lxde-desktop

// setup default display manager

# cd /etc/systemd/system;
# unlink display-manager.service
# ln -s /usr/lib/systemd/system/lxdm.service display-manager.service

// is someone don't like to write password
# vim /etc/lxdm/lxdm.conf

// uncomment and change line
autologin=username

// reboot and enjoy!

Devilspie replacement, xdotool!

Sometimes we need to do something with windows or mouse on Linux by command line (for example for systems like ads display, move the cursor from center of screen) Devilspie is nice tool to do it, but there is another one: xdotool - nice to know!

// install app
yum -y install xdotool

// read some docs
http://www.semicomplete.com/projects/xdotool/xdotool.xhtml#mouse_commands

// hide cursor
xdotool mousemove 2000 2000

poniedziałek, 8 grudnia 2014

Understanding puppet part 1

First two youtube movies - and I know much more...


"don't automate your automation" :)


poniedziałek, 17 listopada 2014

RHCSE - firewall

Short reference to firewalld:

Disable firewalld and install iptables service:

systemctl disable firewalld
yum install iptables-services
systemctl start iptables
systemctl start ip6tables
systemctl enable iptables
systemctl enable ip6tables

Reverse - use firewalld instead of iptables:

systemctl disable iptables
systemctl enable firewalld
systemctl start firewalld

Working with firewall-cmd:

firewall-cmd  --list-all-zones  (to list all avaliable zones) or firewall-cms --get-zones

Zones list with description (https://fedoraproject.org/wiki/FirewallD#Dynamic_firewall_with_FirewallD)
drop - Any incoming network packets are dropped, there is no reply. Only outgoing network connections are possible.
block - Any incoming network connections are rejected with an icmp-host-prohibited message for IPv4 and icmp6-adm-prohibited for IPv6. Only network connections initiated within this system are possible.
public - For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
external - For use on external networks with masquerading enabled especially for routers. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
dmz - For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted.
work - For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
home - For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
internal - For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.
trusted - All network connections are accepted.

firewall-cmd --get-services (to list all avaliable services)

Managment of zone / interface:

 firewall-cmd --get-zone-of-interface=p3p1 (get zone assigned to p3p1 interface - old eht0 in my environment)
 firewall-cmd [--zone=] --add-interface=
 firewall-cmd [--zone=] --change-interface=
 firewall-cmd [--zone=] --remove-interface=
 firewall-cmd [--zone=] --query-interface=

Panic mode:

firewall-cmd --panic-on
firewall-cmd --panic-ooff

Zone / service management:

If no zone is specified default zone is used  (firewall-cmd --get-default-zone)
firewall-cmd [--zone=] --add-service=

To delete --remove-service and to query --query-service

If there is no service and you have to open specified port just use:
--add-port --remove-port --query-port

For router:

firewall-cmd [--zone=] --add-masquerade / --remove-masquerade / --query-masquerade

How to make changes pernament:

All changes made by firewall-cmd work with no need of restart of firewall service, but are not pernament by default. If you need save them use --pernamet parameter of firewall-cmd.

Configuration files:

Current configuration files of zonez are kept in: /etc/firewalld/zones, but default settings in /usr/lib/firewalld



piątek, 5 kwietnia 2013

Great article - dns for local network

Quite simple but this solution should help many times

http://www.madboa.com/geek/soho-bind/

Checking files with .sign keys

Question: how to verify file with .sign key (for example updates downloaded from dell sites)
- first you have to generate your own certificate with gpg: gpg --gen-key
- download file and its .sign key (ex: file and sign)
- import public key gpg --import linux-security-publickey.txt
- sign public key: gpg --edit-key linux-security@dell.com then fpr (for check fingerprint) and (sign for signature check)
- check file with gpg command:
 gpg --verify PER210_BMC_FRMW_LX_R278576.BIN.sign PER210_BMC_FRMW_LX_R278576.BIN

Result in Polish:
gpg: Podpisano w pon, 16 sie 2010, 13:41:21 CEST kluczem DSA o numerze 23B66A9D
gpg: Poprawny podpis złożony przez ,,Dell, Inc. (Product Group) ''

niedziela, 20 listopada 2011