이 블로그 검색

목요일, 8월 26, 2010

Samba Configuration and SELinux

Install
#yum -y install samba

Configuration
/etc/samba/smb.conf
/etc/samba/smbusers

I found I can't connect to samba server from Windows. Why?
- Because of SELinux

SELinux configures to prevent from changing home directory by default.
#setsebool -P samba_enable_home_dirs 1   //True on 1, False on 0
#setsebool -P use_samba_home_dirs 1 // for remote samba server

Still doesn't work.
To check SELinux status,
#sestatus
To change the policy,
#set enforce 0 //disable. 1 for enabling
To set SELinux permenantly,
#vi /etc/selinux/conf

To check syntax of smb.conf,
#testparm

Still doesn't work. Why?
I found the solution!!
That's because I missed to make an eligible samba user account.
#smbpasswd -a jimmy

Tip!) for Homes directory access,
   need to disable 'valid users = %s' line.

금요일, 8월 20, 2010

MUST KNOW about IPTABLES

What is IPTABLES?
- Linux Firewall service

How to start it?
- #service iptables start

3 important factors (tables) : Filter, NAT, Mangle (filter is default unless you choose others)

3 important factors (filter chains) : INPUT, OUTPUT, FORWARD

Default iptable configuration in Fedora Linux : (simply attach 'iptables' before respective lines below.)

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
The line order is very important because iptables module processes line by line.
If the packet in the process droped in the middle of those lines, the process stops right there.

To save the firewall status,
#iptables-save > firewall.bak

To restore the firewall status,
#iptables-restore < firewall.bak


수요일, 8월 18, 2010

Linux System Configuration

Hardware Specification :
CPU - AMD Athlon 64 processor 3800+ 2.4GHz
RAM - 2.00 GB

VMware Workstation Environment (using VMware 7.0)

Installed 2 Fedora 13 Linux without X window within NAT configuration
1. head.taesun.com
ip : 10.0.0.10
2. work.taesun.com
ip : 10.0.0.20

Goal :
1. iptables configuration to set up the security
2. deploy Apache Web server
3. Log Server Configuration