getenforcecommand. This command without any options or arguments will simply print a current status SELinux operational mode.
# getenforce Permissive
Furthermore, the current status of SELinux operational mode can be set permanently or temporarily. The above
getenforce command only show current status however to see whether the status was set temporarily by
setenforce or by SELinux configuration file
cat /etc/selinux/config the
sestatus command should be used.
# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 29Read more...
setenforceor directly by editing SELinux configuration file.
disabled operational mode does not enforce any security rules or policies as it is simply disable and security checks are done only by traditional Discretionary Access Controls.
Permissive mode allows for testing new deployments as in effect it simply behaves like
disabled operational mode, however it logs any potentially denied access to a relevant log files thus allowing further testing and troubleshooting before the operational mode is switched to
enforcing. Lastly, the
enforcing mode all security policy rules a enforced. To change SELinux operaitonal mode from enforcing to permissive and vice versa use
setenforce command. Check current operational mode status:
# getenforce PermissiveRead more...
There may be a time that you wish to clear a Memory on your server. Normally you do not want to fiddle with it so do it only you are sure that it is necessary and that it would not affect your server's performance. For this we can use sysctl command which allows linux admins to configure kernel parameters at runtime.
This command will clear pagecache:
To clear dentries and inodes you can use:
To free memory of the all above use a following command:
What the above commands will do is that they will sync your memory and edit a following file with appropriate number entry. :
Do not edit this file directly !Read more...
At this point, we can say that using telnet as a means of accessing servers is effectively dead. It took awhile, but the security concerns associated with it were finally elevated to the point where everyone finally made the choice to move to SSH. Why did we stop there? SSH provides one of the most secure methods of accessing a system and its services that is available anywhere. In addition, as you will see in this article, it can be used to access services that are traditionally not secure and should really never be used without it. Let’s dive in.
If you have not installed wireless firmware to support your wireless network card during Debian wheezy installation you can do so later by enabling debian's non-free repository. Here is how you do it. First open your /etc/apt/sources.list file and change line ( your repository mirror may be different ):
deb http://http.debian.net/debian/ wheezy main
deb http://http.debian.net/debian/ wheezy main non-free
Once done update packages list with a command:
# apt-get updateRead more...
Debian by default comes with Iceweasel web browser instead of firefox. Although it is recommended to use Iceweasel you may have a need to install firefox are here is a simple way how to install firefox on Debian wheezy by using Linux mint's debian import repository. First edit your /etc/apt/sources.list file and add the following line:
deb http://packages.linuxmint.com debian import
Update your package list:
# apt-get update
The above command will fetch mint package repository list. As a last step install firefox browser:Read more...
We all ‘know’ what an IP address is and what it’s significance in the age of the internet is. What remains a mystery to a large number of people however (surprisingly even those in the technology industry) is exactly what an IP address is, in detail, and what the component parts represent and the significance of each. Today, we are going to define those components and talk a bit about each in an effort to make things a bit clearer as well as prepare you for the eventual (and inevitable) move to IPv6 (the subject of a series of later articles).
Some integrated devices have less than stellar support and even the proprietary binary graphics drivers have left something to be desired. Worse, modern laptops that contain the ‘Optimus’ technology (multiple GPU configurations – NVidia and Intel) either had to be used in one mode or the other (one or the other X Server, but not both). Enter the ‘bumblebee’ project. This project allows you to compile support onto your system to allow you to designate certain applications to use the discrete driver (NVidia) for better video/game performance but did not address the ability to use both video cards for desktop display of multiple monitors. Today, we will address that shortcoming.
In this configuration tutorial we will guide you through the process of configuring sendmail to be an email relay for your gmail or google apps account. This allows you to send email from your bash scripts, hosted website or from command line using mail command. Other examples where you can utilize this setting is for a notification purposes such or failed backups etc. Sendmail is just one of many utilities which can be configured to rely on gmail account where the others include postfix, exim , ssmpt etc. In this tutorial we will use Debian and sendmail for this task.
# apt-get install sendmail mailutils sendmail-bin
# mkdir -m 700 /etc/mail/authinfo/ # cd /etc/mail/authinfo/
next we need to create an auth file with a following content. File can have any name, in this example the name is gmail-auth:Read more...
Most of the time as a system administrator you are managing your servers over the network. It is very rare that you will need to have a physical access to any of your managed servers. In most cases all you need is to SSH remotely to do your administration task. In this article we will configure a GUI alternative to a remote access to your RHEL server, which is VNC. VNC allows you to open a remote GUI session to your server and thus providing you with a full graphical interface accessible from any remote location.