Configuring Samba

1. #yum install samba
2. #service smb restart
3. #chkconfig smb on
4. #vim /etc/samba/smb.conf
1. Line 57 Ensure foll. is there --->  [global]
2. Line 74 Put appropriate group name as required. default is workgroup = MYGROUP
1. eg. workgroup = REDHAT
3. Last Line : Copy last 7 lines and paste it below that, fill/replace  as per question.
1. eg share name=song, path=/mp3
1. [song]
2. comment=my collection
3. path=/mp3
4. public=yes
5. writable=yes
6. printable=no
7. write list=+staff   ---->group name
2. Then add following so that people can browse it
1. browseable=yes
5. #service smb restart
6. #mkdir /mp3
7. Then run following on the client side to verify which share name is available against given IP/hostname
1. #smbclient -L <IP address>
8. Check the context of the file to be shared
1. #ls -ldZ /mp3 ----> default context is default_t
9. Change context of the file to be shared
1. #chcon -t samba_share_t /mp3
10. We can verify it
1. in the file /etc/samba/smb.conf       ---> Line 40
2. #smbclient //localhost/song -U       ---> U is for anonymous user
11. If not sharing with public user [#vim /etc/samba/smb.conf]
1. Remove, public=yes
2. Or put, public=no
1. valid user = u1,  u2,  u3
2. host allow = 192.168.0.
3. save & quit
12. Now create samba user
1. #useradd -s /sbin/nologin u1
2. #useradd -s /sbin/nologin u2
3. #useradd -s /sbin/nologin u3
13. Assign samba password to user u1, u2, u3
1. #smbpasswd -a u1
2. #smbpasswd -a u2
3. #smbpasswd -a u3
14. #service smb restart
15. #smbclient -L localhost
16. #smbclient //localhost/song -U u1
17. Verification
1. Now mount it (o=lowercase alphabet o)
2. #mount -t cifs -o user=u1 localhost:/ /mnt         ----> It will ask password for user u1
3. #mount -t cifs -o user=u1%123 localhost:/song /mnt      ----> Password for user u1 is mentioned as 123
18. #df -h

Configuring SMTP (POSTFIX)

1. #yum install postfix
2. #service postfix restart
3. #chkconfig postfix on
4. #vim /etc/postfix/main.cf
1. Line 83 --> Uncomment & put domain name
1. mydomain=example.com
2. Line 99 --> Uncomment & put domain name
1. myorigin=example.com
3. Line 113 --> Uncomment
1. inet_interfaces=all
4. Line 116 --> Comment it
1. #inet_interfaces=localhost
5. Line 164 --> Comment it
1. #mydestination=$myhostname,localhost,$mydomain,localhost
6. Line 165 --> Uncomment
1. mydestination=$myhostname,localhost.$mydomain,localhost,$mydomain
5. #service postfix restart
6. Forward the mail from hr@example.com to employee@example.com
7. #vim /etc/postfix/virtual  
1. Go to last line (shift+g) and append following:
2. hr@example.com     employee@example.com
8. Copy Line 158-159 of /etc/postfix/virtual & Paste in the end of /etc/postfix/virtual and Uncomment it
9. #vim /etc/postfix/virtual
10. #postmap /etc/postfix/main.cf
11. Create alias for hr for employee, like any mail coming to hr@example.com should be delivered to employee@example.com as well
12. #vim /etc/aliases
1. Go to last line, append following
2. hr :     employee

Configuring FTP (Download/Upload)

1. Anonymous Download
1. #yum install vsftpd
2. #service vsftpd restart
3. #chkconfig vsftpd on
2. Local User Download
1. #getsebool -a | grep ftp
2. #setsebool -P ftp_home_dir on
3. #yum install ftp
4. #ftp localhost/<IP>
3. Upload
1. #vim /etc/vsftpd/vsftpd.conf
1. Line 27, --> Uncomment
2. anon_upload_enable=yes
2. #mkdir /var/ftp/upload
3. #chmod g+w /var/ftp/upload
4. #chgrp ftp /var/ftp/upload
5. Check the content,
1. #ls -ldZ /var/ftp/upload      ---> public_content_t
6. Change the content
1. #chcon -t public_content_rw_t /var/ftp/upload
7. Change the boolean
1. #getsebool -a | grep ftp
2. #setsebool -P allow_ftpd_anon_write on
8. #service vsftpd restart
4. Verification
5. #cd /root
6. #ftp localhost/<IP>
7. #ls ---> pub & upload
8. #cd upload
9. #mput install.log
10. Iptable Rules
1. Clients outside example.com should not have access to your FTP service (IP & subnet will be given)
1. #iptables -I INPUT ! -s example.com -p tcp --dport 21 -j REJECT

Export a directory via NFS

1. Create a directory eg. /comon
1. #mkdir /common
2. Install package
1. #yum install nfs-utils
3. Change Mode(chmod) of the directory
1. #chmod 777 /common
4. Make entry in the /etc/exports file
1. #vim /etc/exports
1. (r,w) access only to 192.168.0.1 Network
1. /common         192.168.0.1/255.255.255.0(rw,sync)
2. (r) access to all
1. /common         *(ro,sync)
3. give access to root on host 192.168.0.25
1. /common          192.168.0.25(rw,no_root_sqash,sync)
4. NFS to example.com domain only
1. /common          *.example.com(rw,sync)
5. Save & quit
6. Restart nfs
1. #service nfs restart
7. #chkconfig nfs on
8. To verify,
1. Virtual M/c   #showmount -e localhost

Configuring SSH

1: Search if the package is laready installed.
     #rpm -qa | grep ssh

2:   #yum search ssh
3:   #yum install openssh-server
4:  Make sure you flush iptables before setting any new iptables rule
5: Don't flush your iptables in the middle/end else all your set iptables
    #iptables -F
    #service iptables save
    #service iptables restart

Setting IPTABLE Rules

6: Clients within remote.test should not have SSH access to your system

  #iptables -I INPUT -s <remote.test n/w address> -p tcp --dport 22 j REJECT

7: Only 192.168.0.1/255.255.255.0 should have SSH access

  #iptables -I INPUT ! -s 192.168.0.1/255.255.255.0 -p tcp --dport 22 -j REJECT

8: 192.168.0.1/255.255.255.0 should have SSH access

  #iptables -I INPUT -s 192.168.0.1/255.255.255.0 -p tcp --dport 22 -j ACCEPT

Automounting of iso file/CD-ROM

1: Download the .iso file
        #wget <file_name>
2: Mount Point should be given
3: Make /etc/fstab entry

  #vim /etc/fstab
   /root/image.iso        /mnt       iso9660         loop,ro        0 0

4: save & quit
5:    #mount -a

Configuring SELinux

#vim /etc/sysconfig/selinux

Ensure selinux is in enforcing mode.