Add/view/delete an entry to iptables to enable Apache/VNCServer/FTP, etc.

The default CentOS 5.6 firewall configuration does not allow Apache httpd traffic on port 80.  In order to open the port for utilization, a change must be made to the firewall configuration.

iptables -I INPUT -p tcp -m tcp ––dport 80 -j ACCEPT

To open a hole for VNCServer (running on display 20):

iptables -I INPUT -p tcp -m tcp ––dport 5920 -j ACCEPT

To open a hole for VNCServer (running on display 20) web base interface:

iptables -I INPUT -p tcp -m tcp ––dport 5820 -j ACCEPT

To display the openings you’ve created in your firewall:

iptables -L INPUT -n ––line-numbers

To remove a line entry from your iptables file (for example, entry #3):

iptables -D INPUT 3

Notes:

There are two dashes in front of parameters such as “––line-numbers” and “––dport.”

The iptables service must be saved, and restarted before changes take effect.

service iptables save

service iptables restart

Advertisements

manually add new user to Red Hat/Fedora/CentOS

To manually add a new user to a  Red Hat/Fedora/CentOS intall which is utilizing shadow passwords:

As root

  • cp /etc/passwd /etc/passwd.bak (make a back-up copy of your password file)
  • cp /etc/shadow /etc/shadow.bak (make a back-up copy of your shadow password file)
  • cp /etc/group /etc/group.bak (make a back-up copy of your group file)
  • vipw  (to open passwd file in vi)
  • <shift> g  (to get to end of file)
  • a (append at end of cursor)
  • user01:x:501:501:User 01:/home/user01:/bin/bash  (add the new user)
  • :wq  (write file and quit vi)
  • A prompt will indicate that you are using shadow passwords, and do you want to edit the /etc/shadow now.  Answer: n
  • vi /etc/group  (to open group file in vi)
  • <shift> g  (to get to end of file)
  • a (append at end of cursor)
  • user01:x:501:user01 <enter>
  • admins:x:502:user01 (create a new group called admins and put user01 into it)
  • :wq  (write file and quit vi)
  • pwconv  (add the new entry from your passwd file into shadow password file)
  • passwd user01  (set the new user password)
  • (prompted twice for new user password)
  • mkdir /home/user01
  • cp /etc/skel/.* /home/user01 (copy all files from skel to new user home directory)
  • cp -r /etc/skel/.kde /home/user01
  • cp -r /etc/skel/.mozilla /home/user01
  • chown -R user01:user01 /home/user01  (Change the owner of user01 home directory to user01)
  • visudo -f /etc/sudoers
  • After root   ALL=(ALL)    ALL add new line and:  %admins   ALL=(ALL)    NOPASSWD: ALL  (this allows members of admins group to sudo as root, without a password.)

reset root password on Red Hat/Fedora/CentOS

Okay, so you’ve screwed the pooch and need to reset the password for root on your Red Hat/Fedora/CentOS installation.  Assuming that it is a default installation, without hardening, this can be done fairly easily.

This assumes you have GRUB installed.

  1. When the GRUB login screen comes up, hit “e” to edit.
  2. Move the cursor down to the kernel line and hit “e” again.
  3. At the end of the kernel line, add a space and the word “single.”  This will force the reboot into single user mode.  Continue booting the server.  You will automagically be logged in as root.
  4. Run the passwd command to reset root’s password.
  5. Reboot as normal.

enable windows manager in linux vncserver

Modify your ~/.vnc/xstartup file to

The default file looks like this:

#!/bin/sh

# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc

Uncomment the “unset SESSION MANAGER” and “exec /etc/X11/xinit/xinitrc” line.  This will start run your default window manager when vnc starts.  Gnome is a lot prettier than the cruddy default gray vnc display with xterm.

Edit sudoers file in Redhat/Fedora/CentOS

To allow certain users to act as root (su -, or sudo), you must add them to the sudoers file (/etc/sudoers).

The sudoers file must be edited using the visudo command.  See the sudo webpage.

As root:

visudo -f /etc/sudoers

Edit the file to add the correct permissions.  In this case, give members of the group “adm” permission to do just about everything.

%adm     ALL=(ALL)     NOPASSWD: ALL

Save the changes using “:wq”