TigerVNC Centos7

yum -y install install tigervnc-server

usermod usuario -a -G wheel

Luego en /rutadelusuario/.vnc/xstartup
Crear el archivo

For Mate

#!/bin/sh
#
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
# exec /etc/X11/xinit/xinitrc
#
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
mate-session &

For XFCE

#!/bin/sh
#
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
# exec /etc/X11/xinit/xinitrc
#
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
xfce4-session &

For Gnome

#!/bin/sh
#
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
# exec /etc/X11/xinit/xinitrc
#
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
gnome-session &

For LXDE

#!/bin/sh
#
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
# exec /etc/X11/xinit/xinitrc
#
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
startlxde &

Levantar el servicio :

como usuario :: su - usuario

vncserver :1
Luego te pedirá password , en caso de asignarlo manualmente :

vncpasswd :1

y a disfrutar :

OJO !!!! ... por la sessión :1 se apertura el puerto 5901 , si quieren la sessión :2 el puerto 5902 , etc

Si quieren el servicio habilitado desde el inicio :

sudo systemctl start vncserver@:1
sudo systemctl enable vncserver@:1

Para habilitar Tunneles si es su necesidad :

ssh -L 5901:127.0.0.1:5901 -N -f -l vncuser 128.199.234.106

Bonus Track :

Si sale este error :
#systemctl start vncserver@:1

Job for vncserver@:4.service failed. See 'systemctl status vncserver@:1.service' and 'journalctl -xn' for details.

And when we check for the error by running systemctl status vncserver@:1.service, we get similar error as shown below.

● vncserver@:1.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2015-06-29 07:47:10 UTC; 1min 14s ago
Process: 1383 ExecStart=/sbin/runuser -l vncuser -c /usr/bin/vncserver %i (code=exited, status=2)
Process: 1379 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)

Solución : borrar el temporal levantado

#rm -rf /tmp/.X11-unix/

Tags: 

Rollback en Centos 7

En alguna oportunidad jugaba con el Kernel en un maquina de producción y al reiniciar .. OHHHH!!! Houston problemas ..

Felizmente Centos posee una forma de recuperación de la situación.

Paso1 :
Bootear con el Kernel Rescue que dispone Centos , este le permitirá carga el 70% del OS ..

Paso 2 :

Yum history (Se almacena todos los cambios que hicimos en nuestro servidor)

Por ejemplo ::

[root@ns ~]# yum history
Complementos cargados:fastestmirror
ID | Linea de comandos | Día y hora | Acción(es) | Modific
-------------------------------------------------------------------------------
47 | history undo 42 | 2016-05-04 23:42 | Erase | 1
46 | history undo 43 | 2016-05-04 23:42 | Erase | 1
45 | history undo 38 | 2016-05-04 23:29 | Erase | 1 EE
44 | history undo 40 | 2016-05-04 23:28 | Install | 1
43 | -y install kernel-tools | 2016-05-04 22:53 | Install | 1
42 | -y install kernel-tools- | 2016-05-04 22:51 | Install | 1 <
41 | remove kernel-tools-libs | 2016-05-04 18:22 | Erase | 2 >
40 | remove kernel-3.10.0-327 | 2016-05-04 18:22 | Erase | 1
39 | -y install unzip | 2016-05-04 18:05 | Install | 1
38 | update kernel | 2016-05-04 16:55 | Install | 1
37 | install kernel-devel ker | 2016-05-04 16:29 | Install | 5
36 | -y install net-snmp-util | 2016-05-01 13:03 | Install | 2
35 | -y install pciutils | 2016-05-01 11:29 | Install | 1
34 | remove lxqt* | 2016-05-01 09:38 | Erase | 24
33 | remove clamav-scanner | 2016-04-28 19:43 | Erase | 3 EE
32 | -y install bind-utils | 2016-04-28 14:17 | Install | 1
31 | install clamav-server cl | 2016-04-28 12:45 | I, U | 14
30 | -y install clamav-scanne | 2016-04-28 12:37 | Install | 3
29 | -y install clamav-server | 2016-04-28 12:35 | Install | 2
28 | -y install amavisd-new | 2016-04-28 12:17 | Install | 43
history list

Si actualizamos un kernel y queremos volver a una version anterior , eso si es grave por que no nos permite hacer downgrade de kernel el Yum y menos rpm -e kernel y luego instalar otro kernel ..

Yum corrige esto

yum history undo 38 (en mi caso el update de kernel que hice y que me causó problemas)

y listo el pollo .. retorna a la version anterior del kernel ..

Suerte para los que les ayude esto !!!

Tags: 

Mate para Centos 7

En la busqueda de entorno grafico ligero para mi Centos - Linux queria probar con LXDE / LXQT , lamentablemente el cambio de SystemV a Systemctl hicieron presa de mi desencanto, felizmente encontre una solución rapida y nativa si tantos cambios y tantas compilaciones que la quiero compartir.
Es el entorno de Mate .. entonces si quieres disfrutarlo y tenerlo desde cero .. manos a la obra

Paso1: Instalación minima

Paso2: Desabilitar el selinux (vi /etc/selinux/config == Disable

Paso3:
Instalar Repo de EPEL

rpm -ivh wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Paso 4: Instalar el entorno grafico

yum -y install xorg-x11-drv-intel xorg-x11-drv-fbdev xorg-x11-drv-evdev xorg-x11-drv-mouse mesa-dri-drivers xorg-x11-drv-synaptics lightdm mate-desktop mate-power-manager mate-terminal mate-themes caja atri pluma network-manager-applet dbus-x11 iso-codes net-tools zip unzip alsa-utils telnet ftp wget nano openssh-clients

rm /etc/systemd/system/default.target
ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target

Paso 5 : Instalar las fonts de Microsoft

yum install curl cabextract xorg-x11-font-utils fontconfig
rpm -i https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fon...

Paso6 : Crear un usuario y grupo

Fin de la historia

Tags: 

Servidor de Correo + Seguridad + antivirus

paso 1 :

Repo de EPEL

nano /etc/yum.repos.d/epel.repo

---------------------------------------------------------------------------------------------------
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
-----------------------------------------------------------------------------------------------------------------------------------------------------

yum install postfix spamassassin amavis-new clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-lib clamav-server-systemd

Paso 1: Postfix

nano /etc/postfix/main.cf

----------------------------------------------------------------------------------------------------
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = server
mydomain = dominio.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, $mydomain, otrodominio.com
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.1 , x.y.z.t
relay_domains = $mynetworks
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mail_spool_directory = /data/mail
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
content_filter=smtp-amavis:[127.0.0.1]:10024
##smtpd_banner = $myhostname ESMTP $mail_name
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
disable_vrfy_command = yes
delay_warning_time = 10h
default_destination_concurrency_limit = 2
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,
check_policy_service unix:private/policy,
reject_unknown_recipient_domain,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unauth_pipelining,
smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_helo_hostname,
reject_unknown_helo_hostname,
reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain
data_directory = /var/lib/postfix
--------------------------------------------------------------------------------------------------------------------------

nano /etc/postfix/master.cf

----------------------------------------------------------------------------------------------------------------------
smtp-amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.1
-o strict_rfc821_envelopes=yes
--------------------------------------------------------------------------------------------------------------------------

nano /etc/amavisd/amavisd.conf

Los cambios a realizar son :

$max_servers = 2; # num of pre-forked children (2..30 is common), -m
$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u
$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g

$mydomain = 'midominio.com'; # a convenient default for other settings

$MYHOME = '/var/spool/amavisd'; # a convenient default for other settings, -H

@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

$unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter
# option(s) -p overrides $inet_socket_port and $unix_socketname

$inet_socket_port = 10024; # listen on this local TCP port(s)

$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
$penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database)
$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam
$bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces

$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?

@addr_extension_virus_maps = ('virus');
@addr_extension_banned_maps = ('banned');
@addr_extension_spam_maps = ('spam');
@addr_extension_bad_header_maps = ('badh');
# $recipient_delimiter = '+'; # undef disables address extensions altogether
# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
# $dspam = 'dspam';

$MAXLEVELS = 14;
$MAXFILES = 3000;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 500*1024*1024; # bytes (default undef, not enforced)

$sa_spam_subject_tag = '***Spam*** ';

$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!

$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_DISCARD; #!!! D_DISCARD / D_REJECT
$final_bad_header_destiny = D_BOUNCE;
# $bad_header_quarantine_method = undef;

# read_hash("/var/amavis/sender_scores_sitewide"),

{ # a hash-type lookup table (associative array)
'nobody@cert.org' => -3.0,
'cert-advisory@us-cert.gov' => -3.0,
'owner-alert@iss.net' => -3.0,
'slashdot@slashdot.org' => -3.0,
'securityfocus.com' => -3.0,
'ntbugtraq@listserv.ntbugtraq.com' => -3.0,
'security-alerts@linuxsecurity.com' => -3.0,
'mailman-announce-admin@python.org' => -3.0,
'amavis-user-admin@lists.sourceforge.net'=> -3.0,
'amavis-user-bounces@lists.sourceforge.net' => -3.0,
'spamassassin.apache.org' => -3.0,
'notification-return@lists.sophos.com' => -3.0,
'owner-postfix-users@postfix.org' => -3.0,
'owner-postfix-announce@postfix.org' => -3.0,
'owner-sendmail-announce@lists.sendmail.org' => -3.0,
'sendmail-announce-request@lists.sendmail.org' => -3.0,
'donotreply@sendmail.org' => -3.0,
'ca+envelope@sendmail.org' => -3.0,
'noreply@freshmeat.net' => -3.0,
'owner-technews@postel.acm.org' => -3.0,
'ietf-123-owner@loki.ietf.org' => -3.0,
'cvs-commits-list-admin@gnome.org' => -3.0,
'rt-users-admin@lists.fsck.com' => -3.0,
'clp-request@comp.nus.edu.sg' => -3.0,
'surveys-errors@lists.nua.ie' => -3.0,
'emailnews@genomeweb.com' => -5.0,
'yahoo-dev-null@yahoo-inc.com' => -3.0,
'returns.groups.yahoo.com' => -3.0,
'clusternews@linuxnetworx.com' => -3.0,
lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0,
lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

# soft-blacklisting (positive score)
'sender@example.net' => 3.0,
'.example.net' => 1.0,

},
], # end of site-wide tables
});

@av_scanners_backup = (

### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
['ClamAV-clamscan', 'clamscan',
"--stdout --no-summary -r --tempdir=$TEMPBASE {}",
[0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

Luego
cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf
sed -i ‘/^Example/d’ /etc/clamd.d/clamd.conf <--- comentar la linea #example

cp /etc/freshclam.conf /etc/freshclam.conf.bak
sed -i ‘/^Example/d’ /etc/freshclam.conf <--- comentar la linea #Example

Crear : /usr/lib/systemd/system/clam-freshclam.service
----------------------------------------------------------------------
# Run the freshclam as daemon
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
-----------------------------------------------------------------------

systemctl enable clam-freshclam.service
systemctl start clam-freshclam.service

mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service

nano /etc/clamd.d/clamd.conf

LogFileMaxSize 0
LogTime yes
LogSyslog yes
PidFile /var/run/clamd.amavisd/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/lib/clamav
User amavis
LocalSocket /var/run/clamd.amavisd/clamd.sock
LocalSocketGroup clamscan
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
MaxConnectionQueueLength 30
MaxThreads 50
ReadTimeout 300
AllowSupplementaryGroups yes
ScanPE yes
ScanELF yes
DetectBrokenExecutables yes
ScanOLE2 yes
ScanPDF yes
ScanMail yes
ArchiveBlockEncrypted no
BytecodeSecurity TrustSigned

Finalmente :

nano /etc/mail/spamassassin/local.c
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]

systemctl start spamassassin
systemctl enable spamassassin
systemctl start clamd
systemctl enable clamd
systemctl start amavisd
systemctl enable amavisd
systemctl start postfix
systemctl enable postfix

Un buen para el soporte de mas temas :

https://www.centos.org/forums/viewtopic.php?t=6771

Tags: 

Postgresql Centos 7- Reload

Luego de reinstalar mi servidor es necesario la documentación , solo subiré información que realmente complementa a una instalación tipica .

Paso1: yum -y install postgresql postgresql-server php php-pgsql php-xml php-gd (Para el soporte de Drupal con PG)

Paso 2:
Editar :
nano /usr/lib/systemd/system/postgresql.service
Editar la linea :
# Location of database directory
Environment=PGDATA=/data/dbpg

Paso3:

Inicializar la db : previamente creo una carpeta para que esté la db
mkdir /data/dbpg
chown postgres.postgres /data/dbpg -R
postgres initdb -D /data/dbpg <--- inicializando

Luego edito el pg_hba.conf

host all all 127.0.0.1/32 md5
host all all ::1/128 md5
host all all 192.168.155.2/32 md5

Finalmente :

systemctl start postgresql
systemctl enable postgresql

Paso4:

Reconstrucción de la db

Creación de la base de datos:
create database DB;

Creación de usuarios :
create user miusuario PASSWORD 'password';

Asignar roles a la DB
GRANT ALL PRIVILEGES ON DATABASE nanotutoriales_website TO nanotutoriales;
Respaldar y restablecer la DB:

Paso5:

Subir la data
pg_dump -c NOMBRE_DE_LA_BD > ARCHIVO.sql
cat ARCHIVO.sql | psql NOMBRE_DE_LA_BD

Tags: 

Páginas