How to create a LUKS LVM Partition

  1. Create a logical volume: lvcreate -L 500M -n crypto cryptovg
  2. Fill the logical volume with random data: dd if=/dev/urandom of=/dev/cryptovg/crypto
  3. Initialize the logical volume: cryptsetup --verbose --verify-passphrase luksFormat /dev/cryptovg/crypto
  4. Open the newly encrypted device: cryptsetup luksOpen /dev/cryptovg/crypto cryptosec
  5. Check that it’s there: ls -l /dev/mapper | grep cryptosec
  6. Create a filesystem: mkfs.ext4 /dev/mapper/cryptosec
  7. Mount it: mount /dev/mapper/cryptosec /media/cryptosec
  8. Check that it’s visible: df -h | grep cryptosec
  9. Add the following to /etc/crypttab: cryptosec /dev/cryptovg/crypto none
  10. Edit your /etc/fstab, removing the old entry for /dev/cryptovg/crypto and adding /dev/mapper/cryptosec /media/cryptosec ext4 defaults 1 2
  11. Restore default SELinux security contexts: /sbin/restorecon -v -R /media/cryptosec
  12. Reboot: shutdown -r now
  13. The entry in /etc/crypttab makes your computer ask your luks passphrase on boot. Enter your password when asked. Login as root and restore your backup.

How to create an SSH tunnel for vncviewer

What I'm doing is using a vncviewer to connect to a vncserver, via an intermediary host (such as a firewall), using a SSH Tunnel between HostA and HostC, to encrypt communications.

I have the same unprivileged userid on all three hosts. Also, I used ssh keys for authentication, just to speed things up. Otherwise, you can specify username@host and enter the password when asked.

$ ssh -N -T -X -f HostB.example.com -L 5905:HostC.example.com:5905 --sleep +30m
$ vncviewer localhost:5905 &

Change the “+30m” to however long you want the ssh tunnel to stay open. You can also use “+8h” or “+1d”.

+----------+     +----------------+     +-------------+
| Host A   |     |                |     | Host C      |
|          |---->| Host B         |---->| destination |
| vncviewer|     | "intermediary" |     | vncserver   |
+----------+     +----------------+     +-------------+

RHEL6: vsftpd anonymous access with selinux

First install the vsftpd package:

yum install vsftpd

and edit /etc/vsftpd/vsftpd.conf

How to disable/enable IPv6 support in RHEL 6

Disabling IPv6 support in Red Hat Enterprise Linux 6
 
Create a file /etc/modprobe.d/ipv6.conf with the following contents:

options ipv6 disable=1

For completeness, it is a good idea to configure the ip6tables service not to start at boot by issuing the following command:

RHEL6/CentOS Caching Name Server

Install the bind-chroot package (which will call the bind package as a dependency):

# yum install bind-chroot

Then make SELinux happy. Set named_write_master_zones to 1:

How to setup a simple OpenLDAP server for your home lab

Some certification tests may require you to know how to setup an LDAP client. Rather hard to do in your home lab if you don't have an LDAP Server! Here's some basic instructions on how to setup something that will work.