09-17-2020, 04:33 PM
IPA SERVER
systemctl status firewalld
systemctl stop firewalld
nmcli connection modify "system eth0" ipv4.add 172.25.0.11/24 gw4 172.25.0.254
systemctl stop NetworkManager
hostnamectl set-hostname server0.example.com
vim /etc/sysconfig/network(to set static hostname for version 6)
or vim /etc/hostname()
yum install ipa-server -y
ipa-server-install
>no
>enter
>enter
>password
>ipa admin pass
>yes
kinit admin
ipa user-add
>bhaskar
>soni
>bhaskar_soni(login id){/home/bhaskar}
ipa-user-add --password
>bhaskar
>soni
>pass
ipa group-add
>group name
ipa group-add-member groupname --user=bhaskar
to access ipa graphically from firefox
server0.example.com
type username and password
To mount the user of IPA
yum install authconfig-gtk(throw ldap)
systemctl stop firewall
yum install ipa-client
ipa-client-install
ipa-client-install --domain=example.com --server=server0.examole.com --realm=EXAMPLE.COM
>yes
>admin
su bhaskar
ipa pwpolicy-mod(to show current policies )
ipa pwpolicy-mod --minclasses=2
ipa-client
ipa-client-install --mkhomedir
su - username
TO CREATE OWN SSL CERTIFICATION
rsyslog(work on tls, security, central authentication)
Go to server
yum install rsyslog-gnutls -y(install on server and client)
certtool --generate-privkey{-p} --outfile ca-key.pem
certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca.pem
>comman name = redhat
>uid =
>organization unit =
>organization name
>locality
>state
>country
>subdomain
>email
>expiry date
>yes
>enter
>enter
>yes
> root@desktop0.example.com
>enter
>enter
>yes
>yes
>yes
>yes
vim /usr/share/doc/rsyslog*{to copy all commands from this file}
certtool --generate-privkey --outfile server0-key.pem --sec-param 2048
certtool --generate-request --outfile server0-request.pem --load-privkey server0-key.pem
certtool --generate-certificate --load-request server0-request.pem --outfile server0-cert.pem --load-ca-certificate ca.pem --load-ca-privkey ca-key.pem
Go to server
mkdir /etc/rsyslog-keys (move all certs from desktop to server)
#you can copy all entries from /usr/share/doc/rsyslog*
vim /etc/rsyslog.d/logging-server.conf
>$DefaultNetstreamDriver gtls (to define a driver)
>$DefaultNetstreamDriverCAFile /etc/rsyslog-keys/ca.pem (path to keys file)
>$DefaultNetstreamDriverCertFile /etc/rsyslog-keys/server0-cert.pem
>$DefaultNetstreamDriverKeyFile /etc/rsyslog-keys/server0-key.pem
>$ModLoad imtcp
>$InputTCPServerStreamDriverMode 1 (1=tcp 0=udp)
>$InputTCPServerStreamDriverAuthMode anon
>$InputTCPServerRun 6514 (rsyslog default port)
systemctl restart rsyslog
(to enable selinux)rsyslogd_port_t
setentforce 1
Go to desktop desktop
touch /etc/rsyslog.d/client-logging.conf
scp /etc/rsyslog.d/logging-server.conf root@desktop:/etc/rsyslog.d/client-logging.conf
vim /etc/rsyslog.d/client-logging.conf
>$DefaultNetstreamDriver gtls (to define a driver)
>$DefaultNetstreamDriverCAFile /etc/rsyslog-keys/ca.pem (path to keys file)
>$ModLoad imtcp
>$InputTCPServerStreamDriverMode 1 (1=tcp 0=udp)
>$InputTCPServerStreamDriverAuthMode anon
>$InputTCPServerRun 6514 (rsyslog default port)
*.* @@(o) server0.example.com:6514 (*=priviliages . *=parameter @@=all (o)=used in udp)
systemctl status firewalld
systemctl stop firewalld
nmcli connection modify "system eth0" ipv4.add 172.25.0.11/24 gw4 172.25.0.254
systemctl stop NetworkManager
hostnamectl set-hostname server0.example.com
vim /etc/sysconfig/network(to set static hostname for version 6)
or vim /etc/hostname()
yum install ipa-server -y
ipa-server-install
>no
>enter
>enter
>password
>ipa admin pass
>yes
kinit admin
ipa user-add
>bhaskar
>soni
>bhaskar_soni(login id){/home/bhaskar}
ipa-user-add --password
>bhaskar
>soni
>pass
ipa group-add
>group name
ipa group-add-member groupname --user=bhaskar
to access ipa graphically from firefox
server0.example.com
type username and password
To mount the user of IPA
yum install authconfig-gtk(throw ldap)
systemctl stop firewall
yum install ipa-client
ipa-client-install
ipa-client-install --domain=example.com --server=server0.examole.com --realm=EXAMPLE.COM
>yes
>admin
su bhaskar
ipa pwpolicy-mod(to show current policies )
ipa pwpolicy-mod --minclasses=2
ipa-client
ipa-client-install --mkhomedir
su - username
TO CREATE OWN SSL CERTIFICATION
rsyslog(work on tls, security, central authentication)
Go to server
yum install rsyslog-gnutls -y(install on server and client)
certtool --generate-privkey{-p} --outfile ca-key.pem
certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca.pem
>comman name = redhat
>uid =
>organization unit =
>organization name
>locality
>state
>country
>subdomain
>expiry date
>yes
>enter
>enter
>yes
> root@desktop0.example.com
>enter
>enter
>yes
>yes
>yes
>yes
vim /usr/share/doc/rsyslog*{to copy all commands from this file}
certtool --generate-privkey --outfile server0-key.pem --sec-param 2048
certtool --generate-request --outfile server0-request.pem --load-privkey server0-key.pem
certtool --generate-certificate --load-request server0-request.pem --outfile server0-cert.pem --load-ca-certificate ca.pem --load-ca-privkey ca-key.pem
Go to server
mkdir /etc/rsyslog-keys (move all certs from desktop to server)
#you can copy all entries from /usr/share/doc/rsyslog*
vim /etc/rsyslog.d/logging-server.conf
>$DefaultNetstreamDriver gtls (to define a driver)
>$DefaultNetstreamDriverCAFile /etc/rsyslog-keys/ca.pem (path to keys file)
>$DefaultNetstreamDriverCertFile /etc/rsyslog-keys/server0-cert.pem
>$DefaultNetstreamDriverKeyFile /etc/rsyslog-keys/server0-key.pem
>$ModLoad imtcp
>$InputTCPServerStreamDriverMode 1 (1=tcp 0=udp)
>$InputTCPServerStreamDriverAuthMode anon
>$InputTCPServerRun 6514 (rsyslog default port)
systemctl restart rsyslog
(to enable selinux)rsyslogd_port_t
setentforce 1
Go to desktop desktop
touch /etc/rsyslog.d/client-logging.conf
scp /etc/rsyslog.d/logging-server.conf root@desktop:/etc/rsyslog.d/client-logging.conf
vim /etc/rsyslog.d/client-logging.conf
>$DefaultNetstreamDriver gtls (to define a driver)
>$DefaultNetstreamDriverCAFile /etc/rsyslog-keys/ca.pem (path to keys file)
>$ModLoad imtcp
>$InputTCPServerStreamDriverMode 1 (1=tcp 0=udp)
>$InputTCPServerStreamDriverAuthMode anon
>$InputTCPServerRun 6514 (rsyslog default port)
*.* @@(o) server0.example.com:6514 (*=priviliages . *=parameter @@=all (o)=used in udp)