Tag Archives: centos

SELinux Basics: Disable SELinux

Leave a reply

SELinux is a great framework for securing systems but sometimes it can really get in the way of making things work properly if it’s not set up just so. Often, it’s a good idea to at least set SELinux to permissive (not enforcing) mode if you are troubleshooting a problem potentially caused by its operation. When in permissive mode, SELinux will not interrupt anything on the system at all, it will only log breaches of it’s set policies.

This document is just for the absolute basics of SELinux and particularly, how to set it to permissive mode or disable it if you wish. More information can be found at http://fedoraproject.org/wiki/SELinux

To see the status of SELinux:

sestatus

You’ll see something like this:

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

The mode, enforcing, means that it is enforcing SELinux policy.

You can change the mode by using the setenforce command.

To disable enforcement:

setenforce 0

To enable enforcement:

setenforce 1

Once enforcement is disabled, SELinux will no longer actively operate on the system. It will only warn in a log file when the set policy is violated so it should not interfere with the normal operation of the machine while in this state.

To completely disable SELinux, edit /etc/selinux/config and set the SELINUX= parameter to disabled. There are some comments in that file to provide hints on this. After editing the file, you must reboot for it to take effect.

Connecting to an OCS (Communicator) IM Server in Linux

Leave a reply

There is great news for those of us who have to log into Office Communications Server (formerly Live Communications Server) at work — the SIPE project has resumed and has released a very functional version (now at 1.5).

SIPE is a plug-in for Pidgin, allowing it to log in and exchange messages on an LCS server (Communicator server).

https://sourceforge.net/projects/sipe/

Installing SIPE is more of an “advanced user” operation as it currently must be compiled. Lucky Ubuntu 9.04 (Jaunty) users can install SIPE simply by running “sudo apt-get install pidgin-sipe) at the command line. I believe packages for Red Hat/Fedora/CentOS are not yet available in their yum repositories.

Visit the SIPE project page and forums (https://sourceforge.net/forum/forum.php?forum_id=688534) for more information as well as installation instructions.

Basically, the install procedure is like this:

sudo apt-get install pkg-config libglib2.0-dev libgtk2.0-dev pidgin-dev libpurple-dev libtool intltool comerr-dev

Then do the following:
tar -xjvf pidgin-sipe-*.tar.bz2
cd pidgin-sipe-*
./configure –prefix=/usr
make

sudo make install or run make install as root.

I’m quite sure you also need the build-essential meta package to compile the code if using Ubuntu or similar.

If you have any questions or need any more information, post to the SIPE forum (after reading all the readmes and information already provided of course. ). http://sipe.sourceforge.net/install/ has more installation instructions, including those using the developer’s unofficial Ubuntu repository and installing from the latest git commits.

Kickstart Made Simple

Leave a reply

About Kickstart

From the Red Hat documentation on Kickstart, “Using kickstart, a system administrator can create a single file containing the answers to all the questions that would normally be asked during a typical Red Hat Linux installation.

Kickstart files can be kept on single server system and read by individual computers during the installation. This installation method can support the use of a single kickstart file to install Red Hat Linux on multiple machines, making it ideal for network and system administrators.

Kickstart lets you automate a Red Hat Linux installation”

A *very* basic Kickstart file called anaconda-ks.cfg is dumped into the /root directory after an install of a Red Hat based distribution (RHEL, Fedora, CentOS, and others). You can open that up to see what it looks like and get a feel for the syntax.

Creating A Kickstart File the Easy Way

Here’s where we make creating and modifying Kickstart files dead simple. On a Red Hat like machine with X, install system-config-kickstart-noarch via yum. Applications > System Tools > Kickstart. Use the GUI tool to choose the packages and configuration you need. Then save the file by clicking File > Save File.

You can also create some post-installation scripts that configure or start up services. It may be a very good idea to roll custom RPMs for some of these tasks, depending on the situation. More on that can be found at http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-kickstart2-postinstallconfig.html

Put the Kickstart File Somewhere

The best option is a networked location reachable by the machines to be installed like a web, FTP, SMB, or NFS server. You can also put the file on a CD or floppy (probably USB device also, though I haven’t seen any examples yet).

Using Kickstart to Install an OS

Insert the installation disc or mount the ISO and boot the machine.

At the GRUB boot prompt, go to the GRUB command line.

Run linux ks=http://www.yourdomain.com/kickstartfile.cfg (I’ve had the best success storing the Kickstart file on a web server but there are lots of other options. Some others can be found at http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-kickstart2-startinginstall.html.

Sources

http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/ch-kickstart2.html

http://www.linuxtopia.org/online_books/centos5/centos5_installation_guide/centos5_ch-redhat-config-kickstart.html

http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-kickstart2-startinginstall.html