Friday, 15 October 2021

How to enable serial console KVM guest os.

 1. Enable serial console with command :

 systemctl enable --now serial-getty@ttyS0.service

2. Connecting to guest OS from KVM with command:

 virsh console [VM_NAME]

ref: ostechnix.com

at No comments:
Labels:

Saturday, 9 October 2021

How to fix expired Freeradius certificate problem.

Problem :

    1. Can't start RADIUS Systemd service.

    2. Log show like this. 

 Oct 9 00:00:49 radius1 sh[1114]: C = FR, ST = Radius, L = Somewhere, O = Example Inc., emailAddress = admin@example.org, CN = Example Certificate Authority  
 Oct 9 00:00:49 radius1 sh[1114]: error 10 at 1 depth lookup: certificate has expired  
 Oct 9 00:00:49 radius1 sh[1114]: C = FR, ST = Radius, O = Example Inc., CN = Example Server Certificate, emailAddress = admin@example.org  
 Oct 9 00:00:49 radius1 sh[1114]: error 10 at 0 depth lookup: certificate has expired  
 Oct 9 00:00:49 radius1 sh[1114]: error server.pem: verification failed  
 Oct 9 00:00:49 radius1 sh[1114]: make: *** [Makefile:107: server.vrfy] Error 2  
 Oct 9 00:00:49 radius1 rsyslogd[1098]: imjournal: journal files changed, reloading... [v8.1911.0-6.el8 try https://www.rsyslog.com/e/0 ]  
 Oct 9 00:00:49 radius1 systemd[1]: radiusd.service: Control process exited, code=exited status=2  
 Oct 9 00:00:49 radius1 systemd[1]: radiusd.service: Failed with result 'exit-code'.  
 Oct 9 00:00:49 radius1 systemd[1]: Failed to start FreeRADIUS high performance RADIUS server..

Cause :

    Certificate file in `/etc/raddb/certs/` have any expired certificates.

Resolution 1 (If you do not user certificate in /Certs ) :

    Delete all certificate files in `/raddb/certs` with this command.

 rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt*

Resolution 2 :

     Create new certificate new certificate instead expired certs. 


   



at No comments:
Labels:

Friday, 8 October 2021

Basic Firewalld configuration for Linux server

1. Show all zone name and information about those zone.

 firewall-cmd --list-all-zones

2. Create new zone.

 firewall-cmd --new-zone=dmz2 --permanent
3. Add source network or source IP to firewall zone to allow those network access allow services or port number in specific zone.
 firewall-cmd --zone=dmz2 --add-source=192.168.0.0/24 --permanent  
 firewall-cmd --reload  #Apply

4. Add service port to allow sources network in a zone to access those port.

 firewall-cmd --zone=dmz2 --add-port=80/tcp --add-port=443 --permanent  
 firewall-cmd --reload  #apply
at No comments:
Labels: ,
Subscribe to: Posts (Atom)

Import SSH Private Key to Yubikey (PIV) for SSH Authentication

Introduction: This guide will walk you through the process of importing your SSH private key to a Yubikey (PIV) for SSH authentication on y...