The following lines were added (+) and removed (-):
{{:CentOS_Linux_Distribution_Enable_Telnet}}== SELinux ==[[SELinux]] users and roles are not related to the actual system users and roles.All processes and files have an SELinux security context. The -Z switch will work with most utilities to show SELinux security contexts (e.g, 'ls -Z', 'ps axZ' etc) _u user system_u _r role object_r _t type httpd_sys_content_t User: system_u Role: object_r Type: httpd_sys_content_t Level: s0To manage directory and file SELinux contexts ensure that the semanage software is installed. # setenforce 0 turn off SELinux enforcement # setenforce 1 enableWith setenforce 0 SELinux is not actively restrictive, however, still monitors and reports file system violations. Use this mode for diagnostics.== OPENSSL Certificate ==SSL certificates are valid for certain period of time, usually 365 days. They must be renewed once expired.Validate certificate by issuing the following command: # openssl verify my-cert.pem my-cert.pem: OKExpired: # openssl verify my-cert.pem error 10 at 0 depth lookup:certificate has expired OKRenewal of expired certificate consists of two steps: revoke old one, sign certificate request. == Limiting Access to TCP-wrapped Services ==To determine if a client machine is allowed to connect to a service, TCP wrappers reference the following two files, which are commonly referred to as hosts access files: /etc/hosts.allow /etc/hosts.denyChanges to hosts.allow or hosts.deny take effect immediately without restarting network services. Both /etc/hosts.allow and /etc/hosts.deny uses the following format:daemon_list : client_list [ : shell_command ]<daemon list> is a comma-separated list of process names (not service names) or the ALL wildcard. == vi editor vim syntax highlighting ==On CentOS the command 'vi' and 'vim' by default, both open the vim editor (vim enhanced), however, with some differences. The vi command utilizes what is known as 'Small version without GUI' while executing the vim command utilizes 'Huge version without GUI', both when executed from the console respectively. You can test this by using the :version command within the vim editor. Another way to see the differences is to execute the following from the shell: vi --version | fgrep syntax vim --version | fgrep syntaxIf -syntax is on the line, you don't have syntax highlighting compiled in. If +syntax is on the line, then it does. Note that on CentOS you will see different options for vi as opposed to vim. Unlike some Fedora versions, and variants like Trustix, it is not an issue with only vim minimum installed, this is not the case. See by the version output on CentOS both are using vim enhanced.The vi command points to /bin/vi while the vim command points to /usr/bin/vim yet they both use vim enhanced. The fastest solution is to do the following: mv /bin/vi /bin/vi.small ln -s /usr/bin/vim /bin/viIf your system doesn't have the vim enhanced package installed, simply install with yum; 'yum install vim-enhanced'== Startup Troubleshooting ===== failed to start crash recovery kernel arming ===Problems after power loss or crash, the crash kernel error message. You can fix by making simple change to grub and reboot. vi /etc/default/grubchange "crash kernel=auto" to "crash kernel=512M" then type the following command grub2-mkconfig -o /boot/grub2/grub.cfg=== sshd or other service wont start because system clock is wrong ===Some useful commands to correct system clock so services run correctly. hwclock -r shows cmos time date +%Y%m%d -s "20170618" set the linux date date +%T -s "19:25:00" set the linux time hwclock -w force cmos clock to match linux clock hwclock -hctosys force linux clock to match cmos clock=== sshd or other service wont start because of selinux ===You can disable selinux and then try to start the service. This will allow you to test and determine if selinux isthe culprit so that you can make adjustments to selinux. setenforce 0 sestatusIf you need selinux to remain permissive after reboot for testing purposes, vi /etc/selinux/configChange #SELINUX=enforcing SELINUX=permissive=== system uses postfix to receive email ===You can manually start postfix systemctl start postfix systemctl status postfix=== system uses dovecot for secure socket pop and imap ===You can manually start dovecot systemctl start dovecot systemctl status dovecot[[Category:Linux Distributions]]