Starting points: (RE)Learning Linux commands
-
Once you have sysstat installed and it has sat around for ten minutes or more you will start to get details in your sar reports. This is one of the most important tools in your Linux arsenal. Once it has sat around you can see all kinds of details as to how it has been running....
sar -
@scottalanmiller said:
Be sure to install sysstat (System Stats) and htop (Horizontal TOP? Honestly, no idea what it stands for.)
yum -y install sysstat htopFrom http://hisham.hm/htop/index.php?page=faq:
What does the 'h' in 'htop' stand for?
Well, the short explanation is a little obvious: the "h" stands for "Hisham", my name.
The long explanation is that what inspired me to write htop was pinfo, an improved man and info reader that adds lots of features (in my machines 'man' is an alias to 'pinfo -m'). It was written by a guy called Przemek Borys. Since 'pinfo' was "a better info" and he named it "pinfo" ("Przemek's Info"), I decided to try to make "a better top" so I called it "htop" ("Hisham's top"). So yes, it is after my own name, but it's also a homage to another nice piece of software!
-
And of course the uptime command is super handy.
-bash-4.2$ uptime 14:39:39 up 6 days, 16:17, 1 user, load average: 0.27, 0.16, 0.15 -
Yum -
So one of the goals is to have ManageEngine running. I've uploaded the .bin file, WHile I know I didn't need to.. it's done..would it be
yum - y install (filename)?
-
@g.jacobse said:
Yum -
So one of the goals is to have ManageEngine running. I've uploaded the .bin file, WHile I know I didn't need to.. it's done..would it be
yum - y install (filename)?
While I think YUM has a local installation option, I don't think it will work with bin files.
-
@g.jacobse said:
Yum -
So one of the goals is to have ManageEngine running. I've uploaded the .bin file, WHile I know I didn't need to.. it's done..would it be
yum - y install (filename)?
@g.jacobse said:
Yum -
So one of the goals is to have ManageEngine running. I've uploaded the .bin file, WHile I know I didn't need to.. it's done..would it be
yum - y install (filename)?
@g.jacobse said:
Yum -
So one of the goals is to have ManageEngine running. I've uploaded the .bin file, WHile I know I didn't need to.. it's done..would it be
yum - y install (filename)?
A bin is a binary, like a Windows installer. It's not an RPM, which is an installation file. To install a binary, on any OS, just run it.
-
@scottalanmiller
Not sure why that quoted three time...I feel I hear Foghorn Leghorn's voice here... "No no no son,.. your don't it all wrong..."
-
@g.jacobse did you make it executable? Chmod +x file.bin
then run it as ./file.bin -
should read:
./ManageEngine_ServiceDesk_Plus_64bit.binYou may also have to do chmod +x filename.
-
@g.jacobse said:
@scottalanmiller
Not sure why that quoted three time...I feel I hear Foghorn Leghorn's voice here... "No no no son,.. your don't it all wrong..."
You are attempting to use a relative path, but the file is not in your path so it can't find it.
-
@scottalanmiller said:
First thing to do with any CentOS...
yum -y install epel-releaseI completely disagree with this statement because it implies that the EPEL is required. Most of my servers are CentOS 7 minimal and do not have EPEL.
There is NEVER a reason to always add stuff. There are often good reason for most servers, but there is never ALWAYS a reason.
In fact Scott, this is completely contrary to your constant preaching that people should always do things because they are needed and not because they just should because some random internet person said so.f
-
I would make sure you install NTP as well for server, with VMs this becomes even more important.
-
@JaredBusch said:
@scottalanmiller said:
First thing to do with any CentOS...
yum -y install epel-releaseI completely disagree with this statement because it implies that the EPEL is required. Most of my servers are CentOS 7 minimal and do not have EPEL.
It's because of fail2ban being the next recommendation. It's for security reasons.
-
@scottalanmiller said:
It's because of fail2ban being the next recommendation. It's for security reasons.
This is a rationalization that again does not take everything into consideration.
Example: There is no reason to deal with Fail2Ban on an internal device with no public facing ports. In an enterprise setting, maybe, but not in an SMB.
As I said, there is often a reason, but not always..
-
@JaredBusch said:
@scottalanmiller said:
It's because of fail2ban being the next recommendation. It's for security reasons.
This is a rationalization that again does not take everything into consideration.
Example: There is no reason to deal with Fail2Ban on an internal device with no public facing ports. In an enterprise setting, maybe, but not in an SMB.
As I said, there is often a reason, but not always..
@JaredBusch said:
@scottalanmiller said:
It's because of fail2ban being the next recommendation. It's for security reasons.
This is a rationalization that again does not take everything into consideration.
Example: There is no reason to deal with Fail2Ban on an internal device with no public facing ports. In an enterprise setting, maybe, but not in an SMB.
As I said, there is often a reason, but not always..
Nothing is always, of course, but for someone new to Linux, I would "always" do it until you are comfortable with not needing to ask them question then decide for yourself. If you need to ask... install it.
But even for internal systems with no external ports I want fail2ban. It helps protect against internal breaches too.
-
@scottalanmiller said:
Nothing is always, of course, but for someone new to Linux, I would "always" do it until you are comfortable with not needing to ask them question then decide for yourself. If you need to ask... install it.
I am not arguing that Fail2Ban is bad, I am arguing that you are setting standards that you tyhing are simple when they are not.
The problem here is that you are adding complexity.
The new user now also needs to deal with learning how to properly configure Fail2Ban. An out of the box CentOS7 install is fairly secure to begin with. You have to open up most ports with a firewall-cmd in the first place..
@scottalanmiller said:
But even for internal systems with no external ports I want fail2ban. It helps protect against internal breaches too.
This is complete overkill in the SMB.
-
@JaredBusch said:
The problem here is that you are adding complexity.
The new user now also needs to deal with learning how to properly configure Fail2Ban. An out of the box CentOS7 install is fairly secure to begin with. You have to open up most ports with a firewall-cmd in the first place..
This is complete overkill in the SMB.I don't agree, the root user on a default install is pounded on relentlessly if exposed. Fail2Ban adds nominal complexity but a significant amount of protection. And other than turning it on, no configuration needed for the most important role (protecting SSH.) I'm actually very disappointed that RHEL doesn't make it part of their minimum install.
-
@scottalanmiller said:
I don't agree, the root user on a default install is pounded on relentlessly if exposed. Fail2Ban adds nominal complexity but a significant amount of protection. And other than turning it on, no configuration needed for the most important role (protecting SSH.) I'm actually very disappointed that RHEL doesn't make it part of their minimum install.
Your disappointment does not alter the fact. that again, for an internal server it is a complete waste of time.
This is my entire point. You are assuming public facing service always.
-
No matter how small you are, Fail2Ban is an effort only on a system by system basis (so the effort scales as your deployments do) and offers serious protection levels lacking in the base install. It is far easier to configure Fail2Ban than to disable password-based access to a system.
