=====RHEL=====
====PATCH====
yum repolist all #List all repos
/etc/yum.repos.d #Repo folder
yum repolist all |grep enabled #List active repos
yum repolist
yum makecache
yum-config-manager --enable repository-xy
yum-config-manager --disable repository-xy
subscription-manager repos --disable repository-xy #RHEL7
subscription-manager repos --disable repository-xy #RHEL7
yum check-update
yum check-update --security
yum clean all
rm -rf /var/cache/yum
yum updateinfo
yum update
yum update -y
yum update --skip-broken
yum update --security
yum-complete-transaction
zypper dist-upgrade
zypper clean -a
rpm -qa --last #shows last applied packages
====rpm database broken====
To solve a broken rpm-database:
yum info expat
mkdir /var/lib/rpm/backup
cp -a /var/lib/rpm/__db* /var/lib/rpm/backup/
rm -f /var/lib/rpm/__db.[0-9][0-9]*
rpm --quiet -qa
rpm --rebuilddb
yum clean all
yum info expat
rm -rf /var/lib/rpm/backup
or
mv /var/lib/rpm/__db* /tmp/
rpm --rebuilddb
yum clean all
==== Systeminfo ====
lsb_release -d #>= RHEL7
cat /etc/redhat-release #<= RHEL6
==== Search & Install ====
yum search package
yum search all package
yum list java* #search versions, getting also repos which contain the package
yum list java-1.8.0-ibm*
yum reinstall package
yum install package
yum erase httpd httpd-tools
yum -y --nogpgcheck install nrpe nagios-plugins-disk nagios-plugins-load nagios-plugins-swap nagios-plugins-procs
yum reinstall --downloadonly --downloaddir=/tmp kernel-debuginfo glibc-langpack-de-2.28-225.el8.x86_64.rpm
pkcon search name package #shows all available versions of a package
==== Satellite ====
/etc/init.d/taskomatic restart
rhn_check -vvvv
Add Channel:
cdn-sync --list-channels |grep dotnet
cdn-sync --channel rhel-x86_64-server-7-dotnet-1
=== Satellite Clients ===
rhn_check -vvvvv
/usr/sbin/rhn_check -vvvvv
rhnsd #Service to interact with Satellite
rhn-profile-sync #Sync package list with Satellite
=== RHEVM ===
engine-upgrade-check
yum update ovirt\*setup\*
engine-setup
==== Firewall ====
=== RHEL7 ===
== Add Rules ==
Open http(s):
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --zone=public --add-service=https --permanent
Activate:
firewall-cmd --reload
Test:
iptables -L | grep https
iptables -L | grep http
Example-Output:
[root@testhost ~]# iptables -L |grep https
ACCEPT tcp -- anywhere anywhere tcp dpt:https ctstate NEW
Open firewall port tcp/2888 to zone "public" to anybody:
firewall-cmd --zone=public --add-port=2888/tcp --permanent
firewall-cmd --reload
Open firewall port for zone "public" to particularry IP:
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="136.230.49.56/30" port protocol="tcp" port="9200" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="136.230.49.56/32" port protocol="tcp" port="9200" accept'
List zones:
firewall-cmd --list-all-zones
Show zone content:
firewall-cmd --info-zone=public
== Delete Rules ==
Remove a rule, **without** restriction:
firewall-cmd --zone=public --remove-port=80/tcp
Remove a rule, **with** restriction:
firewall-cmd --permanent --zone=public --remove-rich-rule='rule family="ipv4" source address="136.230.49.56/30" port protocol="tcp" port="8480" accept'
firewall-cmd --permanent --zone=public --remove-rich-rule='rule family="ipv4" source address="136.230.230.196/32" port protocol="tcp" port="8480" accept'
Remove a servicebased rule:
firewall-cmd --zone=public --remove-service=http
Activate:
firewall-cmd --reload
If a rule can´t be removed (even if firewall-cmd shows "success") it´s possible to remove it inside the configuration file:
/etc/firewalld/zones/public.xml
Afterwards you have to restart the firewall service:
systemctl restart firewalld.service
===RHEL6===
lokkit --port=80:tcp --update
lokkit --port=443:tcp --update
**Config file:**
/etc/sysconfig/system-config-firewall
# Configuration file for system-config-firewall
--enabled
--port=80:tcp
Or:
/etc/sysconfig/iptables
Restart iptables:
/etc/init.d/iptables restart
Check:
iptables -L -n |grep 80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
==== NETWORK ====
===RHEL6===
**Related files:**
/etc/hosts
/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/resolv.conf
**/etc/sysconfig/network-scripts/ifcfg-eth0:**
DEVICE=eth0
HWADDR=00:0c:29:9c:37:ba
TYPE=Ethernet
UUID=a23f59eb-0246-451f-bb56-5a256403b722
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=192.168.0.5
NETMASK=255.255.255.0
DNS2=8.8.8.8
GATEWAY=192.168.0.2
DNS1=10.2.206.102
IPV6INIT=no
**/etc/sysconfig/network:**
NETWORKING=yes
HOSTNAME=RHEL6-6
===RHEL7===
/etc/hostname
systemctl restart systemd-hostnamed
hostnamectl set-hostname name
hostnamectl status
====Register====
subscription-manager config --server.proxy_hostname=proxy.example.com --server.proxy_port=8080 --server.proxy_user=admin --server.proxy_password=secret
subscription-manager register --username user@test.de --password mysecret
subscription-manager attach --auto
====Certificate====
To add a certificate in the simple PEM or DER file formats to the list of CAs trusted on the system, copy the certificate file to the /usr/share/pki/ca-trust-source/anchors/ or /etc/pki/ca-trust/source/anchors/ directory. To update the system-wide trust store configuration, use the update-ca-trust command, for example:
cp ~/certificate-trust-examples/Cert-trust-test-ca.pem /usr/share/pki/ca-trust-source/anchors/
update-ca-trust
====chronyd ====
Check:
chronyc tracking
chronyc sources
chronyc -n sourcestats #show IP of ntp-server
chronyc sourcestats #show dns-name of ntp-server
Service:
systemctl status chronyd.service
Sync oneshot:
chronyd -q 'server NTPname-DNS-or-IP iburst' #chronyd.service has to be stopped before!