Hetzner is a very popular provider for so-called root servers and VPS (Virtual private Servers) located in Germany with data centers in Germany and Finland. They are quite affordable and have good services as well. The default installation image, sorry Hetzner, is crap (i.e. no logical volumes). The rescue system is not only a nice tool to recover from botched system configurations, but it also comes with an image installer which allows users to install a custom system. The default ….Read More
Tag: RHEL
Migrating from CentOS8 to RHEL8
There are various reasons why to migrate from CentOS to RHEL. Quicker access to bugfixes and new minor releases as well as having a fully commercially supported system. Unfortunately most providers do not have an option to install RHEL but CentOS instead. There are different tutorials on the net how to migrate from RHEL to CentOS but almost no information about the other way round. It is quite simple and at the end of the day you have only Red ….Read More
Using Data Deduplication and Compression with VDO on RHEL 7 and 8
Storage deduplication technology has been on the market for quite some time now. Unfortunately all of the implementations have been vendor-specific proprietary software. With VDO, there is now an open-source Linux native solution available. Red hat has introduced VDO (Virtual Data Optimizer) in RHEL 7.5, a storage deduplication technology bough with Permabit in 2017. Of course it has been open-sourced since then. In contrast to ZFS which provides the same functionality on the file system level, VDO is an inline ….Read More
Audit your systems for security compliance with OpenSCAP
Introduction to (Open)SCAP SCAP stands for Security Content Automation Protocol. It is an open standard which defines methods for security policy compliance, vulnerability management and measurement etc. This article focuses on the operating system compliance part of SCAP. It comes originally from the US National Institute of Standards and Technology (NIST) to provide a way for US government agencies to audit its systems for regulatory compliance. OpenSCAP is a NIST validated open source implementation of SCAP. Why should I make ….Read More
Configure SSSD to work on IPv6-only Hosts
SSSD is used for the client side of IPA and other centralized Identity Management Services. Unfortunately it does not behave as it should. The default is to look up first IPv4 addresses and if that fails IPv6 should be used. Well, if IPv4 fails, the whole request fails and you got weird error messages when joining an IPA domain. As the pool for IPv4 addresses is depleted, IPv6 is getting more and more important. Thus, IPv6-only hosts are on the ….Read More
Secure your system with SELinux
Introduction to SELinux SELinux is well known as the most sophisticated Linux Mandatory Access Control (MAC) System. If you install any Fedora or Redhat operating System it is enabled by default and running in enforcing mode. So far so good. Its available for many years and its not rocket science to use it. This article is supposed to give you some hints how to make your system even more secure and how to solve some troubles SELinux may have on your system. DAC ….Read More
Identity Management with IPA Part I
Red Hat released RHEL 6.2 on December 6th. From my point of view, the greatest news in the release is that IPA (or now called Identity Management) is now fully supported and available in the RHEL 6 base channel without additional subscription costs. Upstream project is freeIPA and is available trough the default Fedora repos. About central Identity Management IPA stands for Identification, Auditing, Policy. The focus in this article is on identification of users. In the past, there have ….Read More
Cross distribution system management with Spacewalk
In a perfect world, all systems in a data centre are running the same Linux operating system, a homogeneous system landscape. In real life things are working differently. Windows systems are out of focus in this post, lets concentrate on Linux systems. Most companies with a large Linux base are either RHEL shops or using SLES. A lot of RHEL users have some SLES systems running and so are SLES users running some RHEL systems. Some companies have additional systems ….Read More