When we perform operating system patching on RHEL systems, we will get below error during boot time.
Showing posts with label RHEL7. Show all posts
Showing posts with label RHEL7. Show all posts
Sunday, 21 January 2024
Friday, 4 February 2022
How to add mount option nodev for /var/lib/nfs/rpc_pipefs partition on RHEL 7
Recently latest vulnerability found on Red Hat Enterprise Linux 7 system during audit by security team. According to audit team, 'nodev' need to be an added mount for /var/lib/nfs/rpc_pipefs partition.
To resolve this vulnerability please perform the below steps as suggested by Red Hat.
1. We need to create Drop-In directory for var-lib-nfs-rpc_pipefs.mount
[root@redhat001:~]# mkdir -p /etc/systemd/system/var-lib-nfs-rpc_pipefs.mount.d/
2. Now we need to create configuration file adding this mount point
[root@redhat001:~]# printf '[Mount]\nOptions=nodev\n' > /etc/systemd/system/var-lib-nfs-rpc_pipefs.mount.d/99-nodev.conf
3. Please take a reload of daemon service
[root@redhat001:~]# systemctl daemon-reload
now please take a restart of mount services.
[root@redhat001:~]# systemctl restart var-lib-nfs-rpc_pipefs.mount
Using above steps we can add mount option nodev for /var/lib/nfs/rpc_pipefs parition on rhel7. To verify the mount point you can run the below command
[root@redhat001:~]#grep rpc /proc/self/mounts
sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw,nodev,relatime 0 0
If you see above output, nodev option has been successfully mount. This is straight steps need to follow to resolve such vulnerability.
Sunday, 24 January 2021
How to clear cache on Linux
In this article, we will guide you how to clear the memory cache on Linux system by clearing PageCache, dentries, and inodes from the command line.
In linux system basically we have a three different type of caches that need to be clear from linux system.
PageCache is cached files. Files that were recently accessed are stored here so they will not need to be queried from the hard disk again, unless that file changes or the cache is cleared to make room for other data
Dentry, inode cache is directory and file attributes. This information goes hand in hand with PageCache, although it doesn't contain the actual contents of any files.
Please find the below commands to clear the cache from linux device
To clear PageCache only, use this command:-
[root@localhost:~]#sysctl vm.drop_caches=1
To clear dentries and inodes, use this command:-
[root@localhost:~]#sysctl vm.drop_caches=2
To clear PageCache, plus dentries and inodes, use this command:-
[root@localhost:~]#sysctl vm.drop_caches=3
Please use free command or top to check your system's RAM usage and verify that the cache has been cleared.
Also you can use the following commands to accomplish the same thing as the respective systemctl commands:
Clear PageCache:-
[root@localhost:~]# echo 1 > /proc/sys/vm/drop_caches
Clear dentries and inodes:-
[root@localhost:~]# echo 2 > /proc/sys/vm/drop_caches
Clear PageCache, dentries and inodes:-
[root@localhost:~]# echo 3 > /proc/sys/vm/drop_caches
Using above commands you can clear the cache from linux system. In case you have any query please comment on this post. Thanks!!
Puppet agent: Exiting; no certificate found and waitforcert is disabled
Puppet agent: Exiting; no certificate found and waitforcert is disabled -
Such type of error coming when puppet agent connecting to a Puppet master server for a first time will generate a certificate and give it to a Puppet master server to sign.
Basically its depend upon your puppet configuration, a default behavior is that the certificate must by signed manually and thus puppet agent exits with an error.
[root@puppet-client:~]#puppet agent -t
Exiting; no certificate found and waitforcert is disabled
To resolve this issue login to the Puppet master server and run the below command to list all certificates awaiting a signature.
[root@puppet-master ~]# puppet cert list
"puppet-client" (SHA256)
B3:67:17:66:8E:78:1F:69:4E:11:8E:34:BA:86:A0:E7:07:84:BF:E9:8A:94:A9:41:DD:6C:9D:1B:07:D2:72:6A
From the above output we can see that certificate from a single host puppet-client is waiting for its certificate to be signed.
Note: Your output may be different and contain multiple certificates awaiting for a signature.
Now we have two options on how to sign the above certificate.
Option 1: We can sign each certificate individually.
Option 2: We can sign all awaiting certificates at once.
For option 1 , please run the below command
[root@puppet-master ~]# puppet cert sign puppet-client
For Option 2, please run the below command
[root@puppet-master ~]# puppet cert sign --all
Using above option you can remove such errors. Now login on the puppet-client machine and run the puppet agent again.
[root@puppet-client:~]#puppet agent -t
Now you will not receive certificate error. In case you have any query on above article, please comment on this post. Thanks!!
Saturday, 29 February 2020
Failed to start lsb bring up/down networking in rhel 7
Such type of error we have received after operating system upgradation from redhat linux operating system from version 7.x to version 7.y.
The root cause for error is network manager upgradation during operating system patching.
To troubleshoot this error, please restart the network service and check the status
[root@localhost network-scripts]# systemctl restart network
Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.
[root@localhost network-scripts]# systemctl status network
You can see " Failed to start lsb bring up/down networking" error message
Solution: To resolve such type of network issue, please perform the below steps.
Go to /etc/sysconfig/network-scripts/ directory and list the files.
[root@localhost]# cd /etc/sysconfig/network-scripts/
You can see the ifcfg-lo filename file which you need to removed it.
after remove this file please take a restart of service. Your network service will restart properly without any issue. Also if you have any other duplicate or backup ifcfg file please remove it.
[root@localhost network-scripts]# rm -rf ifcfg-lo
[root@localhost network-scripts]# systemctl restart network
Now try to access the redhat machine via ssh. Please post your comment if you have any query regarding this post.
The root cause for error is network manager upgradation during operating system patching.
To troubleshoot this error, please restart the network service and check the status
[root@localhost network-scripts]# systemctl restart network
Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.
[root@localhost network-scripts]# systemctl status network
You can see " Failed to start lsb bring up/down networking" error message
Solution: To resolve such type of network issue, please perform the below steps.
Go to /etc/sysconfig/network-scripts/ directory and list the files.
[root@localhost]# cd /etc/sysconfig/network-scripts/
You can see the ifcfg-lo filename file which you need to removed it.
after remove this file please take a restart of service. Your network service will restart properly without any issue. Also if you have any other duplicate or backup ifcfg file please remove it.
[root@localhost network-scripts]# rm -rf ifcfg-lo
[root@localhost network-scripts]# systemctl restart network
Now try to access the redhat machine via ssh. Please post your comment if you have any query regarding this post.
Sunday, 20 May 2018
NFS Stale File Handle error and solution
In linux machine we have NFS mounted directories sometimes contain stale file handles. If you run command such as ls or vi you will see an error
# ls
.: Stale File Handle
Before moving to fix this issue first we need to understand the concept of Stale File Handle.
A filehandle becomes stale whenever the file or directory referenced by the handle is removed by another host.
while your client still holds an active reference to the object. A typical example occurs when the current directory of a process, running on your client, is removed on the server (either by a process running on the server or on another client).
So this can occur if the directory is modified on the NFS server, but the directories modification time is not updated.
To fixed this issue, the best solution is to remount directory from the NFS client using mount command.
# umount -f /test
# mount -t nfs nfsserver:/path/to/share /test
Thursday, 3 May 2018
How to configure Network Bonding on RHEL 7
Step by Step method to configure the network bonding on RHEL 7:
➤ Please log on to linux server and run the "ip a" command to check the available interfaces.
[root@localhost]# ip a
lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:bd:c7:f9 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
➤ Load the bonding driver called “bonding” in the kernel with the modprobe command if it is not already loaded, and verify with the modinfo command:
[root@localhost]# modprobe bonding
[root@localhost]# modinfo bonding
[root@localhost]# ip a
lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:bd:c7:f9 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
➤ Load the bonding driver called “bonding” in the kernel with the modprobe command if it is not already loaded, and verify with the modinfo command:
[root@localhost]# modprobe bonding
[root@localhost]# modinfo bonding
➤ In this step you need to generate UUIDs for interfaces using the below command.
[root@localhost]# uuidgen <interface-name>
[root@localhost]# uuidgen <interface-name>
➤ Now create a file called ifcfg-bond0 in the /etc/sysconfig/network-scripts directory for bond0 with the following settings. Please use vi editor to edit this file.
[root@localhost]# cd /etc/sysconfig/network-scripts
[root@localhost]# vi ifcfg-bond0
DEVICE=bond0
Name=bond0
TYPE=bond0
BONDING_MASTER=yes
BONDING_OPTS="mode=balance-rr"
ONBOOT=yes
IPADDR=192.168.1.23
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
[root@localhost]# cd /etc/sysconfig/network-scripts
[root@localhost]# vi ifcfg-bond0
DEVICE=bond0
Name=bond0
TYPE=bond0
BONDING_MASTER=yes
BONDING_OPTS="mode=balance-rr"
ONBOOT=yes
IPADDR=192.168.1.23
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
➤ Now create ifcfg-eth2 and ifcfg-eth3 files in the /etc/sysconfig/network-scripts directory for eth2 and eth3 interfaces with the following settings. Set the MASTER directive to bond0. Both interfaces will act as slaves with no IP addresses assigned to them.
[root@localhost]# vi ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
NAME=eth1
UUID=23a32d65-343d-48a2-8rf7-d2jh2388f666
ONBOOT=yes
MASTER=bond0
SLAVE=yes
[root@localhost]# vi ifcfg-eth2
DEVICE=eth2
TYPE=Ethernet
NAME=eth2
UUID=22a32d65-443d-48d2-8rf7-d2jh222f666
ONBOOT=yes
MASTER=bond0
SLAVE=yes
[root@localhost]# vi ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
NAME=eth1
UUID=23a32d65-343d-48a2-8rf7-d2jh2388f666
ONBOOT=yes
MASTER=bond0
SLAVE=yes
[root@localhost]# vi ifcfg-eth2
DEVICE=eth2
TYPE=Ethernet
NAME=eth2
UUID=22a32d65-443d-48d2-8rf7-d2jh222f666
ONBOOT=yes
MASTER=bond0
SLAVE=yes
➤ Now deactivate and reactivate bond0 with the ifdown and ifup commands:
[root@localhost]# ifdown bond0; ifup bond0
[root@localhost]# ifdown bond0; ifup bond0
➤ Check the status of bond0 and the slaves with the ip command. It should also show the assigned IP.
[root@localhost]# ip addr
[root@localhost]# ip addr
➤ Restart the system to ensure the configuration survives system reboots
[root@localhost]# reboot
[root@localhost]# reboot
Sunday, 29 April 2018
How to install and configure samba server in RHEL 7 or redhat linux 7
Login on Samaba server
Check samba rpm installed or not, if not installed please install it,
[root@localhost ~]# rpm -qa | grep samba
[root@localhost ~]# yum install samba*
Create a directory in root file system which is shared with client.
[root@localhost ~]#mkdir -p /home/testuser/test
Add a new group or can use existing group
To provide access on shared directory,Here we are adding new group called samba
[root@localhost ~]#groupadd samba
Change the group and permission of sharing folder
[root@localhost ~]#chgrp -R samba /home/testuser/test
[root@localhost ~]#chmod -R 777 /home/testuser/test
create user, add into group and set samba password
[root@localhost ~]#useradd testuser
[root@localhost ~]#usermod -G samba testuser
[root@localhost ~]#smbpasswd -a testuser
Now Edit /etc/samba/smb.conf file
Note: Please take a backup of origianl file.
[root@localhost ~]#cd /etc/samba/
[root@localhost ~]#cp -p smb.conf smb.conf.orig
And add the below given contents in last line of /etc/samba/smb.conf file.
vi /etc/samba/smb.conf
[test]
comment = shared-directory
path = /home/testuser/test
public = no
valid users = testuser, @samba
writable = yes
browseable = yes
create mask = 0774
directory mask = 4774
##Edit these lines in /etc/samba/smb.conf . To allow network to reach samba server
interfaces = lo ens32 192.168.1.0/24
hosts allow = 127. 192.168.1.
security = user
passdb backend = tdbsam
netbios name = localhost
server string = Samba Server localhost
workgroup = MYGROUP
log file = /var/log/samba/samba.log
max log size = 50
security = server
Add services in /etc/services files
vi /etc/services
netbios-ns 137/tcp # netbios name service
netbios-ns 137/udp # netbios name service
netbios-dgm 138/tcp # netbios datagram service
netbios-dgm 138/udp # netbios datagram service
netbios-ssn 139/tcp # netbios session service
netbios-ssn 139/udp # netbios session service
Note: Please check these above ports are open from this samba server to client machine
Now start the smb and nmb services.
systemctl start smb.service
systemctl start nmb.service
Enable smb and nmb service at booting of system
systemctl enable smb.service
systemctl enable nmb.service
Note 1: firewalld service not enable on this server so no need to add any rule.
Note 2: selinux is in permissive state so no need to change the selinux security context.
Now login on window machine
and mount this samba share on the server.
\\localhost.redhat.com\test
Check samba rpm installed or not, if not installed please install it,
[root@localhost ~]# rpm -qa | grep samba
[root@localhost ~]# yum install samba*
Create a directory in root file system which is shared with client.
[root@localhost ~]#mkdir -p /home/testuser/test
Add a new group or can use existing group
To provide access on shared directory,Here we are adding new group called samba
[root@localhost ~]#groupadd samba
Change the group and permission of sharing folder
[root@localhost ~]#chgrp -R samba /home/testuser/test
[root@localhost ~]#chmod -R 777 /home/testuser/test
create user, add into group and set samba password
[root@localhost ~]#useradd testuser
[root@localhost ~]#usermod -G samba testuser
[root@localhost ~]#smbpasswd -a testuser
Now Edit /etc/samba/smb.conf file
Note: Please take a backup of origianl file.
[root@localhost ~]#cd /etc/samba/
[root@localhost ~]#cp -p smb.conf smb.conf.orig
And add the below given contents in last line of /etc/samba/smb.conf file.
vi /etc/samba/smb.conf
[test]
comment = shared-directory
path = /home/testuser/test
public = no
valid users = testuser, @samba
writable = yes
browseable = yes
create mask = 0774
directory mask = 4774
##Edit these lines in /etc/samba/smb.conf . To allow network to reach samba server
interfaces = lo ens32 192.168.1.0/24
hosts allow = 127. 192.168.1.
security = user
passdb backend = tdbsam
netbios name = localhost
server string = Samba Server localhost
workgroup = MYGROUP
log file = /var/log/samba/samba.log
max log size = 50
security = server
Add services in /etc/services files
vi /etc/services
netbios-ns 137/tcp # netbios name service
netbios-ns 137/udp # netbios name service
netbios-dgm 138/tcp # netbios datagram service
netbios-dgm 138/udp # netbios datagram service
netbios-ssn 139/tcp # netbios session service
netbios-ssn 139/udp # netbios session service
Note: Please check these above ports are open from this samba server to client machine
Now start the smb and nmb services.
systemctl start smb.service
systemctl start nmb.service
Enable smb and nmb service at booting of system
systemctl enable smb.service
systemctl enable nmb.service
Note 1: firewalld service not enable on this server so no need to add any rule.
Note 2: selinux is in permissive state so no need to change the selinux security context.
Now login on window machine
and mount this samba share on the server.
\\localhost.redhat.com\test
Thursday, 26 April 2018
Job for nfs-server.service failed because the control process exited with error code. See "systemctl status nfs-server.service" and "journalctl -xe" for details. Resolution
On Red Hat Linux 7 operating system, some time you will get below NFS service failed error message.
"Job for nfs-server.service failed because the control process exited with error code. See "systemctl status nfs-server.service" and "journalctl -xe" for details."
The above error occur when you are taking restart of nfs service.
# systemctl restart nfs.service
Job for nfs-server.service failed because the control process exited with error code. See "systemctl status nfs-server.service" and "journalctl -xe" for details.
Resolution
# systemctl status nfs-server.service
nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2018-04-27 09:56:08 IST; 8s ago
Process: 21370 ExecStopPost=/usr/sbin/exportfs -f (code=exited, status=0/SUCCESS)
Process: 21366 ExecStopPost=/usr/sbin/exportfs -au (code=exited, status=0/SUCCESS)
Process: 21362 ExecStop=/usr/sbin/rpc.nfsd 0 (code=exited, status=0/SUCCESS)
Process: 21273 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
Process: 2714 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=1/FAILURE)
Main PID: 21273 (code=exited, status=0/SUCCESS)
Apr 27 09:56:07 localhost.redhat.com systemd[1]: Starting NFS server and services...
Apr 27 09:56:08 localhost.redhat.com exportfs[2714]: exportfs: Failed to resolve foobar.com <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Apr 27 09:56:08 localhost.redhat.com exportfs[2714]: exportfs: Failed to resolve foobar.com <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Apr 27 09:56:08 localhost.redhat.com systemd[1]: nfs-server.service: control process exited, code=exited status=1
Apr 27 09:56:08 localhost.redhat.com systemd[1]: Failed to start NFS server and services.
Apr 27 09:56:08 localhost.redhat.com systemd[1]: Unit nfs-server.service entered failed state.
Apr 27 09:56:08 localhost.redhat.com systemd[1]: nfs-server.service failed.
To resolve such issue you need to follow the below process.
You need to check which NFS version rpm is installed on the server.
#rpm -qa | grep nfs
the above command show you the installed nfs version.
Normally the above error occur due to lower version on nfs, so to resolve the issue you need to upgrade the nfs version.
installed the latest nfs rpm nfs-utils-1.3.0-0.33.el7 or later
#yum install nfs
The above command upgrade the nfs rpm, or you can download the manually rpm file and installed it through rpm -uvh command.
After that restart the nfs service again.
# systemctl restart nfs.service
it is started successfully, you can check the status via below command.
# systemctl status nfs.service
[root@localhost ~]# systemctl status nfs.service
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
Drop-In: /run/systemd/generator/nfs-server.service.d
└─order-with-mounts.conf
Active: active (exited) since Thu 2018-04-27 03:47:57 IST; 18h ago
Process: 32477 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
Process: 32472 ExecStartPre=/bin/sh -c /bin/kill -HUP `cat /run/gssproxy.pid` (code=exited, status=0/SUCCESS)
Process: 32469 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Main PID: 32477 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/nfs-server.service
Apr 26 03:47:57 localhost systemd[1]: Starting NFS server and services...
Apr 26 03:47:57 localhost systemd[1]: Started NFS server and services.
"Job for nfs-server.service failed because the control process exited with error code. See "systemctl status nfs-server.service" and "journalctl -xe" for details."
The above error occur when you are taking restart of nfs service.
# systemctl restart nfs.service
Job for nfs-server.service failed because the control process exited with error code. See "systemctl status nfs-server.service" and "journalctl -xe" for details.
Resolution
# systemctl status nfs-server.service
nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2018-04-27 09:56:08 IST; 8s ago
Process: 21370 ExecStopPost=/usr/sbin/exportfs -f (code=exited, status=0/SUCCESS)
Process: 21366 ExecStopPost=/usr/sbin/exportfs -au (code=exited, status=0/SUCCESS)
Process: 21362 ExecStop=/usr/sbin/rpc.nfsd 0 (code=exited, status=0/SUCCESS)
Process: 21273 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
Process: 2714 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=1/FAILURE)
Main PID: 21273 (code=exited, status=0/SUCCESS)
Apr 27 09:56:07 localhost.redhat.com systemd[1]: Starting NFS server and services...
Apr 27 09:56:08 localhost.redhat.com exportfs[2714]: exportfs: Failed to resolve foobar.com <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Apr 27 09:56:08 localhost.redhat.com exportfs[2714]: exportfs: Failed to resolve foobar.com <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Apr 27 09:56:08 localhost.redhat.com systemd[1]: nfs-server.service: control process exited, code=exited status=1
Apr 27 09:56:08 localhost.redhat.com systemd[1]: Failed to start NFS server and services.
Apr 27 09:56:08 localhost.redhat.com systemd[1]: Unit nfs-server.service entered failed state.
Apr 27 09:56:08 localhost.redhat.com systemd[1]: nfs-server.service failed.
To resolve such issue you need to follow the below process.
You need to check which NFS version rpm is installed on the server.
#rpm -qa | grep nfs
the above command show you the installed nfs version.
Normally the above error occur due to lower version on nfs, so to resolve the issue you need to upgrade the nfs version.
installed the latest nfs rpm nfs-utils-1.3.0-0.33.el7 or later
#yum install nfs
The above command upgrade the nfs rpm, or you can download the manually rpm file and installed it through rpm -uvh command.
After that restart the nfs service again.
# systemctl restart nfs.service
it is started successfully, you can check the status via below command.
# systemctl status nfs.service
[root@localhost ~]# systemctl status nfs.service
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
Drop-In: /run/systemd/generator/nfs-server.service.d
└─order-with-mounts.conf
Active: active (exited) since Thu 2018-04-27 03:47:57 IST; 18h ago
Process: 32477 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
Process: 32472 ExecStartPre=/bin/sh -c /bin/kill -HUP `cat /run/gssproxy.pid` (code=exited, status=0/SUCCESS)
Process: 32469 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Main PID: 32477 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/nfs-server.service
Apr 26 03:47:57 localhost systemd[1]: Starting NFS server and services...
Apr 26 03:47:57 localhost systemd[1]: Started NFS server and services.
Monday, 5 February 2018
How to start/stop and enable/disable Firewall on Redhat 7 Linux system
In RHEL7, to stop/start and enable/disable the firewall is quite different from RHEL6. In Red hat 7 "firewalld" named service we used for local firewall. Please find the below example step by step to check the firewall status.
How to check status of RHEL7 firewall:
[root@localhost ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
How to check status of RHEL7 firewall:
[root@localhost ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Thu 2018-02-05 12:37:47 IST; 0 months 1 days ago
Main PID: 332 (firewalld)
CGroup: /system.slice/firewalld.service
└─332 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
└─332 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Feb 05 12:37:47 localhost systemd[1]: Starting firewalld - dynamic firewall daemon...
Feb 05 12:37:49 localhost systemd[1]: Started firewalld - dynamic firewall daemon.
In the above status firewall is by default enable on the linux system. It is enable automatically when system restart or on.
How to Stop and Start RHEL7 firewall:
Feb 05 12:37:49 localhost systemd[1]: Started firewalld - dynamic firewall daemon.
In the above status firewall is by default enable on the linux system. It is enable automatically when system restart or on.
How to Stop and Start RHEL7 firewall:
Please use the below commands to start stop the firewall on redhat linux 7 operating system.
[root@localhost ~]# service firewalld stop
Redirecting to /bin/systemctl stop firewalld.service
Stopped firewall will start again after system's reboot.
[root@localhost ~]# service firewalld start
Redirecting to /bin/systemctl start firewalld.service
How to Disable and Enable RHEL7 firewall:
If you want to disable permanently firewall so that after reboot it is not enable again, please use the below command.
[root@localhost ~]# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
If you want to enable the firewall again run please use the below command.
[root@localhost ~]# systemctl enable firewalld
ln -s '/usr/lib/systemd/system/firewalld.service' '/etc/systemd/system/basic.target.wants/firewalld.se
Subscribe to:
Posts (Atom)