It was at the beginning of September 2013 that I decided to create this website.
The content is still very focused on RHEL 7 / CentOS 7 and it will continue to be so as we know that RHEL 8 will not be there for at least a year.
I try to update / improve existing tutorials as regularly as possible.
I have not created a forum yet due to lack of disk space, but I still think about it.
I hope you still enjoy the website.
Six weeks after the announcement of RHEL 7.4, it is now time for the release of CentOS 7.4, also called CentOS 7 (1708).
The release doesn’t only concern x86_64 architecture but also aarch64, armhfp, ppc64 and ppc64le (see download directory here).
In the Releases Notes appear the following major changes:
- SSH1 support has been removed from the SSH server (see details here). Along with this move, all cryptographic protocols and algorithms which are considered insecure have been deprecated (see details here).
- OpenSSL now supports DTLS (TLS via UDP) and ALPN.
- NVMe Over Fabric is now supported in the NVM-Express kernel driver.
- There have been various changes/enhancements to cryptographic abilities of various packages. I.e. sendmail now supports ECDHE, OpenSSH now using SHA2 for public key signatures, … among others.
- Various packages have been rebased. Some of those are openLDAP, samba, clufter, ipmitool, tcpdump, shim, GNOME, NetworkManager, Kernel-GRE-module, openssh, openSSL, libreswan, chrony, rsyslog, sudo and libvirt.
Some issues have already been reported:
- The http-parser and http-parser-devel packages have been removed from the EPEL repository and added to the CentOS/RHEL main repository causing potential problems (see details here).
- The NFS mount behavior has changed, trying NFS vers=4.1 by default. Also, rather than trying 4.0 after failing on 4.1, RHEL/CentOS 7.4 fails down to NFS 3. To get the previous behavior, force vers=4.0 (see details here).
- There is an issue with using iptables and ip6tables where the iptables service fails to start and affects systems where firewalld is disabled and BOTH iptables AND ip6tables are enabled (see details here).
- VirtualBox (currently at 5.1.26) is not fully compatible with CentOS 7 (1708). The fix is in the beta release (see details here).
- Samba may fail with “symbol krb5_get_init_creds_opt_set_pac_request, not defined“. This is because of a missing dependency for a newer version of krb5-libs. The issue is resolved by installing krb5-libs-1.15.1-8.el7 (see details here).
- Samba share with sssd authentication is broken. This is being worked on upstream. A workaround is to downgrade the Samba packages to an earlier version (sssd-1.15.2-50.el7_4.3.1 should solve the problem; see details here).
- At least 1024 MB RAM is required to install and use CentOS 7 (1708). When using the Live ISOs for install, 1024 MB RAM produces very slow results and even some install failures. At least 1344 MB RAM is recommended for LiveGNOME or LiveKDE installs.
- VMware Workstation/VMware ESXi allow to install two different virtual SCSI adapters: BusLogic and LsiLogic. However the default kernel from CentOS 7 does not include the corresponding driver for any of them thus resulting in an unbootable system if you install on a SCSI disk using the defaults for CentOS Linux. If you select ‘Red Hat Enterprise Linux‘ as OS, the paravirtualized SCSI adapter is used, which works.
- Commonly used utilities such as ifconfig/netstat have been marked as deprecated for some considerable time and the ‘net-tools‘ package is no longer part of the @core group so will not be installed by default. Use nmcli c up ifname <interfacename> to get your network up and running and use yum to install the package if you really need it. Kickstart users can pull in the net-tools package as part of the install.
The CentOS 7 (1708) distribution can be downloaded here as usual.
To harden a server or simply reduce its security footprint, it is very useful to get a list of the main processes running. However, it is not an obvious task to get a synthetic view like this.
Using a command like ps -edf brings too much information and doesn’t really help you.
I recently came across the pstree command and found it quite useful.
First, install the psmisc package available in the base repository:
# yum install -y psmisc
Then, execute the pstree command:
As the test was performed on a virtual machine, I could quickly see that the smartd daemon (part of the smartmontools package) was running. This daemon monitors disk health: this is completely useless in a virtual environment where all disks are already managed by the host or a dedicated storage subsystem.
# systemctl disable --now smartd
# yum remove -y smartmontools
I hope you find this tool as useful as I found it.
Today, Red Hat announced the official release of RHEL 7.4.
To know more about this new version you can read a summary of the RHEL 7.4 changes or the RHEL 7.4 Release Notes.
Several points can be highlighted:
- docker overlay graph driver with SELinux in enforcing mode is now supported,
- OpenSSL update (1.0.2k) brings support for ALPN & native HTTP/2,
- System Security Services Daemon (SSSD) in a container is now fully supported,
- Identity Management (IdM) server container is available as a Technology Preview feature,
- OpenLDAP & Btrfs are deprecated and will be removed in future RHEL major versions.