Author: divisionbox

Search rpm package name by command name using Yum

divisionbox

Sometimes I’ve situation that I know command name but I don’t know which package provides that command. Then use yum provides command.

# yum provides <commamd_name>
# i.e. lsusb
# yum provides lsusb
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: ftp.iij.ad.jp
 * extras: ftp.iij.ad.jp
 * updates: ftp.iij.ad.jp
base/7/x86_64/filelists_db                                             | 7.1 MB  00:00:06     
extras/7/x86_64/filelists_db                                           | 243 kB  00:00:00     
updates/7/x86_64/filelists_db                                          | 3.7 MB  00:00:03     
usbutils-007-5.el7.x86_64 : Linux USB utilities
Repo        : base
Matched from:
Filename    : /usr/bin/lsusb

With the result of yum, now I know usbutils package will provides lsusb command.

How to manage server services startup using systemctl

divisionbox

Use systemctl to manage server services startup in CentOS7.

## To enable auto startup
systemctl enable SERVICENAME.service

## To disable auto startup
systemctl disable SERVICENAME.service

## To list all services registered to systemctl
systemctl list-unit-files -t service

## Ask status of a service
systemctl is-enabled SERVICENAME.service

How to drop connection using firewalld

divisionbox

This is about how to drop incoming connection using firewalld on centos7.

First, check what zones your firewalld provides.

# firewall-cmd --get-zones
block dmz drop external home internal public trusted work

This time I need drop zone and it is listed.
Now to list IP address which want to be dropped, run command:

# firewall-cmd --zone=drop --permanent --add-source=192.168.0.0/24
# firewall-cmd --reload

Do not forget to reload or the rule will not be loaded.

To confirm current setting, run command:

# firewall-cmd --get-active-zones
dmz
 interfaces: eth1
drop
 sources: 192.168.0.0/24
public
 interfaces: eth0

And, to remove rules from drop zone, run command:

# firewall-cmd --zone=drop --permanent --remove-source=192.168.0.0/24
# firewall-cmd --reload

How To Set An SPF Record Which Over 255 Bytes

divisionbox

When your SPF record gets too long, like too many mail server’s IP in my case, named-checkzone will returns an error about it.

For example, my SPF record was like:

MYDOMAIN    IN    TXT    "v=spf1 a mx ptr ip4:IPADDRESS1 ip4:IPADDRESS2 ip4:IPADDRESS3 ip4:IPADDRESS4 ip4:IPADDRESS5 ip4:IPADDRESS6 ip4:IPADDRESS7 ip4:IPADDRESS8 ip4:IPADDRESS9 ip4:IPADDRESS10 ip4:IPADDRESS11 mx:mail.MYDOMAIN -all"

And I had to add one more of IPADDRESS12, and it caused an error:

# named-checkzone MYDOMAIN MYDOMAIN.zone.signed
dns_rdata_fromtext: MYDOMAIN.zone.signed:286: syntax error
zone xptest.net/IN: loading from master file MYDOMAIN.zone.signed failed: syntax error
zone MYDOMAIN/IN: not loaded due to errors.

And my solution for this error was to separate the record using include.

MYDOMAIN    IN    TXT    "v=spf1 a mx ptr include:_1st.MYDOMAIN include:_2nd.MYDOMAIN mx:mail.MYDOMAIN -all"
_1st.MYDOMAIN    IN    TXT    "v=spf1 ip4:IPADDRESS1 ip4:IPADDRESS2 ip4:IPADDRESS3 ip4:IPADDRESS4 ip4:IPADDRESS5 ip4:IPADDRESS6 -all"
_2nd.MYDOMAIN    IN    TXT    "v=spf1 ip4:IPADDRESS7 ip4:IPADDRESS8 ip4:IPADDRESS9 ip4:IPADDRESS9 ip4:IPADDRESS10 ip4:IPADDRESS11 ip4:IPADDRESS12 -all"

Checking SPF recorde at https://www.kitterman.com/spf/validate.html and I’m sure that now my record is safe.