Wednesday, January 18, 2017

SMB Security Best Practices by US-Cert

Taken from  SMB Security Best Practices

US-CERT recommends that users and administrators consider:
  • disabling SMB v1 and
  • blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.
US-CERT cautions users and administrators that disabling or blocking SMB may create problems by obstructing access to shared files, data, or devices. The benefits of mitigation should be weighed against potential disruptions to users. For more information on SMB, please review Microsoft Security Advisories 2696547 (link is external) and 204279 (link is external)

Monday, January 16, 2017

Unable to spin down CD-ROM

I have an interesting issues today. My CD-ROM fail to spin down and there is a faulty disk inside the CD-ROM.

Inside the /var/log/messages
Buffer I/O error on device sr0, logical block 0 Error

There is no way you can un-mount the CDROM by the tradtional umount /dev/sr0. If you do a
# ps -afe|grep sr0
user1   11061  9280  0 12:43 pts/0 /sbin/blkid -o udev -p -u noraid /dev/sr0

To do a quick resolve, you can kill the process ID associated with /sbin/blkid -o udev -u noraid /dev/sr0
# kill -9 11061

The CD-ROM should stop spinning

Tuesday, January 3, 2017

Creating a Local Directory Repository to act like a local media for CentOS 6

Just say you wants a local Directory Repository to act like a local media. This happens when you wish to do yum local install from a directory of RPMs only instead of pulling directly from Internet repository.

1. At /etc/yum.repos.d/, create a local repo, something like

# vim /etc/yum.repos.d/local.repo

2. Inside the /etc/yum.repos.d/local.repo,

[myrepo]
name=My Local Repo
baseurl=file:///home/user1/RPM
enabled=1
gpgcheck=0

One more thing you may want to know is that the RPMs from the CentOS Disks including repomd.xml be copied into /home/user1/RPM

3. Disabled the rest of the Repo. For example,
# yum-config-manager --disable rpmforge

4. The Yum will pull from the enabled Repository only.