Archives for September 2019

The Problem System exhibits some performance degradation. Checking with netstat shows very large (and rising) numbers of "packet reassembles failed" similar to: # netstat -s | fgrep reassembles 353357449 packet reassembles failed 353359152 packet reassembles failed 353360314 packet reassembles failed 353361547 packet reassembles failed 353363020 packet reassembles failed 353364064 packet reassembles failed The Solution In general, IP packet reassembles may fail if: There is not … [Read more...] about ‘nestat -s’ showing a large number for “packet reassembles failed” errors in CentOS/RHEL

The Problem An application is getting "connection refused" from other servers. The application is accessible from localhost and also it listens to the expected port. The Solution Firewall on the local server is dropping inbound connection attempts from other servers. Note: By default, CentOS/RHEL 7 uses the FIREWALLD service to manage the IPTABLES rules. The older IPTABLES subsystem is still available and may be used directly if the FIREWALLD service is disabled. 1. Determine if the … [Read more...] about Server Application Getting “connection refused” From Remote Servers [due to firewalld or iptables] – CentOS/RHEL 7

To make CentOS/RHEL 7 compliant with the Federal Information Processing Standard Publication (FIPS) 140-2, some changes are needed to ensure that the certified cryptographic modules are used and that your system (kernel and userspace) is in FIPS mode. Pre-requisites 1. Confirm that the current openssl version supports fips: # openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 2. Check the output of the following command. It shows if the kernel is already configured for FIPs. It will show … [Read more...] about How to make CentOS/RHEL 7 FIPS 140-2 compliant

This post will show How to configure a CentOS/RHEL system to accept remote log messages using TLS and non TLS only. Let's say we have following servers. Rsyslog server with TLS and non TLS : syslog-server.geeklab.com Client TLS : syslog-tls.geeklab.com Client Non TLS: syslog-non-tls.geeklab.com 1. Use the following guide to setup the TLS on rsyslog-server and client: How to Configure rsyslog Server to Accept Logs via SSL/TLS 2. Test the TLS is working correctly before … [Read more...] about How to Configure Remote Rsyslog To Accept TLS and Non-TLS in CentOS/RHEL

Virtual Data Optimizer (VDO) is a block virtualization technology that allows you to easily create compressed and deduplicated pools of block storage. This post outlines steps to create Virtual Data Optimizer(VD0) filesystem in CentOS/RHEL 8 systems. 1. Install VDO using dnf or yum. # dnf install install vdo Verify the package installation: # rpm -qa | grep vdo kmod-kvdo-6.2.0.293-50.0.1.el8.x86_64 vdo-6.2.0.298-10.el8_0.x86_64 2. Create a VDO disk: # lsblk | grep sdc NAME MAJ:MIN … [Read more...] about How To Create Virtual Data Optimizer(VD0) in CentOS/RHEL 7 and 8

"stratis" is the new volume manager introduced in the CentOS/RHEL 8 release. This post outlines steps to create or remove a new stratis filesystem in CentOS/RHEL 8 system. We will also see how to mount and umount a stratis filesystem in this post. Creating and mounting a stratis filesystem 1. Install Stratis packages: # rpm -qa | grep "strati*" stratisd-1.0.3-1.el8.x86_64 stratis-cli-1.0.2-1.el8.noarch 2. Enable and start the stratisd service: # systemctl enable --now stratisd # … [Read more...] about How To Create/Remove and Mount a Stratis Filesystem in CentOS/RHEL 8

What is FIPS Compliance? The Federal Information Processing Standards (FIPS) are standards specified by the United States Government for approving cryptographic software. The National Institute of Standards and Technology (NIST) has so far issued the FIPS 140-1 and FIPS 140-2 standards, and FIPS PUB 140-2 is the standard for “Security Requirements for Cryptographic Modules”. The steps to enable FIPS on CentOS/RHEL 7 include installing the dracut-fips package. This package provides a file, … [Read more...] about How to disable FIPS mode on CentOS/RHEL 7