Posted on

IT infrastructure terms

Incident management
Problem management
Configuration management
Change management
Release management
Capacity management
Availability management
Service-level management

================================================
Deployment planning
Deployment use cases
Deployment sizing
Performance tuning
Installation
Upgrade
System administration
Monitoring

================================================
Backup and Backup Retention Policy
Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
BYOD
Incident Communication Plan Policy (Updated to include social networks as a communication path)
Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
Mobile Device Access and Use Policy
Patch Management Policy
Outsourcing Policy
Record Management, Retention, and Destruction Policy
Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
Service Level Agreement (SLA) Policy Template with Metrics
Social Networking Policy
Telecommuting Policy
Travel and Off-Site Meeting Policy

Posted on

sssd sudo to linux and win active domain

  1. yum install sssd authconfig
  2. authconfig –enablesssd –enablesssdauth –enablelocauthorize –enablemkhomedir –update
  3. vi /etc/sssd/sssd.conf
  4. create security group on the domain control
  5. add user into the group
  6. type command visudo, add the line as below in the end of file:

%GROUPNAME   ALL=(ALL)       NOPASSWD: ALL

Posted on

kubernets china mirrors

yum install wget -y
mkdir -p /etc/yum.repos.d/bak
mv /etc/yum.repos.d/CentOS* /etc/yum.repos.d/bak
wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo
wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/epel-7.repo

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

 

docker pull registry.cn-hangzhou.aliyuncs.com/osoulmate/flannel:v0.10.0-amd64
docker pull registry.cn-hangzhou.aliyuncs.com/osoulmate/kube-apiserver-amd64:v1.10.0
docker pull registry.cn-hangzhou.aliyuncs.com/osoulmate/kube-controller-manager-amd64:v1.10.0
docker pull registry.cn-hangzhou.aliyuncs.com/osoulmate/kube-proxy-amd64:v1.10.0
docker pull registry.cn-hangzhou.aliyuncs.com/osoulmate/kube-scheduler-amd64:v1.10.0
docker pull registry.cn-hangzhou.aliyuncs.com/osoulmate/pause-amd64:3.0

Posted on

selinux operate

 

sestatus

setenforce 0

ps -Z

semanage port -l | grep ssh

semanage port -a -t http_port_t -p tcp 2201

semanage fcontext -a -t public_content_t “/var/www(/.*)?”
semanage fcontext -l | grep ‘/srv/samba’

restorecon -Rv /var/www*

getsebool -a

setsebool -P xxxx on

# sestatus -v
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31

Process contexts:
Current context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Init context: system_u:system_r:init_t:s0
/usr/sbin/sshd system_u:system_r:sshd_t:s0-s0:c0.c1023

File contexts:
Controlling terminal: unconfined_u:object_r:user_devpts_t:s0
/etc/passwd system_u:object_r:passwd_file_t:s0
/etc/shadow system_u:object_r:shadow_t:s0
/bin/bash system_u:object_r:shell_exec_t:s0
/bin/login system_u:object_r:login_exec_t:s0
/bin/sh system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0
/sbin/agetty system_u:object_r:getty_exec_t:s0
/sbin/init system_u:object_r:bin_t:s0 -> system_u:object_r:init_exec_t:s0
/usr/sbin/sshd system_u:object_r:sshd_exec_t:s0

audit2why</var/log/audit/audit.log

yum install setroubleshoot

Posted on

dns spf validate

dig baidu.com -ttxt

; <<>> DiG 9.10.3-P4-Ubuntu <<>> baidu.com -ttxt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25359
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;baidu.com. IN TXT

;; ANSWER SECTION:
baidu.com. 894 IN TXT “v=spf1 include:spf1.baidu.com include:spf2.baidu.com include:spf3.baidu.com a mx ptr -all”
baidu.com. 894 IN TXT “google-site-verification=GHb98-6msqyx_qqjGl5eRatD3QTHyVB6-xQ3gJB5UwM”

;; AUTHORITY SECTION:
baidu.com. 95277 IN NS ns2.baidu.com.
baidu.com. 95277 IN NS ns7.baidu.com.
baidu.com. 95277 IN NS dns.baidu.com.
baidu.com. 95277 IN NS ns4.baidu.com.
baidu.com. 95277 IN NS ns3.baidu.com.

;; ADDITIONAL SECTION:
dns.baidu.com. 17518 IN A 202.108.22.220
ns2.baidu.com. 17518 IN A 61.135.165.235
ns3.baidu.com. 17518 IN A 220.181.37.10
ns4.baidu.com. 35687 IN A 220.181.38.10
ns7.baidu.com. 95277 IN A 119.75.219.82

;; Query time: 7 msec
;; SERVER: 10.198.107.68#53(10.198.107.68)
;; WHEN: Wed May 09 09:47:50 CST 2018
;; MSG SIZE rcvd: 391