This should be the third last topic that I'd like to share related to my RHCE course, but my brain just hang there without any progress. So I proceed with SELinux and firewall first.
I am still trying to understand the networking terms, teaming and bridge are 2 new words that I learned from RH Admin III course. Actually, I still don't quite understand what is the usage for these. When I setup VirtualBox for this series of sharings, I started to understand more for bridge... Anyway, let me stay focus on the topic (how-to).
The Network Manager commands (nmcli) are rather easy to use, if you know what you are trying to do.
I did some hacks to make 2 available interfaces, enp0s8 and enp0s10.
Next, create a team master. This team master will configured to activebackup setting, i.e. one port/link is used while other reserved as backup.
Now create the team slaves (team ports).
Use teamdctl to see the status of the teaming. This is provided in teamd package.
OMG! I can't believe that it's a year passed by, and I did not write up for the last 2 topics that I'd like to covered in RHCE! Those posts were prepared after I have finished and passed RHCE. Anyway, I am in preparation for another certification, CCSP. Thought of "document" my study notes in order to help me to organize my notes, and also help me to reinforce my understanding on the topics.
I am going to start from Domain 2.
D2 : Cloud Data Security
M1 : Understand Cloud Data Life Cycle
This table is to layout the possible access and allowed access by functions/actor/location. The access control requirement and design can be retrieved from this table.
M2 : Understand Implication of Cloud to Enterprise Risk Risk management
Key roles associate with data management
Data subject: individual who is the subject of personal data Data controller : person who determines the purpose and how to process personal data Data processor : person who process…
This post is mainly about configuring secured web server. Certificates generation related will be discussed in future.
There's a package required to be installed, mod_ssl.
yum install -y mod_ssl
After installation, httpd needs to be restarted, and firewall rule should be updated, if it's meant to be accessible by other machines.
systemctl restart httpd
firewall-cmd --permanent --add-service=https
When you try to access, you'll get this.
You can proceed by Add Exception to view the page.
If I try to access https://test.com (based on the existing setup continue from yesterday virtual web server, I'll get this.
Why? This is because test.com is point to the same IP, and this URL is only set to listen to port 80, not port 443. When a match is not found, it will always refer back to the DocumentRoot in /etc/httpd/conf/httpd.conf.
If additional setting as below is setup, it will point to the "actual" test.com content again.