LXC and NAT added

StenlyTU · Feb 5, 2022 · 60bf6d1 · 60bf6d1
1 parent c93ab11
commit 60bf6d1
Show file tree

Hide file tree

Showing 6 changed files with 92 additions and 6 deletions.
diff --git a/stuff/LFCE_DesignandDeployment.md b/stuff/LFCE_DesignandDeployment.md
@@ -16,8 +16,54 @@
 
 ## Create and maintain software packages
 
+- TBD later
+
 ## Create, configure and maintain containers
 
+- LXC:
+    - acronym for Linux Containers, is a lightweight Linux kernel based virtualization solution,
+      which practically runs on top of the Operating System, allowing you to run multiple isolated
+      distributions the same time.
+
+    - The difference between LXC and KVM virtualization is that LXC doesn’t emulates hardware, but
+    shares the same kernel namespace, similar to chroot applications. This makes LXC a very fast virtualization solution compared to other virtualization solutions, such as KVM, XEN or VMware
+
+    - `yum install epel-release && yum install lxc lxc-templates` -> Install it.
+
+    - `systemctl start lxc; lxc-checkconfig` -> Check the kernel for LXC support.
+
+    - `ls -l /usr/share/lxc/templates/` -> List available LXC container templates.
+
+    - `lxc-create -n container_name -t container_template` -> Create LXC container.
+        - `lxc-create -n mydcb -t centos`
+
+    - `lxc-ls; lxc-info --name mydcb` -> To see the containers. If lxc-ls is not found install it using: `yum whatprovides /usr/bin/lxc-ls`
+
+    - `lxc-start -n mydcb -d` -> Start it.
+
+    - `lxc-console -n mydcb` or `lxc-attach` -> Connect to it.
+
+    - `lxc-stop -n mydcb`, `lxc-destroy -n mywheez`, `lxc-clone mydeb mydeb-clone`
+
+    - `lxc-copy -n bucket2 -N bucket3` -> lxc-copy is the newest command for cloning LXC containers.
+
+    - `lxc-create -n debby -t download -- -d debian -r bullseye -a amd64`
+        - -n = name
+        - -t = template
+        - -d = distibution
+        - -a = arch
+        - -r = release
+
+    - And finally, all created containers reside in **/var/lib/lxc/** directory. If for some reason you need to
+    manually adjust container settings you must edit the config file from each container directory.
+
+- Docker:
+
+    - https://github.com/StenlyTU/LFCS-official/blob/main/stuff/ServiceConfiguration.md#manage-and-configure-containers
+
+- KVM:
+    - https://github.com/StenlyTU/LFCS-official/blob/main/stuff/ServiceConfiguration.md#manage-and-configure-virtual-machines
+
 ## Deploy, configure, and maintain high availability/clustering/replication
 
 [Back to top of the page: ⬆️](https://github.com/StenlyTU/LFCE-official/blob/main/stuff/LFCE_DesignandDeployment.md#Define-a-capacity-planning-strategy)
diff --git a/stuff/LFCE_EssentialCommands.md b/stuff/LFCE_EssentialCommands.md
@@ -7,8 +7,6 @@
 3. [Run commands on many systems simultaneously](https://github.com/StenlyTU/LFCE-official/blob/main/stuff/LFCE_EssentialCommands.md#run-commands-on-many-systems-simultaneously)
 4. [Install Linux Distribution](https://github.com/StenlyTU/LFCE-official/blob/main/stuff/LFCE_EssentialCommands.md#install-linux-distribution)
 
-- [Check everything from LFCS essentials](https://github.com/StenlyTU/LFCS-official/blob/main/stuff/EssentialCommands.md)
-
 
 ## Use version control tools
 
@@ -81,5 +79,6 @@ ssh in parallel on a number of hosts.
 
 - If you are studying for **LFCE** you need to know this already!
 
+[Check everything from LFCS essentials](https://github.com/StenlyTU/LFCS-official/blob/main/stuff/EssentialCommands.md)
 
 [Back to top of the page: ⬆️](https://github.com/StenlyTU/LFCE-official/blob/main/stuff/LFCE_EssentialCommands.md#essential-commands)
diff --git a/stuff/LFCE_Networking.md b/stuff/LFCE_Networking.md
@@ -58,11 +58,45 @@ nmon, vnstat
 
 ## Configure a system to perform Network Address Translation
 
+- Network Address Translation (NAT) allows for multiple network hosts to share the same external IP address. There are two types of outbound NAT or source NAT:
+
+    - MASQUERADE: Works with a dynamic source IP address. It is useful for servers with dynamic IP addresses.
+    - SNAT: Works with a static source IP address. It is less complex than MASQUERADE.
+    - There is also a form of inbound or destination NAT (DNAT). DNAT allows for services to be behind a bastion host and to be easily load-balanced to different hosts.
+
+    To enable any of these types of NAT, the ip_forward kernel option must be set to 1.
+    ```bash
+    echo 1 > /proc/sys/net/ipv4/ip_forward
+    ```
+    Example of masquerade rule:
+    ```bash
+    iptables -t nat -A POSTROUTING -o eth1 ! -d 192.168.12.0/24 -j MASQUERADE
+    ```
+
 ## Dynamically route IP traffic
 
+- Quaga
+
 ## Implement advanced packet filtering
 
-Use firewalld: [Firewall info](https://github.com/StenlyTU/LFCS-official/blob/main/stuff/Networking.md#implement-packet-filtering)
+- TCP Wrappers:
+    - The TCP Wrappers system is a host-based network firewall and ACL.
+    - The configuration for tcpwrappers is handled by two files, ***/etc/hosts.allow*** and ***/etc/hosts.deny***. Both files have the same syntax:
+        ```bash
+        <DAEMON>:<CLIENT>
+        #hosts.allow
+        vsftpd:ALL
+        ALL:LOCAL
+        ALL:10
+        ALL:.example.com EXCEPT untrusted.example.com
+
+        #hosts.deny
+        ALL:ALL
+        ```
+- Netfilter
+    - netfilter is a packet-filtering framework built into the Linux kernel.
+
+    Use firewalld: [Firewall info](https://github.com/StenlyTU/LFCS-official/blob/main/stuff/Networking.md#implement-packet-filtering)
 
 
 [Back to top of the page: ⬆️](https://github.com/StenlyTU/LFCE-official/blob/main/stuff/LFCE_Networking.md)
diff --git a/stuff/LFCE_ServiceConfiguration.md b/stuff/LFCE_ServiceConfiguration.md
@@ -188,7 +188,11 @@ improving response times and reducing bandwidth usage.
 
 ## Implement and configure a PXE Boot server
 
-- TBD next
+- PXE (Preboot eXecution Environment) Server allows unattended or automated OS installation over the Network.The main benefit of pxe is that we don’t need any bootable drive to boot OS(Operating system) and we do not need to to burn any ISO file into DVD or usb device.
+
+- Article how to Configure PXE Server: https://www.linuxtechi.com/configure-pxe-installation-server-centos-7/
+
+- In general don't belive there will be questions for PXE since you need to configure a loot of stuff especially in container setup like on the exam.
 
 ## Implement and configure an authoritative DNS server
 

diff --git a/stuff/LFCE_StorageManagement.md b/stuff/LFCE_StorageManagement.md
@@ -184,6 +184,9 @@
                 path = /home/sambapublic
                 writable = yes
                 public = yes
+                #read only = no #Other options
+                #guest ok = yes
+                #valid users = vagrant
 
         testparm # check the smb.conf file.
         # Test locally

diff --git a/stuff/LFCE_UserandGroupManagement.md b/stuff/LFCE_UserandGroupManagement.md
@@ -4,8 +4,6 @@
 
 2. [Configure advanced PAM](https://github.com/StenlyTU/LFCE-official/blob/main/stuff/LFCE_UserandGroupManagement.md#configure-advanced-PAM)
 
-- [Check everything from LFCS essentials KB](https://github.com/StenlyTU/LFCS-official/blob/main/stuff/UserandGroupManagement.md)
-
 
 ## Connect to an external authentication source
 
@@ -79,4 +77,6 @@
 
     - **A lot of above info can be seen with:** `man pam.d`
 
+[Check everything from LFCS essentials KB](https://github.com/StenlyTU/LFCS-official/blob/main/stuff/UserandGroupManagement.md)
+
 [Back to top of the page: ⬆️](https://github.com/StenlyTU/LFCE-official/blob/main/stuff/LFCE_UserandGroupManagement.md#connect-to-an-external-authentication-source)