GNU/Linux


How to Start/Stop or Enable/Disable firewalld on CentOS 7 2

firewalld (Dynamic Firewall Manager) tool provides a dynamically managed firewall. The tool enables network/firewall zones to define the trust level of network connections and/or interfaces. It has support both for IPv4 and IPv6 firewall settings. Also, it supports Ethernet bridges and allow you to separate between runtime and permanent configuration options. Finally, it supports an interface for services or applications to add firewall rules directly.

Disable firewalld

To disable firewalld, execute the following command as root or using sudo:

systemctl disable firewalld

Enable firewalld

To enable firewalld, execute the following command as root or using sudo:

systemctl enable firewalld

Stop firewalld

To stop (or deactivate) firewalld,execute the following command as root or using sudo:

systemctl stop firewalld

Start firewalld

To start (or activate) firewalld, execute the following command as root or using sudo:

systemctl start firewalld

Status of firewalld

To check the status of firewalld, execute the following command as root or using sudo:

systemctl status firewalld

CONCEPTS

systemd provides a dependency system between various entities called “units” of 12 different types. Units encapsulate various objects that are relevant for system boot-up and maintenance. The majority of units are configured in unit configuration files, whose syntax and basic set of options is described in systemd.unit(5), however some are created automatically from other configuration, dynamically from system state or programmatically at runtime. Units may be “active” (meaning started, bound, plugged in, …, depending on the unit type, see below), or “inactive” (meaning stopped, unbound, unplugged, …), as well as in the process of being activated or deactivated, i.e. between the two states (these states are called “activating”, “deactivating”). A special “failed” state is available as well, which is very similar to “inactive” and is entered when the service failed in some way (process returned error code on exit, or crashed, or an operation timed out). If this state is entered, the cause will be logged, for later reference. Note that the various unit types may have a number of additional substates, which are mapped to the five generalized unit states described here.
— From man systemd

The above, in a nutshell:

  • enabled is a service that is configured to start when the system boots
  • disabled is a service that is configured to not start when the system boots
  • active is a service that is currently running
  • inactive is a service that is currently stopped and may be disabled, but it can be started and become active

How to search for specific filenames in .tar archives

The following commands will search in the .tar archives found in the specified folder and print on screen all files that their paths or filenames match our search token. We provide multiple solutions, each one for a different type of .tar archive depending on the compression used.

For .tar archives

find /media/repository/packages/ -type f -iname "*.tar" -exec tar -t -f '{}' \; | grep "configurations/arm-cortexa9";

For .tar.bz2 archives

find /media/repository/packages/ -type f -iname "*.tar.bz2" -exec tar -t -j -f '{}' \; | grep "configurations/arm-cortexa9";

For .tar.xz archives

find /media/repository/packages/ -type f -iname "*.tar.xz" -exec tar -t -J -f '{}' \; | grep "configurations/arm-cortexa9";

For .tar.gz and .tgz archives

Please note that this commands uses the -o (which is the logical or) parameter on find to search for multiple filename extensions.

find /media/repository/packages/ -type f \( -iname "*.tar.gz" -o -iname "*.tgz" \) -exec tar -t -z -f '{}' \; | grep "configurations/arm-cortexa9";

find Parameters Legend

  • -type f filters out any result which is not a regular file
  • -exec command '{}' \; runs the specified command on the results of find. The string '{}' is replaced by the current file name being processed.
  • -o is the logical Or operator. The second expression  is not evaluated if the first expression is true.

tar Parameters Legend

  • -z or --gzip instructs tar to filter the archive through gzip
  • -j or --bzip2 filters the archive through bzip2
  • -J or --xz filters the archive through xz
  • -t or --list lists the contents of an archive
  • -f or --file=INPUT uses the archive file or device named INPUT

Downgrade GNU patch on CentOS 7.0 (64bit) to version 2.6.1

Recently we had to download GNU patch from version 2.7.1 to any version less than version 2.7 series.
We used patch version 2.6.1 which is the latest in the version 2.6 series.

We were trying to compile Linux Kernel 3.0.35 source code with some custom patches.
While applying the patches we got the following errors:

File firmware/imx/sdma/sdma-imx25-to1.bin: git binary diffs are not supported.
File firmware/imx/sdma/sdma-imx31-to1.bin: git binary diffs are not supported.
File firmware/imx/sdma/sdma-imx31-to2.bin: git binary diffs are not supported.
File firmware/imx/sdma/sdma-imx35-to1.bin: git binary diffs are not supported.
File firmware/imx/sdma/sdma-imx35-to2.bin: git binary diffs are not supported.
File firmware/imx/sdma/sdma-imx50-to1.bin: git binary diffs are not supported.
File firmware/imx/sdma/sdma-imx51-to3.bin: git binary diffs are not supported.
File firmware/imx/sdma/sdma-imx53-to1.bin: git binary diffs are not supported.

Apparently, version 2.7 does not support binary diffs.
We can verify this claim from the release announcement.

Support for most features of the “diff –git” format, including renames and copies, permission changes, and symlink diffs. Binary diffs are not supported yet; patch will complain and skip them.

Methodology


#Making sure we are not missing any 32bit libraries since we are on a 64bit machine
yum install glibc.i686 ncurses-libs.i686;
#Download the source code
wget ftp://ftp.gnu.org/gnu/patch/patch-2.6.1.tar.gz;
#Extract the files
tar -zxf patch-2.6.1.tar.gz;
#Navigate to the folder
cd patch-2.6.1;
#Configure the installation and make all necessary checks
./configure;
#Build
make;
#Remove existing version
sudo yum remove patch -y;
#Install
sudo make install;


How to suppress binary files from matching results

When you try to find all files that contain a certain string value, it can be very costly to check binary files that you might not want to check.
To automatically prevent your search from testing if the binary files contain the needle you can add the parameter -I (capital i) to prevent grep from testing them.
Using grep, -I will process a binary file as if it did not contain matching data, this is equivalent to the --binary-files=without-match option.

Example

find . -type f -exec grep 'string' '{}' -s -l -I \;

The above command breaks down as follows:

  • find . -type f Find all files in current directory.
  • -exec For each match execute the following.
  • grep 'string' '{}' Search the matched file '{}' if it contains the value ‘string’.
  • -s Suppress error messages about nonexistent or unreadable files.
  • -l (lambda lower case) or --files-with-matches Suppress normal output, instead print the name of each input file from which output would normally have been printed. The scanning will stop on the first match.
  • -I (i capital) or --binary-files=without-match Process a binary file as if it did not contain matching data.