Centos – set selinux permissive without reboot

You can view the current mode SELinux operates in, by executing the sestatus comman:

# sestatus

You can change the mode by editing the file /etc/selinux/config and change the SELINUX=enforcing line to SELINUX=permissive

# vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.

By executing once again the sestatus command you ‘ll get the output:

# sestatus

SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: permissive
Policy version: 24
Policy from config file: targeted

My way to change the current mode is to reboot the machine. Today I discovered that you can change the current mode by using the setenforce command.

man pages gives this as usage:

setenforce [ Enforcing | Permissive | 1 | 0 ]

so you can execute

# setenforce 0

to change SELinux currend mode to permissive.

No more reboots and downtime because of selinux!!!

Centos – change hostname

To permanent change your hostname you have to edit the /etc/sysconfig/network file and set the variable HOSTNAME to your needs.

vi /etc/sysconfig/network

give the value you want to HOSTNAME variable like the following example:


now this change will take effect after a reboot. There is a way to avoid reboot. You have to run the following command:

echo "myhost1.example.com" > /proc/sys/kernel/hostname

and that’s all!!!

How to disable ipv6 networking – CentOS

There are some simple steps to follow, in order to disable ipv6 networking on CentOS. This simple guide is about CentOS 6.4, but I think that it will work on both a little older or next versions of this Operating System.

Step 1: add this rule in /etc/sysctl.conf : net.ipv6.conf.all.disable_ipv6 = 1

Step 2: add this rule in /etc/sysconfig/network: NETWORKING_IPV6=no

Step 3: add this setting for each nic X (X is the corresponding number for each nic) in /etc/sysconfig/network-scripts/ifcfg-ethX: IPV6INIT=”no”

Step 4: disable the ip6tables service : chkconfig ip6tables off

Step 5: reboot

See how nfs client is connected to nfs server

Find out the configuration with which the nfs client is connected to the nfs server.


Bouncing my head to my keyboard while trying to find out where is the bottleneck on an nfs client-server relationship, I found out how to see the configuration with which the nfs client is connect to the server:


nfsstat -m


And the output is:

/nfsshare from nexenta.nfs-servers.example.com:/volumes/datastore/dataset/
 Flags: rw,relatime,vers=4,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=,minorversion=0,local_lock=none,addr=


Knowing exactly how the client is connected to the server, you can find more easily where the problem is.


Using the nfsstat -m command, you get the information about all nfs mounts. The -m switch is present on centOS, but abscent on FreeBSD, in which I do also performance tests.


You can also find all this information and also all the information about all mounts ( not only nfs mounts) if you execute:


cat /proc/mounts


I am trying to get this info on FreeBSD,  if everyone knows everything about this, please post a comment. I also asked a question at http://unix.stackexchange.com/questions/91594/nfs-mount-properties-options-in-freebsd to help me find the solution.

Install Nagios to Centos 6.4

In this step by step guide, we will install nagios. Nagios is a great (if not the greatest) opensource monitoring tool. You can use to monitor your hole datacenter, or lot’s of datacenters, services and networks.

1. Install the epel repository

Supposing you have not allready installed epel repository, run the following command:

# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

2. Disable selinux, iptables

In order to disable selinux edit /etc/selinux/config

# vi /etc/selinux/config

and set


I do not recommend to disable iptables, but setting correctly it depends on your servers configuration

I disabled iptables here just to ensure that everything works and then I will apply my firewall policy.

To disable iptables you have to run the following command:

# service iptables stop
# chkconfig iptables off

To confirm that the service is not running, run the following command:

# service iptables status

and the output should be like this:

iptables: Firewall is not running.

Then run the following command to ensure that is turned off, on boot

# chkconfig --list iptables

and the output should be this:

iptables        0:off   1:off   2:off    3:off    4:off    5:off    6:off

reboot your system to take effect selinux configuration.
To confirm that your system has disabled selinux run:

# sestatus
SELinux status: disabled

Be carefull if you didn’t run

# chkconfig iptables off

then after the system reboots, the iptables service will be up.

3. Nagios Installation

Now you can install nagios using yum

# yum install nagios

When the installation completes it’s procedure, you should run:

# service httpd restart
# service nagios restart

and then visit:


there will be a basic authentication, and you can login giving the following default credentials for nagios:

username: nagiosadmin
password: nagiosadmin

You can also change these credentials to whatever you want:

# htpasswd /etc/nagios/htpasswd nagiosadmin

and here enter the password you want.

 4. Change the theme of nagios

You can stay with the nagios default theme, but you can also change it to one of your choice. I like this theme:


and here I will describe how to install it.

# cd /tmp
# wget http://www.be-root.com/downloads/nagios/vautour/vautour_style.zip
# mkdir vautour
# mv vautour_style.zip vautour
# cd vautour
# unzip vautour_style.zip
# mv vautour/ /usr/share/nagios/.
# cd /usr/share/nagios/
# mv html html-backup
# mv vautour/ html
# chmod 775 html

if you miss unzip package install it via yum.

# yum install unzip

5. Install check_mysql_health

I found this plugin very helpfull to monitor my MySQL server.

to install it follow these instructions:

# cd /tmp
# wget http://labs.consol.de/download/shinken-nagios-plugins/check_mysql_health-
# gtar -xzpf check_mysql_health-
# cd check_mysql_health-
# ./configure -prefix=/usr/lib64/nagios/ --with-nagios-user=nagios --with-nagios-group=nagios --with-perl=/usr/bin/perl --with-mymodules-dir=/usr/lib64/nagios/plugins --with-mymodules-dyn-dir=/usr/lib64/nagios/plugins
# cp -p /usr/lib64/nagios/libexec/check_mysql_health /usr/lib64/nagios/plugins/.


6. Configure nagios

In order to organize better your configuration files, I recommend that you should separate each configuration file for each purpose.

I add a file in /etc/nagios/conf.d/


and a file


where I include the declaration of the hostgroups and servicegroups respectively.

Then I create files for each servicegroup in /etc/nagios/objects/ for example I have a hostgroup of webservers, then I create a file webservers.cfg in this directory where I declare hosts and services. Then I add this file path to /etc/nagios/nagios.cfg as here:

# Definitions for monitoring the webservers

7. Validate Configuration

Before restarting the nagios service, you should check the configuration spelling. This can be done, by run:

nagios -v /etc/nagios/nagios.cfg

I ‘ll try to update this post, and describe how to use check_mysql_health and other tools of nagios.

Upgrade from Centos 6.3 to Centos 6.4

Supposing that you have a clear installation of a Centos 6.3 and you want to upgrade it to Centos 6.4, you have to do two steps to complete this process. The first step is to run a yum update command:

yum update

The second step is to remove the deprecated matahari, as proposed from Centos 6.4 Release Notes

To ensure that you have successfully upgraded to 6.4 run the command:

cat /etc/redhat-release

if Centos Relsease 6.4 (Final) is the content of the /etc/redhat-release file then you can continue to the next step:

yum erase matahari*

If it’s a clean installation, possibly there is no remains of matahari packages on the system.