Tuesday, April 12, 2016

Creating Global Aliases in Linux (CentOS 7/RHEL 7)

If you're like me and like to use aliases to simplify administration of your Linux servers, here's the easy way to create global aliases for all users.

  • Create a file in /etc/profile.d such as aliases.sh.
  • Add your aliases to the file.
  • Log off and log back on.
  • Your aliases should work.

As an example, I do a lot of administration through my smart phone (Nexus 6P on Google Fi), so I hate typing long commands. The two commands I use more than any others are "sudo yum -y update" and "exit". (Okay, "exit" isn't a long command, but still...)

Here's the contents of the aliases.sh file I created in /etc/profile.d:
alias yu="sudo yum -y update"
alias x="exit"

Now, all I have to do to run a yum update is type "yu" and all I have to do to exit is type "x".

I can (and will) add whatever other aliases I want to simplify my life to /etc/profile.d/aliases.sh.

Hope that helps.


Saturday, February 13, 2016

Allowing PING Through an ASA

The ASA Security Appliance, by default, blocks ICMP packets which includes PING. In the following post, I'll show you how to create an Access-Control List (ACL) which will permit ICMP traffic through the firewall from the inside to the outside.

In order for an ACL to have any effect, it must be applied to an interface or a function.  In the following example, the ACL is designed to permit inside hosts to ping hosts on an outside network such as the public Internet. In the example shown, “101” is just a label for the list. It could just as easily be a descriptive name such as “permit_ping”. (ICMP stands for Internet Control Message Protocol, the protocol used by ping and some other network utilities.)

The first four lines in the following example identify and permit the traffic flows.  The last line applies the list to inbound traffic on the outside interface.  Note the use of the “access-group 101” statement which applies access-list 101 to the interface.

access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any source-quench
access-list 101 permit icmp any any unreachable 
access-list 101 permit icmp any any time-exceeded
access-group 101 in interface outside

The above access-control list permits several types of ICMP traffic in addition to ping packets. If you want to allow only ping packets, use the following commands:

access-list 101 permit icmp any any echo-reply
access-group 101 in interface outside

The above post is taken from my book Cisco ASA Security Appliance for Accidental Administrators, available in Kindle and paperback editions through Amazon and other resellers.