Posted in network, Openstack, Security

Neutron Validation Testing Part 3

External/Floating outgoing/incoming network

I have used following steps to test this.

  • Create tenant network, tenant subnet
  • Create shared router
  • For external network, I have created external network ext-net outside of script because we have to do some manual stuff here. For external networking make sure physical Ethernet port is added into external bridge br-ex and network configuration file ifcfg-br-ex and ifcfg-ethX is created with relevant info.
  • Add tenant network interface to router and set gateway of router to external network.
  • Create VM instance into tenant network.
  • Create and assign floating IP to VM
  • Add security rule for PING and SSH testing.
  • For external/outgoing access ping to 8.8.8.8 (google DNS) from VM and for floating incoming access ssh to VM using floating IP from outside.

n5

Continue reading “Neutron Validation Testing Part 3”

Advertisements
Posted in Linux, Security

Access Control List (ACL) Permissions in RHEL 7/Centos 7

Today I am going to show you how to use access control list (ACL) permissions in rhel7. Traditionally we have assigned permission to one user/owner and one group for file or directory but in some cases we need other user or other group apart from owner need to have readonly access or write access on same directory. To achieve this we have access control list permission concept in Linux.

Other users and and groups can also access file or directory even when they are not owners and member of group who is having ownership on that file or directory.

we use only two commands getfacl to see ACL permissions on directory/file and setfacl to set ACL permissions. We can even set default ACL so that new files and sub-directories created in directory will inherit ACL permissions of parent directory.

The filesystem needs to be mounted with ACL support enabled. XFS filesystems have built-in ACL support and Ext4 filesystem in RHEL7 have ACL option enabled by default. In earlier versions of RHEL you may need the ACL option included with mount request.

First we see ACL permission on file named prod.conf.

1

Continue reading “Access Control List (ACL) Permissions in RHEL 7/Centos 7”