Linux
HOGENT toegepaste informatica
Thomas Parmentier, Andy Van Maele, Bert Van Vreckem
2024-2025
Set up the test environment:
troubleshooting
dbt
- a working database serverwebt
- a web server with faulty configuration$ cd trouble-demo
$ vagrant up
[...]
Interrupt me if you have remarks/questions!
Two VirtualBox VMs, set up with Vagrant
Host | IP | Service |
---|---|---|
webt |
192.168.76.72 | http, https (Apache) |
dbt |
192.168.76.73 | mysql (MariaDB) |
webt
, a PHP app runs a query on the
dbt
dbt
is set up correctly, webt
is not$ ./query_db.sh
+ mysql --host=192.168.76.73 --user=demo_user \
+: --password=ArfovWap_OwkUfeaf4 demo \
+ '--execute=SELECT * FROM demo_tbl;'
+----+-------------------+
| id | name |
+----+-------------------+
| 1 | Tuxedo T. Penguin |
| 2 | Bobby Tables |
+----+-------------------+
+ set +x
Should work from
intnet
sudo apt install mysql-client
/vagrant/query_db.sh
)TCP/IP protocol stack
Layer | Protocols | Keywords |
---|---|---|
Application | HTTP, DNS, SMB, FTP, … | |
Transport | TCP, UDP | sockets, port numbers |
Internet | IP, ICMP | routing, IP address |
Network access | Ethernet | switch, MAC address |
Physical | cables |
ip link
Know the expected values!
Checking Local network configuration:
ip a
ip r
/etc/resolv.conf
resolvectl dns
ip address
/etc/sysconfig/network-scripts/ifcfg-*
Example: DHCP
[vagrant@db ~]$ cat /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE=Ethernet
BOOTPROTO=dhcp
NAME=enp0s3
DEVICE=enp0s3
ONBOOT=yes
[...]
Example: Static IP
$ cat /etc/sysconfig/network-scripts/ifcfg-enp0s8
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.76.73
NETMASK=255.255.255.0
DEVICE=enp0s8
[...]
Watch the logs: sudo journalctl -f
ip route
/etc/resolv.conf
nameserver
option present?Checking routing within the LAN:
dig
, nslookup
,
getent
)ping
ping 192.168.76.72
ping 192.168.76.101
ping 10.0.2.2
ping 10.0.2.3
Remark: some routers block ICMP!
dig icanhazip.com
nslookup icanhazip.com
getent ahosts icanhazip.com
Next step: routing beyond GW
sudo systemctl status SERVICE
sudo ss -tulpn
sudo firewall-cmd --list-all
systemctl status httpd.service
active (running)
vs. inactive (dead)
systemctl start httpd
enabled
vs. disabled
systemctl enable httpd
sudo firewall-cmd --list-all
--add-service
if possible
--get-services
--add-service
and
--add-port
--permanent
--reload
firewall rules$ sudo firewall-cmd --add-service=http --permanent
$ sudo firewall-cmd --add-service=https --permanent
$ sudo firewall-cmd --reload
ss
(not netstat
)
sudo ss -tlnp
sudo ss -ulnp
/etc/services
journalctl
curl
, smbclient
(Samba),
dig
(DNS), etc.ncat
, nc
)journalctl
:
journalctl -f -u httpd.service
/var/log/
:
tail -f /var/log/httpd/error_log
apachectl configtest
getsebool
, setsebool
ls -Z
, chcon
,
restorecon
sepolicy
ls -Z /var/www/html
sudo restorecon -R /var/www/
sudo chcon -t httpd_sys_content_t test.php
getsebool -a | grep http
sudo setsebool -P httpd_can_network_connect_db on
E.g. https://github.com/HoGentTIN/elnx-sme/blob/master/test/pu001/lamp.bats
Why?