Viewing posts for the category Omarine User's Manual

When to start the firewall?

This article is for those who want to learn the systemd units. The units need to work together and be started at the right time to ensure operational efficiency.

Firewalls are used to control incoming and outgoing packets, block unwanted packets from the outside and allow only certain applications to make new connections from the inside.

Thus the firewall must be running before any network is set up. The target identifying this point is, so we will start the firewall before is a passive unit, it only runs when another unit pulls it in. Here is the firewall service firewall.service

With, the target will be run

The firewall service is installed to be pulled in by the target, a special unit that is started during boot which indicates network functionality is available

firewall.service is the common firewall service that is enabled by default. If you want to run a firewall on a specific network interface, for example wlp3s0, run the following commands as the root user

Preparing to install GRUB on the GPT drive

GPT is a type of partition table for large drives that exceed the 2 TiB size limit of MBR.
Disk partitioning and filesystem creation for GPT drives using disk tools are no different from MBR. However, to install GRUB on it we need to create a BIOS Boot Partition partition specifically for GRUB.

Here are the practical steps on the /dev/sdb drive

1) Create GPT partition table
Before creating the partition table, you should use wipefs to wipe the signatures to avoid warning. All commands here are run as the root user

Fixing the security context of the user file automatically

The user's home directory frequently changes with newly created files or directories. These files must have the correct security context in accordance with the security policy. The restorecond user service is responsible for watching file creation and setting the file security context to the default by policy

Wiping the hard drive before installing the operating system

Many people often think that to have a clean hard drive just repartition the disk and recreate the filesystems. The reality is not so.
For MBR disk partition table, disk partitioning tools like fdisk, cfdisk, parted, and filesystem creation tools like mkfs.ext4 only manipulate the first sector of the disk (sector 0) and sectors beginning from the first partition. We use a USB memory stick to illustrate, the device name is /dev/sdb

Improving xscreensaver service

Because the xscreensaver service needs to run in a graphical session, it should only be started when the graphical procedures and environment are ready. In the scope of systemd's understanding, the target makes such sense. We will therefore arrange for the xscreensaver service to start after (After=) this target.

In addition, the xscreensaver service needs to be installed as part (PartOf=) of The target will manage the xscreensaver service and will stop the xscreensaver service when the session is terminated.