How to change sshd default port on firewalld

 
Instead of messing around with the ports directly with RHEL7/CentOS7 firewall-cmd, I’ve decided to update the port number in the ssh.xml service file instead. Think it’s cleaner this way.

For example, here are the steps to change sshd port from the default 22 to 9876:

1. Make a copy of the default ssh service file:
cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/

2. Inspect current firewall settings
iptables -nL | grep -e 22 -e 9876
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW

3. Edit /etc/firewalld/services/ssh.xml to change port number
From: <port protocol=”tcp” port=”22″/>
To: <port protocol=”tcp” port=”9876″/>

4. Change /etc/ssh/sshd_config port to 9876

5. Restart sshd
systemctl restart sshd

6. Notice that sshd now listens on new port
netstat -punta

7. Reload firewalld, which will pick up the new port in ssh.xml
firewall-cmd –reload

8. Inspect new firewall settings, notice port changed
iptables -nL | grep -e 22 -e 9876
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            tcp dpt:9876 ctstate NEW

9. Test

htop shows blank screen


Argh! My htop is showing a blank screen. I’m afraid of the dark…helppp!

Solution: export TERM=xterm-color before running htop

My tmux uses TERM=screen and htop didn’t like it on one particular machine while the others are fine. Setting it to the above solves it.

How to determine which repo a RHEL/CentOS package belongs to

I thought this command should show me which repo the package ‘htop’ belongs to, but I was wrong:

[root@server ~]# yum info htop
Loaded plugins: rhnplugin, security
Installed Packages
Name : htop
Arch : x86_64
Version : 0.8.3
Release : 1.el5
Size : 136 k
Repo : installed 
Summary : Interactive process viewer
URL : http://htop.sourceforge.net/
License : GPL+
Description: htop is an interactive text-mode process viewer for...

Notice that it merely indicates ‘installed’ for the ‘Repo’ field? Not very helpful here. I wonder why yum works this way.

To find out which repo ‘htop’ comes from, use this command instead:

[root@server ~]# yum provides `which htop`
Loaded plugins: rhnplugin, security
htop-0.8.3-1.el5.x86_64 : Interactive process viewer
Repo : epel
Matched from:
Filename : /usr/bin/htop

htop-0.8.3-1.el5.x86_64 : Interactive process viewer
Repo : installed
Matched from:
Other : Provides-match: /usr/bin/htop

See ‘epel’ there? Bingo!

Fix outdated/corrupted EPEL repo metadata

yum update failed in RHEL (Red Hat Enterprise Linux) server 5.5 with EPEL repo added:

[root@server ~]# yum update
Loaded plugins: rhnplugin, security
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package cups.x86_64 1:1.3.7-18.el5_5.8 set to be updated
---> Package cups-libs.i386 1:1.3.7-18.el5_5.8 set to be updated
---> Package cups-libs.x86_64 1:1.3.7-18.el5_5.8 set to be updated
---> Package pam.i386 0:0.99.6.2-6.el5_5.2 set to be updated
---> Package pam.x86_64 0:0.99.6.2-6.el5_5.2 set to be updated
---> Package pam-devel.i386 0:0.99.6.2-6.el5_5.2 set to be updated
---> Package pam-devel.x86_64 0:0.99.6.2-6.el5_5.2 set to be updated
---> Package yum.noarch 0:3.2.22-26.el5_5.1 set to be updated
http://mirror01.idc.hinet.net/EPEL/5/x86_64/repodata/b205b049dc386d8d09316372f16b4371cef514bb-filelists.sqlite.bz2: [Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://ftp.riken.jp/Linux/fedora/epel/5/x86_64/repodata/b205b049dc386d8d09316372f16b4371cef514bb-filelists.sqlite.bz2: [Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://mirror.yandex.ru/epel/5/x86_64/repodata/b205b049dc386d8d09316372f16b4371cef514bb-filelists.sqlite.bz2: [Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://ftp.kddilabs.jp/Linux/packages/fedora/epel/5/x86_64/repodata/b205b049dc386d8d09316372f16b4371cef514bb-filelists.sqlite.bz2: [Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://sulawesi.idrepo.or.id/epel/5/x86_64/repodata/b205b049dc386d8d09316372f16b4371cef514bb-filelists.sqlite.bz2: [Errno 14] HTTP Error 404: Not Found
Trying other mirror.
Error: failure: repodata/b205b049dc386d8d09316372f16b4371cef514bb-filelists.sqlite.bz2 from epel: [Errno 256] No more mirrors to try.
You could try using --skip-broken to work around the problem
You could try running: package-cleanup --problems
package-cleanup --dupes
rpm -Va --nofiles --nodigest

Fixed with:

yum clean metadata
yum clean dbcache
yum update