Rhce Notes[1]
-
Upload
jagdeep-singh -
Category
Documents
-
view
327 -
download
3
Transcript of Rhce Notes[1]
RED HAT ENTERPRISE LINUX 4.0 ES
Introduction:Unix is the first Operating system in the world, developed by Kem Thompson and Dennis Ritchie in 1969 at Bell Lab by AT&T Company
IBM : AIXSGI : IRIXHP : HPSun : Solaris
FSF:Free software foundation organization, they start a project by name
GNU. The mail aim of this project is to develop such a O.S that can run on any platform.In 1991, a student Linus Tarvalds developed a kernel named Linus’s Kernel plus GNU application called Linux O.SLinux is a open source technology.Different companies that provide Linux in Market are Redhat, SuSe, Mandrake, Turbo, Knoppix etc.
Features and Advantage:
Features:a. Linux is the fastest Operating system in the world. It runs 2 to 3 times
fast than windows O.Sb. Linux is the very secured O.S because there is no any problem of
virus.c. Linux file format is text format and windows file format is binary
format.d. Linux is very reliable O.S because kernel of linux is very stable as
compare to windows kernel not crashed easily.e. Kernel of linux is vcery small, it can be stored in floppyf. Linux uses the x-Window system which is advanced network
windowing system. Using this system we can display output of any workstation monitor attached in the network
Advantages of Linux:a. Virus Proofb. Crash Proofc. Economicald. Multiuser, multi desktop and multi tasking
Mode of Login
There are two mode of login1. Text Mode (Alt+ctrl+F1)2. Graphical Mode (Alt+Ctrl+F7)
In case of Text ModeStation2 Login : rootPassword : redhat
1
[root@station2~]#to switch from one text mode to anotherAlt+Ctrl+F1 to Alt+Ctrl+F6In case of Graphical ModeCtrl+Alt+F7
Common CommandSome of the Common system command are as follow:1. Date : to display date and time2. Cal : to display the calendar3. Cal 11 2006 : display the calendar of Month 11 and year 20064. Clear : To clear the screen5. ls : to list directory contentscolor identificationblue : DirectoriesWhite : FilesGreen : Executable filesRed ; Zip files, rpm, tar fileDifferent switches used with “ls” command
ls –l or ll : used for long listing including file and directory permission(-) : file(d) : Directory(l) : Symbolic link
ls –a : shows all hidden files and directory. Any file followed by (.) is hidden file
ls –al : show all hidden files and directory with long listing or whole description
ls –d : shows all the directory
6. pwd: Present working directory
7. who am I : display the information of current terminal
8. who : display all the terminal in a network
9. history : it shows all the command your have used.By default history stores last 1000 command which u have run. If u want to change # vi /etc/profileHIST SIZE =10Save and exit# history –c ( to clear all the previous command reside in history)
2
Creating file and Directory:
a. Creating file:The ‘cat’ command is used to create a file Syntax:# cat > filenameexample:# cat > abc.txt(Ctrl +D) is used to save the file.
b. View the content of fileSyntax:# cat filenameExample:#cat abc.txt#cat –b abc.txt
c. Creating DirectoryThe ‘mkdir’ command is used to create directorySyntax:Mkdir [directory_name]Example:# mkdir rajOption used:cd : To change directorycd .. : To come out from directorycd : to jump to root directorycd - : to jump to previous directory
Deleting Files and directory:Syntax:For file:
rm <filename>example:
rm abc.txtfor directorysyntax:
rmdir <directory_name>Note: Only empty directory will be deleted)If we want to delete the tree structure of directory then we need to use the following commandSyntax:rm –rf <directory_name>
wherer = recursivelyf= force
in order to remove non empty directorySyntax:
3
rm –r <directory>
example;rm –r rajthis will remove directory step by step ,first remove sub directory and then finally main directory.
Another method of creating file :Touch : this command is used to create a blank file with size zero.# touch <filename>Example:#touch abc
Copying File and Directory:a. Copy file:
Syntax:# cp [source]filename [destination]
b. Copy directory#cp –r [source]directory [destination]to copy a directory into another directory recursively
c. cp –rf [source]directory [destination]to copy a directory forcely
syntax used for copy file or directory:cp [option] file destinationoption:-I : interactive : ask before overwriting file-r : Recursive-p : Preserve-f : forcely
More than one file can be copied at a time if the destination is directorySyntax:cp [option] file1 file2 file 3 Destination
Moving and Renaming File and Directory
Syntax:# mv : move /rename files and directory
Example:# mv [option] file destination
example:# mv t.txt /home/raj/more than one file can be moved at a time if the destination is a directory
# mv [option] file1 file2 file3 destination
4
Getting Help: The command that are used to get the help are discussed as :
a. WhatisDisplay a short description of command , it uses a database that is updated nightly. Often not available immediately after installation.
Syntax:# Whatis cal
b. HelpDisplay usage summary and argument listSyntax:<command> --helpExample:#Date –help
c. Man and Info:Both provide documentation for command. Almost every command has a “man” page. Collection of pages are called linux manual.# man date# info date
Viewing Text PageSyntax:#less [option] [filename]Example:# less abc.txtscroll with arrows/PgUp /PgDown
/text : search for textn : Next Match
Option:-c : Clear before displaying-s : Squeeze multiple blank lines into a single blank line
Simply we can also use “less” along with pipe | as # ll |less
File and Directory:‘ll’ is used to display the information about the files and directory including date, time, users,group, size, name and permission.Four symbols are used when displaying permission.R : ReadW : WriteX : Execute- : no permission
5
-rwxrwxrwx : filesdrwxrwxrwx : directoryfiles and directory permission are symbolized by ten character.
If we want to change permission, then there are two methods:1. symbolic2. Numeric
1. Symbolic Method:Syntax:Chmod mode directory/filenameMode Option:
1. u,g,o2. w,r,x3. +,-4. =
1. # chmod u+rwx file or directory : in case of user only2. # chmod ug+rwx file or directoty : in case of user and group3. # chmod u+w,g+r,o+x directory/file4. # chmod u+rw,g+rw directory/file5. # chmod u-r, g-w,o-rw directory/file6. # chmod ugo+rwx file/directory7. # chmod ugo-rwx file/directory
+ is used to add permission - is used remove permissionchmod ugo=rw directory/filethis command will assign read/write permission to u,g,osuppose we have one file astest.txtpermission : -r- - r- -r- -chmod u=w,g=wx,o=w test.txtthis command will assign write to user, write/execute to group and write to other while remove the previous permission.The main difference between +,= are + operator simply add the new permission with previous one and = assign the new permission while removing old (new permission overwrite an old)
2. Numeric Method:In this method, calculation are based on following numbersr=4 w=2 x=1 0= no permission
Example:#chmod 777 file/directoryin this case user get 7 means that user has permission of read/write/execute, group get 7 means read/write/execute and ame for other
# chmod 531 file/directory
6
in this case user get 5 means that user has permission of read/execute, group get 3 means write/execute and other get 1 means that other has permission to execute.
#chmod 742 file/directory7 : User : rwx4 :Group : r2 : Other : w
Linux file system:
Figure
Root : it is an home directory of super user (root) administratorEtc : it is the location of all configuration file and directory used for server
configuration or system configurationdev : it is a location of the device filehome : it is a location of home directory or regular usersproc : it is a virtual file system or directory not actually store on the disk and
contain system information# cat /proc/meminfo# cat /proc/cpuinfo
boot : contain kernel and boot related filessys : it is also a virtual directory and contain system informationmedia : it is a mount point of removable disk like cdrom floppy usb drive etc.tmp : it contain all temporary fileusr : it is used for software installationlib : it contain all library filesbin : it is the location of all executable files or command or user command
/usr/bin also contain user commandsbin : it contain all system command or super user command /usr/sbinmnt : it is a mount point for physical hard-disk or partitionopt : optional directory and used for temporary workingvar : it is a variable file system or directory and contain all log and error
message
file system type:Dos : Fat 1695/Xp/2000 : FAT32Xp/NT/2000 : NTFSLinux : EXT2,EXT3UNIX : VXFS
7
Representation Of Media Devices:All the device file are stored in /dev/ Hard disk ; /dev/hdxWhere x isa : /dev/hda : Primary masterb : /dev/hdb : Primary slavec : /dev/hdc : Secondary masterd : /dev/hdd : Secondary slave
In case of SCSI, Sata or USB we will use : /dev/sda
CD-rom:/dev/cdrom/dev/cdrom1/dev/cdrecorder
Floppy:/dev/fd0/dev/fd1
to access partition of windows in linux#mount –t vfat /dev/hdax /mntin order to check the label of any partition#e2label /dev/hdaxwhere x is number
Mounting CD Rom # mount –t auto /dev/hdc /media/cdrom-t : file typeauto : file typein order to check where cdrom is attached we can open the file fstab#vi /etc/fstabnow in case of RHEl 3.0 we have to use command in order to unmount.# umount /media/cdromand then eject the cdromin case of RHEL 4.0 we simply type # eject
Mounting Floppy#mount –t auto /dev/fd0 /media/floppyin case of floppy we have to umount first then only we remove floppy otherwise all content of floppy may be lost or floppy may be physically damaged.# umount /media/floppyMounting USB media :- directed by the kernel as SCSI device/dev/sdaxVi Editor:Using vi , we can create or modify any file
8
Vi, vim EditorVi is the standard file editor for Unix and Vim is the standard file editor for LinuxFor Red hat Linux vi and Vim both are sameThere are three mode of vi editor
1. command mode2. insert mode3. save and Exit Mode1. Command mode is again divided into 3 modea. Cursor movementb. Copy, paste, delete, undoc. Text searcha. Cursor Movement
J : DownK : UPL : RIGHTH : LEFT
b. Copy, paste delete, undodd : delete particular lineyy : copy particular lineu : Undop : pastendd : n is the number of line to be deletednyy : n is the number of line to be copied
c. Text Search/textexample/then
2. Insert ModeOption I, insert, a ,o, O
i : insert mode start at the point where cursor is. Same is used with
insert optiona : insert mode start after one charactero : insert mode start after one lineO : insert mode start before one line
3. Save and Exit:q : Quiet:q! : forcely quiet:wq! : save and forcely quiet:wq : save and exit
9
User and Group Administrator
There are three type of user account in Red hat Linux1. Super user or Administrative account2. Regular user account3. service account
1. Super User created automatically at the time of installation2. Regular user Account;a. Using command line method ‘useradd’ or ‘adduser’ commandb. Graphical method by using Red hat user manager utilitya. # adduser user_name (Recommended : minimum 6 character used in password)# passwd user_name
Example:#adduser rakesh#passwd rakesh Now open the file /etc/passwd to check the entry of user
#vi /etc/passwdit contain 7 entry of each user
1. Username2. Password3. userid4. groupid5. blank (User information field ) comment6. home directory7. login shell
password entry for each user will be stored in /etc/shadow# vi /etc/shadow
now in order to check the Userid, Group we use /etc/login.def# vi /etc/login.defwhen any user account is created then user will get userid, groupid automatically from /etc/login.def5th field is used for user information or comment6th field is used for home directory. When any user is created its default home directory is created inside /home/home/rakesh7th field is login shell. Default shell for user is /bin/bashdifferent shells are used
ksh, sh, csh, tcsh,zshshell is an user interface between user and O.S. linux command shell is a prompt that allow us to interact with our system by executing various command.In order to check the shell available use /etc/shells# vi /etc/shellsin order to get the information about the group we need /etc/group
10
#vi /etc/groupit contain four field
1. Group name2. password3. GroupId4. Member of group
# finger : this command is used to get the information about the user
Syntax:#finger username#finger rakesh
#id : this command is used to get userid, groupid of the user
syntax:#id username#id rakesh
Creating Group:Syntax:
#groupadd groupname#groupadd –g gid groupname
Example:#groupadd raj
Exercise:Create a user that should have uid=1000 shell=sh description and home directory as /dataSol:
#useradd –u 1000 –c rakeshpundir –s /bin/sh –d /data rakesh#passwd rakesh
GrpahicallySystem Setting :-> User & GroupOR#system-config-user
Every user have two group one is elementary group or primary group and secondary group
-g : Primary Group-G : Secondary Group
Creating Group#groupadd g1#groupadd g2
Steps:1. adding group to the user
11
#usermod –g g1 –G g2 rakesh2. To change id of the user#usermod –u 1001 rakesh3. change comment#usermod –c rakeshsingh4. change home directory#usermod –d /rakesh-home rakesh –m5. change shell#usermod –s /bin/bash rakesh6. change user login name#usermod –l newname oldname#usermod –l rajesh rakesh7. Change Group name#groupmod –n newname oldname#groupmod –n group1 g18. change Group id#groupmod –g 2005 group1
Redirecting Input /OutputThe standard Output of command , which normally display on the terminal can be redirected into a file. Similarly standard error, which normally display on the terminal can be redirected into a file.Common redirection operator
> : command>file : output command to file>> : command>>file : Append output of command to file< : command>file : receive input from file2> : command2>file : error from command to file2>> : command2>>file : append
Example:#find /etc –name passwdthis command will search for all file name passwd in /etc and its subdirectoriesnow we can redirtect the standard outpout#find /etc –name passwd > outputoutput is a file where command output will be stored. Standard error is still displayed on the screen#cat outputIf the target file of the file redirection with > already exists, the existing file will be overwritten. To append data to an existing file use >> to redirect instead of >#find /etc –name passwd >> output
Redirecting standard ErrorWe can redirect standard error with 2>#find /etc –name passwd 2>errorfilestandard output is displayed on the screen , redirect further standard error, appending to the same file with 2>>#find /etc/ -name passwd 2>>errorfile
12
#cat errorfile
Symbolic links:A symbolic link point to another file. We can display the link name and the referenced file by ‘ls –l’#ls –l pflrwxrwxrwx 1 root root pf->/etc/passwdfile type: l for symbolic linkthe content of the symbolic link is the name of the file that is referencedSyntax:
Ln –s filename [linkname]Example:
Ln –s /etc/passwd passwordThere are seven fundamental file type- : regular filed : symbolic linkb : block special filec : character special filep : named files : socket
character special file are used to communicate with hardware one character at a time. Block special file is used to communicate with hardware a block of data at a time : 512 bytes, 1024 bytes, 2048 bytesls –l /dev |less { to check c and b files}named pipe type of file that passes data between processes. It stores no data itself socket file are used for inter process communication.
Checking Free Space:In order to check the free and usage space per file system and directory and each sub directory we have two command
a. dfb. du
the ‘df’ command reports on a per file system basis. It report total disk space , disk space used , disk space free#df –h-h : used multipliers such as G or M for gigabytes and Megabytes
The ‘du’ command reports the number of kilobytes contained by the items within a directory #du –s#du –h-s : used to request only the summary directory information#du –s /etc
Aliases:
13
Aliases are shortcut names for large commands. If we have command that run often, but take a considerable amount of typing, we can reduce these to an aliases.Alias c=clearWe can make a permanent entry of alias in .bashrc fileType:#vi .bashrcalias c=`clear`save and exitTest your change by logging out, logging back and type the following#alias#c
Default Permission:The default permission for files is 666 and directory is 777. umask is used to withhold permission. Default root’s umask is 022. without a umask in effect, only file created will have 666 permission and directory will have 777. this means that anyone on the system will have read and write access to any file. A umask of 002 will result in file created with 664 permission and directory with permission 775.Default umask on Red hat enterprise linux is 002. to change#umask 022umask is typically set by script run at login time. The next time you lig in umask will be set bask to your default unless you add command to one of your startup files such as .bashrc.
Run Level:To check the run level we need to see the file /etc/inittab#vi /etc/inittabdefaults run – level used by RHS are0 : hault ( do not set init default to this)1 : single user mode2 : multi user mode without networking3 : multi-user mode with networking4 : unused5 : X11 (Graphical)6 : reboot
#runlevel : this command shows that in which run level you are at present
in init 3 runlevel, if you type command startx to go to the graphical mode then it will not ask you for password.By default we have 6 virtual console (text mode), but we van increase or decrease the number of text mode simply by editing the file /etc/inittab
#vi /etc/inittabline No 18 : id:5:initdefault(we can change this value from 1 to 5 as per our need)
14
Line No 44 :1:2345:respawn:/sbin/mingetty tty12:2345:respawn:/sbin/mingetty tty2...6:2345:respawn:/sbin/mingetty tty6in these line if we add one more line the number of virtual console increase and if we remove one line , virtual console terminal decrease.For adding7:2345:respawn:/sbin/mingetty tty7after editing this file we need to sane and exit#init q : this command is used to activate the change made.
Welcome Message at the time of login:We need to edit the file /etc/motd#vi /etc/motdtype any message which we want to display“WELCOME TO ICON”save and exit
INSTALLATION:Installation can be done either by CDROM , NFS, LAN, FTPPartition type and its size
/ 10000MB/boot 128MB/home 1000MBswap 256 MB ( 1.5 to 2 times more than RAM Size)
to check the RAM size do the following stepCtrl+alt+f7Then type the following#cat /proc/meminfothis command will display the size and other information regarding RAMCtrl+Alt+F7 to return to the installation mode.
Note:While installation we have to make sure that firewall option should be disable
1. No firewall2. Selinux disable
Following Package are needed at the time of installation.Desktop
1. X Window2. GNOME
Application1. Text Editor
15
2. Graphical Internet3. Text Based Internet
Server1. Server configuration tools2. Web Server3. Mail server4. DNS server5. FTP Server6. Network Server7. Legacy Network Server ( in this select Telnet)
System1. Administrative Tools2. System tools3. Printing tools
Max Space Needed : 6132MBMin Space Needed : 681 MB
While Installing Redhat linux 4.0 WS with the help of NFS and FTP, we have to perform the following stepFirst we have to check the rpm of ftp/nfsftp : vsftp-2.0.1…….nfs : nfs-utils-1.0.6……Now copy the disk 1 of the Redhat linux into the folder “/var/ftp/pub”Now copy RPMS of remaining CD’s (Disk 2,3,and 4) inside /var/ftp/pub/RedHat/RPMS/Now we need to configure the exports file.#vi /etc/exports/var/ftp/pub 192.168.0.0/255.255.255.0(rw,sync)save and exitnow start the service#service portmap restart#chkconfig portmap on#service nfs restart#chkconfig nfs on
Now Boot the new system from disk 1 of Redhat linux and typeLinux askmethodChoose language : EnglishKeyboard Type : U.SInstallation Method : NFS ImageNFS Server name : 192.168.0.254NFS Dierctory : /var/ftp/pubAnd continue the installationThere is slightly change in case of FTP
In case of FTP:Boot the system from disk 1 of redhat linux and typeLinux askmethodChoose language : English
16
Keyboard Type : U.SInstallation Method : FTPThen first mentioned your system ip address in order to identify itself in network192.168.0.24255.255.255.0then mentioned the FTP server address as192.168.0.254255.255.255.0mount point : pub ( as in case of FTP the default path is /var/ftp)and continue the installation
Kick StartKick start is one of the automatic installation method. Before making kick start file we need to check the rpmRpm : system-config-kickstartKick start consist of installation wizard which we can configured for another system like general information, root password, package , set the language, keyboard type, network, installation type etc. then save the kick start with any name say nfsks.cfg under /rootSuppose we use NFS type then we have to mentionedNFS Ip address : 192.168.0.254Path : /var/ftp/pubNow we have to edit the file nfsks.cfg by editing one lineSelinux-disableNow we have to configure the file /etc/exports#vi /etc/exports/root 192.168.0.0/255.255.255.0(rw,sync)/var/ftp/pub 192.168.0.0/255.255.255.0(rw,sync)
Now start the service#service portmap restart#chkconfig portmap on#Service nfs restart#chkconfig nfs on#service dhcpd restart#chkconfig dhcpd on
Now boot the new system by Disk 1 of RedHat linuxAnd typeLinux ks=nfs:192.168.0.254:/root/nfsks.cfgAnd continue the installation
RPM (RedHat Package Manager)RPM package contain the file and directories associated with specific application and program.
17
RPM namegenerally includes version, release and architecture for which it was build.LikeZip-2.3-8.i386.rpm
To install RPM:#rpm –i rpm_name
To Remove RPM#rpm –e rpm_name
In order to remove those package which has dependency#rpm –e rpm_name –nodeps
Switches used with RPM-i or --install-e or --erase-U or--Upgrade-F or --Freshenwe can install rpm by using#rpm –ivh rpm_name-I : Install-v : Verbose-h : Human view (Hash Sign)
To Upgrade RPM:#rpm –U rpm_name
To repair any corrupted rpm package#rpm –F rpm_name
To make any rpm query#rpm –q rpm_name
To check all rpm of related pacakes#rpm –qa |grep rpm_name
To check particular file associated with which rpm# rpm –qf /etc/passwdpasswd file is associated with setup-2.5 rpm
To check the rpm containing which file#rpm –ql rpm_namethis command will list all the file associated with particular rpm.
To get the information about the particular rpm.#rpm –qi rpm_name
To Install any rpm forely#rpm –ivh rpm_name –force
18
Installing dependent packages:Suppose we have 4 rpm’s r1,r2,r3 and r4 , we need to install r4 but r4 depends on remaining rpm’s then we use this command.
To check any rpm’s query#rpm –qa “sendmail*”
To check rpm’s of related service#rpm –qa |grep bind
Task Automation and Task SchedulingIt is used to perform the task at particular timeTwo command are used
a. atb. crontab
syntax:#at timeat>command Iat>command IIctrl+D
Example:#at 10:30at>ejectat>eject –tctrl+D
Option used#at now#at now+5 minutes#at now+5 hours#at now+5 days#at tomorrow#at 10:30 july 16 2006we can also restrict the user not to use the ‘at’ command. Restriction will be provided by root login with administrator.#vi /etc/at.denyinside this file we have to just mentioned the name of the user in order to restrict him not to use ‘at’ command. Just save and exit form the fileBy default all users are allowed to use ‘at’ command. ‘at.deny’ is default in system. We can also create a file ‘at.allow’ file. Once we create this file, now by default all users will be restricted to use ‘at’ command and only that user which have entry on ‘at.allow’ will allow to use the ‘at’ command.Another method is to make an entry inside the ‘crontab’ file. Entry will be done by the root. Difference between these two method is crontab is used to
19
perform the same task many times whereas job through ‘at’ command will be removed after the task has been performed.
Syntax: ( By root login)#crontab –esix field are listed1 2 3 4 5 6minute hour day of Month day of
commandmonth Week
Example:35 10 31 05 3 eject36 10 31 05 3 eject –t
Minute : 0-59Hours : 0-23Day of Month : 1-31Month : 1-12Day of Week : 0-70 and 7 are Sunday
#service crond restart
#Whereis ejectthis command display the path of the command. It is better to use the full path of the command inside crontab instead of just the name of the command.We can also make the entry as35 10 * * * eject36 10 * * * eject –t
In this case. These two jobs will be performed at 10:35 in every month.Some command which are executed with ‘at’ or ‘crontab’ send their output to the user mail box. These command are executed on background and their output is transferred to the particular user’s mail box. In order to see the output of the command we use.#muttThis command will open the mailbox from where we check the outputSome of the switched used with the ‘crontab’ #crontab –lList out all the job scheduled in crontab.
#crontab –rCan remove the job from the crontab.
#atq : list the job number scheduled in at#atrm jobno : to remove any job
Fdisk:
20
Representation of Hard disk/dev/hdx/dev/had : Primary Master/dev/hdb : Primary Slave/dev/hdc : Secondary Master/dev/hdd : Secondary slaveFdisk command is used to create a partition#fdisk –lDisplay the partition ListingCreating Partition#fdisk /dev/hadPress(m for help): m
Some important switches areD : delete partitionN : NewL : listingQ : quitW : Save and ExitT : changed type Press : nl : Logical (5 or above)p: Logical partition( 1-4)Type lFirst cylinder (Take as default): Press EnterLast Cylinder or +size or +sizeM or +sizeK (….) : +100MCommand (m for help) : w# partprobe( to update the partition table without restarting the computer)
Now we need to format the partition#mkfs.ext3 /dev/hdaxWhere x is the number of partition that is newly createdNow we mount this partition#mkdir /partx#mount –t ext3 /dev/hdax /partxOr#mount /dev/hdax /partxTo mount this partition permanently make the entry in fstab#vi /etc/fstab/dev/hdax /partx ext3 defaults 1 2
Increasing the Size of Swap PartitionThere are possibilities that any time we can increase the size of RAM, at that time we need to increase the size of swap partition as per the increased size of the RAM.
21
There are two method of doing soa. creating partitionb. Creating file
A. Creating Partition:i. We have to create one partition of size say 200MB and change its
type to 82 (swap type) . save and exit and then run the command “partprobe”
ii. Format the partition say /dev/hda9#mkswap /dev/hda9
iii. Make the swap partition active#swapon /dev/hda9
iv. to check the entry of swap partition# cat /proc/swaps
If we want to make the permanent entry in fstab then#vi /etc/fstab/dev/hda9 swap swap defaults 0 0
B. Creating filei. first make an empty file
#touch /swpii. Now we customize the size of the swap
# dd if=/dev/zero of=/swp bs=1M count=200iii. Format the newly created swap file
#mkswap /swpiv. Active the swap file
#swapon /swpTo check the entry of swap file#cat /proc/swapsIf we want that automatically this swap file activate , we need to make the entry in /etc/ec.local# vi /etc/rc.localMake the following entrySwapon /swpSave and exit
User Quota:Monitoring and controlling disk space usage is another important part of a system administrator tasks. User quota is used to restrict the amount of disk space on each partition by each user.Steps
1. Edit the file /etc/fstab# vi /etc/fstabSearch the following line “LABEL=/home /home etx3 defaults 1 2”Just add ‘usrquota’ after the word ‘defaults” as“LABEL=/home /home ext3 defaults,usrquota 1 2”
2. Remount the home partrition# mount –o remount /home
22
Where –o I used to active comma separator used in fstabAfter given a quota we must remount the directory with user quota or if we restart the system , it automatically remount.
3. Now check the mount quota# quotacheck –avumWhere
-a : Scan file system with quota enabled-v : Verbose mode-u : Scan for user quota-m : Remount file system with quota enabled
4. Now check the /home#cd /home#lsFile aquota.user will created)
5. Now add quota for particular user# edquota –u usernameOutput of this commandFile System Block soft hard inode soft hard/dev/hda2 24 0 0 9 0 01 block=1KbyteSuppose we set the userquota by block size i.e we set the soft limit to 3000 and Hard limit to 4000 i.e. 3M and 4M/dev/hda2 25 3000 4000 9 0 0Block and inode has a grace period of 7 days ( by default)
We can set the quota either by setting blocks soft and hard limit of inode ( Number of maximum file created)
6. Make the quota on# quotaon /home
7. We can generate the quota information #repquota /home
Note:We can generate the file of big size to check the quotaSyntax:#dd if=/dev/zero of=bigfile bs=1M count=3To check the quota for particular user after login#quotaTo set the grace period for particular user#edquota –T username
To assign quota of one user to another user#edquota –p user1 user2
We can also set the quota for particular user by using following command.#setquota -u username 2000 3000 20 25 /home
23
LVMLogical Volume manager
LVM is an extensible partitioning tool using which we can modify or resize any partition without changing our existing data.
/dev/hdaxFigure
/dev/hdax
In order to create LV ( logical volume) we need to create a partition.#fdisk /dev/hadPress( m for Help): nl : logicalp : PhysicalType ‘l’First Cylinder : Press EnterLast Cylinder (+sizeM or +sizeK) : +100MCommand : t : t for change the typePartition no : x : x is the number of partititonType : 8e : 8e for LVMCommand : w#partprobe
Now we create a Physical Volume (PV) #pvcreate /dev/hda8Display the PV Information#pvdisplayNow we create Volume group#vgcreate Vg00 /dev/hda8Display the Vg information#vgdisplayFinally we create a logical volume#lvcreate –n lv00 –L+50M vg00Where -n : logical name-L: sizeDisplay the LV information#lvdisplayAfter creating the logical volume, we need to format#mkfs.ext3 /dev/vg00/lv00Finally we mount it on /lvm#mkdir /lvm#mount /dev/vg00/lv00 /lvm
Extending the size of LVM#lvextend –L+50M /dev/vg00/lv00
24
After adding we need to run ext2online command in order to assign file system type to the added size#ext2online /dev/vg00/lv00
Reducing the size of LVM#lvreduce –L-20M /dev/vg00/lv00If the size of the logical volume is full and we need more space to store data we need to create new partition , change its type to LVM by ‘8e’ then create the physical volume and add that with volume group (vg00)#vgextend vg00 /dev/hda9After that extend the size of logical volume In order to delete the logical volume#umount /lvm#lvremove /dev/vg00/lv00#vgremove vg00#pvremove /dev/hda9#pvremove /dev/hda8Then finally using the fdisk remove hda8 and hda9
RAIDRedundant Array Of Inexpensive Disk
RAID is a series of disk which can save your data even if there is catastrophic failure on one of the diskRAID are classified as RAID0, RAID1 and RAID 5RAID 0 : require minimum 2 HDD and also known as stripping without parityRAID 1: require minimum 2 HDD and also known as disk mirroringRAID 5: minimum 3 HDD requirement and also known as stripping with parity
First we create the two partition say each of 100MB and then change its type to (‘fd’) Raid Now we create a RAID#mdadm –C /dev/md0 –level=1 –raid-disks=2 /dev/hda8 /dev/hda9Now check the raid#cat /proc/mdstat‘OR’#mdadm --detail /dev/md0Format the newly created RAID#mkfs.ext3 /dev/md0Now mount it #mkdir /raid#mount /dev/md0 /raidIn order to check first we fail any one of the partition#mdadm --manage /dev/md0 --fail /dev/hda8Check the status of the RAID#mdadm --detail /dev/md0Removing the failure partition#mdadm --manage /dev/md0 --remove /dev/hda8
25
To add new disk partition#mdadm --manage /dev/md0 --add /dev/hda10
Note:In order to add new partition first we create the partition and change its type to ‘fd’
Introduction to System ServiceEvery computer that connect to network require some IP address assign permanently to a computer host known as static IP address and some IP address leased by DHCP server for a limited period of time known as dynamic IP address.There are 2 standard IP address
1. IPv42. IPv6
IPv4 has a 32 bit and are in Octet-doted decimal listsExample: 192.168.254.254IPv6 address have 120 bits
To check the connectivity#ping 172.24.254.254To check the IP address#ifconfigTo set the IP address#netconfigOr#vi /etc/sysconfig/networkOr#vi /etc/sysconfig/network-scriptd/ifcfg-eth0Device = eth0Boot Proto = staticOnboot = yesIPaddr = 172.24.0.2Netmask = 255.255.0.0Gateway = 172.24.254.254
To make Network UP and DOWN#ifdown eth0#ifup eth0We can also assign temporary IP address to a LAN card. It will remain until we restart the computer then after that it will take IP address from ifcfg-eth0#ifconfig eth0 172.24.0.10
Introduction To System ServiceAccording to the service management, service are divided into three category
1. service which are managed by init command, which are not TCP/IP services
2. service which are managed by service command
26
3. service which are based on xinetd that is some back ground process services
to check the service whether ON or OFF use#service service_name status#chkconfig –list#chkconfig –list service_name
Example:#service nfs status#chkconfig –list#chkconfig –list nfs
To Make service ON or OFF#chkconfig nfs on#chkconfig nfs off
To stop the particular service for particular Run level#chkconfig –level 3 nfs off#chkconfig –level 3 5 on/offTo make on or off in run level 3 and 5
#ntsysv : will start /stop all the services in a particular run level. It will display the dialog box in which all the services are mentioned
DHCPDynamic Host Configuration Protocol
DHCP provides IP address to host computer dynamically by the range of addresses or statically or fixed address by MAC address
Service ProfileType : System V managed ServicePackage : dhcpDaemon : dhcpdScript : dhcpdFile : /etc/dhcpd.confPort : 67,68
First check the rpm#rpm –q dhcpCopy and rename dhcpd.conf.sample to dhcpd.conf in /etc#cp /usr/share/doc/dhcp-3.0.1/dhcpd.conf.sample /etc/dhcpd.confNow open file#vi /etc/dhcpd.conf
Set the following configurationSubnet : 172.24.0.0;Netmask : 255.255.0.0;Option router : 172.24.254.254;Option subnet-mask : 255.255.0.0;
27
Option nis-domain : “RHCE”;Option domain-name : “example.com”;Option domain-name-server : 172.24.254.254;
Range dynamic-bootp 172.24.0.1 172.24.0.10Save and exitStart the service
#service dhcpd restart#service portmap retstart
#chkconfig dhcpd on#chkconfig portmap on
Client Side#dhclientDhclient is used to give the request to dhcp server to assign an address to clientNow if we want to assign the static IP address by their MAC address
#vi /etv/dhcpd.confSet the following configuration
host stationX {hardware Ethernet 00:34:e3:5r:q1:34;
fixd-address 172.24.0.54;wherex : Station number
NFSNetwork File System
NFS server is used for file sharing and directory sharing between linux to linux machine
Service ProfileType : System V-managedPackage : nfs-utilsDaemon : rpc.rquotad, rpc.statd.nfsdScript : nfsPort : 2048Configuration File : /etc/exports
Check the rpm# rpm –q nfs-utils
Server SettingFirst make the folder which you want to share
28
#mkdir /share#cd /share#touch a d f#chmod o+w a bNow open the configuration file#vi /etc/exportsMake the following entry
/share172.24.0.0/255.255.0.0(rw,sync)
Save and exit
/share will be shared by the entire network
Start the service#service portmap restart#chkconfig portmap on#service nfs restart#chkconfig nfs onNote:We need to restart the service portmap before nfs service in order to assign port number.To check#showmount –e 172.24.254.254#showmount –e server1
ClientMount the /share directory on client machine#mount –t nfs:172.24.254.254:/share /mntWhere /mnt is a mount point
For sharing particular IP addressServer:#vi /etc/exports/share172.24.0.3/255.255.0.0(rw,sync)/share172.24.0.4/255.255.0.0(rw,sync)
For two different network#vi /etc/exports/share172.24.0.0/255.255.0.0(rw,sync)/share172.25.0.0/255.255.0.0(rw,sync)
For all world#vi /etc/exports/share*(rw,sync)If we give a space between the network and (rw,sync), then it will mount for everyone#vi /etc/exports/share172.24.0.0/255.255.0.0 (rw,sync)
29
If we give no permission then it will take (ro,sync)
#export –r#export –a#export –arIf we run this command then there is no need to restart portmap and nfs again and again.
NISNetwork Information Service
NIS provide simple directory service for system and account information. NIS server is used to manage the system and account information on multiple system from the central server.
Service ProfileType : system V managePackage : Server
Portmap ypserv makeClient
Authconfig authconfig-gtk portmap yp-tools ypbindDaemon : rpc.ypserv rpc.yppasswdddScript : ypserv, yppasswddConfiguration : /etc/sysconfig/network
/var/yp/Makefile
Server Setting:Steps
1. Check the rpm’s
#rpm –q portmap ypserv make
2. Edit the file
#vi /etc/sysconfig/networkDefine the following lineNISDOMAIN=ICONSave and exit
3. Edit the file
#vi /var/yp/MakefileSearch for “/all: “ lineRemove all the entry exceptall: passwd group hosts netidsave and exit
4. Start the service
30
#service portmap restart#chkconfig portmap on#service ypserv restart#chkconfig ypserv on
5. Now create a database for NIS server# /usr/lib/yp/ypinit –m
-m : Master
6. Now create a user with home directory /rhome/nisuserX#mkdir /rhome#adduser –d /rhome/nisuser1 nisuser1#passwd nisuser1
7. Make the entry of the home directory of user in /etc/exports file#vi /etc/exports
/rhome/nisuser1 172.24.0.0/255.255.0.0(rw,sync)
Save and exit
8. start the service#service portmap restart#chkconfig portmap on#service nfs restart#chkconfig nfs on#service yppasswdd restart#chkconfig yppasswdd on
9. Finally Update the database#cd /var/yp#make
Client Setting:1. Check the rpm’s
#rpm –q portmap authconfig authconfig-gtk yp-tools ypbind
2. Run the command#authconfigOr#system-config-authentication
In this enable and write the following option“Enable NIS option” and Press F12In NIS SettingDomain : ICONServer : 172.24.254.254
3. Edit Two File “auto.master” and “auto.misc”
31
#vi /etc/auto.master
/rhome /etc/auto.misc --timeout=60This file define the path of the home directory
#vi /etc/auto.misc
Nisuser1 -rw,soft,intr 172.24.254.254:/rhome/nisuser1Save and exit
4. Start the service#service autofs restart#chkconfig autofs on
5. Run the following command to check the password#ypcat passwd#getent passwdypcat will display the entry of server user informationgetent will display the entry of local and server user information
6. Finally login with user as “nisuser1” and passwd
DNSDomain Name Server
DNS translate IP address to hostname or vise versa
Service Profile
Type : System V managePackage : bind, bind-chroot, caching-nameserver, bind-utilsDaemon : namedScript : namedConfiguration file:
/var/named/chroot/etc/named.conf/var/named/chroot/var/named/*
Port : 52 (UDP), 53 (TCP)
Server Setting1. Edit the file named.conf
#vi /var/named/chroot/etc/named.confEdit the line after copying line N 37 to line 47Zone “example.com”{
Type master;File “example.zone”;
32
Allow-update {none;} ;};Zone “24.172.in-addr.arpa”IN{
Type master;File “example.local”;Allow-update {none;};
};
2. Now Enter inside the following directory#cd /var/named/chroot/var/namedMake two file by copying #cp localhost.zone example.zone#cp named.local example.local
3. Edit the file example.zone$TTL 86400@ IN SOA server1.example.com. root.server1.example.com. (
……….……….……….……)
@ IN NS server1.example.com.254.254 IN PTR server1.example.com.1.0 IN PTR station1.example.com.2.0 IN PTR station2.example.com.4.0 IN PTR station3.example.com.Note:Like this we can make entry all the stations connected to that network
Save and exit
4. Edit example.local file#vi example.local$TTL 86400@ IN SOA server1.example.com. root.server1.exampler.com (
………………………………….)
@ IN NS server1.example.com.Server1 IN A 172.24.254.254Station1 IN A 172.24.0.1Station2 IN A 172.24.0.2Station3 IN A 172.24.0.3Station4 IN A 172.24.0.4www IN CNAME server1www1 IN CNAME station1www2 IN CNAME station2www3 IN CNAME station3www4 IN CNAME station4
33
save and exit
5. Start the service#service named restart#chkconfig named on
6. Dig the server#dig server1.example.com#nslookup server1.example.com#nslookup 172.24.254.254
7. Check the file /etc/hosts file
DNS Client
Open the file and check the setting#vi /etc/resolv.confNameserver 172.24.254.254Search example.com
Savce and exit
Now finally use the Dig and nslookup command to check the DNS from client side
TermIN : InternetSOA : Start Of AuthorityTTL : Time to LineNS : Name serverA : Address RecordPTR : Pointer RecordMX : Mail serverSOA is the first line in the zone file. It identifies the name server as the authoritative source for information about this domainTTL indicate how long to hold the data in their cacheNS shows the name of name serverA shows the IP address for name serverMX is a mail Exchange recordPTR is used to point to the name serverCNAME is CONONICAL name shows the real name of the host
Squid Proxy Server
Proxy server is used for Internet Sharing
34
Server Profile
Type : System V managePackage : SquidDaemon : SquidScript : SquidConfiguration : /etc/squid/squid.confPort No : 8080 , 3128
Steps
1. Check the rpm’s#rpm –q squid
2. Edit the file squid.conf#vi /etc/squid/squid.confLine number 54http-port 8080
Line number 481cache-mem 100MB
Line number 1805 (syntax : acl acl_name acl_type network or domain)acl icon src 172.24.0.0/255.255.0.0
Line number 1865http-access allow icon
In order to deny we writehttp-access deny aclnameLikehttp-access deny icon
If we want to restrict any siteSyntax : acl aclname acltype Name or domainExample:acl icon1 dstdomain .hotmail.com
Start the service#service squid restart#chkkconfig squid on
Client Side:1. Click on Mozilla Web Browser2. Click editPreferences3. Click on “Connection Setting”4. Select “ Manual Proxy Configuration”
Http Proxy : 172.24.254.254 Port 8080
35
Send MailSendmail is used to configure the mail server on the server in order to send and receive the mail.
Service Profile
Type : System V managePackage : sendmail, sendmail-cf, procmail, mutt , m4Daemon : sendmailPort : 25Configuration File : /etc/mail/sendmail.mc
/etc/mail/sendmail.cf/etc/mail/access/etc/aliases
Steps:1. Edit the file sendmail.mc
Line number 105DAEMON-OPTION(……………………….)
Disable this line by addingdnl#
2. Now create a new sendmail.cf file through sendmail.mc#m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
3. In order to allow / restrict other network or client or any user to send mail we edit file /etc/mail/access
#vi /etc/mail/access172.24 OK172.24.0.4 [email protected] DISCARDOK : AllowREJECT : restrict and message reply will comeDISCARD : restrict and message reply will not come
4. In order to redirect the mail of any user to another we edit#vi /etc/aliasesRoot : raj,rakesh,[email protected] editing this file, we need to run the ‘newaliases command to update the file#newaliases
5. Start the Service#service sendmail restart#chkconfig sendmail on
6. To check the mail#muttIf any problem come that /var/spool/mail/root does not exits then create a file by
36
#touch /var/spool/mail/root
CUPSCommon Unix Printer System
UPS is the primary printing system under Re Hat Enterprise Linux. CUPS support a new Internet Printing Protocol (IPP), based on HTTP/1.1
Configuration
Steps:1. Type the following command
#printconfigOr#system-config-printer
AssignQueue name: xyzDevice name : IPPSelect Printer Driver “ raw printer queue”Server : server1.example.comPath for the Queue Directory : /printer/xyz
And finish the Wizard
2. Check the status of the Queue#lpq
3. To Print any file#lp <filename>#lpr <filename>
4. To remove any job#lprm job_numberOr #cancel job_number
5. To check status with job number#lpstat
FTP:File Transfer Protocol
FTP provides file sharing between linux to linux , linux to Unix and Linux to Windows
37
Service Profile
Type : System V managePackage : vsftpdDaemon : vsftpdScript : vsftpdConfiguration File : /etc/vsftpd/vsftpd.confPort : 21
FTP service provide two level of accessa. Anonymous Accessb. User Access
AIn Anonymous access client machine can connect to target machine
via users FTP and anonymous. In this case we don’t require password. By default these users have only permission to download (get)
BIn user access, client machine connect to Target machine by having
username and password on Target machine
For anonymous user FTP working directory is ‘/’/ = /var/ftp
We can also provide user level security We have two files#vi /etc/vsftpd.ftpuser#vi /etc/vsftpd.user_list
User entry in these two file are not allowed to access ‘ftp’If we want that user entry in vsftpd.user_list can only access ftp server then we need a entry in vsftpd.conf#vi /etc/vsftpd/vsftpd.confAdd following line
Userlist-deny = No
In order to assign upload permission to ftp and anonymous users
#vi /etc/vsftpd/vsftpd.confAnonymous-enable = yes
#uncomment line 27Anon-upload-enable = yes#uncommentChown-uploads = yesChown-username = daemon
Now create a directory inside /var/ftp#mkdir upload
38
#chmod 777 uploadChgrp ftp uploadAssign group owner ship to ftp to ‘upload’ directory
Start the Service
#service vsftpd restartAccess FTP#ftp 172.24.254.254For Anonymous userUsername = ftpPassword =`press Enter`
For User AccessUsername = rakeshPassword = *****
In Graphicalftp://[email protected]
To upload: putTo download : getExample:
#put <filename> to upload any file in user home directory#get <filename. To download any file from user home directory
We can also open ftp server as#elinks ftp://172.24.254.254
APACHE WEB SERVERApache Web Server is used for Web Hosting. With the help of Apache we can host multiple Website.
Service Profile
Type : System V ManageDaemon : httpdScript : httpdPort : 80Package : httpd, portmap
Configuration File : /etc/httpd/conf/httpd.conf
Steps:
1. Check the rpm#rpm –q httpd
39
2. For multiple Hosting we need to uncomment line number 1003NameVirtualHost 172.24.254.254:80Now copy line No 1016 to No. 1022 and paste at last
<VirtualHost 172.24.254.254:80>ServerAdmin [email protected] /wwwServerName server1.example.com</VirtualHost>
Save and exit
Now create a directory#mkdir /www#cd /www#vi index.html
Now start the service #service httpd restart#service portmap restart#chkconfig httpd on#chkconfig portmap on
Now dig the site#dig server1.example.com#elinks http://server1.example.comRestriction For User to Access Web site
#vi /etc/httpd/conf/httpd.conf<VirtualHost 172.24.254.254:80>
ServerAdmin [email protected] /wwwServerName Server1.example.com<Directory /www>
Option Indexes IncludesAllowOverride Authconfig
</Directory></VirtualHost>
Now create one file .htaccess in /www#vi /www/.htaccessAuthName “allow users”AuthType BasicAuthUserFile /etc/httpd/ht.accessRequire valid-user
Save and Exit
Now create one user#adduser raj
40
#htpasswd –c /etc/httpd/ht.access raj#chgrp apache /etc/httpd/ht.access
Start the Service#service httpd restart#chkconfig httpd on
#elinks http://server1.example.com
Open SSH Server
SSH or Secure Shell is used for the purpose of remote login between linux to linux and linux to Unix. The main difference between SSH and telnet is that SSH can be used for file transfer.
Service Profile
Type : System V managePackage : open ssh, open ssh-server, openssh-clientDaemon : sshdPort : 22Script : sshdConfiguration File : /etc/ssh/sshd-config
If you want root should not login then#vi /etc/ssh/sshd-configLinePermitRootLogin NoUncomment line number 13 and 14Port 22Protocol 2,1Save and exit
Start the service#service sshd restart#chkconfig sshd on
#ssh [email protected] ( by User)#ssh 172.24.254.254 (By root)If you want to display any welcome Note at the time of connecting#BannerBanner /etc/banner
If you want to copy file from ssh server to client#scp 172.24.254.254:/root/install.log /mnt
41
If you want to directory#scp –r 172.24.254.254:/root/raj /mnt
If you want to copy file from client machine to ssh server#scp /root/anaconda-ks.cfg 172.24.254.254:/root
Remote shut down#ssh 172.24.0.6 init 6OrSlogin command can also be used
SambaSamba can be used to share file and printer between linux to linux, linux to Unix and Linux to windows
Service Profile
Type : System V ManagePackage : Samba, samba-common, samba-clientDaemon : smbd, nmbdScript : smbPort : 167,168,169Configuration file: /etc/samba/smb.conf/etc/samba/smbpasswd
Edit the file smb.conf#vi /etc/samba/smb.confWorkgroup = CORPServer String = SambaHost allow = 172.24.254.254/255.255.0.0Then copy last 8 line[raj]Path = /dataValid users = raj rakeshPublic = noWriteable = yesBrowse able = yesSave and exit
Now create a Users#adduser raj#adduser rakesh
#smbpasswd –a raj#smbpasswd –a rakesh
Start the service#service smb restart#chkconfig smb on
On client side
42
#smbclient //172.24.254.254/raj –U raj
GUISmb://172.24.254.254
Mounting share folder#smbmount //172.24.254.254/data /mnt –o username=rakesh
IP ForwardingIn Linux, we can’t use a computer with two network interface to route between two or more subnet. To be able to do this we need to make sure that we enable IP forwarding. We should make sure that module is loaded. To check type#cat /proc/sys/net/ipv4/ip-forwardIf forwarding is enabled, the number 1 is returned. If forwarding is not enabled, the number 0 is returned.To enable IP forwarding#vi /etc/sysctl.confLine no.7
Net.ipv4.ip_forward = 1Save and exitTo activate permanently
#sysctl –pOr another method is#echo 1 >/proc/sys/net/ip_forwardThis work for temporary use till system is ‘ON’
Now for the first network#netconfig
IP address : 172.24.254.254Subnet : 255.255.0.0Default Gateway : 172.25.254.254Primary server : 172.24.254.254
Second network#netconfig –d eth0:1 (-d : virtual)
IP Address : 172.25.254.254Subnet : 255.255.0.0Default Gateway : 172.24.254.254Primary Server : 172.24.254.254
Security PoliciesAccording to the service management, there are three type of security policies
1. Security within a service2. security provided by TCP wrappers
43
3. security provided by xinetd
TCP WrappersConfiguration needed two file
a. Hosts.allowb. Hosts.deny
By default all are allowed
Check the rpm#rpm –q tcp_wrappersSyntaxDaemon_list : client_list
Example 1: Network 172.24.0.0 are not allowed to use ftp service#vi /etc/hosts.denyVsftpd: 172.24.0.0/55.255.0.0
Example 2 : allowing 172.24.0.0 and deny outside network (172.25.0.0)#vi /etc/hosts.allowVsftpd: 172.24.0.0/255.255.0.0
#vi /etc/hosts.deny
Vsftpd: 172.25.0.0/255.255.0.0
In order to deny other networkVsftpd: ALL
Deny other network except 172.24.0.0In this case just make entry in hosts.deny
#vi /etc/hosts.denyVsftpd: ALL EXCEPT 172.24.0.0/255.255.0.0
Similarly we can make entry for SSH, IMAP, and POP3
Example 3: Network 172.26.0.0, 172.24.0.1, 172.24.0.2 allowed to use SSH service#vi /etc/hosts.allowSshd : 172.24.0.1 172.24.0.2 172.26.0.0/255.255.0.0
Example 4: Network example.com, redhat.com allowed to use telnet service#vi /etc/hosts.allowIn.telnetd : .example.com .redhat.comOr we can assign station wiseIn.telnetd : station1.example.com
Example 5: Allowing 172.24.0.0 except 172.24.0.1 to use ssh service and disallowing all other network#vi /etc/hosts.deny
44
Sshd : ALL EXCEPT 172.24.0.0/255.255.0.0 EXCEPT 172.24.0.1 Some of the daemon areImapdIpop3dSmbd, nmbd
TelnetTelnet service is used for the purpose of remote login between linux to linux, linux to unix and linux to windows
Service Profile
Type : xinetdPackage : telnet-server, telnetDaemon : based on xinetdScript : based on xinetdConfiguration : /etc/xinetd.d/telnet
Check the rpm#rpm –q telnet-server telnet
Edit the file#vi /etc/xinetd.d/telnetMake
Disable = noSave and exit
Start the service#service xinetd restart#chkconfig xinetd on
Security setting1. For particular system
#vi /etc/xinetd.d/telnetOnly_from = 172.24.0.6
Save and exitBy default all node in a network can access through telnet
2. For range of node#vi /etc/xinetd/telnetOnly_from = 172.24.0.{1,2,3,4}
3. Deny particular node#vi /etc/xinetd/telnet
45
No_access = 172.24.0.6
Time setting#vi /etc/xinetd/telnetAcees_time = 04:15=04:30
If we want to login with username as root and by default we cannot#vi /etc/securettyAdd two linePts/0Pls/1
Configuration of POP3 and IMAPIMAP is used for the authentication and POP3 is used for mailingWe need to configure#vi /etc/dovecot.confUncomment line No. 14Protocols = imap imaps pop3 pop3sSave and exitStart the service#service dovecot restart#chkconfig dovecot on#chkconfig xinetd onNow in order to provide securityAllowing local network to access the pop3 and imap and disallowing other#vi /etc/hosts.allowIpop3d : 172.24.0.0/255.255.0.0Imapd : 172.24.0.0/255.255.0.0
#vi /etc/hosts.denyIpop3d : ALLImapd : ALL
These permission are set when host from local network can access pop3 and imap and hosts from other network does’nt allow
In order to disallow outside network say 172.25.0.0Ipop3d : 172.25.0.0/255.255.0.0Imapd : 172.25.0.0/255.255.0.0
To check the status#nmap stationxOr#namp localhost
Digital Certification
46
Certificate is used for the purpose of authenticationSteps
1. Check for devecot.pem file in#cd /usr/share/ssl/certs#rm dovecot.pem#make dovecot.pemIn this we have to make the following entries
a. countryb. statec. streetd. company and unit namee. station namef. email address
after making all those entry we need to copy this file#cp dovecot.pem /usr/share/ssl/private/dovecot.pemOverwrite : yesTo check the status or entry#openssl x509 –noout-subject </usr/share/ssl/private/dovecot.pem
Low Level FormatThe command ‘shred’ is used for low level format 25 times, we can’t recover files after this#shred /dev/had
UMaskUser MaskDefault value for root = 0022Default value for users = 0002When we create any new file. The default value will be 666. in this case Umask means 666-002 = 664 for normal user and for the root the default value will be 666-022=644The default value for a directory is 777. in this case umask means that whenever we create new directory, the default valkue for normal user 777-002 = 775 and for root, the default value 777-022 = 755
Remote Installation
Documentation for linux remote installation with pxe boot rom client1. TFTP Server2. DHCP Server3. CD No. 1 of Redhat Linux
Steps:
47
1. First install the TFTP Server and DHCP Server2. Copy all the files from CD1 isolinux folder to /tftpboot/linux-install
folder (Syntax as follow)#cp /media/cdrom/isolinux/* /tftpboot/linux-install
3. After copying above files copy as following from ftpdboot folder#cp /tftpboot/linux-install/isolinux.cfg /tftpboot/linux-install/pxelinux.cfg/defaultNote 1: remember we are copying isolinux.cfg file and also renaming it to default (***default**** is a filename)
Note 2: in above guidelines our motive is to copy all bootable files from the CDROM to TFTP folder which are required for remote boot.
Now all TFTP configuration is completeTFTP Service is xinetd depended service, so first of all we have to on TFTP Service as follow
#chkconfig tftp on(note : it will permanent ‘ON’ tftp service and also work after computer restart)#service xinetd restart(note : it will start all subservices which are dependent on xinetd master service , includingtftp also)
DHCP Server Setting for Remote Boot
Step 1: install DHCP ServerStep 2: Edit DHCPD.conf file as follow
#vi /etc/dhcpd.confDhcpd file will be as follow
Subnet 172.24.0.0 netmask 255.255.0.0{Option domain-name “example.com”Option domain-name-server 172.24.0.254
Range dynamic-bootp 172.24.0.1 172.24.0.10Filename“/linux-install/pxelinux.0”;}
Restart the Service #Service dhcpd restart
Note:To make installation more easy we can also implement kick start along with TFTPSome Important File Settings:
1. GRUB.CONFGRUB stands for GRand Unified Bootloader. It is the default boot loader used by Red Hat Linux
48
Grub.conf file found in /boot/grub/grub.conf and its symbolic links found in /etc/grub.conf
#vi /etc/grub.confDefault = 0Timeout = 5Splash image=(hd0,0)/grub/splash.xpm.gzHidden menuTitle Redhat LinuxRoot (hd0,0)Kernel /vmlinuz-2.6.9-5.EL ro root=LABEL=/ rhgb quietInitrd /initrd-2.6.9-5.EL.img
2. INITTAB FILERun level setting are done in inittab file. Inittab found in/etc/inittab#vi /etc/inittabid:5:initdefault:si::sysinit:/etc/rc.d/rc.sysinitl0:0:wait:/etc/rc.d/rc 0l1:1:wait:/etc/rc.d/rc 1l2:2:wait:/etc/rc.d/rc 2l3:3:wait:/etc/rc.d/rc 3l4:4:wait:/etc/rc.d/rc 4l5:5:wait:/etc/rc.d/rc 5l6:6:wait:/etc/rc.d/rc 6
ca::ctrlaltdel:/sbin/shutdown –t3 –r now *1:2345:respawn:/sbin/mingetty tty12:2345:respawn:/sbin/mingetty tty23:2345:respawn:/sbin/mingetty tty34:2345:respawn:/sbin/mingetty tty45:2345:respawn:/sbin/mingetty tty56:2345:respawn:/sbin/mingetty tty6
X:5:respawn:/etc/x11/prefdm –nodaemon
Setting Grub PasswordTwo method are used to set grub passwordMethod I:#vi /etc/grub.confBelowHiddenmenuPassword = redhatThis password is not in encrypted form.
Method II: Encrypted form#grub-md5-crypt >>/etc/grub.confEnter two times the password
49
In this case the password will be encrypted and directed (>>) to file grub.confNow open file#vi /etc/grub.confCopy that password line from the bottom most and paste it bellow hidden menu option asPassword –md5 <password>Save and exit
Root Login Problem:When we type username as “root” and password as “redhat” , system unable to login. In this case we need to trouble shoot this problem. Different case is to be considered.
Step 1 :Start in single user mode and change the password:#passwd rootType password as ‘redhat’ and then restart the system , if problem still occurs do the
step 2:We start the system with single user mode #vi /etc/passwdCheck the following lineRoot:x:0:0:root:/root:/bin/bashJust check the first and last option, it should be root and /bin/bashCase I:
If username is changed then do as follow#username –l oldname newnameCase II:
If shell is changed to /sbin/nologin then change it to.#usermode –s /binbash rootBefore changing the shell, first check that /bin/bash exist in /etc/shells. If not then install the rpm of bash shell
#rpm –q bashIf problem still occurs do step Step 3
Step 3:Check the file shadow find out if theree is a (!)mark at the starting of password entry. If present, remove it . (!) mark lock the password Root:!$2gr………….And also check the last three column, it should be blank empty ( : : :)If problem still occurs do the Step 4
Step 4:Sometime some attribute are set on the /etyc/passwd or /etc/shadow file, which make these two file write and append protected. If such attribute are present, we need to remove that.Command to check the attribute#lsattr /etc/passwd
50
#lsattr /etc/shadow---------- /etc/passwdSuppose attribute is set---ai----- /etc/passwd---ai----- /etc/shadowIn this case we need to remove the attribute#chattr –ai /etc/passwd#chattr –ai /etc/shadow
Note:In order to add attribute (+) sign is used, to remove (-) sign is used. If problem still occurs then use the Step 5If system shows message that ‘chattr’ and ‘lsattr’ command not found, we need to check the rpm if not installed . we need to install the rom#rpm –q e2fsprogs
Step 5:Open the file /etc/securetty file to check the entry of virtual console and tty entry#vi /etc/securettyCheck the following entryConsolevc /1vc /2vc/3vc /4vc /5vc /6vc /7vc /8vc /9vc /10vc /11tty 1tty 2tty 3tty 4tty 5tty 6tty 7tty 8tty 9tty 10tty 11if we remove any one line say tty1 then we cannot login at terminal 1 but we can login to another terminal. If we remove all these entry then we cannot login to any terminal. So in that case we need to make all these entry and again check for username and passwordif problem still occur do step 6
51
Step 6:Check the file /etc/nologin, if present remove this file. Then open the file #vi /etc/rc.localCheck the entry /etc/nologin in the file if present remove that: in rc.local file only one entry is presentTouch /var/lock/subsys/localIf you find “ touch /etc/nologin” remove this line . even if we remove nologin file from /etc and if we restart, again the file will create . that is why we nned to remove the entry from /etc/rc.local file. If problem still accur then use Step 7
Step 7:Check the permission for /etc/securetty file , it should be 600 (rw for user no permission for the group and other)#ll /etc/securettyIf permission are changed we cannot login. So first change the permission#chmod 600 /etc/securettyThen login if problem still occur then do Step 8
Step 8:Check the file /etc/pam.d/login#vi /etc/pam.d/loginCheck for following lineAuth required denied.soRemove this line if present. If problem still present then check the following lineAccount required pam_access.soIf this line is present, we cannot login through root, remove this line and along with this also check the file#vi /etc/security/access.confRemove the following line from the bottom-:ALL:ALLIf problem still occur so Step 9
Step 9:If password is changing but still unable to loginCopy two file#cp /etc/passwd- /etc/passwd#cp /etc/shadow- /etc/shadowSometime we find that shadow file and its back file shadow- does’nt exist, in this case we need to generate the shadow file as#pwconv
Step 10:Sometime the password age expired then do the following to check the age#chage –l rootIf password age is expired#chage rootIn thisAccount Expiration date : Change the date
52
Or#chage –E -1 rootIn this case the root password will never expire.
Step 11:If problem still occur then simply open the file /etc/pam.d/loginAnd make all the field as optional
Step 12:Sometime attribute is set on /etc/shadow file, password age is expired ad the root permission is changed for command ‘chattr’In this case first change the permission for ‘chattr’#chmod 700 /usr/bin/chattrRemove the attribute on shadow file#chattr –ai /etc/shadowAnd finally set the date for the password#chage –E -1 root
53