Thursday, December 31, 2009

NMAP IN REDHAT LINUX

NMAP

Features:

1. Port/Reconnaissance Scanner

2. Hosts & device detection

3. Service detection

4. OS Fingerprinting

5. Multi-target scanning

6. Produces various reports

Tasks:

1. Download and install the latest version of NMap - nmap.org

• wget http://download.insecure.org/nmap/dist/nmap-4.53-1.i386.rpm

• rpm -Uvh nmap-4.53-1.i386.rpm

• /usr/bin/nmap - primary binary

Note: Executing 'nmap' as non-privileged user, causes it to operate in TCP-Connect mode, instead of the stealthy TCP-SYN mode

•/usr/share/nmap - top-level container for key NMap files

•/usr/share/nmap/nmap-os-db - OS Fingerprinting DB

•/usr/share/nmap/nmap-mac-prefixes - Maps MAC prefixes to companies

•/usr/share/nmap/nmap-services - resolves service names to port numbers

Usage:

1. Scan the localhost for open ports

•nmap -v localhost

2. Service detection scan - attempts to resolve services to names & versions

•nmap -v -sV 192.168.75.199

3. OS Fingerprinting scan

•nmap -v -O 192.168.75.199

4. Reporting

•nmap -v -oN filename.txt 192.168.75.1 - normal output

•nmap -v -oX filename.xml 192.168.75.1 - XML output

5. OS Fingerprinting & Service detection

•nmap -v -A 192.168.75.1

6. Scan the entire network using '-A' and XML output

•nmap -v -A -oX 192.168.75.0.scan.xml 192.168.75.0/24

SELINUX INTRODUCTION IN REDHAT LINUX

SELINUX INTRODUCTION

Features:

1. Restricts access by subjects (users and/or processes) to objects (files)

2. Provides Mandatory Access Controls (MACs)

3. MACs extend Discretionary Access Controls (DACs(Standard Linux Permissions))

4. Stores MAC permissions in extended attributes of file systems

5. SELinux provides a way to separate: users, processes (subjects), and objects,
via labeling, and monitors/controls their interaction

6. SELinux is integrated into the Linux kernel

7. Implements sandboxes for subjects and objects

8. Default RH5 implementation creates sandboxes (domains) for 'targeted' daemons
and one sandbox (unconfined_t) for everything else

9. SELinux is implemented/enabled by RH5, by default

10. Operates in the following modes:

•Permissive - permission is always granted, but denials are logged in:
/var/log/messages
•Enforcing - strictly enforces 'targeted' policy rules
•Disabled - Only DACs are applied

11. Operating modes can be applied upon startup or while the system is running

SELinux Config files & Tools:

1. sestatus - displays current SELinux status, including:
•policy name 'targeted'
•policy version '21'
•Operating mode: 'enforcing|permissive|disabled'

2. /etc/sysconfig/selinux - primary startup|config file for SELinux

3. /etc/selinux/targeted - top-level container for the 'targeted' policy

4. setenforce = 0(permissive) 1(enforcing)

5. '-Z' can be applied to the following tools to obtain SELinux context info:
mv, cp, ls, ps, id

6. chcon -R -t type file - applies SELinux label to file/directory

Tasks:

1. Disable SELinux upon boot-up on LINUXCBTSERV4

•nano /etc/grub.conf
• Update 'kernel' line to reflect: selinux=0

Note:
If files(objects) lose their SELinux context, there are multiple ways to relabel them:
1. 'touch /.autorelabel && reboot' - init will relable the system according to the 'targeted' policy
2. 'fixfiles' - use to relabel objects (files) while the system is running

Note:
List of daemons protected by the 'targeted' SELinux policy:

1. apache(httpd)

2. dchpd

3. ntpd

4. named

5. syslogd

6. squid

7. snmpd

8. portmap

9. nscd

10. winbind

Note:

•The 'targeted' policy assigns ALL other subjects and objects to the 'unconfined_t' domain
•The default SELinux 'targeted' policy, using MACs, binds subject domains: i.e. 'httpd_t' to object types: i.e. 'httpd_config_t'
•SELinux MACs compound Linux DACs

SQUID PROXY SERVER IN REDHAT LINUX

SQUID PROXY SERVER

Features:

1. Caching server

2. Filters access to the Net

3. Efficient bandwidth usage

4. Supports a wide criteria of ACLs (dstdomain, src_IP, Time of day, etc.)

Tasks:

1. Install Squid Proxy server

•yum -y install squid

/etc/squid - primary configuration container

/etc/squid/squid.conf - primary configuration file

/usr/sbin/squidclient - used to test Squid Proxy server

/var/log/squid - primary log directory

/var/spool/squid - cache directory containter

2. Start Squid, and ensure that it starts when the system reboots

•service squid start

• chkconfig --level 35 squid on

Note:

•Ensure that ample/fast disk storage is available for: /var/spool/squid

•Squid defaults to TCP:3128

3. Configure Firefox browser to use Squid Proxy server

4. Configure Squid to allow LAN access through, to resources

•nano /etc/squid/squid.conf

•acl lan_users src 192.168.75.0/24

•http_access allow lan_users

5. Deny 192.168.75.10, but allow ALL other users from the local subnet

acl_lan_bad_users src 192.168.75.10

http_access deny acl_lan_bad_users

SQUIRRELMAIL (WEB MAIL) INTEGRATION WITH APACHE/POSTFIX/DOVECOT IN REDHAT LINUX

SQUIRRELMAIL (WEB MAIL) INTEGRATION WITH APACHE/POSTFIX/DOVECOT

Features:

1. Web mail application

2. Modular

3. Implemented with PHP

Tasks:
1. Install Squirrelmail with support via Apache
a.Download from squirrelmail.org - *.bz2

b. Confirm the MD5SUM

c. Copy the *.bz2 file to the Apache server

d. yum -y install php php-imap - installs PHP support for Apache/IMAP

e. mkdir /var/www/mail

f. Extract Squirrelmail to: /var/www/mail

g. Optionally, create symlink named 'mail' to point to Squirremail version

h. Create the Apache Virtual Host

ServerAdmin webmaster@mail.linuxcbt.internal
ServerName mail.linuxcbt.internal
DocumentRoot /var/www/mail

Options FollowSymLinks
Order allow,deny
Allow from all

CustomLog logs/mail.linuxcbt.internal.access.log combined
ErrorLog logs/mail.linuxcbt.internal.error.log


Restart Apache

j. Configure SquirrelMail defaults: /var/www/mail/mail/config/conf.pl

k. Create 'attach' and 'data' directories for SquirrelMail: /var/local/squirrelmail/{data,attach}

l. Update permissions so SquirrelMail may write to 'data' and 'attach' directories: chown -R apache.apache /var/local/squirrelmail

k. Setup DNS

l. Attempt to access SquirrelMail
http://mail.linuxcbt.internal/mail
http://mail.linuxcbt.internal/mail/src/configtest.php

Note: If SELinux is enabled, use 'setsebool...' to allow httpd to connect to IMAP and SMTP ports. Consult: /var/log/messages

MAIL RETRIEVAL USING POP3/IMAP IN REDHAT LINUX

MAIL RETRIEVAL USING POP3/IMAP

Features:
1. Mail retrieval using standard protocols

2. Common package: dovecot

3. Supports both: mbox (/var/spool/mail/usernam) & Maildir formats

4. Supports SSL: POP3S & IMAPS

Tasks:

1. Install dovecot

/etc/dovecot.conf - primary config file

/etc/pki/dovecot/dovecot-openssl.cnf - SSL config

Note:

•Default configuration binds to:

•POP3 - downloads messages to client

•POP3S

•IMAP - leaves messages on server

•IMAPS

•E-mail flow: mutt -> sendmail -> Postfix queue -> remote system -> POP3|IMAP

2. Configure mail client to download messages using POP3

POSTFIX MTA IN REDHAT LINUX

POSTFIX MTA

Features:

1. Message Transfer Agent (MTA)

2. Modular (SpamAssAssin)

3. Drop-in replacement for Sendmail, as it provides a 'sendmail' binary

Note: Use 'system-switch-mail*' package to switch between Postfix and Sendmail

Tasks:
1. Install Postfix
•yum -y install postfix

/etc/postfix - primary configuration directory

/etc/postfix/main.cf - primary configuration file

/etc/postfix/transport - contains routing rules for domains

/etc/postfix/virtual - contains virtual user mappings

2. Install 'system-switch-mail' package
•yum -y install system-switch-mail

3. Switch default MTA from Sendmail, to Postfix

•system-switch-mail

Note: The default Postfix configuration binds to 127.0.0.1:25

4. Test local mail delivery

•Use 'mutt' to test local delivery

5. Configure Postfix to receive messages from remote systems

•set: inet_interfaces=all

•set mydestinations = linuxcbt.internal

•service postfix restart

•Confirm directives using: 'postconf'

•Attempt to send message from LINUXCBTSERV1 -> LINUXCBTSERV4

•If it fails, configure MTA on LINUXCBTSERV1 to listen to routable IP

• update /etc/mail/sendmail.mc

• make all -C /etc/mail

•service sendmail restart

Note: Ensure that 'sendmail-cf*' package is installed, in order to updated .mc files to .cf files

MYSQL IN REDHAT LINUX

MYSQL
Features:

1. DBMS Engine

2. Compabtible with various front-ends:

•Perl

•PHP

•ODBC

•GUI Management

Tasks:
1. Install MySQL Client & Server
•yum -y install mysql

/etc/my.cnf - primary config file

/usr/bin/mysql - primary client used to interact with the server

/usr/bin/mysqladmin - primary admin utility to return useful info, and perform admin tasks from the shell

• yum -y install mysql-server
/usr/libexec/mysqld - DBMS engine

2. Start MySQL server and modify perms for 'root'
•service mysqld start

•chkconfig --level 35 mysqld on

•mysqladmin -u root password abc123

3. Install 'mysql' client on a remote system and test connectivity

•yum -y install mysql

•mysql -u root -p

Note:

•mysql command-line options ALWAYS override global (/etc/my.cnf), and/or local (~/.my.cnf) configuration directives
•MySQL Users consist of the following:
•username i.e. 'root'
•host i.e. 'localhost'
•A sample username is: 'root@localhost'


4. Secure 'anonymous' account
•DELETE FROM mysql.user WHERE user = '';
•flush privileges;

5. Create Database 'addressbook'
create database AddressBook;
use AddressBook;
create table contacts (`first_name` char(20), `last_name` char(20),
`bus_phone1` char(20), `email` char(30), PRIMARY KEY (`email`));

6. Insert Data into 'contacts' table using INSERT
INSERT INTO contacts (first_name,last_name,bus_phone1,email) VALUES ('Kay','Mohammed','888.573.4943','kay@LinuxCBT.com');

7. Delete record from 'contacts' table
DELETE FROM contacts WHERE email = 'kay1@LinuxCBT.com';

8. Update a record in the 'contacts' table
UPDATE contacts SET email='kay2@LinuxCBT.com' WHERE first_name='Kay';

APACHE SSL SUPPORT IN REDHAT LINUX

APACHE SSL SUPPORT
Features:
1. Secure/Encrypted communications
Requirements:
1. httpd
2. openssl
3. mod_ssl
4. crypto-utils (genkey) - used to generate certificates/private keys/CSRs

•also used to create a self-signed certificate
Tasks:
1. Install the requirements
•mod_ssl - module for Apache, which provides SSL support
yum -y install mod_ssl
/etc/httpd/conf.d/ssl.conf - includes key SSL directives
• crypto-utils - provies /usr/bin/genkey

2. Generate SSL usage keys using: genkey
•genkey site1.linuxcbt.internal - creates text-gui interface

3. Update /etc/httpd/conf.d/ssl.conf to reference the new keys (public/private)

4. Restart the HTTPD server

•service httpd restart

•httpd -S

5. Test HTTPS connectivity
•https://192.168.75.199

Note: For mutliple SSL sites, copy the: /etc/httpd/conf.d/ssl.conf file to distinct files, that match your distinct IP-based VHosts

APACHE WEB SERVER IN REDHAT LINUX

APACHE WEB SERVER

Features:
1. WWW Web Server
2. Modular

Tasks:

1. Install Apache 2.2x
•httpd*rpm
•/etc/httpd - top-level configuration container on RH5
•/etc/httpd/conf - primary configuration directory
•/etc/httpd/conf/httpd.conf - primary Apache configuration file
•/etc/httpd/conf.d - drop-in configuration directory, read by Apache upon startup
2. Explorer: /etc/httpd/conf/httpd.conf

•HTTPD runs as: apache:apache
•Apache maintains, always, a 'main' server, which is independent of Virtual Hosts. This server is a catch-all for traffic that doesn't match any of the defined virtual hosts.
directive governs file system access.

Note: The primary Apache process runs as 'root', and has access to the full file system. However, directive restricts the web-user's view of the file system.

• Test access to '.ht*' files from web root
• ErrorLog logs/error_log - default error log file for ALL hosts
• logs/access_log - default log file for default server

Note: Every directory, outside of the 'DocumentRoot' should have at least one: directive defined.

3. Start Apache and continue to explore
•service httpd start
root 31324 1 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31326 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31327 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31328 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31329 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31330 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31331 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31332 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31333 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd

Note:

•Parent Apache runs as 'root' and can see the entire file system
•However, children processes run as 'apache' and can only see files/directories that 'apache:apache' can see
4. Create an Alias for content outside of the web root (/var/www/html)
•Alias /testalias1 /var/www/testalias1

AllowOverride Non
order allow,deny
allow from all

5. Ensure that Apache will start when the system boots
•chkconfig --level 35 httpd on && chkconfig --list httpd

Virtual Hosts Configuration:
Features:
1. Ability to share/serve content based on 1 or more IP addresses

2. Supports 2 modes of Virtual Hosts:
•IP Based - one site per IP address
•Host header names - multiple sites per IP address



Tasks:
1. Create IP Based Virtual Hosts
•ifconfig eth0:1 192.168.75.210
•Configure the Virtual Host:

ServerAdmin webmaster@linuxcbtserv4.linuxcbt.internal
ServerName site1.linuxcbt.internal
DocumentRoot /var/www/site1

Order allow,deny
Allow from all

CustomLog logs/site1.linuxcbt.internal.access.log combined
ErrorLog logs/site1.linuxcbt.internal.error.log


• Create: /var/www/site1 and content
• Update: /etc/httpd/conf/httpd.conf with VHost information

2. Create Name-based Virtual Hosts using the primary IP address

•/etc/httpd/conf/httpd.conf:
NameVirtualHost 192.168.75.199:80

ServerAdmin webmaster@linuxcbtserv4.linuxcbt.internal
ServerName site3.linuxcbt.internal
DocumentRoot /var/www/site3

Order allow,deny
Allow from all

CustomLog logs/site3.linuxcbt.internal.access.log combined
ErrorLog logs/site3.linuxcbt.internal.error.log

SAMBA IN REDHAT LINUX

SAMBA
Features:
1. Provides Windows features (file & print) on Linux | Unix
/etc/samba/smb.conf - primary config file
Clients:
1. findsmb - finds SMB hosts on the network
2. smbtree - equivalent to Network Neighborhood/My Network Places (prints workgroups, hosts, and shares)
3. smbget - similar to 'wget', in that, it will download files from the remote share
• smbget -u dean smb://linuxcbtwin1/mtemp/20070524_SAN_Allocations.ods
4. smbclient - interactive (FTP-like_ utility to connect to shares - permits uploads/downloads from shares
• smbclient -U dean //linuxcbtwin1/mtemp
• mget file* - downloads file(s)
• mput file* - uploads file(s)
5. smbtar - backs-up smb shares to a TAR archive
• smbtar -s linuxcbtwin1 -x mtemp -u dean -t backup1.tar
Samba Server:
/etc/samba/smb.conf - primary config file
SWAT manages /etc/samba/smb.conf
Samba Server Modes:
1. User
• One Samba-defined user is required per Linux user
• Authentication of users is handled by Samba server
2. Server/Domain (PDC/BDC)
• Authentication is handled by the Windows NT/2K/2K3/2K8 server
• Still requires a local Samba-defined user accounts database
3. ADS - Active Directory
• Authentication is handled by Active Directory
• b. When used with Winbind, locally-defined Samba users are NOT required

Note: Ultimately, users must authenticate to the local Linux file system
Task:
1. Install SWAT
•yum -y install samba-swat
•nano /etc/xinetd.d/swat - set 'disable = no'
•service xinetd restart
•netstat -ntl | grep 901

/etc/samba/smbpasswd maps Windows users to /etc/passwd
2. Install rdesktop and connect to Windows XP to test connectivity to Samba
•yum -y install rdesktop

WINBIND:
Features:

1. Windows AD integration

2. Avoids having to define users in 2 places: Windows, Linux

3. Uses Kerberos for authentication

Requirements:

1. krb5-* packages

2. Properly configured Kerberos environment:

•/etc/krb5.conf
[libdefaults]
default_realm = AD2.LINUXCBT.INTERNAL
[realms]
AD2.LINUXCBT.INTERNAL =
{
kdc = linuxcbtwin3.ad2.linuxcbt.internal
admin_server = linuxcbtwin3
}
[domain_realm]
.linuxcbtwin3.ad2.linuxbt.internal = AD2.LINUXCBT.INTERNAL

Steps:

1. Update: /etc/krb5.conf

2. Update Samba configuration to use ADS authentication

3. Update Samba server's DNS to point to ADS server
•/etc/resolv.conf
•/etc/hosts - including a pointer to the ADS server (linuxcbtwin3)

4. Join AD domain:
•'net ads join -U administrator'

5. Confirm AD membership using: 'Active Directory Users & Computers' Tool

6. Setup Winbind to authenticate using ADS:
•/etc/pam.d/system-auth - account & auth settings
• auth sufficient /lib/security/pam_winbind.so - place before 'pam_unix.so'
•account sufficient /lib/security/pam_winbind.so
• /etc/nsswitch.conf
passwd: files winbind
group: files winbind
•Configure 'idmap' 'uid & gid' mappings - 10000 – 20000
• Use SWAT to update idmap settings for 'uid & gid'

Note: If you want ADS users to be able to logon to your Samba-Winbind Linux box using SSH, Telnet, mingetty, etc., change the 'Template Shell' directive to a valid shell. i.e. /bin/bash
•Create 'Template homedir' %D (Domain) directory beneath '/home'
mkdir /home/LINUXGENIUS

7. Test Winbind Integration using: wbinfo
•wbinfo -u - this enumerates users in AD
•wbinfo -g - this enumerates groups in AD
•ssh into LINUXCBTSERV1 (Winbind) as ADS user


Task1:

1. Authenticate using ADS, as 'administrator' from Windows box
2. Create a user named 'linuxcbt' in AD
3. Create shared directory on the Samba box, and provide access (Share it)

WINBIND IN REDHAT LINUX

WINBIND:

Features:
1. Windows AD integration
2. Avoids having to define users in 2 places: Windows, Linux
3. Uses Kerberos for authentication

Requirements:

1. krb5-* packages

2. Properly configured Kerberos environment:

•/etc/krb5.conf
[libdefaults]
default_realm = AD2.LINUXCBT.INTERNAL
[realms]
AD2.LINUXCBT.INTERNAL =
{
kdc = linuxcbtwin3.ad2.linuxcbt.internal
admin_server = linuxcbtwin3
}
[domain_realm]
.linuxcbtwin3.ad2.linuxbt.internal = AD2.LINUXCBT.INTERNAL
Steps:
1. Update: /etc/krb5.conf
2. Update Samba configuration to use ADS authentication
3. Update Samba server's DNS to point to ADS server
•/etc/resolv.conf
•/etc/hosts - including a pointer to the ADS server (linuxcbtwin3)
4. Join AD domain:
•'net ads join -U administrator'
5. Confirm AD membership using: 'Active Directory Users & Computers' Tool
6. Setup Winbind to authenticate using ADS:
•/etc/pam.d/system-auth - account & auth settings
• auth sufficient /lib/security/pam_winbind.so - place before 'pam_unix.so'
•account sufficient /lib/security/pam_winbind.so
• /etc/nsswitch.conf
passwd: files winbind
group: files winbind
• Configure 'idmap' 'uid & gid' mappings - 10000 – 20000
• Use SWAT to update idmap settings for 'uid & gid'
Note: If you want ADS users to be able to logon to your Samba-Winbind Linux box using SSH, Telnet, mingetty, etc., change the 'Template Shell' directive to a valid shell. i.e. /bin/bash
•Create 'Template homedir' %D (Domain) directory beneath '/home'
mkdir /home/LINUXGENIUS

7. Test Winbind Integration using: wbinfo
•wbinfo -u - this enumerates users in AD
•binfo -g - this enumerates groups in AD
•ssh into LINUXCBTSERV1 (Winbind) as ADS user

Task1:

1. Authenticate using ADS, as 'administrator' from Windows box

2. Create a user named 'linuxcbt' in AD

3. Create shared directory on the Samba box, and provide access (Share it)

SAMBA IN REDHAT LINUX

SAMBA

Features:

1. Provides Windows features (file & print) on Linux | Unix

/etc/samba/smb.conf - primary config file

Clients:

1. findsmb - finds SMB hosts on the network

2. smbtree - equivalent to Network Neighborhood/My Network Places (prints workgroups, hosts, and shares)

3. smbget - similar to 'wget', in that, it will download files from the remote share
•smbget -u dean smb://linuxcbtwin1/mtemp/20070524_SAN_Allocations.ods

4. smbclient - interactive (FTP-like_ utility to connect to shares - permits

uploads/downloads from shares
•smbclient -U dean //linuxcbtwin1/mtemp
•mget file* - downloads file(s)
•mput file* - uploads file(s)

5. smbtar - backs-up smb shares to a TAR archive
•smbtar -s linuxcbtwin1 -x mtemp -u dean -t backup1.tar

Samba Server:

/etc/samba/smb.conf - primary config file

SWAT manages /etc/samba/smb.conf

Samba Server Modes:

1. User
•One Samba-defined user is required per Linux user
•Authentication of users is handled by Samba server

2. Server/Domain (PDC/BDC)
•Authentication is handled by the Windows NT/2K/2K3/2K8 server
•Still requires a local Samba-defined user accounts database

3. ADS - Active Directory
•Authentication is handled by Active Directory
•When used with Winbind, locally-defined Samba users are NOT required

Note: Ultimately, users must authenticate to the local Linux file system

Task:

1. Install SWAT

•yum -y install samba-swat

•nano /etc/xinetd.d/swat - set 'disable = no'

•service xinetd restart

•netstat -ntl | grep 901

/etc/samba/smbpasswd maps Windows users to /etc/passwd

2. Install rdesktop and connect to Windows XP to test connectivity to Samba
•yum -y install rdesktop

AUTOFS IN REDHAT LINUX

AUTOFS

Features:

1. Automatically mounts file systems (NFS, local, SMBFS, etc.) upon I/O request
Requirements:

1. autofs-*rpm must be installed

/etc/auto.master - primary configuration file
•- also contains mount points and their mappings

/etc/sysconfig/autofs - default startup directives

Note: AutoFS must be running in order to auto-mount directories

Task:

1. Create an automount for /shares, which will mount /nfs1 & /nfs2

•update /etc/auto.master - '/shares /etc/auto.shares'

•cp /etc/auto.misc /etc/auto.shares

•update the rules in /etc/auto.shares

•Create AutoFS tree: /shares/

•Restart the autofs service

•Unmount: /nfs1 & /nfs2 if necessary

Note: Do NOT auto-mount directories that are already mounted

•Test access to AutoFS controlled directory

•'ls -l /shares/nfs1'

Note: syntax for auto-mount files is as follows:

[]

•nfs1 -fstype=nfs 192.168.75.199:/nfs1

NETWORK FILE SYSTEM (NFS) IN REDHAT LINUX

NETWORK FILE SYSTEM (NFS)

Features:

1. Transparent access to remote file systems

2. Installed by default

3. Uses RPC for communications

Tasks:

1. Export a directory on the server using: /etc/exports
•/path_to_directory IP_ADDR(rw)
•b. /nfs1 192.168.75.10(rw)
•mkdir /nfs1
•start NFS server - 'service nfs start'
•Confirm export(s) - 'exportfs -v'

Note: NFS matches remote user's UID to local /etc/passwd to determine ACLs

2. Export /nfs2
•Create entry in /etc/exports
•Update current exports using: exportfs -a

3. Mount both exports on a remote system
•mount -t nfs 192.168.75.199:/nfs1 /nfs1
•mount -t nfs 192.168.75.199:/nfs2 /nfs2

4. Allow local 'root' user the ability to write to /nfs1 export
•/etc/exports: (rw,no_root_squash)

5. Setup mount points so that they're available upon reboot
•/etc/fstab
•Unmount and confirm that NFS mount points will be available when the client system changes runlevels (reboots, starts, etc.) - 'mount -a' showmount -a 192.168.75.199 - shows mounts on this system (connected NFS clients)

6. Attempt to mount /nfs1 & /nfs2 from an unauthorized system
•Fails because client's IP does not match server's /etc/exports
•Update server's /etc/exports to allow additional hosts/subnet/etc.
•exportfs -a - to update the export table

BIND DNS IN REDHAT LINUX

BIND DNS

Features:

1. Name-to-IP address mapping
2. Name resolution for DNS clients
3. Caching-only server (Default)
4. Primary DNS server
5. Slave server
6. Replication of DNS database information between servers
7. Dynamic DNS updates
8. Provides numerous client tools: nslookup, dig, host

Tasks:

1. Installation of BIND on the remote system: linuxcbtserv4
•yum -y install bind

2. Setup service to auto-start at boot
•chkconfig --level 35 named on - enables the service in runlevels: 3,5

3. Configure a default, caching-only, named.conf file
•rpm -ql bind - to see samples
• cp /usr/share/doc/bind*/sample/* to /etc/ and /var/named
• Modify /etc/named.conf - disable DDNS_KeyGen sections
• Start the server - service named start

4. Query the server
•dig @localhost www.linuxcbt.com

Returns: question, answer, authoritative DNS servers, query time
•nslookup www.linuxcbt.com OR nslookup - server 127.0.0.1 - www.linuxcbt.com

Note: The server has cached: www.linuxcbt.com, evidenced by the decrementing TTL values for the various records associated with the zone

•host www.linuxcbt.com - also performs a lookup

Note: /etc/resolv.conf controls the DNS servers that are consulted by lookup tools such as: Web browser, GFTP, LFTP, nslookup, dig, host, etc.
•dig linuxcbt.com MX - queries the domain for mail exchangers

Note: DNS is organized into an inverted tree, with '.' representing the root of the DNS tree. e.g.
dig mail1.linuxgenius.com.
•-. = root
•-.com = top level
•-.linuxgenius = second level
•-mail = third level

Note: A trailing '.' in a DNS query is implied, and may optionally be indicated if desired in any standard Internet application (web browser, FTP client, wget, nslookup, dig, host, etc.)

Primary & Secondary Zones:
Features:
1. Ability to service zones
2. Authoritative support for a zone

Tasks:

1. Create internal zone named 'linuxcbt.internal'
•modify /etc/named.conf to include the new zone
zone "linuxcbt.internal"
{
type master;
#allow-update { key ddns_key; };
file "linuxcbt.internal.db";
};

• create the corresponding zone file
• restart named
• test resolution of DNS primary zone

Note: Install 'caching-nameserver*' for Caching-only DNS server

2. Create a slave (Secondary) server
•yum -y install bind
•copy sample files from primary server to secondary server
•modify /etc/named.conf and set 'linuxcbt.internal' zone to slave
•start named service - 'service named start'
•chkconfig --level 35 named on
•Update: /var/named/linuxcbt.internal.db to reflect new name server

3. Create a primary zone on the "secondary" server
•create a zone for: linuxcbt.external - in /etc/named.conf
•copy/create 'linuxcbt.external.db' zone file
•setup 'linuxcbtserv4' to be a slave for the zone: linuxcbt.external

4. Start 'named' as a caching-only DNS server (Default)
•service named start
•'dig @192.168.75.199 www.linuxcbt.com' - forces a caching-only lookup query

Forward IPv6 Records:
Implemented primarily as AAAA records:

linuxcbtserv1 IN AAAA 2002:4687:db25:3:202:b3ff:fe98:4108
linuxcbtserv4 IN AAAA 2002:4687:db25:3:20c:29ff:feb5:1692
linuxcbtmedia1 IN AAAA 2002:4687:db25:3:20a:5eff:fe1b:4aad
linuxcbtrouter1 IN AAAA 2002:4687:DB25:3:21A:2FFF:FEE3:F240

Test IPv6 resolution using:
1. ping6 linuxcbtrouter1.linuxcbt.internal
2. dig @192.168.75.10 linuxcbtrouter1.linuxcbt.internal


Reverse Zones:
Features:
The ability to resolve a name, given an IPv4 or IPv6 address
Tasks:
1. Define an IPv4 reverse zone for the local subnet:
•Define zone name: '75.168.192.in-addr.arpa' - /etc/named.conf
•Update: /etc/named.conf
•Create zone file in: /var/named
•Update configuration
•Restart named
•test using 'dig -x 192.168.75.1'

Note: Reverse zones are built from the prefix in IPv4 subnets

IPv6 Reverse Zone:

Requirements:
1. /etc/named.conf entry
zone "3.0.0.0.5.2.b.d.7.8.6.4.2.0.0.2.ip6.arpa"
{
type master;
file "3.0.0.0.5.2.b.d.7.8.6.4.2.0.0.2.ip6.arpa.reverse";
};

Note: IPv6 reverse zone names are in nibble format, with ALL zeros expanded for the network prefix portion of the address, which is usually 64-bits in length

2. /var/named/zone_file
•Include entries using the last 64-bits or IPv6 host part
•d.a.a.4.b.1.e.f.f.f.e.5.a.0.2.0 IN PTR linuxcbtmedia1.linuxcbt.internal.

Note: When creating reverse IPv6 entries for hosts, do the following:
•reverse the 64-bit portion of the address that corresponds to the host, expanding all zeros
•Create PTR record based on the reverse, nibble-format of the address
Test using dig:
•dig -x 2002:4687:db25:3:20a:5eff:fe1b:4aad

DYNAMIC HOST CONFIGURATION PROTOTCOL DAEMON IN REDHAT LINUX

DYNAMIC HOST CONFIGURATION PROTOTCOL DAEMON

Features:
1. Provides automatic configuration of IPv4 clients
•IPv4 address
•Subnet mask
•Default gateway
•DNS Servers
•NTP Servers
•WINS Servers

2. Leases the addreses and related information based on predefined values:
•1 day
•1 week
•1 month

3. DHCP uses UDP protocol and layer-2 information to request/assign addresses

4. DHCP Process - DORA
•Discovery - client broadcasts on the local subnet for a DHCP server
•Offer - returned by the DHCP server
•Request - formal address request by client
•Acknowledgement/Acceptance - Acknowledgement occurrs

Note: DHCPD records leases in: /var/lib/dhcpd/dhcpd.leases

Tasks:

1. Install DHCP server
•yum -y install dhcp

2.Configure: /etc/dhcpd.conf - primary config file

3. Set service up to start when system boots
•chkconfig dhcpd on - 2345

4. Disable service on 192.168.75.100 box
•rcdhcpd stop

5. Start service on localhost:
•service dhcpd start

6. Setup DHCP reservation

•Requires the MAC address of the client (00:0C:29:B5:16:92)
•Requires the 'fixed-address' - IPv4 address to map to the MAC address
•Optional 'option-*' are supported between host { } block
•service dhcpd restart - restart to effect changes

TELNET SERVER IN REDHAT LINUX

TELNET SERVER

Features:

1. Shell interface on remote system
2. Binds to TCP:23

Caveat:

1. Clear-text based application (credentials are transmitted in the clear)
2. By default, 'root' is NOT permitted access via telnet-server - /etc/securetty

Requirements:

1. xinetd - installed automatically via yum

Install Telnet Server:

1. yum -y install telnet-server
2. nano /etc/xinetd.d/telnet - change 'disable = yes' to 'disable = no'
3. service xinetd restart - effects changes

Tasks:

1. Connect to both systems from either system using 'telnet' client
•telnet 192.168.75.199 - This will allocate a free pseudo-terminal, if the user authenticates successfully

Note:

•By default, telnet-server reads and dislplays the contents of: /etc/issue
•TCP|UDP ports are 16-bit based: 2**16, OR, 0-65535
•ptys are assigned sequentially, by default

2. Enable 'root' login via telnet
•mv /etc/securetty /etc/securetty.disabled

Note: Wherever/whenever possible opt for SSH in place of Telnet Server

VERY SECURE TRANSFER PROTOCOL DAEMON(VSFTPD) IN REDHAT LINUX

VERY SECURE TRANSFER PROTOCOL DAEMON(VSFTPD)

Features:

1. FTPD

2. Chroot jail

3. anonymous and local-user auth

4. Rate-limiting

Tasks:

1. Install 'vsftpd'

•yum -y install vsftpd

2. Start the server

•service vsftpd start
•b. netstat -ntlp | grep 21

3. Configure service to start when system boots into multi-user runlevel
•chkconfig vsftpd on
•b. chkconfig --list vsftpd

4. Connect to the FTPD service:

•Use web browser, which defaults to anonymous
•Use standard FTP client, as anonymous
•setsebool -P ftp_home_dir=1 - permits users access to their home directory
•service vsftpd restart - for changes to take effect

5. Chroot jail local users & disable 'anonymous' access

•chroot_local_user=YES - this jails users
•service vsftpd restart - for changes to take effect
•test connectivity as 'anonymous' and 'non-anonymous' users

6. Enable IPv6 listener:

•listen_ipv6=YES - DO NOT USE WITH 'listen=YES(IPv4)'

7. Restrict 'non-anonymous' user's transfer rate

•local_max_rate=1000 - restricts connections to 1000/bps (1K/s)

TRIVIAL FILE TRANSFER PROTOCOLS DAEMON (TFTPD) IN REDHAT LINUX

TRIVIAL FILE TRANSFER PROTOCOLS DAEMON (TFTPD)

Features:

1. Fast, connectionless (UDP), file transfers

2. Often used to move files to and fro networked systems (VOIP Phones,
PXE configurations, Router/Firewall/Switch configurations, etc.)

Note: Implemented as 2 components:

•Client - tftp-*rpm
•Server - tftp-server*

Tasks:

1. Install TFTP client
•yum -y install tftp

2. Install TFTP server
•yum -y install tftp-server

Note: this also install 'xinetd' dependency

3. Configure and start 'tftp' via 'xinetd'
•/etc/xinetd.d/tftp - modify this file prior to starting 'TFTPD'
•service xinetd start - to start XINETD

Note:
•TFTPD listens to UDP:69, by default
•use 'netstat -nulp | grep 69' to check if 'xinetd' is listening

4. Copy Cisco Router configuration to TFTP server
copy running-config tftp://192.168.75.199
•setsebool -P tftpd_disable_trans=1 - disables SELinux for TFTPD
•'service xinetd restart' - restart XINETD
•'chmod 666 linuxcbtrouter1.config' - to permit TFTPD to write

5. Use 'tftp' client to download 'linuxcbtrouter1.config' file
•tftp 192.168.75.199 -c get linuxcbtrouter1.config
•tftp - enters interactive mode

Note:
tftp client operates in both non-interactive and interactive modes

NETWORK TIME PROTOCOL (NTP) IMPLEMENTATION IN REDHAT LINUX

NETWORK TIME PROTOCOL (NTP) IMPLEMENTATION

Features:

1. The ability to synch your system's clock

2. Also can be used to synch other clocks

3. Implemented as: 'ntp-4.2...rpm' package

4. Is hierarchial, using strata levels to denote time accuracy

/etc/ntp.conf - primary configuration

NTP Strata:

Features:

1. The ability to denote clock accuracy based on on stratum

2. With Stratum level 1 being the most accurate, as an NTP server at this level is
connected to an external time service (GPS, Radio, etc.)

Use: www.ntp.org - to located public NTP clocks at various strata

Task:

1. Synch against internal NTP server

•/etc/ntp.conf
server 192.168.75.100
•service ntpd start - this starts the 'ntpd' service
•chkconfig ntpd on
•ntpq -np - this queries the running 'ntpd' server

Note: NTP synchronization is hierarchical. Thus, if we synch against a stratum 3 clock, we become a stratum 4 clock
2. Prove that 'linuxcbtserv4' is indeed a stratum 4 clock
•/etc/ntp.conf - of 'linuxcbtserv1'
server 192.168.75.199

Note: Ideally, you should supply your: /etc/ntp.conf file with at least 3 clocks for:

•Accuracy
•Redundancy

RUNLEVEL SERVICE MANAGEMENT TOOLS IN REDHAT LINUX

RUNLEVEL SERVICE MANAGEMENT TOOLS

Features:

1. The ability to indicate desired runlevels for services

2. Services are located in: /etc/init.d

/usr/sbin/ntsysv:

Usage:
•ntsysv - manages services in the current run-level
•ntsysv 35 - manages services for run-levels 3 & 5

Note: ntsysv nor chkconfig starts|stops services

Chkconfig Usage:

1. chkconfig --list ntpd - returns run-level environment for 'ntpd'

Note:

•items listed as 'off' have K (kill) scripts
•items listed as 'on' have S (start) scripts

2. chkconfig --level 3 ntpd off - creates a K(kill) script in run-level 3

3. chkconfig --level 35 ntpd off

4. chkconfig ntpd on - enables 'ntpd' in levels 2-5

5. chkconfig ntpd off - disables 'ntpd' in levels 0-6


Note:
•Use 'chkconfig' from the shell or a script
•Use 'ntsysv' from the shell in interactive mode
•When controlling services using ‘chkconfig’, reference the name of the service as it’s specified in: /etc/init.d

GUI Tools:
•system-config-services

KERNEL UPGRADE IN REDHAT LINUX

KERNEL UPGRADE

Features:

1. Provision of updated/patched kernel

Task:

1. Update the kernel

•use 'uname -a' to reveal current version

•use 'rpm -qa | grep -i kernel' - to reveal installed version

•cat /etc/grub.conf -> /boot/grub/grub.conf - "" ""

2. Proper installation method is as follows:
•'rpm -ivh kernel*rpm' - install a separate version

Note: Install the following kernel packages if necessary:

•kernel-devel* - if module compilation is necessary

•b. kernel-headers* - if recompilation is necessary

Install:

•rpm -ivh kernel-2.6.18-53.el5.i686.rpm

Note:

•This will update GRUB (/boot/grub/grub.conf)

•Will also place the new kernel in the /boot file system

Examine traces in:

•/boot

•/boot/grub/grub.conf

3. Remove traces of former kernel using 'rpm -e [--nodeps]'

•kernel-2.6.18-8.el5 - removes older version

•kernel-headers-2.6.18-8.el5 - force remove ignoring dependencies 'rpm -e
--nodeps kernel-headers-2.6.18-8.el5'
•kernel-devel-2.6.18-8.el5

4. Install new 'kernel-headers' and 'kernel-devel' packages using YUM:
•yum -y install kernel-headers
•yum -y install kernel-devel

5. Confirm that the 3 'kernel-*' packages are installed:
•rpm -qa | grep kernel

Note: Removal of older kernel-* packages

cleans up:
•/boot
•/boot/grub/grub.conf (menu.lst)

IPv4 Configuration and Network Settings IN redhat linux

IPv4 Configuration & Network Settings

Network Support:

1. Boot system into a multi-user mode

2. /etc/modprobe.conf - contains alias and reference to module(s) to be loaded in order to provide networking

3. Linux decides if the interface is DHCP or static by viewing the contents of:

•/etc/sysconfig/network - networking=yes|no, IPv6_Support, Default Gateway, etc.

•/etc/sysconfig/network-scripts/ifcfg-eth0 - contains ifup, ifdown, and ifcfg-* scripts

•/etc/init.d/network - main service

GUI :
•service network status - checks networking
•system-config-network-* - network interface configuration

Note: Either update your net configuration manually from the shell, or using the 'system-config-network*' tools to avoid losing settings

/etc/resolv.conf - DNS configuration file
/etc/hosts - static list of hosts

IPv4 Aliases:

1. ifconfig eth0:1 192.168.75.11

2. ifconfig eth0:2 10.168.76.11

Note: To ensure that aliases persist do the following:

1. cp /etc/sysconfig/network-scripts/ifcfg-eth0 ./ifcfg-eth0:1

2. Modify ifcfg-eth0:1 to reflect aliased IP

Note: Aliases do NOT work with DHCP interfaces

ifconfig eth0:2 del 10.168.76.11 - removes the virtual interface

IPv6 Config:

Features:

1. Auto-configured by default gateway (router)

2. fe80:: - link-local address (loopback/local subnet address)

3. 2002:: - 6to4 address, that can be configured based on IPv4 embedded address,
using HEX notation

4.ping6 -I eth0 fe80::

5.traceroute6 - used to trace routes on IPv6 networks

ARP IN REDHAT LINUX

ARP

Features:
1. Resolves layer-2 (OSI model) MAC addresses to layer-3 IP addresses

Task:

1. Examine MAC addresses using: ifconfig and arp
•ifconfig - returns our local MAC addresses
Link encap:Ethernet HWaddr 00:02:B3:98:41:08
•arp -a - returns MAC to IP mappings

Note:

•When 2 TCP/IP hosts communicate, ARP is performed to translate the IP address (v6/v4) to a MAC address.
•If a one or more routers separate the communicating hosts, then the MAC address
of the default router's (gateway's) interface is stored by each client

TELNET IN REDHAT LINUX

TELNET:

Features:
1. Great for basic TCP port diagnosis

Task:
1. Connect to TCP ports on various hosts
•telnet 192.168.75.100 22
•telnet www.linuxcbt.com 80

Netstat:

Features:

1. Provides network connection information from /proc/net/*

Task:
1. Return useful information for various protocols
•netstat
•netstat -a - returns all protocols/sockets
•netstat -ntlp - returns all TCP LISTENERS without name resolution
•netstat -nulp - returns all UDP lISTENERS without name resolution

Note:
•netstat uses /etc/services to translate ports to names
•0.0.0.0:514 - this means that Syslog will accept traffic to any of the defined IP
addresses/interfaces on the system

• netstat -ntp - returns established connections (sockets)
• netstat -rn - returns the routing table

COMMONG NETWORK UTILITES IN REDHAT LINUX

COMMONG NETWORK UTILITES

Features:

1. Useful for basic troubleshooting

PING:

Features:

1. ability to communicate with hosts using ICMP

•PING sends ICMP echo-requests
•PING expects to receive ICMP echo-replies

Task:

PING some hosts and evaluate the output

1. ping localhost (127.0.0.1)

2. ping -c 3 localhost - sends 3 ICMP echo-requests

Note:

•'ping localhost' performs name resolution using /etc/hosts

•/etc/hosts stores static name-to-IP mappings

•127.0.0.0/8 is fully-reserved to the loopback adapter of ALL IPv4 hosts

3. ping -c 3 192.168.75.199

4. ping -c 3 -i 3 192.168.75.199 - delays PINGs to 3 seconds apart

Note:

•PING defaults to a standard 1-second interval

•Firewall(s) may block ICMP traffic, causing PING to fail

LOG ROTATION IN REDHAT LINUX

Log Rotation

Features:

1. Rotation of logs based on criteria
•size
•age (daily, weekly, monthly)

2. Compression

3. Maintain logs for a defined period

•/etc/logrotate.conf - primary (global) config file for all logs
•-can be overriden by context-sensitive files. i.e. apache
•run 'man logrotate'
•/etc/logrotate.d - directory for logs to be rotated
•-httpd - used to rotate Apache logs

/var/log/httpd/*log
{
missingok
notifempty
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
endscript
}

Task:

Setup rotation rule for Cisco log

1. Create entry in: /etc/logrotate.d based on /etc/logrotate.d/syslog

2. Modified the entry to rotate based on new criteria

3. Rotated using: 'logrotate /etc/logrotate.conf'

•Note: Force using: 'logrotatate -f /etc/logrotate.conf'

SYSLOGD IN REDHAT LINUX

SYSLOGD

Features:

1. Handles logging

2. Unix Domain Sockets (/dev/log)

3. Internet Sockets (UDP:514)

4. Ability to log to local and remote targets

5.Implented as 'sysklogd' package

6.Primary configuration file: /etc/syslog.conf

Standard syslog.conf file contains:

1. Rules

•a.facilities -> applications/daemons/network device/etc.

•b. levels -> Importance of message

Range: 0-7
•7 = emergency (less information)
•6 = alert
•5 = critical
•4 = error
•3 = warning
•2 = notice
•1 = info
•0 = debug (more information)

2. Targets

•file - /var/log/messages

•b. tty - /dev/console

•c. remote hosts - @IP_ADDR_of_REMOTE_HOST

•'*' = catchall/wildcard to mean any facility or level

•'.none' = exclusion rule
'man syslog.conf' to learn about the support facilities.levels

Task:

1. Enable UDP logging for remote Cisco gateway (192.168.75.1)

•netstat -nul | grep 514 - reveals UDP:514 listener

•nano /etc/sysconfig/syslog
'SYSLOGD_OPTIONS="-r"'

•restart syslog and confirm UDP:514 listener
confirm using 'netstat -nul | grep 514'

•Configure the router using facility 'local0' and level 'info'

•configure /etc/syslog.conf to accept 'local0.info'

•restart or reload 'syslog'

CRON-SCHEDULER IN REDHAT LINUX

CRON-SCHEDULER

Features:

1. Scheduler

2. Rules (Cron entries) are based on times:
• minute (0-59)
• hour (0-23)
• day of the month (1-31)
• month (1-12)
• day of the week (Sun,Mon,Tue, etc. OR 0-7)
• command to execute (shell, perl, php, etc.)

3. Wakes up every minute in search of programs to execute

4. Reads cron entries from multiple files

5. Maintains per-user and system-wide (/etc/crontab) schedules

In /etc:
•cron.d/
•cron.deny - denies cron execution by user
•cron.monthly/ - runs jobs monthly
•cron.weekly/ - runs jobs weekly
•cron.daily/ - runs jobs daily
•cron.hourly/ - runs jobs hourly
•crontab - contains system-wide schedules

Note: '*' wildcard in a time column means to run for all values

6. Per-user Crontabs:
Stored in: /var/spool/cron

Task:

1. Create a cron entry for the user 'student1'
• su student1
• crontab -e
• create an entry, minus the name of the user

Note: 'crontab -l' - enumerates per-user cron entries

System-wide Crontab:
Stored in: /etc/crontab

Task:

1. Create a cron entry in: /etc/crontab

Note: 'crontab -l -u username' - enumerates per-user cron entries

YUM CONFIGURATION IN REDHAT LINUX

YUM CONFIGURATION

Features:

1. The ability to centralize packages (updates)

Installation & Setup:

1. Install 'createrepo*rpm'

2. Setup directory structure
• /srv/www/linuxcbt.com/RH5/yum

3. Run 'createrepo /srv/www/linuxcbt.com/RH5/yum'

4. Publish the yum repository using HTTP

5. Configure yum client to use HTTP to fetch the RPMs

• /etc/yum.conf
• a1. ###Included as our first repository on the SUSE box###
[0001]
• name=linuxcbtsuse1
• baseurl=http://192.168.75.100/RH5/yum

Note: Ensure that about 3GBs are available for the yum respository
tar -cjvf yum_metadata.bz2 repodata

Yum Usage:

1. Search for packages
a. 'yum search gftp'

2. Install packages - Requires RedHat GPG Key for RPMs
rpm --import http://192.168.75.100/RH5/i386/RPM-GPG-KEY-redhat-release
• 'yum -y install gftp'
• 'yum -y install gftp dhcp' installs 2 packages'

3. Remove Package
• 'yum -y remove gftp'

RPM IN REDHAT LINUX

RPM

Features:

1. Provides package management
• Query
• Install
• Uninstall
• Upgrade
• Verify

2. Auto-verifies packages using GPG, MD5, SHA1SUMs

3. Automatically reports on unresolved dependencies
'rpm'

Query:

1. rpm -qa - dumps all installed packages

2. rpm -qa | wc -l - this dumps all packages and provides a count

3. rpm -qa | grep -i nano

4. rpm -qi nano - dumps info. about the 'nano' package as it's recorded in the
local RPM database

5. rpm -qf /usr/bin/nano - dumps package membership info. for the 'nano' file

6. rpm -qpi http://192.168.75.100/RH5/i386/Server/dhcp-3.0.5-7.el5.i386.rpm -
dumps info. about the uninstalled 'dhcp' package, which resides on the
repository

7. rpm -ql package_name - returns all included files

Verify:

1. rpm -Va - verifies ALL packages on the system, returning info. only if there
are discrepancies from the original installation

2. rpm -Vf /usr/bin/nano

3. rpm -Vp nano

Install (Does NOT overwrite previous package):

Note: Use this method to install a new version of the kernel

1. rpm -ivh *.rpm

2. rpm -ivh http://192.168.75.100/RH5/i386/Server/dhcp-3.0.5-7.el5.i386.rpm

Task:

Change '/usr/bin/nano' then verify

SM5....T /usr/bin/nano

S(file size), M(mode or permissions), 5(MD5), T(mod time)

Upgrade (Installs or overwrites existing package):

1. rpm -Uvh *.rpm

2. rpm -Uvh http://192.168.75.100/RH5/i386/Server/dhcp-3.0.5-7.el5.i386.rpm

Freshen (Updates an existing package):

Note: Will NOT install the package, if it doesn't exist locally

1. rpm -Fvh *.rpm - freshens the current version of a package

Removal:
1. rpm -ev *.rpm - removes a pacakge

Note: removal process considers dependencies and will complain if the removal will break 1 or more packages. To get around this, use '--nodeps' option with 'rpm -ev --nodeps *.rpm'

2. rpm -ev gftp

Package Management GUI:

1. Add/Remove Software
2. system-config-packages

RAID IN REDHAT LINUX

RAID

Features:
1. The ability to increase availability and reliability of data

Tasks:
1. Create a RAID-1 Device (/dev/md0..n)
• fdisk /dev/sdb - to create usable raw partitions
• partprobe /dev/sdb - to force a kernel update of the partition layout of
the disk: /dev/sdb
• mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb5 /dev/sdb6
• cat /proc/mdstat - lists active RAID (md) information
• mke2fs -j /dev/md0 - overlays a file system on the RAID device
• mount /dev/md0 /raid1
• update: /etc/fstab

Note:
• use 'mdadm --query /dev/md0' to get information about a RAID device
• You may create RAID volumes/devices on a single or on multiple disks
Ideally, your RAID volumes should span multiple physical disks to improve:
• reliability
• performance
• availability

2. Remove the RAID-1 device
• umount /dev/md0
• mdadm --manage --stop /dev/md0

3. Create a RAID-5 Volume
• fdisk /dev/sdb - to create a partition number 7
• partprobe /dev/sdb - to update the kernel's view of the partition table
• mdadm --create /dev/md0 --level=5 --raid-devices=3 /dev/sdb5
/dev/sdb6 /dev/sdb7
• watch cat /proc/mdstat - refreshes every 2 seconds
• Overlay a file system: mke2fs -j /dev/md0
• mount /dev/md0 /raid5
• Test I/O to RAID-5 device
• Update: /etc/fstab

LOGICAL VOLUME MANAGEMENT(LVM) IN REDHAT LINUX

Features:
1. Ability to create volume sets and stripe sets

2. LVM masks the underlying physical technology (ATA,ATAPI,IDE,SCSI,SATA,PATA,etc.)

3. LVM represents storage using a hierarchy:

• Volume groups
a1. Physical volumes (/dev/sda2, /dev/sdb2, etc.)
• b. Logical Volumes
b1. File systems
4. LVM physical volumes can be of various sizes
5. Ability to resize volumes on the fly

Note: Volume groups join: physical volumes (PVs) and Logical Volumes (LVs)

6 Steps to setup LVM:
1. Create LVM partitions via fdisk or parted
• fdisk /dev/sda, /dev/sdb, /dev/sdc
• n
• p
• +10G
• t - change to type '8e' (LVM)
• w
• partprobe /dev/sda

2. Create Physical Volumes using 'pvcreate'
• pvcreate /dev/sda3 /dev/sdb3 /dev/sdc3

3. Create Volume Groups using 'vgcreate'

• vgcreate volgroup001 /dev/sda3 /dev/sdb3 /dev/sdc3

Note: Volume groups can be segmented into multiple logical volumes

4. Create one or more Logical Volumes
• lvcreate -L 10GB -n logvolvar1 volgroup001
• b. lvcreate -L 10GB -n logvolusr1 volgroup001

5. Create File system on logical volume(s)
• mke2fs -j /dev/volgroup001/logvolvar1
• b. mke2fs -j /dev/volgroup001/logvolusr1

6. Mount logical volume
• mkdir /var1
• mount /dev/volgroup001/logvolvar1 /var1
• mkdir /usr1
• mount /dev/volgroup001/logvolusr1 /usr1

Note: Be certain to update: /etc/fstab so that volumes are mounted when the system reboots

3-tiers of LVM display commands include:
• pvdisplay - physical volumes - represent raw LVM partitions
• vgdisplay - volume groups - aggregate physical volumes
• lvdisplay - logical volumes - file systems - mount here

Rename of Logical Volume:

1. lvrename volume_group_name old new - used to rename volumes

Task:
Rename 'logvolvar1' to 'logvolopt1'
• lvrename volgroup001 logvolvar1 logvolopt1

Note: LVM is updated immediately, even while volume is mounted
However, you must remount the logical volume to see the changes
• b. umount /var1 && mount /dev/mapper/volgroup001-logvolopt1 /opt1
• c. Update /etc/fstab

Remove Logical Volume:

Task:

Remove 'logvolusr1' from the logical volume pool

• umount /usr1
• lvremove /dev/mapper/volgroup001-logvolusr1
• use 'lvdisplay' to confirm removal


Resize Logical Volume:

Task:

Grow (resize) 'logvolopt1' to 20GB

• lvresize -L 20GB /dev/volgroup001/logvolopt1
• lvdisplay - to confirm new size of logical volume
• df -h - will still reveal the current size
• Resize the file system to update the INODE table on the logical volume to account for the new storage in 'logvolopt1'
'resize2fs -f -p /dev/volgroup001/logvolopt1'
Note: You may resize file systems online if the following are met:
2.6x kernel series
MUST be formatted with ext3
Task:
Shrink (resize) 'logvolopt1' to 15GB

• lvresize -L 15GB /dev/volgroup001/logvolopt1
• lvdisplay
• df -h
• resize2fs -f -p /dev/volgroup001/logvolopt1

Note: online shrinking is not supported
• e. df -h
Note: Check disk utilization prior to shrinking to reduce the risk of losing data

LVM GUI utility:

• system-config-lvm

CREATE SWAP BASED ON FILES IN REDHAT LINUX

Features:

1. The ability to provision swap space based on a file, similar to pagefile.sys
in Windows NT, etc., if you have no available disk space to partition.

2. Doesn't waste partitions

Task:
1. Create 512MB swap file

• dd if=/dev/zero of=/home1/swapfile1 bs=1024 count=524288
• mkswap /home1/swapfile1 - overlays swap file system
• swapon /home1/swapfile1 - makes swap space avaialable to the kernel

2. Ensure that when the system reboots, the swapfile is made avialable to the kernel

• nano /etc/fstab - /home1/swapfile1 swap swap defaults 0 0

3. Create 2GB swap file
• dd if=/dev/zero of=/home1/swapfile2 count=2G

SWAP PARTITIONS AND FILES IN REDHAT LINUX

SWAP PARTITIONS AND FILES

Features:

Extra, virtual RAM for the OS

Steps:
1. Identify current swap space

• swapon -s - enumerates partitions and/or files, which constitute swap storage

• free -m

2. Select target drive and provision swap partition

• fdisk /dev/sdb

• n

• 2

• 500

• +512 (cylinder 562) - 63 cylinders are required for 512MB

• t - change type

• 82 - Linux Swap/Solaris

• w - committ changes to disk

3. Create the swap file system on the raw partition: /dev/sdb2

• mkswap /dev/sdb2

4. Enable swapping - publish the swap space to the kernel

• swapon /dev/sdb2 - this enables swapping on /dev/sdb2

5. update /etc/fstab

• /dev/sdb2 swap swap defaults 0 0

6.swapoff /dev/sdb2 - disables swapping on /dev/sdb2

Task:

1. Improve system performance by distributing swapping to /dev/sdb2

• swapon /dev/sdb2

• swapoff /dev/sda6

• disable /dev/sda6 via /etc/fstab

BASIC PROVISIONING OF PARTITIONS AND FILE SYSTEMS IN REDHAT LINUX

BASIC PROVISIONING OF PARTITIONS AND FILE SYSTEMS

Features:

1. Ability to provision extra storage on-the-fly

Steps:

1. Identify available storage
• 'fdisk -l' - returns connected storage

2. Create partitions on desired hard drive:
• 'fdisk /dev/sdb' - interacts with /dev/sdb drive
• 'n' - to add a new partition
• 'p' - primary
• '1' - start cylinder
• '+4096M' - to indicate 4 Gigabytes
• 'w' - to write the changes to the disk

Note:
• use 'partprobe partition (/dev/sdb1)' to force a write to a hard drive's
partition table on a running system
• 'fdisk' creates raw partitions

3. Overlay (format) the raw partition with a file system
• mke2fs -j /dev/sdb1 - this will write inodes to partition

4. Mount the file system in the Linux file system hierarchy:
• mkdir /home1 && mount /dev/sdb1 /home1
• mount OR df -h - either will reveal that /dev/sdb1 is mounted

Note: lost+found directory is created for each distinct file system

5. Configure '/home1' to auto-mount when the system boots
• nano /etc/fstab and copy and modify the '/home' entry

USER QUOTAS IN REDHAT LINUX

USER QUOTAS

Features:

1. Limits disk usage (blocks or inodes)

2. Tied to file systems (set on a per file system basis)

3. Can be configured for users and groups

Steps to enable quota support:

1. Enable quota support per file system in: /etc/fstab

• defaults,usrquota,grpquota

2. Remount the file system(s)

• mount -o remount /

• use 'mount' to confirm that 'usrquota,grpquota' support are enabled

3. Create quota database files and generate disk usage table

• quotacheck -mcug / - this creates /aquota.user & /aquota.group

• quotacheck -mavug

4. Assign quota policies

• edquota username - set blocks/inodes soft_limits hard_limit

• edquota student1 - sets quotas for user 'student1'

• export EDITOR=nano - to have edquota default to 'nano' editor

5. Check quotas

• quota username

Ex: quota student1

Note: place 'quotacheck -avug' in /etc/cron.*(hourly,daily)

6. Report on usage

• repquota -a - this reports on usage

Note: The blocks are measured in 1K increments. i.e. 20000 blocks is roughly 20MB

SYMLINKS IN REDHAT LINUX

SYMLINKS

Features:

1. Provides shortcuts to files (including directories)

2. Provides hard links to inode (file system) locations

Soft Links:

1. ln -s source_file target

a. ln -s ./regextest.pl lastscript.pl

Note:
• Soft links may span multiple file systems/hard drives
• Symlink count is NOT increased when using soft links

2. ln -s /home/linuxcbt/testRH5/regextest.pl . - this will symlink (soft) to
the /boot file system

Note: With soft links, if you change the name or location of the source file, you will break ALL of the symlinks (soft)

Hard Links:

Features:

1. The ability to reference the same inode/hard drive location from multiple
places within the same file system
• ln source target
• ln regextest.pl ./testhardregextest.pl - creates a hard link

SETUID IN REDHAT LINUX

SETUID:

Features:

a.ability to execute file as owner

b.chmod 4760 regextest.pl - this will ensure that the perl script always
executes as the user 'linuxcbt'

-rwsrw---- 1 linuxcbt sales 787 Jan 13 16:08 regextest.pl

's' in the execute position means that the program will execute as that user


SETGID:

Features:
Ability to enforce permissions to a directory structure
• mkdir /sales
• chmod 2775 /sales

Example:

Create a file in the '/sales' directory as 'linuxcbt'
• seq 1000000 > linuxcbt.1million.txt
chgrp:

Permits updating of group permissions

Sticky Bit:

Features:

Ability to ensure that users cannot delete others' files in a directory

drwxrwxrwt 23 root root 4096 Jan 13 15:05 /tmp/

/tmp - users cannot delete other user's files in '/tmp'

chmod 3777 /sales - ensures that /sales will not lose files from incorrect users

Task:
Set '/sales' using sticky bit and test
a. chmod 3777 /sales && ls -ld /sales OR chmod 777 /sales && chmod +t /sales

FILE TYPES-PERMISSIONS-SYMLINKS IN REDHAT LINUX

FILE TYPES-PERMISSIONS-SYMLINKS

Features:
1. The ability to restrict/control access to files

Note:

• 10 bits represent permissions for files (including directories)

• use 'ls -l' to examine permissions or GUI application like 'Nautilus'

-rwxrwxr-x 1 linuxcbt linuxcbt 681 Jan 13 11:31 regextest.pl

• 1st bit = file type. '-' = file, 'd' = directory

• 2nd - 4th bits = owner's permissions

• r = read = 4

• w = write = 2

• x = execute = 1

• -= none = 0

• 5th - 7th bits = group owner's permissions

• r = read = 4

• w = write = 2

• x = execute = 1

• -= none = 0

• 8th - 10th bits = everyone (world)

• r = read = 4

• w = write = 2

• x = execute = 1

• -= none = 0

Task:

1. Manipulate file permissions using 'chmod'

• chmod -x regextest.pl

• -rw-rw-r-- 1 linuxcbt linuxcbt 681 Jan 13 11:31 regextest.pl

• rw = 6 or 4+2 for owner

• rw = 6 or 4+2 for group owner

• r = 4 for everyone else (world)

• Octal notation: 664 for file 'regexetest.pl'

• chmod 664 regextest.pl - removes execution for ALL users

• chmod 775 regextest.pl - enables execution for ALL users


2. Ensure that 'regextest.pl' is rw by owner and noone else

• chmod 600 regextest.pl

Note: File will now be rw by owner (linuxcbt) and 'root'

3. Ensure that 'regextest.pl' is r by owner and noone else

• chmod 400 regextest.pl && ls -l regextest.pl

Note: chmod supports string values, which represent octal values

• chmod +/- x file

• chmod +/- w file

• chmod +/- r file

• chmod +/- u+x file - updates owner's execute permissions on the file

• chmod +/- o+x file - updates other's execute permissions on the file

• chmod +/- g+x file - updates group's execute permissions on the file

• chmod a+rwx = chmod 777

• chown - permits changing of ownership of files

chown root regextest.pl - changes ownership to 'root'

chown linuxcbt:sales regextest.pl - changes owner and group to
'linuxcbt:sales'

Task:

Update 'regextest.pl' so that owner and group owner may modify the file

• chmod 660 regextest.pl

USER/GRUOP MANAGEMENT IN REDHAT LINUX

USER/GRUOP MANAGEMENT

Features:
The ability to control users and groups

Primary tools:

1. useradd - used to add users and modify group membership

2. system-config-users

Task:

1. Create a user named 'student1' using 'useradd'

Note:

a.Default user settings derive from: /etc/login.defs

b.useradd student1

c.set password for user 'student1': passwd student1

d.Default User Accounts DB: /etc/passwd

e.student1:x:501:501::/home/student1:/bin/bash

f.username:shadow_reference:uid:gid:Description(GECOS):$HOME:$SHELL

Note:

a./etc/passwd is a world-readable file

b./etc/shadow now stores passwords in encrypted form

c./etc/shadow is NOT world-readable

Fields in /etc/shadow:

a.student1:$1$XSFMv2ru$lfTACjN.XxaxbHA0EkB4U0:13891:0:99999:7:::

b.username:

encrypted_password:
Days_since_Unix_epoch_password_was_changed (01/01/1970)
Days before password may be changed
Days after which the password MUST be changed
Days before password is to expire that user is warned
Days after password expires, that account is disabled
Days since Unix epoch, that account is disabled
Reserved field (currently unused)

2. Modify user 'student1' to have password expire after 45 days
usermod

Groups:

1. groupadd - adds new group

2. groups - lists groups on the system: /etc/group
/etc/group - maintains group membership information

Task:
a.Create a 'sales' group and add 'linuxcbt' and 'student1' as members
b.groupadd sales
c.usermod -G sales linuxcbt
d.usermod -G sales student1

Note: 2 types of groups exist:

1. Primary - used by default for a user's permissions
2. Supplemental - used to determine effective permissions

Note:
• use 'id' to determine the group information of user
• Create a new shell session to realize new group membership information
userdel/groupdel are used to delete users and groups, respectively

SYSTEM UTILITIES IN REDHAT LINUX

SYSTEM UTILITIES
Features:
1. Process listing

2. Free/available memory

3. Disk utilization

1. ps - process status/listing
ps -ef or ps -aux

2. top - combines, ps, uptime, free and updates regulary

3. uptime - returns useful system utilization information:
a.current time
b. uptime - days, hours and minutes
c. connected users
d. load averaged - 1,5,15 minute values

4. free - returns memory utilization
a.RAM
b.SWAP
c.free -m - for human readable format

5. df - returns disk partition/mount point information
a.df - returns info. using kilobytes
b.df -h - returns info. using megabytes/human readable (gigs/teray/etc.)

6. vmstat - reports on: processes, memory, paging, block I/O, traps, CPU activity
a.vmstat
b.vmstat -p /dev/hda1 - returns partitions stats for /dev/hda1 (/boot)

7. gnome-system-monitor - GUI, combining most system utilities

8. ls -ltr /proc
a.cat /proc/cpuinfo

9. kill PID - kills the process with a given PID

10. runlevel - returns runlevel information using 2 fields:
a.represents previous runlevel
b.represents current runlevel

PERL

PERL

Features:

1. Parses text

2. Executes programs

3. CGI - Web forms, etc.

4. Supports RegExes (Perl and POSIX)

5. etc.

Task:

1. Print 'Hello World' to STDOUT
1)perl -c helloworld.pl - checks the syntax of the script
2)perl helloworld.pl - executes the script
3)chmod +x helloworld.pl && ./helloworld.pl

2. Parse RegExes from the command line

SED-STREAM EDITOR

SED-STREAM EDITOR

Features:

1. Faciliates automated text editing

2. Supports RegExes (POSIX)

3. Like Awk, supports scripting using '-F' option

4. Supports input via: STDIN, pipe, file

Usage:

1. sed [options] 'instruction[s]' file[s]

2. sed -n '1p' grep1.txt - prints the first line of the file

3. sed -n '1,5p' grep1.txt - prints the first 5 lines of the file

4. sed -n '$p' grep1.txt - prints the last line of the file

5. sed -n '1,3!p' grep1.txt - prints ALL but lines 1-3

6. sed -n '/linux/p' grep1.txt - prints lines with 'linux'

7. sed -e '/^$/d' grep1.txt - deletes blank lines from the document

8. sed -e '/^$/d' grep1.txt > sed1.txt - deletes blank lines from the document
'grep1.txt' and creates 'sed1.txt'

9. sed -ne 's/search/replace/p' sed1.txt

10. sed -ne 's/linux/unix/p' sed1.txt

11. sed -i.bak -e 's/3/4' sed1.txt - this backs up the original file and creates
a new 'sed1.txt' with the modifications indicated in the command

Note:
1)Generally, to create new files, use output redirection, instead of
allowing sed to write to STDOUT
2)Sed applies each instruction to each line

AWK

AWK
Features:

1. Field/Column processor

2. Supports egrep-compatible (POSIX) RegExes

3. Can return full lines like grep

4. Awk runs 3 steps:

BEGIN - optional

Body, where the main action(s) take place

END - optional

5. Multiple body actions can be executed by separating them using semicolons. e.g. '{ print $1; print $2 }'

6. Awk, auto-loops through input stream, regardless of the source of the stream. e.g. STDIN, Pipe, File

Usage:

1. awk '/optional_match/ { action }' file_name | Pipe

2. awk '{ print $1 }' grep1.txt

Note: Use single quotes with awk, to avoid shell interpolation of awk's variables

3. awk '{ print $1,$2 }' grep1.txt

Note: Default input and output field separators is whitespace

4. awk '/linux/ { print } ' grep1.txt - this will print ALL lines containing 'linux'

5. awk '{ if ($2 ~ /Linux/) print}' grep1.txt

6. awk '{ if ($2 ~ /8/) print }' /var/log/messages - this will print the entire line for log items for the 8th

7. awk '{ print $3 }' /var/log/messages | awk -F: '{ print $1}'

GREP IN LINUX

GREP

Features:
1. The ability to parse lines based on text and/or RegExes

2. Post-processor

3. Searches case-sensitively, by default

4. Searches for the text anywhere on the line

EXAMPLE:

1. grep 'linux' grep1.txt

2. grep -i 'linux' grep1.txt - case-insensitive search

3. grep '^linux' grep1.txt - uses '^' anchor to anchor searches at the beginning of lines

4. grep -i '^linux' grep1.txt

5. grep -i 'linux$' grep1.txt - uses '$' anchor to anchor searches at the end of lines

Note: Anchors are RegEx characters (meta-characters). They're used to match at the beginning and end of lines

6. grep '[0-9]' grep1.txt - returns lines containing at least 1 number

7. grep '[a-z]' grep1.txt

8. rpm -qa | grep grep - searches the package database for programs named 'grep'

9. rpm -qa | grep -i xorg | wc -l - returns the number of pacakges with 'xorg' in their names

10. grep sshd messages

11. grep -v sshd messages - performs and inverted search (all but 'sshd' entries will be returned)

12. grep -v sshd messages | grep -v gconfd

13. grep -C 2 sshd messages - returns 2 lines, above and below matching line

Note:
Most, if not all, Linux programs log linearly, which means one line after another, from the earliest to the current
Use single or double quotes to specify RegExes
Also, execute 'grep' using 'egrep' when RegExes are being use

TAR,GZIP,BZIP2,ZIP

TAR,GZIP,BZIP2,ZIP
Features:
Compression utilities (gzip, bzip2, zip)
File rollers (the ability to represent many files as one)
GZIP:
Includes:
gzip - compresses/decompresses files
gunzip - decompresses gzip files

Tasks:
1. compress '1million.txt' file using gzip
gzip -c 1million.txt > 1million.txt.gz

Note: gzip auto-dumps to STDOUT, by default

gzip -l 1million.txt.gz - returns status information
• gunzip 1million.txt.gz - dumps to file, and removes compressed version
• gzip -d 1million.txt.gz
• zcat 1million.txt.gz - dumps the contents to STDOUT
• less 1million.txt.gzip - dumps the contents of gzip files to STDOUT

Bzip2:

1. bzip2 -c 1million.txt > 1million.txt.bz2
Note: Bzip2 tends to outperform gzip on larger files
2. bunzip2 1million.txt.bz2
3. bzip2 -d 1million.txt.bz2
4. bzcat 1million.txt.bz2 - dumps contents to STDOUT
5. less 1million.txt.bz2 - also dumps the contents to STDOUT
Zip & unzip:
1. zip filename.zip path/ - general usage
2. zip 1million.txt.zip 1million.txt
Note: zip differs slight from gzip and bzip2 in that the destination file (resultant zip file) is specified before the source
3. unzip 1million.txt.zip


Tar & Gzip/Bzip2:
1. tar -cvf filename.tar path/ - creates a non-compressed archive
2. tar -cvf 1million.txt.tar 1million.txt
Note: tar, requires a small overhead for itself in each file
3. tar -czvf 1million.txt.tar.gz 1million.txt - creates, tar/gzip document
4. tar -cjvf 1million.txt.tar.bz2 1million.txt - creates, tar/bzip2 document
5. tar -tzvf
6. tar -cjvf 1million.txt.tar.bz2 1million.txt testRH5/- creates, tar/bzip2
document for the text file and 'testRH5' directory tree

COMMAND CHAINING

COMMAND CHAINING
Features:
1.Permits the execution of multiple commands in sequence
2.Also permits execution based on the success or failure of a previous command
3.cat 123.txt ; ls -l - this runs first command, then second command
without regards for exit status of the first command
4.cat 123.txt && ls -l - this runs second command, if first command
is successful
5.cat 1234.txt && ls -l
6.cat 123.txt || ls -l - this runs second command, if first command fails

1. more|less - paginators, which display text one-page @ a time
1.1)more /etc/fstab
1.2)less 1thousand.txt

2. seq - echoes a sequence of numbers
seq 1000 > 1thousand.txt - creates a file with numbers 1-1000

3. su - switches users
su - with no options attempts to log in as 'root'

4. head - displays opening lines of text files
head /var/log/messages

5. tail - displays the closing lines of text files
tail /var/log/messages

6. wc - counts words and optionally lines of text files
wc -l /var/log/messages
wc -l 123.txt

7. file - determines file type
file /var/log/messages

BASIC LINUX COMMANDS

BASIC LINUX COMMANDS

1. tty - reveals the current terminal
2. whoami - reveals the currently logged-in user
3. which - reveals where in the search path a program is located
4. echo - prints to the screen
1.echo $PATH - dumps the current path to STDOUT
2.echo $PWD - dumps ths contents of the $PWD variable
3.echo $OLDPWD - dumps the most recently visited directory
5. set - prints and optionally sets shell variables
6. clear - clears the screen or terminal
7. reset - resets the screen buffer
8. history - reveals your command history
!690 - executes the 690th command in our history
command history is maintained on a per-user basis via:
~/.bash_history
~ = users's $HOME directory in the BASH shell
9. pwd - prints the working directory
10. cd - changes directory to desired directory
'cd ' with no options changes to the $HOME directory
'cd ~' changes to the $HOME directory
'cd /' changes to the root of the file system
'cd Desktop/' changes us to the relative directory 'Desktop'
'cd ..' changes us one-level up in the directory tree
'cd ../..' changes us two-levels up in the directory tree
11. Arrow keys (up and down) navigates through your command history
12. BASH supports tab completion:
type unique characters in the command and press 'Tab' key


13. You can copy and paste in GNOME terminal windows using:
left button to block
right button to paste OR Ctrl-Shift-v to paste
14. ls - lists files and directories
ls / - lists the contents of the '/' mount point
ls -l - lists the contents of a directory in long format:
Includes: permissions, links, ownership, size, date, name
ls -ld /etc - lists properties of the directory '/etc', NOT the contents
of '/etc'
ls -ltr - sorts chronologically from older to newer (bottom)
ls --help - returns possible usage information
ls -a - reveals hidden files. e.g. '.bash_history'
Note: files/directories prefixed with '.' are hidden. e.g. '.bash_history'
15. cat - catenates files
cat 123.txt - dumps the contents of '123.txt' to STDOUT
cat 123.txt 456.txt dumps both files to STDOUT
cat 123.txt 456.txt > 123456.txt - creates new catenated file
16. mkdir - creates a new directory
mkdir testRH5 - creates a 'testRH5' directory
17. cp - copies files
cp 123.txt testRH5/
By default, 'cp' does NOT preserve the original modification time
cp -v 456.txt testRH5/
18. mv - moves files
mv 123456.txt testRH5/ - moves the file, preserving timestamp
19. rm - removes files/directories
rm 123.txt
rm -rf 456.txt - removes recursively and enforces
20. touch - creates blank file/updates timestamp
touch test.txt - will create a zero-byte file, if it doesn't exist
touch 123456.txt - will update the timestamp
touch -t 200801091530 123456.txt - changes timestamp

21. stat - reveals statistics of files
stat 123456.txt - reveals full attributes of the file
22. find - finds files using search patterns
find / -name 'fstab'
Note: 'find' can search for fields returned by the 'stat' command
23. alias - returns/sets aliases for commands
alias - dumps current aliases
alias copy='cp -v'
FTP INSTALLATION

Steps:
1. Create FTP user account on FTP server
'useradd -s /bin/false -d /srv/wwwlinuxcbt.com linuxinstall'
'passwd linuxinstall'
2. Confirm FTP connectivity as the user 'linuxinstall'
3. Reboot server with 'boot.iso' CD and type 'linux askmethod'

Monday, December 28, 2009

KICKSTART CONFIGURATION

Features:
1. Hands-free, automated installation
2. Scripted installation
3. Script can be used on multiple systems
Note: 'system-config-kickstart' is NOT installed by default
Steps:
1. Open previously created 'anaconda-ks.cfg' file and modify
2. Define partitions accordingly
3. Confirm settings
4. Publish the 'ks.cfg' file to HTTP server
5. Install server using the following at the main menu:
'linux ks=http://192.168.75.100/ks.cfg'
Note: The following can be used to boot a kickstart installation:
1. boot.iso CD-ROM
2. First CD-ROM of the RH5 installation set
3. The DVD-ROM of the RH5 installation set
4. USB Pen/Stick - diskboot.img (use dd)