Professional Documents
Culture Documents
Linux Installation: Installing Linux Redhat 9 by
Linux Installation: Installing Linux Redhat 9 by
Overview
The object of this seminar is to provide comprehensive check list of the more important steps to be taken to install a linux system.
cont...
Overview continued
Although the labs can be done without a lot of background in UNIX systems programming, it is advisable to have some basic concepts of the following topics: 1. Basic scripts 2. Sed and awk expressions 3. Regular expressions 4. Setting up UDP and TCP sockets
Overview cont.
5. Setting up DNS servers 6. Setting up a web server
Introduction
1. System Installation and Customization 2. System Maintenance 3. System Performance and Monitoring
Installing via NFS Installing via FTP Installing via HTTP Welcome to RedHat Linux Language Configuration Keyboard Configuration Mouse Configuration
Network Configuration Firewall Configuration Language Support Selection Time Zone Configuration Set Root Password
Preparing to Install Installing Packages Boot Diskette Creation Video Card Configuration X Configuration Monitor and Customization Installation Complete
1. Kerberos
Kerberos is a network authentication protocol created by MIT which uses symmetric key cryptography. Design goal is to eliminate the need to send passwords over the network Advantages
Conventional networks require password-based authentication schemes Such schemes requires username and password Transmission of authentication information for many services is unencrypted KERBEROS NEVER SENDS PASSWORDS ACROSS THE NETWORK
1. Kerberos Cont.
Disadvantages
Implementation is difficult Account information migration from UNIX password database to a Kerberos password can be tedious Partial compatibility with Pluggable Authentication Modules PAM Applications need to be modified to utilize Kerberos Assumes a trusted user using an untrusted host on an untrusted network, but if Key Distribution Center (KDC) is compromised, then the entire Kerberos authentication system will be at risk. All or nothing solution. must use PAM or kerberized versions of all clients/server applications
1. Kerberos Cont.
How does it work?
Three-way authentication, client/server and KDC User authenticate to a service by sending a request to KDC KDC sends a Ticket Granting Ticket (TGT) encrypted with user's key back to user Services (kinit,klogin,..) on the client machine then decrypts the TGT using the user's key (which is derived from the user's password). User's key is used only on the client machine, never sent on the network. If client provides correct password, then TGT will be decrypted and therefore used for subsequent request, otherwise authentication fails. The TGT is set to expire after a certain period of time defined by Network Administrator
2. System Maintenance
Update Packages - up2date Install/Remove Packages - RPM Resize Existing Partition resize2fs
NOTE: boot into rescue mode
Create New Partition - fdisk Mount File System Create Swap File/Partition
dd if=/dev/zero of=/swapfile bs=1M count=512 mkswap /swapfile swapon /swapfile Make it Permanent: edit /etc/fstab and add:
/swapfile none swap defaults 00
2. System Maintenance
Run levels
/etc/inittab Change run level for system maintenance
Halt System: /sbin/init 0 Single User: /sbin/init 1 Multiuser: /sbin/init 2 Full Multiuser: /sbin/init 3 Graphical: /sbin/init 5 Reboot System: /sbin/init 6
2. System Maintenance
Booting Into Rescue Mode
Why? Forgotten root password
Boot from CD-ROM, at the prompt type linux rescue mount root filesystem, if not already mounted chroot /mountpoint passwd
2. System Maintenance
File system maintenance
Rotate /var/log files Remove stale files from /tmp
Documentation
Policies Procedures Changes
Network maintenance
Keep Firewall up-to-date Keep services up-to-date
2. System Maintenance
Planning for Disaster
Disaster: Unplanned event that disrupts the normal operation of the organization
Types of Disasters
Hardware failures Software failures Environmental failures Human errors
Backups
To restore individual file To restore entire file system
2. System Maintenance
Type of Backups
Full backup
Every single file is written to backup media
Incremental backup
Only modified files are written to backup media
Backup Media
Tape Disk Network
2. System Maintenance
Backup Technologies
tar
tar vcf /mnt/backup/home.backup.tar /home/ tar vzcf /mnt/backup/home.backup.tar /home/
cpio
find /home/ | cpio -o > /mnt/backup/home.backup.cpio find /home/ -atime +365 | cpio -o > /mnt/backup/home.backup.cpio
Show information
/sbin/hdparm -i /dev/hdX
smartd is a daemon that monitors the SelfMonitoring, Analysis and Reporting Technology System (S.M.A.R.T.) built into ATA-3 and later IDE and SCSI-3 hard drive.
/usr/sbin/smartctl -i /dev/hda Device: Maxtor 90650U2 Supports ATA Version 5 Drive supports S.M.A.R.T. and is enabled
du Disk usage
/usr/bin/du /tmp du /tmp/ 4 /tmp/screens/S-root 8 /tmp/screens ..... 4 /tmp/ssh-XXa4kqTn 4 /tmp/uscreens/S-donkey 8 /tmp/uscreens 88 /tmp
References
www.redhat.com www.disasterplan.com www.amanda.org www.linux-backup.net http://web.mit.edu/kerberos/