redhat. Linux System Administration (RH133-RHEL4-1-20050308)RH133 Red Hat Enterprise Linux System Administration RH 133-RHELS-1-20050308Table of Contents RH133 Red Hat Enterprise Linux System Administration RH133 UNIT 1 — Installation Objectives 12 ‘Agenda 13 Initial installation 14 Hardware Overview 15 CPU and Memory 16 Preparing to Install 17 Muttiboot systems 18 Device Node Examples 19 The RHEL Installer 110 Installer Features 11 RHEL Installation Overview 412 Partitioning Hard Drives 113 ‘Sample Partition Structure 14 Configuring Filo Systems 145 Software RAID 146 LVM: Logical Volume Manager 447 Network Configuration 1.18 Firewall Setup 119 ‘Security Enhanced Linux 1-20 ‘SELinux tnstallation Options and Control 121 Package Selection 1.22 Validating the Installation 1-23 noprobe Mode and Driver Disks 124 Post-Install Configuration 1-25 End of Unit t 1-26 Lab: Installation RH133 UNIT 2 — System Initialization and Services Objectives: 22 Cops 2005 He Red ot Enarsise Lx Syst Aan aten‘Agenda 23 Boot Sequence Overview 24 BIOS Initialization 28 Boot Loader Components 26 GRUB and grub.cont 27 ‘Starting the Boot Process: GRUB 28 Kemet Intaization 29 init Initialization 240 Fun levels att fete/re.d/re-sysinit 2a Jete/re.a/re 2a Daemon Processes aaa System V run levels 245 Jete/xe.d/re. local 246 Virtual Consoles 2ar Controling Services 248 System Shutdown 249 System Reboot 220 End of Unit2 2a Lab: Managing Stertup RH133 UNIT 3 — Kernel Services and Configuration Objectives 32 ‘Agenda 33 Kemel Modules a4 Kernel Module Configuration 35 The /proc filesystem 36 The /pxoe filesystem (continued) a7 fproe/ays configuration with syace1 a8 General Hardware Resources 39 ‘System Bus Support 340 Hotswappable Bus Support an ‘System Monitoring and Process Control a2 End of Unit a3 Lab: Configuring kernel parameters RH133 UNIT 4 — Filesystem Management Objectives 42 Cony 2005 Rea ee Pas Hat epi Lina Stem Admineaton Talc Caton eiray RHEL 0S‘Agenda 43 ‘System Initialization: Device Recognition 44 Disk Paritioning 45 Managing Partitions, 46 Managing Data: Filesystem Creation 47 Journaling for ext2 filesystems: ext3 48 Managing Data: mount 49 Managing Data: mount options 410 Managing Data: Unmounting Filesystems an Managing Data: File System Labels ane Managing Data: mount, by example 443 Managing Data: Connecting Network Resources ata Managing Data: /etc/fstab 415 ‘Managing Data: The Auto-Mounter 416 ext2/ext3 Filesystem Attributes 47 Virtual Memory Files 418 Filesystem Maintenance 419 Filesystem Maintenance (cont) 420 ‘Adding a Drive 421 End of Unit 2 420 Lab: Filesystem Management RH133 UNIT 5 — Network Configuration Objectives 52 Agenda 53 Device Recognition 54 Network Interfaces 55 mii-tool 56 ifconfig 57 ifup/ifdown 58 Interface Configuration Files 59 Configuration Ultities 540 Binding Multiple IP Addresses 541 DHCP/BOOTP 542 Global Network Parameters 543. Copyright ©2008 Re ae. es Ha Enos un System Adiittion Tato! Caries a2 RELI 20050008Default Route 14 Static Routes 515, Name Resolution 516 DNS Client Configuration 517 DNS Utilities 518 Network Diagnostics 519 End of Unit § 5.20 Lab: Static Network Settings RH133 UNIT 6 ~ RPM and Kickstart Objectives 62 ‘Agenda 63 The RPM Way 64 RPM Package Manager 6s Installing and Removing Software 66 Updating a Kernel RPM e7 RPM Queries 68 RPM Verification 69 (Other RPM Ulilties and Features 610 ‘Automatic Dependency Resolution en Red Hat Network (RHN) 12 HN in the Enterprise 613 HN Registration eta The up2date utility 615 Remote Administration 16 Network installation Server 17 Using Kickstart to Automate Installation 18 kickstart: Commands section 619 Kickstart: spackaces 620 Kickstart: spre, post 621 End of Unit 7 622 Lab: RPM and Kickstart RH133 UNIT 7 — User Administration Objectives 72 opyrgh© 2005 Re Hat, Pos Hat Erie Ler Sytem mean‘Agenda 73 User Policy Considerations 74 The User Account Database - /etc/passwd 15 ‘Adding a New User Account 16 User Private Groups 77 Group Administration 78 Modifying/Deleting Accounts 78 Password Aging Policies, 7410 Login Shell Scripts m1 Non Login Shell Scripts 72 Switching Accounts 7213 sudo 74 Network Users 745, ‘Authentication Configuration 746 ‘Example: NIS Configuration 747 Example: LDAP Configuration 7418 Flle Ownership 719 Linux File Permissions 7-20 SUID / SGID Executables yet “The Sticky Bit 7.22 ‘The setaid Access Mode 7.23 Default Fle Permissions 724 ‘Access Control Lists ( ACLS) 725 SELinux 726 Controling SELinux 727 SELinux Contexts 7.28 Troubleshooting SELinux 729 End of Unit 7 7-90 Lab: User and Group Administration RH133 UNIT 8 — Printing and Administration Tools Objectives 82 Agenda 83 CUPS Overview Ba CUPS Configuration Files 85 CUPS Queue Management 86 cro! a7 Controling Access to cron a8 ony © 208 Red Hs ne. ‘og Ha Entries Linx Systm Adnan Tatlo Contents eta3 MELE 20080008‘System Cron Job: tmpwateh 8410 ‘System Cron Jab: 1oarotate an ‘System Cron Job: locwatch e12 System Logging e13 syelog Configuration ang Tape Drives 45 Using tar/star 816 Using dump /restore a7 Using cpio 18 Remote Backups 19 Other Backup Software 820 End of Unit 8 ai Lab: Printing and Admin Tools RH133 UNIT 9 — The X Window System Objectives 92 ‘Agenda es Org: The X11 Server oa XOrg Server Design 95 Org Server Configuration os XOrg Modularity o7 Server and Client Relationship 98 XOrg in runlevel 3 39 XOrg in runlevel 5 o10 Configuration Utities on Remote X Sessions 912 End of Unit 9 13 Lab: The X Window System RH133 UNIT 10 — Advanced Filesystem Management Objectives 102 ‘Agenda 10-3 Software RAID Configuration 10-4 Software RAID Recovery 105 Converting LYM to LYM2 106 Creating Logical Volumes 107 yh © ons Rear oa Hat Err Le Sym Aamiiraion Toole Contre Feivan- MEL snoreResizing Logical Volumes 108 The Linux Quota System 10-9 ‘The Linux Quota System (cont) 10-10 End of Unit 10 10-411 Lab: Logical Volumes, RAID and Quotas RH133 UNIT 11 — Troubleshooting Objectives 2 ‘Agenda 113 ‘Troubleshooting 14 ‘Things to Check: x 118 Trings to Check: Networking 116 ‘Order of the Boot Process 7 Filesystem Corruption 118 Filesystem Recovery 119 Racovery Run-lovols 11-10 Rescue Environment 1411 Rescue Environment Utities, 1112 Rescue Environment Details 11-43 End of Unit 11 1144 Lab: System Rescue and Troubleshooting copy ©2005 Re Hat ed Hat Erp Ln System AdrianSources of Help * man & info documents ¢ /usr/share/doc * HOWTOs oY ‘System man pages: Use system man pages for fining syntax information for various system administration usilites, ‘Many commands also come with 1n.£0 pages. Package Documentation Most packages installed with Red Hat Enterprise Linus include documentation which is installed under /asr/share/doc. Porcxample, the Grub hoot loader comes witha very informative README file and other documents. The amount and quality of documentation will vary from package to package, but most packages include some files to supplement the anil in £0 pages, Documentation i not guaranteed 10 come in any specific format. Many developers distribute documentation in plaintext files Increasingly, developers ate publishing package documentation in HTML. format soit ean be read ‘with a web browser. Other common formats include PostScript (view with GhOSt Vi ewor send toa PostScript printer) and LaTeX (a SGML-based layout language.) HOWTOs ‘The Linux Documentation Project iip:/www.iklp.org isan organized collection of documents which offer step- bby-step instruction on various Linux tasks. These documents ae called HOWTOs, HOWTOs are distributed ina variety of formats ineluding plain ext and PostScript. They are also available in ‘many diferent langwages. ‘Copyright © 2005 Red Ha, nc 2005.09.08 All ights reserved. [RH33 Sources of Holp PagetIntroduction RH133 Red Hat Enterprise Linux System Administration a Copyright © 2005 Red Hat, nc. 2005-0008 [Allights reserved ‘nH135Invoduetion PagetCopyright +The contents ofthis course and alts modules and related materials, Including handouts to audience members, ae Copyright © 2003 Red Hat, Inc. eee ec ae ret rte uel a tat taney mi om gn cp oo ~ ‘Copyright © 2005 Rod All rights reserved. 2005-03-08 ‘RH 139 tntroduetion Page 2Red Hat Enterprise Linux + Enterprise-targeted operating system * Focused on mature open source technology * 12 to 18 month release cycle — Certified with leading OEM and ISV products + Purchased with one year Red Hat Network subscription and support contract — Support available for five years after release — Up to 24x7 coverage plans available owas ve tyooee so onan str de pear aaa About Red Hat Enterprise L ‘The Red Hat Enterprise Linux jradct Family is designed peifcally for organizations planning to wse Linux in prodetion setings. All products inthe Red Hat Enterprise Linux family are bul on the same software foundation, and maintain the highest level of ABUIAPI compatibility across elesses and ersta. Extensive suppor service are available: one year support contact and Update Module entitlement to Red Hat Network re inladed with purchase. Varios Service Level Agreements ‘ae avaiable which may provide up wo 24x7 coverage with guaranteed one hour response time. Support willbe availble for ‘upto five yeas afer a parila eee Red Hat Enterprise Linu i eleased on #swelve to cighicen month cycle, {ts based on coe developed by the open source ‘community and adds performance enhancements, intensive testing. and enfcation on prods produced by top independent sofware and hardware vendors such as Dell, IBM, Fujitsu. BEA, and Oracle. The longer release cycle allows vendors and ‘erpise user to focus ona common, sabe platform and to effectively plan migaton and upgrade cycles. Red Hat Enterprive Linux provides high degree of sandardization through is support for seven processor architectures Intel 86: -compatibe, Inte! Itanium 2, AMDB, IBM PowerPC on eServer Series and Server pSeries, nd IBM mainframe on eServer ‘Series and S/390), ‘Red Hat Enterprise Linux AS-the top-of-the-line Red Hat Enterprise Linux solution ‘compat servers and is avaiable with he highest levels of suppor ‘Re Hat Enterprise Linux ES for entry-level or mid-range departmental servers, Red Hat Enterprise Linux ES provides the ‘sae core capabilites as AS, for ystems vith up to wo physical CPUS and upto 8 ‘Re Hat Enterprise Linus WS: the destop/lentpaet for Red Hat Enterprise Linux AS and Red Hat Enterprise Linx ES. ‘on x86-compatibe syseins, Based on the stme development environment and sme sftare core as the server products, Red at Enterprise Linux WS doesnot include some network server applications Is idea for deskop deployments or use as 2 compute node in HPC clase environmen Copyright© 205 Red Hat, ne. 2006-00-08 Alrights reserved ‘R129 Introduction Page 3 tis product suppor the largest x86 BB of main memory.Red Hat Network + Acomprehensive software delivery, system management, and monitoring framework ~ Update Module, included with Red Hat Enterprise Linux, provides software updates ~ Management Module adds more scalable management capabilites for large deployments ~ Provisioning Module provides bare metal installation, configuration management, and mul state configuration rollback capabilities oo About Red Hat Network Red Hat Networks complete ystems management ptr, Iisa rework of mds For easy software updates, stems management, nd montoring, bit on open standards. Tere ae curently the modules in Red Hat Network: the Uplate Module the Management Module, andthe Provisioning Med “The Update Modules included with al sbssripions to Red Hat Enterprise Lina Kallows for easy software ups tal your Red Hat Enterpive Linus systems The Managemen Modules an enhanced version ofthe Update Module, which as adtons unconaiy lore forage organizations. These enhancement includ system grouping and set management, multiple organizational amass sad -ickage profile ompurson among oes. In aon, with RHN Proxy Server or Satellite Server, local package caching and management capabilies Become avilable The Provisioning Module provider mechanisms o provision and manage he configuration of Re Hat Enterprise Linux systems throghou their entire fe eck. supports bare metal and existing sae provisioning, storage and eng of kickstart files n RHN, configuration ile management nd deployment, mul-sate rollback and snapshot based recovery, and RPMthased aplication provisioning. fused with RHN Satelite Serve, support is added for PXE boo bae-metal Provisioning, an ntcgraed nctwork installation rec, nd configuration management profil. Copyright ©2005 Red Hat, ne 2005-03.08, Alright reserved. ‘133 Introduction PapeRed Hat Applications + Optional layered products which enhance the standard Red Hat Enterprise Linux system — Red Hat Cluster Suite ~ Red Hat Content Management System ~ Red Hat Developer Suite — Red Hat Portal Server . Red Hat Applications Red Hat provides a st of optional layered products that can be used to ence the standard Red Hat Enterprise Linux operating system. Red Hat provides full maintenance and support services for these open source middleware and application layer products. Current offerings inelude: Red Hat Cluster Suite: this product provides high availability clustering features, Both network load balancing ‘clusters and two to eight node high availability application clusters are supported. Originally part of Red Hat Enterprise Linux AS, this product has been enhanced and is now available asa separate layered product for both AS and ES based systems ‘Red Hat Content Management System: a complete workMow-based engine to manage content ereation and delivery for an intranet, extranet, or Internet web site Red Hat Developer Suite: fully featured Integrated Development Environment (IDE) for application devel based on the open source Eclipse project. Plugins for C/C++, Java, RPM, and profiling re included, and additonal plugins wil be provided as they become available ‘Red Hat Portal Server: a servle-based framework to aggregate Tocal and remote content along with applications imo an easy-to-configure web interface. Customizable templates allow the enterprise, a specific department, or the end user to provide information with the look-and-feel which is deste. [Copyright ©2005 Red Hat In. . 2005.09.08 Alright reserved ritt99 introduction Page SThe Fedora Project + Red Hat-sponsored open source project * Focused on latest open source technology — Rapid four to six month release cycle ~ Available as free download from the Intemet * Anopen, community-supported proving ground for technologies which may be used in upcoming enterprise products ~ Red Hat does not provide formal support oo About the Fedora Project "The Fedora Project isa community supported opensource projet sponsored by Red Hat intended 1 provide a "apd evolving, technology-¢riven Linux distribution with an open, highly sealable development and distribution ‘model. It is designed to be an incubator and testbed for new technologies which may be used in later Red Hat enterprise products, ‘The basic Fedora Core distribution will he available for free download frm the Internet ‘The Fedora Project wll produce releases ona shor four to six month release cycle, to bring the latest innovations of open source technology'to the community, This may make it atteactive for power users and developers who want access 10 cutting-edge technology’ and can handle the risks of adopting rapidly changing new technology. Red Hat does not provide formal support services forthe Fedora Project. Copyright ©2005 Red Ha, ne. . 2005-09-08, Allright reserved. 1133 nroduction Page 6| Audience and Prerequisites + Audience: Linux or UNIX users who understand the basics of Red Hat Enterprise Linux, that desire further technical training to begin the process of becoming a system administrator *+ Prerequisites: Experience with Linux or UNIX desktop productivity and command-line tools ‘Audience for RHI33 The Red Hat Linux System Administration course is designed for users with Linux or UNIX experience who want {e stat building skills in system administration on Red Hat Linux, toa level of competence where they are able to configure and attach a workstation toa existing nework Prerequisites for RH133 include knowledge inthe following areas: + File and directory operations + Understanding users and groups + Standard WO and pipes + String processing + Managing processes + Using the bash shell ‘Using the Red Hat Linus graphical environment + Sending e-mail and using printing + Use ofthe vitext editor ‘Copyright ©2005 Red Ha, nc. 2005-05-08 Allright reserved. 129 Introduction Page 7Our Network example com Our Sever serverl example.com ur Stations tationX example.com Evil Outside Network crackerorg Evi Outside Server} serverl.crackerorg Evi Outside Stations | statonX.cracker.org Classroom Network IP Addresses 192.1680.0724 192.1680.254 192.1680. 192.168.1024 192.168.1254 192.1681. . ‘Copyright © 2005 Red Hat, ne Alleights reserved. 2005-09-08 ‘RH139 Introduction PoeUnit 1 Installation ‘Copyright © 2005 Fea Hat, ne 7005-0548 ‘Alright reserved. ‘aH99 Unit Page 1UNIT 1: Objectives * Upon completion of this unit you should be able to: * Use Red Hat resources to identify supported hardware * Describe how Linux accesses devices * Install Red Hat Enterprise Linux * Perform basic post-install configuration a (Copyright © 2005 Red Hat, Ine. Allrights reserve. 193 Unit + Page:UNIT 1: Agenda Supported Linux hardware Linux and hardware access Installing Linux Post-install configuration ‘Copytight © 206 Red Hat, ne 2005-03-08 [Alleghte reserve, 133 Unit 1 PageInitial Installation * Please turn to Lab One Sequence One * Perform Sequence One * Complete Installation described in Sequence Two wo. Please tar othe section following Unit One, Lab One, Complete the BIOS setup indicated in Sequence One and perform an installation as per the instactons in S will have a machine running Red Hat Enterprise «quence Two. After you have completed the installation, you inn, ‘his installation is minimal, but following Unit One, you will complete Sequence Thrce of the lab which sa more feetured installation, ‘Copytight ©2005 Rod Hat, Inc. Allright reserve. 2008-0008, i199 Unt 1 Page ¢Hardware Overview + Kernel Support * Core Support: CPU, Memory, Process Management, InterrupVException Handling etc. * Dynamically Loadable Kernel Modules * Device Drivers * Additional Functionality * User Mode Access to kemel facilities * System Calls and Signals * Filesystem Device Nodes * Network Interfaces letwork Interface Mediating acess to hardware is one of the primary roles of any operating system. ‘The Linux kernel provides cote facilities for accessing base components, such as the systems CPU, memory, console, and PCT bus. Usually, the detetion and configuration ofthese components is amma Suppor for peripheral devices is generally implemented through kemel device modules. ‘The kernel must coordinate low level resources among the various drivers suchas interupt lines IRQ), ipo, and more generalized iomapped memory and direct memory access. Most dove drivers can either be statically compiled imo the core kere! image, or implemented asa dynamically loaded Kernel module, Kemel modules may also offer additional funetionality such as Keel level packet filtering, a type of firewall, Tn Linux, asin Unix, kernel facilis ae accessed using what i alle user made access. Access kernel functions such as file and process creation are done by making system calls. Signals allow communication between running processes and can be sent by a user a process with the Kerel acting as the messenger. Access to most devices is achieved through filesystem device nodes, Utilities ean access devices ina uniform manner, Without knowing the device driver's implementation deals. In Uni. "everything is af exception to this rule is networking devices. They generally are not aeeessed through a device node but instead network interface" abstraction. Keep in mind thatthe creation ofthe Unix operating system predates networking by a decade, The one notable are acoessed thr [Copyright © 2008 Red Hat, Ine. 2005.03.08 ‘Aitrighs reserve. 419 Unit 1 Page SCPU and Memory ‘+ Seven Supported Architectures: x86, Itanium2, ‘AMD64/EME64T, S/390, zSeries, iSeries, pSeries + CPU support on x86 * Technical support for more than 2 physical CPUs only on AS variant (may use Hyper-Threading) *+ Up to 32 physical CPUs with SMP or hugemem kernel + Memory support on x86 * Technical support for more than 16 GB on AS or WS *+ Standard i686/athion kernel: 4 GB + SMP i686/athion kernel: 16 GB * hugemem SMP keme!: 64GB oo Fed Hat Enterprise Linux is available for the Intel x86, Intel itanium2, AMD64/EMG4T, IBM eServer Series, IBM eServer iSeries, IBM eServer pSeries, and IBM $/390 architectures, This manual, associated course, and the RHCT and RHCE certifications cover the Intel x86 architecture only ‘The official technical support provided by Red Hat wil vary depending on the variant of led Hat Enterprise Linux that you purchased. On the Intel x86 architecture, technical support for more than two physical CPUs is available only with the AS variant. The two physical CPUs may both use Hyper- ‘Threading Technology, allowing more than two logical processors. The standard kernel supports one processor. Both the smp and the hugemem kernels support up to 32 processors (logical Hyper- ‘Threaded processors do not count toward this number), ‘On the Intel x86 architecture, official technical suppor for more than 16 GB of RAM is available withthe AS and WS variants. The standard uniprocessor kernel supports up to 4 GB of RAM. The smp kernel is similar tothe bigmem kemel from RHEL 2.1. It includes PAE support and supports up to 16 GB of RAM. Due to limitations ofthe 32-bit architecture, a single process can only address 4 GB of that address ‘space. Furthermore, with these kernels only 3 GB aro avaliable as per process user space to the Program, as 1 GB is reserved for direct use by the kernel, ‘The new hugemem kernel supports up to 64 GB of RAM. In addition, almost the entre 4 GB address space is availabe to the program as user space. The kernel may also directly use a 4 GB memory space. However, this kernel will incur @ small amount of additional overhead when switching from user ‘space to kernel space. {Copyright ©2008 Red Hat, ne 2005-0308 ‘Ailrights reserved. i133 Unt 1 PagesPreparing to Install * Read the RELEASE-NOTES file on the first CD or at http:/www.redhat.com * Check Hardware Compatibility * Red Hat Supported Hardware List * Hardware certified by Red Hat '* Hardware compatible with Red Hat Linux * XFree86 supported video cards Release Notes ‘The RELEASE-NOTES file contains valuable information concerning your release of Red Hat Enterprise Linux. In addition, it will contain changes that you should be aware of from previous releases, It isa valuable resource ‘that should always be read prior to installing a new version of Red Hat Enterprise Linux. ‘The Red Hat Hardware Compatibility List “The Red Hat Hardware Compatibility ist, at hup/hardware redhat. comet, contains information about hardware that has been tested by Real Hit. Hardware on this list should be easily supported, and support for these devices is included with standard Red Hat support plans. ‘The XOrg Project Red Hat Enterprise Linux 4 ships withthe XOrg version 6.8 of the X Window System. The XOrg Project ‘maintains alist of currently supported video cards at htp/xorg.freedesKtop.org. Often configuration information for the newest video cards can be found a this sie Copyright © 2005 Red Hat, Ine. 2008-03-08 Alright reserved. -aH99 Unt + PageMultiboot Systems * Red Hat Enterprise Linux and the GRUB bootloader can coexist with other operating systems, including the following: * Windows NT/2000/XP/2003 * DOS, Windows 3.x/9x/ME * NetBSD, FreeBSD, and other open systems + Two major issues arise when implementing multiboot systems: + Partitioning and the boot process a rea 8 Partitioning Issues In order to un RHEL, itis necessary to create Linux swap and native partons. tis usually advisable to install the other operating systems fist, While RHEL wil not try to delete other operating systems, other ‘operating systems are nat always so courteous. When instaing the other operating system unpartiioned space must be loft or the Linux partons. ‘Sometimes another operating system already exists on a system and occupies al the avallable disk space, In these cases, there are two options: ‘Back up the existing operating system(s) and files, repartition the drive leaving space for RHEL, then reinstall the exsting operating system(s) fom the backup ‘Back up the existing operating systems) an fle, then use the thic-pary tool Partition Magic to resize the existing pattions to make space (he backup isa salely measure, and is nol required for the repartoning ts) Boot Process Issues 1. system wi be booting muliple operating systems it will need a boot loader that is capable of booting ‘mubiple operating systems. Boo! floppies are also an option, though nota particulary convenient one. In ‘eneral, boot process configuration falls into ane ol two categories: ‘GRUB isthe primary boot loader and wit launch Linux and other operating systems (or their boot loaders}: use this approach with DOS, Windows 3.x, Windows ME, and Windows, ‘ut/20000%P 2003, * Aboot loader euch as System Commander or NTLOA is aleady on the system and wil launch GRUB as a secondary bootloader ‘Copyright ©2005 Red Hat, ne 2008-0208 Allright reserved. HI99 Unit 1 Page 8Device Node Examples * Block Devices + /dev/hda - IDE drive * /dev/sda - SCSI Drive + /dev/£a0 - floppy drive * Character Devices + /dev/tty 0-6) - virtual consoles * /dev/st0 - SCSI tape drive + Symbolic links ao Block Devices hdfa-t] —1DE dives sd[a-z]* SCSI drives Fd [0-7] standard toppy dives md[0-21) software RAID metacicks Loop {0-15 } loopback devices ram[0-19] ramdisks Character Devices ety (0-31) vital consoles EeyS{0-9] + seria ports Ipf0-3] parallel ports null Infinite sink (the bit bucket} zero infinite source of er08 Tu]random sources ot random information [0-31] tramebuter devices Symbolic Links: /dev/edrom~-> /dev/hdia-t}, /dev/sdla~z}+ /dev/modem--> /dev/ttyS{0-9]+ /dev/pilot --> /dev/ttys{0-9]+ [Copyright © 2005 Red Ha, ne. ‘lights reserve.The RHEL Installer * First Stage Installer Images + diskboot . img - VFAT filesystem image for bootable media larger than a floppy * floppy installation is no longer supported * boot . iso ~ 1509660 bootable CD image * pxeboot directory * Second Stage Installer * graphical or textual * can be invoked in noprobe or Kickstart mode First Stage Installer There are three eferent versions ofthe frst stage installer available. Which method you choose depends on resoures available 1 you system and your network configuration. “The fit method, boot . {2 isa ISO3660 filesystem for use if you systems supports booting from a CD-ROM. ‘You might choose this option when do you nat wish perform CD based install ut you need to boot from a (CD. Booting from boot . 80 i the sme as passing the askmethod argument to the installer when booting from CD 1. You can create a bootable CD using the cdrecord command. For instance: cdrecord dev=/dev/ndc boot .iso “The second method, disitboot. mg, isa VRAT fleystem designed to be used with USB pendrives, or similar ‘media, This method requires that your BIOS suppor booting from a USB drive. You will need to use the dt command to move tis image to your media, For instance a < diekboot.ing > /dev/sda ‘The third method, Pre-boot Exccution Environment (PXE) provides fora diskless installa setting up a PXE environment ae in the file Jus /share/doc/sy=1imux-2.11 /pxelinux.doc. Further iseusion ofthe PXE method is beyond the scope ofthis couse. Second Stage Installer The second stage insalle, once located a loaded bythe frst stage, dives the remainder ofthe installation process Instructions for ‘Copyight ©2005 Re Hate 2005-0008 ‘Allright reserved it99 Unit + Page 10Installer Features * noprobe and Kickstart modes available + mediacheck tests media integrity + Multiple Interfaces: * Graphical + Starts X server and a GUI installer + Works with hard drive, CDROM, NFS installation + Graphical is the default * Text + Menu-based terminal interface + Works with all installation methods noprobe mod allows and requires complete contol over all instalation parameters. Kickstart mode permits automated installation ‘The praphical interface makes installation easy and intuitive. The graphical interface canbe stated in fowres ‘mode, which means it uses lower screen resolution settings forthe installation. ‘The text based installer supports al instalation methods, including PTP and HTTP. Its also useful when the installer has difficulty managing your display adapter. While this s uncommon, it can be parcuarly useful on laptops that have propictary display adapters Copyright © 2005 Red Hat, ne. 2005-0808 ‘Allright reserved. ‘4199 Unit 1 Page 8RHEL Installation Overview * Language, keyboard and mouse selection + Media selection if applicable * Disk partitioning * Bootloader configuration + Network and firewall configuration + Authentication setup + Package selection * X server configuration ‘The second tage fstller may ether be the newer graphical installation program or the traditional text-based one, ‘The firs three installation steps will sk you to select the installation language, keyboard and mouse type. Copyright © 2005 Red Hat, Ine. 2005-00-08, ‘antrignts reserves HI89 Unt «Page 12Partitioning Hard Drives * Hard drives are divided into partitions * Partitions normally contain file systems * Primary, extended, and logical partitions * The default filesystem type is ext3 * Multiple partitions may be assembled into a larger virtual partition: software RAID and LVM * Filesystems are accessed via a_ mount point, which is a designated directory in the file system hierarchy. oi) Ta aa rs Tg PF 9 OT Fa ye a Disks and partitions Disks are normally divided up into one or more partitions, each of which normally contains a file system, or swap space for virtual memory. This is useful because Fle systems on different partitions are independent from each ‘other. Ifone filesystem fills up, other file systems on the disk may still have space available (On the x86 architecture, there a Sundar disk partioning format which is used by most operating systems. The first four partitions on the disk are called primary panitions. If more than four partitions are needed, one ofthe primary partitions may be converted into a special extended parition that contains one or more logical partitions. {A primary partition ora logical partition may contain a filesystem or swap space. “Multiple partitions may be assembled into a single virtual partion by using advanced techniques. Software RAID is used to provide redundancy, improve performance, or reate partitions bigger than a single disk, Multiple partitions from different disks are assembled into a RAID device, a disk array which i treated like & normal partition. LLVM is used to assign one or more pattions oa volume group, which can be used to create virtual partitions called logical volumes. ‘These logical volumes are easier to resize than normal partitions, can have snapshots of ther state taken at a particular point in time, and have other special features. (Be careful to note that «logical volume and a logical partition are two diferent things.) The inverted te of the file system hierarchy is divided ino one oF more file systems which are stored on devices, A mount point isa designated directory inthe filesystem hierarchy that is used fo access a particular ile system, When a partion, RAID deviee, oF logical volume is associated with (“mounted on”) the mount point files and sirectores on that device's filesystem are accessible under that directory. ‘Copyright © 2005 Red He, ne. 2005.03-08 All eights reserve. ‘aH135 Unt 1 Page 13| Sample Partition Structure 2 ‘ovina Copyright ©2008 Re Het, ne. 2005.00.08 Alright reserve, 39 Unt Page 14Configuring File Systems + Must select mount points, partition sizes, and file system types in the installer * Can set up manually or automatically + There are many layouts which may be used + / must include /ete, /1ib, /bin, /sbin, /dev * Swap space is typically 2x physical RAM * Typical mount points: boot, /home, /usr, /var, /emp, /usx/local, /opt vo) Contiuring the He system eratehy tintin tie, et mast divide up your ks no prions of various size ney whether hss patton’ should be formated wih ile syter pial xt), weds sap space, oF ne kx RAID of LYM pation. fhe pan cota fle system. it mst ao be asigned a mount point You can have he nl stomaily make these desnons, you ca ake thet maul It yos bao somatic coe om, esl ane sm int inthe aon proces. You can ak review a iy the selena} fer be aller makes iy esos, Yo cm et whic ive ose orth tall, Yo ah a nae if teaser should delete al oxtng prion. dlt all Linx pritons fom previous neato of eve all existing prions ‘one (osing unallocated disk pace or no pron). You havea get dal of freedom ow you may menu cfg your esse hacky, You mut hve file lem movnied ‘ny. You ypicaly should havea ine The i i, bin, nd etre may ot bem carat eset st ep Re / Hest onthe se wll a es common to hve oot essen shou 1D Min size hf of he ko ol ks mes by he BIOS at oot ime eh ‘(be ere and parts of the Bot oad). This eps aod problems wih ll BIOS code. Oe inition on oa ett most Bot Toads eapest to De on ona disk parton o” RAID I die “The har etry hol ith change rue his as ols, he wal spo. and tenor Spe or satan pes fro Re Hat Network. iris oa septate pin st sul wbubly bea as 1 GH ire Depending om how mich stare yo chooke 9 nl As wil poly need etwccn 380 MB aS GB of spe. The Amp desany shonld havea devent ron of ce sce oF Feng es wren By pra, The st of ques ew Muni mebyts, Tae ‘oes nat tae account any space eed or personal se ils elated with RHEL ‘Copyright ©2005 Red Hat, In. 2005.05.08 ‘rights reserved. 99 Unit 1 Page 15Software RAID + Redundant Array of Inexpensive Disks ‘+ Multiple partitions on different disks combined into one RAID device * Fault tolerance, larger disk size, performance * Install-time RAID levels: * RAID 0: striping (no redundancy) * RAID 1: mirroring * RAID 5: striping with distributed parity Using software Ra RAID isan acronym for “Redundant Array of Inexpensive Disks”, With oftware RAID. the operating system combines ‘uliple RAID partons on diferent disks int a single RAID doves. (Lina als supponts hardware RAID using special isk conrller or exeral storage devices, These devices sally lok ike normal disks or disk partons tthe installer) “The installer allows you to setup oftware RAID devices. Yow first rete RAID garttions by eesting pation nomlly with a ile system type of "sofware RAID". Then you click the "RAID" button and crete a RAID device fom he RAID Partitions. Like orm pation ar the ascmbled RAID device you will nea to selec mount point anda fle system ‘ype, but you wil ako need to asign« RAID device nami suchas vim) and sect wht RAMD level to use. Each RAID. level has dfeent advantages and disadvantages. RAID levi called “striping” nd roquics at Test wo RAID pastitons, The resulking RAID device fa viral prition the sizeof al the member RAID partons ale together, RAID O allows cation of filesystems bigger than any one disk, and bas high performance for eads and writes, However, not uly redundant ara: any disk nthe RAID devie fail the file system on the RATD device is destroyed RAID level |i called "itoring" and who eguites wo RAID pattions. The resulting RAID device i vinwal partion the size of the smallest ofthe meinher RAID partitions. AMI RAID pains which sre member of the RAID device contain identical data. 1f any disk inthe RAID device fils the RAID device continues o function without losing dat, This is weft for fat tolerance, but i costly in tesms of diskspace. Performance or rads and writes is good. RAID levt Sis cle striping with patty ie RAID. this. RAID level allows creation of file systems bigger than any one disk. However, additions parity daa ako stored on the RAID device which cin be used to preserve fle system dita oven if single disk inthe RAID device fils, Therefore RAID S can survive single disk failures, bata the cost of some storage efcieney. Read performance is good, but wite performance is "an equies a least thee RAID pattitons ofthe sme sie. slower due tothe pany wate Copyright © 2005 Red Hat, in. 2005-0348 All rights reserved. FHSS Unt 1 Page 16| LVM: Logical Volume Manager + Manages storage on one or more partitions as virtual partitions, or logical volumes * Real partitions are physical volumes and are assigned to a volume group (a virtual disk) * Disk space in the volume group is divided into extents which are assigned to a logical volume * Easy to resize logical volumes * Add a physical volume to the volume group and assign the new extents to the logical volume wo» Introduction tothe Logical Volume Manager A logical volume manager may be used to create viral putin cle gical volumes fom one or more disk prions oF RAID devies. Each parttion, o phase! volun, i asianed ta virtual disk called a vine group. Mug phil ‘volumes may be asigned othe same volume group, and a volume group ay be partitioned into multiple logial volumes Each volume group divides it pool of disk spe into event of Mena size. The sizeof an exten is et for a particular volume group when that volume groups Fist created. Anexteat is typclly between | ME and 64 MB in size. Extens may ‘hen be assigned to anew or exising logical volume in he volume grovp. Curren. singe logical volume may contain st mou 6534 exten so larger extents alow large log volo, ‘Tre logical volume manager provides no redundancy by its. Ia single physical volume fal, ny logical volame which is assigned extents fom that volume wil ao fal LVM provides flexible disk management, For example its easier t ez logical volumes than isto resize normal disk Paritions. New physical volumes may he added to volume group or existing local volumes canbe reduced in sie, ‘roving additonal exten. Those extents en then be asigned to any logical volume inthe volume rou. The fe sem ‘on the logical volume being resized must also support resizing, The sandr ext ile ystom curently supports ofF ine resizing To create logical volume in she installer, you fist msc create normal disk pion with filesystem type of “physical volume (LVM)", Then lick te "LVM" bution to ceate a new volume group. Give the volume group a name and $e the ‘extent size. Then rete the new logical volume, assigning a logical volume name, mount pont ile system type and size Copyright © 2008 Red Ha, ne. 2008-02-08 {Alleights reserve II33 Unit 1 Page 17Network Configuration * Can configure each NIC independently + DHCP or static IP configuration * Determine if automatically activated on boot oo ‘There are several options available when configuring nework interface cards under RHEL, and each card can be configured individually. You may choose between manually assigning an IP address or having the system contact a DHCP server at startup for its network configuration. You may also sleet whether or not the interface should be automatically activated at boot cme ‘Copyright © 2005 Red Hat, ne. 2005-0348 Allrights reserved. -H38 Unit 1 Page 18Firewall Setup * Installer can set up a kernel mode stateful packet filter * Choice of two settings: "Enabled" and “No Firewall" * "Trusted Devices” can bypass the firewall * Can allow access to arbitrary services ‘The installer will now prompt you to select a default Firewall configuration for your local machine. This enables you to block remote machines from accessing network services on your machin. ‘You will be presented with two choices forthe Firewall, “Enable firewall” and "No Firewall “Trusted Devices” allows you to select certain network interfaces as "trusted", Al network traffic from a trusted evice will bypass the firewall ‘Allow Incoming” allows you Jet remote machines acess particular services through the firewall, Some ‘common services are listed. You may specify additional services wo allow in the "Other" dialog box. This box takes a series of por:protacol pairs separated by commas. For "por" you may use either the name from / ‘services othe port number For example, both imapstep and S17-udp are acceptable definitions Firewall rues are writen to Jetchysconfigiptables and invoked at boot up by the /etete init. dptables sri. ‘Copyright © 2005 Rea Hat, ne 2008-05-08 Aileghts reserves 11199 Unit 1 Page 19Security Enhanced Linux + Access control determines what actions processes can perform on what objects * Discretionary Access Control (traditional Linux) * Users control permissions on objects ‘+ Mandatory Access Control (SELinux) + System policy restricts permissions which can be granted a ‘Access control mechanisms enforce security restrictions. They control what rights processes have to access ‘objects like fils, directories, and network sockets. Linux traditionally leaves control over permissions to the ‘owner of an objector to r00t. ‘SELinux introduces Mandatory Access Control to Linux. With MAC, the system administrator can create & ‘mandatory policy that limits what access a panieular process may be granted to an abject. Processes run in & domain, and objects are assigned types. A particular domain may have access to an object limited or dened based ‘on that object's SELinux type. In addition, normal access permissions sill apply. ‘The mandatory policy even applies to processes running as the root user. Ifa process owned by roots not running in a domain that has access toa file of a particular SELinux type, SELinux may stil deny access. Once a process starts running in 2 particular domain, the poliey may restrit it from changing toa different domain that would have accesso the file or ater abject. Its possible to carefully confine network services to limit the effects of a compromise, even if the service i runing as root ‘Copyright © 2005 Re Hat, nc. 2005.03.08 Aileights reserved, H33 Unit 1 Page 20,| SELinux Installation Options * Installation options: * Disabled + Warn (Permissive) * Active (default) (Enforcing) During installation, SELinux is automaticaly act three options to choose from = Disabled: This turns enforc clfcient way of running your machine, but less secur ated, Tis is done onthe same sereen as fiewalling. There are off, which means that labeling and domains are not setup. This isthe most ~ Wam: This option sets up policies and logging. so you can monitor what is happening inthe machine, without actually running SELinux. This enables the possibility of writing new rules fr testing purposes ~ Active: SELinux is now enforced, but it wil only affect certain daemons, When active is chosen, select demons willbe confined by SELinux permissions To change between enforcing and permissive mode, you can do that either at boot time, at runtime or You can make it permanent + During boot, add “enforcing to the kemel ine to urn on, “enforeing=0" tums it of, ~ Atrun time“ force 1" wens SELinux into enforcing mode, "setenforce O° tums it permissive, = To make it permanent either elit Gl the Kernel fine 0 you choose the right option, UB or yscontig fhoot/grublgrub conf: elt the file and add “enforeing=1" to 0° wmns it off OR Jetelsysconfigiselinux this file is well documented to help on, “enforcing To fine tune your security settings, you can also use “system-config-securiylevel Copyright © 2005 Re Ht, nc. 2008-0208 Ailrights reserved. ‘RH33 Unit 1 Page 2Package Selection + Package Selection * universally everything”) + by predefined components + defined in RedHat /base/comps xm) * Individually Decisions about what software to install ate not crucial as packages can always be installed Tater using the rpm fai Copyright ©2005 Red Hat, Ine. Alleights reserved. 2005.03.08 i133 Unit 1 Page 22Validating the Installation * Virtual consoles during installation * Post-boot validation * dmesg and /var/log/dmesg * /var/log/messages + /root /install log + GRUB drops to a prompt if there is a problem loading files Five vial consoles are provided during the installation process. The consoles ean be accessed using AIC through AILFS, In order to exit the graphical installer and view these consoles it is necessary to hold down both (Cx and Al ‘+ Alc: The installer program in text mode + AlcF2: A bash shell Second stage installer only) + Ate 3: A log of installer messages + AlcF4: A tog of kernel messag + AlecFS: stdout from mke2fe and grub commands + AleF7: The installer program in graphical mode ‘After installation is complete and upon rebooting the system, there ae several places that ean be checked for intllation and configuration information, Default Log files + Naflog/dmesg: contents of the kernel butfer atthe end of fete dre sysinit ‘Narflog/messages: output from the syslogd system logging daemon + Froovins.al Jog: logging information from the installer program CCopyeight ©2005 Red Hat, Ine. 2005-00-08 Allright reserved. 199 Unit 1 Page 23noprobe Mode and Driver Disks * Method for supporting hardware newer than the install program * Used at install time for less common hardware * Prompt for Driver Disk * When run in noprobe mode * When started with: linux dd * When no PCI devices are detected ws ‘The Need for noprobe Mode noprobe mode les you manually specify which drivers to ty and load. Additionally, noprobe mode allows you topass parameters to drivers such as IRQ andl VO port. This is quite useful for hardware configured to use non standard resources Uses for Driver Disks A diver disk adds suppor for hardware that isnot otherwise supported by the installation program. The driver isk could be produced by Red Hat it could bea disk you make yourself, or it could be a disk that a hardware ‘vendor includes with apiece of hardvare, Red Hat provides fou diferent driver disks with RHEL. all of which ‘may be found on binary CD I fimages: hootdsk.img drublock img, devnet.img, pemeiadimg. ‘There is really no nee to use a driver disk unless you need a particular device in onder to install RHEL. You will most likely use a driver disk for SCSI adapters and NICs and PCMCIA devices, as those are really the only ‘vices which are used during the installation that might require driver dik support I an unsupported device is, ‘not needed to install RHEL. on your system, continue with a regular instalation and then add support forthe new piece of hardware once the installation is complete Obtaining a driver disk "Your best option fo Finding driver disk information ison Red Hat's website at Inpiltwwredha.convsupporverrata unde the section called Bug Fixes If you find a driver dik that is appropriate for your device support needs, create boot disk using that file. Once {you have ereated your driver disk, boot your system using the diskete as aboot disk and enter either Tina. oprobe or linux dd at the boot: prom. Copyright © 2005 ed Hat, ne. 2005-09-08 Allrights reserve. 199 Unit 1 Page 24Post-Install Configuration + Setup Agent (firstboot) * Configure X Window System if necessary * Set date and time * Register with Red Hat Network and get updated RPMs * Install additional RPMs or Red Hat documentation from CDROM + Setup users + system-config-* configuration tools Often one may want to change one or more ofthe configuration opcions selected at install ime. One reason might ‘be the addition of new hardware to the system, RHEL includes uilities to modify nearly all options chosen at install ime, setup ‘The setup utility isa console-base front end toa numberof configuration utilities. These utilities can also be un died system-contige® ‘There are many configuration tools provided by Red Hat whose commands all start withthe string system config. Several examples of tools inthis suite would be: system-contig-display system-config-printer-(gui system-config-date firstboot RHEL also nan a graphical program called firsthoot ifthe system is booted into run-level 5 after the installation firstboot offers several configuration Functions suchas setting the date and ime, installing additional software, or registering for Red Hat Network ‘Copyright © 2005 Red Hat, ne 2005.09.08, [Allrgnts reserved ‘129 Unit 1 Page 25Red Hat Training Lab Procedures RHI33 Lab 1 Hardware and installation Lab1 Hardware and Installation ‘Sequence 1: Preparing the Computer Task Boot you system with tho Red Hat Enterprise Linux CD (disk 1) in the CDROM arive, Enier the BIOS setup during boot ~ ask your instructor you are ot sure how todo this ‘Set your system's boot order o A, CDROM, C. Medity any other setings as recommended by the instructor ‘Save and exit the BIOS setup. roe ss reat ne 1015 vee setteeRed Hat Training Lab Procedures RHI33 Lab 1 Hardware and installation Lab1 Hardware and Installation ‘Sequence 1: Preparing the Computer Task Boot you system with tho Red Hat Enterprise Linux CD (disk 1) in the CDROM arive, Enier the BIOS setup during boot ~ ask your instructor you are ot sure how todo this ‘Set your system's boot order o A, CDROM, C. Medity any other setings as recommended by the instructor ‘Save and exit the BIOS setup. roe ss reat ne 1015 vee setteeFed Hat Training Lab Procedures RHNIS3 Lab Hardware and installation ‘Sequence 2: Installing Red Hat Enterprise Linux in Graphical Mode Tasks: Installation STEP-BY-STEP 1. Bootup system using CO. 2. ress Entor athe boot promt 9. Choose the appropriate language (English, 4. ress enter onthe OK promet 5. Choose the appropriate Keyboard (US). Press entron the OK prompt. 7. Choose NFS image forthe instalation method 18. Coniguro TOPHIP. Select Use dynamic IP configuration (BOOTP/DHCP) 9. Press enter on the OK prompt. 10. Enlr the appropriate information for an NFS installation NFS method: NFS server name: 102.168.0254 [NFS mount point: vatpipub 11. Athis point Anaconda (he installer) wil retrieve the necessary installation image and wil prebe the systom forts ‘monitor and mouse type and wil finaly presen! you vith the welcome screen. Click Next 12, Choose the appropiate mouse for your system (ask the instructor i you need assistance). Ciek Next 13, Manually partion your system using 4 civ a. using the folowing paritoning scheme (dele any pre-existing? partion): Poot 100% 7 400% jose 1256" wap 512M Mote: wap Lae File svetem type not a Mowat Foine 14, Format allpariions, but do NOT check for bad blocks unless you wish to spend hours on this lab cor tit 2015 vcs caeFed Het Training Lab Procedures HI33 Lab 1 Hardware and installation 15. Use the default Boot Loader setings unless the instructor advises othenvise; do not create a Boot Loader password 18. Choose DHP for networking and activate on boot 17, Choose enable Firwalland alow ssh. Leave SELinux athe default state Active 18. Salectihe appropiate language support 18. Settho tme zone as appropriate for you location: implement UTC ifthe insrutor suggest it 20, Set the root password to redhat. (is nol a good password, but please use itanyway) 21, Select Customize he set of packages tobe installed and cick Nox 22, Unselect ALL selections excent the X Window System and lick Next We wil be dolng @ more complete instalation Inthe nxt par ofthe ib, s0 we want to keep ths fist instaliation lean. NOTE: The total install size should be approximately 1062MB. Ifit's lager you have not unselected ll packages 23, You should now be at the About o Insta screen. Ck Nextto begin, 24, Track the progress of flesystem formating by svitching to crys (cee1-A1e-P willake you tere; ALC -=7 wil retum you tothe instar) 25, Aer the reboot folowing the installation, complete the intial sat up tol, donot register the machine with Red Hat Network. Select "Tall Me Why’ followed by "Romind Me Later ‘Once you have completed the instalation and the newlynstalld system has booted, login as reot and examine the folowing “Tis lean instalation provides the spartan tw window manager. Inthe next sequence, you willinstal packages that wil provide more functionality and a more alracwe envionment cornet 3ot5, vee nanFed Hat Training Lab Procedures RHI93 Lab 1 Hardware and installation ‘Sequence 3: Installing Red Hat Enterprise Linux in Text Mode Tasks: Now that you have fully functional Red Hat Enterprise Linux system, itis time to break lt and stat over. Before you break t, make sure you have a copy of ed #1 from the install cd set or see your instructor fora copy ofthe appropriate boot media required fo do insalations inthe classroom. Nex, trash your system and reboot using the folowing command that corresponds to your hardware (IDE or SCSI) eat /var/loa/messages > /dev/hda: reboot cat /var/log/messages > /dev/sda; reboot (Once the system goes down inserted #1 or boot media provided by he instructor and when it comes back up, perform an installation according othe following guidelines. (Note: Because you have overmrten the standard patton table, the installer wil warn you that could nat find a suitable partion table, and that it must be inalized) Installation STEP-BY-STEP 1. Bootup sytem using CD. 2. Typelinux txt al the boot: promp. 3. Choose the appropiate language (English). 4 Press enter onthe OK prompt 5. Choose the appropriate keyboard (US). 6. Press enor onthe OK prompt 7. Choose the appropiate instalation method (FTP or HTTP): 8. Configue TCPIIP. Select “Use dynamic IP configuration (BOOTP/DHCP)” 8, Press enter onthe OK prompt. 10. Enter the appropriate information for an FTP or HTTP instalation: FTP method: FTP site name: 192.168.0.254 Fed Hat Directory: pub! HTTP method: Web site name: server! example.com ed Hat directory: publRe Hat Training Lab Procedures i129 Lab 1 Hardware and installation 11, Albis poet Anaconds (he ntl) wit tov the necessary installation inage and wl probe the aystom forts ‘monitor and mouse type and wl aly present you with the welcome screen 12, Choose te appropiate mouse or your system ask he nsructr if you need assistance). Clk Next 13, Parton your systom using skews. using he flowing partoning scheme (delet any pre-enlsting patton) 20000 / 5126 (ewsp) totes swap tea Fise Syston type not a pount Point "4. Boot loader, timezone, graphics, an! trewall shou follow the defauts unless you ar instructed to do oherwse 18. Choose Disable Firewal ard Active tor the SELinux setting, 16. Sethe language as aopropsate 17, Sotiho root password o redhat 16, Insta he detaut packages, Note: is erica that yu fotow guidance here forthe partioning scheme ese some ofthe allow on exercises may [roaice unexpected ests, imate sors cmsUNIT 2 System Initialization and Services Copyright © 2005 Red Hat, Ine. Alltghts reserved. 2005-09-08 R99 Unit? Page 1UNIT 2: Objectives + Upon completion of this unit you should be able to: * Describe BIOS functions with respect to the boot process + Describe the functions of and configure the boot loader * List the functions performed by the kernel during boot «State the functions of init. + Use inittab to configure init * List and describe the System V run levels + Configure init scripts manually and with tools » Shutdown and reboot a system into any run level, ve Copyright © 2005 Red Ht, Ine. 2005-0300, ‘Alrights reserves II39 Unt 2 Page 2UNIT 2: Agenda BIOS boot time responsibilities bootloader responsibilities kernel boot time responsibilities init boot time responsibilities System V run levels Boot scripts Shutdown and reboot ‘Copyeight © 2005 Fo Hot, ie 2005-03-08, Allright reserve, 133 Unit? Page 3Boot Sequence Overview BIOS Initialization Boot Loader Kernel initialization init starts and enters desired run level by executing « /etc/rc.d/re.sysinit # sete/re.a/re and /etc/re.a/re?.a/ # /ete/rc.d/re.1ocal ‘+ X Display Manager if appropriate Each major step in a Linux systems boot sequence - BIOS initialization, Boot loader, kernel initiation, and 3.7.4 startup - is covered inthe upcoming pages. ‘Copyright ©2005 Red Ht, ne. 2005-0008 ‘Allright reserved. ‘RM39 Unit 2 Page 4BIOS Initialization * Peripherals detected * Boot device selected * First sector of boot device read and executed BIOs Starting the boot process The BIOS (Basic InpuyOutput System) isthe interface between the hardware and software ‘ona very basic level. The BIOS provides the hase st of instructions used by the operating system. A successful boot depends onthe BIOS, whic in fact provides the Towest level of Imterface to peripheral devices and controls The BIOS wil first an a power on self test (POST), then it wll 1ook for peripherals and a {vice to boot from. The hardware configuration information is permanently stored in a small area (usually 64 bytes) of CMOS (Complementary Mctal Oxide Semiconductor), ‘most commonly referred to as simply “the CMOS." The CMOS is powered by a small battery located in your motherboard, This batery allows the CMOS to retain its settings leven when the computers tuned off and disconnected from power, tthe end ofthe POST, a hoot device is selected from the list of detected boot devices. ‘Any modern BIOS will allow you to set the desired onder of preference fr the hoot device from a ist, Boot devices could inlude: the Moppy drive, hard drive, CDROM, network: interface, Zip drive or other removable media), ‘The BIOS reads and executes the frst physical sector ofthe chosen boot media on the system, Usually this is cootained in the first 512 bytes ofthe bard disk ‘Copyright© 2005 Fed Hat, ne. 2008-00.08 Allright reserved. H39 Unit2 PagesBoot Loader Components * Boot Loader * Ist Stage - small, resides in MBR or boot sector * 2nd Stage - loaded from boot partition ‘+ Minimum specifications for Linux: + Label, kernel location, OS root filesystem and location of the initial ramdisk (initrd) * Minimum specification for other OS: * boot device, label af The boot loaders responsible for loading ad stating your Linux eperating sytem (ox posbly oer operating systems) ‘The boo loader is generally invoked none of to wa: + BOS pases contol toan inal program loader (PL) inl wih a dve's Maser Boot Resor + BIOS pases conto to another bot oder, which pases contol 0 a IPL installed within a pation's hot sector, In eter cise the TPL ntl program fader) must exis within avery smal pace, no larger than 446 tes. Therefore the TPL for GRUB ie mee afi stage, whose ol tsk ola an lod 9 son stags hoot aaer, which Jos mos oft ‘woth to boot he sys ‘There ae wo posible ways o congue boot leads “+ primary bot loader: Install te fst stage of your Linux bt loader no the Master oot Record. The bootloader us be confgued fo pass contol o anyother dosed operating ste. 1+ secondary boot loner: Intl the ist stage of your Liaw hoot loader it the boot eto of some parton. Aver boioder must be installed into the MB, an configured opus onto to your Linx bon leader ‘Copyright ©2005 Red Hat, ne 2005-0008 ‘arvan eserea HI99 Unt? PagesGRUB and grub. conf GRUB - the GRand Unified Bootloader Command-line interface available at boot prompt * Boot from ext2/ext3, ReiserFS, JFS, FAT, FFS filesystems « Supports MDS password protection » /boot/grub/grub.conf * Changes to grub. cont take effect immediately + If MBR on /dev/nda is corrupted, reinstall the first stage bootloader with: * fabin/arubinetell /dev/ide gy The RHEL installer provides the GRUB hoot louder, GRUB (the GRand Unified Boot-Foader) feoot /arub/grua.cont has format of global options followed hy bot sans. ete ia sample grub. cone timeouts Seconds before booting default image splashinage=(hd0, 0) /grub/splash xpm. a2 Splash seven o display at boot, pasaword mds $15/1xaysBkayesTeRarZscrN Enrypted pasword for CLT Serauie=0 “the frst stress 0) the deft Pitle Red Hat Enterprise Linu AS (2.6.9°648 1) Tbe for sana 0 root (ha, 1) “Files std below aren {hA0, 2) device kernel /vmlinu2-2.6.9-648.8h ra root=/dew/VolGroup00/togvo100 rhgb quiet * Kermel mage and roe filesystem nied /nitra-2.6.9-688.8L. ing “Ina RAM disk Toa title Windows xP Pro Label forstanza rootneverify (ha0,0) Roots (40, 1), do't mount in GRUB, chainioader +2 Boot fom fest sector of (20,0) Changes io. ge ub. CONF uke effet immediatly. GRUB reads the configuration fle t boot ine so the ‘grub.cont file mus be sored on filesystem GRUB undersiands. These include xtien3, eisers, PAT, mini, and FS. If for some reason your MBR becomes coraped and you ned 1o reinstall GRUB, you can do s0 with the command /sbin/grub-inetatl ‘Occasionally it may prove necessty for the wert st up grub manually, IF grins fal for some reaon try the following |Liypethe command grub and press ener 2iype root (hd0, 0) Ligpe setup (had) Aypeavit copyright © 2008 Rea Hat, ne as-o308 ‘llrightsreserved. it99 Unit 2 Page 7Starting the Boot Process: GRUB * Image selection * Select with space followed by up/down arrows on the boot splash screen * Argument passing * Change an existing stanza in menu editing mode ‘+ Issue boot commands interactively on the GRUB ‘command line ‘The GRUB Boot Seren ‘When GRUB stints up, graphical plan sen can be accessed hy pressing or . This screen has ait ‘men entries, orally bootable images. You can select tween the diferent images with the wp and down aow kes, tnd pres to eet pil entry for bot. you want to pass argument to boot images through mens iting mode ar access the GRUB comma ie, anda GRUB pasword ie et, youl need o type P followed by your GRUB password ‘Menu Eating Mode you ten select an ery and type ©, youl be dropped nto mens eng mede, ‘This mode allows you to modiy an exiting boot tz to pass osons othe Kemel or Jin o see alte rot filesystems or Kerel ils than you have configured in your existing stanzas. You can use row keys to slet ane, © 10 eit ine, Go delete a ine, 00 add ine, and to boot, For example, to boot no unleve!2, yu could selet mens editing made, select your Linux Bot sama, adda 20 the fend of your Kezine] line, and type Do boot the modified menu ent. “The GRUB Command Line GRUB provides command-sineiterfce which can he wsed 10 wee a empoary boot command om Src, view the ‘contents of ils onthe filesystem, perform dgnosti tess oF experiment with GRUB configurations, Mos commands ‘supported hy the configuration file are wail for nerastive se. Editing command are simi to has se bythe ‘bash shell nd completion iaviabe, GRUB is notable w find avaid Grub. Con fet will default to the coma line ‘Toexit menu editing moe othe command ine and go back othe main GRUB mena, ype . For moc information sbout GRUB and Grub. conflookat info grub. ‘Copyright © 2005 Red Hat, ne. 2005-0808, ‘Altighte reserves 33 Unt 2 PagesKernel Initialization ‘+ Kernel boot time functions, * Device detection * Device driver initialization * Mounts root filesystem read only '* Loads initial process (init ) vgn tonrtespaeenn pnp en tte seem one oar boone ‘Bxamining kernel initialization ‘Although they generate good output, the kere! initialization activities take place so quickly that if you don't watch carefully during boot, you may miss them. A good way to "freeze time" and examine this output ito view /var/1og/dmesg, which contains a snapshot ofthese kemel messages taken just after conteo is pased to int, Review of this ouput will reveal the basic initialization steps ofthe Linux kernel: Device divers compiled ito the kere! are called, and will attempt to locate their corresponding devices. If successful in locating the device, the driver wil inialize and usually log output tothe kernel message bulfer. essential (needed for boot) drivers have been compile as modules instead of into the kere, then they must be included in an int climage, whichis then temporarily ‘mounted by the Kernel on a RAM disk to make the modules available forthe inilization process ‘Afterall the essential drivers ar loaded, the kernel will mount the rot filesystem read-only. ‘The first process is then loaded (0) and control is passed from the kernel to that process ‘Copyright ©2008 Red Hat, ne 2008-0008 Al rights rosarve, 39 Uni 2 Pose!init Initialization © init reads its config: /etc/inittab « initial run level ‘+ system initialization scripts + run level specific script directories «trap certain key sequences ‘+ define UPS power fail /restore scripts ‘+ spawn gettys on virtual consoles « initialize X in run level 5 a inde, Amdt isthe paren ofall processes. This is easily shown by eunsing the pst ree ‘commane: $ pstree init-+-apmd J-ata J-automount I-erond-~-crond J-deskguide_apple |-gdm-#-X 1 -gdm---gnome-session Because init isthe first process it will ways have a PID of number 1 Thefile /etC/inittab contains the informatio onhow NE should set up the ‘system in every run Ive as well asthe runlevel to use as default Ihe /etC/init Cab file is missing or seriously corp, you will not beable to ‘boot oto any ofthe standard runlevel (0.6) and wil need use single or emergency mode instead, Ths procedure is discussed in depth in Unit 10 ofthis course Copyright ©2005 Red Het, ne 2005.00 ‘Airigmte reser aia unit 2 PageRun levels * init defines run levels 0-6, S, emergency + The run level is selected by either * the default in /ete/inittab at boot * passing an argument from the boot loader + running init 2 after boot (where x is the desired run level) © Show current and previous run levels, « /sbin/runlevel ‘The following chart deals the run levels that Linux defines by defaulk Ron Level _| bffect, ° Halt Donor set ini tdefaudeis) Ls, Single-user modes (Only the root use canbe logged on. Used t perform emergency] Maintenance) 2 ‘Multi-user, eithout NFS networking 3 Full multiuser mode. (Includes networking) 4 Use definable, but duplicate of runlevel 3 by default 5 XI (nchades networking) 6 Rohoot (Do Nor Setinide alt 0 this) ‘The initdefault lineinthefile /etc/inittab controls the default run level after the system is started. ts format eas follows id:x:initdefault: where X- is the run level desired after the system is started Run levels (7-9) are also valid, though undefined and not really documented. This is because "uaditional” UNIX variants dont use them, MW inittab does not ave default nn level selected the system will attempt t boot to run level 9 which is undefined. ‘Copyright © 2005 Fe Hat, ne 7008-00-08 ‘Airights reserved. 33 Unlt2 Page tt/etc/re.d/re.sysinit © Important tasks include: «+ Activate udev and eelinux + Sets kernel parameters in /ete/eysct1.cont + Sets the system clock * Loads keymaps Enables swap parttions Sets hostname Root filesystem check and remount Activate RAID and LVM devices Enable disk quotas CCheck and mount other filesystems ‘Cleans up stale locks and PID files oo: 1y 8 in Lt - System Initialization Tasks, When £e. SYS nt first stats it prompts you to press the letter" if you want enter Jimerstive mode. In interactive mode, it will prompt you for confirmation before performing most ofits functions. The script is straightforward in layout, and well documented, so for ‘editonal details simply look atthe sevipt source diet ‘Copyright © 2008 Fed Hat Ine. 2005-09-08 Allright reserved/etc/re.d/re ‘* Initializes the default run level per the /etc/inittab file initdefault line such as ait: /ete/re.a/re rwait: /ete/re.d/rc Jete/re.a/re Jete/re.a/re s/ete/re.a/re ait: /ete/re.a/re 16:6:wait: /ete/re.a/re <~ (run level 3) ‘re - System Initialization Tasks, The 1c script initializes the intended run level as defined by the inital ine inthe /ove/ init tab and itis responsible for starting/stopping services when the runlevel changes. ‘Copyright ©2005 Red 2005-00-06 ‘rights reserved. 199 Unit 2 Page 13Daemon Processes + Adaemon process is a program that is run in the background, providing some system service * Two types of daemons: * standalone © Transient - controlled by the "super-daemon” xineta Whats daemon? ‘Ona Linx system, some processes stata oot ime and contin running unl he stem is ‘powered down or uni you execute a 11. command. These processes typically provide rome specifi anton suchas serving web pgs, sharing pri ques, or processing login requests In the UNIX world hes yes of proceses ar ale daemons, pronounced “Seen” ayo A demon proces run in he background, waiting for events to Rappen, Whe the daemon receives ‘request ypiily it forks a copy of el w proces the request. Meanwhile the “parent ges back. {0 wang forthe ext event or roqust “The Apuehe webserver a example ofa demon sans renning when the system fs boots, nd remains in memory servicing requests fr web pages uti the system is shut own, othe EE Pal scmon is manually stopped “Types of daemons aemons maybe stad up in x numberof ways, “Standone” demons ae programs that un all ‘he time and are stared up either divecly by Init (suchas mingexty and gdm orby a staup scriptunder /eCC/¢. cL “Transient daemons ae only stated wp when they node, are contro by 8 standalone daemon called 34 '& Gk. Suadalone daemons cn be wed more quik, bu tke wp space in memory aed CPU cycles al te tie, whether or no theyre actively bing sed Typically, a dacton process nol connected toa TTY, 20s shown ina PS report with a TTY of "2", From is, you may ao recognize processes which are managed by daemons, s they to wil shows "2 inthe TTY fl ‘Copyright © 2008 Red Hat, nc. 2005-09-00 ‘Allright oborve, 133 Unit2 Page 14System V run levels * Run level defines which services to start + Each run level has a corresponding directory: + fete/re.4/zcx.4 ‘* The System V init scripts reside in: + /ete/re.d/init.d + Symbolic links in the run level directories call the init.d scripts with a start or stop argument “The byt change rn el aloes cy na tochunge nu levels, The it tach te sysem series at se inthe /ete/Pe. d/and ek $e ot fete/re ayia f to <1 /ote/rova/s03.4 rwarennen 1 root Fost naspend >. /Anie aon ‘Copyright ©2008 Red Ht, ne 2005.03.08 ‘Allright reserve. 33 Unit 2 Page 15/etc/re.d/re.local + Run after the run level specific scripts ‘+ Common place for custom modification + In most cases itis recommended that you create a System V init script in * /ete/re.d/init.d unless the service you are starting is so trivial it doesn't warrant it. Existing scripts can be used as a starting point. re-local -Final System V Initialization Because the £C. 1OCA script is run each time the system enters a un level, tis a convenient pace to start processes that need to be running, ‘Copyright © 2005 Red Hat, ne 2005-0300 A rights reserve. He Unt? Page 18Virtual Consoles Muttiple independent VT100-like terminals Defined in /etc/inittab Accessed with ctr1-alt-F_key from an X session /dev/ttyn: virtual console n /devitty0: the current virtual console Default Red Hat Enterprise Linux configuration: + 12 consoles defined + consoles 1-6 accept logins + X server starts on first available console, usually 7 vs RHEL provides multiple VTIO-ke terminals accessible via the /clev/EEYA devices, Users may sich fom ove console oanotber using an AT ~funct Lon_Key sequence. The ALE — LeftArrow wd Alt -RightArrow keyscan ako be used to yce thro consoles. Shift-PageUp ani Shift-PageDown provide srolhick buffer browsing, although this baer is cleared when changing consoles. By desu the Ld processrepunm MINGELEY processes fr the fs ix vinual consoles, allowing sx independent login sessions. This is specified hy /etc/ ini t tab. When an X server ety? iste, ataces to the fr aailble viral console, generaly Because the Alt Funct Jon_key sequence is common within X, an addtional CEPT Key sequence his been adel: Ctr 1-Alt-Function Key is requited switch out of an X session oa text based conse, Itsalko powsle 1 site om gne vial console another by rely, a the following example: /var/log/messages > Wien miagety displays the cotens af /et C/1 5826, it expands cena escape sequences that may appear in ht file. Soothe mingeety (3} man page fr dolls 2005-0008 93 Unit 2 Page 17 [Copyright © 2005 Red Hat, nc ‘Alright reserved.Controlling Services * Utilities to control default service startup + systen-config-services: graphical utility that requires an X interface + nteyav: ncurses based utility usable in vital consoles + chkconfig’ a fast, versatile command line utlity that works well and is usable with scripts and Kickstart installations * Utilities to control services manually + service: immediately start or stop a standalone service + chkcont ig immediately starts and stops xineta- managed services a inde sevral wie ht ait the managment of sah ac crn a sedi, Re a Erie Li Sytem ¥ ain + enxcomet command inc ay, Whon pasot ihe Dit swith diay st of yo or ff a a eve, Srp can be mange at cack upleelwithe 2 and OFF ChKCONSIg drecves. The ~-1EVE] optoncanbe System V scp aad wheter each sccept the rpmens Stat, S€OP, Festart, reload. condrestart.anl seinetd-mannged verve sonny configure ono off. Stndalon services won ot ‘Copyright ©2005 Red Hat, Ine. 2005.08.08 Allright reserve. iY99 Unit 2 Page 18| System Shutdown * Shutting down the system + shutdown -h now o halt + poweroft o inte o Copyright © 2008 Re Hat ne 05-0000 ‘gh reserie, i193 U2 Page 19System Reboot * Rebooting rarely fixes problems in Linux * If you feel a reboot is necessary try bringing the system down to runlevel 1 and then back up to runlevel 3 or 5. This is much faster than a reboot. + Rebooting the system + shutdown ~r now + reboot + init 6 red = Rebooting Inthe even tat you need wo bout your RHEL system there a afew opions available Invoking shut down 2 mew ellsthespsemto shutdown and wet, reboot does exactly what itsays, inte 6 Issuing tis como tls the system 19 switch un eve 6, which reboot. You cam also reboot by presing Ctr] +31E+DeI ata virwal console, The standard Red Hat Linas Jetc/inittab binds this keystroke combinaionwo shutdown -t3 -r now. ‘Copyright ©2005 Rea Ma, ne 2005-03-08 Allright reserved. -aH38 Unt 2End of Unit 2 * Questions and answers * Summary + What functions does the kernel perform at boot? © What are the System V run levels? © What commands can you use for shutting down and rebooting? Important es covered inthis Unit: fete/re.d/ze Important commands covered inthis Unit: mingetey shutdoun reboot hait poweroft chkcontig ntsysv redhat-config-services Copyright ©2005 Red Hat, In. 2005-05-08 Birights reserved 193 Unit 2 Page 24Red Hat Training Lab Procedures RH139 Lab 2 Managing Startup Unit 2 Lab Managing Startup Estimated Duration: 30 minutes Goal: To build skills customizing system services Setup at Start; A Red Hat Enterprise Linux System Situation: Your company has decided that security is a concem and would therefore like you to disable certain services that might pose a security risk. You also want to setup a login banner to ‘warn away" potential intruders. cio si Lots ees sensoRed Hat Training Lab Procedures RHI33 Lab 2 Managing Startup ‘Sequence 1: Disabling services with chkcontig ‘SconariovStory: ‘You have decided to disable unneoded services on your machine. Tasks: 1, Ue chkconfig to vow the sats ofthe stem series chkconfig --list 2, Following the cxample below we Chk CONE ig totum off isdn nal runlevel chkconfig --del 3. Using chiecont g's symx information displayed with chkcon fig --he2p, tum off service Yeudzu in aplevels 3 and 5 only. 4. Observe the differences between on and =~acld, andbetween Off and -~cle] using the following commands: chkconfig isdn --list chkconfig isdn on chkconfig isdn --list chkconfig isdn off chkconfig isdn ~-list chkconfig isda --del chkconfig isdn —list chkconfig isdn ~-add ehkconfig isdn ~-1ist 5. Use chkcont ig to view the saws ofthe system services and to verify your changes. Deliverable: ‘A machine with several default services disabled ont 203 Feat 2085. res onanRod Hat Training Lab Procedures RHI33 Lab 2 Managing Startup Sequence 2: Changing the system login banner Tasks: 1, Were going to setup the ee. 20€a seript so that it regenerates the login banner every time the system reboots, Open the file /ete/re. Loca ina texteditor and locate the following lin: touch /var/lock/subsys/1ocal 2, Insert the folowing lines immeitely before that lin: echo ‘Welcome to \n¥ > /ete/iseue echo "Ai access to this system is monitored" >> /ete/issue echo "Unauthorized access is prohibited" >> /otc/issue echo >> /etc/issue echo "Last reboot complete at $(/bin/date)* >> /etc/issue 3. Swe the file, hen copy /ete/igeuet /ete/issve.oris « 44. Reboot your system ‘5. When the sytem comes up vei the new login banner by changing toa virtual console, (Hint press ctrl-a2t-F1.) Lookin /etc/iseue. Note that ningetty expands the \nin your / fete issue fle nt your machine's hostname on the screen Deliverable: A systom with login bane Similar tothe following: Wetcone to station!0.example.com AIL access to this system ia monitored Unauthorized access is prohibited Last reboot complete at Tue Nov 27 16:03:59 EDP 2001 ari est 3085 see 044908Red Hat Training Lab Procedures RHI39 Lab 2 Managing Startup ‘Sequence 3: Changing the default run level Tasks: 1, Bitte /@tc/inittab file and chang the deta run lve as shown belo fem level $0 level id: initdefault: 2. Reboot he system, What happens? 3. Loginandedit /etc/ini ttab wchange the default rap eel w and reboot. 4, Changs the dfait ran evel hack level Sand reboot ‘Sequence 4: Adding @ Message Of The Day (motd) Tasks: 1. Bait the fle /ete /MOLA, which should curently be empty. Ad the following lines: OOUOPR PRR NEA OPR EERE APSA PRE REE RR EE RE ERE EOE ’ Welcome to Station xx a HRAEUR OURO UNA UR HERR RUSE ABE REE RHEE REDE R EEE The sysadmin is playing today. Expect frequent system downtime. ‘Whore is today’s dat Which you manually enter and x is your station number 2. Change w a vn console and login ea a a ne 40fs: oven ennseRed Hat Training Lab Procedures RH133 Lab 2 Managing Startup Sequence 5: GRUB Tasks: Use GRUB at boottime to bring up Linux in various un levels 4, Reboot Linux so that GRUB appears on your screen. If you have spectied a "timeout In grub.conf you will notice thatthe timer is Counting down, 2. Before the tmer counts dovm to zero, press the space bar to hal the time. 3. Take note ofthe help tex in the lower part of the GRUB dsplay. Use the upidown arrow keys to navigate to the kernel you wish to boot. Then press the “e" key toed the contents of ‘grub cont fortis kernel 4, Once again, take note ofthe help toxin the lower pestion of the GRUB display. Use the Unidown arrows fo navigate to the ine starting withthe text “kernel” and press the “e” key. 5, You are now in GRUB eait mode with the cursor atthe end ofthe line. Press the spacebar followed by thes" key, then press the “enter” key. You wll note that the GRUB display returns to the prior screen and now has the new text S" appended to the kernel tne. you wish to undo allchaniges you have made in GRUB, simply press ne "ESC key to return tothe prior screen, 6, Press the "b"key o boot using these grub cont options. In this example, you will come up in runievel"S" or single user 7. Following reboot, review the contents ofthe grub.con il. You will note that the change you ‘made at the GRUB screens did not update this fle 8, Repeat steps 1-6 above, trying diferent runlevels such as "emergency’, "1", etc. const sofs. ven nanaUNIT 3 Kernel Services and Configuration Copyright © 2005 Red Hat, Inc. Ailights reserved. 2005-03-08 ‘199 Unit 9 Page 1UNIT 3: Objectives * Upon completion of this unit you should be able to: = Load, list, and unload kernel modules — View system configuration information in the /proc filesystem ~ Configure running kernel parameters with the (proc filesystem copyright © 2005 Fed Hat, In. 2008-0008 [Aight reserve, t99 Unita Page2UNIT 3: Agenda * Kernel modules + The /proc filesystem ‘Copyright © 2005 Red Ha, Ine. ‘Alrights reserved.Kernel Modules * Modular kernel components. ~ components that need not be resident in the kemel for all configurations and hardware + peripheral device drivers + supplementary filesystems — modules configurable at load time + /1ib/modules + Controlling modules ~ Lsmod, modprobe + Kernel Taintin et a vein ‘Movdlar kernel components Many components ofthe kere an be compiled a daily hale modules. ‘This allows fr increased Keel fanctonality without increasing the size ofthe kernel image lade at boot tne. Good candies for modularzaton ae any supplementary capabilities that re not needed at hoot time, inching peripheral device drives, supplementary ils), ‘The Aibimodaes areetry ‘Kemel modules reside in /ivmodols!cherne-verson>. The diretory name must mach the kemel version as returned by CContrling Modules ‘Modules are generally loaded on demand by the Keres ists the modole curently resident in the Kee, The Kero «an be promod lead paula mode wth modprobe, ad vrious module parame cat be specified as command Tine argues. Addinally modules loaded wi modprobe may hav aliases, option oactons provided by ‘remodprobe oat, Modules my te inser with modprobe emadule-name> an removed with modprobe + Many dls seep pacts ht ca be spi os time ange tobe lacked up. The softmargin dts how may scons tape con with hie ‘fen when maar od a ct sade oN configu the new devi. Common ations nse eng and ig olan setng on snd care an forcing pls stings ewok a Module Dependence Same nas depen! pe fonsy Pond yer ms, The ep mand can ew 1 ell he dependency dibs ‘inmodsetaname nmol ep. Tico y be aed when ons ods lt fr he meh Manual Control ‘The modprobe actin canbe psi wih alls in ind Tho ae mete rm ake of smpltnes, mndobe and sedge tenon athe refered eso ran nove mde fen th here! ‘Copytight © 2005 Rad Hat, Ine. 2005-03-08, ‘Ailrights reserves HIS3 Unit 3 Pago SThe /proc filesystem + /proc is a virtual filesystem containing information about the running kernel + Contents of “files” under /proc may be viewed using cat + Example: cat /proc/interrupts + Provides information on system hardware, networking settings and activity, memory usage, and more oo ‘The /POC flesysem, which is no disk-based lesystem, is enabled or disabled in te Kemel Island ea map to the ronning kere process. The /PFOC filesystem is mounted during sytem inivazation through an enty in /etc/ fstab. Listing the files" and “iectres" under /POC wil veal that virally all of themavea sizeof zero hey ar nt really files and decors nthe typical ens, You can Clint the dtecoies as you ‘would drectris ona disk-based filesystem, bot the appropeat way to view the contents of he ils is by wsing the Cat command, rather than using an citor or even paging commands ike More oF ess, Donotwe cat on /proc/kcore. asihis special leis an imag ofthe runing keme!'s memory at hat particular moment ~ Cain this ile wil leave your terminal usable Some ofthe Key ile inthe top-level directory include + /proc/interrupts--IRQsetings /prac/epuin£6 information soa the systen's CPULS) + /proc/dma DMA stings + /proc/ioports - WOsetings + /proc/iomem~ memory ranges for PI devices + /pe0c/memin £0-~information on avilable memory, free memory, swap, cached memory, nd buffers /proc/ 1oadavg-~ system ead werage + /proc/upt ime system uptime and ile ie + /proc/version information on Linux kere version, ld host, bil date, et. Copyright ©2005 Red Ha, ne. 2005.08.08 [Allrighte reserved, II99 Unita Page 6| The /proc filesystem, cont’d * /proc subdirectories * The /proc/sys subdirectory allows administrators to modify certain parameters of a running kernel we: Beneath he oper /proe fea numero porn suber oman ies with ws iformaton. These + /p00/2ces ~ infomation sou SCSI devises + prac /net~ information sho network asi and coniguation + /pr0e/ee —hemel configuration parameters + /orac/ information about poses FID ‘proc/ ays x anique aha is parsctr may be oii on 4 rpning stem CONFIG_SYSCTL embed in ‘de ernel, For complet escrpon ofthe aval pranter under /proe/ yr he documentation of the procfilesystem in /usz/ahare/doc/kernel-doe*/Documentation/ilesyetens/proc.txt andi 7 /ockmentation/ayect2/, Below area few example of parameter changes one might make Woe / proe/sys ‘echo *" > /pros/aya/net/spvé/ip_sorwara Tum on P forwarding echo "16384" > /prvc/ays/f0/Ebeimax Doble the umber of le hades ‘Some fens conn mil pace dint values. Aan cxpl, semaphores ate data races wed by ‘erin programs o contol axes to sare sorce, The vate in /pe0/ay=/eecnel/ae indcate the maximum pre of semaphores por semaphore ay the sina vale semaphore ca comin, the ‘muti suber of semaphore penton th con be rede dria snl cll ta tmapoe Function an the ‘main nanbr of enaphores aay that an Be rested Copyright © 2008 Red Mat, nc. 2005-09-08 Ailrighs reserved. 139 Unit3 Page7/proc/sys configuration with sysctl * /proc/sys modifications are temporary and not saved at system shutdown + The sysct1 command manages such settings in a static and centralized fashion: Jete/sysctl.cont + sysct1 is called at boot time by rc. sysinit and uses settings in /etc/sysct1.conf oy During ystemboo. 2c. sySinitedk sysctl -e —p /ete/sysctl.conf. k ako sets vate for /proc/sys/kernel/modprobe and / proc/sys/kernel/hotplug. Thisasionatcaly temporary /pr0C/ SYS values. Leftside vals re pas within /Proc/syS. tablishes the otherwise ‘Typical emresin /etc/sySctl . conf mightbe: # Disables IPv4 packet forwarding net.ipvd.ip_forward ~ 0 # Enables source route verification net.ipv4.conf.all.rp_filter = 1 # Enables the magic-sysra key kernel.sysrq = 1 Foracomplete lis of vad /proc/ Sys parameter for /etc/sysct 1. conf. lookin / usr/share/doc/kernel-doc~*/sysct.1/orjustusethe SySCt 1 command diet sysctl -a Copyright ©2005 Red Mat, ne. 2005-00-08 Allright reserved. 199 Unit 3 Page 8| General Hardware Resources + dmesg and /var/log/dmesg + kudzu ~ /etc/sysconfig/hwcont ~ /usr/share/hwdata/ + /proc filesystem + hwbrowser oy dmesg and Ivarog/dmesg, ‘The mesg command displays the content ofthe kernel sag hater, which contains boottime messages immediately after ‘boottime. Kogd writes to tering which has a fal sie of 32768 bytes for unprocesor, oF 65536 bytes for SMP kernels. As ew messages ae writen to the ble, the boot messages are dropped ence the need o np the output of dmesg during system startup to /vax/109 mess inorder to ean boot messages, udoa ‘The ka lity maintains a database of detected and configured hardware found at tlsysconfighhwcoat. As pat ofthe boot proces, kudzu compares the currently detested hardware othe stored database. This comparison canbe forced by calling the ‘tzu command direlly. I new hardware i detected, or previously existing hardware is removed, kudzu wll tempt 10 anomaly reconfigure the sytem, or teor the administrator tothe appropriate iterative configuration wilt. ka uses Catalogs of kon hardware i the assbarfhsdtsl dirty proc Mesystemn “The proc filesystem contains pseudo-iles which provide dese hardware information, The meio, pain, ineraps, iopons, and imem pseud-files and bus. ide, and ses directors, ae ony few examples of the wealth of information salable. Because the fxstom implemented inlerally by the Kem, it exists even in minimal environment browser [nwbrowser provides a convenient graphical uy that provides survey of deleted have 2005-0806 133 Unita PagesSystem Bus Support + PCIBus ~ /sbin/Ispei = /proc/bus/pei/ + ISABus = /proc/isapnp/ ‘The PCI bus plays a primary roe in most x86 compatible architetures, The PCT protocol supports Pug and Play configuration, and supports a standard identification protocol. The bus can be probed with varying levels of ‘verbosity with /sbinfspc, Examining the output of lspci generally reveals controllers that ridge ote busses ‘onto the PCT bus, aswell as PCT peripheral devices. iproe/buspt also provides information about detected PCI devices, Starting with the 24 kernel, Plug and Play compatible ISA devices are configured intemally bythe kere Evidence of detected and configured devices ean he found in proclisapnp. ‘oupprigh © 2008 Fe Hat, ne 2005-00-00 ‘Allright reserves FII39 Unita Page 10| Hotswappable Bus Support + USB and IEEE 1394 Buses ~ /sbin/hotplug, (/etc/hotplug/) = Information in /proc/bus/ subdirectories = /sbin/leusb and /sbin/usbmodules utilities = USB devices in /dev/usb/ + PCMCIA Bus ~ /sbin/cardngr, (/etc/pemcia/) — Information in /proc/bus/pecara ~ /sbin/cardct1 utility wo The /ebin/notplug program is used by the kernel to notly processes when a device is plugged into a USB or IEEE 1394 (FireWire) peripheral bus. Speific agents in /et< /notplug are executed to load appropriate rodiules, For US the /sbin/1susb command can be used to list detected devices. Device access is often provided by the webdewes vitual filesystem, which is mounted to /dew/usbs, More information can be found in /ust/share/doc/not 2,6/Documentat ion /usb directory slug: version, andin the kernel source /usr/sre/Linux: PCMCIA supports also implemented by kernel modules, with the system-specific PCMCIA controller defined in /ete/sysconfig/pemcia. Hotswap events are monitored by the /sbin/cardnge daemon. Cards can Also be identified using /sbiin/cardct 1, which may be invoked diectly. The /ate/pemcia/ directory provides numerous configuration files which map detected cards 1 appropriate Kernel modules. The PCMCIA, infrastructure is initialized using the /etc/ init .d/pencia service seript. The pemcia (5) man page and / usr/ehare/doc/kernel -poncia-ca- vereion/ directory provide more information, ‘Copyright © 2008 Red Hat, ne 2005.05.08 ‘Allright reserved. 1199 Unit Page 11System Monitoring and Process Control + top, gnome-system-monitor - display snapshot of processes + vmstat - reports virtual memory stats + fostat - lists information on resource usage, including /O statistics, + free - summary of system memory usage + renice - change priority of a process + ki11- send system signal to a process ‘Thor ae several ways to monitor and elect syst performanee. The COPand gnome system-moni tor programs display a snapshot of rming processes tha ep every few scons, ‘vmstat report information on vewal memory wage and £2 supplies summary of sytem stecny age, _renice canbe wed to change the print proces otha it wes moe oes system ‘141.1 isa command that sends signals running processes. By dealt, KT asks a process shutdown, Ifthe proces wll not respond toa "eal" Kl you can invoke X11 with ~9 option ‘which wl forily il he proces. Aner signal that Kei 11 can sen x AUP. This opin ts compliant program o eeu cofiguration files. For a complet ist ofthe signal that 41 can send review he iJ] mau page. Copyright ©2005 Re Hat, nc. 2005-09-08 ‘Alright reserve. v3 Unit's Pago 12End of Unit 3 * Questions and Answers * Lab ‘rg hata paused and nd en nie aa nnepcnmecrachae pe a Important ies covered in this Un /proc/* /ete/sysctl.conf /ib/modules/* /etc/modules cont Important commands covered in this Unit: sysctl smod, insmod, rmmod, modprobe, depmod top, kill, free, renice, vmstat, iostat Copyright© 2005 Red Hat, ne. 2005.08.08 ‘Alrights reserves. i133 Unit Page 13Red Hat Training Lab Procedures RHL33 Lab 3 ‘The /proc filesystem Lab 3 Configuring kernel parameters Goal: Develop skills tuning the proc filesystem. Sequence 1: Turning off ping responses 1. Check the present value of /proc/sys/net/ipv4/icmp_echo_ignore_all eat /proe; aye/net/Spvt/iemp echo ignore ail I should be curently set to zer0 which means your system wil respond normally to pings. 2. Change the value of /proc/sys/net /ipv4/icmp_echo_ignore_all to a1 which wil prevent other hosts trom successfully pinging your host while not effecting your ability to ping them. Very your work. echo 1" > /proc/sys/net/ipva/icmp_echo_ ignore all cat /proc/sys/net /ipv4/semp echo ignore_all 3. Now test pinging sorvert example.com. Pressing Circ will stop the ping command and display some Satstcs for you. You should have been able to ping servert 4. Next have someone ese try pinging your station. They should not receive any responses back from your system. 5. Now reboot your system and ty steps 3 and 4 again. What happenes? Why? 6. Remember that changes to the /procflesystem are temporary and if you want them to persist across reboots you need to put an entry In /ete/sysct1 cont. 8) edt /exc/eysct conf and put the folowing line a the bottom: net. ipvd.lemp acho ignore all=1 ) execute as root Copyright 0205 Red Hat ne Lof2 RHEL, 20050348,RHI33 Lab3 ‘The (roe filesystem Red Hat Training Lab Procedures sysctl -p Check the value in /oroe. Wiis net set to a1 then recheck he previous to steps. Next reboot your sysiem and check the value in ee again. MANDATORY CLEANUP: 1) comment out or remove net. ipv.icmp_echo_ ignore alli ftom /etc/sysct.cont 2) Asroct,cun syst -p ‘Tis isto prevent other things fom breaking during the week and hep preserve your and your instructors ‘arity. Please nota, it might be to late for your instructor. Coptight ©205 ea at 2of2 awe, 20050208| UNIT 4 Filesystem Management Copyright© 2005 Re Hat, In. 2005-0208 ‘rights reserve, it Unt 4 PageUNIT 4: Objectives ‘* Upon completion of this unit you should be able to: * Explain how data is accessed and maintained ‘© Understand the filesystem hierarchy ‘© Manage the filesystem hierarchy ‘© Manage virtual memory with swap partitions Add a hard drive so: Copyright © 2005 Red Het, nc. 2005-08-08, ‘llrightsreserved. 33 Unt ¢ Page 2UNIT 4: Agenda Initial device access Partitions and device preparation Filesystem basics The filesystem hierarchy Manage virtual memory Adding a New Drive ol ‘Copyright © 2005 Red Hat, Ine 2005.05.08 Allrights reserved. 133 Unit 4System Initialization: Device Recognition * Master Boot Record ( MBR ) contains: + Executable code to load operating system * Space for partition table information, including: * Panton id or type * Starting cylinder for partition * Number of cylinders for partition wo ce oo ®- {When asysiem boots, sich for cde hat cu start a operating syste made from ist of devices (eg. CD-ROM, flopry hard drive) as defined in the BIOS, The first executable code founds used, Mos often, a system boos fom ard drive atched othe system mainboard, and rom the code ound tthe frst sector, ofthe rst eylinder-the Master Book Record MBRof that drive. This exscutble cde is called bot ower “There ate many boot ade: hr function the samc but ther nteraces and capabilites fer. The orginal MS DOS boot loader has imited capabilites and is enly capable of booting Microsoft DOS and ode versions of he Windows operating sytem, Ores hoot loader such asthe one wed hy Microsoft WindowsNT/2000, or GNU GRUB (GRnd Unified Root aerate more exile, and can accommodate systems configured orn more than one ‘operating system. Note hat hot laders dono! load more than one Oa time even on "multi boot” systems Primary Partitions In ain othe boot loader described above, the MBR consis structure describing the hard dive partons. IDE Arives on Linux use legacy stuctacs co deseribe fou primary panitons, with provision fran extended partion and ts "logial” partitions. Each partition, describe hy its ize in sector, blocks, renders ~ andi ffs from he “reroh cylinder, has ype which ialso sored in this MBR structure. Linux specific prions would normaly be one ofthe following types: 0x5 tor Oxe£)- Extended 0x82 —-Linwe swap 0x83 -Linux Linus LYM Linus RAID auto ‘Copyright ©2005 Rea Hat, ne. 2008-0308 Al ights resorve. ‘AH38 Unt 4 Page 4Disk Partitioning * An extended partition points to additional partition descriptors * Total maximum number of partitions supported by the kernel: + 63 for IDE drives © 15 for SCSI drives ‘= Why partition drives? * containment, performance, quotas, recovery Extended Partitions and Logical Partitions one of the primary partion is marked as Extended ype "0x5 ") or Winds Estended (ype * OE") then he first sector af the prion deseried by the entry will contain anther lock of parition descriptors, These descriptors eine partons known as logical partons. Use of lgiclpartions fa work-around fo ations nthe legacy Microsoft DOS-tased pation able structure. Logical pation permit the defnion of more tha fou partitions pee drive. White the PC parition spcifcaton doesnot impos ini on the numberof lopcal partons, the Kernel des. Partition Limits ‘The Lin kernel is designed with specific device numbers, the numevic "name" ofthe device dives fora given device, This allocation of device and number support «maximum of 63 ol partons on each IDE disk, with one pation assigned ene device number. On SCSI dks, the maximum number of partition sported is 15, aguin due stil to device number allocation. For more information about the Kem, instal the Hered RPM and reference /ust/share/doc/kernel ‘operat on higher numbered patton, you may ne to ees the appropiate device files manually See the man and info pages for mk for details ‘Why partion? ‘Unix best practices suggest tht we should parton our disks for many eeasons. By creating a separate filesystem we */oe. among others, devices. txt, Inonkrto ‘can contain applications and uses to th ileystem. If ills up because of security breach or wser demand, the rest ‘ofthe operating sytem s more sulted fom the issue. Saratepattions improve performance by keeping dita together which reduces disk al seek. Ifyou would lke ose quots they are enabled at the ilsystem level. Also atitioing eases backup and covery. your aplication ands dasa on separate ileysiems, the operating system can be upgraded or reinstalled without having to restore the daa rom elsewbere. {Copyright © 2005 Res Hat, Inc 2005-0008 ‘Allright reserved, I9 Unt 4 Page 5Managing Partitions * Create partitions using: + fdisk + sfdisk * GNU parted - Advanced partition manipulation (create, copy, resize, etc.) + partprobe - reinitializes the kerne!'s in memory version of the partition table cmemtmers re tyaoar be onre eer ae tery mEngay Se te” ape eae ON [According tts own docamentaton, Fisk isa bey program hat does fzxy things "sully it happens oprodicereasonahle results” The manpage i to eal - Fl isthe most commonly-used paritoning program. Ithas the advantage tat this sme support for [BSD sk labels an other nom-DOS pariton tbls etdiex “The wer interface ie somewhat cryptic, but itismore accurate thin Fi kas wel as more exible, Moreover, cin be wed nonineactively ie. m3 sep), GNUpartea ‘After installation you may acd a program fr creating removing, sizing, and cpyi partion containing filesystems. Part ec manages these tasks fora varity of lesystem ‘ypes. partprobe ‘Atsystm bootup the Kem! makes its wa in-memory copy ofthe pation ables rom the Giks, Mos 00s ike sk edit the on-dsk copy ofthe partion tables. To update thei ‘memory copies, un partprebe, ‘Copyright © 2005 Rod Mat, ne 20050808 {All rights reserved ‘RHI33 Unt PatManaging Data: Filesystem Creation © mkés © mkfs.ext2, mkfs.ext3, mkfs-minix, mkfs.msdos © Specific filesystem utilities may be called directly mke2fs [options] device ‘amy rare atom Pee waned agate Rye cara “The command ferreting filespstem is fs. Tis command is hn eno "egg or vaso lesystem ction pops ‘aks-jinpe wl look fo progr tht low hang convention mest, a then ante pogam to cee the dese files. 1 ms is run oo-toption asa the Lia defo ext Second Extend fesse. The mk fom of the progam may ss belle ety, het eye is atonal mera elle by beds fotos device Some fl opto ce ‘agai theif ablosks in bytes. Without his opr the dalock siz deen bythe sie of te pion lesen that wil contin many sal is, fo example soul se mar lock zs beseech le ses a enti bck, even tit data ee than the sie of on lok. One le oveuiesatlesone daabock, Corre he aie te of data hock with Aheiovable sof the pil hard dive trl $1243) 1 check the dvie foro ack aka scion) before eating he lessen), Tis may ake sever haus i he prions ery tune 1 pei he ytesinod to, wh rete a inode able aed onthe tl sin in byes of pote lessen, Lange ase managed by lessen wou bent rom ager rains thee would efeitos, eng more dat space Only oe inode alloted ese, wile ons ade may eerence one or mare datbocks, odes ae 128byes in sire aed used noes ee ‘cepy alot viable pace vets the efit clelton of the amr of nasa ou be ese for tei stm. By fan his ibe on the pam of lock nd the yen at. Tins he wer 0 pei he amber of esd nodes ie. Nok his my tea mare fective med obs ize he parton odatspace byte ao fr extrema ape dss ashe ges vse sed tothe opton above 5192 espe the centage a reserved bck forthe apes This ae dfn SI tele ste Being reed wil be (sed for some specie application, changing he ae oer il allow the apliaton falls of he sytem. seth vole abe forth lst." wl be very afl awe cs lt hw isons ae coneted together Cee nex joa node and esse ‘Copyright ©2005 Red Ha, ne. 2005.08.08 Airights reserved. H3 Unit Page 7Journaling for ext2 filesystem: ext3 * ext3 is essentially an ext2 filesystem that uses a journal for file transaction atomicity * ext3 filesystems can be created natively or easily converted from ext2 + ext3 has three journaling modes: + ordered - the default, journals only meta-data + journaled - journals data as well as meta-data ‘+ writeback - journal updates are not atomic, but gives better performance at possible expense of data integrity Mf . ‘ex provider an any migration path from ex 2. Cistng the x3 jour ean be dane om ‘mounted partion, 3 the ex ?-0-0x2 filesystem conversion ic ot destctve ‘An ext pation can be converte o x2 with the following eps + Change /etc/ Estab io spciy ex for desi filesystems + Create the 3 journal onthe 2 flesystemi): + the Kemet neds to have aces to he ex? made st botstme, eet a nina radi mkinitra /oot/inited-ckernel version>.ing Since /e2e/#etab references ox¢3, th ext? andthe related 364 modale wile included nthe ramdisk thats reated. The last tpi to eboot he machine. and verify by cat /pxroe/nounta that exe lessens ae now of type x2. ‘Thedata-ordered jounaing modes default, at provides the best hance between joarzal sin, dat ier, and fk recover tne, The datas journal mode, while reqiing mich lager ourals, cat speed some dtahase operons. The dataswri teback mode doesnot ally usrasioe the dita ntegsity a 0 snot ecommmonded but does low fru potential speed increase in sme cases. While dat a=orderred isthe the mode thas prefeel fr alos all situations, his can be changed by providing a filexysem mount option of data= in / oto/tatab. ‘Copyright © 205 Red Hat, ne. 2005.09.08 ‘Allright reserved 33 Unit PagesManaging Data: mount: mount [options] [device] [mount_point] # device (or file system label) points to the filesystem to mount. + mount_point is the directory under which the files on the filesystem will be located. As mentioned cai, in order to acces files ofan individual filesystem, it mst ist be connected the filesystem tee. This is done withthe OUR” command. While graphical interfaces for mounting devices ‘exist they merely cal the command line versions of the progam [fhe mount command is invoked without any arguments reads the Gle /et.c/mtab, maintained by the ‘system to display the currently mounted or available filesystems. their mount pint and ther modes. The mode indicates what operations may be performed onthe mounted filesystem, sich as whether the devise is mounted for ead accessor read/write acess. Filesystem modes are passed a options othe mount convnand and the ‘modes availabe wil vary for aiferent ype of ileystoms. The fll sta fo the moun command i mount [ -t Estypel [options] device mount point “The filesystem hierarchy is fst configure st system installation by the Disk Druid component ofthe installer In adivon 1 the sizeof each partition, Disk Druid also requires information on the type of partition being ‘rete andthe mount point for each partion, The moun! point ithe drstry onthe woot partion where & paricular parton willbe mounted. ‘Copyright© 2005 Fed Ht, ne. 2005-03-08 ‘Ailights reserved 133 Unit 4 Page &| Managing Data: mount options -t véstype (Vat, ext2, ext3, is09660, etc.) + Not normally needed -o options ‘+ Default options for the ext2/ext3 filesystem: rw, suid, dev, exec, auto, nouser, and async ‘temownt cman ales seve argument 1 nt th ype of Slesystem to be owned ar ay spi pons that shoul be set (ach asrend-nly acess) A fil reference to anal opin isthe Ba page or MOURNE. The fiksysem ype ms recede the ota hea given option ny Be speci tothe Rem ype One oo he argument for vce ad oun oie rmithe wes. lyon ise en ancy in EEC spec opons for afileyitem inedin /etc/ fstab y ton il overall ther. See of he def pins or suid si on gd le mes honored dev sevice ies peri auto honor mount —a awn) async Fechanges mnaged atehononl ‘xr ptons commonly st ae bidehenry, gidehenry Alles ofthe monte eye arc owned hy is eagle, henry. “The merc valor may ao fe we, oe peer Loop oat he filesystem sng a Tophk device Helpful we mounting 2 filayem when tea le of anaheim, user by contaitithe Rowse dein toe, his opin pes ey we to ono wont ester owner Sinilr othe 1232 ein, nth cae the mnt rote and he deve, {rpc le mist Be one byte same ELD. On Res at Lins ystems the we last ooh consol ade owe ofthe CD-ROM and Mop {CD-ROM and fopyy reat devices For scuy rans, oth ihe OWTIET and USEF MOUNt aplows do ipl the MOUNE opons HOEAEC, DOSWL, and node. bt thiscanbeoveriden with he appropiate MOUNE options {Copyright ©2005 Rod Hat, nc. 2005-0806 ‘iragts reserved 33 Unit 4 Page 10Managing Data: Unmounting Filesystems umount [options] device | mnt_point * Afilesystem "in use" may not be unmounted ‘+ use fuser to check andor kill processes ‘+ Use the remount option to change a mounted filesystems options "atomically" mount -o remount,ro /data coon ce oe ‘There ew rena lx st be eno of acon rhe ot enh, Whe seem intought of linet oe mes fxm msean or whe eng remenable md esses se dicoaeced wit LOL, This comand eforences /2LC/e ab an may boron TOUNE Cony asses 1 ascnnea syste of umount [options] device | mount_point “Topovideopeting te say nd poet ley thin se open les, ie anes. process WD, cy note uemoune. Tor emotable ma dion vc ive il ego Ie devce sates helo semoved when he vie eguect, whendeicd Tick, am ghd LumoUnt commands be rseing, Shel you expec the, USO wll Be lp Fuser wedtn dips efomaion abut the pace nig Rept fer demining Mat i ing one fileryem, £190 a proves convenient wy wend signals ose oss, The comand cn rot yu iets fresh oes efor seding siglo" al process acting nthe lesen, Inlsing + er CWD ery. Te play wht or mo) acting om sym jeer ~v mnt_point fuser -km mnt_point Simtines ou may aed change options moun lessen tc. at witht ber erin coring daring the change Coir, for erarpe, tha you cre bave eet ley ‘exe tht cating probes an you wan oe le, Toe ie le, you se mou the fiesyemrea-wie, iit system son /efev/licla5, he following matin comin woul ‘aie he ro esses moa sl prancing the new epbons mount -o remount, rw /dev/hdas / Copyright ©2098 ea Ht, ne. ose ‘Ale reserved. 3 unt Page 1| Managing Data: Filesystem Labels ‘+ Alternate way to refer to devices ‘+ Device independent eMlabel sount [options] IABELefalebel nount_potnt A pel probe exis when site pci device les point ey in hat the ee ams elton ‘tesgtom hen pc devic eh point wl cang. This mot cml hagpess with SSI devises, ley aes provide an aerate way iene ise or mowing th tegen on he pci devi he ‘Twomechaims eit oppor Sytem at Sytem ae cn be writen he peck of xBlents ‘dpa te caret ays abel fort vie. The Fins cn be mune sng the command opr 2205 ea Ha ne ‘nos-c08 ‘ght reserved ta3 Un Page 12| Managing Data: mount, by example + Sample filesystem requirements met using options: + Disabling execute access Mounting a filesystem image Mounting a pe-compatible filesystem * Disabling access time updates + Setting up a mount alias aa] Une teow ae few moun command tl i expanation mount —t ext3 -o noexee /dev/hda? /home Fr cry, we ome distri shoul be conesed yng permission neste les managed Inount -t 1309660 -0 ro, loop /iso/documents. iso / mnt /edinage Moan he CD-ROM image /180/doCUMENES 5 so exon xing the fist avalible ROM file sce ate el fl fer yen. mount -t vfat -o wid~515,gid-520 /dev/hde2 /mnt/prosx Mowathe VFA flexytem le on the /le/AdIC2 pion tha cach es ound by 4 ses UID snd GID. Tis conversa for thet, wae UID and GID ae ted who wen ‘emanage thi ils us, Normale ley ats would “eed” by ol he peer ying ds le mansion mount -f ext3 ~0 noatine /dev/hda2 /data Moun he sym wing the ROE Leagan omree lap ate wp sme by eng dik bind /something /anotherthing ere Tis mats dein ey mod on the ‘copra ©2005 Red Ha ne. 05.09.08 ‘lig reserved. saa Une Page 13Managing Data: Connecting Network Resources ‘+ Mounting NFS resources + Requires hostname or address of server + Requires name of exported directory ‘* Mounting SMB resources ‘+ Requires hostname or address of server * Requires share name ‘+ May require username and password Many lesen eanarcescomeied top networked ems, Mast common ae Newor ile ye (NFS nd SMB resource. Tocco the etn fn ent esse mst Be Bown By Ns a se same, Ta dicoer wht lets expe ys remem, lowing cnn shownount ~e remote server lent -L remote server -N ‘When ht and share aes arn he lowing comune wd cose he twist oc eeyem e_server:/shared/dir /mnt/remote_nfs nt //romote_sorver/share /nnt/remote_samba Natta tle £8 ype pins nt he yes fore deve engi by MOU, ad th {ese mount command iseccsd. The NS mh "sh nthe opening system. For SMB, on pases theegusio /uSr pose ee Ser yee: bg, fg intr, noints, soft, hard, reizemdwsize Fors ‘arg, ip=, wid-sand gid= ‘5 Examine the lesystem's chrecoristes: tune2ts -1 /dev/- foo Ne: v /boot/initrd-$ (uname -r).ing $(uname os) 8. Type ayncy and han crash your sytem again using he cebcot + command or power baton 2 Qosere whathappens during the boot process. Which systems are chockod? Do you se the “ecoveringjourar message forthe aa feayton? How much asters recover rom an Fproper “shutdown win ext than ing with ext? erent aos snes son‘ed Hat Training Lab Procedures suite Lab ‘Flegystem Management ‘Sequence 3: Automounting data with autots 4. Enero that tates frewaing is sabes 2. Bathe /ecc/auto.nsstee Me, Unonment ine tine fr ntsc 3. Add ane to he /e2/auto.nise fle at wllmeunt he pub export tom sent example.com 6 {Journ /oine/servest lage Use the 1rpcxcrposors eas ah exam ot how lo accomplish “ns mount srg te autorouriar (alheugh he rosa cays tis ean fs example aa present ‘helnur kent does nt supp mean tp resouree wiht an Uncuppeea Ker pack 5. Trytousetheniae/soxvert reser (og.0d /mige/enrweet) emg sora memoUNIT 5 Network Configuration Coorg 2985 Rs a Ign reeneUNIT 5: Objectives Upon completion of this unit you should be able to: ‘© Understand network device recognition + Know how to configure network interfaces + Use network configuration utities + Understand IP aliases * Understand IP route configuration + Know how to configure client-side DNS copy 208 Re ome ‘ants ore rsenunt sreeUNIT 5: Agenda ‘+ Network device recognition ‘= Network interfaces ‘+ Network configuration utilities + IPaliases IP route configuration + client-side DNS ony 295 Rs Hae soso ‘un se rat ns apeDevice Recognition ‘= Alldrivers for network interface cards are built as ‘modules ‘+ Networking scripts reference logical interface names, eg) etno # Jetc/moaprobe .conf maps logical names to specific module name + Example: alias eth0 3059% iow anna a eet meee con forex tamer 10 ar ony 0 208 Re a oor ‘ato sre rssunt PeetNetwork Interfaces « Interface names + Ethernet: fetho, ethi, eehw + Token Ring: exo, eri, exw + FDDI edaio, £aaia, faain + PPP. PPO, DPI, PPPN * Data link layer addresses Lecontig Iie reeves 39a Paesmii-tool * Views and controls the negotiated media speed (100baseTX, 10baseT) of some ethernet cards. * Useful for forcing specific ethemet speed and duplex settings + Changes with mii-toot should be made on inactive interfaces, ‘ad Thi apes pnt having chip cnpuable wah i =o aa tal an “Tofece 1M pen perso of copy 0 205 Re Hate soonosoe vont een. uaa apeifconfig ‘+ Used to configure and set IP addresses on network interfaces ‘+ Not usually called directly, but by other scripts ‘+ Also used to view properties of active and inactive network interfaces ee en toontsg em ih natn dpi cena res Th norman ped (zootatoceibert_/tnel# stoontia cre vow insirae n th pn copy 205 Ras zoososceifup /ifdown * if(upldown) interface ‘Start and stop network interfaces + Take care of details specific to interface + Changing/adding/deleting routes + Obtains addresses as needed = BOOTP, DHCP. enn Metin smc nc ni opin Hi Capra ©2025 Rest ne sooeenoe ‘roses sna UsaInterface Configuration Files * Ltetg-200 = Locate; + /etesi \config/network-seripte/ + Configuration methods * static + dhep + booty nec Congr Pls ner gen win inte dry work eripte: The lenient fel ni 9d in| Configuration Utilities + netconfig + Text-based network configuration tool + Only writes config files. Does not activate device of changes. Use ifup/i fdown to activate changes + Used by kudzu when new network card found at boottime + system-config-network ‘+ GNOME-based network configuration tool ‘+ Can be launched by a non- privileged user, but requires authentication as root ‘vg ere en Uae geBinding multiple IP addresses + Use multiple IP addresses on a NIC + Viral Inerface(s) + Fora small number of IPs, create an icf file for each viral interface fcfg-etht: 20% + Fora large number of Is, create an ifefg range file Lfofg-ethx-rangox + iow 10.100,3210 Hohe | mt ony 208s a Iie sensDHCP / BOOTP + The dhclient daemon manages client-side DHCP and BOOTP. + For DHCP, ahe1ient: + Obtains a lease + Performs automatic lease renewal ‘+ Normally run by ifup/ifdown ‘+ Can be run manually to force renewal or release of alease tet renter onfigton in con example ype Re iv worane| Global! Network Parameters = /etc/sysconfig/network ‘MBTWORKING=yes Ino HOSTHAMES Garmuaya NISDOMAINe Capon 2 Re ameanoe ‘ee seo a8 ag 9Default Route * Global default defined in + /ete/syscontig/network CORTE Yee see 22 + Default gateway can also be defined in + /ete/sysconfig/network-scripts/ifefg-x0 + L£0£g-200 default overrides Global default routes + GATEWAY = 60 200 930 Copnigh © 2005 et e owen ‘garnered ras Ut ap| Static Routes + Connected networks * Linux kernel automatically creates a network route for connected networks *+ Static routes defined per interface fees /ayacontig/network-seripte/route-etho Jeve/syscontig/networking /devices/ethd.route * Display with: ony 235 Rea a me roeason agnor ona Ua ome| Name Resolution ‘= hostname - display or set the system's name «+ Is initially set by xe. syeinse from HOSTNAME variable + Jetc/eyscontig/network * /etc/nosts - local database of hostname to IP address mappings + Checked before DNS + Useful for small isolated neworks —@ ‘jets hu cones 8 ese stn ad mages. Ae Ye ‘ete Irootasany /rootl# oat /ots/hoat. cont Copyigh ©208 Re a ‘tear ressnunt soeDNS client configuration +» /ete/resolv.cont ‘= Defines which name servers to use + Servers are checked in order listed conynt 2025 Re ne argos 439. Uat Poe 37DNS Utilities ‘+ Useful utilities in bind-uti1s RPM package include ‘+ host: gather hostidomain information host nst.redhat .com ost -a redhat.com ‘+ dig: send queries to name server directly 1g @nsi.redhat.com mx redhat.com + nelookup oprah © 2008 et te sossesoe ‘vais rsomed ‘ena Ua ageNetwork Diagnostics = ping ‘= Network packet loss and latency measurement tool + traceroute, mtr «Displays network path to a destination + netetat ‘+ Multipurpose network information tool iog angra tsa comecvy by enn ICMP sks aque sentence ee en “Th eo ping ls yA ICM tote pi ee nl ymca te pron wt Ate ata othe tre aly ee eagle, When cme ew el sea {ene sem egg ince ie esi cn one re evr ‘he traceroste coamamt wil rg hw oat pce ae ees a se me yam Th cmmandby eater UDP ot ICM. Sethe efor de capt 205 He zoos0s0 Ie rere ee Une ogEnd of Unit 5 + Questions and answers + Summary + Where are drivers allased to spectic interfaces? ‘+ Where is the default route set? + What file is used for client-side DNS configuration? pram encore nts Iria cman covered a ts Ut ena at ageFed Hat Training Lab Procedures HS9 Lab 5 ‘Stale Network Settings Unit 5 Lab Static Network Settings Estimated Duration: 14 hour Goat: To build skils needed to manually configure networking Sotupat Start A Red Hat Entrpise Linux System using DHCP networking Situation: The DHOP sewer is down! You need to get your workstation up on the network, so you will edt the appropriate configuration files by hand to set up static networking, Instructor: TURN OFF THE DHCPD SERVICE ON SERVER1.Red Hat Tisning Lab Procedures HI99 Lab 5 State Network Settings Sequonce 1 Sting the IP adéross SeanrirStory “TheDHCP sere om your etmek down. (Your nse wil om of) You nsdn set pase IPacdres 0 oa cn gt our workstation ack on ent ‘aske: 1. Begin stuting down youre ce with the 5 Eown conan Lfdown etho 2. Open /et.c/ sysconfig/network-scripts/ifcfg~eth0 imatatadtee achang the comers omc flog where Xs ipl with yor tation amber Device=etho BOOTPROTO=none IPADDR=192.168. NETMASK=255,.255.255.0 GATEWAY=192.168.0.254 3. Viow esos of /ete/re901V.COnf, Mshould sil ate he vad ating osned fromthe DHCP srr. Ifo, make sre it match hello: search example.con nameserver 192.168.0.254 4 Being up your ney congue inerce with ££ up: ifup etho 5. Verify our network seine pining Server 6, Reboot te chine sd agin ify your newer stingy pining Ser EEL Deliverable: ‘Nese congue pete with sta awn tings Cteon op (nce yorinsnstr as at DHCP hk on tm your config fils others sae and twinge down and back pain. The $CEG~etN0 file shouldonc gin eo| UNIT 6 RPM and Kickstart Copyrgt ©2005 Re Hane mosses ‘nga reservs 4133. Unt PageUNIT 6: Objectives ‘* Upon completion of this unit the student should be able to: ‘+ Use RPM to install, remove, update, and query packages * Configure Kickstart and perform automated installations. ‘Copyan ©2005 Re tn. 0s.308 ‘interested. 138 Unit Page?UNIT 6: Agenda * Using RPM * Deploying an installation server * Installation using Kickstart opin © 208 ea te os.onae Argh reserves 33 Ua Page| The RPM Way ‘+ Package installation is never interactive * Applies to all software (core OS and add-ons) ‘+ No such thing as a patch to a package ‘kag intalaion ese intrtive ncomn opp amano eo plato Rs sg not rove active Goniguaton of sfwae at e package al proces. RPM can eto congo wn pr enlace Wi Appi tal ctr On sme ee son plato he pskage magnet te apt nyo ‘tof he mala stare The scp of RPM ld coe Operas enn waa esd [No wch ng ph como hr frm ave opening yom Ups eed at ota obese seve pk whch ene noe ching org wumbe a stalled ompea rks RPM reser dos hi. pt am hen trp changed spar ofan Import he iad at fan RPM managed yen can he esrb he eon mabe ‘oy © 2005 Re Hat me 054008 ‘sgt resares evisu Paget| RPM Package Manager + RPM Components, * local database ‘+ xpm and related executables + package files, ‘+ Primary Functions + installremove + query + verify build ‘THe RPM Pakage Manager ry piste dsibion nso, operand remo of sotwie an Red Hat ere Line RHEL ses. Te RPM stm cas foc aa te _"pmescaale, ppt in. Teac RPM datas is matinee /vr/1Ub/-pm. The dbs res norma aot ‘nse pckges teas le ais and ucage pris. An aia aly eer. mies the dash icy batman ues he FPR omen Sofmae onl wing pms urna owgh pepckige i. enti compres ahve of inn ected depend) nematic eae man si be hame-version-release.architecture.rpm ‘Te ver ee te open sae ve he pj we he ran fro Red Haine ony © 2008 a Hat, me ‘Alinghi reserves. 4133. Unt PagesInstalling and Removing Software + Primary RPM options: Instat xpm ~i, + Upgrade: xp -v, * Freshen: rpm -F, --freshen + Erase rpm -e, --eras * Output Options: -v, + URL support: £ep+ // (with globbing), http: // + Many other instalLoptions are available to address special cases. comming at =f 2 iy cig Th scanning te = node ser “ey nr ced ihe repay dP pi hrs os Upgaing pn 0 andspm = _Epmcm bedi sass’ nl tae wth ean comma enich Whe gg ‘hen eninge plage le sr fate Toa lease Re Ht rpm “inv z1p-2.5-8.1386.zpn £386/*. sem Copy 2005 RedHat ne. soser08 ‘ight reseed ian un Pee| Updating a Kernel RPM * Make sure to install kernel updates © Donotuse rpm -Uorrpm -P! rpm -ivh kernel-version.arch.rpm + Boot new kernel to test ‘= Revert to old kemel if problem arises ‘+ xpm -e kernel -oldversion if no problems ‘eigen he ptm anal to namical la device river or ter ees the pete you my a th et ot gesn/aren-ct ntrpm Queries + Syntax: pm -q what_packages what_information * Installed Package Options: © zpm -qa lists installed packages ‘+ rpm -@f filename — shows owning package ‘+ rpm -ai package name general information ‘+ rpm -ai package name lists files in package * Uninstalled Package Options: ‘+ rpm -gip package_file.i386.rpm + rpm -alp package_file.i686.rpm = teapots apg winced th rpah gs specs. eyo a ‘tpn ~a zsh ° ‘Quen aaa ers sides ame seri more ve: oman ssh tesco pa ‘scripts ‘changetog ‘quecyfornat format se oti = Copyright© 2005 Re Ht me. ‘ih reservesrpm Verification ‘* Installed RPM File Verification: rpm -V package name xpm -Vp package_file.i386.rpm xpm -va ‘* Signature verification BEFORE package instal: rpm --import gpg_key xpm --checksig package file.i386.rpm ey nc paca coms te es ems ne a MDS coast mat ie pm “Vp 25p-2.3-8.4386. pm ~ vetoed ip puta sit he shag fe Re ap al achge hs GN vedere The conn ae sm Sed they Red a copy © 208 te Ht, ‘ana reeewes| Other RPM Utilities and Features ‘* xpmzcpio’ file extraction ‘* rpmab-redhat: distribution database rpm --redhatprovides filenane zpm --redhatprovides capability ‘+ system-config-packages ‘he rpm2cp ic command allows efile coined wins pchge Heo convened toa CPO ream. Foreanpl, ec the neues om cn package lee lal ety ty Epn2epio /mnt/test/7.0-pub/i386/Rediat /RPMS/2ip-2 8.4386.zpm (\ cpio —ex! make-directories *bin* ‘Tee rpdb—recnat pce alowsthe FP command acess dashes conning infrmaton ce ltpctegesin a RHEL rele Seppo thatthe soe akagehar the LLDX1.90. 6 ary ace erste. The -=Fedhat provides witch sng with rpmdb~zedhat— version. i386. rpm, nap deemine te pees kage =pm -ivh rpmdb-redhat-version "pa 1 adton tinting individ pkgs i, you can nal package icmp op singe syen-conFig-packages ity. Therywem-config-packages uly weste / Redi#at /base/comps. xm fe wbch sks o sis die hens ti. 386.rpm redhatprovides 1ibN11.50.6 opr © 205 ed Hat, ne soasenoe ‘Aligh resarved. 9138 Unit Page 10Automatic Dependency Resolution Automatic installation of dependent packages + Invoked with --aia option. Use in conjunction with rpmab-redhat * Macro can indicate where package files found di dhe ttl. The ssp fh trai dene enon ido cos wht pape te dependent pn paps povided te stand Re Halle Theollonng tb willow an op ak bang ome penny lon 1 esl be rp packet He depose ca Be determi 2: lad pte, Make the RPMS fn he btn via. The cnn of te deny FedHaRPMS ce cc of he sl CDs shel he ate ail ctr toe 2 mcm, Crate RPM min, One calle pp delete “Tint macro shoul am the dctry ong the package fom ep 2 shoe. Oe may of ong hs crt ie pmo conning he flows es solve phew ptdnypachagss ole name fo? seve pp NAME | VERSION} (RELEASE) 40 ARCH foym-oh dan 099-8 Prcpring.._aHURUWHNOAUGHApRoRovaneoRaasoneneEt® [HF] [hos arnvaveneonnseasrenovenronavensnenvne | 05) 2hanchushons savaneronevareatnvanentenvHnonenontn | 7) “eaune-WeRonetvisnnoreanseeonnvunenteey 10/) Copyright © 205 Re Ht eosnan ‘Ag reserved 133 Unt Page 1| Red Hat Network (RHN) + RHN Components ‘+ RHN account + ‘System identity + fasr/abin/up2date + rhea daemon and queued actions + Advantages «+ Errata concurrency + Collective and remote administration + Bare metal provisioning ‘Te RedHat Network lows anette ete manag stare nstlliton a apa ting Nac of 201 the "Loa won stating rogram need compromise sc on Lins ‘uneby,at wa rpr ack nant 2 2001 Red Hat ad posed an updated ers of the bind RPM hr same dy nary. al no iintatos ad pomp pst sesh ‘on sm would mt hve mae Dns, Rod at Network steep the ak f hepi Copyright © 208 ea Hat he sos.08 ‘alg reserve airs Unt Page 12RHN in the Enterprise + Management Entitlements, + System grouping + Multiple administrators + Proxy Server + Updates cached locally conserving bandwidth + Private channels, * Satellite Server + Client profiles stored locally + Custom channel management + Provisioning Module ve Ms Red Ha Nework ha sev rng for maging gs be of waking Managsnet Enea A Mgr Eien serie su lows oe roping of het yon nleding ellie ‘ofwre manage nde aos, Malle listers mye died doe ‘son yr po RIN Pry Server Siar pts nde my holy each sng RH Prony eer Cie rfl sil asnineon RN sericn- The chil Re Ht ere Lamas E8385 21° mange by RH onl pene shan tallow the loa Srbatin f utm sofvarecan be Aetna ens ely winnsered lication nt RIN are mit he RIN Pony Sree 50 RHN Satie Serer ‘Sytem manage sperms xing laa wob ere, nd cl aan mins - Rio st Bes Lis sansa Chr Copyaht © 2005 Red Wane oss ‘geese asm Page 18 st Kit my bend ie atKickstart: Commands Section Constructs arguments that are passed to configuration utilities (“commands”) ‘The absence of required specifications (e.9., keyboard) will raise the appropriate utility Commands section must come first am tie enter Tien mat cnet els i et oder ot smh sn ho ig sites Pani Dre Copan ©2095 Res Hate ‘avaha reserved| Kickstart: spackages + *packages specifies components groups and RPMs to install © Component groups in the comps 2m file are specified with @ component -group Third-party RPMs cannot be specified without modifying halist. Package names only (not version) ey TieSpackages ston ms come tr he commun secon ough ed nt wn ‘The packages soon ns i with neem pa ine. The tm my bean nial RPM package sane a oeponen sap pei ia the COMPS XM Seo RvazyERL ng til at pcg. "spose opi het guny RPMSe the SpacKagee sce, ut igus aeons tothe ane of nformatin one twine RPM Nd Le. Sec tbedhcasion he ‘Te cies below woud nt de component soups ae and ck RPMS @ Workst: @ Gwore @ kei Development ute vlock copron © 205 Re Het, me snosen08 Aig reserves 193. Uat Pape 20Kickstart: %pre, %*post * pre gives you the first word ‘= executes as a bash shell script executes after Kickstart file is parsed ‘* %post gives you the final word ‘Can specify interpreter (bash is default) # chroot’ed by default, but may be run without chroot ‘Thenpre mé%poat sto mi ust sout anything posible, Th ¥pre sto exces aa bash "ToeSpre rp ne in somewhat enim the ony ecco ibe ae he oe Inupocrnithonihe post inm.cz Spot ~-Interpreter usr/bin/perl A me F create partitions by copying an MBE image (20 it=/ant/aource/pub/abr. sm of=/tmp/hda Gatbe fetc/eyscontig/aetwork: seripee/stetg:eth0 < 5. Farm an then out py. Then copy yourks.p tothe Hop fatornat. /aev/faou1440 tow Lever Toppy forme op foot ee cfg /nedia/€lospy ‘wnount /media/ Floppy #1 vaay aeeoRDNT! Floppses mast be unmounted content rots. massac‘Red Hat Training Lab Procedures iia9 Labs RPM and Kickstart 18. Reboc your syst using co: Hom med provide by he nerctr. The Keka py sot Eeccabia oof you ystems bcs ele baa Yom py it you al eat emu he opp and fanset i athe system boos ram Me cae and ou ee tne ed Hal Erorpse Linx neat oo prompt 7. fer st making se hat he pp iin he ve, hen the system comes oe boot: ramet ype: amin asi on ha kop etal wl ie a og sowng yo ne ‘equ ilomaton ‘Yeu wi uso this insalaion othe remainder of is couse ‘Troubleshooting suggestions: you rave ypo mn yourleksa He, oot he systam Io anave fc. This mach fast than booking to Iuhiowle Sor Iraninstarceroonsppear, such 0s the ens or enfin he lnguage keyboard then you maybe smazng alls fom your tess H Disk Oni appears, hen you probably misspeced your partons. Mako cure thoreis stint space for You panning scheme ara that you nelson snp partion “Tee Pyton rte wil spow ugnesseveryahore if theres fatal ete. Examine is mess carta ~ you fem use the cant st=Page Up» and soni tt=crage Sewn keysoka combinations lo sl te seen Up land down. Cart! examinton ofthe Python acsback wal usualy fovea wher the ers. evan you are nat ert Pion. thers a prcblem comowhore other than the post Section, tw probably appear bets your systems ‘verti. Consequently you can ebec your ysis examine and your esc fl. Boog mo Sage ‘ear mode shew specs press, amt 20fs reuseRed Hat Training Lab Procedures M33 Lab RPM and Kieketart ‘Sequence 2: Installing Errata and Dealing with RPM Tasks 1. Use rm queries io ane the following questons. Inthe blank spaces, wie inthe command used 0 finde ase 1. Wat les ae inthe ntsc package? On what host was he bash RPM but and what ts inealled oe? «Mas the pam package changed since it was instal? 4. Which installed packages ave gnome” in ther namey? ©. Which RPM provides /etc/ sai teab? Which RPM provides /eto/ tab? Why? 19, What was the lst changelog err fr your kernel? What av be torences between the folowing commands? pm -Ovh > /emp/toabar= 29°14 3986.0m ‘Then use RPM to se the ies @ genuine Red Hat RPM “This shou fal pny, corte ots ansRed Hat Training Lab Procedures Higa Lb 6 RPM and Kickstart ‘Sequence 3: Automatic dependency resolution. Inti station. Beore commencing this ab ensure that nan the fotoning packages are loaded. you need to emove a package and un nto. dependency problem, use the = rodeos opton to caumvent afore ‘he emotal one package. Pease note, normaly ths sa ba a, Packages to be loaded are avalable as usu by NFS from sent example. comvartipipb utich may be ‘nounied'o te local system. Packages obo od aren ts shar una ReaHavRPMS, 1, Observe no resolution case, Toop appreciate the Benes of uiomate dependency resolion, et sitompta package nd witowatAtempt to metal the xsane package for (moun om Recta EMS “Tis should a and gve an nication tke Do netattept 6 complete tho instalation by is metho. 2. Using rpmabredhat insta he package ri osha hen re-tt the intalaion ofthe xsane package. This shew al agar but ge move sell aclsonal craton Ihe '3.Ald. Make sure your curent rector is (mount palnyFedHavRPMS. Reatlametheinsallaton othe xsane package sig the “ais opto, 6 You should see atthe package sane backen es oad automaticaly to satsty the dependency Not, nis case tne rm aro method menianed inthe nots was not equa Because te package an ts Gopordeney wore ogatosin the caren rectory. pret menti sors wonneeeUNIT 7 User Administration opt 0 a te owen ‘igi een ssn un aesUNIT 7: Objectives ‘= Upon completion of this unit you should be able to: * Create, modify, and delete user accounts * Create, modify, delete group accounts * Modify file ownership and permissions + Limit access to files with “special” permissions + Set group access to files and directories with umask. and the UPG scheme + Configure a user's shell environment - — oprah 28 Re tn sreeUNIT 7: Agenda * User accounts ‘+ Group accounts * File ownership and permissions + "Special" permissions SUID / SGID / Sticky + Switching accounts with eu ‘umask and the UPG scheme # Shell environment a) copy 225 Resa we sooo esos een UaeUser Policy Considerations ‘+ Amount of system access outside of user's account + Determine “need to know" + Expiration of passwords and accounts «Disk usage and CPU limits ‘hen nite Fr xp non se at yen rung ei oa i Key Cameras ‘Wetton oie ea pe Some et pixma gp nt ct smi ter mye apd i er Oe ft prey cape ly an yy fo a yon peng ety [Avant mst eto ne ts po tt i epg ncaa eer ih sy my he oe wth ar pnen as apygnt 26 Fe te zoosooo ihe ree seems unr apeUser Account Database: /etc/passwd ‘+ Contains account information used at login and by other programs * One account per ine with seven colon-delimited fields + Should have permissions rw-r--r-~ ree pn yw ons. The es ecw Toe so soa hes ‘eer hooting es. Asom irs UD anc 10 gly erm atk = ieee ci ity somite ony © 20 a so0nosonAdding a New User Account Most common method is useraaa: useradd usernane Running ueerada is equivalent to: + edit /ete/pa #4, Jote/ shadow, /ote/group * create and populate home directory + set permissions and ownership ‘Set account password using passwa ‘Accounts may be added in a batch with _ ce ede Thecommantine hy wera? pi inte long a ee en expr 205 Rs Ha smoeoso ‘rene ssn eeeUser Private Groups ‘+ When user accounts are created, a private group is also created with the same name ‘+ Users are assigned to this private group ++ User's new files affliated with this group ‘+ Advantage: Prevents new files from belonging to a “public” group isadvantage: May encourage making files "world-accessible” oni rtp ol Uris ack of (Glowing wae mio coe oprah 208 a soeesoe In sera rasan Pane?Group Administration + Entries added to /ete/group groupada groupsod sroupael, New groupe may cel by hangs le ets /Qr0HP orb tig ocd. Theda sym fe zoepad ey np 1 growpaas grovename Somme pope hapa se afm me esl ae ‘montero mir Gi ihsherange py ago ean a phe ups. copy 28 ate oso rons reers rnasuntModifying / Deleting Accounts # To change fields in a user's /etc/passwd entry you can: Edit the file by hand + Use usermod [options] username + To remove a user either: ‘+ Manually remove the user from /ete/passwa, Jetc/shadow, /ete/group, /var/spoo} /mail + Use userdel [-r] username copy 205 a sone toes ee UaePassword Aging Policies + By default, passwords do not expire ‘+ Forcing passwords to expire is part of a strong security policy Modify default expiration settings in Jetc/login.defs + To modify password aging for existing users, use the chage command chage [options] usernane reminso fer. Thscanbe sed ie st login. de He ‘heminimam ar of ian mabe fra fe chanel peven es om oprah 608 Re tne. roses ‘aegis 80 Ua ge 0Login Shell Scripts + /etce/profile + Jete/profile.a/*. h_profile bashre + /ete/bashre = ‘Sh cntgwration sit “/roaan profes ners, whch piel clt~/-bashosmd /ete/bashres The ‘eit cl Jote/prot eon erty /ae/basnre fly one gna ~/-taah psotiieiketa mest pin. Misa went ence ase lo se ga tgp eyo op i wn: copra 0200 ed a n ower ‘nse sos9 Ut PapeNon Login Shell Scripts bashre seve /bashre + feto/protile.d/* 2h copyright © 208 Re soowense ‘avi eared ena Ua ae| Switching Accounts + Syntax su (-) fuser} su (+1 [user] -¢ comand + Allows the user to temporarily become another user + Default useris root ‘option makes the new shell login shell ‘Sera ged acount ee vy sper oy ter cm hen be Mos omg te eaten eo us chnsto er cmtSse {sth aun arn og nt ot a eh oad ony 205 Hn 2o0eor08 ghee 38 7 oesudo * Users listed in /etc/sudoers execute commands with: + an effective userid of 0 + group id of root's group + An administrator will be contacted if a user not listed in /etc/sudoers attempts to use sudo soon coy Gm aise Wnt /ete/e0,a/ seater te es sg owe oe ut mh comedy ‘Tis detaon memo ner pan rp 280 when conan ey ae ge lo tation. The ony smn ry my tee binchan ioe copy 5 tne zoxs0300 ‘on eerved 38 Uae ge| Network Users * Information about users may be centrally stored and managed on a remote server + Two types of information must always be provided for each user account + Account information: UID number, default shell, home directory, group memberships, and so on * Authentication: a way to tell that the password provided on login for an account is correct ae 1 \Wecan oe infrmion hn ran gona inal pwnd neh wean, Home {3505 eld rman nh ne ne) hoe yan dela. Tics ymca Nae Serve oF NSS. Seed meson mt piel wach ermine apse oe acne ir ease apa i cet pce erat cea nie o mE Copyran 0205 Red Hate aoosor08 Sih reseed ‘138 Unit 7 Page 15| Authentication Configuration + system-config-authentication + GU! tool to configure authentication, + For text-based tool, use --nox option * Supported account information services: + (local files), NIS, LDAP, Hesiod, Winbind + Supported authentication mechanisms: + (NSS), Kerberos, LDAP, SMB, Winbind redh ‘mutase mc tail hn vi es eget eg Shoes MDS sere stn onto. Te nach bet a wc Itoi ce cman Swit pean uy sod wh eh NSS wer oma ha ae ‘mane rondo s LDAP ery oy ane athe y oy Ht ey dt od ped Itestgiy tel ne. Tr sccn! sg comnts wpe =n ef he aaa Spence hisnatere cq hcan ae tags acme enya 0 205 Re at ne 2osera8 ‘ight reserved 53 Un Page 6| Example: NIS Configuration + Must install ypbind and portmap RPMs * Run system-config-authentication * Enable NIS to provide User Information * Specify NIS server and NIS domain name *+ Keep default authentication (through NSS) + What does this actually do? + Four text-based configuration files are changed ‘terse IS cho ope the short srl NI Bath NI Gio NS sees ao Nt we ried arta One pipes ina Nissen tpi ae tosh: hyn shh of en Mat dost cage? The re acts ob NS aly opmaiyrtom ah noi ht our ange ees or NS can wil enn he pees ee fon igh we LDAP pe th TS SI expt strenamc rv nomatn a leo IS. Hower hee ine Copyright © 2005 Red Hane 20050546 ‘ites served 3s Unit? Page?| Example: LDAP Configuration ‘+ Must install nss-1dap and openldap RPMs ‘+ Run system-config-authentication ‘+ Enable LDAP to provide User Information + Specify server, the search base DN, and TLS ‘+ Enable LDAP to provide Authentication * What does this actually do? + Four text-based configuration files are changed enn nnn reer MQ 38 ‘evo Th OpenLDAP padsgr ine en pve 2495 ener penn wel ace n elomes ee ech ey anon recent spisied mane ve DN. A pce LDAP ‘rer ism pon ety ptf eee arcana he Df in ey omy an be DN ‘romney eso inet ore nh ves any pot of ie DN le nD ae ‘moet ile ey wigan fe vente /st pane an ote had) oe ey oe nn msn mal me sk, An cay my ‘heen yet hei me mesting LDAP ere stil gtd peli stg don syeten Config.autheticetion Toes noration fm DAP nde lat oe LDAP ton pee LAP conmad lae OpenLDAP sk al stenoses DN The naa one ‘toed npn fi LDAP hte dn sus tema rp son ap ge. Fay oor pew Copyght ©2005 Red at ne 205-0008 ‘Alas reserved II Unt? Page A| File Ownership ‘+ Every file has both user and group “ownership + A newly created file will be owned by: «the user who creates it * the current primary group of that user ‘+ SGID directories may change this behavior + The chown command can be used by root to change ownership lcowacohip an pein cn bey ig 18 HN Gon" ‘reser 3 Jouhun Sonnon 2995144 Sep 29 11:51 provect ‘The yn hehe ing. aan lence John ey wer SONNE aa Up Josh ‘is. The SID mi wl ex ng dene wig aes. chine mb ney soot change omnes cape © 205 Re a sonsosoe ‘ane reses | ein Ut Poe 8Linux File Permissions Access levels Access modes Flags indicate access mode for each access level File mode is a concise collective expression of flags’ values = copy ©0208 ae sa050308 Ie reare 33 Ut Po 20SUID / SGID Executables + Normally processes started by a user run under the user and group security context of that user ‘+ SUID and/or SGID bits set on an executable file cause it to run under the user and/or group Security context ofthe file's owner andjor group ‘Whee s mere proc mca perma a er For eunp uv, andy ae eet inn ithe perinicos of tomer oupewna Pram oe e/a ehadow arr a enced paca ‘Thee ooerby rant, whch escn nda, Ur silchag ti pasword whe aed caprate 0 265 et ne oonosae geese soeThe Sticky Bit Normally users with write permissions to a directory can delete any file in that directory regardless of that file's permissions or ownership With the sticky bit set on a directory, only the owner of a fle can delete the fle + Example: /emp ere om ding els cen eh hy ve las oie Sa, copy 2085 tre er eee sunt PanThe Setgid Access Mode + Normally, files created in a directory belong to the default group of the user + When a file is created in a directory with the setgid bit set, t belongs to the same group as the directory Copy 205 Ho soreoon Ino reere 39 Ut Poe 23Default File Permissions Read and write for all is the default for files Read, write and execute is the default for directories ‘umask can be used to withhold permissions on file creation Non-system users’ umask is 002 + Files will have permissions of 664 * Directories will have permissions of 75, + Supports user private groups # System users’ umask is 022 Sete acho dk sot salt yo copyright 2 200 a Ht soxseree Ae ese fant PopeAccess Control Lists (ACLs) ‘= Grant RWX access to files to multiple users or groups mount -0 acl getfacl fileldirectory setfacl -m usgandolf :rwx setfacl -m g:nazgulrrw setfacl -m petfacl -x Irorerwense ACL sonal syste fey mut eed ithe mop The aon sommant wok gah wer vir aoe a oe escheat ag cy Capran © 285 ns Hae oonosee rigs ews rsa Ua PeSELinux + Each process or object (file, directory, network socket also has a SELinux context Identity ole:domaintype ‘+ The SELinux policy controls * what identities can use which roles + what roles can enter which domains + what domains can access which types ‘SELinux ade her yer fase cont pemions om ip sand ie permisons snd ACL which se define by the spn secy ply. ack pace or ot cha fle, restey, wor ‘eck onthe system lo ea SEL sy ctx. This const cms of SEL wer My, 2 tole and a damai orprsenen) ora ype ore, ‘The ple ono whit Lima ini’ poesis apne when tans, The My dtermins which roles re aceuble te poses, andthe oles ar ust determine wich msn te poses ca wach a, Once ranaing in rc din the poly sho deteins wha aces ross wl ne oe ‘pul SELinn pe. The ply ao deen te df typ or anew abet whe it eed. tn general te acess proces wile gat Wan jets temo bythe dain of he proces andthe pref Beet eine seed “Tn cel poly st by he cons fhe stints RPM, opiate tne asa wsene| a8 ni ageControlling SELinux + system-config-securitylevel * setenforce and setsebool # /etc/sysconfig/selinux + enforcing=0 + /se1inux virtual file system ‘The SELio poy may aj ord trough amber of li, The east ose the propia ‘he ajnment of olen which an n-ne the aeons tye poly StLimi nforcment may ahofe cangd fom nfo wat-ony an vice er withthe setentoros command ietwol. The fe /ou.2/eyeconsg/ ce scan eed make eneceDeH changes es ass ‘eho The setectoo?commantine tl ante ed oad and ve cas, eesti pis at ‘Theme sion enforcing canbe pase ough GRUB at bot ine op he ein ware mad ‘he /2e2 se vel ese sito /pcoe and ays Mp infomation toute sea of SELin ony 208 Re a ‘on mare,SELinux Contexts ‘+ List process contexts: ps. -2 ' Listfile contexts; le -2 * Change file contexts: cheon ehcon -t httpd eye content t index.html chcon ~-reference=/var/inn/htal index.html ‘ing in te domains are most hey ese the dtl pic. Siete cae cp Dnetpd.ayegld, named, nocd, atpa portman, postgres, ennpd. equi, eyelogd.and wisn ‘Toe secrty coment ie can be diay tough be Le command A nly cad ie ana he cnet oft pret rectory ules he poi specifies erwin. The chcon command hangs he fentxtioet. To rears tthe peo al fi in vas /eon/ nem tohetpd_ey=_ content ‘tout sng syns en he bean econ “Pt hited aye content © “a /var/omw/henl ‘Te reference option cane wed ih choos spy the carte SELiow amet of oe ie ot onygh 0208 Re a, sasen0 aaron a8 Ui Pop atTroubleshooting SELinux ‘+ Whats the error? ‘+ Check /var/1og/nessages for AVC denials + Is the process doing something it shouldn't? * Does the target have the right context? + Does a boolean setting need adjustment? SELinux poly volaioas are ogdta /var/Log/seseages. An cae migh rad ke the flowing Feb 25 0:35.25 stint re ai 0931350 8:48 deni a] or pS kept eva? ino=31 1297 scones tem teowextmysten. jet reser bome dr tele ‘Tsar 1D 4346, sin proces, whe cnet ony sem Fp Las dei ead acess reco named je, which ode 311297 one. whch sth ote System sbje eae Pome ‘Avis poin rl tons mst be ad. sth proces sig ck fo int eons it doing something appropri? Ufa te athe recon wong? Ho, the erect cent ee tobe eemined and et with 1p > cupad -> filter ~> printer (CUPS. te Commins UNIX Ping Spe the ey ping son andr R Ha Ener Line CUPS ste curs Ping PP, bso HTTP. Log logy to, A wb rer sing on ort 631 en be wed aan aneatenerae the cuped servic, CUPS pars toma ete on te, sp fr per forse cupe- pd, tania or takwanl orp wlder Lg clon stem, ‘at reserve 33 Ut Pages| CUPS Configuration Files * /etc/cups/cupsd.cont ‘+ cuped server configuration fle + similar syntax to Apache httpd.conf file + /etc/cups/printers.conf * print queue configuration file ‘+ automatically generated by 1padmin, systen-config-printer or the CUPS web administration interface oo Informa wth Apache weber eo /A sofiguton le Docume usr /ehare/doc/eupe:veraion! i Ho Sd oa a wh Copyright © 208 ea Hate sos.on40 ‘Aah reserve 9 Unit Page 5CUPS Queue Management + syeten-config-printer * system-config-printer-tui Web interface: nttp: //localhost :631/ + To authenticate, user must be a member of the ‘SystemGroup (Sys by default listed in Jote/cups/cuped..cont ‘* Connection is not encrypted ‘1padmin ~ command line tool for printer administration = y tay et he tem an poner anda congue CUPS rl alte pn {oe ling Windows, Novel ab Unix LPD gies aysten-contig-printer: tu lle these fneoity athe pie version exept Avot mtd confine printers might beth he web mere ening npr I Tose, th we mst prove te were ad psd fran on hat remberftke3y2ten¢roup Ine inthe /ot./cups/auped. cone congwaon fk by ‘kta oup eye. Te comeston oh wc server im ence by ea, 0 cain ‘onde ober whe ing ewe einer. Toe pretend commatn wily mane pier ques CUFSis spain. The 1am. commun te ved a, delet dla rite, eine PD Hie with riers and angels To infront ge, he peed comnad ie primera opps or sar on he count with he 3zable nd enable command soning os ogden ppd ane withthe reject and accept ‘copyon © 205 ea Hat me sos-2300 [Atrio eered iia un Poecron * Used to schedule recurring events * Use crontab to edit, install, and view job schedules * Syntax + crontab {-u user) file «crontab [-11-rl-el + -1 ists crontab ‘+r removes crontab + -0 ets crontab using $eDrToR ss asa voll ron tefl rss sein /vas/epcol/ezon, whch ot aces yma Pveged wer and gveily old ae acne y sae wo Joe wa pees Tn rer {bocce tecuren ezontab the cxostab ommund sued “heron cn cher eit in cre onan itll hy in a ah sz crontab oy ing the = opt ven shold hy cre ann hy th rod denen, mich at easing nthe stm, Feds ina crontab spats yay number of ab or spaces ‘Val lvls lows Day of Wesk 07, where andy, I-Mate Sa, Mon Tas Mati ves nay be ep y commas. Akan sy a free vai ‘he sy for wer rot le wel damn eto Sof the man ase ong © 2006 Re Ha ne.Controlling Access to cron ‘= Restrict / allow user access to cron /etc/cron.allow * /ete/cron.deny ‘+ Contains usernames to allow / deny access ron ace contd Ite le cron a1 Lownie and your teams yarn yo may wet oxonta ‘summand, He cron ie des ot ent andhe i ron day dos, hen 30 mt Natta denying er gh esto He does nt dl nti cnt Copyright © 205 Rea ate snos-ae Aight reserved. 4138 Un 8 Pages| System crontab Files * Different format than user crontab files ‘+ Master crontab file /ete/erontab runs executables in Jetc/cron-hourly Jetc/eron.daily Jete/cron.weekly /etc/eron-monthly + /ete/eron.a/ directory contains additional system =Y ‘The formaof /e/crontab nd tees eterna leet fom wer roa, “Te shh fds acme which wl be wed nc th smu in he even el ‘Acammon commie sth rsn-parte sel ip. Thies ke on argue rectory ame, nivale rope sory The run-part ct em in /vsr/oinand bs wool document). Posnvoash a1 + + + + root run-parte /eto/oron.novrly 22.€ + + 0 root Fun-perte /eue/eron weekly (2 © 1 6 + soot Funperes /eta/eron monthly ‘Thug 402 evry mong lof i escues Whe fot o/oren. day instar wile soot A deta instal 00 ay dicey wil conn eps apne soca thd what aban cen up tery Secs an erorm ater boleeing ks Copynaht 2005 Re Ht Ie 2o0s.2308 ‘age eneved raz unt PageSystem Cron Job: tmpwatch + Cleans old files out of specified directories * Useful for keeping /tmp directory from filing up + tmpwatch is un daily in /etc/cron.daily ol ‘econo ofthe /ote/eron. daily /wath leit by RHEL: for a in /var/(eache/man,catman] /eat?,X11R6/eat?, 1ocal/eat?) se (oa aan 1 then Junr/ebin/tepeatch -£ 720 48 Aston ato, tne a bw a ling ary dct inthe Linu lesen, are: ftmpnstch (-al-a-c) (-aagte) (-overbovel {-foree) (val) \ Cnodirel (creat) (quiet) (--atime|=-mtine| --ctine) Inde cron ait ahve pvt ch isc Wo can pil wih emo tha 240 oat (Adapt Ths meas hat ny le ibe ve echt aso eee ces fo ore Copyrign 02005 Rea Ha ne osar0 ‘ight ecorvee revs un Page 10| System Cron Job: logrotate ‘+ Maintain with Logrotate + Keeps log files from getting too large + Keeps filesystem from filing up + logrotate is run daily in /ete/cron.daily * Highly configurable + Configure all logs in /ete/1ogrotate.coné ‘+ Configure individual log files in files within fete/logrotate.d {et anceshd sem gs wl ro tl you on oa ik pace Rd Hat Ese Linus ites ar becoming ge Frets /vas/too/meneages isoed wey /var/Tog/masseges., ith ole log ls eda va 2. optional eee ya. for sabe spi sigs. Formore information ete Logrotate min Copyright © 2008 Ra Hane snosceoce Aight reserve. 43 Ul Paget‘System Cron Job: logwatch Monitor with Logwateh, + Helps catch problem issues + Detects suspicious behavior ‘+ Logwatch is run daily in /ete/eron.daily Configuration file: Jote/ 109-4/cont /Logwateh.cont ‘+ Sends nightly email report «= Other tools Monierng em gs ina ones baling ik. Hyd 9 rope ma op Yourmay mi scr rb, arbiare rb. or fare ebm. Fer eumple 25pm ray hee sey amen probe chery Mena at AM a ied te lesen nd them opty leaned «pagan. One sem og wouh ee ht ee waa pobion, ‘gua, led y dfal on mon Re Ht Eatrpie Lina ten, mont fs rsporigngy on acy an tei. on ay eles ee. Losec hy ‘itr/ehare/doe/ogwaten.veraion formfornan on wring lg ‘ee pay og megs rom ayo tho este rom, prceing eich cage fog ‘ethan itor of eo le eyeing he mess. Cony -2005 Re Hate. soosan.ce ‘aight acerved a3 un Page| System Logging ‘+ Centralized logging daemons: syslogd, kloga + Log file examples: + /var/loa/anesa Kernel boot messages * var/1og/messages Standard system error messages + /vax/log/maillog Mail system messages * /vax/log/secure Security, authentication, and xineta messages. ‘+ Application log files and directories also reside in Iwar/1og a _ cil vay fag fle are mains ye tensa understanding of hich fen or ‘ousting sem robin: 123. ~The waten pon syst bot Neonins meses toa ere ate i ing he bo poss, rae) 109/meneage - This the snr yen ie which conus esteem ‘your sae oer, cnr ot en and mew poe noo. Rew nly by roe Jvae/Yo/nai.Liog ~ Tsoi sonaie mesages and err fom soar ‘sendmail. Realaoonl tyr ‘fl doting and inventing ner abuse. “Terares rowother pe Copy © 208 Ha ne. snos.os0e ‘gna reteves 4138 Un 8 Page 19syslog Configuration syslog System V initialization script in Jete/xc.4/init.4 controls both the sysioga and the k1oga daemons + /ete/sysiog.cont + Configures system logging + /etc/sysconfig/sysiog + Sets switches used when stating sysioga and xe1oga from the System V inialization script cs — vo RHEL. provides oi ys ggg ily ht allows al aplication to oe Snag infra cesses ne cal, mange pli. Sytem loging rove by syslogd. Klood inert Kernel megs and poids them sy=2093. syzloaa ix configured ia /sto/ayeto3. cont Mesge cn gg ils, oi GME wr, wen the co oF Neh uct every, Ys noe not og en sever meget eer mesa ‘epee On os ys ower he dla ting oe aga By dt menage of enegency or hgher ore sve) fe resto we, an most ema tot aoe mess en mos gin eel eis chs alow oa Each en in thst og cas Fur mn ees: ‘Teta in of he mee “Toetnams rom whence te mesg ie. Ths singe whe ging 8 Peowok oa sealed igh “he a fe spinor syste fm whence te menage cae: rnp ‘eenel op. Tisch rcs ee. “Te resinder fhe ine lowing helen) the acl mesg ill epee og mess we naked sch ‘ep © 205 Re Ha ne. zoos. ‘Ang reserve, ssa un Page 4| Tape Drives * SCSI tape devices (ie., DDS, DLT) * /Aev/ {a} st0, /dev/ {n}st1, etc. + devices with 'n’ do not automatically rewind ‘+ Use the mt utility to control tape drive emt -£ /dev/sto rewind (Rewind) emt -£ /dev/sto fet 50 (Position) emt -£ /dev/sto offline (Eject) mt -£ /dev/sto erase (Erase) emt -£ /dev/sto rewott (Rewind, Eject) ‘CSL ape des wil eine mat comeing Ths re wl on be DAT (Digi ‘Ani Top) ie dis neti clo DDS Dil Date Sage) Tipe devices woe names ining witha rerio no rewind devises, When tae devise i ns gener yt ks te te lowing They comius ftp sie and an command (ch rn “Te evi given ah apie wih hf pon toi by the rte devi: “Te sandr SCS ape devi ae med fs 0 th ‘Pesan IDE tp evs mame Wi, ‘he sundar Sopp ae devise ame Rape 0 and pe a) ancavrnt virile TAPE st nt wl evil orth deve ifa0-t device spunea pick. sed inthis in many xe at maybe sed mie comand ines wel, RHEL viata rote enon fe nnd rm. Ax ith tof he soe "oman ee Copan © 205 Rea Ht, ne. seossce ‘atraheeseea ri unt Pape 15Usingtar/star Archives to tapes or other media or files * star backs up SELinux contexts and ACL attributes * Parameters create x extract t list v_ verbose 2 gzipcompression J bzip2 compression * Examples: c4 /tmp ee tar xvf ~/archive.tar tar cvf /dev/st0 /data /foo /bar ek tar canbe edn rate archives one, Hop. oir er removal device) inthe same Tome tur wih aramevable dei chat Zip oa eve mpy pote ate device Copyright 6 2005 Red so0san08 ‘Aight reserve. an un PeeUsing dump /restore + Back up and restore ext2/3 filesystems + Does not work with other filesystems + dump should only be used on unmounted filesystems or filesystems that are read-only. + Can do full or incremental backups + Examples: Gump -0u -€ /dev/nst0 /dev/nda2 restore -rf /dev/nsto ss oo Using damp ‘The duno command canbe ct tend et /Eat as and do hap se 0 fran eps ah ih ystems ee ote ache Fecexampe wild al tackep fhe ane isysem onto te ape device at, Te tn wl pte Ihe ile /2tc/dunpatoa whch wil ear dump infomation for fee by Sump. Alera dure /dev/nsto cpio -iedym < /dev/nsto cpio -tvE < mybackup.cpio os Spica isin roa of cp oe Ea he which fle cots er ie ae Safa autho sach ster le ame, ce, een, an ace persion, The trie cm be anther lene dmc neo pe Che ha te pein aks: Incop-ont mole cri copies leno ache eal of Hennes one ee, om In copia mide, cpio caps les ow ofan ache arith achive comnt sea he atine the apap instep atau ang achive fle ‘vig reso rss unt PaneRemote Backups ‘© dump and tar can use rmt (remote tape mgr) Gump -Ouf joesvr:/dev/nst0 /home ‘+ Use user@host :path format to specify the remote user, host, and device. ‘+ dump can use esh for secure backups when RSH environment variable is set to ssh Rem tekap oe i ry any when alone opateron tenet hag ‘ony © 2005 Fo Hane. zoosorce ‘trghts esos ‘133 Unto Page 8Other Backup Software * Higher-level applications for tape backup include: + Amanda + Highiy scalable commandt-tne client-server archiver included with RHEL. + Commercial applications + Arkeia, Bru, Tivol, Veritas (cliem), UNIBACK,, rcServe oul. “oot sah st a and dap cms a teri pat fy Lines UNE sytem ad ey Amie bap plein ie vbr RHEL, Amn. an pen soe pod pe of Copyright © 2005 Re Hat 052008 ‘igh reser aa un Page 20| End of Unit 8 * Questions and answers © Summary * Configuring Printing ‘Task Automation + Configuring System Logging “Backup and Restore Inportan les cover in his Unit Important commands covered in his Unie: {ete/cupe/cuped.cont {ate/eupe/peincors cont fron. fellow, deny rent Yetajeron.daily/tmpuatoh carorate ferajayaiog.cont omnaten (vaz/tog/nas ios cpio feve/togrotate ‘Copan © 208 Rd Hate. sosonae ‘ahs reserve. ‘r33 Unt Pape 2Fed Het Training Lob Procedures H199 Lab 8 Printing and Administalon Tools Unit 8 Lab Printing and Administration Tools Goal: Develop skis using system administration toots and setting up and ‘administering CUPS. Setup at Start’ Running Red Hat Enterprise Linux System, logged an as the root user. ‘Situation: Not Applicable monn nate rots: senceRed Hat Training Lab Procedures a3 Lab Printing and Administration Tots Sequence t: Using cron ‘Seenaro’Story: "You een scheme oborn every nots ty Beton he rs of 800.00 ANY sd 1709(5:0PH0, 1. You want toto a infomation the uf te system very on ie oy ep Snvetigue nme promance hes youbane nen hang, Yr spt mht be mam oO ladand win kep mejeon tine ous, Aste, wee command Crontab ~e welt yoarern il, iowa not omer wth Vi, xp an EDZTORcavioament aa set ‘ose ete 2. Berth following ine in your roma */10 8-17 * * * /usr/bin/free; /bin/ps 3 How could ou tend the ut fom hse cron bate athe ema aes? 4, Wemad, matt st ches from fom he 3 and cron joe you have chee ‘5, Beutel our ron jb when you hve eco tr mai fom i eertmtemenie 2a armen‘ed Hat Trning Lab Procedures si0a Lab 8 Printing and Administration Tools Sequence 2 Logging to centralized loghost Seanaiistory: Taste: ‘Wo esr with your mio 1. Fi stupcysiogdiomceptemate esas, Bit /ete/eyacontig/eystor 2. Roun aye1o98 Now your machine wl ae ging meses father bins. 4 Step sysiogdio sense meses toanatermushin, Apel in /ete/syeto9 cont the 4 Res ayes api Now your machine em meses rm er pga Sor sighs machine ess te mene spear in sources /vat/Log/mensagee orem sors wenoRed Hat Training Lab Procedures N33 Lab 8 Printing and Administration Tools Sequence 3: Restoxing inavidual les with dump /restore 1. Prpuetome dumpiotackup te flsin boot. Use d& /boot to fad ou ich vce /bOOt ‘on. dn camps ow, we will sme is devices /dev/hda 1.) 2 ing eximathow much space yo wll nan teach ma, Eatin the se inte of level aa dmp of /boot by sing the S ot: 4 dum -08 /ev/maan 3. Rater han eckng patie ck pth ita oa dung fe, Chaska make see is noe from in vary np te hol tee tho exe dnp -0 -£ /var/tmp/dumpéste /ew/éat 44 Lookin /ete/danpdates and sc ow un ened the estan of teal than, 5. Now ue rie ove the ont of he dpi: # restore -tf /var/tnp/dumpéile {6 estore hasan itive mode we an we to este aly slaved es, Resor 1 atenporay 4 meats /emp/eectoreds o8 /tnp/restored 1. Yousboubthives restore > prong. Tyyeneip sete of aval commands. Use ound ca view and igh lat ace pe 1 Use adaoinctae /grub/nans-26e and /grub/grib.cont inthe ities oenint. List ‘he der wh tho le agains mate or etton shu be te ih an ase 9. Type extract wrest seks les. Yournes vole mnkeris 1th Fae fr damp THe, Do ntst over or" he det th is being extract ot). Que 10, Tere shoal aow ea grub cay ie ere ude /boot nse he coy where youn estore th coins your sed grub, cont und mn 18 es.Red Hat Training Lab Procedures itiaa Lab Printing and Administration Tools ‘Sequence & Sting upa printer and administering a printer wth CUPS. 1. Asmotransyeten-contig-printor ina itl ono X emis 5. Emrthe txt 30m te Gust Nae ik | Sekt Loca Ptr Devic forthe Que Type 5. Select Nowe spss smear 17 Set Postscript Printer andl ext 1 When pect with he ron ened “Creates Now Que: Name and Type elt Pst inde sncen 9. Soot Beit ad prs ter. You wile seo sve your change, Coote Yoel es Type teconmint Sanda pe: 1p snetat tos 11 Typetbecommant insta "ouside ne pei jo active fr ot wth J oun 1) 12.Typetheconmant cancel 1 w rameve the jb 15.Type the command: 2p2ta* (Nate: oh ald awe mone) noni 5016 rau| UNIT 9 The X Window System ‘copyright 0 2008 Re a 20054000 ‘tga sone 9 unt 9 PapeUNIT 9: Objectives ‘+ Describe the XOrg X11 implementation * Describe how XOrg manages and displays data * Configure the XOrg environment Copy 6 205 Re Hae. osc ‘igh resere rsp unto PapeUNIT 9: Agenda + XOrg concepts and architecture + Configuring the XOrg environment ‘+ Manage and provide network access to the XOrg environment Copyright ©2005 Re Hate osona Algharesened. evr Unt ageXOrg: The X11 Server + Foundation for the Red Hat Enterprise Linux graphical user interface(GU)) + Open Source implementation of X11 + Client / Server Architecture ~ Relies on networking + IP or local UNIX domain sockets ~ Designed as one server to many clients = Highly flexible protocol & “The X Window Sys also fers as °X" or "X11" the found fr graphs wr neras(GUD on Re Ha Enric Lie The X Wind Sytem ini he X Cantor Atpica eee tefoeceinplenctaion of X wade an open suze hx The XOvg poets sps//aorgfeemdeaceap rg a ‘ara ives fora ay fds cat ania evi og her tua evtlon to mag he va Testo under XS lies ow you sean he Swe. X ds nat fino nth shold ply. or wee ea the ren. The server th program ht ped ragh your le Rw Ary ‘oplicson that was crane doug digas ean Xt. icing he OK Deon aging Calor when elsked "wih he et mass ton, The vial ees mae cuanto, o ping and) Orgy eg ho an server appiction ate, XH wes UNIX dai or TCPMP working frit ‘prt, one cer poids my cst arduaehoss an dis] pd narcapiton an rd ler, nd ado indepen str er The harduareayer nage he coordination of mee ‘sed eying ad idea and plop The we ger pide an APL the if une ‘ntl casein ending cos var pon, The combi of het ses prvi X chet Zeiss gree tarda an operating pen inden, Ao, at Xe ig ono sem aN py oe any X ser caning omy peat tr alice! ace raed ‘Onesingle worksite, he X cen and X seer coment inthe X prenatal of ing TCPAP. hy we high spo Unt dain socket. Fr cich manag pas, hs sch (/emp/-X11—unix/¢ whee #0 be greatest nase of pete eae. Copyright © 208 Red Hate alight reservedXOrg Server Design + System video hardware (0 Management = Display, video and input device coordination — Core server: /usr/X1186/bin/xorg ~ Enhanced by dynamically loaded modules + divers: ti, nv, mouse, keyboard, et. + extensions: dr, gl, and extmod ‘+ Font Rendering = Native server: x€8 ~ Fontconfia/Xft libraries XOrz coms of ne coe ser ever yal al modes. The sere is hada indepen nd iseuends svough th cofiguetion nding of arc andX1 extn sie oes re it 2ase/X1286/1ib/modul ee, ad be Kees ll decry Like fhe OS tre, tah he cminato of igor hart specie mots, he X sever dni resin Nei, na bergen fh vio tnd ip barr fond on eye oa whe he rs ve scan ries covtgraon| "ante rare sek te asia dian ip cpbiicn. To ett res, nk rh feae/t03/%009.0 109 Fresh charred lr nen anterior eo sm ate managed site teaph he natve X ener eden coin oe rer ecg Themaie eri ly ‘epee ever x8 an mst te ral aioe te Xserve The Xt dng cage implemen iin te XOrg core server hou uml iS Kies. es plas ose or ex, “The NOX seit hs ate mp forsee ype fo ida Tryp an For Typ To eral fons aecraey bese ou hve ree pe mde fine he N16" sein fe ee gon (Gheuoed ae) “Toprovide te eal X server frs ot tp wh he RHF. drain, op sh oa dint mde /ube/share/fonee, ote em recor SHONE/ tone. The et mean X ec stat eX yo ‘guns fc-cache, atts coping font unde Ge decries fr me co oppor exe ‘ep the Ovo Sue whh a on fon manne sem) By deta Tes on Un dn socket nd oe x mayen connections, To chang is etwir. comment ct tebe conga fe. "no- seen = top Ax why network sen ake propriety mers yo few or em th fiver machine elf wih ipeablew or fyaten- contig: aecurity tl wich cles an sommes. Newak fonts enon TP pon TH, Copytnt ©2005 Red Ht ne osouae ‘lipases rr at PagesXOrg Server Configuration + Typically configured after installation + Post install configuration: ~ Best results while in runlevel 3! ~ systen-config-display + options: =-nous ~ stored in fetc/X11/xorg.cont ie Xenon ws oni ing sion. he ty aysten-conto-aigpLay i ned wie recommended nou and» -2cont spins. Wise in probe aes eth or vio cw fe te ha erence ed epee capi sem advo For example he prt ara can apo ‘olor ph of 2p 07 then bev wl art with ting He probed tnt an tndcomervive alae wll ae The ing Ss ca pl, ear (etait aang cont ant ois th adware components resin see ets, king hrc acpi hep ely sod tpt dae, lea be dayton renee stem hl rer gion mc. Copyint 205 Re at ‘igtreceved rvs Unt ageXOrg Modularity + The X server and its clients may be individually configured and combined ~ Server extensions provide enhanced rendering ‘capabilities + To view server capabilites: xapyinto ~ Display Managers + 98m, kdn and xan — Window Managers + metacity, kwin and tw ‘The Xcavionment isa combination of vr harden tre emponsns nd th xtreme eile ‘Yor can sew al caret exes ad eet eesing inom aot he cgi he caretX nro yrange 497.0 coma Xtra Prseied is capt alae he ‘cee eslon pit mesons cole eth aed vale ening cgi he 3D grphewGLX) o video frame aye 360) “Tehphy manage component ithe Xun of he texts tog rms RHEL ships wih Ka and sn dply manigen. Alltec the PAM autetton any thor eas of aati ay Be indopeneny conic Dray manger re nally ane rune rome ot 22/4 9, “The xn ply amee pd wh ns XI implememsins. conan norman soe der he ‘yer. defo, sn em commands hase tand rbot, Aloaph he nile manage ners Soe of canine ee 1/s ay the ees) ed i congue the "11/92 Ber ie gn. cone Me cms nr ony ed when eter gn eK te {albeit dpa manager suns stat window manager Both ply a window amor ay bs conta n /etey2yscont ia aeektop Window mange especial peo Xen They acpi ote cet wing tho eee edo ‘eoied They sho provide be detop heme centile mens, panel, and eon mage. OF he ‘ony window mages aie foe X,RNEL spy hte: mat acity he CNOME window msg oe for (KDE, nd Cm abi window manager ssp wit XDM and eter GNOME. aor KDE ae ine ‘Window mnagr provi the oe fh ppb wre GU ‘Widgets ae compen of GU apicon an in alg bus, oa es. Th ae ny widget ae aril fr appcsons os Aan, Mai GT anders The hy iw ye KDE ony 2005 Re a ossce ‘ligt resares sett Uat Page?Server and Client Relationship ——— Window Manager Application] Display Manager console [Av The yen como cmpe te ner ppt erie beter hyd, se, ie sistem and pis {pay disowned ye er cel atte hah ia Ths owner sg wee ‘te X enon ring orm The conse hos eX everett Xserve ae Sop 1B ete Xenon sot rants maybe nel) he ons ones may invoke te Xserve. ‘nih aces sl te ome, nih he envionment vale DTSPLAY™=s 0 Fo mete OH ‘Snare tare copra erent hese ay be sare ln y ning . Hehe x sere sotigrton i oper te te pom 8/23 ona al set sir ine emer of be ply, long withing opto rn ape eet lean ao ‘sehnccnlye Xserve andor piano dip, ar window manager tem ning From te ESET pot adios X cles ay De pe, inc window manger 3c) the ‘grone-pane! aplicin dt Neai ie ae om Each heal pein oe tiv echl proc oth eri xterm an cero X ser th gal eerie, ten aD ‘Set apn: cite an te X server wel tutentaton gplcie, Once anteizatn the ws the py itl psd at Xs wih muager Agi i cer ao own he X dpa a Care, a open a oe ‘Snow manager rey il ext when he sree mow manager In nee vba an X pay ‘Resger rng snr sen nage ye window mumager achieved ying Copy 005 Res Hat ne. smoss000 ‘hs eserves esa Unt PageXOrg in runlevel 3 + Two methods to establish the environment /usr/X11R6/bin/xinit suet /XL1R6 /bin/startx ‘+ Environment configuration ~ /ete/x11/xinit/xinitre and ~/.xinitre ~ /ete/x11/xinit /xeliente and ~/.Xclients = /ete/sysconfig/desktop To stat an X session nr eel 3, use xin t oF ata froma vnual onsale sell prompt, nit (oretarex)nil pas contol ofthe X seson to /eto/ KI /xinst/xinit,unkss F/oxinitee, ex sxinitrc. seeks to rad adn system and user configuration fle, inching: Resource es /ete/x11/xresources and SHOR xresources Input device configuration files: Jere/xi1/xebeap and $HOME/ xeamaD, Jete/x11/smoanap and 340% .modnay xinStze then ran ll shell septs in /eto/X22/xinit/xinitre.d, xinitre then tums over consol ofthe X session ~/ elem onl /ete/¥1i/xinst/%elsente KelLente rads /ote/syscontig/dasktop tw determine whether Gnome or KDE isthe preferred desktop environmen. unset ore defied isnot nal, Re ents wil attempt uh & umber of ther window manager nth following order ‘Gnome KDE (gs xclock, xterm and nozi 114i ins) Inthe unlikely chen iat Xe1 Lente” doe tot exis, ini tre wil go nto fake mode, satng an xeleck, xterm pertape nor 11a, an inal he toe window manager. iWienas, Inet stumsover Copyright ©2098 ea Hat. ne osonee Aliight reserves 3 Ut PageXOrg in runlevel 5 + Environment established by /sbin/init + Environment configuration fete/initeab fotc/xi1/pretan sevc/sysconfig/desktop + DESKTOP defines the window manager + DISPLAYMANAGER defines the display manager = /ete/X11/xdm/Xsession + fete/xi1/xinit/siniere.a/* ~/.xsession of ~/.Xclients ~ Ea he deta rutevel is sett Sin /ote/smiveab, /abin/ init willean /ote/x11/prefee ‘This script ivokes he X server an a ipl manager, sin he file 2c /evscontia/deekton. no system deat set ties gn then kn then x By deta, te tre splay manager al se he sme staap serps apt of thsi operation, When laplay managers firs ss, the /2t.c/X21/xai/amtup0 fe runs rot bore the play smarager presets login widget. Then, once the wer authentic: /ete/1 /xdn/Xseesion is run, This does many ofthe same things /etc/KL /einie/xini exc doos in stares, ielaing runing he excuabes it /etc/K1/xinit/xinitee. a /eve/%11/xan/Xae00%on detemines which desktop covronment orn. Ifthe wer seid one aM login trough the display manage, its un. Otherwise, he scrip checks for either = xsea8.0n| or-/-xeliente, Hfallele fll, /ete/£i1/xinit/Ke1 ants ieranas ite for etartx ‘Whe the user logs ur at th en of thir session, the X server is ested by he display manager with 060 login window oprah © 205 ed at zoos. ‘ht reser er Un Page 10| Configuration Utilities * Server ~ system-config-display, mouseconfig + Fonts and Typefaces ~ xfs, chkfontpath, fe-cache + Display and Window Managers ~ switchdesk, /etc/sysconfig/desktop, gconftool-2 Acdescribed eae. NO see ogwation spell ring RHEL ilision Sry may os et "pains, neling window manages ffs se and mils pond fone i il exon, ‘pon fist ue deve te or her apeiron rm fe cnet, Appin relent X ene snd ypely makes Plereces men eh wa, ‘Ascachend aureus wer pci of window manage an X le applaioe onions, ere ae aperunities whee e-wide cofguraons rtrd ete mo mato pre stewie argument may be >. which nsruts 928k to real he letrminod sing the dunpe2£s command. Because &corup ilsysem may pot be readable by du advisable to have hard copy oaipo thisinformation Deore a problem occurs. (Once filesystems have ben ep, possble to remount the rot filesystem an ring twp fom the slog sae Hoover, its preferable oie ext, which Fores a complete reboot. ‘Sometimes the root lesystem is corp past the pon where itis even mountable. Consoqumly, /sbin/ init cannot be ran, Tha ores ust the rescuo mode describod on the following page ‘Copyright© 2005 Re Hat, ne oe 00-08 ‘Ailights reserved. piiiga Unit 11 Page 9Recovery Run-levels + Pass run-level to init + on boot from GRUB splash screen + from shell prompt using: inst or telinie + Runlevel 1 + Process re.sysinit and re1.a scripts * Runlevel s, S, or single + Process only re.sysinit + emergency + Run suiogin only ol In recovery situations. it fen helpful and depending on the problem posibly necessary) boot toa r-evel where les servies are active. For example, consider if you have a service hit causes the machine to pac cach ime iusto sta. In this ease the oad to recovery sas by preventing he servi from sting, s0 you cam sucessfully ‘boot the machine oa stable state and deri the problem with he sevice. The below ised rulevels are of articular imporance in system econery situations Rundle 1 ‘Booting to eur-level | will ase the system o process the /ete/rc.-sy'sinit scrip followed hy each of he Jato/r0.8/init.d sips calledin fatec/re1.8/+, By default, RHEL wil ony cll he singe srt inthis runlevel, which after some sic checks and cleanup will exes. init 9, ‘Switching to ru-eve from some other runlevel (3 5, ee.) sa convenient wy to il al dasamsa each ofthe Feed il sept wl be processed Run-levelS, single Boutin runlevel single wil cause the system to process te /ete/ re imac If /ec/initeab is missing root sel with no serps proceso ind seip if /eto/init tab is corp, you can stil aot 0 single mode, a i that cae, you ae given the Sometimes going o single wer modes veri: ineractve starp mode, invoked by typing “T* when “Welcome to RedHat Enterprise Linuk” apps toot in allows you to choose which series wll un, "Runtevel” emergency While technically nora un-evel, emergecy mae shires many characteristics of the shove lived ruteels. You ca only acess emergency mode dating hot hy passing emergency a parameter frm te ob prompt No sigs Wil be processed, ad you ate given zou shell. ‘Copytight © 2005 Red Ha, ne. 2005.08.08 Allright rsorvod. IT33 Unit 11 Page 10Rescue Environment + Required when root filesystem is unavailable *+ Non-system specific + Boot from CDROM (boot -iso or CD #1) + Boot from diskboot:. img on USB key ey single wer mode (or even suo: made}, shook! povie enough tos a recover oat ‘hee ar sever ways bot ithe sce evn + oe aos CDROM. ten type nix recuse lis prompt + ota dk USB dete pe 2s rencue athe rm Copy 2005 Re a oson08 ‘Aiigisreseres. 133. Unt 1 PageRescue Environment Utilities + Disk Maintenance Utilities + Networking Utilities + Miscellaneous Utilities + Logging: /tmp/ syslog or /tmp/anaconéa. log eo M.: ‘The reeuc envionment crs win ash image leesed as /dev/r000), Beas sans mse ade umber fen, ania ais and device ks ae ot alle. However ae ‘hed ik msnoance ie pce sm orb ie eae cine AH ‘The allowing sop) ft fees pide hy the ec envioment Disk Munenne iki clang: «cmp st of LM its, fr managing py "olumos ne paps andl anes fee RAID os ap comand: dk tion: eso enor cechr eggs nd abe foe x20, Micelineus ilies nung: shell mun ah, chroot proces magento toe, KIT, KilJaT? eer ei) crn kee male mange eiad, sar, cpis, ipl rome Within te eeu coving nation ane fund inte ile 8905 Boxing intmuton nn enc anaconde. og. Some cotigratin fis odprcbe, cont, ret no. devc fs si, op) eed in emp wel Cony 200 Re Ht, 2mosorae it reserved 99 Ue Pape 12| Rescue Environment Details * Filesystem reconstruction ~ Anaconda wil ask if flesystems should be mounted + watch or enor messages = /ant/eyeinage/* = Innt /source = spamMincludes hard drive's directories + Filesystem nodes ~ System-specific device fles provided ~ mknod knows majoriminor 2's os ‘Te sue covet wil empl oom! th hard lense mE oi na /eyesmace Sic te rscie eine ifn wo pm damage miscnfgued Feystems, boner, the operon igh o igh wt work. Acoapd orton ew appear oan he reset envionment (a shell wih f4iek Wave der 18 -F2,homeer) Ung Linux reecus nemount the bot prompt ecive dbs atonatc moutng filenames th ening ened hy ad Puitionaien. Calton of be op he TO cmon shld sri the a othe ‘eons eto, ‘ecrs thestndad nalation vides neatly 700 vc ak, admins edo nee create device Fae ik therm! wale sues, Inder access any other Svcs uh py dis te evan devise mode mst fe ree with weno Fount te ecb eaitneots ves of kod anomaly atch appropiate Sv ier ajorminrnanbes with wel Anown device names. Forename he diene fr ad Gh onthe secondary IDE contol an ered wine S687 Copyright ©2005 Re Hat zser08 ‘as reserved ur33 Unt 1 Page 18End of Unit 11 + Questions and Answers + Summary = What are some things to check for + x problems? + Services problems? + Networking problems? * Boot problems? How might you repair an ext2 filesystem? = What are some alternate boot methods? Anmportat es covered nts Unt Jont/ayatnage/* (nrc eovtoemen) ‘Copytaht © 2005 Rad Hate sosaa.oe ‘lg reserved vr nit 1 Pape 14Red Hat Training Lab Procedures 3 Lab 11 ‘System Rescue and Troubleshooting Unit 11 Lab System Rescue and Troubleshooting Goal: To build skills in system rescue procedures. ‘Sequence 1: Repairing the MBR in the rescue environment “To rose onironant provides ast resort fr rpating an uréctabe machine, even when he booloeder te rot ayo is caaged or mscontqued. Inorg to acon the reseve emerorment You wi eed ‘iter aot. io com ons rattrk hat asthe Fo Hat nstalson ee ie Roda role) aval INES ora Rd Hat Enfrica Lnux CDROM. ss: Damage GRUB, coving the machin an unbossle state. Use the escueenveonment rons avs. 1. Use he oonng coanan io vert the st tage of GRUB in your Maso Boot Racod wth zr, ‘Sealy th blockaize caret you wot mary ers, you il ovr yur partion abe a wel ‘andtisvallbecome anu mote aia exerdae (seta the canmand blow ssimes you af oh TDEcrven You mgnt need to madly the destnaton Sevie) ‘Aor typing the felling command, check it thee times and hit enter but nce. ‘Congratsaions~ you have jus wipe ot yourboo eco, ut your pay pation able wi si be nlc ‘Ate reboot cant that you oysters nboable' Use ne Rada reazus enone to ropa ‘he sysom. Asuggested sequence fll 2 Load te rescue enirornent by botng om a RedHat station mesa (ihr COROM or book ‘eppy ana yping ns vaacoe al the sy bool pomp Proceed wah th normal ntastan del ‘Ghecte ns image ot moda type and us th owing rs rerio '8-Tha resus environment wil asi you we to moun the hard ave’ Heaytems. Set "Continuo mount the tleeytoms in resawite mede. Examine ne ouput asus to contnn at he asym wes corey ‘consid: You mah wart elresh yur memory by examining you dks pater wth £30) 4. Note nt your har ive ns ben econstnted unde the mount pit /nnt/sysimogs.Exine {Trubs on fon our haa dv) fo confi tat tis appropatly eure, events 1016 mesmaitg9 Lab 11 Fed Hat Training Lab Procedures ‘system Rescue and Troubleshooting '5.Toreintall GRUB, you must shi'contots, so that grub Ln2¢211 booves that he root of your Systm is the fane/eveimage drecory Spawn a chrcoted she, tan grt instal, and en ext sh-2.0UH chroot /nat /ayeimage (or shots heave tat execute prope) the bash prompt This wit place you ro gus command shal were Type me command: orst you can ener he town commands gnb> root (hae, 0} Grubs ot. tnao) 6, Now ex yourrasove shal Not thatthe rcue envionment wil unmount ry partons hat you mounted‘ed Hat Trning Lab Procedures ata Lab 11 ‘stom Rescue and Trovbleshooting Sequence sete etowng command o overt th un oman Installing software in rescue mode {rooteiocatnost1# ep /bin/aate /bin/mount Congratulations you have ust woe out ay enscutti on your syst, Upon atrting 8 reboot you ‘foul fog yor sym unbotatie. Use the Fes st rescue emonmer ion hk vorson othe ermand nd olay of RPMs proveaby he istelaton ea, To epahasystam. A suggested Sequence totows "Load tne rescue eminent toon rom a Red Hat istaiaton med ether COROM or boc so ‘emanating Sram aoe a he sje boo rome ‘2 Thoreseveenvvonment wl atempt to automata mount e hare’ esystom. Examine the ouput of oun lo ccf tat be heaton ws caret rears ‘8. Nete that your hard ives ests have bsen mound under /ane/aysinae Determine which ‘package contains the nour command ua -af root /ant/ayrinage /oka/nount 4. ety ne tin on your have, ving @chrooted invocation ot rm, Dont forget oe the ‘trot or sop 5 wl fal 5 spmshauld report that hs /nin/nount executable Nas been mated. Real he a RPM, ping ‘he saures rom your iesalation Yo futon has ban NFS mound unde anaes). gan wang 8 Shroctedinwoeon op Note th tnx package was sale he hash mais inate ths) though you may S06 sone ‘err at the endothe proces, AB une ou, i shams eo, ahough na preaicton anvrnmant, you would want oes hs ot aly 1, Now exit your reso sel Ne hathe rescue environment wien ary paren hat you mote core mt 30r6 amrFed Hat Training Lab Procedures pin Lab 11 ‘ystom Rescue and Troubleshooting Sequence 3: Troubleshooting Practice Task: Pracicero.wiehootng problems on a Red Hat Enterprise Linx yee 1. Tum Speabtes ard mount the /va=/eep/eub dtetory rom severt ii at earany mou 2, IntaltheTroubleshooing Practice RPM pa “Ih /net/serveri/ale/AEHS /2hoe-te 3. Exec fod fur /share/doc/txctabs “This is where he documentation orth redhat s RPMs located. Ensure tha your computers configured as clesly as posse oe folowing specications 1. Auenicate uses om yourlcal_/ot./pasews fle. That i, do nt un ny network ‘aaheneaton scheme such a NIS or LOAP. Use 192168.0.254 feerver.examele com) as your resolver. {© Conf that /er/ Loca /oin spat ol your PAT nro variable ‘The folowing tems are required for Some, butt al, Houbechooting problems. You may tl do most probleme some a these toms ae mesing 4 Change to urove!3 not usevel 8. Confirm that ha X server tuning (no starts) Cniy he Xeate problems requre tis. ©. Contr that/ncme fa Soparate eeystom tom the root flesystom andi al tthe sytom (nt an NFS mura syst) 4. The Trsbleshatng Practice pedis come in wo pals, each invoked a separate command. The ‘ectons, eammends, ahd numberof prctlems im each sacon vary. therefore, un ‘ count. where i one ol the flowing Fortocal tslocal count, ForNewoking tsnetwork count For B00t0g reboot count Invoke te fst al preblem by running: tslocal 1 ‘Ts command wil et up he problem and wl explain he goal. The goa willbe stredin the fle ‘ater eer lata tere. Spend te lo eght mnsts yng to save te problem, gent 4016 erat‘ed Het Teining Lab Procedures H199 Lab 11 ‘systom Rescue and Troubleshooting 5 yeu nave ot yt cohen problem youn needa it Hn canbe dapat ming be tehine oma ‘This wil iepay theft int ortho fst e210 prelem. Conteuo to invoke his ul you get enough maton to sve the prebem or ul you not of Lande on The tchint command wl tll you when you have reaches he en of teins. Agi, do ot spend more han ve on sina minutes on hie probim. {6 Whetneror not you have solve the problem, rn the toes command “This command wit ho lessons intended tobe taught by the probien. Some telesson messages so ge sep ep nstuctons on how to proach a paricu pedi. 7. M.after reading hans and the eson, you se uneble ose he problem, el the instructor for 8, Proceed othe secede probe ‘asin, conch hints you need assistance: tees) Be sre to read the lesson bore continuing oho next problem: ‘Const he insrctr you need assistance resting this problem, Proceed invoke and salve We remaining local prblem, using hints as need and coneuting the lessen bore maving ote next prose. 8. tnvoke he network problems, ene a ine, For example ‘Again, the command wl al you what you ed odoin onder torsolve the problem. Forint use the Aner te robes solved or you aro ready to go onto the next problem, rea the lesson ores sore armenFed Hat Teining Lab Procedures ig9 Lab 11 ‘System Reseve and Troubleshooting ‘Cons the instr you neo assstarcorasting ts prolom, rocoto invoke and sls th remaining network problems, sig hs needed ar coneung he lesson beore ming othe nxt probe 10. lnvoke and resave the rsioot problems one at tine, Use the hints if, needed nd aways cons he lessons Const he instuca anya you need asusianceresolng a prelor. como mine 6016 wena