P. 1
Complete RHCE doc

Complete RHCE doc

|Views: 353|Likes:
Published by inearner
Everything you need about Red Hat Linux
Everything you need about Red Hat Linux

More info:

Published by: inearner on Aug 01, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PPT, PDF, TXT or read online from Scribd
See more
See less

06/13/2011

pdf

text

original

Session 1

RHCE
Red Hat Certified Engineer
M. A. Agheli
1

History Of UNIX & Linux 
 

   



1957: 1957: Bell Labs found they needed an operating system which at the time was running various batch jobs. 1965: 1965: Bell Labs create Multics (Multiplexed Information and Computing Service) 1969: 1969: Summer 1969 UNIX was developed by AT&T 1975: 1975: Sixth edition of UNIX released May 1975 1985: 1985 GNU project started 1991: 1991 Linux is introduced by Linus Benedict Torvalds who was a second year student of Computer Science at the University of Helsinki 1993: 1993 NetBSD & FreeBSD released 1994: 1994 Red Hat Linux is introduced
2

First Article About Linux
From: torvalds@klaava.Helsinki.FI (Linus Benedict Torvalds) Newsgroups: comp.os.minix Subject: What would you like to see most in minix? Summary: small poll for my new operating system MessageMessage-ID: <1991Aug25.205708.9541@klaava.Helsinki.FI> <1991Aug25.205708.9541@klaava.Helsinki.FI> Date: 25 Aug 91 20:57:08 GMT 20:57: Organization: University of Helsinki Hello everybody out there using minix I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. This has been brewing 386(486) since april, and is starting to get ready. I'd like any feedback on things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) fileamong other things). I've currently ported bash(1.08) and gcc(1.40),and bash(1 08) gcc(1 40),and things seem to work.This implies that I'll get something practical within a few months, andI'd like to know what features most people would want.a Any suggestions are welcome, but I won't promise I'll implement them :-) :Linus (torvalds@kruuna.helsinki.fi) PS. Yes - it's free of any minix code, and it has a multi-threaded fs. multiIt is NOT protable (uses 386 task switching etc), and it probably never will support anything other than AT-harddisks, as that's all I have :-(. AT:3

GNU & GPL
GNU Project: Focused on creating a Unix like operating systemthat could be freely distributed GPL: Global Public license(Copyleft)
4

Major Linux Distributors
Caldera Linux  Corel Linux  Debian Linux  Kondara Linux  Red Hat Linux 

Mandrake Linux  Slackware Linux  SuSE Linux  Turbo Linux  Vector Linux 

5

The Advantage of Linux 
        

Low purchase cost Open Source Software (OSS) UNIX heritage Multi User Scalability Vendor support Reliable uptime Security Logging System «

6

The Disadvantage of Linux 

Steep

learning curve  Hardware support  End-user applications End-

7

A Comparison Of Win 9x, NT, and Linux
Feature Scalability Desktop App. Support Enterprise App. Support Hardware Support Licensing Cost Network Performance Security Win 9x Poor Excellent None Excellent Good Good Poor Win NT Good Good Good Good Poor Good Good Linux Good Good Good Good Excellent Excellent Good
8

Linux Filesystem Hierarchy
/bin /boot /dev /etc /home /lib /mnt /proc /root /sbin /tmp /usr /var Essential Binary Files Boot Loader Files Device Files Configuration Files User Home Directories Shared Libraries and Kernel Modules Mount Point for Temporarily Mounted FS System Information Virtual File System root User Home Directory Essential System Binaries Temporary Files Shareable Files NonNon-Shareable Files
9

Session 2

RHCE
Red Hat Certified Engineer
M. A. Agheli
10

Installing Linux 
   

Hardware Requirements Harddisk Partitioning Boot Loader Install Packages X Configuration
11

Overview of the Installation Process
1.

Starting the installation process 
  

Installation Mode Language Keyboard Mouse

2. 3. 4. 5.

Partitioning Boot Loader Installation Network Configuration Setting the time zone
12

Overview of the Installation Process
5. 6. 7. 8. 9. 10. 11.

Firewall Configuration Specifying authentication options (optional) Specifying user accounts Selecting packages Installing packages Creating a boot disk Configuration the X Windows system (optional)
13

Installing Linux:
Console 1 2 3 4 5 7

Consoles & Message Logs
Contents

Keystrokes Ctrl+Alt+F1 Ctrl+Alt+F2 Ctrl+Alt+F3 Ctrl+Alt+F4 Ctrl+Alt+F5 Ctrl+Alt+F7

Text-based installation procedure Shell prompt Messages from installation program Kernel messages Other messages, including file system creation messages Graphical installation procedure
14

Configuring InstallTime Options after Installation 
kbdconfig mouseconfig timeconfig sndconfig netconfig authconfig ntsysv setup redhat-config-« redhat-config-

15

Session 3

RHCE
Red Hat Certified Engineer
M. A. Agheli
16

SHELL 
 

bash (Bourne Again Shell) ash tcsh
SHELL 


sach mc
PS1 PS1 PS2 PS2

Some of Important BASH Variables
PATH

PS1, PS2 Switches
\u , \h , \W , \d , \t , \s , \$ , $
17

Some of Linux Commands(1) 

echo cat cd clear exit 

man tac touch alias reboot 

help cp pwd less halt 

info mv mkdir date 

ls rm rmdir logout                  

18

Session 4

RHCE
Red Hat Certified Engineer
M. A. Agheli
19

BASH
‡ TAB key Features ‡ Review Pages & Commands  Quoting in BASH: ³value´ value´ µvalue¶ value¶ 

`value` | 0 1 2
20

Redirection Operators:
> stdin stdout stderr >> << < 

Standard Input & Standard Output:

Important Command Forms
cmd cmd & (fg, ctrl+z, bg) cmd1 cmd2 cmd1 ; cmd2 (cmd1 cmd2 (cmd1 ; cmd2) cmd1 `cmd2 cmd1 `cmd2` cmd1 cmd2 cmd1 | cmd2 cmd1 cmd1 && cmd2 cmd2 cmd1 cmd2 cmd1 || cmd2 { cmd1 ; cmd2 } cmd1 cmd2

21

Linux File Types
Normal Directories Hard link Symbolic link Socket Named pipe Character device Block device d l s p c b
Shortcut to a file or directory Pass data between 2 process Like sockets, user can¶t work directly with can¶ Processes character hw communication Major & minor numbers for controling dev.
22

Normal file Normal directory

Bash Special Variables
$# $? $$ $!
Specifies number of arguments given to the command Returns value of the last program to be used Processes number of the current shell Processes number of the last child process

$@ Specifies individually quoted arguments $* $n $0
Specifies all arguments quoted as whole Specifies positional argument value, where n is the position Specifies name of the current shell
23

Some of Linux Commands(2) 
Process

Text Streams Command¶ Command¶s output

sort, cut, head, tail, split, wc, uniq, grep 
Redirecting

tee 
Create,

Monitor & Kill Processes Process Priority (renice)
24

ps, pstree, top, kill, killall 
Modify

Session 5

RHCE
Red Hat Certified Engineer
M. A. Agheli
25

Some of Linux Commands(3) 
Create

Partitions and Filesystem the Integrity of Filesystem Mounting & Umounting

fdisk, mke2fs, mkfs.* mke2 
Maintain

e2fsck, fsck.*, du, df 
Filesystem

mount, umount, /etc/fstab
26

Some of Linux Commands(4) 
Use

File Permissions

chmod, chown, chgrp, su 
Create

Hard & Symbolic Links (ln)  Find System Files (find, locate, which)  Using Emergency & Single User Mode
27

µvi¶ Powerful Text Editor vi¶ 
Insert

Mode Mode

‡ Insert Text ‡ dd ‡ Delete ‡ yy n+dd (Delete) n+yy (Copy) (paste) (Paste) (Search) ‡ q! (Text Selection) ‡r ‡ s///
28 

Normal

‡p ‡P ‡/ ‡w ‡ v (Visual) ‡q ‡ wq = x 

Command

Mode

Session 6

RHCE
Red Hat Certified Engineer
M. A. Agheli
29

Run Levels
Run Levels 0 1 2 3 4 5 6 Definition This runlevel halts the system This runlevel sets single-user mode Multiuser mode without networking Multiuser mode with networking Not used X-based log in This runlevel reboot the system 

init & chkconfig Commands  /etc/inittab  /etc/rc.d/init.d & /etc/rc[0123456].d/
30

Configuring Boot loader 
LILO 
Edit

/etc/lilo.conf & execute µlilo¶ lilo¶ command /boot/grub/grub.conf 

GRUB 
Edit

31

Administrative Tasks 
Manage Users, Groups & Related Files
useradd, userdel, groupadd, groupdel, passwd, vipw, vigr /etc/passwd, /etc/shadow, /etc/skel, /etc/profile, « 

Configure and use system log files
/etc/syslog.conf, /etc/logrotate.conf 

Scheduling Jobs (at & crontab commands)  Backup & Restore Tools
tar, bzip2, gzip
32

Session 7

RHCE
Red Hat Certified Engineer
M. A. Agheli
33

Linux Installation and Package Management

Make and Install Programs from Source  RPM (Redhat Package Manager) 

34

Kernel 
About

Kernel and Loadable Modules  Manage Kernel Modules at Runtime (/etc/modules.conf)  Reconfigure, Build and Install a Custom Kernel
35

Configuring Modems 
redhat-config-network-tui redhat-config-network-

Command

in Text Mode  Modem Configuration Files  kppp Command in X window

36

Session 8

RHCE
Red Hat Certified Engineer
M. A. Agheli
37

Shell Scripts
Comments  #! Special Comments  Assign a Value 
#

x=y x=${y} x=$y x=${y}es x=$yes

x=µ$y¶ x=µ$y¶ x=\$y x=\ export x,y,z export x=$y
38

Shell Scripts 
Control 
µread¶ read¶

Constructs

command  µtest¶ command ( [ ] ) test¶  if «; then «; else «; fi  case ...; in pattern) «;; esac  while «; do «; done  until «; do «; done

x in «; do «; done  break, continue, exit (for, while, until) 
for
39

Session 9

RHCE
Red Hat Certified Engineer
M. A. Agheli
40

Installing and Configuring X
41

Basic X Concepts 

X Client X Server X Protocol
42  

Basic X Concepts 

X Window Manager X Desktop Manager X Display Manager
43  

Installing X
1.

Determine the proper X server Install the proper packages

2.

44

X Server Selection 

XFree86XFree86-*

Installation the Packages 
   

freetype gtk+ XFree86XFree86-libs XFree86-75dpiXFree86-75dpi-fonts redhat-config-xfree86 redhat-config-xfree86 

   

XFree86XFree86-xfs XFree86XFree86-xdm XFree86XFree86-twm XFree86XFree86-tools xinitrc
45

Configuring X 

redhat-config-xfree86 redhat-config-xfree86 xvidtune 

46

Important X Directories & Files 

 

/usr/X11R /usr/X11R6/bin /etc/X11 /etc/X11 /etc/X11/XF86Config /etc/X11/XF86Config

47

Configure and Use PPP  



µredhat-config-network-tui¶ redhat-config-network-tui¶ Command in Text Mode Modem Configuration Files kppp Command in X window

48

Session 10

RHCE
Red Hat Certified Engineer
M. A. Agheli
49

Network Basics 
IP (network & host portion)
192.168.168. 192.168.168.1 : 

11000000.10101000.10101000.00000001 Dynamic IP

Static IP

Netmask Address
11111111.11111111.11111111.00000000 11000000.10101000.10101000.00000000

255.255.255. 255.255.255.0 : 

Network Address Broadcast Address
50

192.168.168. 192.168.168.0 : 

192.168.168. 192.168.168.255 : 11000000.10101000.10101000.11111111

Classfull Addressing System 

Network Classes
Class A 1.0.0.0-126.0.0.0 126.  Class B 128.0.0.0-191.0.0.0 128. 191.  Class C 192.0.0.0-223.0.0.0 192. 223. 

(8 bits) (16 bits) (24 bits) (Loop back Addr.) (Multicast Protocols) (do not used) 

Reserved IP
127. 127.0.0.0-127.255.255.255 127.255.255.  224.0.0.0-239.255.255.255 224. 239.255.255.  240.0.0.0-255.255.255.255 240. 255.255.255.  

Public & Private Networks (Valid & Invalid IPes)
10.0.0.0-10.255.255.255 10. 10.255.255.  172.16.0.0-172.31.255.255 172.16. 172.31.255.  192.168.0.0-192.168.255.255 192.168. 192.168.255. 

51

Classless Addressing System (Subnet)
Net. Addr.: 192.168..168..0 = 11000000.10101000.10101000.00000000 192.168 168 Netmasks: 255.255.255. 255.255.255.0 (*/24) : 11111111.11111111.11111111.00000000 (*/24) 255.255.255. 255.255.255.128 (*/25) : 11111111.11111111.11111111.10000000 (*/25) 255.255.255. 255.255.255.192 (*/26) : 11111111.11111111.11111111.11000000 (*/26) 11000000 255.255.255. 255.255.255.224 (*/27) : 11111111.11111111.11111111.11100000 (*/27) 11100000 255.255.255. 255.255.255.240 (*/28) : 11111111.11111111.11111111.11110000 (*/28) 11110000 255.255.255. 255.255.255.248 (*/29) : 11111111.11111111.11111111.11111000 (*/29) 11111000 255.255.255. 255.255.255.252 (*/30) : 11111111.11111111.11111111.11111100 (*/30) 11111100 255.255.255. 255.255.255.254 (*/31) : 11111111.11111111.11111111.11111110 (*/31) 11111110
52

TCP/IP Model (1) (1
Application Protocols

Transport Protocols Internet Protocols Network Access Protocols
53

TCP/IP Model (2) (2 

Network Access Protocols 

All functions necessary to access the physical network 

Internet Protocols 


IP (Internet Protocol ± Connectionless) ICMP (Internet Control Message Protocol)

54

TCP/IP Model (3) (3 

Transport Protocols 

TCP (Transmission Control Protocol) 

ConnectionConnection-based Connectionless 

UDP (User Datagram Protocol)  

Application Protocols 


Previlage Ports (0-1023) (0 1023) /etc/services
55

Types of TCP/IP Services 

Stand-alone Standxinetd
(and its config) 

56

Related TCP/IP Commands 


ps x netstat -ap --inet | grep LISTEN --inet

Controlling TCP/IP Daemons 
  

Start the daemon Stop the daemon Restart the daemon Status the daemon
57

Session 11

RHCE
Red Hat Certified Engineer
M. A. Agheli
58

Configuration Network 

Initializing Network Hardware 

Load related module 

Network Configuration Tools 


netconfig redhat-configredhat-config-network

59

Configuration Network 

Other Network Tools

‡ ‡ ‡ ‡

ifconfig ping traceroute netstat

‡ ‡ ‡ ‡

tcpdump nmap tethereal iptraff
60

Configuration Network 

Network Configuration Files 
    

/etc/hosts /etc/host.conf /etc/services /etc/resolv.conf /etc/sysconfig/network /etc/sysconfig/network-scripts/* /etc/sysconfig/network- 

IP Aliasing
61

Session 12

RHCE
Red Hat Certified Engineer
M. A. Agheli
62

DHCP 


Advantage & disadvantage of DHCP DHCP Server Configuration 


/etc/dhcpd.conf /var/lib/dhcp/dhcpd.leases netconfig command 

DHCP Client Configuration 

63

An Example of dhcpd.conf
ddns-updateddns-update-style ad-hoc; ad-hoc; subnet 192.168.0.0 netmask 255.255.255.0 { 192.168. 255.255.255. range 192.168.0.1 192.168.0.25; 192.168. 192.168. 25; option routers 192.168.0.1; 192.168. option subnet-mask subnet255.255.255. 255.255.255.0; option domain-name domain"domain.com"; "domain.com"; option domain-name-servers 192.168.1.1; domain-name192.168. default-leasedefault-lease-time 21600; 21600; max-leasemax-lease-time 43200; 43200; # we want the nameserver to appear at a fixed address host dns1 { dns1 hardware ethernet 12:34:56:78:AB:CD; 12:34:56:78:AB:CD; fixedfixed-address 192.168.0.20; 192.168. 20; } }
64

dhcpd.leases Format
lease 192.168.1.8 { 192.168. starts 3 2004/04/12 09:34:12 2004/04/ 09:34: ends 6 2004/07/15 23:49:57 2004/07/ 23:49: hardware ethernet 00:09:e6:88:0a:05 00:09:e6 88: a:05 } ...

65

NFS 

Related Daemons 
 

rpc.nfsd rpc.portmap rpc.mountd nfsnfs-utils portmap 

Installation 


2004Agust

66

NFS Configuration 

Server Side  



Edit /etc/exports file PATH host_lists(options) Run µexportfs ±r¶ command µredhat-config-nfs¶ Command redhat-config-nfs¶ mount ±t nfs server:PATH Mountpoint Edit µ/etc/fstab¶ file /etc/fstab¶ server:PATH M.P. nfs ro 0 

Client Side 


0
67

SAMBA (1) (1 

Related Services 


smbd nmbd samba sambasamba-common sambasamba-client
68 

Related Packages 
 

SAMBA (2) (2 

Server Configuration 


Global Directives Service Directives smbmount //server/share /m.p. smbclient //server/share 

Client Configuration 
 

Configuration with SWAT
69

Session 13

RHCE
Red Hat Certified Engineer
M. A. Agheli
70

TCP/IP Services
Client Server

Process Process
2. Client binds to port 3. Client connects to server 1. server binds to port and listens

Port
4. Server designates port

Port
5. Client and server communicate

Port
71

Remote Login 

Telnet 

Server & Client Server & Client
72 

SSH 

The Apache Web Server 

Modules 
    

mod_auth mod_info mod_php mod_include mod_perl mod_ssl
73

Installation Apache 

rpm ±Uvh httpd-[^d]*.rpm httpd- 

rpm ±Uvh httpd-devel*.rpm httpd(for support apache modules)

74

Basic Configuration 

httpd.conf 

Section 1: 

The Global Environment The Main Configuration The Virtual Host Configuration
75 

Section 2:  

Section 3: 

Apache Advanced Configuration 
  

Authentication in Apache Configure with PHP Configure with SSL Configure Virtual Host
76

Authentication in Apache 


Create µ/etc/httpd/.htpasswd¶ file /etc/httpd/.htpasswd¶ Configuring µhttpd.conf¶ file httpd.conf¶
<Location /dir_name> AuthType Basic AuthName ³NAME´ NAME´ AuthUserFile ³.htpasswd´ .htpasswd´ Require valid-user valid</Location>
77

Configure Apache with PHP 

rpm ±Uvh php-4*.rpm php-

Configure Apache with SSL 

rpm ±Uvh mod_ssl*.rpm

78

Configure Virtual Host 


Configuring µ/etc/hosts¶ file /etc/hosts¶ Configuring µhttpd.conf¶ file httpd.conf¶
<VirtualHost 127.0.0.2> 127. ServerAdmin webmaster@vh.com DocumentRoot /var/www/html/vh/ ServerName www.vh.com </VirtualHost>

79

Apache Administration
Start  Stop  Restart  Reload  Status 

80

Troubleshooting the Apache 

/var/log/messages /var/log/httpd/ /usr/sbin/httpd ±S
(for virtual host)  

81

Securing Your Network 
   

Using µlokkit¶ or µredhat-configlokkit¶ redhat-configsecuritylevel¶ securitylevel¶ Command Password & Physical Security Securing TCP/IP Using Tripwire Keeping Up-to-Date on Linux Security Up-toIssues
82

Session 14

RHCE
Red Hat Certified Engineer
M. A. Agheli
83

FTP 

Installation
rpm ±ivh vsftp*.rpm Config File  /etc/vsftpd/vsftpd.conf   

Access Levels 


Anonymouse Access (anonymouse_enable) User Access (tcp_wrappers needs)
84

Cache Server (Squid) 

Install squid 

rpm ±ivh squid*.rpm 

Managing squid 
start,

stop, restart, status, reload
85

Squid Log Files 


/var/log/squid/access.log (cache_access_log) /var/log/squid/cache.log (cache_log) /var/log/squid/store.log (cache_store_log)
86 

An Example of µsquid.conf¶
http_port 8081 cache_effective_user squid cache_effective_group squid acl all src 0.0.0.0/0.0.0.0 http_access allow all cache_dir ufs /cache 1024 16 32 visible_hostname ws1 ws1
87

Running Squid 

service squid start
squid ±d1 ±z 

squid ±d1 ±f /etc/squid/squid.conf

88

The Kind of Proxies 

Upstream Proxy
cache_peer yourproxy.com parent 3128 3130 prefer_direct off 

Transparent Proxy
httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on
89

Session 15

RHCE
Red Hat Certified Engineer
M. A. Agheli
90

Configuring a Linux Router 

Configuring Kernel 

IP: advanced router 

Enable IP Forwading 


Add µnet.ipv4.ip_forward=1¶ to /etc/sysctl.conf net.ipv4.ip_forward=1 echo ³1´ > /proc/sys/net/ipv4/ip_forward /proc/sys/net/ipv4

91

Type of Routes 


Static route Dynamic route

92

Components of Routing Rules 
 

Destination IP Address An Interface An Optional Gateway IP Address

93

Routing Command 

route add ±net net_addr netmask mask_addr interface route add ±host ip_addr interface route add default gateway ip_addr interface 



94

A

An Example
Internet

E

192.168.1.2 B

192.168.100.2 F

192.168.1.3 C
eth0

Router 10.1.1.2
eth2 eth1

192.168.100.3 G

192.168.1.4 D

Gateway 192.168.1.1 192.168.100.11 0.1.1.1

192.168.100.4 H

192.168.1.5

192.168.100.5
95

Related Rules 
 



route add ±net 192.168.1.0 netmask 255.255.255.0 eth0 192.168. 255.255.255. eth0 route add ±net 192.168.100.0 netmask 255.255.255.0 192.168.100. 255.255.255. eth1 eth1 route add ±net 10.1.1.0 netmask 255.255.255.0 eth2 10. 255.255.255. eth2 route add default gateway 10.1.1.2 eth2 10. eth2

96

Result
Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.1.1 192.168.100.1 10.1.1.1 192.168.1.0 192.168.100.0 10.1.1.0 0.0.0.0 127.0.0.0

* * * * * * 10.1.1.2 *

255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.0 255.255.255.0 255.255.255.0 0.0.0.0 255.0.0.0

UH UH UH U U U UG U

0 0 0 0 0 0 0 0

0 0 0 0 0 0 0 0

0 0 0 0 0 0 0 0

eth0 Eth1 Eth2 eth0 Eth1 Eth2 eth2 lo

U: Network link is up

H: Dest. Addr. Refers to a host

G: Gateway
97

Electronic Mail

(Sendmail)
98

How Email Is Sent and Received
mail1 MTA mail2 MTA

?
user1@mail1.com user2@mail2.com

?

99

Concepts 
    

MTA : Mail Transport Agent SMTP (server-to-server) (server-toSimple Mail Transport Protocol

POP (Mail Access)
Post Office Protocol

IMAP (Mail Access)
Interim Mail Access Protocol MDA : Mail Delivery Agent

MUA : Mail User Agent
100

Advantage of Sendmail 


Older MTA Powerful MTA

Disadvantage of Sendmail 
 

Slow High Load Environment Crypto Configuration
101

MTAs 
  

Sendmail Postfix Exim Qmail

MUAs 
 

Evolution, Kmail (KDE) Balsa (GNOME) Mozilla Mail
102

Required Packages 
 

sendmail sendmail-cf sendmailimap (Config xinetd)
(contains IMAP & POP3) POP3
103

Sendmail Configuration 

Config µ/etc/mail/sendmail.mc¶ file /etc/mail/sendmail.mc¶ 

LOCAL_DOMAIN(µexample.com¶)dnl LOCAL_DOMAIN(µexample.com¶ 



Run µmake ±C /etc/mail/¶ /etc/mail/¶ Config DNS

104

Email Aliases 

Edit µ/etc/aliases¶ file /etc/aliases¶
postmaster: joseph 

Run µnewaliases¶ Command newaliases¶

105

Rejecting Email 

Edit µ/etc/mail/access¶ file /etc/mail/access¶
spam.com REJECT yahoo.com OK 

service sendmail restart

106

Session 16

RHCE
Red Hat Certified Engineer
M. A. Agheli
107

108

Where do I look? 
/etc/nsswitch.conf

(nameservice switch)
t@localhost:~$ cat /etc/nsswitch.conf hosts: files dns

109

Files 

Search order determined by nsswitch.conf  It is polite to have /etc/hosts first!
sjh@mccoy:~$ cat /etc/hosts 127. 127.0.0.1 localhost 193.62.81. 193.62.81.135 mccoy.tardis.ed.ac.uk mccoy 193.62.81. 193.62.81.134 baker.tardis.ed.ac.uk baker 193.62.81. 193.62.81.132 packages.tardis.ed.ac.uk packages

110

DNS Traversal
1. 2. 3. 4.

Local files Dns server locally Item in cache? Root server, work your way down« down«

111

Resolving Names
Configuration Files for the Local Host Name Resolution (important for testing)  /etc/resolv.conf  /etc/nsswitch.conf  /etc/host.conf
112

DNS 
  

BIND ± Berkley Internet Name Daemon Dents ± buggy as hell (still in alpha?) Djbdns ± Dan Bernstein¶s DNS server Bernstein¶ Banyan VINES ± don¶t go there! don¶

113

Named (name dee) 

/etc/named.conf: 
 

this defines a directory to store the DNS config files Contains info about what zones we serve, and where to find config files! Config file for named ± tells us if we are master / slave, allow or deny zone transfers, what the IPs of other master / slave servers are, etc. Contains "pointers" to the Root Servers Config for reverse-lookup to the local host/subnet reverseConfig for zone Config for reverse lookup for your zone 

  

<DNSROOT>/root.hints: 

<DNSROOT>/127. <DNSROOT>/127.0.0: 

<DNSROOT>/<zone>: 

<DNSROOT>/<in-addr.arpa file> <DNSROOT>/<in

114

A simple named.conf
## named.custom - custom configuration for bind zone "." { type hint; file "root.lists"; }; options { directory "/var/named/"; }; zone "0.0.127.in-addr.arpa" { "0 127.intype master; file "127.0.0"; "127. }; zone "hq.alim.ir" { type master; file "hq.alim.ir"; }; zone "168.168.192.in-addr.arpa" { "168.168.192.intype master; file "192.168.168"; "192.168.168"; };
115

DNS Data
DNS databases contain more than just hostname-to-address records: hostname-to SOA ± Start Of Authority ± it is the daddy!  IN NS ± Name Server  IN MX ± Mail eXchanger  IN A ± A record (Address record)  IN CNAME ± Canonical NAME

116

A simple zone file
SOA hq.alim.ir. root.hq.alim.ir. ( 199609206 ; serial, todays date + todays serial # 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ) ; minimum, seconds NS hq.alim.ir. MX 10 hq.alim.ir. ; Primary Mail Exchanger TXT "Alim IT Center" localhost A 127.0.0.1 127. router A 192.168.168.1 192.168.168. hq.alim.ir. A 192.168.168.2 192.168.168. ns A 192.168.168.3 192.168.168. www A 207.159.141.192 207.159.141. ftp CNAME hq.alim.ir. mail CNAME hq.alim.ir. news CNAME hq.alim.ir. @ IN

117

A simple in-addr.arpa file in$TTL 3D @ IN SOA hq.alim.ir. root.hq.alim.ir. ( 199609206 ; Serial 28800 ; Refresh 7200 ; Retry 604800 ; Expire 86400) 86400) ; Minimum TTL NS hq.alim.ir.

; 1 2 2 ; 200 201 202

Servers PTR router.hq.alim.ir. PTR hq.alim.ir. PTR funn.hq.alim.ir. Workstations PTR ws-177200.hq.alim.ir. ws-177200.hq.alim.ir. PTR ws-177201.hq.alim.ir. ws-177201.hq.alim.ir. PTR ws-177202.hq.alim.ir. ws-177202.hq.alim.ir.

118

Forward DNS 

hq.alim.ir (as per /etc/named.conf) SOA ± Start Of Authority ± it is the daddy! IN NS ± Name Server IN MX ± Mail eXchanger IN A ± A record (Address record) IN CNAME ± Canonical NAME 

   

119

Reverse DNS 

192.168. 192.168.168 (as per /etc/named.conf)

SOA  IN NS  IN PTR ± Pointer 

120

DNS Round Robin 

Fault tolerance? Through nifty DNS hacks
60 60 60 IN IN IN A A A 10.0.1.100 10. 10.0.2.100 10. 10.0.3.100 10.

www.teviot.com. www.teviot.com. www.teviot.com.

121

Common Mistakes 
     

Forgetting to increment the Serial Number! CNAME pointing at another CNAME! Forgetting the ³.´ In appropriate places! Underscores in hostnames! Forgetting to reload the daemon! Version control issues ± clobber changes! TTL Issues
122

Test Tools 

nslookup  dig 
 

dig mail.hq.alim.ir dig -x 192.168.168.2 192.168.168. dig 168.168.192.in-addr.arpa. AXFR 168.168.192.in-  

whois
http://www.squish.net/dnscheck/ 

James Ponder¶s DNS check web page Ponder¶
123

Session 17

RHCE
Red Hat Certified Engineer
M. A. Agheli
124

Firewall
Required Properties: 

Control

Allow only those packets that you are interested to pass through. 

Security

Reject packets from malicious outsiders 

Watchfulness

Log packets to/from outside world

125

Firewall Types 

Packet Filtering ProxyProxy-Based Firewall

Statefull Stateless 

126

Packet Filter under Linux 

1st generation

ipfw (from BSD) 

2nd generation

ipfwadm (Linux 2.0) 

3rd generation

ipchains (Linux 2.2) 

4th generation

iptable (Linux 2.4 & 2.6)
127

Installing Iptables 

Kernel Supports Iptables 
 

Networking Options -> TCP/IP Networking ->Network Packet Filtering Networking Options -> TCP/IP Networking ->IP: advanced router -> * Networking Options -> IP: NetfilterNetworking Options -> IP: Netfilter Networking Options> QoS and/or fair queueing -> *

For Packets Traffic Control :  

# rpm -ivh \ iptablesiptables-1.2.6a-2.i386.rpm .i386.rpm
128

Chains of Tables 

INPUT 
Controls

packets entering your system packets leaving your system 

OUTPUT 
Controls 

FORWARD 
Controls

what packets can move from one network to another through your system
129

Routing Decision

Forward

Output Input Local Process

130

1.

2.
‡ ‡

When a packet comes in, the kernel first looks at the destination of the packet: this is called routing. If it¶s destined for this box it¶
Passes downwards in the diagram To INPUT chain
If it passes, any processes waiting for that packet will receive it.

Otherwise go to step 3

Continue«
131

3. If forwarding is not enabled The packet will be dropped
If forwarding is enable and the packet is destined for another network interface. The packet goes rightwards on our diagram to the FORWARD chain. If it is accepted, it will be sent out.

4. Packets generated from local process pass to the OUPUT chain immediately.
If its says accept, the packet will be sent out.

132

Packet Status in Iptables 
  

Established New Related Invalid
133

Results of Packet Checking 
  

ACCEPT DROP REJECT «
134

Tables of Iptables 
 

Filter NAT Mangle

135

The Path of Packet in Iptables

Network

Mangle Table PREROUTING Chain NAT Table PREROUTING Chain

Destination NAT

Routing decision
Mangle INPUT Filter INPUT Local process Routing decision Mangle OUTPUT NAT OUTPUT Filter OUTPUT NAT POSTROUTING Chain Mangle POSTROUTING Mangle FORWARD Filter FORWARD

Source NAT Based on routing

Network
136

Tables of Chains
Chain POSTROUTI INPUT OUTPUT FORWARD PREROUTING NG table
MANGLE NAT FILTER

* *

* * *

* *

* * -

* * -

137

Building a Rule source/destination 

iptables ±s 200.200.200.1 200.200.200.
Refers to packet from a specific IP address  The ³-s´ refers to the source of the packet, where the packet is coming from.  A corresponding ³-d´ refers to the destination, where the packet is going to. 

138

Building a Rule Action 

iptables ±s 200.200.200.1 -j DROP 200.200.200. 

The ³-j´ determines what happens to the

Building a Rule IP address ranges 

iptables ±s 200.200.200.0/24 -j DROP 200.200.200.
IPs that match 200.200.200.* 200.200.200.*  The ³/24´ refers to the number of bits that are fixed, 24´ counting from the left. 

139

Other Actions 

REDIRECT 
Sends

packets to a proxy packets as they match rules user defined chains 

LOG 
Tracks 

RETURN 
Terminates

140

Building a Rule appending rules to tables 

iptables ±A INPUT ±s 200.200.200.1 -j DROP 200.200.200.
The ³-A´ appends the rule to an iptable  The ³INPUT´ specifies the iptable INPUT´  This command makes your system to ignore all packets from 200.200.200.1 200.200.200.  

iptables ±A OUTPUT ±d 200.200.200.1 ±j DROP 200.200.200. 

This command does not allow your system to sent packets to 200.200.200. 200.200.200.1

141

Building a Rule only blocking some packets 

iptables ±A INPUT ±s 200.200.200.1 ±p tcp --destination-port telenet ±j 200.200.200. --destinationDROP 


The ³-p´ specifies a specific protocol: tcp, udp, or icmp The ³-destination-port´ is where the packet is going destination-port´ 

You can user the service name or the port number 

Could use 23 in this example  



Keep in mind that the source-port is very different from the destination-port. sourcedestinationIn this example the inbound message is going to your telenet server. The telenet client that is sending you the message could be running on any port. --dport == --destination-port --dport --destination--sport == --source-port --sport --source-

142

Building a Rule multiple network interfaces 

Assume your machine has two interface cards. One to a LAN named eth0 eth0 and the other to the Internet named ppp0 ppp0 iptables ±A INPUT ±p tcp --dport telnet ±i ppp0 ±j DROP --dport ppp0  

The ³-i´ option specifies the input interface 

The is also a ³-o´ option for the output interface 

iptables ±A INPUT ±p tcp --dport telnet ±i eth0 ±j ACCEPT --dport eth0 Together these rules would accept telnet requests from the LAN but block telnet requests from the Internet. 

143

Building a Rule Table Policies 

iptables ±P FORWARD ACCEPT 

The ³-P´ option followed by a table name and action determines the default policy of the table. If no rule in the table matches this default action is taken. 

The usual policies are
INPUT = ACCEPT  OUTPUT = ACCEPT  FORWARD = DENY 

144

Building a Rule Adding Rules to Tables 

iptables ±A INPUT ±s 200.200.200.1 -j DROP 200.200.200. 

Appends the rule to the end of the table Inserts the rule as rule 3 in the table, moving all other rules down 1. Replaces rule 3 in the table Deletes rule 3 in the table
145 

iptables ±I INPUT 3 ±s 200.200.200.1 -j DROP 200.200.200.  

iptables ±R INPUT 3 ±s 200.200.200.1 -j DROP 200.200.200.  

iptables ±D INPUT 3 

Operations to manage whole chains
-N -X -P -L -F -Z Create a new chain Delete an empty chain Change the policy for a built-in chain builtList the rules in a chain Flush the rules out of a chain Zero the packet and byte counters on all rules in a chain
146

Manipulate rules inside a chain
-A -I -R -D -D Append a new rule to a chain Insert a new rule at some position in a chain Replace a rule at some position in a chain Delete a rule at some position in a chain Delete the first rule that matches in a chain
147

An Example
Firewall
192.168.1.1 Web Server SSH Server
Accessible ONLY via LAN

eth1 eth0

Internet

192.168.1.5
GW: 192.168.1.1

192.168.1.6
GW: 192.168.1.1

192.168.1.7
GW: 192.168.1.1

148

Session 18

RHCE
Red Hat Certified Engineer

Advanced
M. A. Agheli
149

Traffic Shaping (CBQ) 

/etc/rc.d/init.d/cbq.init
http://ovh.dl.sourceforge.net/sourceforge/cbqinit/cbq.init(http://ovh.dl.sourceforge.net/sourceforge/cbqinit/cbq.init-v0.7.3) 

Install µshapecfg¶ RPM shapecfg¶ /etc/sysconfig/cbq/*(0002-FFFF) 0002/etc/rc.d/init.d/cbq.init start
150 



Sample of CBQ Configuration
DEVICE=eth0 10Mbit,1 DEVICE=eth0,10Mbit,1Mbit RATE=10 RATE=10 Kbit PRIO=5 PRIO=5 RULE=:21,192.168. RULE=:21,192.168.1.0/24

151

The End
Good Luck
152

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->