P. 1
Rhce Notes[1]

Rhce Notes[1]

|Views: 270|Likes:
Published by Jagdeep Singh

More info:

Published by: Jagdeep Singh on Aug 28, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less






  • Vi, vim Editor
  • User and Group Administrator
  • Redirecting Input /Output
  • Symbolic links:
  • Checking Free Space:
  • Default Permission:
  • Run Level:
  • Welcome Message at the time of login:
  • Kick Start
  • RPM (RedHat Package Manager)
  • Task Automation and Task Scheduling
  • Increasing the Size of Swap Partition
  • User Quota:
  • LVM Logical Volume manager
  • RAID Redundant Array Of Inexpensive Disk
  • Introduction to System Service
  • DHCP Dynamic Host Configuration Protocol
  • NFS Network File System
  • NIS Network Information Service
  • DNS Domain Name Server
  • Squid Proxy Server
  • Send Mail
  • CUPS Common Unix Printer System
  • FTP: File Transfer Protocol
  • Open SSH Server
  • Samba
  • IP Forwarding
  • Security Policies
  • Telnet
  • Configuration of POP3 and IMAP
  • Low Level Format
  • UMask
  • Remote Installation
  • Note:


0 ES

Unix is the first Operating system in the world, developed by Kem Thompson and Dennis Ritchie in 1969 at Bell Lab by AT&T Company IBM : AIX SGI : IRIX HP : HP Sun : Solaris FSF: Free software foundation organization, they start a project by name GNU. The mail aim of this project is to develop such a O.S that can run on any platform. In 1991, a student Linus Tarvalds developed a kernel named Linus’s Kernel plus GNU application called Linux O.S Linux is a open source technology. Different companies that provide Linux in Market are Redhat, SuSe, Mandrake, Turbo, Knoppix etc.

Features and Advantage:
Features: a. Linux is the fastest Operating system in the world. It runs 2 to 3 times fast than windows O.S b. Linux is the very secured O.S because there is no any problem of virus. c. Linux file format is text format and windows file format is binary format. d. Linux is very reliable O.S because kernel of linux is very stable as compare to windows kernel not crashed easily. e. Kernel of linux is vcery small, it can be stored in floppy f. Linux uses the x-Window system which is advanced network windowing system. Using this system we can display output of any workstation monitor attached in the network Advantages of Linux: a. Virus Proof b. Crash Proof c. Economical d. Multiuser, multi desktop and multi tasking Mode of Login There are two mode of login 1. Text Mode (Alt+ctrl+F1) 2. Graphical Mode (Alt+Ctrl+F7) In case of Text Mode Station2 Login : root Password : redhat


[root@station2~]# to switch from one text mode to another Alt+Ctrl+F1 to Alt+Ctrl+F6 In case of Graphical Mode Ctrl+Alt+F7 Common Command Some of the Common system command are as follow: 1. Date : to display date and time 2. Cal : to display the calendar 3. Cal 11 2006 : display the calendar of Month 11 and year 2006 4. Clear : To clear the screen 5. ls : to list directory contents color identification blue : Directories White : Files Green : Executable files Red ; Zip files, rpm, tar file Different switches used with “ls” command ls –l or ll : used for long listing including file and directory permission (-) : file (d) : Directory (l) : Symbolic link ls –a : shows all hidden files and directory. Any file followed by (.) is hidden file ls –al : show all hidden files and directory with long listing or whole description ls –d : shows all the directory 6. pwd: Present working directory 7. who am I : display the information of current terminal 8. who : display all the terminal in a network 9. history : it shows all the command your have used. By default history stores last 1000 command which u have run. If u want to change # vi /etc/profile HIST SIZE =10 Save and exit # history –c ( to clear all the previous command reside in history)


Creating file and Directory: a. Creating file: The ‘cat’ command is used to create a file Syntax: # cat > filename example: # cat > abc.txt (Ctrl +D) is used to save the file. b. View the content of file Syntax: # cat filename Example: #cat abc.txt #cat –b abc.txt c. Creating Directory The ‘mkdir’ command is used to create directory Syntax: Mkdir [directory_name] Example: # mkdir raj Option used: cd : To change directory cd .. : To come out from directory cd : to jump to root directory cd - : to jump to previous directory Deleting Files and directory: Syntax: For file: rm <filename> example: rm abc.txt for directory syntax: rmdir <directory_name> Note: Only empty directory will be deleted) If we want to delete the tree structure of directory then we need to use the following command Syntax: rm –rf <directory_name> where r = recursively f= force in order to remove non empty directory Syntax:


rm –r <directory> example; rm –r raj this will remove directory step by step ,first remove sub directory and then finally main directory. Another method of creating file : Touch : this command is used to create a blank file with size zero. # touch <filename> Example: #touch abc Copying File and Directory: a. Copy file: Syntax: # cp [source]filename [destination] b. Copy directory #cp –r [source]directory [destination] to copy a directory into another directory recursively c. cp –rf [source]directory [destination] to copy a directory forcely syntax used for copy file or directory: cp [option] file destination option: -I : interactive : ask before overwriting file -r : Recursive -p : Preserve -f : forcely More than one file can be copied at a time if the destination is directory Syntax: cp [option] file1 file2 file 3 Destination Moving and Renaming File and Directory Syntax: # mv : move /rename files and directory Example: # mv [option] file destination example: # mv t.txt /home/raj/ more than one file can be moved at a time if the destination is a directory # mv [option] file1 file2 file3 destination


Getting Help: The command that are used to get the help are discussed as : a. Whatis Display a short description of command , it uses a database that is updated nightly. Often not available immediately after installation. Syntax: # Whatis cal b. Help Display usage summary and argument list Syntax: <command> --help Example: #Date –help c. Man and Info: Both provide documentation for command. Almost every command has a “man” page. Collection of pages are called linux manual. # man date # info date Viewing Text Page Syntax: #less [option] [filename] Example: # less abc.txt scroll with arrows/PgUp /PgDown /text : n : Option: -c : -s : search for text Next Match Clear before displaying Squeeze multiple blank lines into a single blank line

Simply we can also use “less” along with pipe | as # ll |less File and Directory: ‘ll’ is used to display the information about the files and directory including date, time, users,group, size, name and permission. Four symbols are used when displaying permission. R : Read W : Write X : Execute : no permission


6. group get 7 means read/write/execute and ame for other 6 . 3. 7.4.g.r.o+x directory/file u+rw.g. u. then there are two methods: 1.-r.g+rw directory/file u-r. g-w.txt this command will assign write to user.o=w test..g=wx. Symbolic Method: Syntax: Chmod mode directory/filename Mode Option: 1. # # # # # # # chmod chmod chmod chmod chmod chmod chmod u+rwx file or directory : in case of user only ug+rwx file or directoty : in case of user and group u+w. symbolic 2. If we want to change permission.o-rw directory/file ugo+rwx file/directory ugo-rwx file/directory • + is used to add permission • . = 1. 4.r.o suppose we have one file as test. 5.o 2. Numeric 1. The main difference between +.is used remove permission chmod ugo=rw directory/file this command will assign read/write permission to u.txt permission : -r. +. calculation are based on following numbers r=4 w=2 x=1 0= no permission Example: #chmod 777 file/directory in this case user get 7 means that user has permission of read/write/execute.x 3.chmod u=w. write/execute to group and write to other while remove the previous permission.-rwxrwxrwx : files drwxrwxrwx : directory files and directory permission are symbolized by ten character. w. 2.g+r. Numeric Method: In this method.= are + operator simply add the new permission with previous one and = assign the new permission while removing old (new permission overwrite an old) 2.

tmp : usr : lib : bin : command sbin mnt opt var error : : : : /usr/bin also contain user command it contain all system command or super user command /usr/sbin it is a mount point for physical hard-disk or partition optional directory and used for temporary working it is a variable file system or directory and contain all log and message file system type: Dos : Fat 16 95/Xp/2000 : FAT32 Xp/NT/2000 : NTFS Linux : EXT2. #chmod 742 file/directory 7 : User : rwx 4 :Group : r 2 : Other : w Linux file system: Figure Root : Etc : server dev : home : proc : disk and it is an home directory of super user (root) administrator it is the location of all configuration file and directory used for configuration or system configuration it is a location of the device file it is a location of home directory or regular users it is a virtual file system or directory not actually store on the contain system information # cat /proc/meminfo # cat /proc/cpuinfo contain kernel and boot related files it is also a virtual directory and contain system information it is a mount point of removable disk like cdrom floppy usb drive it it it it contain all temporary file is used for software installation contain all library files is the location of all executable files or command or user boot : sys : media : etc.# chmod 531 file/directory in this case user get 5 means that user has permission of read/execute.EXT3 UNIX : VXFS 7 . group get 3 means write/execute and other get 1 means that other has permission to execute.

0 we have to use command in order to unmount. we can create or modify any file 8 . # umount /media/cdrom and then eject the cdrom in case of RHEL 4. /dev/hdx Where x is a : /dev/hda : Primary master b : /dev/hdb : Primary slave c : /dev/hdc : Secondary master d : /dev/hdd : Secondary slave In case of SCSI.Representation Of Media Devices: All the device file are stored in /dev/ Hard disk .directed by the kernel as SCSI device /dev/sdax Vi Editor: Using vi . Sata or USB we will use : /dev/sda CD-rom: /dev/cdrom /dev/cdrom1 /dev/cdrecorder Floppy: /dev/fd0 /dev/fd1 to access partition of windows in linux #mount –t vfat /dev/hdax /mnt in order to check the label of any partition #e2label /dev/hdax where x is number Mounting CD Rom # mount –t auto /dev/hdc /media/cdrom -t : file type auto : file type in order to check where cdrom is attached we can open the file fstab #vi /etc/fstab now in case of RHEl 3. # umount /media/floppy Mounting USB media :.0 we simply type # eject Mounting Floppy #mount –t auto /dev/fd0 /media/floppy in case of floppy we have to umount first then only we remove floppy otherwise all content of floppy may be lost or floppy may be physically damaged.

Cursor movement b. Text search a.Vi. delete. paste. insert. Copy. a . Command mode is again divided into 3 mode a. Save :q :q! :wq! :wq mode start at the point where cursor is. paste delete.o. save and Exit Mode 1. dd yy u p ndd nyy Copy. Same is option mode start after one character mode start after one line mode start before one line and Exit : Quiet : forcely quiet : save and forcely quiet : save and exit 9 . vim Editor Vi is the standard file editor for Unix and Vim is the standard file editor for Linux For Red hat Linux vi and Vim both are same There are three mode of vi editor 1. insert mode 3. undo c. undo : delete particular line : copy particular line : Undo : paste : n is the number of line to be deleted : n is the number of line to be copied c. O i : insert used with insert a : insert o : insert O : insert 3. Cursor Movement J : Down K : UP L : RIGHT H : LEFT b. command mode 2. Insert Mode Option I. Text Search /text example /then 2.

csh. Username 2.def when any user account is created then user will get userid. groupid 5. home directory 7. login shell password entry for each user will be stored in /etc/shadow # vi /etc/shadow now in order to check the Userid. Group we use /etc/login. Super User created automatically at the time of installation 2. When any user is created its default home directory is created inside /home /home/rakesh 7th field is login shell.zsh shell is an user interface between user and O. groupid automatically from /etc/login. service account 1. Regular user account 3.def # vi /etc/login. blank (User information field ) comment 6. userid 4. Graphical method by using Red hat user manager utility a.S. Super user or Administrative account 2. Default shell for user is /bin/bash different shells are used ksh. In order to check the shell available use /etc/shells # vi /etc/shells in 10 . linux command shell is a prompt that allow us to interact with our system by executing various command. sh.User and Group Administrator There are three type of user account in Red hat Linux 1.def 5th field is used for user information or comment 6th field is used for home directory. tcsh. a. Using command line method ‘useradd’ or ‘adduser’ command b. Regular user Account. Password 3. # adduser user_name (Recommended : minimum 6 character used password) # passwd user_name Example: #adduser rakesh #passwd rakesh Now open the file /etc/passwd to check the entry of user #vi /etc/passwd it contain 7 entry of each user 1.

Group name 2. Member of group # finger user : this command is used to get the information about the Syntax: #finger username #finger rakesh #id : this command is used to get userid.in order to get the information about the group we need /etc/group #vi /etc/group it contain four field 1. GroupId 4. password 3. groupid of the user syntax: #id username #id rakesh Creating Group: Syntax: #groupadd groupname #groupadd –g gid groupname Example: #groupadd raj Exercise: Create a user that should have uid=1000 shell=sh description and home directory as /data Sol: #useradd –u 1000 –c rakeshpundir –s /bin/sh –d /data rakesh #passwd rakesh Grpahically System Setting :-> User & Group OR #system-config-user Every user have two group one is elementary group or primary group and secondary group -g : Primary Group -G : Secondary Group Creating Group #groupadd g1 #groupadd g2 Steps: 11 .

Common redirection operator > >> < 2> 2>> : : : : : command>file command>>file : command>file command2>file : command2>>file : : output command to file Append output of command to file : receive input from file error from command to file append Example: #find /etc –name passwd this command will search for all file name passwd in /etc and its subdirectories now we can redirtect the standard outpout #find /etc –name passwd > output output is a file where command output will be stored. To append data to an existing file use >> to redirect instead of > #find /etc –name passwd >> output Redirecting standard Error We can redirect standard error with 2> #find /etc –name passwd 2>errorfile standard output is displayed on the screen . appending to the same file with 2>> 12 . Similarly standard error. the existing file will be overwritten. which normally display on the terminal can be redirected into a file. Standard error is still displayed on the screen #cat output If the target file of the file redirection with > already exists. change shell #usermod –s /bin/bash rakesh 6. which normally display on the terminal can be redirected into a file.1. change comment #usermod –c rakeshsingh 4. change home directory #usermod –d /rakesh-home rakesh –m 5. adding group to the user #usermod –g g1 –G g2 rakesh 2. change Group id #groupmod –g 2005 group1 Redirecting Input /Output The standard Output of command . redirect further standard error. Change Group name #groupmod –n newname oldname #groupmod –n group1 g1 8. change user login name #usermod –l newname oldname #usermod –l rajesh rakesh 7. To change id of the user #usermod –u 1001 rakesh 3.

Checking Free Space: In order to check the free and usage space per file system and directory and each sub directory we have two command a. 1024 bytes. We can display the link name and the referenced file by ‘ls –l’ #ls –l pf lrwxrwxrwx 1 root root pf->/etc/passwd file type: l for symbolic link the content of the symbolic link is the name of the file that is referenced Syntax: Ln –s filename [linkname] Example: Ln –s /etc/passwd password There are seven fundamental file type : regular file d : symbolic link b : block special file c : character special file p : named file s : socket character special file are used to communicate with hardware one character at a time. It stores no data itself socket file are used for inter process communication. disk space free #df –h -h : used multipliers such as G or M for gigabytes and Megabytes The ‘du’ command reports the number of kilobytes contained by the items within a directory #du –s #du –h -s : used to request only the summary directory information #du –s /etc Aliases: 13 . Block special file is used to communicate with hardware a block of data at a time : 512 bytes. df b. disk space used .#find /etc/ -name passwd 2>>errorfile #cat errorfile Symbolic links: A symbolic link point to another file. du the ‘df’ command reports on a per file system basis. 2048 bytes ls –l /dev |less { to check c and b files} named pipe type of file that passes data between processes. It report total disk space .

bashrc file Type: #vi .bashrc. If we have command that run often. we can reduce these to an aliases. Default root’s umask is 022. Run Level: To check the run level we need to see the file /etc/inittab #vi /etc/inittab defaults run – level used by RHS are 0 : hault ( do not set init default to this) 1 : single user mode 2 : multi user mode without networking 3 : multi-user mode with networking 4 : unused 5 : X11 (Graphical) 6 : reboot #runlevel present : this command shows that in which run level you are at in init 3 runlevel. to change #umask 022 umask is typically set by script run at login time. A umask of 002 will result in file created with 664 permission and directory with permission 775.bashrc alias c=`clear` save and exit Test your change by logging out. logging back and type the following #alias #c Default Permission: The default permission for files is 666 and directory is 777.Aliases are shortcut names for large commands. Alias c=clear We can make a permanent entry of alias in . Default umask on Red hat enterprise linux is 002. without a umask in effect. By default we have 6 virtual console (text mode). but we van increase or decrease the number of text mode simply by editing the file /etc/inittab #vi /etc/inittab line No 18 : id:5:initdefault (we can change this value from 1 to 5 as per our need) 14 . The next time you lig in umask will be set bask to your default unless you add command to one of your startup files such as . but take a considerable amount of typing. if you type command startx to go to the graphical mode then it will not ask you for password. this means that anyone on the system will have read and write access to any file. umask is used to withhold permission. only file created will have 666 permission and directory will have 777.

Welcome Message at the time of login: We need to edit the file /etc/motd #vi /etc/motd type any message which we want to display “WELCOME TO ICON” save and exit INSTALLATION: Installation can be done either by CDROM . X Window 2. GNOME Application 1. LAN. Selinux disable Following Package are needed at the time of installation. Note: While installation we have to make sure that firewall option should be disable 1.Line No 44 : 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 . No firewall 2. Text Editor 15 . virtual console terminal decrease. 6:2345:respawn:/sbin/mingetty tty6 in these line if we add one more line the number of virtual console increase and if we remove one line .5 to 2 times more than RAM Size) to check the RAM size do the following step Ctrl+alt+f7 Then type the following #cat /proc/meminfo this command will display the size and other information regarding RAM Ctrl+Alt+F7 to return to the installation mode. For adding 7:2345:respawn:/sbin/mingetty tty7 after editing this file we need to sane and exit #init q : this command is used to activate the change made. . Desktop 1. NFS. FTP Partition type and its size / 10000MB /boot 128MB /home 1000MB swap 256 MB ( 1. .

255. 5. Server 1.0 WS with the help of NFS and FTP. System 1.168. 4.0. 3.S Installation Method : NFS Image NFS Server name : 192.and 4) inside /var/ftp/pub/RedHat/RPMS/ Now we need to configure the exports file. 2. 3. #vi /etc/exports /var/ftp/pub 192.254 NFS Dierctory : /var/ftp/pub And continue the installation There is slightly change in case of FTP In case of FTP: Boot the system from disk 1 of redhat linux and type Linux askmethod Choose language : English 16 .0(rw.6…… Now copy the disk 1 of the Redhat linux into the folder “/var/ftp/pub” Now copy RPMS of remaining CD’s (Disk 2.0/255.1……. 7.sync) save and exit now start the service #service portmap restart #chkconfig portmap on #service nfs restart #chkconfig nfs on Now Boot the new system from disk 1 of Redhat linux and type Linux askmethod Choose language : English Keyboard Type : U.0.3. 6.168. 3. we have to perform the following step First we have to check the rpm of ftp/nfs ftp : vsftp-2.255. Graphical Internet Text Based Internet Server configuration tools Web Server Mail server DNS server FTP Server Network Server Legacy Network Server ( in this select Telnet) Administrative Tools System tools Printing tools 6132MB 681 MB Max Space Needed : Min Space Needed : While Installing Redhat linux 4.0. 2.0.2. nfs : nfs-utils-1.

255. set the language.cfg under /root Suppose we use NFS type then we have to mentioned NFS Ip address : 255. package .0.Keyboard Type : U.255. 17 .cfg And continue the installation RPM (RedHat Package Manager) RPM package contain the file and directories associated with specific application and program.0.254:/root/nfsks.0(rw.168.0 then mentioned the FTP server address as installation type etc.168.0(rw.0 mount point : pub ( as in case of FTP the default path is /var/ftp) and continue the installation Kick Start Kick start is one of the automatic installation method.0.0/255.255.168. root password. Before making kick start file we need to check the rpm Rpm : system-config-kickstart Kick start consist of installation wizard which we can configured for another system like general information.sync) Now start the service #service portmap restart #chkconfig portmap on #Service nfs restart #chkconfig nfs on #service dhcpd restart #chkconfig dhcpd on Now boot the new system by Disk 1 of RedHat linux And type Linux ks=nfs:192.168. network.254 255.0.sync) /var/ftp/pub 192.255. keyboard type.S Installation Method : FTP Then first mentioned your system ip address in order to identify itself in network Path : /var/ftp/pub Now we have to edit the file nfsks.cfg by editing one line Selinux-disable Now we have to configure the file /etc/exports #vi /etc/exports /root 192. then save the kick start with any name say nfsks.255.0/255.

3-8.rpm To install RPM: #rpm –i rpm_name To Remove RPM #rpm –e rpm_name In order to remove those package which has dependency #rpm –e rpm_name –nodeps Switches used with RPM -i or --install -e or --erase -U or--Upgrade -F or --Freshen we can install rpm by using #rpm –ivh rpm_name -I : Install -v : Verbose -h : Human view (Hash Sign) To Upgrade RPM: #rpm –U rpm_name To repair any corrupted rpm package #rpm –F rpm_name To make any rpm query #rpm –q rpm_name To check all rpm of related pacakes #rpm –qa |grep rpm_name To check particular file associated with which rpm # rpm –qf /etc/passwd passwd file is associated with setup-2. Like Zip-2. #rpm –qi rpm_name To Install any rpm forely #rpm –ivh rpm_name –force 18 .5 rpm To check the rpm containing which file #rpm –ql rpm_name this command will list all the file associated with particular rpm.i386. To get the information about the particular rpm. release and architecture for which it was build.RPM namegenerally includes version.

we need to install r4 but r4 depends on remaining rpm’s then we use this command. We can also create a file ‘at. now by default all users will be restricted to use ‘at’ command and only that user which have entry on ‘at.allow’ file.deny inside this file we have to just mentioned the name of the user in order to restrict him not to use ‘at’ command.deny’ is default in system.r3 and r4 . Once we create this file.allow’ will allow to use the ‘at’ command. at b. ‘at.Installing dependent packages: Suppose we have 4 rpm’s r1.r2. Restriction will be provided by root login with administrator. To check any rpm’s query #rpm –qa “sendmail*” To check rpm’s of related service #rpm –qa |grep bind Task Automation and Task Scheduling It is used to perform the task at particular time Two command are used a. #vi /etc/at. crontab syntax: #at time at>command I at>command II ctrl+D Example: #at 10:30 at>eject at>eject –t ctrl+D Option used #at now #at now+5 minutes #at now+5 hours #at now+5 days #at tomorrow #at 10:30 july 16 2006 we can also restrict the user not to use the ‘at’ command. Entry will be done by the root. Just save and exit form the file By default all users are allowed to use ‘at’ command. Difference between these two method is crontab is used to 19 . Another method is to make an entry inside the ‘crontab’ file.

It is better to use the full path of the command inside crontab instead of just the name of the command. In order to see the output of the command we use. These command are executed on background and their output is transferred to the particular user’s mail box.perform the same task many times whereas job through ‘at’ command will be removed after the task has been performed. #mutt This command will open the mailbox from where we check the output Some of the switched used with the ‘crontab’ #crontab –l List out all the job scheduled in crontab. #atq : list the job number scheduled in at #atrm jobno : to remove any job Fdisk: 20 . #crontab –r Can remove the job from the crontab. These two jobs will be performed at 10:35 in every month. Some command which are executed with ‘at’ or ‘crontab’ send their output to the user mail box. Syntax: ( By root login) #crontab –e six field are listed 1 2 minute hour command Example: 35 36 10 10 3 day of month 31 31 0-59 1-31 4 Month 5 day of Week 6 05 05 3 3 eject eject –t Minute : Hours : 0-23 Day of Month : Month : 1-12 Day of Week : 0-7 0 and 7 are Sunday #service crond restart #Whereis eject this command display the path of the command. We can also make the entry as 35 10 * * * eject 36 10 * * * eject –t In this case.

21 .Representation of Hard disk /dev/hdx /dev/had : Primary Master /dev/hdb : Primary Slave /dev/hdc : Secondary Master /dev/hdd : Secondary slave Fdisk command is used to create a partition #fdisk –l Display the partition Listing Creating Partition #fdisk /dev/had Press(m for help): m Some important switches are D : delete partition N : New L : listing Q : quit W : Save and Exit T : changed type Press : n l: Logical (5 or above) p: Logical partition( 1-4) Type l First cylinder (Take as default): Press Enter Last Cylinder or +size or +sizeM or +sizeK (….) : +100M Command (m for help) : w # partprobe ( to update the partition table without restarting the computer) Now we need to format the partition #mkfs. at that time we need to increase the size of swap partition as per the increased size of the RAM.ext3 /dev/hdax Where x is the number of partition that is newly created Now we mount this partition #mkdir /partx #mount –t ext3 /dev/hdax /partx Or #mount /dev/hdax /partx To mount this partition permanently make the entry in fstab #vi /etc/fstab /dev/hdax /partx ext3 defaults 12 Increasing the Size of Swap Partition There are possibilities that any time we can increase the size of RAM.

Remount the home partrition # mount –o remount /home 22 . Format the partition say /dev/hda9 #mkswap /dev/hda9 iii. Creating Partition: i.local # vi /etc/rc. User quota is used to restrict the amount of disk space on each partition by each user. We have to create one partition of size say 200MB and change its type to 82 (swap type) . Format the newly created swap file #mkswap /swp iv. Steps 1. Now we customize the size of the swap # dd if=/dev/zero of=/swp bs=1M count=200 iii. Creating file i. first make an empty file #touch /swp ii.usrquota 1 2” 2. save and exit and then run the command “partprobe” ii. to check the entry of swap partition # cat /proc/swaps If we want to make the permanent entry in fstab then #vi /etc/fstab /dev/hda9 swap swap defaults 0 0 B.There are two method of doing so a. Active the swap file #swapon /swp To check the entry of swap file #cat /proc/swaps If we want that automatically this swap file activate . Creating file A.local Make the following entry Swapon /swp Save and exit User Quota: Monitoring and controlling disk space usage is another important part of a system administrator tasks. creating partition b. Make the swap partition active #swapon /dev/hda9 iv. Edit the file /etc/fstab # vi /etc/fstab Search the following line “LABEL=/home /home etx3 defaults 1 2” Just add ‘usrquota’ after the word ‘defaults” as “LABEL=/home /home ext3 defaults. we need to make the entry in /etc/ec.

e.Where –o I used to active comma separator used in fstab After given a quota we must remount the directory with user quota or if we restart the system . Make the quota on # quotaon /home 7. #setquota -u username 2000 3000 20 25 /home 23 . Now check the mount quota # quotacheck –avum Where -a : Scan file system with quota enabled -v : Verbose mode -u : Scan for user quota -m : Remount file system with quota enabled 4.e we set the soft limit to 3000 and Hard limit to 4000 i. it automatically remount. 3M and 4M /dev/hda2 25 3000 4000 9 0 0 Block and inode has a grace period of 7 days ( by default) We can set the quota either by setting blocks soft and hard limit of inode ( Number of maximum file created) 6. 3. Now check the /home #cd /home #ls File aquota.user will created) 5. Now add quota for particular user # edquota –u username Output of this command File System Block soft hard inode soft hard /dev/hda2 24 0 0 9 0 0 1 block=1Kbyte Suppose we set the userquota by block size i. We can generate the quota information #repquota /home Note: We can generate the file of big size to check the quota Syntax: #dd if=/dev/zero of=bigfile bs=1M count=3 To check the quota for particular user after login #quota To set the grace period for particular user #edquota –T username To assign quota of one user to another user #edquota –p user1 user2 We can also set the quota for particular user by using following command.

LVM Logical Volume manager LVM is an extensible partitioning tool using which we can modify or resize any partition without changing our existing data. #fdisk /dev/had Press( m for Help): n l : logical p : Physical Type ‘l’ First Cylinder : Press Enter Last Cylinder (+sizeM or +sizeK) : +100M Command : t : t for change the type Partition no : x : x is the number of partititon Type : 8e : 8e for LVM Command : w #partprobe Now we create a Physical Volume (PV) #pvcreate /dev/hda8 Display the PV Information #pvdisplay Now we create Volume group #vgcreate Vg00 /dev/hda8 Display the Vg information #vgdisplay Finally we create a logical volume #lvcreate –n lv00 –L+50M vg00 Where -n : logical name -L: size Display the LV information #lvdisplay After creating the logical volume.ext3 /dev/vg00/lv00 Finally we mount it on /lvm #mkdir /lvm #mount /dev/vg00/lv00 /lvm Extending the size of LVM #lvextend –L+50M /dev/vg00/lv00 24 . we need to format #mkfs. /dev/hdax Figure /dev/hdax In order to create LV ( logical volume) we need to create a partition.

After adding we need to run ext2online command in order to assign file system type to the added size #ext2online /dev/vg00/lv00 Reducing the size of LVM #lvreduce –L-20M /dev/vg00/lv00 If the size of the logical volume is full and we need more space to store data we need to create new partition . change its type to LVM by ‘8e’ then create the physical volume and add that with volume group (vg00) #vgextend vg00 /dev/hda9 After that extend the size of logical volume In order to delete the logical volume #umount /lvm #lvremove /dev/vg00/lv00 #vgremove vg00 #pvremove /dev/hda9 #pvremove /dev/hda8 Then finally using the fdisk remove hda8 and hda9 RAID Redundant Array Of Inexpensive Disk RAID is a series of disk which can save your data even if there is catastrophic failure on one of the disk RAID are classified as RAID0.ext3 /dev/md0 Now mount it #mkdir /raid #mount /dev/md0 /raid In order to check first we fail any one of the partition #mdadm --manage /dev/md0 --fail /dev/hda8 Check the status of the RAID #mdadm --detail /dev/md0 Removing the failure partition #mdadm --manage /dev/md0 --remove /dev/hda8 25 . RAID1 and RAID 5 RAID 0 : require minimum 2 HDD and also known as stripping without parity RAID 1: require minimum 2 HDD and also known as disk mirroring RAID 5: minimum 3 HDD requirement and also known as stripping with parity First we create the two partition say each of 100MB and then change its type to (‘fd’) Raid Now we create a RAID #mdadm –C /dev/md0 –level=1 –raid-disks=2 /dev/hda8 /dev/hda9 Now check the raid #cat /proc/mdstat ‘OR’ #mdadm --detail /dev/md0 Format the newly created RAID #mkfs.

254 IPv6 address have 120 bits To check the connectivity #ping 172.2 Netmask = 255.168. service which are managed by init command.254 To make Network UP and DOWN #ifdown eth0 #ifup eth0 We can also assign temporary IP address to a LAN card.254.254.To add new disk partition #mdadm --manage /dev/md0 --add /dev/hda10 Note: In order to add new partition first we create the partition and change its type to ‘fd’ Introduction to System Service Every computer that connect to network require some IP address assign permanently to a computer host known as static IP address and some IP address leased by DHCP server for a limited period of time known as dynamic IP address. which are not TCP/IP services 2. service are divided into three category IPv6 IPv4 has a 32 bit and are in Octet-doted decimal lists Example: IPv4 2.0.10 Introduction To System Service According to the service management. There are 2 standard IP address 1.0 Gateway = 172. service which are managed by service command 26 . It will remain until we restart the computer then after that it will take IP address from ifcfg-eth0 #ifconfig eth0 172.254 To check the IP address #ifconfig To set the IP address #netconfig Or #vi /etc/sysconfig/network Or #vi /etc/sysconfig/network-scriptd/ifcfg-eth0 Device = eth0 Boot Proto = static Onboot = yes IPaddr = 172.

conf Set the following configuration Subnet : First check the rpm #rpm –q dhcp Copy and rename dhcpd.1/dhcpd. Option router : 172.0.sample /etc/dhcpd.0.conf Now open file #vi /etc/dhcpd.conf in /etc #cp /usr/share/doc/dhcp-3.conf.0. Option subnet-mask : 255. Netmask : 255.conf 67.255.254. It will display the dialog box in which all the services are mentioned DHCP Dynamic Host Configuration Protocol DHCP provides IP address to host computer dynamically by the range of addresses or statically or fixed address by MAC address Service Profile Type : Package : Daemon : Script File : Port : System V managed Service dhcp dhcpd : dhcpd /etc/dhcpd. 27 . service which are based on xinetd that is some back ground process services to check the service whether ON or OFF use #service service_name status #chkconfig –list #chkconfig –list service_name Example: #service nfs status #chkconfig –list #chkconfig –list nfs To Make service ON or OFF #chkconfig nfs on #chkconfig nfs off To stop the particular service for particular Run level #chkconfig –level 3 nfs off #chkconfig –level 3 5 on/off To make on or off in run level 3 and 5 #ntsysv : will start /stop all the services in a particular run level.sample to dhcpd.

Option domain-name : “example.0. where x : Station number NFS Network File System NFS server is used for file sharing and directory sharing between linux to linux machine Service Profile Type : Package : Daemon : Script Port : Configuration File Check the rpm # rpm –q nfs-utils Server Setting First make the folder which you want to share System V-managed nfs-utils rpc.10 Save and exit Start the service #service dhcpd restart #service portmap retstart #chkconfig dhcpd on #chkconfig portmap on Client Side #dhclient Dhclient is used to give the request to dhcp server to assign an address to client Now if we want to assign the static IP address by their MAC address #vi /etv/dhcpd.24.24. rpc. Range dynamic-bootp 172.0.Option nis-domain : “RHCE”.254.1 172.24. Option domain-name-server : 172.statd.nfsd : nfs 2048 : /etc/exports 28 .com”. fixd-address 172.254.rquotad.0.54.conf Set the following configuration host stationX { hardware Ethernet 00:34:e3:5r:q1:34.24.

254 #showmount –e server1 Client Mount the /share directory on client machine #mount –t nfs:172.4/255.0.sync) For two different network #vi /etc/exports /share 172.sync) /share To check #showmount –e 172.0/ then it will mount for everyone #vi /etc/exports /share 172.0(rw.0.0(rw.sync) 29 .24.sync) Save and exit /share will be shared by the entire network Start the service #service portmap restart #chkconfig portmap on #service nfs restart #chkconfig nfs on Note: We need to restart the service portmap before nfs service in order to assign port number.254.24.254:/share /mnt Where /mnt is a mount point For sharing particular IP address Server: #vi /etc/exports /share 172.#mkdir /share #cd /share #touch a d f #chmod o+w a b Now open the configuration file #vi /etc/exports Make the following entry /share 172.sync) If we give a space between the network and (rw.0(rw.sync) For all world #vi /etc/exports /share *(rw.24.0(rw.24.sync) /share 172.0/ (rw.sync).0.

Check the rpm’s #rpm –q portmap ypserv make 2.yppasswddd : ypserv. NIS Network Information Service NIS provide simple directory service for system and account information. NIS server is used to manage the system and account information on multiple system from the central server. Edit the file #vi /etc/sysconfig/network Define the following line NISDOMAIN=ICON Save and exit 3. yppasswdd : /etc/sysconfig/network /var/yp/Makefile tools ypbind Daemon Script Configuration : Server Setting: Steps 1.If we give no permission then it will take (ro. Start the service 30 .ypserv rpc. Edit the file #vi /var/yp/Makefile Search for “/all: “ line Remove all the entry except all: passwd group hosts netid save and exit 4. Service Profile Type Package : : system V manage Server Portmap ypserv make Client Authconfig authconfig-gtk portmap yprpc.sync) #export –r #export –a #export –ar If we run this command then there is no need to restart portmap and nfs again and again.

Make the entry of the home directory of user in /etc/exports file #vi /etc/exports /rhome/nisuser1 Save and exit 8.24. Now create a user with home directory /rhome/nisuserX #mkdir /rhome #adduser –d /rhome/nisuser1 nisuser1 #passwd nisuser1 7. start the service #service portmap restart #chkconfig portmap on #service nfs restart #chkconfig nfs on #service yppasswdd restart #chkconfig yppasswdd on 9. Check the rpm’s #rpm –q portmap authconfig authconfig-gtk yp-tools ypbind 2.0.misc” 172.255.sync) 31 . Now create a database for NIS server # /usr/lib/yp/ypinit –m -m : Master 6.#service portmap restart #chkconfig portmap on #service ypserv restart #chkconfig ypserv on 5. Edit Two File “auto.master” and “auto.254 3. Finally Update the database #cd /var/yp #make Client Setting: 1.254. Run the command #authconfig Or #system-config-authentication In this enable and write the following option “Enable NIS option” and Press F12 In NIS Setting Domain : ICON Server : 172.0/

Finally login with user as “nisuser1” and passwd DNS Domain Name Server DNS translate IP address to hostname or vise versa Service Profile Type : System V manage Package : bind.master /rhome /etc/auto. caching-nameserver.254:/rhome/nisuser1 Save and exit 4. File “example. Start the service #service autofs restart #chkconfig autofs on 5.conf #vi /var/named/chroot/etc/named.zone”. Edit the file named.254.#vi /etc/auto.misc --timeout=60 This file define the path of the home directory #vi /etc/auto. bindutils Daemon : named Script : named Configuration file : /var/named/chroot/etc/named. bind-chroot.intr 172. 32 . Run the following command to check the password #ypcat passwd #getent passwd ypcat will display the entry of server user information getent will display the entry of local and server user information 6.com”{ Type master.soft.conf Edit the line after copying line N 37 to line 47 Zone “example. 53 (TCP) Server Setting 1.conf /var/named/chroot/var/named/* Port : 52 (UDP).24.misc Nisuser1 -rw.

example.2 Station3 IN A 172.example.com ( ………… ………… ………… ….24.com. root.254 Station1 IN A 172.0.local 3.3 Station4 IN A 172.0.example. 254.zone $TTL 86400 @ IN SOA server1. 2.172.} . Edit example. Note: Like this we can make entry all the stations connected to that network Save and exit 4.0 IN PTR station1.com.example. }.example.24.example.254.local $TTL 86400 @ IN SOA server1. }. File “example. root.com.24. ………. 2. ……….in-addr.exampler.4 www IN CNAME server1 www1 IN CNAME station1 www2 IN CNAME station2 www3 IN CNAME station3 www4 IN CNAME station4 33 . ( ……….Allow-update {none.}.24.zone #cp named.1 Station2 IN A 172.24.com.zone example.server1.0.arpa”IN{ Type master.example.local example. ……) @ IN NS server1.local”. Server1 IN A 172.com.0 IN PTR station2. Zone “24.com. 1.example.local file #vi example. Allow-update {none. Now Enter inside the following directory #cd /var/named/chroot/var/named Make two file by copying #cp localhost.com.) @ IN NS server1. Edit the file example.example. 4.com.server1.com.0.254 IN PTR server1.0 IN PTR station3.

It identifies the name server as the authoritative source for information about this domain TTL indicate how long to hold the data in their cache NS shows the name of name server A shows the IP address for name server MX is a mail Exchange record PTR is used to point to the name server CNAME is CONONICAL name shows the real name of the host Squid Proxy Server Proxy server is used for Internet Sharing 34 .conf Nameserver 172.254 7.save and exit 5.example. Start the service #service named restart #chkconfig named on 6.com Savce and exit Now finally use the Dig and nslookup command to check the DNS from client side Term IN : Internet SOA : Start Of Authority TTL : Time to Line NS : Name server A : Address Record PTR : Pointer Record MX : Mail server SOA is the first line in the zone file.254 Search example.com #nslookup server1. Dig the server #dig server1. Check the file /etc/hosts file DNS Client Open the file and check the setting #vi /etc/resolv.example.com #nslookup

0/255.conf #vi /etc/squid/squid. 3128 35 .0. Click on Mozilla Web Browser 2.24.conf 8080 . Click editPreferences 3.254 Port 8080 : : : : System V manage Squid Squid : Squid : /etc/squid/squid.0 Line number 1865 http-access allow icon In order to deny we write http-access deny aclname Like http-access deny icon If we want to restrict any site Syntax : acl aclname acltype Name or domain Example: acl icon1 dstdomain . Click on “Connection Setting” 4.254.com Start the service #service squid restart #chkkconfig squid on Client Side: 1.0.Server Profile Type Package Daemon Script Configuration Port No Steps 1.hotmail. Check the rpm’s #rpm –q squid 2.255.24. Edit the file squid. Select “ Manual Proxy Configuration” Http Proxy : 172.conf Line number 54 http-port 8080 Line number 481 cache-mem 100MB Line number 1805 (syntax : acl acl_name acl_type network or domain) acl icon src 172.

mc #m4 /etc/mail/sendmail. m4 sendmail 25 : /etc/mail/sendmail. To check the mail #mutt If any problem come that /var/spool/mail/root does not exits then create a file by 36 .mc > /etc/mail/sendmail. Service Profile Type : Package : Daemon : Port : Configuration File System V manage sendmail. Edit the file sendmail.24.cf /etc/mail/access /etc/aliases Steps: 1.0.Send Mail Sendmail is used to configure the mail server on the server in order to send and receive the mail.4 REJECT root@station6.example. sendmail-cf. In order to redirect the mail of any user to another we edit #vi /etc/aliases Root : raj.24 OK 172. we need to run the ‘newaliases command to update the file #newaliases 5. In order to allow / restrict other network or client or any user to send mail we edit file /etc/mail/access #vi /etc/mail/access 172. Now create a new sendmail. Start the Service #service sendmail restart #chkconfig sendmail on 6.rakesh.mc Line number 105 DAEMON-OPTION(……………………….example.cf file through sendmail.root@station6.com DISCARD OK : Allow REJECT : restrict and message reply will come DISCARD : restrict and message reply will not come 4. procmail.cf 3. mutt .) Disable this line by adding dnl# 2.mc /etc/mail/sendmail.com After editing this file.

To remove any job #lprm job_number Or #cancel job_number 5.#touch /var/spool/mail/root CUPS Common Unix Printer System UPS is the primary printing system under Re Hat Enterprise Linux. based on HTTP/1.1 Configuration Steps: 1. Type the following command #printconfig Or #system-config-printer Assign Queue name : xyz Device name : IPP Select Printer Driver “ raw printer queue” Server : server1. Check the status of the Queue #lpq 3. To check status with job number #lpstat FTP: File Transfer Protocol FTP provides file sharing between linux to linux . linux to Unix and Linux to Windows 37 .com Path for the Queue Directory : /printer/xyz And finish the Wizard 2. To Print any file #lp <filename> #lpr <filename> 4. CUPS support a new Internet Printing Protocol (IPP).example.

ftpuser #vi /etc/vsftpd.conf 21 : : FTP service provide two level of access a.Service Profile Type : Package : Daemon : Script Configuration File Port : System V manage vsftpd vsftpd vsftpd /etc/vsftpd/vsftpd. In this case we don’t require password. By default these users have only permission to download (get) B In user access.user_list can only access ftp server then we need a entry in vsftpd.conf Add following line Userlist-deny = No In order to assign upload permission to ftp and anonymous users #vi /etc/vsftpd/vsftpd. User Access A In Anonymous access client machine can connect to target machine via users FTP and anonymous.user_list User entry in these two file are not allowed to access ‘ftp’ If we want that user entry in vsftpd.conf #vi /etc/vsftpd/vsftpd. Anonymous Access b. client machine connect to Target machine by having username and password on Target machine For anonymous user FTP working directory is ‘/’ / = /var/ftp We can also provide user level security We have two files #vi /etc/vsftpd.conf Anonymous-enable = yes #uncomment line 27 Anon-upload-enable = yes #uncomment Chown-uploads = yes Chown-username = daemon Now create a directory inside /var/ftp #mkdir upload 38 .

254.254 APACHE WEB SERVER Apache Web Server is used for Web Hosting. To download any file from user home directory We can also open ftp server as #elinks ftp://172.254.24.conf Configuration File : Steps: 1.254 To upload: put To download : get Example: #put <filename> to upload any file in user home directory #get <filename. With the help of Apache we can host multiple Website. Check the rpm #rpm –q httpd 39 .254 For Anonymous user Username = ftp Password =`press Enter` For User Access Username = rakesh Password = ***** In Graphical ftp://rakesh@172. portmap /etc/httpd/conf/httpd.24.#chmod 777 upload Chgrp ftp upload Assign group owner ship to ftp to ‘upload’ directory Start the Service #service vsftpd restart Access FTP #ftp 172.254.24. Service Profile Type Daemon Script Port Package : : : : : System V Manage httpd httpd 80 httpd.

access Require valid-user Save and Exit Now create one user #adduser raj 40 .example. 1022 and paste at last <VirtualHost 172.com DocumentRoot /www ServerName server1.com #elinks http://server1. in /www #vi /www/.example.example.254.example.254:80> ServerAdmin root@server1.com </VirtualHost> Save and exit Now create a directory #mkdir /www #cd /www #vi index.com Restriction For User to Access Web site #vi /etc/httpd/conf/httpd. For multiple Hosting we need to uncomment line number 1003 NameVirtualHost 172.conf <VirtualHost 172.example.2.254:80> ServerAdmin root@server1.com DocumentRoot /www ServerName Server1.254:80 Now copy line No 1016 to No.html Now start the service #service httpd restart #service portmap restart #chkconfig httpd on #chkconfig portmap on Now dig the site #dig server1.example.com <Directory /www> Option Indexes Includes AllowOverride Authconfig </Directory> </VirtualHost> Now create one file .254.htaccess AuthName “allow users” AuthType Basic AuthUserFile /etc/httpd/ht.

254.example.access raj #chgrp apache /etc/httpd/ht. opensshsshd 22 : : sshd /etc/ssh/sshd-config If you want root should not login then #vi /etc/ssh/sshd-config Line PermitRootLogin No Uncomment line number 13 and 14 Port 22 Protocol 2.254.254 ( by User) #ssh 172. open ssh-server.24.254.#htpasswd –c /etc/httpd/ht.access Start the Service #service httpd restart #chkconfig httpd on #elinks http://server1.254 (By root) If you want to display any welcome Note at the time of connecting #Banner Banner /etc/banner If you want to copy file from ssh server to client #scp 172.1 Save and exit Start the service #service sshd restart #chkconfig sshd on #ssh raj@172.254:/root/install.com Open SSH Server SSH or Secure Shell is used for the purpose of remote login between linux to linux and linux to Unix.24.log /mnt 41 . The main difference between SSH and telnet is that SSH can be used for file transfer.24. Service Profile Type : Package : client Daemon : Port : Script Configuration File System V manage open ssh.

24.254.254:/root Remote shut down #ssh Workgroup = CORP Server String = Samba Host allow = 172.24. linux to Unix and Linux to windows Service Profile Type : Package : Daemon : Script : Port : Configuration file : /etc/samba/smbpasswd System V Manage Samba.255. samba-common. nmbd smb 167.conf Edit the file smb.0. samba-client smbd.24.254:/root/raj /mnt If you want to copy file from client machine to ssh server #scp /root/anaconda-ks.24.254/255.0 Then copy last 8 line [raj] Path = /data Valid users = raj rakesh Public = no Writeable = yes Browse able = yes Save and exit Now create a Users #adduser raj #adduser rakesh #smbpasswd –a raj #smbpasswd –a rakesh Start the service #service smb restart #chkconfig smb on On client side 42 .169 /etc/samba/smb.cfg 172.168.If you want to directory #scp –r 172.6 init 6 Or Slogin command can also be used Samba Samba can be used to share file and printer between linux to linux.conf #vi /etc/samba/smb.

254.#smbclient // If forwarding is not enabled.7 Net.24.conf Line no.25.255.254 (-d : virtual) 172.254.254 : : 172.254. security provided by TCP wrappers 43 .0 172. To be able to do this we need to make sure that we enable IP forwarding. Security within a service 2.0 172.ip_forward = 1 Save and exit To activate permanently #sysctl –p Or another method is #echo 1 >/proc/sys/net/ip_forward This work for temporary use till system is ‘ON’ Now for the first network #netconfig IP address : Subnet Default Gateway : Primary server Second network #netconfig –d eth0:1 IP Address Subnet Default Gateway Primary Server 172.254. To enable IP forwarding #vi /etc/sysctl.0.255. there are three type of security policies 1.24. the number 1 is returned.24.24. To check type #cat /proc/sys/net/ipv4/ip-forward If forwarding is enabled.254 : 255.254 Mounting share folder #smbmount //172.ipv4. we can’t use a computer with two network interface to route between two or more subnet.254.254 172. the number 0 is returned.24.25.254/data /mnt –o username=rakesh IP Forwarding In Linux.254/raj –U raj GUI Smb://172.254 : : : Security Policies According to the service management. We should make sure that module is loaded.

example.24.deny Vsftpd: Or we can assign station wise In.24.0/ 172.25.0/255.0.deny 44 . #vi /etc/hosts.0 and deny outside network ( 172.0. and POP3 Example 3: Network 172.0.25. IMAP.allow Vsftpd: 172.255.2 172.0 Similarly we can make entry for SSH. security provided by xinetd TCP Wrappers Configuration needed two file a.24. redhat.0/255.deny Vsftpd: 172.255.0 #vi /etc/hosts.3.1 to use ssh service and disallowing all other network #vi /etc/hosts.255.0. Hosts.24.0 except 172.0/255.deny Vsftpd: ALL EXCEPT 172.0.0.telnetd : .0.allow In.allow b.0 Example 4: Network example.0 In this case just make entry in hosts.255.24. 172. Hosts.0 are not allowed to use ftp service #vi /etc/hosts.com.telnetd : station1.redhat.0.0.0 Example 2 : allowing 172.26.deny By default all are allowed Check the rpm #rpm –q tcp_wrappers Syntax Daemon_list : client_list Example 1: Network #vi /etc/hosts.0.0.0/255.0 In order to deny other network Vsftpd: ALL Deny other network except 172.24.com Example 5: Allowing 172.24.2 allowed to use SSH service #vi /etc/hosts.0.com .com allowed to use telnet service #vi /etc/hosts.24.allow Sshd : 172.24.

24.24. For particular system #vi /etc/xinetd.0.0.4} 3. Deny particular node #vi /etc/xinetd/telnet 45 .3.24.{1.0.0/255. For range of node #vi /etc/xinetd/telnet Only_from = 172.2. telnet based on xinetd based on xinetd : /etc/xinetd.d/telnet Make Disable = no Save and exit Start the service #service xinetd restart #chkconfig xinetd on Security setting 1. linux to unix and linux to windows Service Profile Type Package Daemon Script Configuration : : : : xinetd telnet-server.255. nmbd Telnet Telnet service is used for the purpose of remote login between linux to linux.0.0 EXCEPT 172.0.1 Some of the daemon are Imapd Ipop3d Smbd.d/telnet Check the rpm #rpm –q telnet-server telnet Edit the file #vi /etc/xinetd.d/telnet Only_from = 172.6 Save and exit By default all node in a network can access through telnet 2.24.Sshd : ALL EXCEPT 172.

deny Ipop3d : Imapd : ALL ALL These permission are set when host from local network can access pop3 and imap and hosts from other network does’nt allow In order to disallow outside network say Imapd : 172.0 Ipop3d : 172.0.0 #vi /etc/hosts.0.0/255.24.No_access = Imapd : 172.allow Ipop3d : 172.255.0 To check the status #nmap stationx Or #namp localhost Digital Certification 46 . 14 Protocols = imap imaps pop3 pop3s Save and exit Start the service #service dovecot restart #chkconfig dovecot on #chkconfig xinetd on Now in order to provide security Allowing local network to access the pop3 and imap and disallowing other #vi /etc/hosts.0/255.6 Time setting #vi /etc/xinetd/telnet Acees_time = 04:15=04:30 If we want to login with username as root and by default we cannot #vi /etc/securetty Add two line Pts/0 Pls/1 Configuration of POP3 and IMAP IMAP is used for the authentication and POP3 is used for mailing We need to configure #vi /etc/dovecot.0.25.0/255.255.conf Uncomment line No.

street d. country b. DHCP Server 3.pem file in #cd /usr/share/ssl/certs #rm dovecot. state c. email address after making all those entry we need to copy this file #cp dovecot.pem #make dovecot. 1 of Redhat Linux Steps: 47 .pem Overwrite : yes To check the status or entry #openssl x509 –noout-subject </usr/share/ssl/private/dovecot. station name f. TFTP Server 2. company and unit name e.pem Low Level Format The command ‘shred’ is used for low level format 25 times. in this case Umask means 666-002 = 664 for normal user and for the root the default value will be 666-022=644 The default value for a directory is 777. Check for devecot. The default value will be 666.pem /usr/share/ssl/private/dovecot.pem In this we have to make the following entries a. we can’t recover files after this #shred /dev/had UMask User Mask Default value for root = 0022 Default value for users = 0002 When we create any new file. in this case umask means that whenever we create new directory. the default valkue for normal user 777002 = 775 and for root. CD No. the default value 777-022 = 755 Remote Installation Documentation for linux remote installation with pxe boot rom client 1.Certificate is used for the purpose of authentication Steps 1.

254 Range dynamic-bootp Filename “/linux-install/pxelinux.cfg file and also renaming it to default (***default**** is a filename) Note 2: in above guidelines our motive is to copy all bootable files from the CDROM to TFTP folder which are required for remote boot.cfg/default Note 1: remember we are copying isolinux.24.0.24.conf Dhcpd file will be as follow Subnet 172.cfg /tftpboot/linuxinstall/pxelinux.0”.0. It is the default boot loader used by Red Hat Linux 48 . First install the TFTP Server and DHCP Server 2.1 172.conf file as follow #vi /etc/dhcpd.1.0{ Option domain-name “example.24.0. After copying above files copy as following from ftpdboot folder #cp /tftpboot/linux-install/isolinux. } Restart the Service #Service dhcpd restart Note: To make installation more easy we can also implement kick start along with TFTP Some Important File Settings: 1. Now all TFTP configuration is complete TFTP Service is xinetd depended service. includingtftp also) DHCP Server Setting for Remote Boot Step 1: install DHCP Server Step 2: Edit DHCPD. so first of all we have to on TFTP Service as follow #chkconfig tftp on (note : it will permanent ‘ON’ tftp service and also work after computer restart) #service xinetd restart (note : it will start all subservices which are dependent on xinetd master service . GRUB.CONF GRUB stands for GRand Unified Bootloader. Copy all the files from CD1 isolinux folder to /tftpboot/linux-install folder (Syntax as follow) #cp /media/cdrom/isolinux/* /tftpboot/linux-install 3.com” Option domain-name-server 172.0 netmask 255.0.

9-5.EL ro root=LABEL=/ rhgb quiet Initrd /initrd-2.conf Below Hiddenmenu Password = redhat This password is not in encrypted form.6.9-5.d/rc 0 l1:1:wait:/etc/rc.d/rc.conf #vi /etc/grub.EL.conf Default = 0 Timeout = 5 Splash image=(hd0. Inittab found in /etc/inittab #vi /etc/inittab id:5:initdefault: si::sysinit:/etc/rc.sysinit l0:0:wait:/etc/rc.d/rc 2 l3:3:wait:/etc/rc.conf and its symbolic links found in /etc/grub.xpm.conf file found in /boot/grub/grub.d/rc 1 l2:2:wait:/etc/rc.d/rc 4 l5:5:wait:/etc/rc.d/rc 3 l4:4:wait:/etc/rc. Method II: Encrypted form #grub-md5-crypt >>/etc/grub.6. INITTAB FILE Run level setting are done in inittab file.gz Hidden menu Title Redhat Linux Root (hd0.conf Enter two times the password 49 .0)/grub/splash.d/rc 5 l6:6:wait:/etc/rc.0) Kernel /vmlinuz-2.Grub.img 2.d/rc 6 ca::ctrlaltdel:/sbin/shutdown –t3 –r now * 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6 X:5:respawn:/etc/x11/prefdm –nodaemon Setting Grub Password Two method are used to set grub password Method I: #vi /etc/grub.

Command to check the attribute #lsattr /etc/passwd 50 .conf Copy that password line from the bottom most and paste it bellow hidden menu option as Password –md5 <password> Save and exit Root Login Problem: When we type username as “root” and password as “redhat” . Step 1 : Start in single user mode and change the password: #passwd root Type password as ‘redhat’ and then restart the system . (!) mark lock the password Root:!$2gr…………. first check that /bin/bash exist in /etc/shells. Different case is to be considered. system unable to login. it should be blank empty ( : : :) If problem still occurs do the Step 4 Step 4: Sometime some attribute are set on the /etyc/passwd or /etc/shadow file. #usermode –s /binbash root Before changing the shell. remove it . In this case we need to trouble shoot this problem. it should be root and /bin/bash Case I: If username is changed then do as follow #username –l oldname newname Case II: If shell is changed to /sbin/nologin then change it to. we need to remove that. And also check the last three column. If such attribute are present. If present.conf Now open file #vi /etc/grub. if problem still occurs do the step 2: We start the system with single user mode #vi /etc/passwd Check the following line Root:x:0:0:root:/root:/bin/bash Just check the first and last option.In this case the password will be encrypted and directed (>>) to file grub. If not then install the rpm of bash shell #rpm –q bash If problem still occurs do step Step 3 Step 3: Check the file shadow find out if theree is a (!)mark at the starting of password entry. which make these two file write and append protected.

So in that case we need to make all these entry and again check for username and password if problem still occur do step 6 51 ./etc/passwd ---ai----.#lsattr /etc/shadow ---------./etc/shadow In this case we need to remove the attribute #chattr –ai /etc/passwd #chattr –ai /etc/shadow Note: In order to add attribute (+) sign is used. If we remove all these entry then we cannot login to any terminal./etc/passwd Suppose attribute is set ---ai----. If problem still occurs then use the Step 5 If system shows message that ‘chattr’ and ‘lsattr’ command not found. to remove (-) sign is used. we need to check the rpm if not installed . we need to install the rom #rpm –q e2fsprogs Step 5: Open the file /etc/securetty file to check the entry of virtual console and tty entry #vi /etc/securetty Check the following entry Console vc /1 vc /2 vc/3 vc /4 vc /5 vc /6 vc /7 vc /8 vc /9 vc /10 vc /11 tty 1 tty 2 tty 3 tty 4 tty 5 tty 6 tty 7 tty 8 tty 9 tty 10 tty 11 if we remove any one line say tty1 then we cannot login at terminal 1 but we can login to another terminal.

/etc/shadow Sometime we find that shadow file and its back file shadow.conf Remove the following line from the bottom -:ALL:ALL If problem still occur so Step 9 Step 9: If password is changing but still unable to login Copy two file #cp /etc/passwd. that is why we nned to remove the entry from /etc/rc./etc/passwd #cp /etc/shadow. we cannot login through root. Then open the file #vi /etc/rc.local Check the entry /etc/nologin in the file if present remove that: in rc.local file.Step 6: Check the file /etc/nologin. remove this line and along with this also check the file #vi /etc/security/access. So first change the permission #chmod 600 /etc/securetty Then login if problem still occur then do Step 8 Step 8: Check the file /etc/pam. If problem still accur then use Step 7 Step 7: Check the permission for /etc/securetty file . in this case we need to generate the shadow file as #pwconv Step 10: Sometime the password age expired then do the following to check the age #chage –l root If password age is expired #chage root In this Account Expiration date : Change the date 52 . if present remove this file. If problem still present then check the following line Account required pam_access. again the file will create .so Remove this line if present.local file only one entry is present Touch /var/lock/subsys/local If you find “ touch /etc/nologin” remove this line . it should be 600 (rw for user no permission for the group and other) #ll /etc/securetty If permission are changed we cannot login.does’nt exist.d/login #vi /etc/pam. even if we remove nologin file from /etc and if we restart.d/login Check for following line Auth required denied.so If this line is present.

d/login And make all the field as optional Step 12: Sometime attribute is set on /etc/shadow file. password age is expired ad the root permission is changed for command ‘chattr’ In this case first change the permission for ‘chattr’ #chmod 700 /usr/bin/chattr Remove the attribute on shadow file #chattr –ai /etc/shadow And finally set the date for the password #chage –E -1 root 53 . Step 11: If problem still occur then simply open the file /etc/pam.Or #chage –E -1 root In this case the root password will never expire.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->