You are on page 1of 14

LINUX Administrator’s

hostname is set by files.


May change manually.

“/bin/hostname” specify name server, DNS domain and

during

/etc/HOSTNAME
/etc/sysconfig/network
/etc/NETWORKING

(Slackware) (Redhat)
boot and the name
is read from these
MOUSETYPE=Microsoft network settings, NETWORKING=yes
network XEMU3=yes HOSTNAME=hostname.domain.com
contains

User Management etc/resolv.conf


search order. For Example:
NFS File Sharing
search la.asu.edu
nameserver 129.219.17.200 Files
/etc/hosts
Files host name to IP mapping file. /etc/fstab file systems mounted during boot.
host name information look up order. /etc/exports NFS server export list.
/etc/group
/etc/passwd /etc/host.conf Example:
User account information. /etc/auto.master auto mount master file.
order hosts, bind
/etc/shadow
/etc/bashrc
multi on Commands
/etc/profile BASH system wide and per user init files. /etc/nsswitch.conf new way to specify information source.
mount mount a file system or all entries in fstab.
/etc/networks
$HOME/.bashrc exportfs export file system listed in exports
/etc/protocols TCP/IP services and ports mapping.
/etc/services showmount –e show file systems exported
$HOME/.bash_profile
TCSH system wide and per user init files. hostname
/etc/rpc RPC service name to their program numbers
/etc/csh.cshrc mapping.

/etc/csh.login
$HOME/.cshrc
$HOME/.tcshrc
$HOME/.login

/etc/skel template files for new users. Commands Printer Configuration


default for certain commands. netconfig menu driven Ethernet setup program. Files
/etc/default pppsetup setup PPP connection (Slackware). /etc/printcap
Redhat and Slackware version info (Linux
/etc/redhat-release kernel version with “uname –a”) setup Ethernet during boot, for example /etc/printcap.local Printer capabilities data base.
/etc/slackware-version /etc/lpd.conf LPRng configuration file.
/sbin/ifconfig eth0 ${IPADDR} broadcast
permissions control file for the LPRng line
Commands
adduser script to create an new user interactively ${BROADCAST} netmask ${NETMASK} /etc/lpd.perms printer spooler
(slackware) or link to useradd (Redhat). ifconfig
/sbin/route add -net ${NETWORK} netmask /etc/hosts.lpd Access control (BSD lpd).
create, delete, modify an new user or update ${NETMASK} eth0
useradd, userdel, /etc/hosts.equiv trusted hosts.
default new user information..
usermod update and create new users (batch mode). /sbin/route add default gw ${GATEWAY} netmask PRINTER Environment variable of default printer.
newusers 0.0.0.0 metric 1 /dev/lp0 parallel port.
add, delete or modify group. host lookup host name or IP (similar to nslookup).
groupadd, groupdel,
groupmod
modify account policy (password length, dnsdomainname show DNS domain name. Commands line printer control program, print queue
expire data etc.) or finger information (full arping; arp find out Ethernet address by first arping then arp. lpc, lpq, lprm
name, phone number etc.) change default login maintain
chage. chfn, chsh ipchains firewall and NAT (/etc/sysconfig/ipchains on Redhat)
shell.
iptables firewall and NAT (/etc/sysconfig/iptables on Redhat)
Sendmail
ntsysv menu driven SYSV service configuration (Redhat)
linux init=/bin/sh rw gain root access during boot prompt without
command line SYSV service configuration (Redhat)
Files
chkconfig
password, can be used to fix some problems. sendmail.cf “sendmail.cf” is the configuration file. “sendmail.mc” is
mount –w -n –o remount / a macro file which can be used to generate “sendmail.cf”
sendmail.mc
Network Configuration
Files Redhat files in /etc/sysconfig by: m4 sendmail.mc > sendmail.cf
mail aliases, must run “newaliases” after change. use
aliases
Configuration Files :include: to include external list in a file.
/etc/rc.d/rc.inet1
(Slackware) /etc/sysconfig/nework- scripts/ifcfg-eth0 IP address, Network mask, Default gateway are in these files. modify network parameters.
(Redhat) May edit manually
to
keyboard keyboard map, e.g., per user aliases, use expand
KEYBOARD=”/usr/lib/kdb/keytables/us.map” .forward access
\ yourname to and keeps a copy in mailbox.
mouse Mouse type, e.g., prevent further mail access control, FEATURE(access_db) should be set
in

/etc/mail/relay-

sendmail.mc. For example, in /etc/mail/access


cyberpromo.com REJECT
m
ydo
mai
n.com RELAY
spam@somewhere.com DISCARD
Commands
makemap hash /etc/mail/access < /etc/mail/access

list all host/domain accepted for relaying.

domains
sysctl configure kernel
modules_install Building and installing modules. show or edit cron jobs.
parameters (Redhat).
socklist
Manage Modules list opened socked. unconfigure system
shutdown [–r|h]
insmod, lsmod, modinfo,
Compile now
reboot / halt computer
Modules
nmap
make modules
scan a host for opened
crontab
make ports.
sys-unconfig
newaliases rebuild the data base for the mail aliases file. modprobe, rmmod, Manage loadable modules. chkconfig --list list services started at different run level.
depmod
unset TMOUT disable BASH auto-logout feature
build access database, e.g,
makemap makemap hash access.db<access unset autologout disable TCSH auto-logout feature
Miscellaneous kudzu probe for new hardware (Redhat).
Useful Configuration Files Files rpm -i INSTALL a package
rpm -e UNINSTALL a package
Files /etc/shells allowed login shells rpm
rpm -q QUERY a package
Apache web server configuration file. /etc/ftpusers user names NOT allowed to use ftp. rpm -U UPDATE a package
httpd.conf LILO boot loder configuration file. /etc/hosts.allow save a man page as a text file and remove control
man cmd | col –b
lilo.conf
syslog.conf System log daemon (syslogd) configuration. /etc/hosts.deny TCP wrapper access control files. >cmd.txt characters.

/etc/sysconfig
ssh_config SSH client and server configuration files. contains system configuration files. Run ntop and listen on web port 3000. View traffic
(redhat)
ntop –w 3000 with browser to http://hostsname:3000
sshd_config /dev/fd0 floppy drive A
default dynamic library search path (run
ld.so.conf ldconfig). /etc/inittab system run level control file.
mtool configuration file (access DOS file). /etc/init.d

mtools.conf
named.conf DNS name server (BIND). Commands Configure Apache 2.0 with SSL
kernel parameters by sysctl (Redhat). fromdos, todos mod_ssl
sysctl.conf (Slackware) (1) when compile apache, specify –enable-ssl for configure script.
net time server.
dos2unix, convert text file from/to linux format. By default, ssl is not enabled. After compiling, use “httpd –l”
ntp.conf Internet super server. to list the modules. “mod_ssl” should be in them.
unix2dos
inetd.conf (Redhat) (2) generate private key with command:
Extended inetd configuration.
openssl genrsa -out server.key 1024
Xinetd.conf, Xinet.d pwck, grpck verify integrity of password and group files.
directory proftpd FTP server. pwconv, (3) generate certificate request

proftpd.conf pwunconv, openssl req -new -key server.key -out server.csr


network backup server. convert to and from shadow passwords and groups.
grpconv,
amanda.conf PINE mail client system wide settings. (4) generate self-signed certificate
grpuncov
/etc/pine.conf openssl x509 -req -days 60 -in server.csr -signkey server.key -out
shadowconfig toggle shadow passwords on and off.
/etc/pine.conf.fixed server.crt
quota,
(5) modify “ssl.conf” which is included in “httpd.conf”. Note,
edquota,
Rebuild Kernel quotacheck, specify “httpd –DSSL”, otherwise, commented out <IfDefine SSL>

Configure Kernel Parameters make zImage quotaon, ifup


quotaoff,
cp repquota,
Unpack the tarball in /usr/src directory arch/i386/boot/bzImage
make config bzip2 -dc linux-2.4.0.tar.bz2 | tar xvf – lilo -D dos
/boot/vmlinuz
make menuconfig
ldd
make xconfig Configuring the kernel with interactive, menu
or X window interface. lsof
fuser filename
Compile Kernel Source
ifdown
make dep Building and installing a new kernel.
Manage disk quota. in ssl.conf. precede every
bring up/down a priority with an equation sign (``='') to specify only this single priority
and not any of the above. You may also (both is valid, too) precede the
set LILO default OS (default=dos in lilo.conf)
network interface Syslog.conf priority with an exclamation mark (``!'') to ignore all that priorities, either
exact this one or this and any higher priority.
find out shared library dependencies. (Redhat) Each line consists of a selector and an action. A selector has two

list opened files. parts:


show processes that using the file. facilities and priorites, separated by a period (.),You may
c
o mm
a nd

Example:

security = user

mail.notice /var/log/mail # log to a file


*.emerg @myhost.mydomain.org # log to remote host

In this (default) security mode, samba maintain its own user login database /usr/sbin/smbpasswd . Note, the user login file and command
which is usually in /etc/samba/smbpasswd. This file is created with
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to
## Change source addresses to 1.2.3.4. mangle This table is used for specific types of packet alteration.
1.2.3.4
Note: separator between first column and second colume (log file name) have the same name but in different directories. Following settings are used: Build-in chains:
1. PREROUTING — This chain alters packets
must be TAB, not spaces. encrypt passwords = yes
auth, auth-priv, cron, daemon, kern, lpr, mail, mark, smb passwd file = /etc/samba/smbpasswd received via a network interface before they are
facilities
news, syslog, user, uucp, local0 – local7. routed.
security = domain
debug, info, notice, warning, err, crit, alert, emerg. In this security mode, samba server must join to an NT domain (using net 2. OUTPUT — This chain alters locally-generated
priorities command) and authenticate users by a domain controller. A user must have packets before they are routed via a network
Regular File:
both valid UNIX and NT account in order to access files. interface.
File with full pathname beginning with “/”.
action
Terminal and Console: security = server
Commands
Specify a tty, same with /dev/console. Use another computer (NT or W2k) to authenticate users. No need to join a
Remote Machine: domain. Need to specify a login server: --flush | -F Flush (delete) rules in the selected chain.
@myhost.mydomain.org password server = mywin.domain.com
--policy | -P Set default policy for a particular chain.
security = share --list | -L List all rules in filter table, use [–t tablename] to
Give each share a password, no user name needed. specify other tables.
Samba File and Printer Sharing
--append | -A A appends a rule to the end of the specified chain.

Introduction IPtables (Netfilter) -insert | -I Inserts a rule in a chain at a particular point.

Samba provides file and printer sharing with MS Windows computers. It Command Syntax Other commands:
(1) --new | -N (2) --delete | -D (3) --replace | -D (4) --zero | -Z
makes UNIX speaks SMB/ICFS file and printer sharing protocol. The iptables [-t <table >] <command > <chain > <parameters> (5) –check | -C (6) delete-chain | -X (7) rename-chain | -E
latest version of samba can be downloaded from
Save and Restore rules
http://www.samba.org . /sbin/iptables-save > /etc/sysconfig/iptables Parameters
/sbin/iptables-restore < /etc/sysconfig/iptables
Samba is controlled by a configuration file “smb.conf”. On Redhat Linux, --proto | -p [!] name protocol: by number or name, including tcp,
one can use “ redhat-config-samba” to modify the configuration file. On
Firewall script sample udp, icmp or all.
other systems, SWAT is a web based GUI interface. SWAT is run from
http://tiger.la.asu.edu/iptables_examples.htm
“inetd” and listen to port 901. You just need point your browser to --source | -s [!] addr/mask source IP address.
http://localhost:901 after starting swat. Build-in Table --destination | -d addr/mask destination IP address.

filter This is the default table for handling network packets. Build- --in-interface | -i incoming interface name, e.g. eth0 or ppp0.
Commands in chains are: --out-interface | -o outgoing interface name.
1. INPUT — This chain applies to packets received
• To test if the syntax of “smb.conf” is correct, use via a network interface. --jump | -j jump to a particular target when matching a
2. OUTPUT — This chain applies to packets sent rule. Standard options: ACCEPT, DROP,
testparm smb.conf out via the same network interface which received QUEUE, RETURN , REJECT . May jump
• List shares on a Samba or Windows server the packets. to a user defined chain.
3. FORWARD — This chain applies to packets --fragment | -f match second or further fragments only.
smbclient –L machinename -U username
received on one network interface and sent out on
• Connect to a Samba or Windows server and get/put files using another.
FTP like commands:
Options for TCP and UDP protocol
nat This table used to alter packets that create a new connection.
smbclient //machinename/sharename -U username Build-in chains: --sport | --source-port source and/or destination port. Can specify a
1. PREROUTING — This chain alters packets --dport | destination-port range like 0:65535, use exclamation
received via a network interface when they arrive. character (!) to NOT match ports.
2. OUTPUT — This chain alters locally-generated
packets before they are routed via a network
Security Mode in “smb.conf” interface.
Options for TCP only
3. POSTROUTING — This chain alters packets --syn Match SYN packets.
before they are sent out via a network interface.
--tcp-flags Match TCP packets with specific bits set. For example, -p
## Masquerade everything out ppp0.
iptables -t nat -A POSTROUTING -o ppp0 -j tcp –tcp-flags ACK,FIN,SYN SYN will only match TCP
MASQUERADE packets that have the SYN flag set and the ACK and FIN
flags unset.
Options for ICMP only
xhost server access control root window parameter setting utility for X. Option "StandbyTime" "time"
program for X. Sets the inactivity timeout for the "standby" phase of DPMS mode in
xsetroot
minutes. Default 20 min.
--icmp-type [!] type Match specified ICMP type. Valid ICMP type can be xlsfonts server font list displayer for X.
Option "SuspendTime" "time"

list by
iptables –p icmp -h xset ser preference utility for X. Sets the inactivity timeout for the "suspend" phase of DPMS mode, default
30 min.
Option "OffTime" "time"
Option for state module (-m state --state) XF86Config Sets the inactivity timeout for the "off" phase of DPMS mode, default 40
ESTABLISHED The matching packet is associated with other XFree86 uses a configuration file called XF86Config for its initial setup.
min.
This file is normally located in “/etc/X11” or “/etc” directory. The Option "DefaultServerLayout" "layout_id"
packets in an established connection.
RELATED The matching packet is starting a new connection XF86Config file is composed of a number of sections which may be Specify the default ServerLayout section to use. Default is the first
related in some way to an existing connection. present in any order. Each section has the form: ServerLayout section.
The matching packet is either creating a new Section "SectionName" EXAMPLE
NEW connection or is part of a two-way connection not Section "ServerFlags"
SectionEntry
previously seen. Option "BlankTime" "99999"
...
Option "StandbyTime" "99999"
The matching packet cannot be tied to a known EndSection
Option "SuspendTime" "99999"
INVALID connection.
The graphics boards are described in the Device sections, and the monitors Option "OffTime" "99999"
EndSection
are described in the Monitor sections. They are bound together by a Screen
X Window (XFree86) section. Keyboard and Mouse are described in InputDevice sections,
although Keyboard and Pointer are still recognized. ServerLayout section
is at the highest level and bind together the InputDevice and Screen Module Section
Files sections.
Load "modulename"
To set screen resolution, in “Screen” section and Subsection “Display”, A special keyword called Option may be used to provide free-form data to Load a module. The module name given should be the module's standard
specify a mode. For example: Modes “1024x768” name, not the module file name.
various components of the server. The Option keyword takes either one or
two string arguments. The first is the option name, and the optional second EXAMPLE
To specify screen refresh rate, in “Monitor” section, specify vertical rate.
argument is the option value. All Option values must be enclosed in quotes. Section "Module"
For example: VertRefresh 70-120
Load "extmod"
$HOME/.xinitrc File Section Load "type1"
/etc/X11/xinit/xinitrc EndSection
FontPath "path"
/etc/X11/xinit/xinitrc.d scripts run after X server started Font path elements may be either absolute directory paths, or a font server
$HOME/.Xclients
identifier
/etc/X11/xinit/Xclients InputDevice Section
RGBPath "path"
/etc/sysconfig/desktop decide which desktop (GNORM, KDE) to start
(Redhat). (by /etc/X11/prefdm) Sets the path name for the RGB color database. There are normally at least two InputDevice sections, one for Keyboard and
/etc/X11/fs/config configuration of X11 font path (font server). one for Mouse.
ModulePath "path"
Allows you to set up multiple directories to use for storing modules loaded Identifier
by the XFree86 server.
Commands start X window system.
Specify an unique name for this input device.
EXAMPLE Driver
startx
Section "Files" Specify the name of the driver to use for this input device..
Xconfigurator RgbPath "/usr/X11R6/lib/X11/rgb"
Option "CorePointer"
(Redhat) setup X server and generate XF86config. FontPath "unix/:7100"
This input device is installed as the primary pointer device.
xfree86setup EndSection
(Slackware) Option "CoreKeyboard"
xf86config Serverflags Section This input device is the primary Keyboard.
XFree86 -configure XFreee86 auto configuration (Plug-n-Play), Option "DontZap" "boolean"

generate a template named “XF86Config.new”


Ctrl+Alt+F7
Ctrl+Alt+Del stop X server (on some system Ctrl+Alt+ESC).
SuperProbe
F1 temporary switch to text mode, F7 switch
Ctrl+Alt+F1 xvidtune back to graphic mode.

xmodmap detect graphic hardware.


adjust X server origin and Disable use Ctrl+Alt+Backspace to terminate X server.
Option "BlankTime" "time"
size. Option "DontZoom" "boolean" Sets the inactivity timeout for the blanking phase of the screensaver in
Disable use ‘ Ctrl+Alt+Keypad +’ and ‘ Ctrl+Alt+Keypad -’ to minutes. Default 10 min.
modifying key map and switch video
mode.
mouse button map.
S
cre
en

Section

Section "InputDevice"

EXAMPLE
Identifier An unique name for this ServerLayout Section.
Identifier "Generic Keyboard" Screen Section binds Device and Monitor sections. There must be at least
Screen screen-num "screen-id" position-information
Driver "keyboard" one Screen Section. The active one is in ServerLayout section. The screen-id field is mandatory, and specifies the Screen section being
Option "AutoRepeat" "500 30" Identifier referenced.
Specify an unique name for this Screen Section.
InputDevice "idev-id" "option" ...
Option "CoreKeyboard"
Device "device-id" Normally at least two are required, one for the core pointer and the other for
EndSection
This specifies the Identifier of Device section to be used for this screen. the primary keyboard devices.
Section "InputDevice"
Identifier "PS2 Mouse"
Monitor "monitor-id" EXAMPLE
"mouse"
This specifies the Identifier of Monitor section to be used for this screen. Section "ServerLayout"
Driver "CorePointer"
Identifier "Default Layout"
"Device" "/dev/mouse" DefaultDepth depth
Screen "My Screen"
Option "Protocol" "PS/2" Default color depth, like 8, 16 or 24.
InputDevice "Generic Keyboard"
"Emulate3Buttons" "true" Option "Accel" InputDevice "PS/2 Mouse"
Option Enables XAA (X Acceleration Architecture), default is ON. EndSection
Option
DISPLAY SUBSECTION
Option
EndSection
Each Screen section must have at least one Display Subsection which
matches the depth values in DefaultDepth.
Boot Sequences
Depth depth

Device Section
Specifies information about the video card used by the system. You must This entry specifies what color depth of this Display Subsection. Redhat
Virtual xdim ydim Usually the Linux kernel file is /boot/vmlinuz and is loaded by a boot
have at least one Device section in your configuration file. The active device
Specifies the virtual screen resolution to be used. loder (e.g., LILO). The first process created by the kernel is /sbin/init. It
is in ServerLayout->Screen. ViewPort x0 y0 uses a configuration file /etc/inittab. init process runs /etc/rc.d/rc.sysinit
script first, then runs all scripts in /etc/rc.d/rc N.d , where N is the default
Sets the upper left corner of the initial display.
run level defined in inittab. The actual scripts are stored in /etc/rc.d/init.d
Identifier
Modes "mode-name" ... and proper links are created in run level directoris to point to
Secifies the list of video modes to use. Each mode-name specified must be corresponding scripts in init.d directory. The last script to run is
Specify an unique name for this graphics card.

Driver
Specify the name of the driver to use for this graphics card.
EXAMPLE
Section "Device" in double quotes. They must correspond to those specified in the appropriate /etc/rc.d/rc.local.
Monitor section (including implicitly referenced built-in ESA standard
Identifier "ATI Mach64" modes). mode can be switched with Ctrl+Alt+Keypad-Plus or Run level 1: Single user mode
Ctrl+Alt+Keypad-Minus. Run level 3: Multiuser mode
VendorName "ATI MACH64" Run level 5: Multiuser model with X11
EXAMPLE
VideoRam 2048
EndSection
Identifier "Generic Monitor " Section "Screen"
VendorName "Monitor Vendor" Identifier "My Screen”
ModelName "Monitor Model" Device " ATI Mach64"
Monitor Section HorizSync 31.5-56.6 Monitor " Generic Monitor"
Monitor section describes a monitor. There must be at least one monitor VertRefresh 40-70 DefaultDepth 16
EndSection SubSection "Display"
section and the active one is used in ServerLayout->Screen.
Depth 16
Identifier Modes "1024x768" "800x600" "640x480"
Specify an unique name for this monitor. EndSubSection
HorizSync horizsync-range SubSection "Display"
Depth 24
Gives the range(s) of horizontal sync frequencies of this monitor in kHz.
Modes "1024x768" "800x600" "640x480"
VertRefresh vertrefresh-range EndSubSection
Gives the range(s) of vertical sync frequencies of this monitor in Hz. EndSection

EXAMPLE
Section "Monitor"
ServerLayout Section Slackware
In Slackware, Linux kernel is /boot/vmlinuz and the first process started
ServerLayout section binds a Screen section and one or more InputSection
by the kernel is /sbin/init. Its configuration file is /etc/inittab. init first
to form a complete configuration. The active ServerLayout section is
specified in ServerFlags. If not, the first ServerLayout section is active. If no runs script /etc/rc.d/rc.S , then runs /etc/rc.K for single user mode or
/etc/rc.M for multiuser mode. The last script to run is /etc/rc.d/rc.local.
ServerLayout sections are present, the single active screen and two active
(core) input devices are selected as described in the relevant sections.
rc.S calls scripts (rc.modules, rc.pcmcia, rc.serial and rc.sysvinit).
rc.M calls scripts (rc.inet1, rc.inet2, rc.httpd, rc.samba ) and start some
network server (lpd, httpd etc.)
rc.inet1 sets IP address, Mask, and default Gateway.

Run level 1: Single user mode


Run level 3: Multiuser mode
Run level 4: Multiuser model with X11