Linux Essential B 1 4

-
C h a pte r 1 0. A n a l y z i n g a n d Sto r i n g Logs

-
l o g f i l es a re rotated w e e k l y, b u t log rotate rotates some fa ster, o r s l ower, o r when t h ey rea c h a
certa i n s ize.
-
Confi g u rat ion of l o g rotate is n ot cove red in t h i s cou rse. Fo r m o re i nfo rmat i o n , see t h e
log rotate(8) m a n page.
-
Analyze a syslog entry

The system l o g s written by r syslog sta rt with t h e o l d est message on top a n d t h e newest -
message at the end of the l o g f i l e. A l l l o g entries in log files m a n a g ed by r syslog a re recorded
in a sta n d a rd format. T h e fo l l owing exa m p l e w i l l e x p l a i n t h e a n atomy of a l o g f i l e m e s s a g e in the
/va r/log/ sec u re log f i l e : -
C» Feb 11 20 : 11 : 48 E> 1ocalhost sshd [1433] : Failed password for student from
172 . 25 . 0 . 10 port 59344 ssh2
E> C> -
_
i --- - - - --·---·--- ·-�,
-
ct The t i m e sta m p w h e n t h e log e n t ry was record e d .
E) The host from w h i c h t h e log message was sent.
E) The progra m or p rocess that sent t h e log message. -
() The act u a l message sent.
Monitor a log file with t ail

-
I t is especia l l y h e l pf u l for re p rod u c i n g p ro b l e m s a n d issues t o m o n itor o n e o r m ore l o g f i l e s for

events. The t ail - f /pat h / t o/file co m m a n d o u t puts the l a st 1 0 l i nes of the f i l e specified -
a n d cont i n ues to o u t p u t new l i nes a s t h ey get w ritte n to t h e m o n itored file.
To monitor for fa i l e d login attem pts o n o n e term i n a l , r u n s s h a s user root w h i l e a u s e r tries to -
log i n to t h e serverX m a c h i n e :
[ root@serverX -]$ t ail f /var/log/secure -
Feb 10 09 : 01 : 13 localhost sshd [2712] : Accepted password for root from 172 . 25 . 254 . 254
-
port 56801 ssh2

Feb 10 09 : 01 : 13 localhost sshd [2712] : pam�unix( sshd : session ) : session opened for user
-
root by ( uid=0)
Send a syslog message with l o g g e r

-
The logge r co m m a n d c a n s e n d messages to t h e r syslog se rvice. By defa u l t . it s e n d s t h e -

message to t h e fa c i l ity u s e r with severity notice ( u s e r . not ice) u n less specified o t h e r w i se w i t h
t h e - p opt i o n . I t i s especia l l y usefu l to test c h a n g es to t h e r syslog confi g u ra t i o n .
-
To send a m e s s a g e to r sy s logd t h a t g e t s recorded i n t h e / v a r /log/boot . l o g l o g f i l e,
execute:
[ root ; @serverX
-
i - ] $ logger -p local7 . notice " Log e n t r y c reated on s e rverX"
236 R H 1 24- R H E L 7 - e n -1 -20140606 -
-
-
S e n d a sys log message w i t h logge r

-
- R References
logge r (1), t ail(1 ), rsyslog . conf(5), a n d log r o t ate(8) m a n pages
- r syslog M a n u a l
• / u s r /share/doc / r syslog - * /manual . h t m l p rov i d e d b y t h e rsys/og-doc
package
-
A d d i t i o n a l i n fo r m a t i o n m a y b e a va i l a b l e in t h e Red Hat Enterprise Linux System

Administrator's Guide fo r Red H a t Enterprise L i n u x 7, w h i c h c a n be fou nd a t
- htt p://docs.re d h at.co m /
- R H 1 24- R H E L 7-en-1-20140606 237
-
-
C h a pter 1 0. A n a l y z i n g a n d Sto r i n g Logs

-
P ra ct i ce: Fi n d i n g Log E nt ries

-
Guided exercise -
I n t h i s l a b, you w i l l reconfig u re r syslog to write specific messages to a new l og f i l e.

-
Outcomes:
The r syslog service writes a l l messages with prio rity debug to t h e
/var /log/messages - de bu g l o g f i l e f o r tem pora ry t rou b l es h o o t i n g p u rposes. -
D 1. Config u re rsyslog o n serverX to log a l l messages with severity d e b u g i n t h e n e w l y

c reated l o g f i l e /va r/log/messages - de bug b y a d d i n g t h e r syslog confi g u ra t i o n f i l e
-
/ e t c / r syslog . d/debug . c o n f . Ve rify t h a t a g e n e rated d e b u g l o g message w i t h t h e
logge r com m a n d a r rives i n t h e /va r/log/message s - d e b u g l o g f i l e.
-
D 1 .1 . C h a n g e t h e r syslog config u ration t o l o g a l l m e s s a g es w i t h severity
d e b u g to /va r/log/me s s ages - de b u g o n serverX by a d d i n g t h e
/ e t c / r syslog . d / d e b u g . c o n f f i l e.
-
[ root@serverx - ] # echo " * . debug /var/log/messages - debu g " >/et c / rsyslog . d/

debu g . conf
-
D 1 .2. Restart t h e rsys log s e rvice on se rve rX.
i [ root@serverx - ] # systemctl r e s t a r t
� --�- -----��-
-
- -·
----�-- ---
rsyslog
------- -�-�-----]
-
D 2. G e n e rate a d e b u g l o g message w i t h t h e logge r com m a n d a n d verify that t h e message
gets l o g g e d to t h e l o g f i l e /va r /log/me s s ages - de b u g w i t h t h e t ail co m m a n d o n
serverX.
-
D 2 .1 . M onitor t h e /var /log/messages - debug w i t h t h e t ail c o m m a n d o n serverX.
[ root@serverx
l -
I - ] # t ail - f /var/log/message s - debug
l
D 2.2. O n a s epa rate term i n a l w i n dow, u s e t h e log g e r c o m m a n d to g e n e rate a d e b u g -
message o n se rve rX .
,
i [ root@serverx
.------�-----------··
!
··- -- --- -------�
- ] # logger - p u s e r . debug " De b u g Message Tes t "
-
D 2.3. Switch b a c k to t h e t e rm i n a l st i l l r u n n i n g t h e t ail - f /var /log/messages -

debug co m m a n d a n d verify t h e message sent w i t h t h e log g e r com m a n d s h ows
u p.
[ root@serverx - ] # t ail - f /var/log/message s - debug

-
Feb 13 10 : 37 : 44 localhost root : Debug Message Test -
238 R H 1 24-RH E L 7-e n-1-20140606 -
-
-
Rev i ew i n g syst e m d J o u r n a l Entries

-
Rev i ew i n g syst e m d J o u rn a l E nt ri es
-
-
O bjectives
After com p l et i n g t h i s sect i o n , students s h o u l d be a b l e to f i n d a n d i nterpret l o g e n t r i e s in t h e
syste m d j o u r n a l to trou b l eshoot p ro b l e m s o r review syste m status.
j o u r n alc t l
-
Finding events with

The syst e m d j o u r n a l stores l o g g i n g data i n a s t r u c t u re d , i n d exed b i n a ry f i l e. T h i s data i n c l u d es
-
extra i nfo r m a t i o n a bo u t t h e l o g eve nt. For sys l o g eve nts, t h i s can i n c l u d e t h e fa c i l ity and p r i o rity
of the o r i g i n a l message, for exa m p l e.
-
Important
- I n Red Hat E n t e r p r i s e L i n u x 7, t h e sys t e m d j o u r n a l is stored i n / r u n / log by d e fa u lt.
and its contents a re c l e a red after a re boot. This sett i n g can b e c h a n g e d by t h e syste m
a d m i n istra t o r a n d i s d i s c u ssed e l sew h e re i n t h i s cou rse.
-
The j ou rnalc t l com m a nd s hows the fu l l syst e m j o u r n a l , sta rti n g with the o l d e st log ent ry,
-
w h e n r u n as root us er :
[ root@serverx -)# j ou r nalc t l

Feb 13 10 : 01 : 01 server1 run -parts (/etc/cron . hourly} [8678] : starting 0yum- hourly . cron
Feb 13 10 : 01 : 01 server1 run -parts( /etc/cron . hourly} [8682] : finished 0yum- hourly . cron
Feb 13 10 : 10 : 01 server1 systemd [1] : Starting Session 725 of user root .
-
Feb 13 10 : 10 : 01 server1 systemd [1) : Started Session 725 of user root .

- Feb 13 10 : 10 : 01 server1 CROND [8687] : ( root ) CMD ( /usr/lib64/sa/sa1 1 1}
The j ou r nalc t l co m m a n d h i g h l i ghts i n b o l d text messages o f prio rity notice o r wa r n i n g , a n d
-
messages o f p r i o rity error a n d h i g h e r a re h i g h l i g hted i n red.
The key to s u ccessf u l l y u s i n g t h e j o u r n a l for t ro u b l e s h o ot i n g a nd a u d i t i n g is to l i m it t h e jo u r n a l

- searches t o o n l y s h ow re l eva n t output. I n t h e fo l l owi n g pa ra g ra p hs, va r i o u s d i fferent strategies
to red u c e t h e output of j o u rn a l q u e r ies w i l l be i nt ro d u c e d .
- By defa u lt. j ou r nalc t l -n s h ows t h e l a st 1 0 l o g e n t ries. I t ta kes a n o pt i o n a l p a ra m eter for h o w

m a n y of t h e l a st l o g e n t r i e s s h o u l d b e d i s p l a y e d . To d i s p l ay t h e l a st 5 l og entri es, r u n :
I [ root@serverX - )# j ou rnalctl - n 5
I
W h e n trou b l es h o ot i n g p ro b l e m s , it is usef u l to fi l t e r t h e output of t h e j o u r n a l by p r i o rity of

-
t h e j o u r n a l e n t ries. T h e j ou r nalc t l - p takes e i t h e r t h e n a m e or t h e n u m be r of t h e known
prio rity leve l s and s h ows t h e g iven l evels and a l l h i g h e r - l evel e ntries. T h e p riority l eve l s known to
j ou rnalc t l a re d e b u g , i nfo, noti ce, wa r n i n g , e r r, crit. a l e rt. and e m e rg .
-
To fi lter t h e o u t p u t of t h e j ou r nalc t l co m m a n d to o n l y l i st a ny l o g e n t ry of p r i o rity err o r

a bove, r u n :
[ root@serverx -]#
--
j ou r nalct l - p e r r
- R H1 24- R H E L7-e n-1-20140606 239
-
-

-
S i m i l a r to the t ail - f c o m m a n d , j ou r n alc t l - f outputs t h e l a st 1 0 l i nes of t h e j o u r n a l and

conti n u es to output new j o u r n a l entries a s t h ey get w ritten to t h e j o u r n a l . -
I
I [ root@serverX -]# j ou r nalctl - f
!
-
W h e n l o o k i n g for specific events, it is usefu l to l i m i t t h e o u t p u t to a specific t i m e frame. T h e

j ou r nalc t l com m a n d h a s t w o options to l i m i t t h e o u t p u t to a s pecific t i m e ra nge, t h e - -
-
since a n d - - u n t il o pt i o n s. Both options take a t i m e para m eter i n t h e format YYYY - MM - DD
hh : mm : s s. I f t h e date is o m itted, t h e co m m a n d a s s u m es t h e date is today, a n d if t h e t i m e part is
o m itted, t h e whole d a y sta r t i n g at 00:00:00 is a s s u m e d . Both options take yes t e r d ay, today,
-
a n d t omo r row as va l i d p a ra m eters in a d d i t i o n to t h e d a te a n d t i m e f i e l d .
O u t p u t a l l j o u r n a l entries t h a t got record e d today:
[ root@serverx -]#
-
j ou rnalctl - - since today
O u t p u t t h e j o u r n a l entries from 1 0 t h Fe b r u a ry 2014 20:30:00 to 1 3 t h Fe b r u a ry 2014 1 2 : 00:00:
I [ root@serverX -]# j ou r nalc tl - - since " 2014 - 02 - 10 20 : 30 : 00 " - - un t il " 20 14 - 92 - 13 12 : 00 : 00 " I -
l - -- - - -� j
I n a d d i t i o n to t h e vis i b l e content of t h e j o u r n a l , t h e re a re f i e l d s a ttached to t h e log e n t ries that
-
can o n l y be seen w h e n verbose o u t p u t is t u rn e d o n . All of t h e d i s p l ayed extra fie l d s c a n be used
to f i l t e r t h e output of a j o u r n a l q u e ry. T h i s is usef u l to red uce t h e output of c o m p l ex searches for
cert a i n events i n t h e j o u r n a l .
-
[ root@serverx -]# j ou r nalctl - o verbose

Thu 2014-02-13 02 : 06 : 00 . 409345 EST [s=0b47abbf995149c191a8e539e18c3f9c ;
i=d2B ; b=lea26e84667848af9a4a2904a76ff9a5 ; m = 4d6878ff5a ; t=4f244525daa67 ;
x=880bc65783036719]
-
PRIORITY=6
UID=0
_GID=0
_BOOT_ID=1ea26e84667848af9a4a2904a76ff9a5
-
_MACHINE_ID=4513ad59a3b442ffa4b7ea88343fa55f
_CAP_EFFECTIVE=0000001fffffffff
_TRANSPORT=syslog
-
SYSLOG_FACILITY=10
SYSLOG_IDENTIFIER=sshd
_COMM=sshd
_EXE=/usr/sbin/sshd
-
_SYSTEMD_CGROUP=/system . slice/sshd . service

_SYSTEMD_UNIT=sshd . service
_SELINUX_CONTEXT=system_u : system_r : sshd_t : s0 - s0 : c0 . c1023
_HOSTNAME=serverx
-
_CMDLINE=sshd : root [priv]

SYSLOG_PID=6833
_PID=6833
-
MESSAGE=Failed password for root from 172 . 25 . X . 10 port 59371 ssh2

_SOURCE_REALTIME_TIMESTAMP=1392275160409345 -
!-� -�- -------�-
A m o n g t h e m o re usef u l o p t i o n s to searc h for l i n e s rel eva nt to a partic u l a r p rocess o r eve nt a re :

-
_CO M M T h e n a m e of t h e c o m m a n d
• _EX E T h e path to t h e executa b l e for t h e process -
-
240 R H 1 24- R H E L 7-en-1-20140606
-
-
F i n d i n g events w i t h j ou r nalc t l
-
• _P I O T h e P I O o f t h e p rocess
- • _U I O The U I O of t h e user r u n n i n g the p rocess
_SYST E M O_U N I T T h e syste m d u n it that sta rted t h e process

-
M o re t h a n one of t h ese can be co m b i n ed. Fo r exa m p l e, the fo l l o w i n g q u ery sh ows a l l j o u r n a l
e n t r i e s re l ated to p rocesses sta rted by t h e syste m d u n it f i l e s s h d . s e rvice, w h i c h a l so h a ve P I O
-
1 1 82 :
[ root@serverX -]# j ou r nalc t l _SYSTEMD_UNIT=sshd . se rvice _PID=1182

-
Note
-
For a l ist of co m m o n l y u s e d j o u r n a l f i e l d s , cons u l t t h e syste m d .j o u r n a l -f i e l d s(7) m a n
page.
-
R References
-
j ou r nalc t l(1 ) a n d system d .j o u rn a l-fie l d s (7 ) m a n pages
Addi ti o n a l information m a y b e ava i l a b l e i n t h e Red Hat Enterprise Linux System

-
Administrator's Guide for Red H a t Enterprise L i n u x 7, w h i c h c a n be fou n d at
htt p://docs.redhat.com/
-
- R H 1 24- R H E L 7-en-1-20140606 241
-
-
C h a pter 1 0. A n a l y z i n g a n d Sto r i n g L o g s
-
P ra ct ice: Fi n d i n g Eve nts Wit h j o u rn a l ct l

-
Guide d exercise -
I n t h i s l a b, you w i l l f i l t e r t h e syste m d j o u r n a l for specific c r i t e r i a .
-
Outcomes:
S t u d e nts w i l l p ractice d i s p l ay i n g the syst emd j o u r n a l output m a tc h i n g d ifferent crite r i a .
D 1. O u t p u t o n l y s y s t e m d j ou r n a l m essages t h a t o r i g i n ate from t h e syst emd p rocess t h a t -
I [ root@serverx -]#
a l ways r u n s with p rocess i d 1 o n se rve rX.
-
j ou r nalc t l _PID=1
D 2. D i s p l a y a l l syst emd j o u r n a l messages t h a t o r i g i nate from a syste m se rvice sta rted with -
! [ root@serverx -]#
u s e r i d 81 on serverX.
r----�� ·-��-�--��---.
j ou r nalc t l _UID=81 -
;
D 3. Output t h e j o u r n a l m essages w i t h prio rity wa rning and a b ove o n se rverX.

-
[ root@serverX -]#
r-
! j ou rnalc t l - p wa rning
L__ _��·
-
D 4. C reate a j ou r nalc t l q u e ry to s h ow a l l log eve nts record e d i n t h e previous 1 0 m i n utes

o n s e rverX. The co m m a n d a s s u m e s a c u r rent t i m e of 9:1 5 : 0 0.
! [ root@serverx - ] # j ou r nalc t l
-
- ·-·-- - - -
,-
- - since 9 : 05 : 00 - - u n t il 9 : 15 : 90
-------�
-
D 5. D i s p l a y only t h e eve nts o ri g i n a t i n g from t h e s s hd service with the system unit f i l e
s s h d . se rvice recorded s i n ce 9:00:00 t h i s m o r n i n g o n s e rverX.
[ root@serverx -]#
-
I j ou r nalc t l - - since 9 : 00 : 00 _SYSTEMD_UN IT= " sshd . servic e "
242 R H 1 24- R H E L7 - e n -1-20140606 -
-
-
Preserv i n g t h e syste md J o u r n a l
-
P rese rvi n g t h e syste m d J o u rn a l

-
-
Objectives
Afte r com p l et i n g t h i s sect ion, students s h o u l d be a b l e to confi g u re syst emd - j ou r nald to store
its j o u r n a l o n disk rat h e r than i n m e m o ry.
-
Store the syste m journal per manently

- By defa u lt, t h e syst e m d j o u r n a l is kept in / r u n /log/j ou r nal, w h i c h m e a n s it i s c l e a red w h e n
t h e system re boots. T h e j o u r n a l is a new m e c h a n i s m i n R e d Hat Enterprise L i n u x 7, a n d f o r most
i n sta l l at i o n s, a d eta i l e d j o u r n a l t h a t starts with the l a st boot is sufficient.
-
I f t h e d i rectory /va r / log/j o u r nal exists, the j o u r n a l w i l l l o g to t h a t d i rectory i n stea d . The

adva nt a g e of t h is is t h e h isto ric data w i l l be a va i l a b l e i m m e d iate l y a t boot. However, even w i t h
- a persiste nt j o u r n a l , n ot a l l data w i l l be k e p t fo reve r. T h e j o u r n a l h a s a b u i l t - i n l o g rota t i o n
mec h a n i s m t h a t w i l l t r i g g e r m o nt h l y. I n a d d i t i o n , by defa u lt, t h e j o u r n a l w i l l not b e a l l owed to get
l a rg e r than 1 0% of the file system it is o n , o r l eave less than 1 5 % of t h e file system f ree. These
- va l u e s c a n b e tuned i n /etc/syst emd/j ou r nald . conf, and the c u rre n t l i m its o n t h e size
of t h e j o u r n a l a re logged w h e n t h e syst emd - j o u r n ald process starts, a s ca n b e seen by t h e
fo l l o w i n g com m a n d , w h i c h s h ows t h e top two l i n e s of j ou r nalc t l o u t p u t :
[root@serverX -]# j ou r nalct l I head - 2

-
-- Logs begin at Wed 2014-03-05 15 : 13 : 37 CST, end at Thu 2014-03-06 21 : 57 : 54 CST .

Mar 05 15 : 13 : 37 serverX . example . com systemd -j ournal [94] : Runtime j ournal is using 8 . 0M
(max 277 . BM, leaving 416 . 7M of free 2 . 7G, current limit 277 . BM ) .
-
-
The syste m d j o u r n a l c a n be m a d e persistent by creat i n g t h e d i rectory /var/log/j ou r nal a s
user root:
- I
I [root@serverx -]# mkdir /var/log/j o u r nal
- E n s u re t h a t t h e /va r / log/j o u r nal d i rectory is owned by the root u s e r a n d g ro u p syste md

j o u r n a l , and h a s t h e p e r m i s s i o n s 2755.
[root@serverx -]#
[root@serverx -]#
-
c hown root : syst emd - j o u rnal /var/log/j ou rnal
chmod 2755 /var/log/j ou rnal
-
E i t h e r a re boot of the system or s e n d i n g the s p e c i a l s i g n a l USRl a s user root to the syst emd
j ou r nald p rocess is req u i red.
I [root@serverx -]#
-
killall - USR1 systemd - j ou r nald
-
S i nce t h e systemd j o u r n a l is now persistent a c ross reboots, j ou r nalc t l - b c a n red u ce t h e
o u t p u t by o n l y s h o w i n g t h e l o g m e s s a g e s s i n c e t h e last b o o t of t h e syste m .
[root@serverX -]#
-
j ou r nalc tl - b
R H1 24- R H E L 7 - en -1 -20140606 243
-
-
Note
-
W h e n d e b u g g i n g a system c ra s h w i t h a p e rs i stent j o u r n a l , it is us u a l l y req u i re d to

l i m it the j o u r n a l q ue ry to the reboot before the c ra s h h a p pe n ed. The - b o p t i o n can
be acco m p a n ied by a n egative n u m be r i n d icat i n g to how many prior syst e m boots t h e -
output s h o u l d b e l i m ited. Fo r exa m p l e, t h e j ou r nalc t l - b - 1 l i m it s t h e o u t p u t t o

the prev i o u s boot.
-
R References -
��- -- __j
mkd i r (1 ) , syst emd - j o u r nald (1 ), a n d killall(1 ) m a n pages
Add i t i o n a l i nfo r m a t i o n may be ava i l a b l e i n the Red Hat Enterprise Linux System -
Administrator's Guide for Red Hat Enterprise L i n u x 7, w h i c h c a n be fo u n d at

http://do cs . r edhat.com/
-
244 R H 1 24- R H E L7 - e n -1-20140606 -
-
-
P ractice: Config u re a Persistent systemd J o u r n a l

-
P ra ct i ce: Confi g u re a Pe rs i ste nt syste m d

-
J o u rn a l
-
Guided exercise
-
I n t h i s l a b, students w i l l m a ke t h e syste m d j o u r n a l persistent.
Outcomes:
-
The syst emd jou rna l i s writte n to d is k .
D 1. Config u re t h e systemd j o u r n a l t o be p e rsistent a c ross reboots.

-
D 1 .1 . Confi g u re t h e d i rectory /va r/log/j o u r n al on se rve rX.
[ root@serverx -]# m k d i r
[ root@serverx -]# chown
-
/var/log/ j ou rnal
[ root@serverx -]# c hmod

root : systemd - j ou r n al /var/log/j ou rnal
2755 /var/log/ j o u rnal
-
I [ ro ;t@serverX -]#
D 1.2. S e n d the USRl s i g n a l to the syst emd - j ou r nald o r reboot serverX.
-
killall - USR1 systemd - j o u rnald
!
- D 2. To verify t h e syste md j o u r n a l is persistent, l o o k for a new d i rectory w i t h t h e syste m d

j o u r n a l l o g f i l e s t h a t h a ve b e e n written t o /va r/log / j ou r nal. (The exact f i l e s w h i c h
a p p e a r may va ry on yo u r syste m , but t h e d i rectory s h o u l d have s i m i l a r contents to t h e
- fo l l owi ng exa m p l e.)
[ root@serverx -]# ls /var/log/j o u rnal/45 13ad59a3 b442ffa4b7ea88343fa55f

- system . journal user-1000 . journal
- R H 1 24- R H E L7-en-1-20140606 245
-
-
M a i nta i n i n g Acc u rate T i m e

-
O bjectives
-
Aft e r com p l et i n g t h i s sect i o n , students s h o u l d be a b l e to m a i nt a i n a ccu rate t i m e syn c h ro n i z a t i o n
a n d t i m e z o n e co nfig u ra t i o n to e n s u re correct t i mesta m p s i n system l og s .
-
Set local clocks and time zone

C o r rect sy n c h ro n i zed system t i m e is very i m portant for log f i l e a n a l ysis a c ross m u l t i p l e systems.
-
T h e Network Time Protocol (NTP) i s a sta n d a rd way for m a c h i n es to p rov i d e and obta i n correct
t i m e i nfo r m a t i o n o n the I nt e r n et. A m a c h i n e may g et a c c u rate t i m e information from p u b l i c N T P
services o n t h e I nternet s u c h a s t h e N T P Pool Project. A h i g h-q u a l ity h a rdwa re c l o c k to s erve
-
a c c u rate t i m e to l ocal c l ients is a no t h e r option.
T h e t imedat e c t l co m m a n d s hows a n overview of t h e cu rrent t i m e-re l ated system sett i n g s,

-
i n c l u d i n g c u rrent t i me, t i m e z o n e, a n d N T P sy n c h ro n i za t i o n sett i n g s of t h e system.
[student@serverX -]$ t imedatectl

Local time : Thu 2014-02-13 02 : 16 : 15 EST
Universal time : Thu 2014-02-13 07 : 16 : 15 UTC
-
RTC time : Thu 2014-02-13 07 : 16 : 15

Timezone : America/New_York ( EST, -0500 )
NTP enabled : yes
-
NTP synchronized : no
RTC in local TZ : no
DST active : no
Last DST change : DST ended at
-
Sun 2013-11-03 01 : 59 : 59 EDT

Sun 2013-11-03 01 : 00 : 00 EST
Next DST change : DST begins ( the clock j umps one hour forward ) at
Sun 2014-03-09 01 : 59 : 59 EST
-
Sun 2014-03-09 03 : 00 : 00 EDT -
A data ba s e with known t i m e zones i s a va i l a b l e and can be l i sted w i t h :
[student@serverX -]$
Africa/Abidj an
t imedatectl lis t - timezones
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
-
Africa/Asmara
Africa/Bamako -
T i m e zone n a m e s a re based o n the p u b l i c "tz" (or " z o n e i nf o " ) t i m e zone database m a i n t a i n e d -
b y I A N A. T i m e z o n e s a re n a m e d based o n cont i n e nt o r oce a n , t h e n typica l l y but not a l ways t h e

l a rg est c i t y with i n the t i m e z o n e reg i o n . Fo r exa m p l e, m ost of t h e U S M o u nta i n t i m e z o n e i s
"A m e rica/De nver." -
S e l e c t i n g t h e correct n a m e c a n be n o n-i nt u it ive in cases w h e re loca l ities i n s i d e the t i m e z o n e

have d iffe rent d a y l ight s a v i n g t i m e r u l es. Fo r exa m p l e, i n t h e U SA , m u c h o f t h e state of A r i z o n a -
( U S M o u n t a i n t i m e) does not h ave a d ay l i g ht s a v i n g t i m e a dj u s t m e n t a t a l l a n d i s i n t h e t i m e z o n e

"A m e rica/P h o e n i x."
246 R H 1 24- R H E L 7-en-1-20140606 -
-
-
....
Config u r i n g a n d m o n ito r i n g c h ro nyd

-
The com m a n d t z select is usefu l for i d e n t i f y i n g correct z o n e i nfo t i m e zone n a m es. It

intera c t i ve l y p ro m pts t h e user w i t h q u est i o n s a b o u t the syste m ' s l o c a t i o n , a n d o u t p uts the n a m e
-
of t h e correct t i m e z o n e. I t d o e s n o t m a ke a ny c h a nges t o t h e t i m e z o n e sett i n g o f t h e syste m .
The syste m sett i n g f o r t h e cu rre n t t i m e z o n e c a n be adjusted a s u s e r root:

-
[ root@serverX -]# t imedatectl set - timezone America/Phoenix

[root@serverX -]# t imedatectl
Local time : Thu 2014-02-13 00 : 23 : 54 MST
-
RTC time : Thu 2014-02-13 07 : 23 : 53

Timezone : America/Phoenix (MST, -0700 )
NTP enabled : yes
-
- DST active : n/a
To c h a n g e t h e c u rrent t i m e a n d d a t e sett i n g s w i t h t h e t imed a t e c t l com m a n d , t h e s e t - t ime
option is a va i l a b l e. The time is specified in the " YYYY- M M - D D h h : m m:ss" format, w h e re e i t h e r
d a t e o r t i m e c a n be o m itted. To c h a n g e t h e t i m e to 09:00:00, r u n :
[root@serverx -]$
[root@serverX -]$
-
t imedatectl set - time 9 : 00 : 00
Local time : Thu 2014-02-13 09 : 00 : 27 MST

t imedatectl

RTC time : Thu 2014-02-13 16 : 00 : 28
-
Timezone : America/Phoenix (MST, - 0700 )

NTP enabled : yes
-
DST active : n/a

-
The set - n t p o pt i o n e n a b les o r d i sa b l es N T P sy n c h ro n i zation f o r a ut o m a t i c t i m e adjustme nt.

The option req u i res e i t h e r a t r ue o r false a rg u m e n t to turn it o n o r off. To t u r n o n NTP
-
sync h ro n iz a t i o n , r u n :
- I [student@desktopX -]$ timedat e c t l set - nt p t r ue
- Configuring and monitoring chronyd

The c h r o nyd service keeps t h e u s u a l ly-i n a c c u rate loca l h a rdwa re c l o c k ( RTC) on t ra c k by
sync h ro n i z i n g it to t h e confi g u red N T P se rvers, or if no network c o n n ectivity is ava i l a b l e,
-
to the ca l c u l ated RTC c l o c k d rift w h i c h is recorded in t h e d rift file s p e c ified i n t h e
/ e t c / c h rony . conf confi g u ra t i o n f i l e.
-
By defa u l t , c h r o nyd uses servers from t h e N T P Pool P roj ect for t h e t i m e syn c h ro n ization a n d
does n o t n e e d a d d i t i o n a l confi g u ra t i o n . I t m a y be usef u l t o c h a n g e t h e N T P servers w h e n t h e
m a c h i n e i n q u est i o n i s o n a n isolated netwo r k .
-
The q u a l ity of a n N T P t i m e s o u rce i s d ete r m i n e d by t h e s t rat um va l u e reported by t h e t i m e

s o u rce. T h e s t r a t u m d ete r m i n e s t h e n u m b e r of hops t h e m a c h i n e i s a w a y from a h i g h
-
perfo r m a n ce refere n c e c l ock. The refe rence c l o c k is a s t r a t u m a t i m e s o u rce. A n N T P server
d i rect l y att a c h e d to it i s a s t r a t u m 1, w h i l e a m a c h i n e syn c h ron i z i n g t i m e from the N T P server
i s a s t r a t u m 2 time s o u rce.
-
- R H1 24- R H E L 7-en-1-20140606 247
-
-
There are two categ o r i es of t i m e so u rces t h a t c a n b e config u red i n t h e / e t c / c h rony . conf

confi g u ra t i o n file, s e rve r and pee r . T h e se rve r i s one stra t u m a bove the l oca l NTP s e rver, a n d
-
t h e p e e r is at t h e s a m e stra t u m l eve l . M o re t h a n o n e s e rve r a n d m o re t h a n o n e p e e r can be
s pecified, one per l i ne.
-
The fi rst a rg u m e n t of the se rve r l i n e i s the IP a d d ress or DNS name of the NTP server. Fo l l ow i n g
t h e se rve r I P a d d ress o r n a me, a s e r i e s of opt i o n s for t h e s e r v e r can b e l i sted. I t is reco m m e nded
to u s e the ibu r s t o pt i o n , beca use after t h e service sta rts, fo u r mea s u re m ents are t a k e n i n a
-
s h o rt t i m e period for a m o re accu rate i n it i a l c l o c k syn c h ro n ization.
To reconfi g u re t h e c h r o nyd server to sy n c h ro n i z e w i t h c l a ssroom .exa m p l e.com i n stead of t h e

-
defa u lt servers confi g u re d i n t h e / e t c / c h rony . conf, re m ove t h e ot h e r server entries a n d
re p l ace t h e m w i t h t h e fo l l owing confi g u ra t i o n f i l e e n t ry:
Use public servers from the pool . ntp . org project .

-
server classroom . example . com iburst

#
-
After p o i n t i n g c h ronyd t o t h e l oca l t i m e sou rce, c l a s s room.exa m p l e.co m , t h e service n e e d s t o b e
resta rted:
[ root@serverx -]#
-
I systemc t l res ta rt c h ronyd

f
-
The c h r o nyc co m m a n d acts a s a c l ient to t h e c h r o nyd se rvice. After sett i n g u p N T P
sy n c h ro n i z a t i o n , it is u s ef u l to verify t h e N T P s e rver w a s u s e d t o sy n c h ro n i z e t h e system c l ock.
T h i s can b e a c h i eved with t h e c h ronyc sou r c e s co m m a n d o r, for more verbose o u t p u t with -
a d d i t i o n a l ex p l a n a t i o n s about t h e output, ch ronyc sou r ces - v:
[ root@serverx ] $ c h ronyc sources - v

210 Number of sources 1
-
-
Source mode ' A ' server, peer, ' # ' local clock.
I . - Source state ' * ' = current synced, ' + ' = combined , ' - ' = not combined ,
= ' =' = =
I I ' ? ' unreachable, ' x ' time may be in error , time too variable .
-
II - xxxx [ yyyy ] +I-

= = '- ' =
xxxx adj usted offset,

Log2( Polling interval) - I yyyy measured offset,
zzzz
I I I = -
\ estimated error .
I I =
I I I
MS Name/IP address
=
St ratum Poll Reach LastRx Last sample

zzzz
1 1 I I -
A * classroom . example . com 8 6 17 23 -497ns [ - 7000ns ] +/- 956us

= = = = = = = == = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = == = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
The * c h a racter i n t h e 5 (Sou rce state) fie l d i n d icates t h a t t h e c l a s s room .exa m p l e.com s e rver h a s
b e e n u s e d a s a t i m e s o u rce a n d i s t h e N T P s e r v e r t h e m a c h i n e is c u r re n t l y sy n c h ro n ized to.
-
��
.....
Note
-
Red H a t E n t e r p r i s e L i n u x 6 a n d e a r l i e r u s e n t pd a n d n t p q to m a n a g e t h e N T P
config u ra t i o n . Fu r t h e r i nfo r m a t i o n may b e fou n d i n t h e d o c u mentat i o n f o r R e d H a t
Enterprise L i n u x 6. -
248 R H 1 24- R H E L7 - e n -1 -20140606 -
-
-
Confi g u r i n g a nd m o n i t o r i n g c h ro nyd
-
- R References
t imedatec t l(l), t z selec t (8), c h ronyd( 8) , ch rony . conf(5), a n d ch ronyc(l ) m a n
pages
-
A d d i t i o n a l i nfo r m a t i o n m a y b e avai l a b l e i n t h e Red Hat Enterprise Linux System

Administrator's Guide for Red H a t Enterprise L i n u x 7, w h i c h c a n be found at
- http://docs.redhat.com/
N T P Pool Project
- http://www. p oo l . ntp.org /
T i m e Zone Database
-
http://www. i a n a . o rg/t i m e-zones
- R H124- R H E L 7-en-1-20140606 249
-
-
P ra ct i ce: Adj u st i n g Syste m Ti m e -
Quiz -
T h e steps to set u p t h e correct t i m e z o n e a n d a dj u st system c l ocks by u s i n g t imed a t e c t l a n d

c h ronyd fo l l ow. I n di cate t h e o rd e r i n w h i c h t h e steps s h o u l d b e taken. -
a . I d e ntify t h e a p p ropriate time z o n e with t h e t imedat e c t l list - t imezones co m m a nd .

-
b. Ve rify t h e c l oc k w a s s y n c h r o n i z e d a g a inst t h e n e w l y s pecified N T P s o u rce w i t h t h e
c h ronyc sou rces c o m m a n d .
-
c . Po i n t c h ronyd to a new t i m e sou rce b y a dj u s t i n g / e t c / c h rony . conf.
d . Tu r n o n NTP sy n c h ro n ization.
-
e. Review c u rrent sett i n g s with t imedatectl.
f . S e t t h e correct t i m e z o n e w i t h t imedat e c t l s e t - t imezone. -
g . Restart t h e c h ronyd serv ice.

-
-
250 R H 1 24- R H E L7-en-1-20140606
-
-
S o l ut i o n
-
Solution
-
The steps to set u p t h e co rrect t i m e z o n e a n d a dj u st syste m c l ocks by u s i n g t imeda t e c t l a n d

c h ronyd fo l l ow. I n d icate t h e order i n w h i c h t h e steps s h o u l d be t a k e n .
-
2 a . I d e n t ify t h e a p p ro p riate t i m e zone w i t h t h e t imedat e ct l lis t - t imezones co m m a n d .
7 b. Verify t h e c l o c k w a s syn c h ro n ized a g a i nst t h e n e w l y specified N T P s o u rc e w i t h t h e

-
c h r onyc sou rces co m m a n d .
5 c. Po i n t c h ronyd t o a n e w t i m e s o u rce by a dj u s t i n g / e t c / c h rony . conf.

-
4 d . Tu r n o n N T P syn c h ro n i z a t i o n .
- 1 e. Rev iew c u rrent sett i n g s w i t h t imed a t e c t l.
3 f. Set t h e correct t i m e zone with t imed a t e c t l set - t imezone.

-
6 g . Restart t h e c h ronyd service.
- R H 1 24- R H E L 7-en-1-20140606 2 51
-
-
L a b : A n a l yz i n g a n d Sto ri n g Logs -
Perfor mance checklist ·-
I n t h i s l a b , students w i l l c h a n g e t h e t i m e z o n e a n d l o g a l l a ut h e n t i ca t i o n fa i l u re l o g entries i nto a

sepa rate f i l e. ·-
Outcomes:
The time z o n e sett i n g o n t h e serverX m a c h i n e is a dj u sted; a l l syst emd j o u r n a l entries recorded ·-
i n a given time fra m e a re d i s p l ayed; a l l sys l og messages with t h e a u t h p r i v fa c i l ity and seve rity
a l e rt a re l o g g e d i nto a s e p a rate log f i l e.
Before you begin ...

Reset yo u r serverX syste m .
·-
1. Yo u r serverX m a c h i n e has bee n re l ocated t o J a m a ica. C h a n g e t h e t i m e z o n e o n t h e serverX
m a c h i n e to J a m a i c a and verify the time zone has been c h a n g e d p ro p e r l y.
-
2. Display a l l syst emd j o u r n a l e n t r i es reco rded i n t h e last 3 0 m i n utes o n serverX.
3. Confi g u re r syslogd by a d d i n g a r u l e to the n e w l y created confi g u ra t i o n f i l e

-
/et c / r syslog . d / au t h - e r ro r s . c o n f to l o g a l l security a n d a u t h e nt i c a t i o n messages
with t h e p r i o rity a l e rt a n d h i g h e r to t h e /var/log/au t h - e r ro r s f i l e a s we l l . Test t h e
newly a d d e d l o g d i rective with t h e logge r c o m m a n d .
-
-
252 R H 1 24- R H E L7-e n-1-20140606
-
-
S o l ut i o n
-
Solution
-
I n t h i s l a b, students wi l l c h a n g e t h e t i m e z o n e a n d l o g a l l a u t h e nt i ca t i o n fa i l u re l o g e n t ries i nto a
sepa rate fi l e.
-
Outcomes:
The time z o n e sett i n g o n t h e serverX m a c h i n e is adjusted; a l l sys t emd j o u rn a l e n t ries recorded
i n a g iven time fra m e a re d i s p l ayed; a l l sys log messages w i t h t h e a u t h p r i v fac i l ity and seve rity
-
a l ert a re l o g g ed i nto a sepa rate l o g f i l e.

-
Reset yo u r serverX system.
1. Yo u r se rve rX m a c h i n e h a s b e e n re located to J a m a ica. C h a nge t h e t i m e z o n e o n t h e s e rverX

- m a c h i n e to J a m a i ca a n d verify t h e t i m e z o n e h a s b e e n c h a nged p ro p e r l y.
1 .1 . I d e ntify t h e correct t i m e z o n e f o r J a m a i ca o n serverX.
[ root@serverx -]# t imedatectl

-
Africa/Abidj an
list - t imezon e s
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
-
Africa/Asmara
America/Jamaica
-
1.2. C h a nge the t i m e z o n e to J a maica o n serverX.
-
I [ root@serverx -]#
i
t imedatectl set - t imezone Ame r ica/J amaica
1.3. Ve rify t h e t i m e z o n e h a s b e e n p rope r l y set o n serverX.

-
[ root@serverx -]#
Local time : Thu 2014-02-13 11 : 16 : 59 EST
t imedatectl

RTC time : Thu 2014-02-13 16 : 17 : 00
-
Timezone : America/Jamaica ( EST, -0500}

NTP enabled : yes
-
-
DST active : n/a
2. Display all syst emd j o u r n a l e n t ries reco rd ed i n t h e l a st 3 0 m i n utes o n serverX.
-
A s s u m i n g the c u rrent time i s 9:30:00, the fo l l ow i n g c o m m a n d wo u l d be used
-
I [ root@serverx -]# j ou rnalc t l - - since 9 : 00 : 00 - - u n t i l 9 : 30 : 00
3. Config u re r syslogd by a d d i n g a rule to the n ew l y c reated confi g u ration fi l e

- /et c / r syslog . d/au t h - e r r o r s . conf t o l o g a l l secu rity a n d a u t h e nt i c a t i o n messages
w i t h t h e priority a l e rt and h i g h e r to t h e /va r /log/au t h - e r ro r s fi l e a s we l l . Test the
n ew l y a dded l o g d i rective w i t h t h e logge r com m a n d .
-
- R H 1 24- R H E L 7-en-1-201 40606 253
-
-

-
3.1 . Add t h e d i rective to l o g a u t h p riv . ale r t sys l o g messages to t h e

/var /log/au t h - e r ro r s f i l e i n t h e / e t c / r syslog . d/au t h - e r ro r s . c o n f
-
confi g u ra t i o n f i l e.
[ root@serverX -]# echo " au t h p riv . ale r t /var/log/au t h - e r ro r s " >/e t c / r syslog . d/ -
au t h - e r ro r s . conf
3.2. Restart the r syslog service o n serverX. -
[ root@serverx -]# sys t emc t l restart r syslog

-
3.3. M o n itor the n e w l y created log f i l e /var/log/au t h - e r r o r s o n s e rverX for c h a n g es i n

a d i fferent term i n a l w i n d ow. -
[ root@serverx -]# t ail - f /var/log/au t h - e r r o r s

-
3.4. U s e t h e log g e r to c reate a new log entry to t h e /va r / log/au t h - e r r o r s o n serverX.
[ root@serverx -]# log g e r - p authpriv . ale r t " Logging t e s t au t h p r iv . ale r t "

-
3.5. Ve rify t h e message s e n t t o sys l o g with t h e logge r c o m m a n d a p pe a rs i n t h e -
/var/log/au t h - e r ro r s o n se rve rX i n t h e term i n a l r u n n i n g t ail - f /va r / log/

au t h - e r ro r s .
[ root@serverx -]# t ail - f /var/log/aut h - e r r o r s

-
Feb 13 11 : 21 : 53 serverl root : Logging test authpriv . alert

-
254 R H 1 24- R H E L 7-en-1-20140606 -
-
-
Solution
-
S u m m a ry
-
Syste m Log A rc h itect u re

T h e l o g a rc h itect u re c o n s i sts of sys t emd - j ou r nald for co l l ec t i n g a n d r syslog to
-
s o rt and w r ite l og messages to the log f i l es.
Reviewi n g Sys l o g Fi l es
T h e syste m l o g f i l e s a re m a i n ta i n e d by r syslog.
Review i n g syst e m d J o u r n a l E n t ries

- T h e syste m d j o u r n a l p rovides advanced capa b i l ities to q u e ry for eve nts.
Prese r v i n g the syst e m d J o u r n a l

- Config u ri n g sys t emd - j o u r nald to p e r m a n e n t l y store t h e j o u r n a l o n d i s k .
M a i nta i n i n g A cc u rate T i m e
- T i m e sy n c h ro n ization is i m porta n t for l o g f i l e a n a l ys i s .
- R H 1 24- R H E L 7-en-1-20140606 255
-
-
"""'I
'
--
--
'
256
red h at ®
®
TRAINING
C H A PT E R 1 1
MANAGING RED HAT

E N TER P RISE LINUX
NETWOR KING
Overview
Goal To conf i g u re b a s i c 1 Pv4 networking on Red H a t Enterprise

Linux systems.
Objectives • E x p l a i n f u n d a m e n t a l concepts of computer netwo r k i n g .
• Test a n d review c u rrent n etwork configurat i o n w i t h b a s i c

uti lities.
• M a nage network sett i n g s a n d devices with nmcli and

N etworkM a nag er.
• M odify network set t i n g s by e d i t i n g t h e confi g u ration files.
• Config u re a n d test system host name a n d n a m e res o l u t i o n .
Sections • N etwo r k i n g Concepts (and Pra c t i ce)
• Va l id a t i n g N etwork Config urat i o n (and Practice)
• Confi g u r i n g N etwo r k i n g w i t h nmcli (and Pract i ce)
• E d i t i n g N etwork Confi g u ra t i o n Files (a n d Practice)
• Confi g u r i n g H ost N a mes and N a m e Reso l u t i o n (and

Practice)
Lab • M a naging Red H a t Enterprise L i n u x Netwo r k i n g
R H124- R H E L7-en-1-2 0140606 2 57

-
C h a pter 11 . M a n a g i n g Red H a t Enterprise L i n u x N etwo r k i n g
N etwo r k i n g C o n c e pts
Objectives
After com p l e t i n g t h i s sect i o n , s t u d e n t s s h o u l d be a b l e to ex p l a i n f u n d a m e n t a l concepts of
c o m p u t e r netwo r k i n g .
-
1 Pv4 networking
TC P/ I P sta n d a rds fo l l ow a fou r-layer network m o d e l specified i n R FC1122. -
• Application
-
E a c h a p p l ication h a s s pecificat i o n s for com m u n i c a t i o n so t h at c l ients a n d servers m a y

com m u n icate a c ross p l atfo r m s . C o m m o n protoco l s i n c l u d e S S H (remote l o g i n ) , H T T P S (se c u re
web), N FS or C I FS (fi l e s h a ri n g ) , a n d S M T P (e l e c t r o n i c m a i l d e l i ve ry).
• Transport
Tra nsport p rotoco l s a re TC P a n d U D P. TCP is a re l i a b l e c o n n e c t i o n-oriented com m u n ic a t i o n ,

w h i l e U D P is a connect i o n l ess datagram protoco l . A p p l ic a t i o n p rotoco l s u s e TCP o r U D P ports.
A l i st of we l l -k n own and reg i stered ports ca n be fo u n d i n the /e t c/se rvices f i l e.
-
W h e n a pac ket is sent o n t h e network, t h e com b i n a t i o n of t h e service port a n d I P a d d ress

forms a soc ket. Each pac ket h a s a s o u rce soc ket and a d e st i n a t i o n soc ket. This i n fo r m a t i o n can
-
b e used w h e n m o n i to r i n g and f i l t e r i n g .
• Internet
-
T h e I nternet. or network l ayer, carries d ata from t h e s o u rce host to t h e dest i n at i o n host. Each
host has a n I P a d d ress and a p refix u s e d to dete r m i n e network a d d resses. Routers a re u s e d to
-
con nect networks.
I C M P i s a control p rotocol a t this l ayer. I n stead of po rts, it has types. T h e ping u t i l ity i s a n
exa m p l e o f u s i n g I C M P p a c kets t o test connectiv ity. ping s e n d s a n I C M P EC H O_R E O U EST
pac ket. A s u ccessfu l ping receives an I C M P E C H O_R E P LY a c k n ow l e d g m e nt. A n u n s u ccessf u l
p i n g m a y receive I C M P e rro r messages s u c h a s "dest i n a t i o n u n reacha b l e " o r m a y n ot receive
-
any res p o n se.
· Link
-
The l i n k, o r m e d i a a ccess, layer p rovides the c o n n e c t i o n to physical m e d i a . The most c o m m o n

t y p e s o f n etworks a re w i red E t h e r n et (802.3) a n d w i re l e s s W L A N (802.11). E a c h p h ys i ca l d evice
h a s a h a rdware add ress ( M AC) which is used to i d e n t ify the d e st i n a t i o n of pac kets o n the loca l -
network segment.
258 R H 1 24- R H E L 7-en-1-20140606 -
-
-
1 Pv4 netwo r k i n g
-
I P Add ress:
172 . 17 . 5 . 3 - 10101100 . 00010001 . 00000101 . 00000011
- r------
P refix: / 1 6
N et m a s k: "'\
255 . 255 . 0 . 0 - 11111111 . 11111111 . 00000000 . 00000000
"'------v---../
10101100 . 00010001 . 00000101 . 00000011
-
-----""_____../
"'-
N etwork H ost
- I P Add ress:
192 . 168 . 5 . 3 - 11000000 . 10101000 . 00000101 . 00000011
-
Prefix: / 2 4
N e t m a s k:
-
255 . 255 . 255 . 0 11111111 . 11111111 . 11111111 . 00000000
- '---.,-../
1 1 0 0 0 0 0 0 . 1 0 1 0 1 0 0 0 . 0 0 0 0 0 10 1 . 0 0 0 0 0 0 1 1
N etwork H ost
-
Figure 11.1: /Pv4 addresses and netmasks
-
1 Pv4 a d d resses
A n 1 Pv4 a d d ress is a 32-bit n u m be r, n o r m a l l y e x p ressed i n d e c i m a l a s fo u r octets ra n g i n g in va l u e
from 0 to 255, s epa rated b y dots. T h e a d d ress i s divided i nto two pa rts: t h e network part a n d t h e
-
host part. A l l hosts o n t h e s a m e s u b n et, w h i c h c a n ta l k t o e a c h ot h e r d i rect l y w i t h o u t a ro uter,
have t h e s a m e n etwo r k pa rt; t h e network pa rt i d e ntifies t h e s u b net. N o two hosts o n t h e s a m e
s u b n et c a n h ave t h e s a m e host p a r t ; t h e h o s t p a r t identifies a particu l a r h o s t o n a s u b n et.
I n t h e m o d e r n I nter n et, t h e s i z e of a n 1 Pv4 s u b net is va ria b l e. To k n ow w h i c h pa rt of an 1 Pv4

a d d ress is t h e network p a rt a n d w h i c h is t h e host pa rt, an a d m i n istrator m u st know the netmask
-
w h i c h is a s s i g n e d to t h e s u b n et. T h e n et m a s k i n d icates how m a ny bits of t h e 1 Pv4 a d d ress b e l o n g
t o t h e s u b n et. The m o re b its t h a t a re ava i l a b l e fo r t h e host pa rt, t h e m o re hosts c a n be on t h e
-
s u b n et .
The l owest poss i b l e a d d ress o n a s u b net ( h ost part is a l l zeros i n b i n a ry) i s sometimes c a l l e d t h e
-
network address. The h i g hest poss i b l e a d d ress o n a s u b net ( h ost p a r t i s a l l o n e s i n b i n a ry) is used
for broad cast messages i n 1 Pv4, and i s ca l l ed t h e broadcast address.
-
N etwo r k m a s ks a re expressed i n two forms. T h e o l d e r sy ntax for a n et m a s k w h i c h u ses 24 bits for
t h e n etwo r k part wou l d read 255. 255. 255. 0. A newer syntax, ca l l ed C I D R n otat i o n , wou l d spec ify
a network prefix of 124. Both forms co nvey the s a m e i nfor m a t i o n ; n a m e l y, how m a ny l e a d i n g bits
i n t h e IP a d d ress cont r i b ute to its n etwo r k a d d ress.
The exa m p l e s w h i c h fo l l ow i l l u st rate how the IP a d d ress, p refi x ( n e t m a s k ) , n etwo r k part, and host
-
part a re re l a ted.
- R H 1 24- R H E L 7 -en -1-20140606 259
-
C h a pt e r 1 1 . M a n a g i n g Red H a t Enterprise L i n u x Netwo r k i n g
Calculating the network address for 192.168.1.107/24

H ost a d d r 1 92 .168.1 .1 07 11000000 . 10101000 . 00000001 . 01101011
-
N etwork pref i x /24 (255.255.255.0) 11111111 . 11111111 . 11111111 . 00000000
N etwork a d d r 1 92 .1 68.1 .0 11000000 . 10101000 . 00 0 0 0 0 0 1 . 00000000
Broadcast a d d r 192.1 68 .1 .255 11000000 . 10101000 . 00 0 0 0 0 0 1 . 11111111

H ost a d d r 1 0.1 .1 .1 8 00001010 . 00000001 . 00 0 0 0 0 0 1 . 00010010
Network prefix /8 (255.0.0.Q) 11111111 . 00000000 . 00000000 . 00000000
N etwo rk a d d r 1 0.0.0.0 00001010 . 00000000 . 00000000 . 00000000
B roadcast a d d r 1 0.255.255.255 00001010 . 11111111 . 11111111 . 11111111

H ost a d d r 172.168.1 81 .23 10101100 . 10101000 . 10 1 1 0 10 1 . 00010111 -
N etwork prefix /1 9 (255.255.224.0) 11111111 . 11111111 . 11100000 . 00000000

N etwo r k a d d r 172.1 68.1 60.0 10101100 . 10101000 . 10100000 . 00000000
B roadcast a d d r 172.168.191 .255 10101100 . 10101000 . 10111111 . 11111111
-
The spec i a l a d d ress 1 27.0.0.1 a l ways p o i n t s to t h e loca l system ( " l oc a l host " ) , and t h e network
1 27.0.0.0/8 b e l o n g s to t h e l oca l syst e m , so t h a t it c a n ta l k to itse l f using network protoco ls.
-
D N S Serve r
-
To t h e i nt e r n et 1 7 2 . 17 . 0 . 0 / 1 6
-
Defa u l t g ateway for

192 . 168 . 5 . 0/24
-
192 . 168 . 5 . 2 54
1 9 2 . 168 . 5 . 0/24
-
Figure 1 1 . 2: Network routing and DNS concepts -
1 Pv4 ro u t i n g
-
Whether u s i n g 1 Pv4 or 1 Pv6, netwo r k t raffic n e e d s to move from h ost to host a n d n etwo r k to
network. E a c h h ost h a s a routing table, w h i c h te l l s it how to route t raff i c for parti c u l a r networks.
-
260 R H1 24- R H E L 7 - e n -1-20140606
-
1 Pv4 netwo r k i n g
The ro uting table entries w i l l l i st a destination network, w h i c h i nterface t o send t h e t raffic o u t ,

a n d t h e I P a d d ress of a ny intermedi ate router t h a t is req u i red t o re lay t h e m e s s a g e to i t s f i n a l
d esti nation. T h e ro u t i n g t a b l e entry w h i c h matches t h e dest i nation o f t h e netwo rk t raffic i s used
to route it. I f two entries matc h , the one with t h e l o n gest p refix is used.
If t h e network t raff i c does not match a more s p e c i f i c route, the rou t i n g table u s u a l ly has a n entry
for a default route to t h e e n t i re 1 Pv4 I nternet , 0.0.0.0/0. T h i s defa u l t route points to a router on a
rea c h a b l e s u b net (that is, on a s u b net that h a s a m ore s pecific route in t h e host's routing t a b le).
I f a router receives t raff i c t h a t is not a d d ressed to it. i n stead of ignoring it l i ke a normal host,
it forwards t h e t raffic based o n its own ro uting t a b l e. This may send the t raffic d i rectly to the
destination host (if t h e router h a p p e n s to b e o n the d e s t i n a t i o n ' s s u b net), o r it may b e forwa rded
o n to a nother router. This process of forwa rd i n g cont i n u e s u n t i l the t raffic reac h e s its f i n a l
destination.
Example routing table

Desti nation I nterface Router ( i f needed)
1 92 .0.2.0/24 wlol
1 92 .1 68.5.0/24 enp3s0
0.0.0.0/0 (default) enp3s0 192.1 68.5.254
In this exa m p l e, t raffic h e a d ed for the I P a d d ress 1 92 .0.2.1 02 from this host w i l l b e t r a n s m itted
d i rectly to t h a t dest i n a t i o n via the wlol wireless inte rfa ce, because it matches the 1 92 .0.2.0/24
route m ost c losely. Traffic for t h e I P a d d ress 192.168.5.3 w i l l be t ra n s m itted d i rectly to t h a t
d esti nation v i a t h e enp3s0 Ethernet inte rfa ce, because it m a t c h e s t h e 1 92 .168.5.0/24 route m ost
c l os e l y.
Traffic to t h e I P a d d ress 1 0.2.24.1 w i l l be t ra n s m itted o u t t h e enp3s0 Ethe rnet i nterface to a

router at 1 92 .1 68.5.254, w h i c h w i l l fo rwa rd t h a t t raffic on to its f i n a l destination. That t raffic
matches t h e 0.0.0.0 /0 ro ute most c l osely, as t h e re is n ot a m o re specific route i n the rout i n g
t a b l e o f t h i s h ost. The router w i l l u s e i t s o w n ro uting t a b l e t o d ete r m i n e where t o forwa rd t h a t
t raffic t o next.
Names and IP a d d resses

The IP p rotocol uses a d d resses to c o m m u n icate, but h u m a n b e i n g s would rat h e r work with
n a mes than l o n g a n d h a rd-to-re m e m ber st r i n g s of n u m be rs. DNS, t h e D o m a i n N a m e System, i s a
d i s t r i buted network of s e rvers t h a t m a ps host n a mes to I P a d d resses. I n o rder for n a m e s e rvice
to work, t h e host needs to b e p o i nted at a nameserver. This n a meserver does n ot n e e d to b e o n
t h e s a m e s u b net; it j ust needs to b e rea c h a b l e by t h e h ost.
D H C P or static network confi g u ra t i o n

M a ny systems are confi g u red to obtain netwo r k sett i n g s a utomat ic a l l y at boot t i m e. T h e l oc a l
c o n f i g u r a t i o n fi les i n d i cate t h a t D H C P s h o u l d b e used a n d a separate c l ient s e r v i c e q u e ries t h e
network f o r a server a n d o bta i n s a l e a s e f o r n etwork sett i ngs.
I f a D H C P server i s not ava i l a b l e, t h e system m ust use a static configuration w h e re t h e network

sett i n g s are read fro m a l oca l config u ration f i l e. The co rrect n etwork sett ings a re o b t a i n e d from
the network a d m i n istrator o r a rc h itect u re team to e n s u re t h e re a re n o conf l i cts with o t h e r
systems.
S i n ce D H C P uses t h e h a rdwa re a d d ress to tra c k assi g n m ents, o n l y o n e a d d ress m a y be a s s i g n ed

per i nterface with D H C P. M u lt i p le stat i c a d d resses may b e a s s i g n ed to a s i n g l e i nte rface. T h i s
R H 1 24- R H E L7-en-1-2 0140606 2 61

-
C h a pte r 11 . M a n a g i n g Red H a t Enterprise L i n u x N etwo r k i n g
p ra ctice i s c o m m o n i n syst e m s host i n g se rvices f o r m u l t i p l e c l i e nts, s u c h a s HTTP I P-based

host i n g . Red H a t Enterprise Linux i nte rfa ces ty pica l l y have a n 1 Pv4 a d d ress a n d a n 1 Pv 6 l o ca l - l i n k
-
a d d ress, b u t m a y have m o re a d d resses a s s i g n e d .
Network interface names -

Tra d i t i o n a l l y, n etwo r k i nterfaces in L i n u x a re e n u m e rated as e t h0, e t h 1 , e t h2, and so o n .
H owever, t h e mecha n i s m w h i c h sets t h ese n a m es ca n c a u s e c h a n g es to w h i c h i nterface gets
w h i c h name a s devices a re a d d e d and removed. T h e defa u lt n a m i n g behavior i n Red Hat -
E nterprise L i n u x 7 is to a s s i g n fixed n a mes based o n f i r mwa re, d evice topol ogy, and device type.
I nt e rface n a m es have t h e fo l l owi n g c h a ra cters:
• Et h e r n et i nte rfa ces beg i n with en, W L A N i nterfaces b eg i n with w/, and WWAN i nt e rfaces b eg i n
w i t h WW.
-
• T h e next c h a racte r(s) represents t h e type of a d a pt e r w i t h a n o for on-board, s for h ot p l u g s l ot,
and p for P C I geo gra p h i c l o c a t i o n . Not used by defa u l t b u t also avai l a b l e to a d m i n istrators, a n x
is u sed to i n co r p o rate a M A C a d d ress.
• F i n a l l y, a n u m be r N i s used to re p resent a n i n d ex, I D, o r po rt.

-
• I f the fixed name ca n n ot b e d ete r m i n ed , the t ra d i t i o n a l n a m es such a s ethN w i l l b e u s e d .
Fo r exa m p l e, t h e fi rst e m b e d d e d n e t w o r k i n terfa ce m a y be n a m e d eno1 a n d a P C I c a rd n etwork

i nterface m a y be named enp2s0. T h e new names m a ke it easier to d i st i n g u i s h t h e re l a t i o n s h i p
betwee n a p o r t a n d i t s n a m e if t h e u s e r k n ows bot h , b u t t h e t ra d e off is t h a t u s e rs ca n n ot
a s s u m e a system with o n e i nte rface ca l l s that i nte rfa ce e t h0.
-
Note
-
Network i nterface n a m i n g ca n be ove r r i d d e n . I f t h e a d m i n istrator h a s i n sta l l e d a n d
e n a b l ed t h e biosdevname package o r set customized u d ev device n a m i n g r u l es,
t hose sett i n g s w i l l ove r r i d e t h e defa u lt n a m i n g s c h e m e. D e p e n d i n g o n s u p p o rt for -
biosdevname in t h e system B I OS, n a m es such a s em1, em2, etc. may b e used for o n
b o a rd n e t w o r k cards (corres p o n d i n g to t h e i r n a m es o n t h e c hassis). PC l (e) cards a re
represented w i t h p YpX (e.g., p4p1), w h e re Y i s t h e P C I s l ot n u m be r a n d X is t h e n u m be r
f o r t h e port on t h a t specific c a rd .
R References
se rvices(5), ping(8), biosdevname(1 ), a n d u d ev(7) m a n pages -
A d d i t i o n a l i n fo r m a t i o n m a y b e a va i l a b l e i n t h e c h a pters o n config u ri n g n etwo r k i n g a n d

co n s i stent n etwo r k d evice n a m i n g i n t h e Red Hat Enterprise Linux Networking Guide
for Red H a t Enterprise L i n u x 7, w h i c h ca n be fou n d a t
http://d ocs.red hat.com/
-
262 RH124- R H E L7-en-1 -20140606
-
-
Practice: N etwo r k i n g C o n cepts
P ra ct i ce: N etwo r k i n g Concepts

-
Quiz
Match t h e fo l l ow i n g items to t h e i r cou nterpa rts i n the t a b l e.
Gateway i s not o n t h e s a m e s u b n et.
I P a d d ress ca n n ot be a n etwo r k a d d ress. I nva l i d 1 Pv4 a d d ress
-
N a m e reso l ut i o n i s not c o n f i g u re d . T h i s confi g u ra t i o n i s fea s i b le.
N etwork settin g s Correctn ess
IP address :
-- -
-�- - ------ - - - -
172 . 17 . 0 . 351/16
Gateway : 172 . 17 . 0 . 1
-
-
DNS server : 172 . 17 . 0 . 254 '
-- -- -
IP address : 10 . 1 . 2 . 3/24
- -
Gateway : 10 . 1 . 2 . 1
i
DNS server : 172 . 17 . 4 . 53

i
'
-
'
� -
IP address : 192 . 168 . 7 . 0/24

Gateway : 192 . 168 . 7 . 1
'
DNS server : 192 . 168 . 0 . 254

-
-- - �
IP address : 10 . 4 . 5 . 6/24
-- - - - - -
Gateway : 10 . 4 . 6 . 1
-
DNS server : 192 . 168 . 0 . 254

!
;
-
'- - ----- - -- -
- R H 1 24- R H E L 7-en-1 -20140606 263
-
C h a pter 1 1 . M a n a g i n g Red H a t Enterprise L i n u x Networking
-
N etwo r k sett i n g s C o r re ct n ess
IP address : 172 . 17 . 23 . 5/16

Gateway : 172 . 17 . 0 . 1
264 R H1 24- R H E L7 - e n -1 -20140606

-
Sol ution
-
Solution
-
Match t h e fo l l ow i n g items to t h e i r cou nterpa rts i n t h e ta b l e.
N etwork settin g s Correctn ess
IP address :
--��
I nva l i d 1 Pv4 a d d ress
: 172 . 17 . 0 . 351/16
--� -- - --- - - - ---
i Gateway : 172 . 17 . 8 . 1
i DNS server : 172 . 17 . 0 . 254
-
IP address : 10 . 1 . 2 . 3/24
.---- --��- -�-��1 T h i s confi g u ra t i o n i s feas i b l e.
Gateway : 10 . 1 . 2 . 1
-
-
DNS server : 172 . 17 . 4 . 53
IP address : 192 . 168 . 7 . 0/24 1

-
- - ---- - -- -- -�-�
-��-c
I P a d d ress ca n n ot be a netwo rk a d d ress.
Gateway : 192 . 168 . 7 . 1
-
DNS server : 192 . 168 . 0 . 254

� --- �--- -- --- -
IP address : 10 . 4 . 5 . 6/24
Gateway i s n ot o n the same s u b n et.
Gateway : 10 . 4 . 6 . 1
-- - -- - - - --��
I
DNS server : 192 . 168 . 0 . 254 I
; IP address : 172 . 17 . 23 . 5/16 j

N a m e reso l ut i o n i s not conf i g u re d .
, Gateway : 172 . 17 . 0 . 1
-
- R H 1 24- R H E L 7-en-1 -20140606 265
-
-
C h a pt e r 1 1 . M a n a g i n g Red H a t Enterprise L i n u x N etwo r k i n g
Va l id at i n g N etwo rk Confi g u rat i o n

-
Objectives
Afte r com p l e t i n g t h i s sect i o n , students s h o u l d be a b l e to test a n d rev iew c u rrent n etwork
confi g u ra t i o n w i t h basic u t i l i t i es.
Displaying I P ad dresses
T h e / s bin/ip com m a n d is u sed to s h ow device a n d a d d ress i nfo r m a t i o n .
[ student@desktopX -] $ ip addr show eth0

-
�-
I
2 : eth0 : <BROADCAST, MULTICAST, C» uP, LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
1000
-
«) link/ether 52 : 54 : 00 : 00 : 00 : 0a brd ff : ff : ff : ff : ff : ff
E> inet 172 . 25 . 0 . 10/24 brd C» 112 . 25 . 0 . 255 scope global eth0
valid_lft forever preferred_lft forever
-
C) inet6 fe80 : : 5054 : ff : fe00 : b/64 scope link

C» An active i nterface h a s t h e stat u s of UP.
f) The l i n k l i n e specifies t h e ha rdwa re ( M AC) a d d ress of t h e device.
E> The i n et l i n e s h ows t h e 1 Pv4 a d d ress a n d p refi x .
C) The broadcast a d d ress, scope, a n d device n a m e a re a l so o n t h i s l i ne. -
C) The i n et6 l i n e s hows 1 Pv6 info r m a t i o n .
T h e ip com m a n d may a l s o b e used to s h ow statistics a bo u t n e t w o r k p e rfo r m a n ce. T h e received

(RX) and t ra n s m itted (TX) p a c kets, e r rors, and d ro p p e d cou n t e rs can be used to ident ify n etwo r k
i s s u e s caused b y co n g e st i o n , l ow m e m o ry, a n d ove r r u n s.
[student@desktopX -]$ ip - s link show ethe

2 : eth0 : <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52 : 54 : 00 : 00 : 00 : 0a brd ff : ff : ff : ff : ff : ff
RX : bytes packets errors dropped overrun mcast
269850 2931 0 0 0 0
TX : bytes packets errors dropped carrier collsns
300556 3250 0 0 0 0 -
Troubleshooting routing -
T h e /sbin/ip com m a n d is a l so u s e d to s how ro u t i n g i n fo r m a t i o n .
[student@desktopX -]$ ip route

default via 172 . 25 . 0 . 254 dev eth0 proto static met ric 1024
172 . 25 .X. 0/24 dev eth0 proto kernel scope link src 172 . 25 .X. 10
10 . 0 . 0 . 0/8 dev eth1 proto kernel scope link src 10 . 0 . 0 . 11
A l l packets dest i n e d for t h e 1 0.0.0.0/8 network w i l l be sent d i re c t l y to t h e dest i n a t i o n t h ro u g h
-
t h e device eth1 . A l l pac kets d e st i n ed f o r t h e 172.25.X.0/24 n etwork wi l l be s e n t d i rect l y to t h e
dest i n a t i o n t h ro u g h t h e d e v i c e e t h O . A l l o t h e r pac kets w i l l b e s e n t to t h e defa u l t ro u t e r l ocated a t
172.25.X.254, a n d a l s o t h ro u g h device ethO.
266 R H 1 24- R H E L 7 - e n -1 -20140606 -
-
-
Tro u b l es h o o t i n g ports a n d services

-
The ping co m m a n d is used to test c o n n ectivity. The co m m a n d w i l l cont i n u e to r u n until a
I [student@desktopX
Con t r ol - C i s p ressed u n less o p t i o n s a re g i v e n to l i m it t h e n u m be r of p a c kets sent.
-
- ) $ ping - c3 172 . 25 . X . 254

I
-
To t race t h e path to a remote host, u s e e i t h e r t r ace rou t e or t r acepath. Both com m a n d s ca n
be used to t race a path with U D P p a c kets; h owever, m a ny networks b l oc k U D P a n d I C M P t raffic.
- The t r ace route co m m a n d h a s options to t race t h e path w i t h UDP (defa u lt), I C M P ( I ) o r TC P -
,
( - T) p a c kets, but m a y not be i n sta l l e d by defa u lt .
- [student@desktopX - ) $ t racepat h access . redhat . com

4 : 71-32-28-145 . rcmt . qwest . net 48 . 853ms asymm 5
5 : dcp- brdr -04 . inet . qwest . net 100 . 732ms asymm 7
6 : 206 . 111 . 0 . 153 . ptr . us . xo . net 96 . 245ms asymm 7
7 : 207 . 88 . 14 . 162 . ptr . us . xo . net
-
85 . 270ms asymm 8
8 : ae1d0 . cir1 . atlanta6-ga . us . xo . net 64 . 160ms asymm 7
9 : 216 . 156 . 108 . 98 . ptr . us . xo . net 108 . 652ms
10 : bu-ether13 . atlngamq46w- bcr00 . tbone . rr . com 107 . 286ms asymm 12
-
-
Each l i n e in the o u t p u t of t r acepat h re presents a ro uter o r hop that the pac ket passes t h ro u g h
betwe e n t h e s o u rce a n d t h e f i n a l d e st i n a t i o n . A d d i t io n a l i n fo r m a t i o n i s p rovided a s ava i l a b le,
- i n c l u d i n g t h e ro u n d t r i p timing ( RTT) a n d a n y c h a n ges i n t h e m a x i m u m t ra n s m i s s i o n u n it ( M T U )
s i ze.
Troubleshooting ports and services

TC P services use soc kets as e n d p o i n t s for co m m u n ication a n d a re m a d e up of an I P a d d ress,
- p rotoco l , and port n u m be r. Services typica l l y l i sten on sta n d a rd ports w h i l e c l i e nts use a ra n d o m
avai l a b l e port. We l l - k n o w n n a m es f o r sta n d a rd po rts a re l i sted i n t h e / e t c /se rvices f i l e .
- The s s c o m m a n d i s used t o d i s p l a y soc ket statistics. I t is s i m i l a r to t h e ne t s t a t c o m m a n d ,

w h i c h is a l so ava i l a b l e but may not b e insta l l e d b y defa u lt.
[student@desktopX
State Recv-Q Send-Q Local Address : Port Peer Address. :. Port
- -)$ ss - ta
LISTEN 0 128 * : sunrpc

O• : ssh *.*
.
LISTEN 0 128
LISTEN 0 100 G 121 . 0 . 0 . 1 : smtp •.*
-
LISTEN 0 128 * : 36889 ...

E> 112 . 25 . X. 10 : ssh 172 . 25 . 254 . 254
ESTAB
LISTEN
0
0
0
128 : : : sunrpc . . I: *59392
-
LISTEN 0 128 0 : : : ssh . . .*

...
LISTEN 0 100 0 : : 1 : smtp
. . . **
-
LISTEN 0 128 : : : 34946
O
-
T h e port used for S S H is l i ste n i n g on a l l 1 Pv4 add resses. The " * " is used to represent " a l l "
O
w h e n refere n c i n g 1 Pv4 a d d resses o r ports.
- T h e port used for S M T P i s l i ste n i n g o n t h e 1 27.0.0.1 1 Pv4 l o o p b a c k i nt e rface.
E) T h e esta b l i s h e d S S H c o n n e c t i o n is o n t h e 172.25.X.1 0 i nterfa ce a n d o r i g i n ates from a syst e m
w i t h a n a d d ress o f 172.25.254.254.
-
- R H1 24- R H EL 7 -en -1 -20140606 2 67
-
-
C h a pter 1 1 . M a n a g i n g Red H a t Enterprise L i n u x N etwo r k i n g
O The port u s e d for S S H i s l i ste n i n g o n a l l 1 Pv 6 a d d resses. The " : : " syntax is u sed to represent
a l l 1 Pv 6 i nterfa ces.
-
O The port u s e d for S M T P is l i ste n i n g o n t h e ::1 1 Pv6 loopback i nte rfa ce.
Options for ss and n e t s t at

Option Desc r i p t i o n
-n S h ow n u m be rs i n stead of names for i nte rfaces and ports.
-t S h ow TC P sockets.
-u S h ow U D P soc kets.
-I S h ow o n l y l iste n i n g sockets. -
-a S h ow a l l ( l iste n i n g and esta b l i s h e d ) s o c kets.
-p S h ow the process using t h e soc kets.
R References
ip - link(8), ip - add ress(8), i p - route(8), ip(8), ping(8), t racepath(8),
t race r ou t e(8), ss(8), a n d n e t s t at (8) man pages
A d d i ti o n a l i nfo r m a t i o n may b e ava i l a b l e in the c h a pter o n config u r i n g networki n g in

t h e Red Hat Enterprise Linux Networking Guide for Red H a t E n t e r p r ise L i n u x 7, w h i c h
ca n b e fo u n d at
h t t p ://d ocs. red ha t.com/
268 R H 1 24- R H E L7-en-1-20140606 -
-
-
Practice: Exa m i n i n g Network Config u ra t i o n

-
P ra ct i ce: E xa m i n i n g N etwo r k Confi g u ra t i o n

-
-
Guided exercise
I n t h i s l a b , you w i l l exa m i n e t h e network confi g u ra t i o n of t h e c u r re n t syste m .
Outcomes:
I d entify the c u rre n t network i nterfa ces and basic network a d d resses.
- Before you begin ...

Reset yo u r s e rverX syst e m .
- D 1. D i s p l a y t h e c u rrent I P a d d ress a n d n et m a s k f o r a l l i nte rfaces.
[student@serverX -]$ ip addr

1 : lo : <LOOPBAC K , UP, LOWER_UP> mtu 65536 qdisc noqueue state UN KNOWN
link/loopback 00 : 00 : 00 : 00 : 00 : 00 brd 00 : 00 : 00 : 00 : 00 : 00
-
inet 127 . 0 . 0 . 1/8 scope host lo

inet6 : : 1/128 scope host
-
2 : eth0 : <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 52 : 54 : 00 : 00 : 00 : 0b brd ff : ff : ff : ff : ff : ff
inet 172.25.X.11/24 brd 172 . 25 .X. 255 scope global dynamic eth0
-
valid_lft 12704sec preferred_lft 12704sec

inet6 fe80 : : 5054 : ff : fe00 : b/64 scope link
-
-
D 2. D i s p l a y the stat i s t i cs for the ethO i nte rfa ce.
[student@serverX -]$ ip -s link show e t h 0

2 : eth0 : <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
mode DEFAULT qlen 1000
-
RX : bytes packets errors dropped overrun mcast
418398 4588 0 0 0 0
TX : bytes packets errors dropped carrier collsns
-
360733 1730 0 0 0 0
-
D 3. D i s p l a y the routi n g i nf o r m a t i o n .
[student@serverx -]$ ip route

-
default via 172 . 25 .X . 254 dev eth0 proto static met ric 1024
-
172 . 25 .X. 0/24 dev eth0 proto kernel scope link src 172 . 25 .X. 11
D 4. Ve rify t h a t t h e ro uter is access i b l e.
[student@serverX -]$ ping - c3 172 . 25 . X . 254

-
PING 172 . 25 .X. 254 ( 172 . 25 .X . 254) 56( 84 ) bytes of data .

64 bytes from 172 . 25 .X. 254 : icmp_seq=1 ttl=64 time=0 . 489 ms
64 bytes from 172 . 25 . X. 254 : icmp_seq=2 ttl=64 time=0 . 510 ms
64 bytes from 172 . 25 .X. 254 : icmp_seq=3 ttl=64 time=0 . 458 ms
-
- RH124- R H E L 7-en-1 -20140606 269
-
-
- - - 172 . 25 .X. 254 ping statistics - - -

3 packets transmitted, 3 received, 0% packet loss , time 1999ms
-
rtt min/avg/max/mdev 0 . 458/0 . 485/0 . 510/0 . 033 ms

=
-
0 5. Show a l l t h e h o ps between the l oca l system a n d c l a s s room .exa m p l e.co m .
[student@serverX ] $ t racepat h
-
1 : classroom . example . com 0 . 522ms ! H

class room . example . com
Resume : pmtu 65535

-
0 6. D i s p l a y the liste n i n g TCP soc kets o n the loca l syste m .
[student@serverx -]$ s s - lt
-
State Recv-Q Send -Q Local Address : Port Peer Address .: Port

LISTEN 0 128 * : 55630 * . **
LISTEN 0 128 * : sunrpc *.
LISTEN 0 128 * : ssh * *
-
LISTEN 0 100 127 . 0 . 0 . l : smtp

LISTEN 0 128 : : : sunrpc . . .*
LISTEN 0 128 : : : ssh ...*
-
LISTEN 0 128 : : : 33079

LISTEN 0 100 : : 1 : smtp -
--
270 R H 1 24- R H E L 7 - e n -1 -20140606 -
-
-
Confi g u r i n g N etwo r k i n g w i t h nmcli

-
Co nfi g u ri n g N etwo r k i n g wit h nmc li

-
-
Objectives
After c o m p l et i n g t h i s sect i o n , st u d e nts s h o u l d be a b l e to m a n a g e network sett i n g s a n d devices
w i t h nmcli and N etwo r k M a n a g e r.
NetworkManager
-
N etwo r k M a n a g e r i s a d a e m o n t h a t m o n itors a n d m a n a g es network sett i n gs. In a d d i t i o n to t h e
d a e m o n , t h e re i s a G N O M E N o t i f i c a t i o n A rea a p p l et t h a t p rovi d es network sta t u s i nfo r m a t i o n .
Co m m a n d - l i n e a n d g ra p h i ca l too l s ta l k to N etwo r k M a n a g e r a n d s a v e confi g u ra t i o n f i l e s i n t h e
-
/ e t c / sysconfig/netwo r k - s c r i p t s d i recto ry.
A device is a n etwo r k interfa ce. A connection is a confi g u ra t i o n used for a device w h i c h is m a d e

u p o f a co l l ection o f sett i n gs. M u l t i p l e c o n n e c t i o n s m a y exist for a d ev i ce, but o n l y o n e may b e
-
a ctive a t a t i me. Fo r exa m p le, a syste m may n o r m a l ly be c o n n ected to a n etwo r k w i t h sett i n g s
p rov i d e d by D H C P. Occa sio n a l l y, t h a t syst e m needs t o be c o n n ected to a l a b or d a t a center
network, which only uses sta t i c netwo r k i n g . I n stead of c h a n g i n g t h e config u ra t i o n m a n u a l l y, e a c h
confi g u ra t i o n can be stored a s a s e p a rate co n n ect i o n .
- Viewing network information with nmcli

To d i s p l ay a l i st o f a l l connect i o n s , u s e nmcli con show. To l i st o n l y t h e active connections, a d d
t h e - - ac t ive opt i o n .
-
[ root@desktopX -]# nmcli c o n s how

NAME UUID TYPE DEVICE
static -eth0 f3e8dd32-3c9d -48f6- 9066-551e5b6e612d 802-3-ethernet eth0
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet
-
guest f601ca8a-6647-4188- a431-dab48cc63bf4 802-11-wireless wlp3s0

[ root@desktopX -]# nmcli con s how - - act ive
static-eth0 f3e8dd32-3c9d -48f6-9066-551e5b6e612d 802-3-ethernet eth0
-
guest f601ca8a-6647 -4188-a431-dab48cc63bf4 802-11-wireless wlp3s0

- L_ ��·--- -��
Specify a con nect i o n I D (na me) to s e e t h e deta i l s of t h a t c o n n e c t i o n . T h e l owercase sett i n g s

represe n t t h e config u ra t i o n of t h e c o n nect i o n . Sett ing a n d p ro p e rty n a m e s a re d e f i n e d i n t h e
-
nm - s e t t ings(5) m a n page. T h e u p percase sett i n g s a re act ive data.
[ root@desktopX -]# nmcli con show " s t atic - e t h 0 "
ipv4 . method : manual

-
ipv4 . dns : 172 . 25 . 254 . 254, 8 . 8 . 8 . 8

ipv4 . dns-search :
ipv4 . addresses : { ip 172 . 25 . X. 10/24, gw 172 . 25 .X. 254 }
-
ipv4 . routes :
=
ipv4 . ignore-auto- routes : no

=
ipv4 . ignore-auto-dns : no
ipv4 . dhcp-client-id :
-
ipv4 . dhcp- send- hostname : yes

ipv4 . dhcp-hostname :
ipv4 . never-default : no
ipv4 . may-fail : yes
-
ipv6 . method : auto

-
- R H 1 24- R H E L7-en-1-20140606 271
-
-
C h a pte r 1 1 . M a n a g i n g Red H a t Enterprise L i n u x N etwo r k i n g
I ...
-
The nmcli com m a n d can a l so be used to s h ow d evice stat u s a n d d eta i l s.
[ root@desktopX -]# nmcli d e v s t a t u s

DEVICE TYPE STATE CONNECTION
-
eth0 ethernet connected static- eth0

wlp3s0 wifi connected guest
lo loopback unmanaged
[ root@desktopX -]# nmcli dev show ethe
-
GENERAL . DEVICE : eth0

GENERAL . TYPE : ethernet
GENERAL . HWADDR : 52 : 54 : 00 : 00 : 00 : 0A
GENERAL . MTU : 1500
-
GENERAL . STATE : 100 ( connected )

GENERAL . CONNECTION : static -eth0
GENERAL . CON-PATH : /org/freedesktop/NetworkManager/
-
Activeconnection/1
WIRED-PROPERTIES . CARRIER : on
IP4 . ADDRESS [1] : ip 172 . 25 .X. 10/24, gw 172 . 25 .X. 254
IP4 . DNS [1] : 172 . 25 . 254 . 254
-
=
IP6 .ADDRESS[1] : ip fea0 : : 5054 : ff : fe00 : b/64, gw :

=
= = :
Creating network connections with nmc li

-
W h e n creat i n g a new con n ection w i t h nmcli, t h e o rd e r of t h e a rg u m e n t s i s i m portant. T h e
c o m m o n a rg u m e nts a p p e a r f i rst a n d m u st i n c l u d e t h e t y p e a n d interface. N ext, spec ify a ny type
specific a rg u m e nts and f i n a l l y spec ify the IP a d d ress, p refix, and gateway i nformat i o n . M u l t i p l e I P
-
a d d resses m a y b e specified for a s i n g l e d evice. A d d it i o n a l sett i n g s s u c h a s a D N S server a re set
as modificat i o n s once the connection e x i sts.
-
E xa m p l e s of c reat i n g new c o n n ec t i o n s
Fo l l ow a l o n g w i t h t h e n e x t steps w h i l e yo u r i n st r u ctor d i scusses n m c l i sy n t a x .
1. Defi n e a n e w connection n a m e d "defa u l t " w h i c h w i l l a utoco n n ect a s a n E t h e r n et c o n n ect i o n -
o n t h e et h O device u s i n g D H C P.
[ root@desktopX -]# nmcli con add con - name " default " t ype e t h e r n e t ifname ethe
-
2. C reate a new co n nection named "static" and spec ify t h e IP a d d ress and g ateway. Do not -
a utoco n n ect.
[ root@desktopX -]# nmcli con a d d con - n ame " s tatic " ifname e t h e a u t oconnect no type -
e t h e r n e t ip4 172 . 25 . X . 10/24 gw4 172 . 25 . X . 254
-
3. The syste m w i l l a utoco n n ect with the D H C P co n n ect i o n a t boot. C h a n g e to t h e stat i c
con n e c t i o n .
[ root@desktopX -]# nmcli c o n u p " s t atic "

-
4. C h a n g e b a c k to t h e D H C P co n n e ct i o n . -
[ root@desktopX -]# nmcli c o n u p " default "

-
-
272 R H 1 24- R H E L7-e n-1-20140606
-
-
M o d ify i n g n etwo r k inte rfa ces with nmcli

-
-
Important
I f t h e static c o n n ection is l ost, t h e defa u l t c o n n e c t i o n w i l l atte m pt to a utoco n nect. To
a d m i n istrat i ve l y d is a b l e a n i n t e rface a n d p revent a ny a utoco n n e ct i o n , use nmcli dev
-
disconnect DEVICENAME.
-
Type o p t i o n s
Type o p t i o n s depend o n t h e type used. A n e t h e r n et-ty pe c o n n ection may o pt i o n a l l y s pecify a
M AC a d d ress for t h e c o n n ection. A wifi-type c o n n ection m u st specify t h e 5 5 1 0 a n d m a y s pecify
-
a d d it i o n a l options. M a ny ot h e r types a re ava i l a b l e, i n c l u d i n g bridge, bond, tea m , VPN, and V L A N .
To view a l l t h e o p t i o n s , use nmcli c o n a d d help.
[root@desktopX -]# nmcli con a d d help

Usage : nmcli connection add { ARGUMENTS I help }
-
ARGUMENTS COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS IP_OPTIONS

COMMON_OPTIONS :
- : =
type <type>
ifname <interface name> I " * "
[con- name <connection name>
-
[autoconnect yes l no]

-
[ save yes l no]
TYPE_SPECIFIC_OPTIONS :
ethernet : [mac <MAC address>
[cloned -mac <cloned MAC address>
[mtu <MTU>
-
Modifying network interfaces with nmcli

-
-
A n exist i n g c o n n e ct i o n m a y b e mod ified w i t h nmcli c o n mod a rg u m e nts. T h e a rg u m e nts a re
sets of key/va l u e p a i rs. The key i n c l u d es a sett i n g n a m e a n d a p rope rty n a me. U s e nmcli con
s how " < ID> " to see a l ist of c u rrent va l u es for a c o n n e c t i o n . The nm - s e t t in g s ( 5 ) man page
-
documents t h e sett i n g and property n a m e s and u s a g e.
[root@desktopX -]# nmcli con

connection . id : static
show " st a t ic "
connection . uuid : f3e8dd32- 3c9d -48f6-9066-551e5b6e612d

-
connection . interface- name : eth0

connection . type : 802-3-ethernet
connection . autoconnect : yes
-
connection . timestamp : 1394905322

-
connection . read-only : no
E xa m p l es of c o n n e c t i o n m o d ificat i o n s
-
Fo l l ow along w i t h t h e n ext ste ps w h i l e you r i ns t r u ctor d i s c u sses nmcli syntax.
1. Tu r n off autoco n n ect.
[ root@desktopX -]# nmcli con

-
mod " static " connect ion . autoconnect no
- R H1 24- R H E L 7-en-1-20140606 273
-
-

-
2. Specify a D N S server.
I [ root@desktopX -]# nmcli con mod

---- -- ----- - --��
J
-
" static " ipv4 . dn s 172 . 25 . X . 254
i __ _ _
3. Some confi g u ra t i o n a rg u me nts m a y h ave va l u es a d d e d o r remove d . Add a +/- sy m b o l i n -
front o f t h e a rg u m e nt. A d d a seco n d a ry D N S server.
I [ root@desktopX -]# nmcli con mod " s t a t ic " +ipv4 . dn s 8 . 8 . 8 . 8 -
4. Repl ace t h e stat i c I P a d d ress a n d gateway. -
I
[ root@desktopX -]#
r- --- --
1 nmcli con mod " s tatic " ipv4 . ad d r e s s e s " 17 2 . 25 . X . 10/24
112 . 25 . x . 254 " -
!
L- ------- ---- --��-- --------'
5. Add a seco n d a r y IP a d d ress w i t h o u t a gateway.
I [ root@desktopX -]# nmcli con mod

-
" st a t i c " +ipv4 . ad d r e s s e s 10 . 10 . 10 . 10/16

l. _ _ _ _ _ _ __________
Important
T h e nmcli con mod w i l l save t h e sett i n g to t h e config u ra t i o n f i l es. To act ivate t h e -
c h a nges, t h e c o n n e c t i o n n e e d s to b e activated o r react ivated.
[ root@desktopX -]# nmcli con u p " s t atic "

-
Summary of nmcli commands

-
-
B a s i c device a n d con n e c t i o n com m a n d s for nmcli:
nmcli commands
-
Command Use
n m c l i dev status L i st a l l d evices.
-
n m c l i con s h ow L i st a l l c o n n e ct i o n s .
n m c l i con u p " < I D>" Activate a c o n n e ct i o n .
n m c l i con d o w n " < I D > " Deact ivate a c o n n e c t i o n . T h e con nect i o n w i l l resta rt i f -
a utoco n n ect i s yes.

n m c l i dev d i s < D EV> B r i n g down a n i nte rfa ce and tem pora r i l y d i s a b l e a utocon nect.
-
n m c l i net off D i sa b l e a l l m a n a g e d i nte rfaces.

n m c l i con a d d . . . Add a n e w c o n n e ct i o n .
-
n m c l i c o n m o d " < I D> " . . . M o d ify a co n n e ct i o n .
nmcli con del "<I D>" D e l ete a co n ne ct i o n .
-
274 R H 1 24- R H E L 7 - e n -1-20140606 -
-
-
S u m m a ry of nmcli com m a n d s
-
k?S-J
< �'
Note
-
T h e nmcli c o m m a n d a l s o h a s a n i nt e ractive edit m o d e. For a g ra p h i c a l i nte rfa ce, use

n m - c o n n e c t io n - ed i t o r .
-
-
References
nmcli(1 ), nmcli - examples(S), a n d nm - s e t t in g s ( S ) m a n p a g es
- A d d i t i o n a l i nfo r m a t i o n m a y be a v a i l a b l e i n t h e sect i o n o n u s i n g t h e N etwo r k M a n a g e r

c o m m a n d l i n e t o o l n m c l i i n t h e Red Hat Enterprise Linux Networking Guide for Red H a t
E nterprise L i n u x 7, w h i c h c a n b e fo u n d a t
- http://docs.re d h a t.com/
- R H 1 24- R H E L 7-en - 1 -20 1 40606 275
-
-
C h a pte r 1 1 . M a n a g i n g Red Hat Enterprise L i n u x N etwo r k i n g
P ra ct i ce: Config u ri n g N etwo r k i n g wit h nmcli

-
Guide d exercise
-
I n t h i s l a b , you w i l l confi g u re n etwo r k sett i n g s u s i n g nmcli.
Outcomes: -
Convert a system from DHCP to static confi g u ra t i o n .
Before you begin. . . -
R e s e t yo u r serverX system.
D 1. View network sett i n g s using nmcli. -
D 1 .1 . S h ow a l l connections.
[student@serverx -]$ nmcli c o n show

-

System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
D 1.2. D i s p lay all confi g u ra t i o n sett i n g s for t h e active c o n n ec t i o n .
[student@serverx -]$ nmcli

-
connection . id : System eth0

con show " System e t h a "
connection . uuid : 5fb06bd0-0bb0- 7ffb-45f1-

d6edd65f3e03
connection . interface-name : eth0
-
connection . type : 802-3-ethernet

connection . autoconnect : yes
connection . timestamp : 1394813303
-
connection . read-only : no
connection . permissions :
IP4 . ADDRESS [1] : ip 172 . 25 .X . 11/24, gw
-
172 . 25 .X. 254

=
IP4 . DNS[1] : 172 . 25 . 254 . 254

=
IP4 . DOMAIN [1] : example . com

-
D 1 .3. S how device status.
[student@serverX -]$ n m c l i dev s t a t u s

DEVICE TYPE STATE CONNECTION
-
eth0 ethernet connected System eth0

lo loopback unmanaged -
D 1 .4. D i s p l a y t h e sett i n g s for t h e et h O device.
[student@serverX -]$
-
GENERAL . DEVICE : eth0

nmcli dev show eth0
GENERAL . TYPE : ethernet

GENERAL . HWADDR : 52 : 54 : 00 : 00 : 00 : 06
GENERAL . MTU : 1500
-
GENERAL . STATE : 100 ( connected )

-
276 R H 1 24- R H E L7-en-1 -20140606 -
-
-
G u i d e d exercise
GENERAL . CONNECTION : System eth0

-
GENERAL . CON-PATH : /org/freedesktop/NetworkManager/

Activeconnection/1
WIRED- PROPERTIES . CARRIER : on
IP4 . ADDRESS[1] : ip 172 . 25 .X. 11/24, gw
-
172 . 25 .X. 254

=
IP4 . DNS [l] : 172 . 25 . 254 . 254

IP4 . DOMAIN [l] : example . com
-
IP6 . ADDRESS [l] : ip fe80 : : 5054 : ff : fe00 : b/64, gw

=
-
L_ ______.
D 2. C reate a sta t i c con nect i o n with t h e same 1 Pv4 a d d ress, netwo r k prefix, and defa u l t
- g ateway. N a m e t h e n e w co n n ection static-ethO.
[ student@serverX -]$ sudo nmcli con add con - name " s tatic - et h 0 " ifname eth0 type
Connection ' static-eth0 ' ( f3e8dd32- 3c9d -48f6- 9066-551e5b6e612d ) successfully
ethernet ip4 172 . 25 . X . 11/24 gw4 172 . 25 . X . 254
added .
-
j [student@serverX -]$
D 3. M o d ify the new c o n n ecti o n to add t h e D N S sett i n g .
_.,
s u d o nmcli con m o d " st a t ic - et h0 " ipv4 . dn s 172 . 25 . 254 . 254
�----
-
D 4. D i s p l a y a n d a c t i vate t h e new c o n n e c t i o n .
D 4.1 . V i ew a l l c o n n e c t i o n s.
[student@serverX -]$ nmcli con show

-
static-eth0 f3e8dd32-3c9d -48f6-9066-551e5b6e612d 802-3-ethernet

- System eth0 5fb06bd0-0bb0- 7ffb-45fl-d6edd65f3e03 802-3-ethernet eth0
D 4 . 2 . V i ew t h e a c t i v e connection.
-
[ student@serverX -]$ nmcli c o n show - - ac t ive

-
System eth0 5fb06bd0-0bb0- 7ffb-45fl-d6edd65f3e03 802-3-ethernet eth0
D 4 . 3 . Activate t h e new c o n n e c t i o n .
[ student@serverX -]$ s u d o nmcli con u p " static - et h 0 "

-
Connection successfully activated ( D - Bus active path : /org/freedesktop/

- NetworkManager/Activeconnection/3 )
D 4.4. View t h e active connection.
[student@serverX -]$ nmcli con show - - ac t ive

-

L_
- static-eth0 f3e8dd32-3c9d -48f6-9066-551e5b6e612d 802-3-ethernet eth0
__ ___��--
D 5. Test the co n n ectivity u s i n g the new network a d d resses.

-
D 5.1 . Ve rify t h e I P a d d ress.
- R H1 24- R H E L7-en-1-20140606 277
-
-
[student@serverx - ] $ ip add r show ethG

-
2 : eth0 : <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast

UP qlen 1000
-
inet 172 . 25 .X. 11/24 brd 172 . 25 .X. 255 scope global eth0
inet6 fe80 : : 5054 : ff : fe00 : b/64 scope link
-
D 5.2. Ve rify t h e defa u l t g ateway.
[student@serverX - ] $ ip route
default via 172 . 25 .X. 254 dev eth0 proto static metric 1024
-
172 . 25 .X. 0/24 dev eth0 proto kernel scope link src 172 . 25 .X . 11
-
D 5.3. P i n g t h e D N S a d d ress.
[student@serverx - ] $ ping - c3 172 . 25 . 254 . 254

PING 172 . 25 . 254 . 254 ( 172 . 25 . 254 . 254} 56( 84} bytes of data .
-
64 bytes from 172 . 25 . 254 . 254 : icmp_seq=1 ttl=64 time=0 . 419 ms

- - - 172 . 25 . 254 . 254 ping statistics - - -
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0 . 419/0 . 506/0 . 598/0 . 077 ms
-
-
D 6. Config u re the o ri g i n a l co n n ection so that it does n ot sta rt at boot a n d verify t h a t t h e
stat i c con nect i o n i s used w h e n t h e system reboots.
D 6.1 . D i sa b l e t h e o r i g i n a l c o n n e c t i o n f r o m a u tosta rt i n g at boot. -
[student@serverx - ] $ sudo nmcli

> connection . autoconnect no
con mod " System eth0" \
-
D 6.2. Re boot t h e system.
I
-
I [ student@serverX - ] $ reboot
-
D 6.3. V i ew t h e a ct ive c o n n e c t i o n .
[ student@serverx - ] $ nmcli con show - - ac t ive

-
static- eth0 f3e8dd32-3c9d -4Bf6-9066-551e5b6e612d 802-3-ethernet eth0

-
27 8 RH124- R H E L 7 - e n -1-20140606 -
-
-
Edit i n g N etwork Confi g u ration F i l es

-
Ed it i n g N etwo rk Confi g u rat i o n F i l es

-
-
Objectives
After co m p l et i n g t h i s sect i o n , s t u d e nts s h o u l d be a b l e to m o d ify n etwork sett i n g s by e d i t i n g t h e
confi g u ra t i o n f i l es.
-
Modifying network configuration

It is a l so poss i b l e to confi g u re t h e n etwork by e d i t i n g i nterface config u ra t i o n f i l es. I nte rface
-
confi g u ra t i o n f i l es control the softwa re i nte rfaces for i n d iv id u a l n etwo rk devices. These files a re
u s u a l l y n a m ed /et c/sysconfig/netwo r k - sc r i p t s/ifc f g - < n ame>, w h e re < n a m e > refers
to the n a m e of the device o r c o n n ec t i o n t h a t t h e confi g u ra t i o n f i l e controls. The fo l l owing a re
-
sta n d a rd va r i a b l es fo u n d i n t h e f i l e used for static or d y n a m i c confi g u ra t i o n .
Configuration Options for i fcfg File
Static Dynamic Either

-
BOOTPROTO=none BOOTPROTO=dhcp DEVICE=eth0

-
I PADDR0=172 . 25 . X . 10 NAME= " System e t h0 "
PREF IX0=24 ON BOOT=yes
GATEWAY0=172 . 25 . X . 254 U U I D=f3e8dd32 - 3 . . .
- D E FROUTE=yes USERCT L=yes
DNS1=172 . 25 . 254 . 254

-
In the stat i c sett i n g s , va r i a b l es for I P a d d ress, p refi x , a n d g ateway have a n u m be r at t h e e n d . T h i s

- a l l ows m u l t i p l e s e t s of va l u es to b e a s s i g n e d to t h e i nt e rface. The D N S va r i a b l e a l so h a s a n u m be r
w h i c h i s u s e d t o spec ify t h e o r d e r of l o o k u p w h e n m u l t i p l e se rvers a re s p e c ified.
- Afte r m o d ify i n g t h e config u ra t i o n f i les, r u n nmcli con reload to m a ke Netwo r k M a n a g e r rea d

t h e config u ra ti o n c h a nges. T h e i nte rfa ce st i l l needs t o b e resta rted fo r c h a n g es t o ta ke effect.
( root@serverx -]#
[ root@serverX -]#
- nmcli con reload
( root@serverX -]#
nmcli con down " System e t h a "
nmcli c o n u p "System eth0 "
R References
-
nmcli(1) m a n page
A d d i t io n a l information m a y b e ava i l a b l e i n t h e c h a pt e r o n confi g u r i n g netwo r k i n g i n

- t h e Red Hat Enterprise Linux Networking Guide f o r Red H a t E n t e r p r i s e L i n u x 7, w h i c h
c a n b e fou n d a t
http://d oc s . red h a t .com/
-
- R H 1 24- R H E L 7-en-1 -20140606 279
-
-
C h a pter 1 1 . M a n a g i n g Red Hat Enterprise L i n u x N etwo r k i n g

-
P ract i ce: Ed it i n g N etwo rk Confi g u ra t i o n Fi l es

-
Guide d exercise -
I n t h i s l a b , you w i l l edit netwo r k config u ra t i o n f i l es.

-
Outcomes:
A n a d d i t i o n a l n etwo r k a d d ress added to each syst e m .
-
Before you begin. . .

R e s e t yo u r s e r v e r X a n d d e s ktopX syste ms.
-
D 1. As t h e root user, edit t h e / e t c / sysconfig/netwo r k - s c ri p t s /ifcfg - et h 0 o n

s e rverX to a d d a n a d d i t i o n a l a d d ress o f 10 . 0 . X . 1/24.
-
D 1 .1 . A p p e n d a n e n t ry to t h e f i l e to specify t h e 1 Pv4 a d d ress.
[ root@serverx - ] # echo " I PADDR1=19 . 9 . X . 1 " >> /etc/sysconfig/netwo r k -
scripts/ifcfg - e t h e
-
D 1.2. A p p e n d a n e n t ry to t h e file to s pe c i fy t h e network p ref i x .
[root@serverx
-- - -· --� - � - ------ ·
- ] # echo " PREFIX1=24" » /etc/sysconfig/netwo r k - s c r i p t s /

-
ifcfg - e t h a
D 2. Activate t h e new a d d ress. -
D 2.1 . R e l o a d t h e config u rat i o n c h a n ges.
I [ root@serverx - ] # nmcli con reload

-
D 2.2. Resta rt t h e c o n n e c t i o n w i t h t h e new sett i n g s . -
[ root@serverx
I - ] # nmcli· c o n u p " s y s te m e t h a "
_______________ _____ ______ ___.
-
D 3. A s the root user, e d it the / e t c / sysconfig/netwo r k - sc ript s/ifcfg - e t h 0 on

desktopX to add an a d d it i o n a l a d d ress of 10 . 0 . X. 2/24 a n d l o a d t h e new confi g u ra t i o n . -
D 3.1 . M odify t h e f i l e t o a d d t h e 1 Pv4 a n d n etwork p refix.
[ root@desktopX - ] #
-
e c h o " I PADDR1=10 . 0 . X . 2 " >> /etc/sysconfig/netwo r k
[ root@desktopX - ] #
L
scripts/ifcfg - e t h e
e c h o " P REFIX1=24 " >> /etc/sysconfig/netwo r k - s c ripts/
-
ifcfg - et h e
______ .
D 3.2. Reload t h e config u ra t i o n c h a nges. -
[ root@desktopX - ] # nmcli con reload

-
280 R H 1 24- R H E L7-en-1-20140606 -
-
-
-
D 3.3. B r i n g u p t h e connection w i t h t h e n ew sett i n g s .
[ root@desktopX
I
-
� ] # nmcli con up " System e t h 0 "
- D 4. Test t h e c o n n ect ivity u s i n g t h e new network a d d resses.
D 4.1 . O n serverX, verify t h e I P a d d ress.
I [ root@serverX
-
- ] # ip add r
-
D 4.2. O n serverX, p i n g t h e new a d d ress of d e s ktopX.
-
I [ root@serverX - ] # ping 10 . 0 . x . 2
D 4.3. O n d es ktopX, verify t h e I P a d d ress.
I [ root@desktopX
-
- ] # ip add r
-
D 4.4. O n d e s ktopX, p i n g t h e n e w a d d ress o f serverX.
- [ root@desktopX -]# p i n g 10 . 0 . x . 1
- R H 1 24- R H E L7-en-1 -20140606 2 81
-
-
-
C h a pter 11. M a n a g i n g Red H a t Enterprise L i n u x N etwo r k i n g
-
Confi g u ri n g H ost N a mes a n d N a m e Reso l ut i o n -
Objectives -
-
After co m p l e t i n g t h i s sect i o n , students s h o u l d be a b l e to confi g u re a n d test system host n a m e
a n d n a m e reso l ut i o n .
Changing the syste m host name

The hos t n ame com m a n d d i s p l ays o r t e m p o ra r i l y m o d i fies t h e syste m ' s f u l l y q u a l ified host n a m e. -
[ root@desktopX -]# host n ame
desktopX . example . com -
A static h ost n a m e m a y be specified i n the / e t c / h o s t name f i l e. The hos t n amec t l c o m m a n d
-
-
i s used to mod ify t h i s f i l e a n d may be used t o view t h e sta t u s of t h e syst e m ' s f u l l y q u a l ified host
n a me. I f t h i s f i l e does not exist, the host n a m e i s set by a reverse DNS q u e r y o n ce the i nte rfa ce
has an IP a d d ress a ss i g n e d .
[ root@desktopX -]# host namec tl set - host name desktopX . example . com
[ root@desktopX -]# host namec tl s t a t u s
Static hostname : desktopX . example . com
Icon name : computer
-
Chassis : n/a
Machine ID : 9f6fb63045a845d79e5e870b914c61c9
Boot ID : aa6c3259825e4b8c92bd0f601089ddf7
-
Virtualization : kvm
Operating System : Red Hat Enterprise Linux Server 7 . 0 ( Maipo)
CPE OS Name : cpe : /o : redhat : enterprise_linux : 7 . 0 : beta : server
Kernel : Linux 3 . 10 . 0-97 . el7 . x86_64
-
Architecture : x86_64
[ root@desktopX -]# cat /etc/host name
desktopX . example . com
-
-
' Important
The static host n a m e is stored i n / e t c / h o s t n ame. P revious vers i o n s
-
-
of Red H a t Ente r p r i s e L i n u x stored t h e h o s t n a m e a s a va r i a b l e i n t h e
/ etc / sysconfig/netwo r k f i l e.
Configuring name resolution -

-
T h e stub resolver is u s e d to co nvert host n a m e s to I P a d d resses or t h e reverse. T h e contents of
t h e f i l e /etc/hos t s a re c h e c ked fi rst.
[ root@desktopX -]# cat /etc/ho s t s

127 . 0 . 0 . 1
: :1
localhost localhost . localdomain localhost4 localhost4 . localdomain4
localhost localhost . localdomain localhost6 localhost6 . localdomain6
172 . 25 . 254 . 254 classroom . example . com
-
172 . 25 . 254 . 254 content . example . com
-
-
-
282 R H 1 24- R H E L 7-e n-1-20140606
-
Confi g u r i n g n a m e reso l ut i o n
-
The g e t e n t hos t s hos tname c o m m a n d c a n be u s e d to t e s t host n a m e reso l ut i o n with t h e

/ e t c / ho s t s fi l e.
-
I f a n e n t ry is not fo u n d i n t h a t f i l e, t h e stub reso lver l o o ks for t h e i nfo rmation from a D N S

n a m ese rve r. T h e / e t c / resolv . c o n f f i l e contro l s h o w t h i s q u e ry is d o n e:
-
• n amese rve r: t h e I P a d d ress of a n a m ese rver to q u e ry. U p to t h ree n a meserver d i rectives m a y

be g iven to provide b a c k u p s i f o n e i s d o w n .
-
• sea r c h : a l ist o f d o m a i n n a m es to try with a s h o rt host n a m e. Both t h i s a n d domain s h o u l d

n o t b e s e t i n t h e s a m e f i l e ; i f t h ey a re, t h e l a st i n stance w i ns. S e e resolv . conf(5) f o r d eta i l s.
[ root@desktopX - ] # cat /etc/resolv . conf

-
Generated by NetworkManager
domain example . com
#
search example . com

-
nameserver 172 . 25 . 254 . 254

-
N etwo r k M a n a g e r w i l l u p d ate the / e t c / r esolv . conf f i l e u s i n g D N S sett i n g s in the c o n n e c t i o n

confi g u ra t i o n f i l es. U s e t h e n m c l i to mod ify t h e connections.
I [ root@desktopX
[ root@desktopX
-
.-- �� .��
!
i -]# nmcli con mod ID ipv4 . dn s IP
I [ root@desktopX
-] # nmcli con down ID
[ root@desktopX
;;�1"8. B B. B
j
- -] # nmcli con up ID
I -]# cat /etc/sysconfig/networ k - sc ript s/ifcfg - ID
L
The defa u l t behavior of nmcli con mod I D ipv4 . d n s I P i s to re p l ace any prev i o u s D N S
-
sett i n g s w i t h t h e n e w I P l i st prov i d e d . A +/- sy m bo l i n front o f t h e ipv4 . dns a rg u m e n t w i l l a d d

o r remove a n i n d i v id u a l ent ry.
[ root@desktopx
-
- ] # nmcli con mod ID +ipv4 . dn s IP
-
The host HOSTNAME c o m m a n d c a n b e used to test D N S server c o n n ect i vity.
[ root@desktopX - ] # host class room . example . com

classroom . example . com has address 172 . 25 . 254 . 254
[ root@desktopX - ] # host 172 . 25 . 254 . 254
-
-
254 . 254 . 25 . 172 . in-addr . arpa domain name pointer classroom . example . com .
9 Important
I f D H C P is i n use, / e t c / re solv . conf is a utomatica l l y rew ritten a s inte rfaces a re
sta rted, u n l ess you s pecify P E ERDNS=no i n t h e rel eva n t i nterface config u ra t i o n f i l es.
-
The c h a n g e can b e m a d e w i t h nmcli.
-
[ root@desktopX - ] # nmcli con mod "System eth0 " ipv4 . ignore - au t o - d n s yes
- R H1 24- R H E L 7-en-1-20140606 283
-
-
R References
"'· -�·
-
nmcli(l ), host namec t l(l), hos t s ( 5 ) , g e t e n t (l ) , host(l), a n d r esolv . conf(5) m a n

pages
-
A d d i t i o n a l i nfo r m a t i o n may b e a va i l a b l e i n t h e c h a pter o n config u ri n g host n a mes in
t h e Red Hat Enterprise Linux Networking Guide for Red H a t Enterprise Linux 7, w h i c h
c a n b e fou n d a t -
http ://d o cs.red h a t.com/
284 R H1 24- R H E L7-en-1-20140606 -
-
-
Practice: Confi g u r i n g Host N a m es a n d N a m e Reso l ut i o n

-
P ra ct i ce: Co nfi g u ri n g H ost N a mes a n d N a m e

-
Reso l ut i o n
-
Guide d exercise
- I n t h i s l a b, you w i l l config u re t h e system host n a m e a n d n a m e reso l ut i o n .
O ut c o m e s :
C u sto m ized host n a m e and name reso l ut i o n sett i n g s.

- Reset your serverX syst e m .
0 1. View t h e c u rrent h o s t n a m e sett i n gs.

-
0 1 .1 . D i s p l a y t h e cu rrent host n a me.
[student@serverx -]$
serverX. example . com
host n ame
-
-
0 1 .2. D i s p l a y t h e h ost name status.
[ student@serverx -]$ host name c t l s t a t u s

Static hostname : n/a
Transient hostname : serverX. example . com
-
Chassis : n/a
Machine I D : 9f6fb63045a845d79e5e870b914c61c9
Boot ID : d4ec3a2e8d3c48749aa82738c0ea946a
-
Operating System : Red Hat Enterprise Linux Server 7 . 0 ( Maipo )

Kernel : Linux 3 . 10 . 0-97 . el7 . x86_64
L
Architecture : x86_64
-
��
-
0 2. Set a sta t i c h ost n a m e to match t h e c u r re n t t ra ns i e n t host n a me.
0 2.1 . C h a n g e t h e host n a m e a n d host n a m e config u ration f i l e. R e p l a c e t h e X w i t h your

-
stat i o n n u m be r a n d m atch t h e o u t p u t of t h e p rev i o u s step.
-
I [student@serverx -]$ s u d o h o s t namec tl set - host name se rve rX . example . com
I
0 2.2. V i ew t h e conf i g u ra t i o n f i l e prov i d i n g t h e h ost n a m e at network start.
[student@serverx -]$
-
L
cat /etc/host name
0 2.3. D i s p l a y the host n a m e sta t u s .
[student@serverX -]$ host namec tl s t a t u s

Static hostname : serverX. example . com
-

-
- R H1 24- R H E L 7-en-1 -20140606 285
-
-
Chassis : n/a
-
Machine ID : 9f6fb63045a845d79e5e870b914c61c9
Boot ID : d4ec3a2e8d3c48749aa82738c0ea946a
Operating System : Red Hat Enterprise Linux Server 7 . 0 { Maipo )
-
Kernel : Linux 3 . 10 . 0-97 . el7 . x86_64

Architecture : x86_64 -
D 3. Te m p o ra r i l y c h a n g e the host n a m e. -
D 3.1 . C h a n g e t h e h ost n a m e.
[student@serverx
r--·��---, -
- ] $ sudo host name tes tname
D 3.2. D i s p l ay t h e c u rrent host n a m e. -
[student@serverx
test name
- ] $ host name
-
1 [student@serverX
D 3.3. V i ew the confi g u ra t i o n f i l e p rov i d i n g the host n a m e at n etwo r k sta rt.
-
serverx. example . com

- ] $ cat /etc/ho s t n ame
L___·��--'
D 3.4. Re boot t h e syste m.
I [ student@serverX - ] $
-
reboot
-
D 3.5. D i s p l a y t h e c u rrent host n a m e.
[ student@serverx - ] $
host name -
D 4. Add a loca l n i c k n a m e for the c l a ss room server. -
D 4.1 . Look u p t h e I P a d d ress of t h e c l a s s ro o m .exa m p l e.com.
[ student@serverx - ] $ host clas s r oom . example . com

-
classroom . example . com has address 172 . 25 . 254 . 254

-
D 4.2. M o d ify / e t c /hos t s so t h a t the n a m e class has the I P a d d ress 172.25.254.254

a n d can b e used to com m u n i cate w i t h c l a s s room.exa m p l e.co m .
[ student@serverx - ] $ sudo v i /et c/host s

-
[ student@serverX - ] $ cat /etc/host s

127 . 0 . 0 . 1 localhost localhost . localdomain localhost4
localhost4 . localdomain4
-
: :1 localhost localhost . localdomain localhost6

localhost6 . localdomain6
172 . 25 . 254 . 254 classroom . example . com class
-
-
286 R H 1 24- R H EL 7-en-1-20140606
-
-
172 . 25 . 254 . 254 content . example . com

-
-
D 4.3. Look up the I P a d d ress of the c l ass.
[student@serverX - ] $ host class

-
-
Host class not found : 2 (SERVFAIL)
[student@serverX - ] $ getent hosts class
172 . 25 . 254 . 254 classroom . example . com class l
D 4.4. Ping c l ass.
[student@serverX - ] $ p i n g - c3 class
PING classroom . example . com ( 172 . 25 . 254 . 254) 56( 84 ) bytes of data .
-
64 bytes from classroom . example . com ( 172 . 25 . 254 . 254 ) : icmp_seq=1 ttl =64
time=0 . 397 ms
64 bytes from classroom . example . com ( 172 . 25 . 254 . 254 ) : icmp_seq=2 ttl=64
-
time=0 . 447 ms
64 bytes from classroom . example . com ( 172 . 25 . 254 . 254 ) : icmp_seq=3 ttl=64
-
time=0 . 470 ms
- - - classroom . example . com ping statistics - - -
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0 . 397/0 . 438/0 . 470/0 . 030 ms
-
- R H 1 24- R H E L7-en-1 -20140606 2 87
-
-
C h a pt e r 1 1 . M a n a g i n g Red H a t Enterprise L i n u x N etwo r k i n g
L a b: M a n a g i n g Red H at E nt e r p r i se L i n ux
-
N etwo r k i n g
-
Performance checklist
-
I n t h i s l a b , you w i l l config u re b a s i c 1 Pv4 n etwo r k i n g on Red H a t Enterprise L i n u x systems.
Outcomes:
-
T h e p r i m a ry i nte rface h a s two sta t i c I Pv4 a d d resses confi g u re d .
Before you begin. . .

Reset you r desktopX syst e m . -
1. C reate a new connect i o n with a static n etwo rk c o n n e c t i o n u s i n g t h e sett i n g s i n t h e ta b l e. B e

s u re to re p l a ce t h e X w i t h t h e correct n u m be r for you r systems. -
Para m eter Sett i n g

-
Connection name lab
I P a d d ress 172.25.X.1 0/24
Gateway a d d ress 172.25.X.254
D N S a d d ress 172 .25.254.254
-
2. Conf i g u re t h e n e w c o n n e c t i o n to b e a u tostarted. O t h e r c o n n e c t i o n s s h o u l d n o t start
a ut o m a t i ca l l y.
-
3. M o d i fy the new c o n n e c t i o n so that it a l so uses the a d d ress 1 0.0.X.1 /24.
4. Confi g u re t h e hos t s f i l e so t h a t 1 0.0.X.1 can be refere nced as " pr i vate " .

-
5. Reboot t h e system , t h e n r u n l a b netwo r k g r ad e to verify sett i n g s .
288 R H 1 24- R H E L7 - e n -1-20140606 -
-
Solution
Solution
I n t h i s l a b , you w i l l c o n f i g u re b a s i c 1 Pv4 n etwor k i n g o n Red H a t Enterprise L i n u x system s.
Outcomes:
The p r i m a ry i nterface h a s two stat i c 1 Pv4 a d d resses config u re d .

Reset you r d e s ktopX system.
1. C reate a new con nection with a sta t i c n etwork c o n n ection u s i n g the sett i n g s in the t a b l e. Be
s u re to r e p l a ce the X with the correct n u m b e r for your systems.
Parameter Setti n g
Con nection n a m e lab
I P a d d ress 172.25.X.1 0/24
Gateway a d d ress 172.25.X.254
D N S a d d ress 172.25.254.254
[ r o o t@d e s k t o p X - ] # nmcli con add con - name lab ifname etho type ethe rnet ip4
172 . 25 . X . 10/24 gw4 172 . 25 . X . 254
[ r oot@d e s k t o p X - ] # nmcli con mod " la b " ipv4 . dns 172 . 25 . 254 . 254
2. Confi g u re the new connection to be a utosta rted. Other connections s h ou l d not sta rt
a u t o m a t i ca l l y.
[ r o o t@d e s k t opX - ] # nmcli con mod " lab" connection . autoconnect yes
[ r oot@d e s k t o p X - ] # nmcli con mod "System ethO" connection . autoconnect no
3. M od ify the new c o n nection so that it a l so uses the a d d ress 1 0.0.X.1 /24.
[ r oot@d e s k topX - ] # nmcli con mod " lab" +ipv4 . addresses 10 . 0 . X . 1/24
Or a ltern ately:
[ root@d e s k t o pX - ] # echo " I PADDR1=10 . 0 . X . 1 " » /etc/sysconfig/netwo r k - s c ripts/ifcfg

lab
[ r oot@d e s k t opX - ] # echo " PREFIX1=24" >> /etc/sysconfig/netwo r k - sc ripts/ifcfg- lab
4. Confi g u re t h e host s file so t h at 1 0.0.X.1 ca n be refe renced as " p riva t e " .
[ r oot@d e s k t o p X - ] # echo " 10 . 0 . X . 1 privat e " > > /etc/hosts
5. Re boot t h e system, then run lab ne two r k g rade to verify sett i ngs.
[ r o o t @d e s k t op X - ] # lab netwo r k g rade
R H1 24-RH EL 7-en-1-2 0140606 289

-

-
S u m m a ry -
N etwo r k i n g Concepts
L ist feat u res of computer netwo r k i n g . -
Va l i d a t i n g N etwork Config u ra ti o n
U s e b a s i c u t i l ities to dete r m i n e c u rrent n etwork confi g u ra t i o n .
-
Confi g u r i n g N etwo r k i n g with nmcli

M a n a g e n etwo r k d evices w i t h com m a n d - l i n e u t i l ities.
Edit i n g N etwo r k Confi g u ra t i o n F i l e s

M od ify n e t w o r k confi g u rati o n f i l es.
-
Config u r i n g H ost N a mes and N a m e Reso l ut i o n

D i s p l ay a n d c h a n g e system host n a m e a n d n a m e res o l ution confi g u ra t i o n .
-
290 R H 1 24- R H E L7-en-1-20140606

Linux Essential B 1 4

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Linux Essential B 1 4

Uploaded by

Copyright:

Available Formats

-

C h a pte r 1 0. A n a l y z i n g a n d Sto r i n g Logs

Analyze a syslog entry

Monitor a log file with t ail

I t is especia l l y h e l pf u l for re p rod u c i n g p ro b l e m s a n d issues t o m o n itor o n e o r m ore l o g f i l e s for

To monitor for fa i l e d login attem pts o n o n e term i n a l , r u n s s h a s user root w h i l e a u s e r tries to -

[ root@serverX -]$ t ail f /var/log/secure -

port 56801 ssh2

Send a syslog message with l o g g e r

The logge r co m m a n d c a n s e n d messages to t h e r syslog se rvice. By defa u l t . it s e n d s t h e -

i - ] $ logger -p local7 . notice " Log e n t r y c reated on s e rverX"

236 R H 1 24- R H E L 7 - e n -1 -20140606 -

S e n d a sys log message w i t h logge r

A d d i t i o n a l i n fo r m a t i o n m a y b e a va i l a b l e in t h e Red Hat Enterprise Linux System

- R H 1 24- R H E L 7-en-1-20140606 237

C h a pter 1 0. A n a l y z i n g a n d Sto r i n g Logs

P ra ct i ce: Fi n d i n g Log E nt ries

I n t h i s l a b, you w i l l reconfig u re r syslog to write specific messages to a new l og f i l e.

D 1. Config u re rsyslog o n serverX to log a l l messages with severity d e b u g i n t h e n e w l y

[ root@serverx - ] # echo " * . debug /var/log/messages - debu g " >/et c / rsyslog . d/

D 1 .2. Restart t h e rsys log s e rvice on se rve rX.

D 2 .1 . M onitor t h e /var /log/messages - debug w i t h t h e t ail c o m m a n d o n serverX.

D 2.2. O n a s epa rate term i n a l w i n dow, u s e t h e log g e r c o m m a n d to g e n e rate a d e b u g -

D 2.3. Switch b a c k to t h e t e rm i n a l st i l l r u n n i n g t h e t ail - f /var /log/messages ­ -

[ root@serverx - ] # t ail - f /var/log/message s - debug

Feb 13 10 : 37 : 44 localhost root : Debug Message Test -

238 R H 1 24-RH E L 7-e n-1-20140606 -

Rev i ew i n g syst e m d J o u r n a l Entries

Finding events with

[ root@serverx -)# j ou r nalc t l

Feb 13 10 : 10 : 01 server1 systemd [1) : Started Session 725 of user root .

The key to s u ccessf u l l y u s i n g t h e j o u r n a l for t ro u b l e s h o ot i n g a nd a u d i t i n g is to l i m it t h e jo u r n a l

- By defa u lt. j ou r nalc t l -n s h ows t h e l a st 1 0 l o g e n t ries. I t ta kes a n o pt i o n a l p a ra m eter for h o w

W h e n trou b l es h o ot i n g p ro b l e m s , it is usef u l to fi l t e r t h e output of t h e j o u r n a l by p r i o rity of

To fi lter t h e o u t p u t of t h e j ou r nalc t l co m m a n d to o n l y l i st a ny l o g e n t ry of p r i o rity err o r

- R H1 24- R H E L7-e n-1-20140606 239

C h a pter 1 0. A n a l y z i n g a n d Sto r i n g Logs

S i m i l a r to the t ail - f c o m m a n d , j ou r n alc t l - f outputs t h e l a st 1 0 l i nes of t h e j o u r n a l and

W h e n l o o k i n g for specific events, it is usefu l to l i m i t t h e o u t p u t to a specific t i m e frame. T h e

O u t p u t a l l j o u r n a l entries t h a t got record e d today:

j ou rnalctl - - since today

O u t p u t t h e j o u r n a l entries from 1 0 t h Fe b r u a ry 2014 20:30:00 to 1 3 t h Fe b r u a ry 2014 1 2 : 00:00:

I [ root@serverX -]# j ou r nalc tl - - since " 2014 - 02 - 10 20 : 30 : 00 " - - un t il " 20 14 - 92 - 13 12 : 00 : 00 " I -

[ root@serverx -]# j ou r nalctl - o verbose

_SYSTEMD_CGROUP=/system . slice/sshd . service

_CMDLINE=sshd : root [priv]

MESSAGE=Failed password for root from 172 . 25 . X . 10 port 59371 ssh2

A m o n g t h e m o re usef u l o p t i o n s to searc h for l i n e s rel eva nt to a partic u l a r p rocess o r eve nt a re :

• _EX E T h e path to t h e executa b l e for t h e process -

- • _U I O The U I O of t h e user r u n n i n g the p rocess

_SYST E M O_U N I T T h e syste m d u n it that sta rted t h e process

[ root@serverX -]# j ou r nalc t l _SYSTEMD_UNIT=sshd . se rvice _PID=1182

j ou r nalc t l(1 ) a n d system d .j o u rn a l-fie l d s (7 ) m a n pages

Addi ti o n a l information m a y b e ava i l a b l e i n t h e Red Hat Enterprise Linux System

- R H 1 24- R H E L 7-en-1-20140606 241

P ra ct ice: Fi n d i n g Eve nts Wit h j o u rn a l ct l

I n t h i s l a b, you w i l l f i l t e r t h e syste m d j o u r n a l for specific c r i t e r i a .

D 1. O u t p u t o n l y s y s t e m d j ou r n a l m essages t h a t o r i g i n ate from t h e syst emd p rocess t h a t -

D 3. Output t h e j o u r n a l m essages w i t h prio rity wa rning and a b ove o n se rverX.

D 4. C reate a j ou r nalc t l q u e ry to s h ow a l l log eve nts record e d i n t h e previous 1 0 m i n utes

I j ou r nalc t l - - since 9 : 00 : 00 _SYSTEMD_UN IT= " sshd . servic e "

242 R H 1 24- R H E L7 - e n -1-20140606 -

P rese rvi n g t h e syste m d J o u rn a l

Store the syste m journal per manently

D 2.3. Switch b a c k to t h e t e rm i n a l st i l l r u n n i n g t h e t ail - f /var /log/messages -

- E n s u re t h a t t h e /va r / log/j o u r nal d i rectory is owned by the root u s e r a n d g ro u p syste md