Professional Documents
Culture Documents
C» Feb 11 20 : 11 : 48 E> 1ocalhost sshd [1433] : Failed password for student from
172 . 25 . 0 . 10 port 59344 ssh2
E> C> -
_
i --- - - - --·---·--- ·-�,
-
ct The t i m e sta m p w h e n t h e log e n t ry was record e d .
E) The host from w h i c h t h e log message was sent.
E) The progra m or p rocess that sent t h e log message. -
() The act u a l message sent.
log i n to t h e serverX m a c h i n e :
Feb 10 09 : 01 : 13 localhost sshd [2712] : Accepted password for root from 172 . 25 . 254 . 254
-
root by ( uid=0)
[ root ; @serverX
-
-
-
- R References
logge r (1), t ail(1 ), rsyslog . conf(5), a n d log r o t ate(8) m a n pages
- r syslog M a n u a l
• / u s r /share/doc / r syslog - * /manual . h t m l p rov i d e d b y t h e rsys/og-doc
package
-
-
-
Guided exercise -
i [ root@serverx - ] # systemctl r e s t a r t
� --�- -----���-
-
- -·
----�-- ---
rsyslog
------- -�-�-----]
-
D 2. G e n e rate a d e b u g l o g message w i t h t h e logge r com m a n d a n d verify that t h e message
gets l o g g e d to t h e l o g f i l e /va r /log/me s s ages - de b u g w i t h t h e t ail co m m a n d o n
serverX.
-
[ root@serverx
l -
I - ] # t ail - f /var/log/message s - debug
l
message o n se rve rX .
,
i [ root@serverx
.------�-----------··
!
··- -- --- -------�
- ] # logger - p u s e r . debug " De b u g Message Tes t "
-
-
-
Rev i ew i n g syst e m d J o u rn a l E nt ri es
-
-
O bjectives
After com p l et i n g t h i s sect i o n , students s h o u l d be a b l e to f i n d a n d i nterpret l o g e n t r i e s in t h e
syste m d j o u r n a l to trou b l eshoot p ro b l e m s o r review syste m status.
j o u r n alc t l
-
Important
- I n Red Hat E n t e r p r i s e L i n u x 7, t h e sys t e m d j o u r n a l is stored i n / r u n / log by d e fa u lt.
and its contents a re c l e a red after a re boot. This sett i n g can b e c h a n g e d by t h e syste m
a d m i n istra t o r a n d i s d i s c u ssed e l sew h e re i n t h i s cou rse.
-
The j ou rnalc t l com m a nd s hows the fu l l syst e m j o u r n a l , sta rti n g with the o l d e st log ent ry,
-
w h e n r u n as root us er :
I [ root@serverX - )# j ou rnalctl - n 5
I
[ root@serverx -]#
--
j ou r nalct l - p e r r
-
-
I
I [ root@serverX -]# j ou r nalctl - f
!
-
[ root@serverx -]#
-
l - -- - - -� j
I n a d d i t i o n to t h e vis i b l e content of t h e j o u r n a l , t h e re a re f i e l d s a ttached to t h e log e n t ries that
-
can o n l y be seen w h e n verbose o u t p u t is t u rn e d o n . All of t h e d i s p l ayed extra fie l d s c a n be used
to f i l t e r t h e output of a j o u r n a l q u e ry. T h i s is usef u l to red uce t h e output of c o m p l ex searches for
cert a i n events i n t h e j o u r n a l .
-
PRIORITY=6
UID=0
_GID=0
_BOOT_ID=1ea26e84667848af9a4a2904a76ff9a5
-
_MACHINE_ID=4513ad59a3b442ffa4b7ea88343fa55f
_CAP_EFFECTIVE=0000001fffffffff
_TRANSPORT=syslog
-
SYSLOG_FACILITY=10
SYSLOG_IDENTIFIER=sshd
_COMM=sshd
_EXE=/usr/sbin/sshd
-
_CO M M T h e n a m e of t h e c o m m a n d
-
240 R H 1 24- R H E L 7-en-1-20140606
-
-
F i n d i n g events w i t h j ou r nalc t l
-
• _P I O T h e P I O o f t h e p rocess
Note
-
For a l ist of co m m o n l y u s e d j o u r n a l f i e l d s , cons u l t t h e syste m d .j o u r n a l -f i e l d s(7) m a n
page.
-
R References
-
-
-
C h a pter 1 0. A n a l y z i n g a n d Sto r i n g L o g s
-
Guide d exercise -
-
Outcomes:
S t u d e nts w i l l p ractice d i s p l ay i n g the syst emd j o u r n a l output m a tc h i n g d ifferent crite r i a .
I [ root@serverx -]#
a l ways r u n s with p rocess i d 1 o n se rve rX.
-
j ou r nalc t l _PID=1
D 2. D i s p l a y a l l syst emd j o u r n a l messages t h a t o r i g i nate from a syste m se rvice sta rted with -
! [ root@serverx -]#
u s e r i d 81 on serverX.
r----���� ·-������-�--��---.
j ou r nalc t l _UID=81 -
;
[ root@serverX -]#
r-
! j ou rnalc t l - p wa rning
L__ _���·
-
! [ root@serverx - ] # j ou r nalc t l
-
- ·-·-- - - -
,-
- - since 9 : 05 : 00 - - u n t il 9 : 15 : 90
-------�
-
D 5. D i s p l a y only t h e eve nts o ri g i n a t i n g from t h e s s hd service with the system unit f i l e
s s h d . se rvice recorded s i n ce 9:00:00 t h i s m o r n i n g o n s e rverX.
[ root@serverx -]#
-
-
-
Preserv i n g t h e syste md J o u r n a l
-
-
Objectives
Afte r com p l et i n g t h i s sect ion, students s h o u l d be a b l e to confi g u re syst emd - j ou r nald to store
its j o u r n a l o n disk rat h e r than i n m e m o ry.
-
-
The syste m d j o u r n a l c a n be m a d e persistent by creat i n g t h e d i rectory /var/log/j ou r nal a s
user root:
- I
I [root@serverx -]# mkdir /var/log/j o u r nal
[root@serverx -]#
[root@serverx -]#
-
c hown root : syst emd - j o u rnal /var/log/j ou rnal
chmod 2755 /var/log/j ou rnal
-
E i t h e r a re boot of the system or s e n d i n g the s p e c i a l s i g n a l USRl a s user root to the syst emd
j ou r nald p rocess is req u i red.
I [root@serverx -]#
-
-
S i nce t h e systemd j o u r n a l is now persistent a c ross reboots, j ou r nalc t l - b c a n red u ce t h e
o u t p u t by o n l y s h o w i n g t h e l o g m e s s a g e s s i n c e t h e last b o o t of t h e syste m .
[root@serverX -]#
-
j ou r nalc tl - b
-
-
Note
-
R References -
��- -- __j
mkd i r (1 ) , syst emd - j o u r nald (1 ), a n d killall(1 ) m a n pages
Add i t i o n a l i nfo r m a t i o n may be ava i l a b l e i n the Red Hat Enterprise Linux System -
-
-
J o u rn a l
-
Guided exercise
-
I n t h i s l a b, students w i l l m a ke t h e syste m d j o u r n a l persistent.
Outcomes:
-
The syst emd jou rna l i s writte n to d is k .
[ root@serverx -]# m k d i r
[ root@serverx -]# chown
-
/var/log/ j ou rnal
I [ ro ;t@serverX -]#
D 1.2. S e n d the USRl s i g n a l to the syst emd - j ou r nald o r reboot serverX.
-
killall - USR1 systemd - j o u rnald
!
-
-
O bjectives
-
Aft e r com p l et i n g t h i s sect i o n , students s h o u l d be a b l e to m a i nt a i n a ccu rate t i m e syn c h ro n i z a t i o n
a n d t i m e z o n e co nfig u ra t i o n to e n s u re correct t i mesta m p s i n system l og s .
-
NTP synchronized : no
RTC in local TZ : no
DST active : no
Last DST change : DST ended at
-
[student@serverX -]$
Africa/Abidj an
t imedatectl lis t - timezones
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
-
Africa/Asmara
Africa/Bamako -
-
-
....
RTC in local TZ : no
- DST active : n/a
To c h a n g e t h e c u rrent t i m e a n d d a t e sett i n g s w i t h t h e t imed a t e c t l com m a n d , t h e s e t - t ime
option is a va i l a b l e. The time is specified in the " YYYY- M M - D D h h : m m:ss" format, w h e re e i t h e r
d a t e o r t i m e c a n be o m itted. To c h a n g e t h e t i m e to 09:00:00, r u n :
[root@serverx -]$
[root@serverX -]$
-
t imedatectl set - time 9 : 00 : 00
-
By defa u l t , c h r o nyd uses servers from t h e N T P Pool P roj ect for t h e t i m e syn c h ro n ization a n d
does n o t n e e d a d d i t i o n a l confi g u ra t i o n . I t m a y be usef u l t o c h a n g e t h e N T P servers w h e n t h e
m a c h i n e i n q u est i o n i s o n a n isolated netwo r k .
-
-
-
-
The fi rst a rg u m e n t of the se rve r l i n e i s the IP a d d ress or DNS name of the NTP server. Fo l l ow i n g
t h e se rve r I P a d d ress o r n a me, a s e r i e s of opt i o n s for t h e s e r v e r can b e l i sted. I t is reco m m e nded
to u s e the ibu r s t o pt i o n , beca use after t h e service sta rts, fo u r mea s u re m ents are t a k e n i n a
-
s h o rt t i m e period for a m o re accu rate i n it i a l c l o c k syn c h ro n ization.
-
After p o i n t i n g c h ronyd t o t h e l oca l t i m e sou rce, c l a s s room.exa m p l e.co m , t h e service n e e d s t o b e
resta rted:
[ root@serverx -]#
-
Source mode ' A ' server, peer, ' # ' local clock.
I . - Source state ' * ' = current synced, ' + ' = combined , ' - ' = not combined ,
= ' =' = =
I I ' ? ' unreachable, ' x ' time may be in error , time too variable .
-
I I I = -
\ estimated error .
I I =
I I I
MS Name/IP address
=
1 1 I I -
The * c h a racter i n t h e 5 (Sou rce state) fie l d i n d icates t h a t t h e c l a s s room .exa m p l e.com s e rver h a s
b e e n u s e d a s a t i m e s o u rce a n d i s t h e N T P s e r v e r t h e m a c h i n e is c u r re n t l y sy n c h ro n ized to.
-
��
.....
Note
-
Red H a t E n t e r p r i s e L i n u x 6 a n d e a r l i e r u s e n t pd a n d n t p q to m a n a g e t h e N T P
config u ra t i o n . Fu r t h e r i nfo r m a t i o n may b e fou n d i n t h e d o c u mentat i o n f o r R e d H a t
Enterprise L i n u x 6. -
-
-
Confi g u r i n g a nd m o n i t o r i n g c h ro nyd
-
- R References
t imedatec t l(l), t z selec t (8), c h ronyd( 8) , ch rony . conf(5), a n d ch ronyc(l ) m a n
pages
-
N T P Pool Project
- http://www. p oo l . ntp.org /
T i m e Zone Database
-
http://www. i a n a . o rg/t i m e-zones
-
-
Quiz -
d . Tu r n o n NTP sy n c h ro n ization.
-
-
250 R H 1 24- R H E L7-en-1-20140606
-
-
S o l ut i o n
-
Solution
-
4 d . Tu r n o n N T P syn c h ro n i z a t i o n .
- R H 1 24- R H E L 7-en-1-20140606 2 51
-
-
L a b : A n a l yz i n g a n d Sto ri n g Logs -
Outcomes:
The time z o n e sett i n g o n t h e serverX m a c h i n e is a dj u sted; a l l syst emd j o u r n a l entries recorded ·-
i n a given time fra m e a re d i s p l ayed; a l l sys l og messages with t h e a u t h p r i v fa c i l ity and seve rity
a l e rt a re l o g g e d i nto a s e p a rate log f i l e.
-
252 R H 1 24- R H E L7-e n-1-20140606
-
-
S o l ut i o n
-
Solution
-
I n t h i s l a b, students wi l l c h a n g e t h e t i m e z o n e a n d l o g a l l a u t h e nt i ca t i o n fa i l u re l o g e n t ries i nto a
sepa rate fi l e.
-
Outcomes:
The time z o n e sett i n g o n t h e serverX m a c h i n e is adjusted; a l l sys t emd j o u rn a l e n t ries recorded
i n a g iven time fra m e a re d i s p l ayed; a l l sys log messages w i t h t h e a u t h p r i v fac i l ity and seve rity
-
a l ert a re l o g g ed i nto a sepa rate l o g f i l e.
Africa/Abidj an
list - t imezon e s
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
-
Africa/Asmara
America/Jamaica
-
-
I [ root@serverx -]#
i
t imedatectl set - t imezone Ame r ica/J amaica
[ root@serverx -]#
Local time : Thu 2014-02-13 11 : 16 : 59 EST
t imedatectl
-
DST active : n/a
2. Display all syst emd j o u r n a l e n t ries reco rd ed i n t h e l a st 3 0 m i n utes o n serverX.
-
A s s u m i n g the c u rrent time i s 9:30:00, the fo l l ow i n g c o m m a n d wo u l d be used
-
I [ root@serverx -]# j ou rnalc t l - - since 9 : 00 : 00 - - u n t i l 9 : 30 : 00
-
-
[ root@serverX -]# echo " au t h p riv . ale r t /var/log/au t h - e r ro r s " >/e t c / r syslog . d/ -
au t h - e r ro r s . conf
-
-
Solution
-
S u m m a ry
-
Reviewi n g Sys l o g Fi l es
T h e syste m l o g f i l e s a re m a i n ta i n e d by r syslog.
M a i nta i n i n g A cc u rate T i m e
- T i m e sy n c h ro n ization is i m porta n t for l o g f i l e a n a l ys i s .
-
-
"""'I
'
--
--
'
256
red h at ®
®
TRAINING
C H A PT E R 1 1
Overview
N etwo r k i n g C o n c e pts
Objectives
After com p l e t i n g t h i s sect i o n , s t u d e n t s s h o u l d be a b l e to ex p l a i n f u n d a m e n t a l concepts of
c o m p u t e r netwo r k i n g .
-
1 Pv4 networking
TC P/ I P sta n d a rds fo l l ow a fou r-layer network m o d e l specified i n R FC1122. -
• Application
-
• Transport
• Internet
-
T h e I nternet. or network l ayer, carries d ata from t h e s o u rce host to t h e dest i n at i o n host. Each
host has a n I P a d d ress and a p refix u s e d to dete r m i n e network a d d resses. Routers a re u s e d to
-
con nect networks.
I C M P i s a control p rotocol a t this l ayer. I n stead of po rts, it has types. T h e ping u t i l ity i s a n
exa m p l e o f u s i n g I C M P p a c kets t o test connectiv ity. ping s e n d s a n I C M P EC H O_R E O U EST
pac ket. A s u ccessfu l ping receives an I C M P E C H O_R E P LY a c k n ow l e d g m e nt. A n u n s u ccessf u l
p i n g m a y receive I C M P e rro r messages s u c h a s "dest i n a t i o n u n reacha b l e " o r m a y n ot receive
-
any res p o n se.
· Link
-
network segment.
-
-
1 Pv4 netwo r k i n g
-
I P Add ress:
172 . 17 . 5 . 3 - 10101100 . 00010001 . 00000101 . 00000011
- r------
P refix: / 1 6
N et m a s k: "'\
255 . 255 . 0 . 0 - 11111111 . 11111111 . 00000000 . 00000000
"'------v---../
10101100 . 00010001 . 00000101 . 00000011
-
-----""_____../
"'-
N etwork H ost
- I P Add ress:
192 . 168 . 5 . 3 - 11000000 . 10101000 . 00000101 . 00000011
-
Prefix: / 2 4
N e t m a s k:
-
255 . 255 . 255 . 0 11111111 . 11111111 . 11111111 . 00000000
- '---.,-../
1 1 0 0 0 0 0 0 . 1 0 1 0 1 0 0 0 . 0 0 0 0 0 10 1 . 0 0 0 0 0 0 1 1
N etwork H ost
-
Figure 11.1: /Pv4 addresses and netmasks
-
1 Pv4 a d d resses
A n 1 Pv4 a d d ress is a 32-bit n u m be r, n o r m a l l y e x p ressed i n d e c i m a l a s fo u r octets ra n g i n g in va l u e
from 0 to 255, s epa rated b y dots. T h e a d d ress i s divided i nto two pa rts: t h e network part a n d t h e
-
host part. A l l hosts o n t h e s a m e s u b n et, w h i c h c a n ta l k t o e a c h ot h e r d i rect l y w i t h o u t a ro uter,
have t h e s a m e n etwo r k pa rt; t h e network pa rt i d e ntifies t h e s u b net. N o two hosts o n t h e s a m e
s u b n et c a n h ave t h e s a m e host p a r t ; t h e h o s t p a r t identifies a particu l a r h o s t o n a s u b n et.
-
w h i c h is a s s i g n e d to t h e s u b n et. T h e n et m a s k i n d icates how m a ny bits of t h e 1 Pv4 a d d ress b e l o n g
t o t h e s u b n et. The m o re b its t h a t a re ava i l a b l e fo r t h e host pa rt, t h e m o re hosts c a n be on t h e
-
s u b n et .
The l owest poss i b l e a d d ress o n a s u b net ( h ost part is a l l zeros i n b i n a ry) i s sometimes c a l l e d t h e
-
network address. The h i g hest poss i b l e a d d ress o n a s u b net ( h ost p a r t i s a l l o n e s i n b i n a ry) is used
for broad cast messages i n 1 Pv4, and i s ca l l ed t h e broadcast address.
-
N etwo r k m a s ks a re expressed i n two forms. T h e o l d e r sy ntax for a n et m a s k w h i c h u ses 24 bits for
t h e n etwo r k part wou l d read 255. 255. 255. 0. A newer syntax, ca l l ed C I D R n otat i o n , wou l d spec ify
a network prefix of 124. Both forms co nvey the s a m e i nfor m a t i o n ; n a m e l y, how m a ny l e a d i n g bits
i n t h e IP a d d ress cont r i b ute to its n etwo r k a d d ress.
The exa m p l e s w h i c h fo l l ow i l l u st rate how the IP a d d ress, p refi x ( n e t m a s k ) , n etwo r k part, and host
-
part a re re l a ted.
-
C h a pt e r 1 1 . M a n a g i n g Red H a t Enterprise L i n u x Netwo r k i n g
-
The spec i a l a d d ress 1 27.0.0.1 a l ways p o i n t s to t h e loca l system ( " l oc a l host " ) , and t h e network
1 27.0.0.0/8 b e l o n g s to t h e l oca l syst e m , so t h a t it c a n ta l k to itse l f using network protoco ls.
-
D N S Serve r
-
To t h e i nt e r n et 1 7 2 . 17 . 0 . 0 / 1 6
-
1 9 2 . 168 . 5 . 0/24
-
1 Pv4 ro u t i n g
-
Whether u s i n g 1 Pv4 or 1 Pv6, netwo r k t raffic n e e d s to move from h ost to host a n d n etwo r k to
network. E a c h h ost h a s a routing table, w h i c h te l l s it how to route t raff i c for parti c u l a r networks.
-
-
1 Pv4 netwo r k i n g
If t h e network t raff i c does not match a more s p e c i f i c route, the rou t i n g table u s u a l ly has a n entry
for a default route to t h e e n t i re 1 Pv4 I nternet , 0.0.0.0/0. T h i s defa u l t route points to a router on a
rea c h a b l e s u b net (that is, on a s u b net that h a s a m ore s pecific route in t h e host's routing t a b le).
I f a router receives t raff i c t h a t is not a d d ressed to it. i n stead of ignoring it l i ke a normal host,
it forwards t h e t raffic based o n its own ro uting t a b l e. This may send the t raffic d i rectly to the
destination host (if t h e router h a p p e n s to b e o n the d e s t i n a t i o n ' s s u b net), o r it may b e forwa rded
o n to a nother router. This process of forwa rd i n g cont i n u e s u n t i l the t raffic reac h e s its f i n a l
destination.
1 92 .1 68.5.0/24 enp3s0
In this exa m p l e, t raffic h e a d ed for the I P a d d ress 1 92 .0.2.1 02 from this host w i l l b e t r a n s m itted
d i rectly to t h a t dest i n a t i o n via the wlol wireless inte rfa ce, because it matches the 1 92 .0.2.0/24
route m ost c losely. Traffic for t h e I P a d d ress 192.168.5.3 w i l l be t ra n s m itted d i rectly to t h a t
d esti nation v i a t h e enp3s0 Ethernet inte rfa ce, because it m a t c h e s t h e 1 92 .168.5.0/24 route m ost
c l os e l y.
E nterprise L i n u x 7 is to a s s i g n fixed n a mes based o n f i r mwa re, d evice topol ogy, and device type.
I nt e rface n a m es have t h e fo l l owi n g c h a ra cters:
• Et h e r n et i nte rfa ces beg i n with en, W L A N i nterfaces b eg i n with w/, and WWAN i nt e rfaces b eg i n
w i t h WW.
-
• T h e next c h a racte r(s) represents t h e type of a d a pt e r w i t h a n o for on-board, s for h ot p l u g s l ot,
and p for P C I geo gra p h i c l o c a t i o n . Not used by defa u l t b u t also avai l a b l e to a d m i n istrators, a n x
is u sed to i n co r p o rate a M A C a d d ress.
Note
-
Network i nterface n a m i n g ca n be ove r r i d d e n . I f t h e a d m i n istrator h a s i n sta l l e d a n d
e n a b l ed t h e biosdevname package o r set customized u d ev device n a m i n g r u l es,
t hose sett i n g s w i l l ove r r i d e t h e defa u lt n a m i n g s c h e m e. D e p e n d i n g o n s u p p o rt for -
biosdevname in t h e system B I OS, n a m es such a s em1, em2, etc. may b e used for o n
b o a rd n e t w o r k cards (corres p o n d i n g to t h e i r n a m es o n t h e c hassis). PC l (e) cards a re
represented w i t h p YpX (e.g., p4p1), w h e re Y i s t h e P C I s l ot n u m be r a n d X is t h e n u m be r
f o r t h e port on t h a t specific c a rd .
R References
se rvices(5), ping(8), biosdevname(1 ), a n d u d ev(7) m a n pages -
-
-
Quiz
-
N a m e reso l ut i o n i s not c o n f i g u re d . T h i s confi g u ra t i o n i s fea s i b le.
IP address :
-- -
-�- - ------ - - - -
172 . 17 . 0 . 351/16
Gateway : 172 . 17 . 0 . 1
-
-
DNS server : 172 . 17 . 0 . 254 '
-- -- -
IP address : 10 . 1 . 2 . 3/24
- -
Gateway : 10 . 1 . 2 . 1
i
'
� -
-- - �
IP address : 10 . 4 . 5 . 6/24
-- - - - - -
Gateway : 10 . 4 . 6 . 1
-
-
'- - ----- - -- -
-
C h a pter 1 1 . M a n a g i n g Red H a t Enterprise L i n u x Networking
-
Sol ution
-
Solution
-
IP address :
--��
I nva l i d 1 Pv4 a d d ress
: 172 . 17 . 0 . 351/16
--� -- - --- - - - ---
i Gateway : 172 . 17 . 8 . 1
i DNS server : 172 . 17 . 0 . 254
-
IP address : 10 . 1 . 2 . 3/24
.---- --��- -�-���1 T h i s confi g u ra t i o n i s feas i b l e.
Gateway : 10 . 1 . 2 . 1
-
-
DNS server : 172 . 17 . 4 . 53
IP address : 10 . 4 . 5 . 6/24
Gateway i s n ot o n the same s u b n et.
Gateway : 10 . 4 . 6 . 1
-- - -- - - - --��
I
DNS server : 192 . 168 . 0 . 254 I
-
-
Objectives
Afte r com p l e t i n g t h i s sect i o n , students s h o u l d be a b l e to test a n d rev iew c u rrent n etwork
confi g u ra t i o n w i t h basic u t i l i t i es.
Displaying I P ad dresses
T h e / s bin/ip com m a n d is u sed to s h ow device a n d a d d ress i nfo r m a t i o n .
I
2 : eth0 : <BROADCAST, MULTICAST, C» uP, LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
1000
-
«) link/ether 52 : 54 : 00 : 00 : 00 : 0a brd ff : ff : ff : ff : ff : ff
E> inet 172 . 25 . 0 . 10/24 brd C» 112 . 25 . 0 . 255 scope global eth0
valid_lft forever preferred_lft forever
-
Troubleshooting routing -
-
-
I [student@desktopX
Con t r ol - C i s p ressed u n less o p t i o n s a re g i v e n to l i m it t h e n u m be r of p a c kets sent.
-
85 . 270ms asymm 8
8 : ae1d0 . cir1 . atlanta6-ga . us . xo . net 64 . 160ms asymm 7
9 : 216 . 156 . 108 . 98 . ptr . us . xo . net 108 . 652ms
10 : bu-ether13 . atlngamq46w- bcr00 . tbone . rr . com 107 . 286ms asymm 12
-
-
Each l i n e in the o u t p u t of t r acepat h re presents a ro uter o r hop that the pac ket passes t h ro u g h
betwe e n t h e s o u rce a n d t h e f i n a l d e st i n a t i o n . A d d i t io n a l i n fo r m a t i o n i s p rovided a s ava i l a b le,
- i n c l u d i n g t h e ro u n d t r i p timing ( RTT) a n d a n y c h a n ges i n t h e m a x i m u m t ra n s m i s s i o n u n it ( M T U )
s i ze.
[student@desktopX
State Recv-Q Send-Q Local Address : Port Peer Address. :. Port
- -)$ ss - ta
LISTEN 0 128
LISTEN 0 100 G 121 . 0 . 0 . 1 : smtp •.*
-
O
-
T h e port used for S S H is l i ste n i n g on a l l 1 Pv4 add resses. The " * " is used to represent " a l l "
O
w h e n refere n c i n g 1 Pv4 a d d resses o r ports.
- T h e port used for S M T P i s l i ste n i n g o n t h e 1 27.0.0.1 1 Pv4 l o o p b a c k i nt e rface.
E) T h e esta b l i s h e d S S H c o n n e c t i o n is o n t h e 172.25.X.1 0 i nterfa ce a n d o r i g i n ates from a syst e m
w i t h a n a d d ress o f 172.25.254.254.
-
-
-
O The port u s e d for S S H i s l i ste n i n g o n a l l 1 Pv 6 a d d resses. The " : : " syntax is u sed to represent
a l l 1 Pv 6 i nterfa ces.
-
O The port u s e d for S M T P is l i ste n i n g o n t h e ::1 1 Pv6 loopback i nte rfa ce.
R References
ip - link(8), ip - add ress(8), i p - route(8), ip(8), ping(8), t racepath(8),
t race r ou t e(8), ss(8), a n d n e t s t at (8) man pages
-
-
-
Guided exercise
I n t h i s l a b , you w i l l exa m i n e t h e network confi g u ra t i o n of t h e c u r re n t syste m .
Outcomes:
I d entify the c u rre n t network i nterfa ces and basic network a d d resses.
2 : eth0 : <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 52 : 54 : 00 : 00 : 00 : 0b brd ff : ff : ff : ff : ff : ff
inet 172.25.X.11/24 brd 172 . 25 .X. 255 scope global dynamic eth0
-
-
D 2. D i s p l a y the stat i s t i cs for the ethO i nte rfa ce.
link/ether 52 : 54 : 00 : 00 : 00 : 0b brd ff : ff : ff : ff : ff : ff
RX : bytes packets errors dropped overrun mcast
418398 4588 0 0 0 0
TX : bytes packets errors dropped carrier collsns
-
360733 1730 0 0 0 0
-
D 3. D i s p l a y the routi n g i nf o r m a t i o n .
default via 172 . 25 .X . 254 dev eth0 proto static met ric 1024
-
172 . 25 .X. 0/24 dev eth0 proto kernel scope link src 172 . 25 .X. 11
D 4. Ve rify t h a t t h e ro uter is access i b l e.
-
-
[student@serverX ] $ t racepat h
-
[student@serverx -]$ s s - lt
-
--
-
-
-
Objectives
After c o m p l et i n g t h i s sect i o n , st u d e nts s h o u l d be a b l e to m a n a g e network sett i n g s a n d devices
w i t h nmcli and N etwo r k M a n a g e r.
NetworkManager
-
N etwo r k M a n a g e r i s a d a e m o n t h a t m o n itors a n d m a n a g es network sett i n gs. In a d d i t i o n to t h e
d a e m o n , t h e re i s a G N O M E N o t i f i c a t i o n A rea a p p l et t h a t p rovi d es network sta t u s i nfo r m a t i o n .
Co m m a n d - l i n e a n d g ra p h i ca l too l s ta l k to N etwo r k M a n a g e r a n d s a v e confi g u ra t i o n f i l e s i n t h e
-
/ e t c / sysconfig/netwo r k - s c r i p t s d i recto ry.
ipv4 . routes :
=
ipv4 . ignore-auto-dns : no
ipv4 . dhcp-client-id :
-
-
-
I ...
-
Activeconnection/1
WIRED-PROPERTIES . CARRIER : on
IP4 . ADDRESS [1] : ip 172 . 25 .X. 10/24, gw 172 . 25 .X. 254
IP4 . DNS [1] : 172 . 25 . 254 . 254
-
=
= = :
-
E xa m p l e s of c reat i n g new c o n n ec t i o n s
Fo l l ow a l o n g w i t h t h e n e x t steps w h i l e yo u r i n st r u ctor d i scusses n m c l i sy n t a x .
o n t h e et h O device u s i n g D H C P.
[ root@desktopX -]# nmcli con add con - name " default " t ype e t h e r n e t ifname ethe
-
2. C reate a new co n nection named "static" and spec ify t h e IP a d d ress and g ateway. Do not -
a utoco n n ect.
[ root@desktopX -]# nmcli con a d d con - n ame " s tatic " ifname e t h e a u t oconnect no type -
-
3. The syste m w i l l a utoco n n ect with the D H C P co n n ect i o n a t boot. C h a n g e to t h e stat i c
con n e c t i o n .
4. C h a n g e b a c k to t h e D H C P co n n e ct i o n . -
-
272 R H 1 24- R H E L7-e n-1-20140606
-
-
-
Important
I f t h e static c o n n ection is l ost, t h e defa u l t c o n n e c t i o n w i l l atte m pt to a utoco n nect. To
a d m i n istrat i ve l y d is a b l e a n i n t e rface a n d p revent a ny a utoco n n e ct i o n , use nmcli dev
-
disconnect DEVICENAME.
-
Type o p t i o n s
Type o p t i o n s depend o n t h e type used. A n e t h e r n et-ty pe c o n n ection may o pt i o n a l l y s pecify a
M AC a d d ress for t h e c o n n ection. A wifi-type c o n n ection m u st specify t h e 5 5 1 0 a n d m a y s pecify
-
a d d it i o n a l options. M a ny ot h e r types a re ava i l a b l e, i n c l u d i n g bridge, bond, tea m , VPN, and V L A N .
To view a l l t h e o p t i o n s , use nmcli c o n a d d help.
type <type>
ifname <interface name> I " * "
[con- name <connection name>
-
-
A n exist i n g c o n n e ct i o n m a y b e mod ified w i t h nmcli c o n mod a rg u m e nts. T h e a rg u m e nts a re
sets of key/va l u e p a i rs. The key i n c l u d es a sett i n g n a m e a n d a p rope rty n a me. U s e nmcli con
s how " < ID> " to see a l ist of c u rrent va l u es for a c o n n e c t i o n . The nm - s e t t in g s ( 5 ) man page
-
documents t h e sett i n g and property n a m e s and u s a g e.
E xa m p l es of c o n n e c t i o n m o d ificat i o n s
-
Fo l l ow along w i t h t h e n ext ste ps w h i l e you r i ns t r u ctor d i s c u sses nmcli syntax.
-
-
2. Specify a D N S server.
J
-
" static " ipv4 . dn s 172 . 25 . X . 254
i __ _ _
I
[ root@desktopX -]#
r- --- --
1 nmcli con mod " s tatic " ipv4 . ad d r e s s e s " 17 2 . 25 . X . 10/24
112 . 25 . x . 254 " -
!
L- ------- ---- --��-- --------'
Important
T h e nmcli con mod w i l l save t h e sett i n g to t h e config u ra t i o n f i l es. To act ivate t h e -
-
B a s i c device a n d con n e c t i o n com m a n d s for nmcli:
nmcli commands
-
Command Use
n m c l i dev status L i st a l l d evices.
-
n m c l i con s h ow L i st a l l c o n n e ct i o n s .
n m c l i con u p " < I D>" Activate a c o n n e ct i o n .
n m c l i con d o w n " < I D > " Deact ivate a c o n n e c t i o n . T h e con nect i o n w i l l resta rt i f -
-
-
S u m m a ry of nmcli com m a n d s
-
k?S-J
< �'
Note
-
-
References
nmcli(1 ), nmcli - examples(S), a n d nm - s e t t in g s ( S ) m a n p a g es
-
-
Guide d exercise
-
Outcomes: -
R e s e t yo u r serverX system.
D 1 .1 . S h ow a l l connections.
connection . read-only : no
connection . permissions :
IP4 . ADDRESS [1] : ip 172 . 25 .X . 11/24, gw
-
[student@serverX -]$
-
-
-
G u i d e d exercise
-
L_ ______.
D 2. C reate a sta t i c con nect i o n with t h e same 1 Pv4 a d d ress, netwo r k prefix, and defa u l t
- g ateway. N a m e t h e n e w co n n ection static-ethO.
[ student@serverX -]$ sudo nmcli con add con - name " s tatic - et h 0 " ifname eth0 type
Connection ' static-eth0 ' ( f3e8dd32- 3c9d -48f6- 9066-551e5b6e612d ) successfully
ethernet ip4 172 . 25 . X . 11/24 gw4 172 . 25 . X . 254
added .
-
j [student@serverX -]$
D 3. M o d ify the new c o n n ecti o n to add t h e D N S sett i n g .
_.,
s u d o nmcli con m o d " st a t ic - et h0 " ipv4 . dn s 172 . 25 . 254 . 254
�----
-
D 4. D i s p l a y a n d a c t i vate t h e new c o n n e c t i o n .
D 4.1 . V i ew a l l c o n n e c t i o n s.
-
-
inet 172 . 25 .X. 11/24 brd 172 . 25 .X. 255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80 : : 5054 : ff : fe00 : b/64 scope link
valid_lft forever preferred_lft forever
-
[student@serverX - ] $ ip route
default via 172 . 25 .X. 254 dev eth0 proto static metric 1024
-
172 . 25 .X. 0/24 dev eth0 proto kernel scope link src 172 . 25 .X . 11
-
D 5.3. P i n g t h e D N S a d d ress.
-
D 6. Config u re the o ri g i n a l co n n ection so that it does n ot sta rt at boot a n d verify t h a t t h e
stat i c con nect i o n i s used w h e n t h e system reboots.
I
-
I [ student@serverX - ] $ reboot
-
D 6.3. V i ew t h e a ct ive c o n n e c t i o n .
27 8 RH124- R H E L 7 - e n -1-20140606 -
-
-
-
Objectives
After co m p l et i n g t h i s sect i o n , s t u d e nts s h o u l d be a b l e to m o d ify n etwork sett i n g s by e d i t i n g t h e
confi g u ra t i o n f i l es.
-
( root@serverx -]#
[ root@serverX -]#
- nmcli con reload
( root@serverX -]#
nmcli con down " System e t h a "
nmcli c o n u p "System eth0 "
R References
-
nmcli(1) m a n page
-
-
Guide d exercise -
Outcomes:
A n a d d i t i o n a l n etwo r k a d d ress added to each syst e m .
-
scripts/ifcfg - e t h e
-
D 1.2. A p p e n d a n e n t ry to t h e file to s pe c i fy t h e network p ref i x .
[root@serverx
-- - -· --� - � - ------ ·
[ root@serverx
I - ] # nmcli· c o n u p " s y s te m e t h a "
_______________ _____ ______ ___.
-
[ root@desktopX - ] #
-
[ root@desktopX - ] #
L
scripts/ifcfg - e t h e
e c h o " P REFIX1=24 " >> /etc/sysconfig/netwo r k - s c ripts/
-
ifcfg - et h e
______ .
-
-
G u i d e d exercise
-
[ root@desktopX
I
-
� ] # nmcli con up " System e t h 0 "
I [ root@serverX
-
- ] # ip add r
-
D 4.2. O n serverX, p i n g t h e new a d d ress of d e s ktopX.
-
I [ root@serverX - ] # ping 10 . 0 . x . 2
I [ root@desktopX
-
- ] # ip add r
-
D 4.4. O n d e s ktopX, p i n g t h e n e w a d d ress o f serverX.
- [ root@desktopX -]# p i n g 10 . 0 . x . 1
-
-
-
C h a pter 11. M a n a g i n g Red H a t Enterprise L i n u x N etwo r k i n g
-
Confi g u ri n g H ost N a mes a n d N a m e Reso l ut i o n -
Objectives -
-
After co m p l e t i n g t h i s sect i o n , students s h o u l d be a b l e to confi g u re a n d test system host n a m e
a n d n a m e reso l ut i o n .
[ root@desktopX -]# host namec tl set - host name desktopX . example . com
[ root@desktopX -]# host namec tl s t a t u s
Static hostname : desktopX . example . com
Icon name : computer
-
Chassis : n/a
Machine ID : 9f6fb63045a845d79e5e870b914c61c9
Boot ID : aa6c3259825e4b8c92bd0f601089ddf7
-
Virtualization : kvm
Operating System : Red Hat Enterprise Linux Server 7 . 0 ( Maipo)
CPE OS Name : cpe : /o : redhat : enterprise_linux : 7 . 0 : beta : server
Kernel : Linux 3 . 10 . 0-97 . el7 . x86_64
-
Architecture : x86_64
[ root@desktopX -]# cat /etc/host name
desktopX . example . com
-
-
' Important
The static host n a m e is stored i n / e t c / h o s t n ame. P revious vers i o n s
-
-
of Red H a t Ente r p r i s e L i n u x stored t h e h o s t n a m e a s a va r i a b l e i n t h e
/ etc / sysconfig/netwo r k f i l e.
Confi g u r i n g n a m e reso l ut i o n
-
Generated by NetworkManager
domain example . com
#
I [ root@desktopX
[ root@desktopX
-
.-- ������ .������
!
I [ root@desktopX
-] # nmcli con down ID
[ root@desktopX
;;�1"8. B B. B
j
- -] # nmcli con up ID
L
The defa u l t behavior of nmcli con mod I D ipv4 . d n s I P i s to re p l ace any prev i o u s D N S
-
[ root@desktopx
-
-
The host HOSTNAME c o m m a n d c a n b e used to test D N S server c o n n ect i vity.
-
254 . 254 . 25 . 172 . in-addr . arpa domain name pointer classroom . example . com .
9 Important
I f D H C P is i n use, / e t c / re solv . conf is a utomatica l l y rew ritten a s inte rfaces a re
sta rted, u n l ess you s pecify P E ERDNS=no i n t h e rel eva n t i nterface config u ra t i o n f i l es.
-
The c h a n g e can b e m a d e w i t h nmcli.
-
[ root@desktopX - ] # nmcli con mod "System eth0 " ipv4 . ignore - au t o - d n s yes
-
-
R References
"'· -�·
-
-
-
Reso l ut i o n
-
Guide d exercise
- I n t h i s l a b, you w i l l config u re t h e system host n a m e a n d n a m e reso l ut i o n .
O ut c o m e s :
C u sto m ized host n a m e and name reso l ut i o n sett i n g s.
[student@serverx -]$
serverX. example . com
host n ame
-
-
0 1 .2. D i s p l a y t h e h ost name status.
Chassis : n/a
Machine I D : 9f6fb63045a845d79e5e870b914c61c9
Boot ID : d4ec3a2e8d3c48749aa82738c0ea946a
-
�������
-
0 2. Set a sta t i c h ost n a m e to match t h e c u r re n t t ra ns i e n t host n a me.
-
I [student@serverx -]$ s u d o h o s t namec tl set - host name se rve rX . example . com
I
[student@serverx -]$
-
L
serverX. example . com
cat /etc/host name
-
-
Chassis : n/a
-
Machine ID : 9f6fb63045a845d79e5e870b914c61c9
Boot ID : d4ec3a2e8d3c48749aa82738c0ea946a
Operating System : Red Hat Enterprise Linux Server 7 . 0 { Maipo )
CPE OS Name : cpe : /o : redhat : enterprise_linux : 7 . 0 : beta : server
-
D 3. Te m p o ra r i l y c h a n g e the host n a m e. -
D 3.1 . C h a n g e t h e h ost n a m e.
[student@serverx
r--·����---, -
- ] $ sudo host name tes tname
[student@serverx
test name
- ] $ host name
-
1 [student@serverX
D 3.3. V i ew the confi g u ra t i o n f i l e p rov i d i n g the host n a m e at n etwo r k sta rt.
-
L___·����--'
I [ student@serverX - ] $
-
reboot
-
D 3.5. D i s p l a y t h e c u rrent host n a m e.
[ student@serverx - ] $
serverX. example . com
host name -
-
286 R H 1 24- R H EL 7-en-1-20140606
-
-
G u i d e d exercise
-
D 4.3. Look up the I P a d d ress of the c l ass.
-
Host class not found : 2 (SERVFAIL)
[student@serverX - ] $ getent hosts class
172 . 25 . 254 . 254 classroom . example . com class l
D 4.4. Ping c l ass.
[student@serverX - ] $ p i n g - c3 class
PING classroom . example . com ( 172 . 25 . 254 . 254) 56( 84 ) bytes of data .
-
64 bytes from classroom . example . com ( 172 . 25 . 254 . 254 ) : icmp_seq=1 ttl =64
time=0 . 397 ms
64 bytes from classroom . example . com ( 172 . 25 . 254 . 254 ) : icmp_seq=2 ttl=64
-
time=0 . 447 ms
64 bytes from classroom . example . com ( 172 . 25 . 254 . 254 ) : icmp_seq=3 ttl=64
-
time=0 . 470 ms
- - - classroom . example . com ping statistics - - -
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0 . 397/0 . 438/0 . 470/0 . 030 ms
-
-
-
L a b: M a n a g i n g Red H at E nt e r p r i se L i n ux
-
N etwo r k i n g
-
Performance checklist
-
I n t h i s l a b , you w i l l config u re b a s i c 1 Pv4 n etwo r k i n g on Red H a t Enterprise L i n u x systems.
Outcomes:
-
T h e p r i m a ry i nte rface h a s two sta t i c I Pv4 a d d resses confi g u re d .
-
Solution
Solution
I n t h i s l a b , you w i l l c o n f i g u re b a s i c 1 Pv4 n etwor k i n g o n Red H a t Enterprise L i n u x system s.
Outcomes:
The p r i m a ry i nterface h a s two stat i c 1 Pv4 a d d resses config u re d .
1. C reate a new con nection with a sta t i c n etwork c o n n ection u s i n g the sett i n g s in the t a b l e. Be
s u re to r e p l a ce the X with the correct n u m b e r for your systems.
Parameter Setti n g
D N S a d d ress 172.25.254.254
[ r o o t@d e s k t o p X - ] # nmcli con add con - name lab ifname etho type ethe rnet ip4
172 . 25 . X . 10/24 gw4 172 . 25 . X . 254
[ r oot@d e s k t o p X - ] # nmcli con mod " la b " ipv4 . dns 172 . 25 . 254 . 254
2. Confi g u re the new connection to be a utosta rted. Other connections s h ou l d not sta rt
a u t o m a t i ca l l y.
[ r o o t@d e s k t opX - ] # nmcli con mod " lab" connection . autoconnect yes
[ r oot@d e s k t o p X - ] # nmcli con mod "System ethO" connection . autoconnect no
3. M od ify the new c o n nection so that it a l so uses the a d d ress 1 0.0.X.1 /24.
[ r oot@d e s k topX - ] # nmcli con mod " lab" +ipv4 . addresses 10 . 0 . X . 1/24
Or a ltern ately:
5. Re boot t h e system, then run lab ne two r k g rade to verify sett i ngs.
S u m m a ry -
N etwo r k i n g Concepts
L ist feat u res of computer netwo r k i n g . -
Va l i d a t i n g N etwork Config u ra ti o n
U s e b a s i c u t i l ities to dete r m i n e c u rrent n etwork confi g u ra t i o n .
-