Professional Documents
Culture Documents
CERTIFIED
ENGINEER
RED HAT ENTERPRISE LINUX
SYSTEM AND NETWORK
ADMINISTRATION
INDEX
As in windows the partitions are know as logical drives, in Linux it is know as Mount points.
/ (root) is the top most mount point that connect all the other mount points (Minimum 2GB of space to be
allotted to root at the time of installation)
Installation:
Insert the Cd – boot from screen press ENTER to start installation in GUI (Graphical User Interface)
mode – select the language – Install the fresh copy of Red Hat Enterprise Linux ES – Manually partition
with Disk Druid – select new – mount point
/ (2000MB)
/boot (300MB)
/home (1000MB)
/var (2000MB)
/usr (3500MB)
swap from file system – size should be double of RAM
- network devices – edit – specify IP address – mark active on boot – hostname – gateway – No firewall –
Disable SELinux (Security Enhanced Linux) – Time zone – Root password (min 8 characters) – customize
software packages to be installed - Finish with the installation.
BASIC COMMANDS
Default shell in Red hat is Bash (bourne again shell), others are C shell, Korn shell (maintains the history
of commands typed in the shell).
Creating a file
By using three methods we can create files
Cat command, touch command, vi editor
cat commands
[root@comp1~]# cat (options) (arguments)
[root@comp1~]# cat > (filename) to create a file
[root@comp1~]# cat (filename) to view the content of the file
[root@comp1~]# cat >> (filename) to append or to ad more content to the file
[root@comp1~]# cat file1 file2 >> file3 to transfer the contents of file1 & file2 to file3
After typing the contents press Ctrl+D to save the file
touch commands
[root@comp1~]# touch (filename) To create a filename with zero length as well as to change the
time stamp of file or directory
[root@comp1~]# touch file1 file2 file3 to create multiple file at a time
Creating directories
[root@comp1~]# mkdir (directory name) To create a directory
[root@comp1~]# mkdir dir1 dir2 dir3 to create multiple directories at a time
[root@comp1~]# mkdir –p dir1/dir2/dir3 to create sub-directories with in a particular directory
Navigation of directories
[root@comp1~]# cd (path of the directory)
[root@comp1~]# cd .. to change the directory one level back
[root@comp1~]# cd ../.. to change the directory two level back
[root@comp1~]# cd - to change the directory to last working directory
[root@comp1~]# cd (or) cd ~ to change the directory to home directory
[root@comp1~]# cd / to go to root directory ( / )
VI EDITOR
[root@comp1~]# vi zoom50
It enters command mode, to type the data press ‘ i ’ and it comes to insert mode, after typing the data press
‘Esc’ to return to command mode, press shift + ; to go to execute mode and type :wq to save and exit
(write and quit), press ‘Esc’ again to return to command mode.
Insert mode
Execute mode
:q – quit
:q! – quit forcefully without saving
:w – save
:wq – save and quit
:wq! – save and quit forcefully
: x – save and quit
Shift + zz – save and quit
: sh – provides temporary shell
: set number – setting line numbers
: se nu – setting line numbers
: set nonumber – removing line numbers
: se nonu – removing line numbers
: 84 – press enter goes to line 84
Wild characters
[root@comp1~]# ls * list all the files
[root@comp1~]# ls *.c list all the files with extension .c
[root@comp1~]# ls *net* list all the files with word ‘net’
[root@comp1~]# ls a? to match single character after a eg: a1, a2, aa, ac
[root@comp1~]# ls a??? to match 3 characters after a eg: a123, acid, akon
Redirection command
[root@comp1~]# (command) (filename)
Eg: ls –l > zoom90 the output of that particular command will be saved in file zoom90
ls
-l >> zoom90 the output of that particular command will be appended in file zoom90
[root@comp1~]# more (filename) to see the file content page by page
[root@comp1~]# ls –l | more to see the output of the command page by page
Types of users
System users 0-499
Normal users 500-60,000
Database files
Root/etc/passwd
Root/etc/shadow
Root/etc/group
/etc/shadow
This file contains the encrypted user passwords assigned by the password binary file
Passwords are encrypt3d through DES (Data Encryption Standard) or MD5 (Message Digest Verl.5)
Algorithm
U1 : hjkadfhs8974uyh5jrt/ : 13536 : 0 : 99999 : 7 ::::
U1 : hjkadfhs8974uyh5jrt/ : 13536 : 0 : 99999 : 7 ::::
Usrnam : Encryptd passwd : days sinc 1970 : Min.days to chng passwd : Max days to chng passwd
/etc/group
This file contains group name and GID of the group names
U1 : x : 500 : Sachin, tom
U1 : x : 500 : Sachin, tom
groupname : mask password : GID : members of group
User creation
[root@comp1~]# useradd (options) (username)
Options:
-u – UID
-g – Primary group name/GID
-o – Over ride
-G – Secondary group
-c – comment
-d – Home directory
-s – Shell
User modification
[root@comp1~]# usermod (options) (username)
Options:
-l – change the login name
-L – lock the account
-U – unlock the account
Eg: [root@comp1~]# usermod –l sam sam123
Deleting a user
[root@comp1~]# userdel (options) (username)
Option:
-r – recursively (this options deletes all the files and directories created by user)
Group modification
[root@comp1~]# groupmod (options) (groupname)
Options:
-g – GID
-o – override
-n – to change the group name
Eg: [root@comp1~]# groupmod –g 1000 –n purchase sales
Group deletion
[root@comp1~]# groupdel (groupname)
Group setting
[root@comp1~]# gpasswd (options) (groupname)
Options:
-a – add a user
-d – delete a user from group
-M – adding multiple users to the group
To enter into directory execute permission is must, or you cannot enter into it
Write permission is very important for directory as it restricts others to modify, delete the content
Permissions can be defined in two ways, the numerical way of changing file permission is called Absolute
permission.
[root@comp1~]$ chmod 664 zoom80
[root@comp1~]$ cd zoom80
[root@comp1~]$ chmod 775 zoom80
[root@comp1~]$ cd zoom90
[root@comp1~]$ vi test2
[root@comp1~]$ su (or) exit To switch back to the root account
[root@comp1~]# useradd ramu
[root@comp1~]# pwd
[root@comp1~]# cd /
[root@comp1~]# mkdir zoom100
[root@comp1~]# chown vijay zoom100 To change the owner of a file/directory
[root@comp1~]# chgrp (groupname) (file/dir) To change the group belonging of file/dir
[root@comp1~]# chgrp ramu zoom100
[root@comp1~]# groupadd linux
[root@comp1~]# useradd swati
[root@comp1~]# useradd swetha
[root@comp1~]# gpasswd –M swati,swetha linux
[root@comp1~]# chmod 775 linux
[root@comp1~]# su – swati
[root@comp1~]$ cd /linux
[root@comp1~]$ exit
[root@comp1~]# pwd
[root@comp1~]# cd /root
[root@comp1~]# cat > test10
[root@comp1~]# ls –l test10
[root@comp1~]# chmod u+x test10
[root@comp1~]# chmod u-x test10
[root@comp1~]# chmod ugo+x test10
[root@comp1~]# chmod ugo+rwx test10
[root@comp1~]# chmod u+x,g-r test10
PARTITIONS
Partitioning:
Pre-installation tool
- Disk Druid
Post-installation tools
- Fdisk
- Parted
- Cfdisk
- Sfdisk
Naming conventions
Controller Master/Slave Linux Solaris
IDE-0 Primary Master hda c0d0
IDE-0 Primary Slave hdb c0d1
IDE-1 Secondary Master hdc c1d0
IDE-1 Secondary Slave hdd c1d1
SATA/SCSI-0 First hard-disk sda sda
SATA/SCSI-0 Second hard-disk sdb sdb
SATA/SCSI-1 Third hard-disk sdc sdc
SATA/SCSI-1 Fourth hard-disk sdd sdd
***There is no concept of Master/Slave in SATA/SCSI hard-disc, the boot-loader is automatically
identified from the hard-disc where the OS is actually installed, you can connect all the hard disc together
and you do not even need to mention the first boot priority in BIOS settings, but if you have more than
one OS in two different hard-disk, then they will be mentioned at the time of booting.
Formatting a partition will erase all the data on that partition and convert to the file system selected
Converting a partition will NOT erase the data on that partition and just convert the file system.
LABEL:
[root@comp1~]# e2label (options) (label_name) Assign label
[root@comp1~]# e2label (partition) view existing label
[root@comp1~]# mount –l see mounted partition with label
[root@comp1~]# e2label /dev/hda9 hrd
[root@comp1~]# e2label /dev/hda9
[root@comp1~]# mkdir /software
[root@comp1~]# mount –L hrd to mount the partition using label
SWAP :
Swap is a virtual memory.
A program under execution is called process or job
[root@comp1~]# fdisk (option) (partition)
[root@comp1~]# mkfs.ext3 (swap-partition)
[root@comp1~]# mkswap (partition) make swap partition
[root@comp1~]# swapon (partition) enable swap
[root@comp1~]# swap –s (partition) check the status of swap used
[root@comp1~]# swapoff (partition) disable the swap partition
Eg: if you are increasing ram from 512MB to 1GB then create a new 2GB swap and delete the old swap
partition
RAID
Redundant Array of Independent Disk / Redundant Array of Inexpensive Devices
Array is a collection of similar objects/elements
BRSetup – Backup recover setup
Eg: IBM Blade Server will have built in RAID Controller
These raid controllers logically combine ‘n’ number of hard disk and treat them as a single hard disk and
this logical single hard disk is know as Metadisk
RAID0
Minimum – 2 hard disk
Maximum – 32 hard disk
Data is written alternaltively and evenly to two or more disks
Read and write speed is fast
Fault Tolerance is not available
RAID1
Minimum – 2 hard disk
Maximum – 2 hard disk
Simultaneously data will be written to two volumes on two different disks
Read speed is fast and write speed is slow
Fault tolerance is available
50% overhead
Used always for boot partitions and installation of OS
RAID4
Minimum – 3 hard disk
Maximum – 32 hard disk
Data is written alternatively and evenly to two or more disk and a parity is only written in one disk
Read and write speed is fast
Fault tolerance is available
Parity is used for error detection and correction
RAID5
Minimum – 3 hard disk
Maximum – 32 hard disk
Data is written alternatively and evenly to two disks and a parity is written on all disks
Read and write speed is fast
Fault tolerance is available
Also know as Striped with parity
Steps
First Create 4 partitions
Raid Commands:
[root@comp1~]# mdadm –C /dev/md0 –n3 /dev/hda8 /dev/hda9 /dev/hda10 –l5 To club all the RAID
partition in to a single array
[root@comp1~]# mdadm –D /dev/md0 to display RAID array
[root@comp1~]# mkfs.ext3 /dev/md0
[root@comp1~]# mkdir /raid
[root@comp1~]# mount /dev/md0 /raid
[root@comp1~]# cd /raid
[root@comp1~]# mdadm –a /dev/md0 /dev/hda11 to add one more partition to raid as spare
[root@comp1~]# mdadm –f /dev/md0 /dev/hda10 to make a partition faulty
[root@comp1~]# mdadm –r /dev/md0 /dev/hda10 to remove partition from Raid array
Create a partition
[root@comp1~]# fdisk /dev/had
[root@comp1~]# partprobe
[root@comp1~]# mkfs.ext3 /dev/hda9
[root@comp1~]# mkdir /sam
Enabling ACLs
[root@comp1~]# mount –o acl /dev/hda9 /sam
[root@comp1~]# cd /sam
[root@comp1~]# touch a b c d create multiple files
[root@comp1~]# useradd amit
[root@comp1~]# useradd bob
[root@comp1~]# useradd krish
Applying ACLs
[root@comp1~]# setfacl –m u:amit:- a
[root@comp1~]# setfacl –m u:amit:- /sam/a
[root@comp1~]# setfacl –m u:bob:r /sam/b
[root@comp1~]# setfacl -m u:krish:rw /sam/b
[root@comp1~]# getfacl /sam/a to check the file permission for users
Create a group
[root@comp1~]# groupadd chess
[root@comp1~]# useradd c1
[root@comp1~]# useradd c2
[root@comp1~]# gpasswd –M c1,c2 chess
[root@comp1~]# tail /etc/group
[root@comp1~]# cd /sam
[root@comp1~]# setfacl –m g:chess:rwx /sam/a
[root@comp1~]# setfacl –m u:c1:r /sam/a
Removing ACLs
[root@comp1~]# setfacl –x u:c1 /sam/a for user
[root@comp1~]# setfacl –x g:chess /sam/a for group
QUOTAS
Quotas allow Administrator to specify restriction in two ways:
- Restricting a user or a group by creating files in a specific location
- Restricting a user or a group by the disk space in a specific location
Advantages of Quotas
- The idea behind quotas is that users are forced to stay under their disk consumption limit or with
the number of files in a particular location
- Quotas is handled on a per user, per file system basis
Types of Quotas
Quotas are two types
- User level quotas usrquota
- Group level quotas grpquota
Enabling quotas
[root@comp1~]# mount –o usrquota,grpquota /dev/hda10 /sid
Creating database files
[root@comp1~]# quotacheck –cug /dev/hda10 (cug=check,user,group)
[root@comp1~]# quotaon /dev/hda10
[root@comp1~]# chmod 777 /sid
[root@comp1~]# useradd u1
[root@comp1~]# edquota –u (username)
[root@comp1~]# edquota –u u1
To check
[root@comp1~]# su – u1
[root@comp1~]$ cd /sid
[root@comp1~]$ touch 123 456 789
Roles of Administrator
- Installing Operating System
- Installing applications
- Managing users and groups
- Taking backup of data
Types of data
- System generated data
- User generated data
Types of Backup
- Full backup: complete backup of entire system
- Incremental backup: It includes all files that were changed since the last backup. Its always smaller
than differential backup
- Differential backup: it includes all the files that were changes since the last full backup. As time
increases since the last full-backup, the size of differential backup increases.
TAR commands
[root@comp1~]# tar (options) (destination) (sources)
Options
-c - create
-v - verbose (this option displays the background process going on for backup)
-f - file
-t - table of content
-x – extract to
-w – interactive
-z - zip
File compression
Gzip and bzip2 are commands used for compression in Linux/unix
The difference between gzip and bzip2 is gzip compresses files upto 80%-90% and bzip2 compresses files
upto 70%-75%
CPIO commands
Taking backup only for files
[root@comp1~]# ls (options) | cpio –ov > (filename) to take backup
[root@comp1~]# cpio –iv < (filename) to extract/restore
For incremental backup, the number in command increase from (1-9) and for differential backup the
number in command is in reverse order (9-1)
LINKS
Hardlink vs Softlink
Hardlink Softlink
- Original and link file will have same - Inode number of the link file will be
inode number different
- It cannot be created across the - It can be created across the partitions
partitions
- If original file is deleted then also the - If original file is deleted the link file
link file will be accessible will not be accessible
- Editing of original file will replicate - Editing of original file will replicate
in the linked file in the linked file
- Size of hardlink is same as original - Size of softlink file is smaller than
file original file
Link commands:
Softlink
[root@comp1~]# whereis clear
[root@comp1~]# cd /usr/bin
[root@comp1~]# ls –s clear cls (softlink can also be used to give alias name to commands)
If you set the “setgid value” the default group name will be the one that is of the directory in which
you create the file and directories (if the “setgid value” is not set for the parent folder then by
default the group of file/directory will be root coz its created under /root)
2. “setuid” numerical valu: 4 rwsrwxrwx
Example:
[root@comp1~]# whereis ping
[root@comp1~]# useradd venkat
[root@comp1~]# su – venkat
[root@comp1~]$ ping 192.168.0.253
[root@comp1~]$ exit
[root@comp1~]# cd /bin
[root@comp1~]# chmod 0755 ping
If you remove the “setuid value” for ping command, normal user cannot use this command, but the
root user.
[root@comp1~]# whereis passwd
[root@comp1~]# cd /usr/bin
[root@comp1~]# ls – l passwd
If you remove the “setuid value” for passwd command, then users cannot change their passwords,
but the root user.
Xmms-1.2.10-9.i386.rmp
Xmms - 1.2.10-9. i386 .rmp
Package name-versionnumber-type of architecture-extension of RedHat
[root@comp1~]# rpm (options) (package name-version) --force --aid to install the rpm pkge
Options:
-i - to install the package
-v - verbose
-h - display the progress in hashes
--force – to install package forcefully
--aid - to install package along with dependencies
[root@comp1~]# cd /
[root@comp1~]# mkdir /mnt
[root@comp1~]# mount /dev/cdrom /mnt
[root@comp1~]# cd /mnt
[root@comp1~]# cd RedHat/RPMS
[root@comp1~]# ls –l | more
[root@comp1~]# ls –l vsftpd* for FTP service package
[root@comp1~]# rmp –ivh vsftpd-2.0.1-5.i386.rpm --force --aid
Query commands
[root@comp1~]# rpm (options) (package name) to query the RPM package
Options:
-q - To query the availability of installed package
-qa- Queries all installed RPMs in OS
-qc- lists only the configuration files stored in the queried rpm
-qd- lists only the documentation files stored in the queried RPM
-qi – displays complete information about the queries RPM
-qs – displays the states of files in the queries RPM
-ql – displays all the files related to the queries RPM
-qif – displays all the function of the command
-qpi – displays the package information which is not installed
Upgrade RPM
[root@comp1~]# rpm (options) (package name.version) to upgrade package
Options:
-U - to upgrade the existing package
-v - verbose
-h - to display the progress in hashes
Remove package
[root@comp1~]# rpm –e (package name) –nodeps To uninstall the package even if
dependencies are present
[root@comp1~]# rpm –e (package name) to simply uninstall the package.
INTRODUCTION TO NETWORK
What is FQDN?
- Fully Qualified Domain Name
- Identifies a host’s name with in the DNS namespace hierarchy
- Host name + DNS domain name = FQDN
Eg: mail.zoomgroup.com
Configuring Hostname:
[root@comp1~]# hostname (systemname) temporary hostname till next reboot
[root@comp1~]# vi /etc/sysconfig/network Assigning hostname permanently
Modify below setting in /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=(systemname)
[root@comp1~]# hostname displays present hostname in use
Configuring IP address:
[root@comp1~]# ifconfig eth0 (ipaddress) netmask (netmask) assigning temporary IP address
[root@comp1~]# netconfig assigning permanent IP address
[root@comp1~]# service network restart restarting service to make IP address valid for use
[root@comp1~]# netconfig --device (interface):(n) assigning virtual IP address
[root@comp1~]# netconfig --device eth0:1
*When writing a complete word in a command use (--) or when using single lettered option use (-)
[root@comp1~]# ifconfig –a | more Displays the current assigned IP address in use
Example:
[root@comp1~]# netconfig --device eth0 assign IP address for first LAN card
[root@comp1~]# netconfig --device eth1 assign IP address for second LAN card
[root@comp1~]# neat Graphical tool to assign IP address
[root@comp1~]# system-config-network Graphical tool to assign IP address
[root@comp1~]# ethttool (interface) to check whether NIC is detected
[root@comp1~]# ifup (interface) Enabling Network Interface
[root@comp1~]# ifdown (interface) Disabling Network Interface
Example:
[root@comp1~]# ethtool eth0
[root@comp1~]# ifup eth0
[root@comp1~]# ifdown eth0:1
[root@comp1~]# cd /etc/sysconfig/network-scripts
[root@comp1~]# vi ifcft-eth0for IP address
[root@comp1~]# vi ifcfg-eth0:1 for Virtual IP address
[root@comp1~]# vi /etc/resolv.conf for primary DNS
Everything in Linux/Unix is treated as file. Whatever devices is added or enabled will be saved as
a file under /dev but not NIC card, the TCP/IP protocol is not saved as a file but its already
bundled along with the Kernel.
BOOT PROCESS
Boot phrases
Hardware Boot
- BIOS (Basic Input Output System) Initialization
- Performs First POST (Power On Self Test)
- If all hardware connectivity is correct gives a healthy report
- Boot Strap finds the device from where to boot
o Floppy
o CD Rom
o Hard Disk
DLL – Dynamic Link Libraries
CMOS – Complimentary Metal Oxide Semiconductor
MBR – Master Boot Record (512 Bytes)
GRUB – Grand Unified Boot Loader
Boot Loader
- Active Partition – 2 Bytes
- Partition Information – 64 Bytes
- Boot Loader Information – GRUB
Stage 1: Sector of Stage 2
Stage 2: Kernal – vmlinuz, Initrd…..img
*** There can only be 4 primary partition coz of partition information size (64 bytes), each OS
information needs 16 bytes, so (16 x 4 = 64 bytes) there can be only four primary partitions. The
extended and logical partition information is stored under 4th partition information
Kernel
- Kernel initializes the devices
- It mounts the root file system
- It starts first process ‘init’ process (/sbin/init)
*** First process/program started by Linux/Unix is ‘init’
Init
- Init reads /etc/inittab
- This file contains what program or services should be run at different run levels
Init 0 shutdown
Init 1 single user mode
Init 2 multi-user mode + only text + No support for all services
Init 3 multi-user mode + only text + Full support for all services
Init 4 (unused)
Init 5 multi-user mode + test mode + GUI + Full support for all services
Init 6 reboot
What is NFS?
Components:
- NFS Server
A system that contains the file resources to be shared with other system on the network
- NFS Client
A system that mounts the file resources shared over the network and presets the file
resources as if they were local
Benefits of NFS?
The benefits of an NFS include
- Centralized file access
- Common software access
- Easy to use
*** Through NFS you have to always share directories. NFS is sometimes also used for taking
back-up also.
Requirements:
- Packages
portmap-4.0-63.i386.rpm
nfs-utils-1.0.6-46.i386.rpm
- Port numbers
nfsd 2049
portmap 111
- configuration fie
/etc/exports
- Service
portmap
nfs
- Daemons
nfsd
mountd
statd
lockd
*** When you are working with a certain command (like vi or Cat), the command temporarily
loads the program into memory and when you close the program, it is also removed from memory,
but Daemons are permanently put up into the memory and continue to run from there.
When
Configuring NFS server
Server side configuration:
[root@comp1~]# mount 192.168.0.250:/var/ftp/pub/RedHat/RPMS /mnt To mount the
Share network drive to install RPM packages
[root@comp1~]# cd /mnt
[root@comp1~]# rpm –ivh nfs* --force --aid
[root@comp1~]# mkdir /var/zoom create a directory to be shared
[root@comp1~]# vi /etc/exports Open configuration file for editing
Steps:
[root@comp1~]# rpm –qa | grep nfs Chec for installed package with name nfs
[root@comp1~]# rpm –e nfs-utils --nodeps Uninstall the package nfs-utils
[root@comp1~]# rpm –qa | grep portmap Check for package
[root@comp1~]# mount 192.168.0.250:/var/ftp/pub/RedHat/RPMS /mnt
[root@comp1~]# cd /mnt
[root@comp1~]# rpm –ivh nfs* --force –aid
[root@comp1~]# cd /
[root@comp1~]# umount /mnt
[root@comp1~]# mkdir /var/zoom
[root@comp1~]# cd /var/zoom
[root@comp1~]# touch 1 2 3 4 5
[root@comp1~]# vi /etc/exports Editing configuration file
/var/zoom 192.168.0.0/255.255.255.0(rw,sync) for complete network to access the dir
/var/zoom 192.168.0.20(rw,sync) for a single system with IP address
/var/zoom 192.168.0.20 192.168.0.30(rw,sync) for two system with mentioned IP addr
/var/zoom 192.168.0.40-192.168.0.60(rw,sync) for systems between mentioned range
In the above file you can mention as many directories to be shared one below the other. If you
want to permit access to single IP, DO NOT mention subnet mask
[root@comp1~]# service nfs start
*** Even if you are accessing the Shared directory on Client machine using root account, it will be
treated as other user that is why you cannot copy files from client to server unless you have write
permission on the shared folder for other users.
Requirements:
- Package
Vsftpd-20.0.1-5.i386.rpm
- Port numbers
20 FTP Data transfer
21 FTP control Connections
- Configuration file
/etc/vsftpd/vsftpd.conf
- Service
vsftpd
- Daemon
vsftpd
[root@comp1~]# cd /var/ftp
[root@comp1~]# ls –l
[root@comp1~]# cd pub
[root@comp1~]# cp /var/logmaillog.1
[root@comp1~]# chmod 777 maillog.1
Restrict user from moving to other directory, except his home directory
Server Side configuration
[root@comp1~]# cd /etc/vsftpd
[root@comp1~]# vi vsftpd.conf
Remove # at line 96,8
[root@comp1~]# service vsftpd restart
[root@comp1~]# cd /etc
[root@comp1~]# vi vsftpd.chroot_list
Mention the usernames that you want to restrict
[root@comp1~]# service vsftpd restart
Trigger Andrewson developed the application for Linux for file sharing, but ‘SMB’ name was
proprietary name registered to the protocol in Windows. So Trigger Andrewson searched the
dictionary for a word with letter S, M & B and found the word ‘SAMBA’ and so named the
protocol after it.
Protocols
- SMB
- NMB
Daemon
- smbd
- nmbd
Types of Records
- SOA record
o The first record in any zone file
- NS Record
o Identifies the DNS server for each zone
- A Record
o Resolves a host name to an IP address
- CNAME Record
o Resolves an alias name to host name
- PTR Record
o Resolves an IP address to a host name
- MX Record
o Used by the mail server
Requirements:
- Packages
Bind-chroot-9.2.4-2.i386.rpm
Bind-devel-9.2.4-2.i386.rpm
Bind-libs-9.2.4-2.i386.rpm
Bind-utils-9.2.4-2.i386.rpm
Bind-9.2.4-2.i386.rpm
Caching-nameserver-7.3-3.noarch.rpm
- Port numbers
53 DNS
- Configuration file
/etc/named.conf
- Service
Named
- Daemon
Named
Server side configuration
[root@comp1~]# rpm –qa | grep bind
[root@comp1~]# rpm –qa | grep caching-nameserver
[root@comp1~]# rpm –e caching-nameserver --nodeps
[root@comp1~]# rm /etc/named.conf.rpmsave
[root@comp1~]# mount 192.168.0.250:/var/ftp/pub/RedHat/RPMS /mnt
[root@comp1~]# cd /mnt
[root@comp1~]# rpm –ivh bind* --force --aid
[root@comp1~]# rpm –ivh caching* --force --aid
[root@comp1~]# umount /mnt
[root@comp1~]# cd /etc
[root@comp1~]# vi named.conf
In this file at line 37 type 5yy and P at line 66
Mention the details
Zone “zoom.com” IN (
Type master ;
File “zoom.for” ; means zoom is domain name and for is forward lookup zone
Allow-update { none; };
[root@comp1~]# cd /var/named/chroot/var/named
[root@comp1~]# cp localhost.name zoom.for
[root@comp1~]# vi zoom.for
www (tab) IN (tab) A (tab) 192.168.0.10
stores (tab) IN (tab) A (tab) 192.168.0.20
[root@comp1~]# service named restart
[root@comp1~]# vi /etc/resolv.conf
Nameserver 192.168.0.254 (IP of the DNS configured Server)
[root@comp1~]# nslookup
>www.zoom.com
Client system
[root@comp1~]# vi /etc/resolv.conf
[root@comp1~]# nameserver 192.168.0.254
Server system
[root@comp1~]# vi /var/named/chroot/var/named/named.ca (contains all the root server IP
Address)
[root@comp1~]# cd data (all the DNS data is stored in this directory)
Master DNS
:x
[root@comp1~]# cd /var/named/chroot/var/named
[root@comp1~]# cp localhost.zone zoom.for to copy the template into the zoom.for file
[root@comp1~]# cp localhost.zone zoom.rev to copy the remplate into the zoom.rev file
*** localhost.zone file contains the sample for forward and backward lookup file configuration
[root@comp1~]# vi zoom.for
www (tab) IN (tab) A (tab) 192.168.0.10
:x
[root@comp1~]# vi zoom.rev
10 (tab) IN (tab) PTR (tab) www.zoom.com
The value “10” is just the host portion of 192.168.0.10 and the first three network protion
192.168.0.10 is already mentioned in named.conf file
Slave configuration
Install the packages as in master DNS
[root@comp1~]# cd /etc
[root@comp1~]# vi named.conf
At line 43 type 5yy and p at 72
At line 67 zone “localhost” IN {
Type slave ;
File “slaves/zoom.for” ;
Allow-updates { none ; } ;
Master {192.168.0.253;};
At line 72 zone “0.168.192.in-addr.arpa” IN {
Type slave ;
File “slaves/zoom.rev”; (to mention the reverse lookup zone)
Allow-update { none ; } ;
Master {192.168.0.253;};
:x
[root@comp1~]# cd /var/named/chroot/var/named
[root@comp1~]# services named restart
For checking updates, In master
[root@comp1~]# cd /var/named/chroot/var/named
[root@comp1~]# vi zoom.for
Make some changes here
SOA – Start of Authority
NS – Naming server
To check if slave is working, from any client (except master DNA and Slave DNS)
[root@comp1~]# vi /etc/resolv.conf
Nameserver 192.168.0.253
Nameserver 19.168.0.7
:x
[root@comp1~]# nslookup
> www.zoom.com
The physically switch off the master DNS server, then the request goes to slave and if you get IP
resolving the slave DNS server is working fine.
WEB SERVER (APACHE SERVER)
Python, Perl, ASP, JSP, PHP - for scripting and application server
SQL, ORACLE etc - Database server
Tomcat, J-Boss - Server to execute Java programmes
SAN - Storage Area Network.
It has pool of hard disks for bulk storage
NCSA – National Council of Supercomputer Association introduced first concept to Web Server
Initially the web server known as httpd was funded by Govt. of American but when it showed no
result the funds were stopped. But some open source group made developments to httpd web
server software and fixed the bugs in it & named it as A’patchy’ server and its today known as
APACHE SERVER
What is Apache?
Apache is a freeware and is the most popular and widely sued server which consumes 70% of web
market, that can be configured in both windows and linux
Requirements:
- packages
o httpd-2.0.52-9.ent.i386.rpm
o httpd-devel-2.0.52-9.ent.i386.rpm
o httpd-manual-2.0.5.2-9.ent.i386.rpm
o httpd-suexec-2.0.52-9.ent.i386.rpm
- port number
o http 80
- configuration file
o /etc/httpd/conf/httpd.conf
- Services
o Httpd
- Daemon
o Httpd
Configuring one website on a single server
Client machine
[root@comp1~]# cd /etc
[root@comp1~]# vi named.conf
At line 43 type 5yy and p at 72
At line 67 zone “ge.com”
IN {
Type master;
File “ge.for” ;
Allow-update {none;};
[root@comp1~]# cd /var/named/chroot/var/named
[root@comp1~]# cp localhost.zone ge.for
[root@comp1~]# vi ge.for
www (tab) IN (tab) A (tab) 192.168.0.254
[root@comp1~]# Service named restart
[root@comp1~]# vi /etc/resolv.conf
Nameserver 192.168.0.254
[root@comp1~]# nslookup
> www.ge.com
VIRTUAL HOSTING
Name Based Virtual hosting
Install all DNS packages and configure DNS (IP 192.168.0.253)
[root@comp1~]# cd /etc
[root@comp1~]# vi named.conf
At line 37 type 5yy and p at 71 & 77
Zone “yahoo.com” IN {
Type master ;
File “yahoo.for” ;
Allow-update {none;};
Zone “ibm.com” IN {
Type master ;
File “ibm.for” ;
Allow-update {none;};
:x
[root@comp1~]# cd /var/named/chroot/var/named
[root@comp1~]# cp localhost.zone yahoo.for
[root@comp1~]# cp localhost.zone ibm.for
[root@comp1~]# vi yahoo.for
www (tab) IN (tab) A (tab) 192.168.0.254
[root@comp1~]# vi ibm.for
www (tab) IN (tab) A (tab) 192.168.0.254
[root@comp1~]# service named restart
[root@comp1~]# nslookup
> www.yahoo.com
192.168.0.254
> www.ibm.com
192.168.0.254
Zone “redhat.com” IN {
Type master ;
File “redhat.for” ;
Zone “rediff.com” IN {
Type master ;
File “rediff.for” ;
:x
[root@comp1~]# cd /var/named/chroot/var/named
[root@comp1~]# cp localhost.zone redhat.for
[root@comp1~]# cp localhost.zone rediff.for
[root@comp1~]# vi redhat.for
www (tab) IN (tab) A (tab) 192.168.0.150
[root@comp1~]# vi rediff.for
www (tab) IN (tab) A (tab) 192.168.0.254
[root@comp1~]# service named restart
[root@comp1~]# nslookup
Web server configuration
[root@comp1~]# cd /etc/httpd/conf
[root@comp1~]# vi httpd.conf
Go to end of the file, at line 1016 type 7yy and p at 1038 and 1046
<virtual host 192.168.0.150:80>
Serveradmin root@redhat.com
Documentroot /var/www/html
Servername www.redhat.com
Directory index redhat.html
</virtual host>
Listen 5000
<virtual host www.rediff.com:5000>
Serveradmin root@rediff.com
Documentroot /var/www/html
Servername www.rediff.com
Directory index rediff.html
</virtual host>
:x
[root@comp1~]# cd /var/www/html
[root@comp1~]# vi redhat.html
Welcome to RedHat Site
[root@comp1~]# vi rediff.html
Welcome to Rediff Site
TROUBLESHOOTING
Recovering Root password
- Root password can be recovered in specialized trouble shooting (i.e. init 1)
- Init 1 level provides a shell (i.e. sh) without logging in
At boot screen press ‘e’ for edit and again ‘e’ to edit and select
“/boot/vmlinuz-2.6.9-5.EL ro root=LABEL=/1 rhgb quiet” and press ‘e’ to edit and at the prompt
type (space) 1 and hit enter and press ‘b’ to boot. It shows a shell prompt
Sh-300# passwd
Sh-300# (new password)
Sh-300# (confirm password)
Sh-300# init 6
But the problem with this method is that anyone can enter into your system and change the root
password and delete all your critical files. So you have to Set grub password so that you can secure
your machine.
Assigning Grub Password
[root@comp1~]# grub-md5-crypt >>
/boot/grub/grub.conf
[root@comp1~]# vi /boot/grub/grub.conf
Hidden menu
Password –md5 (encrypted password) [copy the encrypted md5 format password here]
Title RedHat--------
(and remove the encrypted md5 password from here)
:x
On reboot
Press ‘e’ to edit and ‘p’ to enter password for grub.
Configuring routing
[root@comp1~]# echo 1 > /proc/sys/net/ipv4/ip-forward Routing-Temporary
[root@comp1~]# vi /etc/sysctl.conf Configuring routing permanently
[root@comp1~]# sysctl –p load in sysctl setting at runtime
[root@comp1~]# chkconfig --list | more To see the list of services enabled at boot
[root@comp1~]# chkconfig --level (runlevel no) (service name) (on/off)
To enable/disable a particular service in desired runlevel
MAIL SERVER
MTA: Mail Transfer Agent Sendmail, Lotus, Postfix, Enim, MS exchange
MDA: Mail Delivery Agent Procmail, mailer
MUA: Mail User Agent Eudora, Outlook, Mozilla, Squirrel mail, pine, mail
Requirement:
- Packages
o Sendmail-8.13.1-2.i386.rpm
o Sendmail-cf-8.13.1-2.i386.rpm
o Sendmail-devel-8.13.1-2.i386rpm
o Sendmail-doc-8.13.1-2.i386rpm
o M4-1.4.1-16.i386.rpm
- Port numbers
o 25 Simple mail Transfer protocol (SMTP)
o 110 Post Office Protocol (POP3)
o 143 Internet mail/message Access protocol (IMAP4)
- Configuration file
o /etc/mail/sendmail.mc (always edit this sample file and append to Sendmail.cf)
o /etc/mail/sendmail.cf (It is not recommended to edit this configuration file)
- Service
o Sendmail
- Daemon
o Sendmail
DNS configuration
[root@comp1~]# vi zoom.for
Mail (tab) IN (tab) A 192.168.0.253
Zoom.com (tab) (IN) (tab) MX (tab) 5 (tab) mail.zoom.com
DHCP
Dynamic Host Configuration Protocol
It involves the process called DORA
Discover, Offer, Request, Acknowledgement
What is DHCP?
- It gives IP address automatically to the clients who is requesting for an IP address
- Centralized IP address management
- DHCP presents IP address conflicts and helps conserver the use of client IP address on the
Network
- DHCP reduces the complexity and amount of administrative work by assigning TCP/IP
configuration
- Client IP configuration is updated automatically
Why DHCP?
Requirements:
- Packages
o dhcp
- Port numbers
o 67 BootP
o 68 DHCP
- Configuration file
o /etc/dhcpd.conf
- Service
o dhcpd
- Daemon
o Dhcpd
[root@comp1~]# rpm –qa | grep dhcp
[root@comp1~]# rpm –e dhcp --nodeps
[root@comp1~]# mount 192.168.0.250:/var/ftp/pub/RedHat/RPMS /mnt
[root@comp1~]# cd /mnt
[root@comp1~]# rpm –ivh dhcp* --force --aid
[root@comp1~]# cd /
[root@comp1~]# umount /mnt
[root@comp1~]# cd /usr/share/doc/dhcp-3.0.1/
[root@comp1~]# cd dhcpd.conf.sampl /etc/dhcpd.conf
[root@comp1~]# cd /etc
[root@comp1~]# vi dhcpd.conf
At line 21 --specify the IP range
For fixed IP address copy from line 26-30 as sample and paste at required destination and modify
accordingly.
To know the macaddress use ifconfig –a
[root@comp1~]# service dhcpd restart
In client machine, go to netconfig and select the option use dynamic IP address
[root@comp1~]# service network restart
PROXY SERVER
- Package
o Squid
- Configuration file
o /etc/squid/squid.conf
- Port number
o 3128 (but this can be modified later)
- Service
o Squid
- Daemon
o Squid
Open firefox browser – Edit – preferences – general tab – connections settings – manual proxy
configuration and enter the details accordingly
NIS SERVER
Network Information Server/Service (Previously know as Yellow pages)
NIS server:
- The two common authentication services are the network information services (NIS) and
Lightweight Directory Access Protocol (LDAP)
- Both NIS & LDAP allows to manage all users and computers centrally.
Requirements
- Packages
o Ypserv-2.13.5.i386.rpm
o Ypbind-1.17.2-3.i386.rpm
o Yptools-2.8-7.i386.rpm
- Port numbers
o NIS uses random port numbers
o [root@comp1~]# rpcinfo -p
- Configuration file
o /var/yp/Makefile
- Service
o ypserv
- Daemon
o Ypserv
o yppasswdd
You have to used NFS services also along with the NIS services to share the home directories of
the users so that it can be easy for authentication and all the files that user creates will be centrally
located and saved on the server in his home directory
Implementing LVM
First create normal partition
[root@comp1~]# pvcreate (groupname) /dev/hda11 /dev/hda12 /dev/hda13 Create physical
volumes from previously created partition.
[root@comp1~]# pvdisp
lay | less To display physical volumes details
[root@comp1~]# vgcreate (VGname) (pv1) (pv2) Creation of volume group
[root@comp1~]# vgdisplay (VGname) To get the information above volume group
[root@comp1~]# lvcreate –L (size) (VGname) –n (volume name) Create logical volume
[root@comp1~]# mkdir /lvm Resizing logical volume
[root@comp1~]# mount /dev/zoom/linux /lvm mount logical volume on mount pont
STEPS
[root@comp1~]# pvcreate secbad /dev/hda11 /dev/hda12 /dev/hda13
[root@comp1~]# vgcreate secbad /dev/hda11 /dev/hda12 /dev/hda13
[root@comp1~]# lvcreate –L +50M secbad –n linux2
[root@comp1~]# mkfs.ext /dev/secbad/linux2
[root@comp1~]# mkdir /zoom10
[root@comp1~]# mount /dev/secbad/linux2 /zoom10
[root@comp1~]# cd /zoom10 Access logical volume
[root@comp1~]# touch a1 b1 c1
[root@comp1~]# umount /zoom10
[root@comp1~]# lvresize –L +sizeM LVname Create a mount point
[root@comp1~]# lvremove LVname remove logical volume
[root@comp1~]# vgextend VGname PVname Resizes volume group
IP table example
- The simple example of blocking an icmp (ping) from a host to IP 92.168.0.4 will be like this
[root@comp1~]# iptables –A INPUT –s 192.168.0.4 –p icmp –j REJECT
-A INPUT : Appends a rule in the INPUT chain
-s 192.168.0.4 : It specifies the source of request
-p icmp : It specifies the protocol for matching
-j REJECT : It is the action iptables should take when a packet matches the criteria
IPtable commands
[root@comp1~]# iptable –A Appends the rule in the chain
[root@comp1~]# iptable –D Delete a rule from a particular chain
[root@comp1~]# iptable –I insert a rule in a chain
[root@comp1~]# iptable –F flush all rules from iptables
*** /var/log directory contains all the log files that are used to monitor the performance, errors,
information about the system, applications, users and groups, files and ports. It is necessary that we
keep backup of these log files for atleast past 3 years.
For, Remote Installation Services (RIS) go to applications – system tools – kick start