0 évaluation0% ont trouvé ce document utile (0 vote)
114 vues220 pages
This document provides information about the Red Hat Certified Engineer (RHCE) certification exam for Red Hat Enterprise Linux 5. It outlines the key skills tested in the exam, which consists of two sections on troubleshooting/system maintenance and installation/configuration. Candidates must demonstrate proficiency in tasks like network configuration, security implementation, and troubleshooting of common issues. The exam validates that candidates have both Red Hat Certified Technician (RHCT) and RHCE-level Linux skills.
This document provides information about the Red Hat Certified Engineer (RHCE) certification exam for Red Hat Enterprise Linux 5. It outlines the key skills tested in the exam, which consists of two sections on troubleshooting/system maintenance and installation/configuration. Candidates must demonstrate proficiency in tasks like network configuration, security implementation, and troubleshooting of common issues. The exam validates that candidates have both Red Hat Certified Technician (RHCT) and RHCE-level Linux skills.
This document provides information about the Red Hat Certified Engineer (RHCE) certification exam for Red Hat Enterprise Linux 5. It outlines the key skills tested in the exam, which consists of two sections on troubleshooting/system maintenance and installation/configuration. Candidates must demonstrate proficiency in tasks like network configuration, security implementation, and troubleshooting of common issues. The exam validates that candidates have both Red Hat Certified Technician (RHCT) and RHCE-level Linux skills.
Leading the way in IT testing and certification tools, www.testking.com
- 2 - Li nux i s t he most wi del y usi ng Oper at i ng as wel l as r ai si ng i n t he mar ket due t o i t s f eat ur e of open sour ce devel opment model , Uni x l i ke Oper at i ng Syst em, Secur e and St abl e. Ther e ar e l ot s of Li nux Di st r i but or l i ke RedHat , SuSe, Cal der a, Mandr ek et c. Among t hem Redhat i s t he Pr emi er among al l t he di st r i but or . So, Redhat Sayi ng Leader of Open sour ce. About Redhat Enterprise Linux 5 Redhat Ent er pr i se Li nux i s mor e t han j ust t he oper at i ng Syst em. I t i ncl udes t he wi de var i et y of commands, appl i cat i ons and ut i l i t i es. Some new f eat ur es ar e added on RedHat Ent er pr i se Li nux 5: l i ke SELi nux ( Secur i t y Enhanced Li nux) , LVM ( Logi cal Vol ume Manager ) Ver si on 2, Mdadm Rai d Tool s, 2. 6. X Ver si on Ker nel as wel l as mor e per f or mance on Ker nel and X Wi ndow Syst em.
Redhat al so pr ovi des t he t op Level Tr ai ni ng and Cer t i f i cat i on on Li nux. When I m wr i t i ng t hi s book, Redhat has f our Cer t i f i cat i ons. RHCT ( Redhat Cer t i f i ed Techni ci an) : Whi ch i s cal l ed t he ent r y l evel on Redhat Cer t i f i cat i on, whi ch cover s t he syst emAdmi ni st r at i on l evel . RHCE ( Redhat Cer t i f i ed Engi neer ) : Whi ch cover s t he most of t he Net wor k and Secur i t y Conf i gur at i on. RHCA ( Redhat Cer t i f i ed Ar chi t ect ) : RHCSS ( Redhat Cer t i f i ed Secur i t y Speci al i st ) RH302
Leading the way in IT testing and certification tools, www.testking.com
- 3 -
Ti l l now al l Redhat s Cer t i f i cat i on i s Pr act i cal Based exam, so i t uni que and most chal l engi ng t hen ot her cer t i f i cat i ons i n t he wor l d. That s why i t s a pr of essi onal s choi ce on number one sur vey t aken by www. cer t ci t i es. com. To be f ami l i ar on Redhat Exam RHCT you can go t hr ough t he Test Ki ng RH202 Quest i ons and Answer s.
Under Red Hat Ent er pr i se Li nux 5, t he cer t i f i cat i on exam consi st s of t wo par t s conduct ed i n a si ngl e day. The exam i s per f or mance- based, meani ng t hat candi dat es must per f or m t asks on a l i ve syst em, r at her t han answer i ng quest i ons about how one mi ght per f or m Sect i on I : Tr oubl eshoot i ng and Syst em Mai nt enance ( 2. 5 hour s) Sect i on I I : I nst al l at i on and Conf i gur at i on ( 3 hour s) I n or der t o pass t he Red Hat Cer t i f i ed Engi neer exam under Red Hat Ent er pr i se Li nux 5, you must meet al l of t he f ol l owi ng r equi r ement s: a scor e of 80 or hi gher on Sect i on I , consi st i ng of f i ve compul sor y and f i ve successf ul compl et i on of t he f i ve Sect i on I compul sor y t r oubl eshoot i ng pr obl ems wi t hi n one hour of t hat sect i on' s st ar t t i me; 70 per cent or mor e on t he RHCT- l evel ski l l s i n Sect i on I I ; 70 per cent or mor e on t he RHCE- l evel ski l l s i n Sect i on I I . RH302
Leading the way in IT testing and certification tools, www.testking.com
- 4 - These l ast t wo r equi r ement s enabl e RHCEs t o demonst r at e t hat t hey possess bot h RHCT l evel and RHCE- l evel ski l l s, as wel l as enabl i ng a per son who onl y has RHCT l evel ski l l s t o ear n RHCT i f t hey pass t he r equi r ed compet enci es. Before Attending to Exam: Are you excellent on following? Can you do independently?
Components of the RHCT exams
The RHCT exam i s a subset of t he RHCE exam, and i s or gani zed as f ol l ows: Tr oubl eshoot i ng and Syst emMai nt enance 1 hour I nst al l at i on and Conf i gur at i on 2 hour s I n or der t o ear n RHCT, one must successf ul l y compl et e al l t he r equi r ement s i n Tr oubl eshoot i ng and Syst em Mai nt enance, and must achi eve a scor e of 70 or hi gher on I nst al l at i on and Conf i gur at i on sect i on.
RHCT skills
Troubleshooting and System Maintenance
RHCTs shoul d be abl e t o: boot syst ems i nt o di f f er ent r un l evel s f or t r oubl eshoot i ng and syst emmai nt enance di agnose and cor r ect mi sconf i gur ed net wor ki ng di agnose and cor r ect host name r esol ut i on pr obl ems RH302
Leading the way in IT testing and certification tools, www.testking.com
- 5 - conf i gur e t he X Wi ndow Syst emand a deskt op envi r onment add new par t i t i ons, f i l esyst ems, and swap t o exi st i ng syst ems use st andar d command- l i ne t ool s t o anal yze pr obl ems and conf i gur e syst em
Installation and Configuration
RHCTs must be abl e t o: per f or mnet wor k OS i nst al l at i on i mpl ement a cust ompar t i t i oni ng scheme conf i gur e pr i nt i ng conf i gur e t he schedul i ng of t asks usi ng cr on and at at t ach syst emt o a net wor k di r ect or y ser vi ce, such as NI S or LDAP conf i gur e aut of s add and manage user s, gr oups, and quot as conf i gur e f i l esyst emper mi ssi ons f or col l abor at i on i nst al l and updat e RPMs pr oper l y updat e t he ker nel RPM modi f y t he syst emboot l oader i mpl ement sof t war e RAI D at i nst al l - t i me and r un- t i me use / pr oc/ sys and sysct l t o modi f y and set ker nel r un- t i me par amet er s
Components of the RHCE exams For RHCE exams gi ven on Red Hat Ent er pr i se Li nux 3 and hi gher , t he exami s or gani zed as f ol l ows: RH302
Leading the way in IT testing and certification tools, www.testking.com
- 6 - Tr oubl eshoot i ng and Syst emMai nt enance 2. 5 hour s I nst al l at i on and Conf i gur at i on 3. 0 hour s I n or der t o ear n RHCE, one must successf ul l y compl et e al l t he RHCT- l evel Tr oubl eshoot i ng and Syst em Mai nt enance r equi r ement s, and successf ul l y compl et e enough addi t i onal RHCE i t ems t o ear n a scor e of 80 or hi gher over al l on t he sect i on. I n addi t i on, one must scor e 70 or hi gher on t he RHCT i t ems of I nst al l at i on and Conf i gur at i on, and 70 or hi gher on t he RHCE component s of t hat sect i on.
RHCE skills
Troubleshooting and System Maintenance
RHCEs must demonst r at e t he RHCT ski l l s l i st ed above, and shoul d be abl e t o: use t he r escue envi r onment pr ovi ded by f i r st i nst al l at i on CD di agnose and cor r ect boot f ai l ur es ar i si ng f r om boot l oader , modul e, and f i l esyst emer r or s di agnose and cor r ect pr obl ems wi t h net wor k ser vi ces ( see I nst al l at i on and Conf i gur at i on bel ow f or a l i st of t hese ser vi ces) add, r emove, and r esi ze l ogi cal vol umes
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 7 - Installation and Configuration RHCE must demonst r at e t he RHCT- l evel ski l l s l i st ed above, and t hey must be capabl e of conf i gur i ng t he f ol l owi ng net wor k ser vi ces: HTTP/ HTTPS SMB NFS FTP Web pr oxy SMTP I MAP, I MAPS, and POP3 SSH DNS
For each of these services, RHCEs must be able to: i nst al l t he packages needed t o pr ovi de t he ser vi ce conf i gur e t he ser vi ce t o st ar t when t he syst emi s boot ed conf i gur e t he ser vi ce f or basi c oper at i on Conf i gur e host - based and user - based secur i t y f or t he ser vi ce
RHCEs must also be able to: conf i gur e hands- f r ee i nst al l at i on usi ng Ki ckst ar t i mpl ement l ogi cal vol umes at i nst al l - t i me use PAM t o i mpl ement user - l evel r est r i ct i ons Getting Red Hat Enterprise Linux 5 The Red Hat exams ar e based on your knowl edge of Red Hat Ent er pr i se Li nux 5. When you t ake t he RHCT exam, i t i s t he RH302
Leading the way in IT testing and certification tools, www.testking.com
- 8 - st andar d PC of i nt el compat i bl e wi t h bet t er Pent i um and at l east 256MB RAM. Ther e ar e f our Edi t i on of RedHat Ent er pr i se Li nux ar e avai l abl e on Mar ket . They wi l l char ge accor di ng t o your har dwar e pr of i l e, number of syst em r equi r ed suppor t f r om Redhat et c. RHEL 4 Advanced Ser ver ( AS) : Desi gn t o hose or gani zat i on havi ng l ar ge net wor k. RHEL 4 Ent er pr i se Ser ver ( ES) : Desi gn t o t hose or gani zat i on havi ng mi ddl e l evel of Net wor k RHEL 4 Wor kst at i on ( WS) : Cl i ent of AS and ES Ser ver . Redhat Deskt op: St and al one cl i ent s f r omRedhat , Whi ch pr ovi des t he most used appl i cat i ons. How to Prepare for the Exam? On Ever y Sect i on I wr ot e t hat you shoul d abl e t o do i ndependent l y, r ead al l car ef ul l y do pr act i ce mor e and go t hr ough al so Test Ki ng Quest i ons and Answer of RH202 whi ch i s RHCT examcode.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 9 -
Section 1 Redhat Enterprise Linux 5 Foundation Can you do independently ? Linux Filesystem Hierarchy Identifying the file type Working with Simple Linux Command i.e cp, mv, rm, mkdir, rmdir etc Exploring commands using man, info etc Working with Vi Editor Working with Removable Device File Compression, archiving Variables, functions, aliases etc Printing the Documents Finding files and directories String Processing with head, tail, sort, grep, wc, cut etc The Linux File system Hierarchy / The r oot Fi l esyst emal so cal l ed t he t op l evel di r ect or y i n Li nux /boot The / boot Di r ect or y cont ai ns t he Ker nel and al l boot r el at ed Fi l es /bin, /usr/bin Al l User commands RH302
Leading the way in IT testing and certification tools, www.testking.com
- 10 - /sbin, /usr/sbin Admi ni st r at i ve Commands /etc Most conf i gur at i on f i l es. /var Al so cal l ed t he Var i abl es, cont ai ns t he Most Log f i l es, Spool i ng f i l es et c. /home Most user s home di r ect or y /lib Cont ai ns t he Shar ed l i br ar i es used by ker nel as wel l as di f f er ent pr ogr ams. /media Typi cal Mount Poi nt f or Removabl e Devi ces i e CDROM, Fl oppy and USB Fl ash Di sks /mnt Mount Poi nt f or NFS ( Net wor k Fi l e Ser vi ces) , SAMBA et c /dev Al l Bl ock Devi ce as wel l as Char act er Devi ce f i l es /proc Vi r t ual Fi l e syst emcont ai ns t he i nf or mat i on about t he Runni ng Ker nel . /selinux Li ke / pr oc Vi r t ual Fi l e syst em, cont ai ns t he SEl i nux conf i gur at i on i nf or mat i on. /root Home Di r ect or y of r oot ( al so cal l ed t he Super User ) user . /tmp Cont ai ns t he Tempor ar y f i l es/ di r ect or i es. /opt Di r ect or y f or Thi r d par t y Pr oduct s. Each Di r ect or y Mount t o di f f er ent Par t i t i on except some di r ect or y. Some di r ect or y shoul d i ncl ude wi t h / means you can t cr eat e di f f er ent par t i t i on and mount . Exampl e: / , / l i b, / bi n, / sbi n, / et c, / dev These Di r ect or i es can t separ at e f r omt he / . Working With Linux Command: RH302
Leading the way in IT testing and certification tools, www.testking.com
- 11 - ls : List the contents of Directory Systax: ls [options] path - l Long Li st i ng - r I n r ever se Or der - s Wi t h Si ze - R Wi t h Sub- cont ent s - a Nor mal as wel l as hi dden cont ent s Example: ls a : i t l i st al l hi dden as wel l as nor mal cont ent s of cur r ent di r ect or y. ls l /etc/ : I t l i st al l cont ent s of / et c wi t h l ong l i st i ng. When you use t he l s l command you can see t he l ong l i st i ng. i . e - r w- r - xr - x 1 r oot r oot 1234 10: 25: 20 1 Apr i l 2006 nar ayan. t xt Fi r st Col umn cont ai ns t ot al 10 char act er s, Among t hen f i r st Char act er r epr esent s t he Nat ur e of f i l e. - Nor mal Fi l e can r ead usi ng cat command. d Di r ecot r y l Li nk Fi l e RH302
Leading the way in IT testing and certification tools, www.testking.com
- 12 - c Char act er Devi ce Fi l e d Bl ock Devi ce Fi l e p Named Pi pe s Socket
2, 3, 4 char act er r epr esent s t he per mi ssi on t o owner user . r Read w Wr i t e x Execut e Al ways r wx comes i n or der i f you get i n or der t hat means no per mi ssi on. 5, 6, 7 char act er r epr esent s t he per mi ssi on t o owner gr oup member 8, 9, 10 char act er r epr esent s t he per mi ssi on t o ot her ( nei t her owner user nor member of owner gr oup) . Permission and file type Owner User Owner Group Size in bytes Created Date and Time File Name - r w- r - xr - x 1 Root Root 1234 10: 25: 20 1 Apr i l 2006 nar ayan. t xt RH302
Leading the way in IT testing and certification tools, www.testking.com
- 13 - cd : Change the Directory. cd di r ect or y To use t he di r ect or y cd . . To j ump t o par ent di r ect or y cp: Copy Command Syntax: cp [options] source destination - i I nt er act i ve - R Recur si ve Copy - F For cel y Copy mv : Move Command Syntax: mv source destination mkdir : Create the new directory Syntax: mkdir directoryname rmdir: removes the blank directory Syntax: rmdir directoryname rm : Removes files as well as directories Syntax: rm [options] file/directory - i I nt er act i ve - f For cel y RH302
Leading the way in IT testing and certification tools, www.testking.com
- 14 - - R Recur si vel y cat : Multiple purpose command to read or create the file cat f i l ename: di spl ays t he cont ent s of f i l e on st andar d out put . cat >f i l ename: Redi r ect s t he cont ent s of st andar d i nput i nt o f i l e. cat >>f i l ename: Append t he cont ent s of st andar d i nput i nt o f i l e. touch: Creates the blank file. Exampl e: t ouch f i l ename tty: Displays the terminal name runlevel: Displays the current and previous runlevel clear: Clears the screen
Exploring with Manual - man command - info command - command --help Working With Vi Editor RH302
Leading the way in IT testing and certification tools, www.testking.com
- 15 - - Vi (Visual Editor) is the Standard Unix as well as Linux Editor. - Redhat added some features on vi called vim (vi improved) automatically invoked when you open the vi editor. To Start vi: - vi or - vi filename Cursor Movements on vi Editor Shortcuts Description H Moves cur sor t o Lef t J Moves cur sor t o Down K Moves cur sor t o Up L Moves cur sor t o r i ght W Moves cur sor one wor d ahead B Moves cur sor one wor k back ( Moves cur sor t o one sent ence back ) Moves cur sor t o one sent ence f or war d { Moves cur sor t o one par agr aph above } Moves cur sor t o one par agr aph bel ow RH302
Leading the way in IT testing and certification tools, www.testking.com
- 16 - Ar r ow Keys al so suppor t ed, To change t he mode use esc key Inserting and Append Mode Shortcuts Description A Append af t er t he Cur r ent Cur sor Posi t i on I I nser t bef or e t he Cur r ent Cur sor Posi t i on O Append new bl ank l i ne bel ow A Append t o end of l i ne I I nser t at t he begi nni ng of l i ne O Append new bl ank l i ne above Delete word, line and character Shortcuts Description X Del et es cur r ent Char act er Nx Del et es n char act er s Dd Del et es Cur r ent Li ne Ndd Del et es n l i nes Dw Del et es t he cur r ent wor d Ndw Del et es t he n wor ds
Copy and Paste Shortcuts Description RH302
Leading the way in IT testing and certification tools, www.testking.com
- 17 - Yc Yanks cur r ent Char act er Yw Yanks Cur r ent Wor d Yy Yanks t he Cur r ent Li ne Nyw Yanks t he n wor ds Nyy Yanks t he n l i nes P Past es t he dat a af t er t he cur r ent cur sor P Past es t he dat a bef or e t he cur r ent cur sor u : Undo t he r ecent changes U: Undo al l changes on cur r ent l i ne si nce t he cur sor l anded on t he l i ne . or cr t l +r : Redo Searching the text Shortcuts Description /text Sear ch t he t ext i n f or war d di r ect i on ?text Sear ch t he t ext i n backwar d di r ect i on N Fi nd Next i n same di r ect i on N Fi nd Next i n opposi t e di r ect i on Save and Exit Shortcuts Description :wq Save and Exi t :w Wr i t e i nt o Di sk RH302
Leading the way in IT testing and certification tools, www.testking.com
- 18 - :q! Qui t wi t hout Save
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 19 - Working with Removable Media Device Recognization IDE Drive: Pr i mar y Mast er / dev/ hda Pr i mar y Sl ave / dev/ hdb Secondar y Mast er / dev/ hdc Secondar y Sl ave / dev/ hdd SCSI Disk: / dev/ sda, / dev/ sdb Fl oppy Di sk: / dev/ f d0 Before using any devices you should mount the device on directory. Mounting is the process of activating the Device and creates the link on directory. Mounting Floppy i . mount / dev/ f d0 / medi a/ f l oppy or mount / medi a/ f l oppy Mounting CD-ROM i . mount / dev/ hd? / medi a/ cdr om RH302
Leading the way in IT testing and certification tools, www.testking.com
- 20 - or mount / medi a/ cdr om Mounting SCSI Flash Disks I n Redhat Ent er pr i se Li nux Fl ash Di sks r ecogni zi t i on as SCSI di sk, t o Use Fl ash Di sk: i . mkdi r / medi a/ f l ash i i . mount / dev/ sda / medi a/ f l ash File Compression and Archiving: tar is the standard archiving tool in Redhat Enterprise Linux, which places more files/directories into a single file so easier to move, backup and store. To create the archive file: tar cvf tafilename.tar inputfiles exampl e: t ar cvf myt ar . t ar * : Whi ch cr eat es t he myt ar . t ar f i l e by t aki ng i nput of al l f i l es f r omt he cur r ent di r ect or y. t ar cvf myt ar . t ar f i l e1 f i l e2 f i l e3 : Whi ch cr eat es t he myt ar . t ar ar chi ve f i l e of f i l e1, f i l e2 and f i l e3. To Test the archive file: You can t est t he ar chi ve f i l e by l i st i ng t he al l bundl es f i l es. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 21 - t ar t vf myt ar . t ar : Whi ch l i st al l cont ent s of myt ar . t ar f i l e.
To Extract the archive files: t ar xvf myt ar . t ar : whi ch ext r act t he f i l es f r omt he myt ar . t ar . File Compress and uncompress I n Li nux you wi l l get l ot s of t ool s f or compr ess and uncompr ess. i . gzip i s t he uni x st andar d compr essi on t ool , whi ch compr ess t he t ext f i l es upt o 75%. When you compr ess t he f i l e wi t h gzi p, you wi l l get t he f i l e wi t h . gz ext ensi on and you shoul d uncompr ess usi ng gunzip command. i i . bzip2 i s t he newer l i nux st andar d compr essi on t ool . When you compr ess f i l e usi ng bzip2, you wi l l get t he f i l e wi t h . bz2 ext ensi on and you shoul d uncompr ess usi ng bunzip2 command. Variables, Functions and Aliases Variable: Named Memor y Locat i on, cont ai ni ng t he val ues. I n Li nux Syst em, you wi l l get t he t wo t ypes of var i abl e, one i s cal l ed shel l var i abl e and anot her i s envi r onment al var i abl e. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 22 - Shel l Var i abl e: Shel l Var i abl e avai l abl e onl y on par t i cul ar shel l means not avai l abl e t o ot her shel l . You can use t he set command t o di spl ay al l envi r onment al as wel l as shel l var i abl es. Envi r onment al Var i abl e: Envi r onment al var i abl e avai l abl e t o al l shel l . You can use t he env command t o di spl ay al l envi r onment al var i abl es. You can decl ar e t he var i abl e j ust by assi gni ng a val ue i nt o t he var i abl e. EMPLOYEE_NAME=r am You can pr i nt t he val ue of var i abl e : echo $EMPLOYEE_NAME Function: Funct i on i s a col l ect i on of si mi l ar st at ement s. You can cr eat e t he f unct i on t o execut e a ser i es of command. Creating function in command line Syntax: functionname() { command 1 command 2 command 3 } RH302
Leading the way in IT testing and certification tools, www.testking.com
- 23 - To execut e f unct i on j ust cal l t he f unct i on by f unct i on name : f unct i onname Aliases: Al i ases i s cal l ed t he shor t cut of ot her command. Exampl e: al i as myt ar =t ar cvf myt ar . t ar * use t he alias command t o di spl ay al l al i ases decl ar ed i n your syst emand use t he unalias t o cl ear t he shor t cut . Exampl e: unal i as myt ar RH302
Leading the way in IT testing and certification tools, www.testking.com
- 24 - Printing the Documents: You have j ust cr eat ed t he document ! i t s t i me t o pr i nt . The pr i nt i ng syst em i n Redhat Ent er pr i se Li nux i s ver y si mpl e and f l exi bl e. Pr i nt er s may be par al l el , USB or net wor ked. Suppor t i s i ncl uded f or pr i nt i ng t o r emot e CUPS I PP, l pd et c. You can i nst al l t he ei t her l ocal or net wor ked pr i nt er usi ng system-config-printer command lpr: t hi s command sends t he pr i nt i ng j ob t o pr i nt er Exampl e: lpr filename : I t wi l l sends t he pr i nt i ng j ob t o def aul t pr i nt er lpr Pprintername filename : I t wi l l sends t he pr i nt i ng j ob t o speci f i ed pr i nt er lpr Pprintername -#5 filename: I t wi l l sends t he pr i nt i ng j ob t o speci f i ed pr i nt er wi t h 5 copi es. lpq: This command is used to print the queue of printer. Example: lpq Pprintername lprm: This command helps to remove the queue from the printer. Example: RH302
Leading the way in IT testing and certification tools, www.testking.com
- 25 - lprm printqueueid
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 26 - Finding Files and Directories i . l ocat e or sl ocat e command much f ast er but l ess accur at e command t o sear ch f i l es or di r ect or i es. I t sear ch i n i t s dat abase, whi ch i s updat ed by cr on dai l y schedul e. I f you want t o updat e t he dat abase use t he updatebd command. I t wi l l sear ch onl y on di r ect or y havi ng r ead and execut e per mi ssi on. Exampl e: l ocat e t est i i . Fi nd command Now you can wor k wi t h t he most accur at e command f or sear ch. Synt ax: f i nd [ pat h] [ condi t i on] [ act i on] Exampl e: 1. f i nd / et c name passwd : i t wi l l f i nd t he f i l e havi ng name passwd i n / et c di r ect or y. 2. f i nd / home user user 1 : i t wi l l f i nd t he f i l es and di r ect or i es owned by user user 1. 3. f i nd / home gr oup t r ai ni ng : i t wi l l f i nd t he f i l es and di r ect or i es owned by t r ai ni ng gr oup. 4. f i nd / - at i me +10 : i t wi l l f i nd al l f i l es accessed mor e t han 10 days ago. You know t hat i ndex t abl e cont ai ns met a i nf or mat i on of f i l es wi t h di f f er ent t i mest amp i . e Access Ti me, Modi f i ed Ti me and Change Ti me. You can use t he at i me, mt i me and ct i me opt i ons. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 27 - 5. f i nd / - t ype f : i t wi l l f i nd al l nor mal f i l es, i nst ead of f you can use t he b f or bl ock devi ce f i l e, d f or di r ect or y, c f or char act er devi ce f i l e, l f or l i nk f i l e. on t he r esul t of f i nd command you can use t he di f f er ent act i on l i ke, copy, del et e, compr ess, ar chi ve et c. See by exampl e: i . f i nd / t mp t ype f exec r m {} \ ; : I t wi l l sear ch al l nor mal f i l es i n / t mp and r emove al l f i l es. i i . f i nd / dat a si ze +100M exec gzi p {} \ ; : I t wi l l sear ch al l f i l es havi ng si ze mor e t han 100M and compr ess by gzi p command.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 28 - Introduction to String Processing Tools head : di spl ay some l i nes f r om t he t op of f i l e by def aul t 10 l i nes. You can use t he n or - - l i nes opt i on t o di spl ay cust omnumber of l i nes. Example: head / et c/ passwd head n 5 / et c/ passwd tail: di spl ay some l i nes f r om t he bot t om of f i l e by def aul t i t di spl ays 10 l i nes. You can use n or - - l i nes opt i on t o di spl ay cust omnumber of l i nes. Exampl e: t ai l / et c/ passwd t ai l n 20 / et c/ passwd sort : sor t s t he t ext of f i l e i n ascendi ng or descendi ng or der . By def aul t i t di spl ays i n ascendi ng or der and doesn t make any changes t o or i gi nal f i l e. Synt ax: sor t [ opt i ons] f i l e - r : Rever se Or der - n: Numer i c sor t - f : I gnor e case RH302
Leading the way in IT testing and certification tools, www.testking.com
- 29 - - u : Uni que Sor t - t : Fi el d Separ at or - k: Fi l ed Number Exampl e: sor t r n t : - k3 / et c/ passwd Cut: di spl ay some speci f i c col umn f r om t he f i l e. Li ke i f you want t o di spl ay onl y cer t ai n col umn dat a f r om f i l e t hen you can use t he cut command. Synt ax: cut [ opt i on] f i l e - f : Speci f i es f i el d number - d: Fi el d separ at or exampl e: cut f 3 d: / et c/ passwd wc (Word Count): Pr i nt s t he number of l i nes, wor ds and char act er s of f i l e. Example: wc f i l ename I f you want t o pr i nt onl y number of l i nes or number of wor ds or number of char act er s you can use t he l or w or c opt i on. grep (General Regular Expression Processor) : di spl ays t he l i nes i n a f i l e mat ch a pat t er n. I t can al so pr ocess st andar d i nput . Example: gr ep r oot / et c/ passwd RH302
Leading the way in IT testing and certification tools, www.testking.com
- 30 - Section 2 RedHat Certified Technician (RHCT) Preparation Can you do independently ? Server Preparation for FTP, HTT, NFS and Kickstart Installation Redhat Enterprise Linux Installation through FTP, NFS, HTTP and Kickstart GRUB Bootloader Configuration and Installation Linux System Initialization Init and /etc/inittab Controlling Standalone and Transient Services About Virtual File System Controlling Modules Creating Partition, File system and mounting Creating Swap partition, on/off the swap space /etc/fstab file configuration Mounting NFS, SMB Share Auto Mount Network Configuration IP Forwarding Controlling Routing Table DNS Client Configuration Installing, Upgrading and Removing Packages RH302
Leading the way in IT testing and certification tools, www.testking.com
- 31 - Installing Kernel About User, Group and Permission Managing Users Managing Groups Setting Permissions to user, group and others About Special Permissions Working with Startup Scripts NIS Client Configuration Installing Local and Networked Printer Managing Printer through HTTP Scheduling Cron Job X Window System Troubleshooting X Window System Configuring RAID Level 0/1/5/6 Troubleshooting with RAID Configuring LVM Troubleshooting with LVM Quota Implementation Troubleshooting Linux boot process Welcome to you in RHCT Section of this book ! Installing RedHat Enterprise Linux 5 We can i nst al l t he RedHat Ent er pr i se Li nux Ei t her f r om Local CD- ROM or Net wor k based I nst al l at i on. I n t he dai l y wor ki ng envi r onment we use t he Net wor k based I nst al l at i on because t hat i s easy f or us. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 32 - I n Net wor k Based I nst al l at i on you can choose one met hod f r om FTP or HTTP or NFS. Bef or e St ar t i ng I nst al l at i on you shoul d pr epar e t he ser ver . I n examyou wi l l not get t he quest i on of ser ver pr epar at i on f or FTP or HTTP or NFS but i n your dai l y admi ni st r at i on wor k i t i s necessar y. Server Preparation for FTP: FTP ( Fi l e Tr ansf er Pr ot ocol ) , whi ch i s used t o upl oad or downl oad t he f i l es. FTP al so can be a best i nst al l at i on met hod i f you si t e i s al r eady conf i gur ed or goi ng t o conf i gur e. By def aul t anonymous as wel l as r eal user can access t he FTP ser ver but anonymous l ogi n i nt o / var / f t p and can access onl y t he / var / f t p hi er ar chy di r ect or y. Si mi l ar l y Real User l ogi n i nt o t he user s home di r ect or y. I f you ar e pl anni ng t o gi ve access t o anonymous t hen you shoul d copy al l t he cont ent s of your RHEL 4 CD s cont ent under / var / f t p hi er ar chy. Go by exampl e: 1. mkdi r / var / f t p/ r hel 4 2. 1 st CD 3. mount / medi a/ cdr om 4. cp r f / medi a/ cdr om/ * / var / f t p/ r hel 4 5. umount / medi a/ cdr om 6. 2 nd , 3 r d and 4 t h CD RH302
Leading the way in IT testing and certification tools, www.testking.com
- 33 - 7. mount / medi a/ cdr om 8. cp f / medi a/ cdr om/ RedHat / RPMS/ * / var / f t p/ r hel 4/ RedHat / RPMS 9. umount / medi a/ cdr om 10. chkconf i g vsf t pd on 11. ser vi ce vsf t pd r est ar t | st ar t Server Preparation for HTTP: HTTP ( Hyper Text Tr ansf er Pr ot ocol ) , anot her met hod f or Net wor k based RedHat Ent er pr i se Li nux I nst al l at i on. / var / www/ ht ml i s t he def aul t di r ect or y f or ht t p ser vi ce. J ust copy al l t he cont ent s of f our CDs i nt o / var / www/ ht ml hi er ar chy di r ect or y. 12. mkdi r / var / www/ ht ml / r hel 4 13. 1 st CD 14. mount / medi a/ cdr om 15. cp r f / medi a/ cdr om/ * / var / www/ ht ml / r hel 4 16. umount / medi a/ cdr om 17. 2 nd , 3 r d and 4 t h CD 18. mount / medi a/ cdr om 19. cp f / medi a/ cdr om/ RedHat / RPMS/ * / var / www/ ht ml / r hel 4/ / RedHat / RPMS 20. umount / medi a/ cdr om 21. chkconf i g ht t pd on ser vi ce ht t pd r est ar t | st ar t Server Preparation for NFS (Network File Services): RH302
Leading the way in IT testing and certification tools, www.testking.com
- 34 - Li nux has t he same met hod of shar i ng r esour ces as Uni x. Al l shar i ng di r ect or y ar e l i st ed i n / et c/ expor t s f i l e. / dat a *. exampl e. com( r w, sysnc) t r ust ed. cr acker . or g( r o, sysnc) : whi ch l i ne shar es t he / dat a di r ect or y f r om t he l ocal ser ver t o al l t he member of exampl e. com domai n as wel l as t r ust ed. cr acker . or g host . Al l member of exampl e. com can access t he shar ed dat a i n r ead and wr i t e access mode but t he t r ust ed. cr acker . or g host can access onl y i n r ead onl y mode. For NFS based I nst al l at i on, you shoul d shar e t he RHEL cd copi ed di r ect or y i n / et c/ expor t s. Suppose I copi ed i n / var / f t p/ pub t hen, I have t o wr i t e i n / et c/ expor t s Exampl e: / var / f t p/ r hel 4 *( r o, sync) #ser vi ce nf s st ar t #ser vi ce por t map r est ar t #chkconf i g nf s on Starting Installation: Mi ni mumRequi r ement s f or RHEL I nst al l at i on: 1. Bet t er Pent i mumCl ass CPU 2. 256 MB RAM 3. 2- 6 GB Har d Di sk. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 35 -
To st ar t t he I nst al l at i on t hr ough any net wor k based i nst al l at i on met hod i n cl i ent comput er , your r equi r e t he I nst al l at i on st ar t up di sks. That i s avai l abl e i n 1 st CD of Redhat Ent er pr i se Li nux on i mages f ol der . Fr om RHEL4 no l onger avai l abl e t o suppor t on Fl oppy, you r equi r e t he USB di sks. I n i mages f ol der of 1 st CD, you wi l l get t he di skboot . i mg i mage f i l e, you need t o cr eat e t he i mage of t hi s i mage f i l e i nt o usb di sk. Cr eat i ng t he i mage of di skboot . i mg: dd < di skboot . i mg >/ dev/ sda? Or cat di skboot . i mg >/ dev/ sda? I f you want t o st ar t t he i nst al l at i on i n cl i ent usi ng cd, j ust wr i t e t he boot . i so i n bl ank cd, usi ng cdrecord command. When you st ar t t he I nst al l at i on usi ng t he boot . i so cd, you wi l l get t he boot : pr ompt wher e you wi l l get mor e opt i ons. I n boot pr ompt , t ype linux askmethod command, whi ch wi l l ask you t o sel ect t he di f f er ent i nst al l at i on met hod. Sel ect t he Language, Keyboar d opt i ons, i f RHEL i s al r eady i nst al l ed i n your syst em, i t wi l l ask you ei t her f r esh i nst al l at i on or upgr ade. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 36 - I nst al l at i on st ar t ed sui ng ei t her USB di sk or boot . i so CD, i t wi l l ask you t he I nst al l at i on met hod, i . Sel ect FTP t o i nst al l t hr ough FTP ser ver and cl i ck on Next . I t wi l l ask f or I P addr ess assi gn ei t her st at i cal l y or dynami cal l y. Di al og wi l l ask f or FTP ser ver and Redhat Ent er pr i se Li nux Di r ect or y, Speci f y t he Ser ver name and di r ect or y: Exampl e: I n our FTP ser ver pr epar at i on, we have copi ed i n / var / f t p/ r hel 4 suppose ser ver has I P addr ess 192. 168. 0. 254. Ser ver : 192. 168. 0. 254 RedHat Ent er pr i se Li nux Di r ect or y: r hel 4 Note: When you i nst al l as anonymousl y, aut omat i cal l y anonymous l ogi n i nt o / var / f t p di r ect or y, so you have t o wr i t e t he pat h af t er def aul t di r ect or y. i i . Sel ect HTTP t o i nst al l t hr ough HTTP ser ver and cl i ck on Next . I t wi l l ask f or I P Addr ess assi gn ei t her st at i cal l y or dynami cal l y. Di al og wi l l ask f or t he HTTP ser ver and Di r ect or y. Exampl e: I n our HTTP ser ver pr epar at i on, we have copi ed i n / var / www. ht ml / r hel 4 suppose ser ver has I P addr ess 192. 168. 0. 254. Websi t e name: 192. 168. 0. 254 RH302
Leading the way in IT testing and certification tools, www.testking.com
- 37 - RedHat Ent er pr i se Li nux Di r ect or y: r hel 4 Def aul t Di r ect or y f or HTTP i s / var / www/ ht ml , When you use t hi s met hod t o i nst al l , you must speci f y t he pat h of di r ect or y af t er def aul t di r ect or y. i i i . Sel ect NFS I mage t o i nst al l f r om NFS shar ed di r ect or y. When you cl i ck on Next i t wi l l ask f or I P Addr ess f or you machi ne, assi gn ei t her st at i c I P or f r om DHCP ser ver i f DHCP ser ver i s conf i gur ed. When you cl i ck on Next af t er assi gni ng I P addr ess, i t wi l l ask f or t he NFS ser ver and RedHat Ent er pr i se Li nux Di r ect or y: I n our NFS ser ver pr epar at i on, we have copi ed al l CD s cont ent s i n / var / f t p/ r hl e4 and shar ed t hat di r ect or y. NFS Ser ver : 192. 168. 0. 254 RedHat Ent er pr i se Li nux Di r ect or y: / var / f t p/ r hel 4 I n NFS based I nst al l at i on, you shoul d gi ve t he shar ed pat h f or di r ect or y. I n ser ver / var / f t p/ r hel 4 di r ect or y i s shar ed.
We cr eat e t he mul t i pl e par t i t i ons i nt o t he si ngl e due t o t he per f or mance, secur i t y, quot a et c r easons. Gener al l y RH302
Leading the way in IT testing and certification tools, www.testking.com
- 38 - RHEL 4 r equi r ed onl y t wo t ypes of par t i t i ons one i s Li nux nat i ve and anot her i s swap, but as per st andar di zat i on, you shoul d cr eat e t he mul t i pl e par t i t i ons. t o i nst al l t he RHEL wi t h st andar di zat i on, you need t o cr eat e t he f ol l owi ng par t i t i ons. / Li nux Root di r ect or y / boot Li nux Ker nel and Boot r el at ed f i l es. / usr Cont ai ns t he User commands and Admi ni st r at i ve commands wi t h sub di r ect or y / var Log f i l es, spool i ng f i l es, def aul t cache di r ect or y / home User s Home Di r ect or y / opt Opt i onal Di r ect or y f or Thi r d par t y Pr oduct s / t mp Di r ect or y f or Tempor ar y f i l es and di r ect or y / r oot r oot s home di r ect or y You can t separ at e t he f ol l owi ng di r ect or i es wi t h / / et c, / l i b, / bi n, / sbi n, / dev/ Af t er Cr eat i ng t he par t i t i ons, sel ect t he pl ace f or boot l oader ei t her i n MBR ( Mast er Boot Recor d) or i n Fi r st Sect or of Boot par t i t i on. MBR ( Mast er Boot Recor d) i s t he speci al ar ea i n Fi r st Har d Di sk, whi ch cont ai ns t he execut abl e code t o l oad t he OS f r omt he Syst em. I t wi l l ask f or t he Fi r ewal l and SELi nux f eat ur e. I n Your RHCE exam, di sabl e t he f i r ewal l and SELi nux. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 39 - r oot cal l ed t he super user i n Li nux syst em i s cr eat ed aut omat i cal l y at i nst al l at i on t i me, set t he passwor d f or r oot user . Sel ect t he packages r equi r e t o you When you get t he package sel ect i on di al og some def aul t packages ar e sel ect ed, i f you r equi r e ot her t hen def aul t packages sel ect cust om packages sel ect i on opt i on t hen sel ect t he packages r equi r ed t o you. Af t er Fi ni shi ng t he I nst al l at i on, you wi l l get t he i nst al l . l og, i nst al l . l og. sys and anaconda- ks. cf g f i l e i n r oot s home di r ect or y. i nst al l . l og and i nst al l . l og. sys f i l es ar e col l ed l og f i l es cr eat ed at i nst al l at i on t i me and anaconda- ks. cf g i s t he sampl e ki ckst ar t conf i gur at i on f i l e. Kickstart Installation: I n Pr evi ous I descr i bed about t he di f f er ent t ypes of i nst al l at i on. You have t o wai t i n mor e t i me t o i nst al l onl y on one machi ne. Suppose now you have t o i nst al l wi t hi n 50 machi nes how much t i me wi l l t o spend ! ! ! and anot her advant age i s cust omi zat i on i n Li nux syst em at i nst al l at i on t i me. Yes Ki ckst ar t i s t he met hod, whi ch cr eat es t he answer f i l e t o i nst al l t he Li nux. When you st ar t t o i nst al l at i on you shoul d speci f y t he answer f i l e name and l ocat i on. Li nux wi l l i nst al l by r eadi ng t hat answer f i l e. Preparing Kickstart Installation: When you i nst al l Redhat Ent er pr i se Li nux, i t cr eat es t he anaconda- ks. cf g f i l e, whi ch i s cal l ed ki ckst ar t sampl e RH302
Leading the way in IT testing and certification tools, www.testking.com
- 40 - f i l e. I f you can modi f y t hat f i l e, modi f y as per your needs anot her way you have by usi ng t he GUI based ki ckst ar t i nst al l at i on f i l e pr epar at i on. # syst em- conf i g- ki ckst ar t
Sel ect opt i ons as per your needs and save i nt o f i l e. Here is the sample output of Kickstart Installation file: #Gener at ed by Ki ckst ar t Conf i gur at or #pl at f or m=x86, AMD64, or I nt el EM64T
#Syst em l anguage l ang en_US #Language modul es t o i nst al l RH302
Leading the way in IT testing and certification tools, www.testking.com
- 41 - l angsuppor t en_US #Syst emkeyboar d keyboar d us #Syst emmouse mouse #Syt emt i mezone t i mezone Asi a/ Kat mandu #Root passwor d r oot pw - - i scr ypt ed $1$YNZXHr UK$nI I l W5J 5Yci bwI cj wgcDM0 #Reboot af t er i nst al l at i on r eboot #I nst al l OS i nst ead of upgr ade i nst al l #Use Web i nst al l at i on ur l - - ur l f t p: / / 192. 168. 0. 75/ pub #Syst emboot l oader conf i gur at i on boot l oader - - l ocat i on=mbr #Cl ear t he Mast er Boot Recor d zer ombr yes #Par t i t i on cl ear i ng i nf or mat i on cl ear par t - - al l - - i ni t l abel #Di sk par t i t i oni ng i nf or mat i on par t / - - f st ype ext 3 - - si ze 1000 par t / boot - - f st ype ext 3 - - si ze 500 par t / home - - f st ype ext 3 - - si ze 1000 par t / var - - f st ype ext 3 - - si ze 1000 par t / usr - - f st ype ext 3 - - si ze 6000 par t swap - - si ze 256 #Syst emaut hor i zat i on i nf omat i on aut h - - useshadow - - enabl emd5 RH302
Leading the way in IT testing and certification tools, www.testking.com
- 42 - #Net wor k i nf or mat i on net wor k - - boot pr ot o=dhcp - - devi ce=et h0 #Fi r ewal l conf i gur at i on f i r ewal l - - di sabl ed #XWi ndows conf i gur at i on i nf or mat i on xconf i g - - dept h=32 - - r esol ut i on=800x600 - - def aul t deskt op=GNOME #Package i nst al l i nf or mat i on %packages - - r esol vedeps @base- x @gnome- deskt op @edi t or s @gr aphi cal - i nt er net @t ext - i nt er net @of f i ce @ser ver - cf g @web- ser ver @mai l - ser ver @smb- ser ver @dns- ser ver @f t p- ser ver @net wor k- ser ver @admi n- t ool s @syst em- t ool s @pr i nt i ng %post user add st udent passwd - d st udent
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 43 - Ther e ar e opt i ons, package sel ect i on, Post i nst al l at i on and Pr e- i nst al l at i on. I n Package sel ect i on i t wi l l l i st al l sel ect ed packages by gr oup name wi t h st ar t i ng @, si mi l ar l y, %pr e sect i on i s used t o wr i t e t he scr i pt s t o execut e bef or e st ar t i ng t he I nst al l at i on and %post sect i on i s used t o wr i t e t he scr i pt s t o execut e af t er i nst al l at i on. Suppose af t er i nst al l at i on i n my cl ass r oom, I want t o cr eat e one user named st udent wi t h bl ank passwor d on each and ever y machi ne. So I wr ot e user add and passwd command.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 44 - Starting Installation through Kickstart Af t er cr eat i ng t he Ki ckst ar t i nst al l at i on f i l e, ei t her copy i n f l oppy or usb di sk or copy on some di r ect or y shar e t hr ough NFS or make accessi bl e t hr ough f t p or ht t p
I f you woul d l i ke t o st ar t t he i nst al l at i on t hr ough Ki ckst ar t answer f i l e copi ed i n Fl oppy Di sk.
boot : l i nux ks=f l oppy I f you' r e boot i ng f r omt he Red Hat i nst al l at i on CD- ROM, you can st i l l r ef er t o a Ki ckst ar t conf i gur at i on f i l e on a f l oppy di sk wi t h t he f ol l owi ng command: boot : l i nux ks=hd: f d0: / ks. cf g Thi s assumes t he Ki ckst ar t conf i gur at i on f i l e i s cal l ed ks. cf g and i s l ocat ed on t he f i r st f l oppy di sk on your PC. Al t er nat i vel y, you can r ef er t o t he Ki ckst ar t conf i gur at i on f i l e on a har d di sk wi t h t hi s command: boot : l i nux ks=hd: hda2: / home/ mj / ks. cf g Thi s assumes t he Ki ckst ar t conf i gur at i on f i l e i s cal l ed ks. cf g and i s l ocat ed on t he second par t i t i on of t he f i r st I DE dr i ve i n t he / home/ mj di r ect or y. The synt ax of t hi s command cer t ai nl y l ooks st r ange; i t ' s been updat ed f or Red Hat Li nux 9 and RHEL 3. You don' t need t o get a Ki ckst ar t f i l e f r om a DHCP ser ver . To boot f r om a speci f i c NFS or HTTP ser ver on t he net wor k, RH302
Leading the way in IT testing and certification tools, www.testking.com
- 45 - say wi t h an I P addr ess of 192. 168. 0. 254, f r om t he / ki cks/ ks. cf g f i l e, t ype one of t he f ol l owi ng commands: boot : l i nux ks=nf s: 192. 168. 0. 254: / ki cks/ ks. cf g boot : l i nux ks=ht t p: 192. 168. 0. 254: / ki cks/ ks. cf g However , even i f you' ve speci f i ed a st at i c I P addr ess i n ks. cf g, t hi s i nst al l at i on l ooks f or I P addr ess i nf or mat i on f r oma DHCP ser ver . I f not f ound, Anaconda cont i nues wi t h a st andar d i nst al l at i on, not usi ng t he Ki ckst ar t f i l e.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 46 - Linux System Initialization:
When power on t he syst em f i r st i t per f or m t he POST ( Power on Sel f Test ) , t hen BI OS wi l l i ni t i al i ze. BI OS i ni t i al i ze t he devi ces and sel ect t he boot pr i or i t y devi ce. BI OS execut es t he I PL ( I ni t i al Pr ogr am Locat or ) t o execut e t he Boot l oader f r omMBR t o l oad Oper at i ng Syst em. I n RHEL 4 GRUB ( Gr and Uni f i ed Boot Loader ) i s t he st andar d as wel l as def aul t boot l oader . / boot di r ect or y cont ai ns t he ker nel , I ni t i al r amdi sks f i l e and boot l oader conf i gur at i on f i l e. / boot / gr ub/ gr ub. conf i s t he mai n conf i gur at i on f i l e f or gr ub boot l oader . / boot / gr ub/ gr ub. conf s Symbol i c l i nk i s cr eat ed i n / et c/ gr ub. conf . GRUB i s t he most usef ul and mor e f l exi bl e boot l oader i n Li nux, whi ch suppor t f or MD5 encr ypt ed passwor ds as wel l as pr ovi des t he command pr ompt t o modi f y or edi t t he boot l oader par amet er . For mor e det ai l s of boot l oader commands and ot her shor t cut s see on t he gr ub di spl ay scr een. i . e c f or command, e f or edi t and a f or append. POST BIOS Bootloader Kernel Init RH302
Leading the way in IT testing and certification tools, www.testking.com
- 47 -
I expl ai n how t o wor k wi t h gr ub command pr ompt at boot t i me i n t r oubl eshoot i ng sect i ons.
Her e i s t he sampl e conf i gur at i on of gr ub boot l oader . def aul t =0 : Thi s l i ne def i ne t o make def aul t OS 0 means Fi r st Ti t l e wi l l be t he def aul t OS
t i meout =5 : Thi s l i ne def i ne t he t i me t o l oad t he def aul t OS
spl ashi mage=( hd0, 0) / gr ub/ spl ash. xpm. gz : Thi s l i ne def i ne t he pat h and f i l ename of spl ash i mage. By def aul t Spl ash I mage i s i n / boot / gr ub/ spl ash. xpm. gz. ( hd0, 0) means f i r st par t i t i on of f i r st har d di sk. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 48 -
hi ddenmenu : Thi s l i ne def i ne whet her hi dden t he t i t l e menu or not .
t i t l e Red Hat Ent er pr i se Li nux WS ( 2. 6. 9- 5. EL) : Ti t l e of OS t o di spl ay on gr ub menu
r oot ( hd0, 0) : Assume t he boot par t i t i on as a r oot ( / )
ker nel / vml i nuz- 2. 6. 9- 5. EL r o r oot =LABEL=/ r hgb qui et : Pat h of Ker nel f i l e, mount i ng t he r oot ( / ) f i l e syst emas a Read onl y mode. r hgb qui et def i nes whet her st ar t t he X ser ver t o di spl ay pr ogr ess bar at boot t i me or not . i ni t r d / i ni t r d- 2. 6. 9- 5. EL. i mg : I ni t i al RAM di sk f i l e.
To i nst al l Gr ub Boot l oader : gr ub- i nst al l / dev/ hda : Whi ch i nst al l t he gr ub boot l oader on MBR. Pr ot ect i ng Boot l oader and Oper at i ng Syst em. I f anyone can access physi cal l y t he syst em, t hen can go f or t he si ngl e user mode f r om t he gr ub pr ompt and wi l l change t he passwor d. I s GRUB Secur e ? Not i ng i s 100% secur e, i t i s your r esponsi bi l i t y t o make secur e t he syst em. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 49 -
Grub in Edit Mode We can set passwor d f or passi ng ker nel ar gument and anot her i s t o boot t he oper at i ng syst em. You have choi ce whet her want t o ent er pl ai n t ext passwor d or encr ypt ed ! To encr ypt t he passwor d: #gr ub- md5- cr upt Ent er t he passwor d, i t wi l l di spl ay t he out put i n encr ypt ed f or mat . You can set ei t her encr ypt ed or pl ai n t ext passwor d. Def aul t =0 t i meout =5 spl ashi mage=( hd0, 0) / gr ub/ spl ash. xpm. gz RH302
Leading the way in IT testing and certification tools, www.testking.com
- 50 - #passwor d=r edhat : Set t i ng pl ai n t ext passwor d f or ker nel ar gument s passwor d - - md5 out put of gr ub- md5- cr ypt : - Set t i ng encr ypt ed passwor d f or passi ng ker nel ar gument . When user ent er t hi s passwor d onl y t hen can modi f y t he boot l oader par amet er s f r omgr ub pr ompt at boot t i me.
/ boot / gr ub/ spl ash. xpm. gz. hi ddenmenu t i t l e Red Hat Ent er pr i se Li nux WS ( 2. 6. 9- 5. EL) #passwor d=r edhat : Set t i ng OS l oad passwor d, when user t r y t o l oad Oper at i ng Syst em, i t wi l l ask f or t he passwor d, i f user wi l l gi ve cor r ect t hen onl y Oper at i ng Syst emwi l l l oad. passwor d - - md5 out put of gr ub- md5- cr ypt
r oot ( hd0, 0) ker nel / vml i nuz- 2. 6. 9- 5. EL r o r oot =LABEL=/ r hgb qui et i ni t r d / i ni t r d- 2. 6. 9- 5. EL. i mg : I ni t i al RAM di sk f i l e.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 51 -
When you sel ect t he Oper at i ng Syst em f r om Boot l oader , t hen ker nel of OS st ar t s t o boot t he syst em. Ker nel wi l l r ecogni ze t he devi ces connect ed on syst em, l oads modul es ( dr i ver ) t o r ecogni ze t he devi ces or t o suppor t ext r a f i l e syst ems. When Ker nel per f or m t hese t asks, i t wi l l hangover t o t he i ni t pr ogr am. I ni t i s t he most i mpor t pr ogr am i n Li nux Oper at i ng, whi ch per f or m non- TCP/ I P ser vi ces i n Li nux by r eadi ng t he conf i gur at i on f r om/ et c/ i ni t t ab.
Her e i s t he sampl e / et c/ i ni t t ab Conf i ur at i on f i l e: i d: 5: i ni t def aul t :
# Syst emi ni t i al i zat i on. si : : sysi ni t : / et c/ r c. d/ r c. sysi ni t
l 0: 0: wai t : / et c/ r c. d/ r c 0 l 1: 1: wai t : / et c/ r c. d/ r c 1 RH302
Leading the way in IT testing and certification tools, www.testking.com
- 52 - l 2: 2: wai t : / et c/ r c. d/ r c 2 l 3: 3: wai t : / et c/ r c. d/ r c 3 l 4: 4: wai t : / et c/ r c. d/ r c 4 l 5: 5: wai t : / et c/ r c. d/ r c 5 l 6: 6: wai t : / et c/ r c. d/ r c 6
# Tr ap CTRL- ALT- DELETE ca: : ct r l al t del : / sbi n/ shut down - t 3 - r now
# When our UPS t el l s us power has f ai l ed, assume we have a f ew mi nut es # of power l ef t . Schedul e a shut down f or 2 mi nut es f r om now. # Thi s does, of cour se, assume you have power d i nst al l ed and your # UPS connect ed and wor ki ng cor r ect l y. pf : : power f ai l : / sbi n/ shut down - f - h +2 " Power Fai l ur e; Syst emShut t i ng Down"
# I f power was r est or ed bef or e t he shut down ki cked i n, cancel i t . pr : 12345: power okwai t : / sbi n/ shut down - c " Power Rest or ed; Shut down Cancel l ed"
# Run get t ys i n st andar d r unl evel s 1: 2345: r espawn: / sbi n/ mi nget t y t t y1 2: 2345: r espawn: / sbi n/ mi nget t y t t y2 3: 2345: r espawn: / sbi n/ mi nget t y t t y3 4: 2345: r espawn: / sbi n/ mi nget t y t t y4 RH302
Leading the way in IT testing and certification tools, www.testking.com
- 53 - 5: 2345: r espawn: / sbi n/ mi nget t y t t y5 6: 2345: r espawn: / sbi n/ mi nget t y t t y6
# Run xdmi n r unl evel 5 x: 5: r espawn: / et c/ X11/ pr ef dm- nodaemon
Standard Run Level in Linux
0 - hal t 1, s , si ngl e - Si ngl e user mode 2 Mul t i user 3 - Ful l mul t i user mode 4 - unused 5 Mul t i user wi t h GUI ( Gr aphi cal User I nt er f ace) . 6 - r eboot
runlevel command di spl ays t he cur r ent and pr evi ous r unl evel . i ni t r unl evel changes t he r unl evel i n cur r ent sessi on.
i ni t pr ogr amr eads t he conf i gur at i on f r om/ et c/ i ni t t ab t o i dent i f y t he def aul t r unl evel as wel l as t o execut e t he r unl evel speci f i c scr i pt s.
id:5:initdefault: The above l i ne i n / et c/ i ni t t ab f i l e def i nes t he def aul t r unl evel t o boot syst em. I f you l ef t bl ank i n t he r unl evel val ue, Syst emwi l l boot i n r unl evel 9 t hat i s undef i ni ed.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 54 - I f you pass t he ot her r unl evel f r omboot l oader i t wi l l over r i de t o def aul t r unl evel speci f i ed i n / et c/ i ni t t ab. Exampl e: Pr ess a shor t cut s i n gr ub pr ompt and t ype t he r unl evel t o boot t he syst em. r o r oot =LABEL=/ r hgb qui et s
When you pass s ar gument s, syst emwi l l boot i n si ngl e user mode.
The bel ow l i nes def i nes t he Syst em I ni t i al i zat i on and r un l evel speci f i c scr i pt s. si : : sysi ni t : / et c/ r c. d/ r c. sysi ni t : Syst emI ni t i al i zat i on Scr i pt s, i ni t execut es f i r st r c. sysi ni t scr i pt s t o i ni t i al i ze t he syst em.
l 0: 0: wai t : / et c/ r c. d/ r c 0 : Runl evel speci f i c Scr i pt s f or r unl evel 0 l 1: 1: wai t : / et c/ r c. d/ r c 1 : Runl evel speci f i c Scr i pt s f or r unl evel 1
l 2: 2: wai t : / et c/ r c. d/ r c 2 : Runl evel speci f i c Scr i pt s f or r unl evel 2
l 3: 3: wai t : / et c/ r c. d/ r c 3 : Runl evel speci f i c Scr i pt s f or r unl evel 3
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 55 - l 4: 4: wai t : / et c/ r c. d/ r c 4 : Runl evel speci f i c Scr i pt s f or r unl evel 4
l 5: 5: wai t : / et c/ r c. d/ r c 5 : Runl evel speci f i c Scr i pt s f or r unl evel 5
l 6: 6: wai t : / et c/ r c. d/ r c 6 : Runl evel speci f i c Scr i pt s f or r unl evel 6 i ni t pr ogr am r eads t he / et c/ i ni t t ab f i l e and pr ovi des by def aul t 6 t er mi nal s f or Consol e Logi ns and One f or GUI Logi ns. 1: 2345: r espawn: / sbi n/ mi nget t y t t y1 2: 2345: r espawn: / sbi n/ mi nget t y t t y2 3: 2345: r espawn: / sbi n/ mi nget t y t t y3 4: 2345: r espawn: / sbi n/ mi nget t y t t y4 5: 2345: r espawn: / sbi n/ mi nget t y t t y5 6: 2345: r espawn: / sbi n/ mi nget t y t t y6 You can add mor e t er mi nal s i n / et c/ i ni t t ab f i l e 8: 2345: r espawn: / sbi n/ mi nget t y t t y8 Af t er wr i t i ng t hi s l i ne ei t her r eboot t he syst emor use t he init q command t o r e- exami ne t he / et c/ i ni t t ab f i l e.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 56 - Controlling Services: Daemon i s ser vi ce r uns on backgr ound and pr ovi des t he syst em ser vi ces. I n Redhat Ent er pr i se Li nux t wo t ypes of ser vi ces ar e avai l abl e. i. Standalone ii. Transient or controlled by xinetd St andal one ser vi ces ar e l ocat ed i n / et c/ i ni t . d. They can st ar t or st op wi t hout t he dependency of ot her ser vi ces. To check t he st at us of ser vi ces: # ser vi ce ser vi cename st at us To st ar t t he ser vi ce: # ser vi ce ser vi cename st ar t To r est ar t t he ser vi ce: #ser vi ce ser vi cename r est ar t To st op t he Ser vi ce # ser vi ce ser vi cename st op ser vi ce command st ar t or st op t he ser vi ce f or cur r ent sessi on. To st ar t or st op t he ser vi ce aut omat i cal l y at next r eboot , you shoul d set on or of f st at us usi ng chkconf i g or nt sysv or syst em- conf i g- ser vi ces command. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 57 - #chkconf i g - - l i st : Li st al l ser vi ces wi t h r unl evel speci f i c on or of f st at us. # chkconf i g ser vi cename on : Ser vi ce wi l l aut omat i cal l y st ar t on r eboot . #chkconf i g ser vi cename of f : Ser vi ce wi l l not st ar t on r eboot . #chkconf i g - - add ser vi cename : Ser vi ce wi l l add on ser vi ce l i st #chkconf i g - - del ser vi cename : Ser vi ce wi l l del et e f r om ser vi ce l i st . Anot her way of on or of f t he ser ve i s usi ng nt sysv t ool . When you ent er ed nt sysv command on consol e command, you wi l l get di al og l i ke, you can sel ect t he ser vi ce, whi ch you want st ar t at boot t i me and can de- sel ect t o do not st ar t at boot t i me. Dialog of ntsysv RH302
Leading the way in IT testing and certification tools, www.testking.com
- 58 -
i f you enj oy wor ki ng wi t h t he GUI ver si on t ool s t her e i s a t ool t o manage t o ser vi ce named syst em- conf i g- ser vi ce, usi ng t hi s di al og you can st ar t or st op or r est ar t t he ser vi ce f or cur r ent sessi on. As wel l as on or of f t he ser vi ce f or next boot . Dialog of system-config-service RH302
Leading the way in IT testing and certification tools, www.testking.com
- 59 -
Transient Service: Tr ansi ent ser vi ce al so backgr ound ser vi ce cont r ol l ed by xi net d super daemon. Al l t r ansi ent daemon wi l l r esi de i n / et c/ xi net d. d di r ect or y. Eg t el net , r l ogi n et c ar e cal l ed t r ansi ent daemon. To st ar t or st op t r ansi ent ser vi ce #chkconf i g t el net on or of f RH302
Leading the way in IT testing and certification tools, www.testking.com
- 60 - To l i st t he st at us of t r ansi ent daemon #chkconf i g l i st ser vi cename Af t er changi ng t he st at us of ever y t r ansi ent ser vi ces, you shoul d r est ar t t he xi net d ser vi ce. #ser vi ce xi net d r est ar t
Virtual File System / pr oc i s cal l ed t he vi r t ual f i l e syst em, whi ch f i l e syst em cr eat es at boot t i me and cl ean al l at shut down t i me. / pr oc cont ai ns l ot s of f i l es and subdi r ect or y 1 2039 2336 3021 buddyi nf o f s memi nf o sys 107 2059 2349 31 bus i de mi sc sysr q- t r i gger 1420 2093 2360 3130 cmdl i ne i nt er r upt s modul es sysvi pc 1421 21 2369 3132 cpui nf o i omem mount s t t y 1422 2161 2370 3164 cr ypt o i opor t s mt r r upt i me 1423 2171 2371 32 devi ces i r q net ver si on 1424 2183 2372 33 di skst at s kal l syms par t i t i ons vmst at 189 2261 2373 4 dma kcor e pci RH302
Leading the way in IT testing and certification tools, www.testking.com
- 61 - 2 2271 2374 5 dr i ver kmsg sel f 20 2281 2873 994 execdomai ns l oadavg sl abi nf o 2007 2307 3 acpi f b l ocks st at 2011 2326 30 asound f i l esyst ems mdst at swaps
Number s ar e cal l ed Pr ocess I D r unni ng on Cur r ent Sessi on cmdl i ne : Cont ai ns t he par amet er passed at boot t i me f or GRUB. cpui nf o : I nf or mat i on about CPU. devi ces : Al l Devi ces r ecogni zed by t he ker nel f i l esyst ems : Modul e l oaded t o suppor t f i l esyst em par t i t i ons : Al l par t i t i ons r ecor d cr eat ed i n your syst em mdst at : St at us of Sof t war e RAI D Devi ce swaps : Vi r t ual Memor y ( swap) modul es : Cur r ent l y Loaded modul es by ker nel i de : I nf or mat i on about I DE dr i ve scsi : I nf or mat i on about SCSI dr i ve Enabling IP Forwarding:
Li nux Syst em can use as a Rout er Box. Rout er hel ps f or i nt er - net wor k communi cat i on. To use t he Li nux Syst em as a Rout er , you shoul d enabl e t he I P For war di ng. # echo 1 >/ pr oc/ sys/ net / i pv4/ i p_f or war d
I f i p_f or war d s val ue i s 1, i t means enabl e I P For war di ng, i f 0 means di sabl e t he I P For war di ng. Modi f i cat i on of pr oc f i l esyst em i s f or cur r ent boot sessi on. When you change t he val ue i n / pr oc i t wi l l br i ngs RH302
Leading the way in IT testing and certification tools, www.testking.com
- 62 - r ecent l y changes i n ker nel . Means when you set t he i p_f or war d val ue t o 1, i t wi l l set onl y f or cur r ent sessi on. I f you want t o make aut omat i cal l y enabl e t he I P For war di ng on next boot t i me, net . i pv4. i p_f or war d = 1 shoul d set on / et c/ sysct l . conf
Controlling Modules:
Li nux Ker nl e l oads t he modul e t o suppor t har dwar e as wel l as some suppl ement ar y f i l e syst em. Gener al l y Modul es ar e r esi dent i n / l i b/ modul es/ <Ker nel Ver si on> Di r ect or y. At boot t i me t o r ecogni ze t he devi ce or t o suppor t t he suppl ement ar y f i l e syst eml oads t he modul es.
/ l i b/ modul es/ <Ker nel Ver si on>/ modul es. dep f i l e cont ai ns t he l i st of modul e dependenci es gener at ed by depmod command.
Command Description Lsmod Li st al l l oaded modul es modprobe Pr ogr am t o add or r emove modul es f r omLi nux Ker nel Depmod Gener at es t he modul e dependenci es f i l e Modinfo Di spl ays t he Modul e i nf or mat i on Insmod Pr ogr am I nser t t he modul e on Ker nel RH302
Leading the way in IT testing and certification tools, www.testking.com
- 63 - Rmmod Pr ogr am r emove t he modul e f r omKer nel
/ et c/ modpr obe. conf f i l es cont ai ns t he al i as t o modul e name , al i as name and par amet er s. Whi ch al i as wi l l cr eat e at Li nux boot t i me. See t he sampl e of / et c/ modpr obe. conf .
al i as et h0 8139t oo al i as snd- car d- 0 snd- i nt el 8x0 opt i ons snd- car d- 0 i ndex=0 i nst al l snd- i nt el 8x0 / sbi n/ modpr obe - - i gnor e- i nst al l snd- i nt el 8x0 && / usr / sbi n/ al sact l r est or e >/ dev/ nul l 2>&1 | | : r emove snd- i nt el 8x0 { / usr / sbi n/ al sact l st or e >/ dev/ nul l 2>&1 | | : ; }; / sbi n/ modpr obe - r - - i gnor e- r emove snd- i nt el 8x0 al i as usb- cont r ol l er ehci - hcd al i as usb- cont r ol l er 1 uhci - hcd
I n Fi r st l i ne of t he / et c/ modpr obe. conf cont ai ns t he al i as name et h0 wi t h modul e 8139t oo. User use t he devi ce by name et h0 ( Fi r st Et her net car d devi ce name) , but i t i s not act ual l y t he devi ce j ust al i as t o devi ce modul es.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 64 - Creating and Managing Partitions We di vi de t he Si ngl e l ar ge si ze di sk i nt o mul t i pl e par t i t i ons f or per f or mance, secur i t y and can i mpl ement t he quot as on i ndi vi dual f i l esyst em. Par t i t i ons can be ei t her pr i mar y or Logi cal . Pr i mar y par t i t i ons cont ai ns t he Oper at i ng Syst em s f i l e t o l oad t he OS and Logi cal par t i t i ons cr eat ed under t he ext ended par t i t i ons. Device Conventions: / dev/ hda : Pr i mar y Mast er / dev/ hdb : Pr i mar y Sl ave / dev/ hdc : Secondar y Mast er / dev/ hdd : Secondar y Sl ave Exampl e: / dev/ hda3 : Thi r d par t i t i on of Pr i mar y Har d di sk. / dev/ f d0 : Devi ce of Fi r st Fl oppy Di sk / dev/ sda : Fi r st SCSI Di sk You can cr eat e par t i t i on on har d di sk usi ng di f f er ent t ool s exampl e f di sk, sf di sk, GNU par t ed et c. Ther e i s l i mi t at i on of cr eat i ng t he par t i t i ons usi ng f di sk because you onl y abl e t o cr eat e t he maxi mum16 par t i t i ons. # f di sk l : Li st Al l par t i t i ons cr eat ed i n your Li nux Syst em # f di sk / dev/ hda : Ent er i nt o t he f di sk mode RH302
Leading the way in IT testing and certification tools, www.testking.com
- 65 -
you can use t he m shor t cut t o di spl ay al l avai l abl e opt i ons. Some i mpor t ant opt i on n : Cr eat e new Par t i t i on d : Del et e exi st i ng Par t i t i on t : Change Syst emI D Type q : Qui t wi t hout save w: Wr i t e and Save Cr eat e t he par t i t i on wi t h your desi r e si ze, Syst em I D t hen save and exi t f r om t he par t i t i ons. By def aul t par t i t i on wi l l cr eat e havi ng Li nux Nat i ve 83 Syst emI D. Li ke swap has 82 syst emI D, Rai d par t i t i ons has f d and LVM has 83 et c. So t o change t he Syst em I D as your r equi r e use t he t shor t cut and change. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 66 -
Creating Filesystem We have mkf s or mke2f s command t o cr eat e t he ext 2, ext 3 , vf at et c f i l e syst emi n Li nux. Synt ax : # mkf s t <f st ype> devi ce # mke2f s <opt i ons> devi ce Exampl e: # mkf s t ext 3 / dev/ hda8 Whi ch cr eat es t he ext 3 f i l esyst emon / dev/ hda8. Mounting Filesystem: Mount pr ocess br i ngs t he ext er nal devi ce or ot her devi ce as a hi er ar chy of Li nux Syst em. Bef or e accessi ng any ot her f i l esyst em, i t must br i ngs i n Li nux Fi l esyst em t r ee. Mount command br i ngs ot her f i l esyst emi n Li nux syst emt r ee. Synt ax: # mount t <f s t ype> - o opt i ons devi ce mount poi nt RH302
Leading the way in IT testing and certification tools, www.testking.com
- 67 - Fi l esyst emt ype can be ext 2, ext 3, vf at , i so9660 et c. When you mount wi t hout speci f yi ng any mount opt i ons, def aul t opt i ons be r w, sui d, exec, dev, aut o, nouser and async. Mount Opt i ons Opt i ons Descr i pt i on r w Mount on Read and Wr i t e mode sui d Mount wi t h SUI D bi t exec Can execut e f i l es on t hi s f i l esyst em aut o Aut omount nouser Ot her user can t unmount or r emount t he f i l esyst em async Mount on async mode You can use ot her opposi t e mount opt i ons r o, nosui d, noexec, nodev, noaut o, user and sysnc.
Exampl e: # mount t ext 3 o r o / dev/ hda16 / dat a # mount t i so9660 o r o / dev/ hdb / medi a/ cdr om When you mount t he f i l esyst emusi ng t he mount command, i t mount s onl y f or cur r ent sessi on onl y. To mount aut omat i cal l y at boot t i me, you need t o wr i t e i n / et c/ f st ab f i l e. At boot t i me r c. sysi ni t f i l e mount s al l f i l esyst em wr i t t en i n / et c/ f st ab. Pat t er n of / et c/ f st ab RH302
Leading the way in IT testing and certification tools, www.testking.com
- 68 - Devi ce mount poi nt f i el syst em mount opt i ons dump f r equency f sck or der Exampl e: / dev/ hda16 / dat a ext 3 def aul t s 0 1
Setting Label on device We can set t he l abel name on ext 2/ ext 3 f or mat t ed f i l esyst em usi ng e2l abl e command or at f i l esyst em cr eat i ng t i me usi ng l opt i on wi t h mke2f s command. One of t he benef i t s of set t i ng l abel i s t hat no need t o r emember t he devi ce name t o access j ust by l abel name can use t he devi ce. # e2l abel / dev/ hda16 / mydr i ve Now mount usi ng l abel Name # mount L / mydr i ve / dat a or # mount LABEL=/ mydr i ve / dat a Si mi l ar l y i n / et c/ f st ab al so f i l esyst emcan mount usi ng t he l abel name. Exampl e: LABEL=/ mydr i ve / dat a ext 3 def ul t s 0 0 RH302
Leading the way in IT testing and certification tools, www.testking.com
- 69 - Mounting Other Filesystem like NFS Devi ces ar e l ocal l y connect ed on t he syst em but you shoul d abl e t o mount t he NFS ( Net wor k Fi l e Ser vi ces) Shar e on your Local Syst em. showmount command hel ps t o di spl ay al l shar ed di r ect or y f r omt he par t i cul ar syst em. # showmount e ser ver # mount t nf s ser ver : / pat h mount poi nt I t wi l l mount t he nf s shar e f or t he cur r ent sessi on. I f you woul d l i ke t o mount t he nf s shar e aut omat i cal l y at boot t i me t her e i s f st ab f i l e. Whi ch hel ps t o mount t he f i l esyst emaut omat i cal l y at boot t i me. Syntax of fstab file: Device mount point filesystem mounting options dump frequency fsck order Exampl e: ser ver 1. exampl e. com: / dat a / dat a nf s def aul t s 0 0 : I t wi l l mount t he di r ect or y / dat a shar ed f r om ser ver 1. exampl e. comi nt o l ocal di r ect or y / dat a. Samba Client: NFS ser vi ce i s used t o shar e t he r esour ces bet ween t he Li nux or Uni x envi r onment . I f you Mi cr osof t Wi ndows and Li nux, t o access t he r esour ces you r equi r e t he samba. Samba Cl i ent i s t he t ool use t he access t he wi ndows shar e i n Li nux. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 70 - # smbl ci ent L / / wi ndows1 U user name : Li st al l shar e f r om wi ndows1 # smbcl i ent / / wi ndows1/ t est U user name : Connect t o shar ed di r ect or y t est t o downl oad or upl oad f i l es # smbmount - o user name=user 1 / / wi ndows1/ t est / mnt / samba : Mount s t he t est di r ect or y of wi ndows1 syst em i nt o samba di r ect or y i n / mnt . # smbumount / mnt / samba : Unmount s t he samba mount ed on / mnt / samba # mount t smb o user name=user 1 / / wi ndows1/ t est / mnt / samba : Mount s t he t est di r ect or y of wi ndows1 syst em i nt o samba di r ect or y i n / mnt . # umount / mnt / samba : Unmount t he samba mount ed on / mnt / samba RH302
Leading the way in IT testing and certification tools, www.testking.com
- 71 - Network Configuration Li nux Syst em Recogni ze t he Net wor k devi ces et h0, et h1 et c f or Fi r st Et her net car d, t r 0, t r 1 et c f or Token Ri ng and f ddi 0, f ddi 1 et c f or FDDI I nt er f ace. To r ecogni ze al l t hese net wor k devi ces ker nel l oads t he Modul es f r om/ l i b/ modul es di r ect or y. /etc/sysconfig/network f i l e i s cal l ed t he gl obal net wor k conf i gur at i on f i l e cont ai ns gl obal par amet er f or net wor k conf i gur at i on. NETWORKI NG=yes | no HOSTNAME=st at i on?. exampl e. com GATEWAY=X. X. X. X NI SDOMAI N=exampl e. com To enabl e t he net wor k on you syst em val ue of NETWORKI NG shoul d be yes. Some ser vi ces ar e dependabl e on t hi s par amet er , whi ch r equi r ed NETWORKI NG=yes. Ther e i s hostname command, whi ch pr i nt s or set t he host name f or cur r ent sessi on but t o set t he host name per manent l y on your syst em, you shoul d speci f y t he host name i n HOSTNAME= par amet er . GATEWAY par amet er def i nes t he gl obal def aul t gat eway and l ast one i s NI SDOMAI N, whi ch def i nes t he domai n f or NI S. / et c/ sysconf i g/ net wor k- scr i pt s/ i f cf g- et h? Fi l e i s cal l ed t he i nt er f ace speci f i c f i l e use t o conf i gur e t he speci f i c RH302
Leading the way in IT testing and certification tools, www.testking.com
- 72 - i nt er f ace. Gener al l y i nt er f ace speci f i c f i l e cont ai ns f ol l owi ng par amet er s: DEVI CE=devi cename ONBOOT=yes | no BOOTPROTO=st at i c | dhcp I PADDR=X. X. X. X NETMASK=X. X. X. X GATEWAY=X. X. X. X Devi ce par amet er def i ne t he devi ce name of conf i gur at i on t hat i s same as i f cf g- et h?. Onboot par amet er def i nes whet her br i ng up i nt er f ace aut omat i cal l y at boot t i me or not . I f you set yes, i t wi l l enabl e t he I nt er f ace at boot t i me ot her wi se you shoul d manual l y st ar t t he i nt er f ace. Boot pr ot o def i ne t he boot pr ot ocol ei t her st at i c or dhcp. I f you use st at i c, you shoul d assi gn t he I P Addr ess, Subnet mask manual l y and i f you set dhcp, i p addr ess, net mask and ot her i nf or mat i on wi l l assi gn by DHCP ser ver . GATEWAY i s t he i nt er f ace speci f i c Gat eway par amet er , whi ch over r i des t he gl obal gat eway par amet er . #i f conf i g : Command used t o di spl ay t he i nf or mat i on about i nt er f ace connect ed i nt o t he syst em. # i f down et h0 : Whi ch downs t he i nt er f ace # i f up et h0 : whi ch br i ngs up t he i nt er f ace RH302
Leading the way in IT testing and certification tools, www.testking.com
- 73 - Whenever you change t he conf i gur at i on of / et c/ sysconf i g/ net wor k f i l e, you shoul d r est ar t t he net wor k ser vi ce. Si mi l ar l y af t er changi ng t he conf i gur at i on of i nt er f ace shoul d down and up once. Assigning Multiple IP Address on Interface For Rout i ng you can assi gn mul t i pl e I P Addr esses on same I nt er f ace. On One Physi cal I nt er f ace we can assi gn upt o 256 I P Addr esses. # vi / et c/ sysconf i g/ net wor k- scr i pt s/ i f cf g- et h0: 0 I PADDR=x. x. x. x NETMASK=x. x. x. x # i f down et h0 #i f up et h0 I f you want t o assi gn mor e I P Addr ess by r ange # vi / et c/ sysconf i g/ net wor k- scr i pt s/ i f cf g- et h0- r angeX I PADDR_START=x. x. x. x I PADDR_END=x. x. x. x CLONENUM=x #i f down et h0 #i f up et h0 RH302
Leading the way in IT testing and certification tools, www.testking.com
- 74 - Now, you can ver i f y usi ng i f conf i g command. Ther e i s one consol e based t ool t o conf i gur e i s net conf i g. You can assi gn I P Addr ess, Net mask, Gat eway and DNS ser ver usi ng net conf i g t ool .
I f you enj oy wor ki ng wi t h Redhat s GUI Envi r onment , t her e i s anot her t ool s t o conf i gur e Net wor k: syst em- conf i g- net wor k
Working with routing Table You can conf i gur e t he r out i ng t abl e t o di st r i but e t he r out i ng pat h. I f you ar e usi ng t he Li nux as a Rout er box, you shoul d mai nt ai n t he r out i ng t abl e. #r out e n or net st at r n command pr i nt s r out i ng t abl e conf i gur ed i n Li nux Syst em. # r out e add - net 192. 168. 1. 0 255. 255. 255. 0 gw ser ver 1. exampl e. com : Whi ch adds i n t he r out i ng t abl e t hat RH302
Leading the way in IT testing and certification tools, www.testking.com
- 75 - packet s f or 192. 168. 1. 0 net wor k shoul d go t hr ough ser ver 1. exampl e. com. # r out e add - net 192. 168. 5. 0 255. 255. 255. 0 dev et h1 : Packet s t o 192. 168. 5. 0 net wor k shoul d go t hr ough et h1 devi ce. Static Routing: St at i c r out e set on per - i nt er f ace basi s . To cr eat e t he st at i c r out e # vi / et c/ sysconf i g/ net wor k- scr i pt s/ et h?. r out e ADDRESS0=x. x. x. x NETMASK0=x. x. x. x GATEWAY0=x. x. x. x Addr ess and net mask par amet er r epr esent s t he addr ess of r emot e net wor k and subnet mask. Gat eway par amet er def i ne t he pat h t o r each on r emot e net wor k.
DNS Client Configuration DNS ( Domai n Name Ser ver ) Resol ve Name t o I P and I P t o Name as wel l DNS def i nes t he Mai l Exchanger f or t he par t i cul ar Domai n. When user t r y t o access by name r equest goes t o DNS ser ver t o r esol ve t han name t o I P Addr ess because syst em al ways wor ks on Logi cal Addr ess. So we can speci f y t he DNS ser ver i n / et c/ r esol v. conf f i l e. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 76 - Exampl e: / et c/ r esol v. conf nameser ver x. x. x. x nameser ver x. x. x. x # host www. abc. com host command sends r equest t o DNS ser ver t o r esol ve www. abc. com and di spl ays t he I P Addr ess associ at e wi t h www. abc. com #di g www. abc. com di g command sends r equest s t o DNS ser ver t o r esol ve www. abc. com and di spl ays t he I P Addr ess associ at e wi t h www. abc. com. #nsl ookup www. t heexamki ng. com nsl ookup al so DNS cl i ent t ool , whi ch sends t he r equest t o DNS ser ver t o r esol ve i nt o I P Addr ess.
Package Management The RedHat Package Manager ( RPM) pr ovi des t he st andar d way of managi ng t he package on Ent er pr i se Li nux. Usi ng RedHat Package Manager , we can i nst al l , upgr ade, r emove t he gr oups of appl i cat i ons or ut i l i t i es. Gener al l y we need t o check t he i nt egr i t y of package, i nst al l , upgr ade, r emove et c. RPM package manager mai nt ai ns t he l ocal r pm dat abase i n / var / l i b/ r pm di r ect or y. When you sends t he quer i es r egar di ng t he package ei t her i nst al l ed or not , i nst al l ed ver si on, al l i nst al l ed package, i nt egr i t y of package, i t wi l l check i n l ocal dat abase. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 77 - Querying the Package #rpm -q setup set up- 2. 5. 27- 1 When you quer y f or speci f i c package i f package i s i nst al l ed on syst emi t wi l l di spl ay wi t h package ver si on and f ul l name f r omt he l ocal RPM dat abase.
Querying and list All Installed Package # rpm qa
Checki ng t he owner package [ r oot @exampl e ~] # r pm- qf / bi n/ echo cor eut i l s- 5. 2. 1- 31 To i nst al l t he package: # r pm- i vh packagename Wher e i means i nst al l , v means ver bose and h means di spl ay t he hash mar k of pr ogr ess. To Upgr ade Package # r pm- Uvh packagename Wher e U means upgr ade i f l ower ver si on i s i nst al l ed el se i nst al l ed new copy, v and h ver bose and hash mar k. When you upgr ade t he package, conf i gur at i on f i l e of ol d package i s r enamed by addi ng t he . r pmsave ext ensi on.
# r pm- Fvh packagename RH302
Leading the way in IT testing and certification tools, www.testking.com
- 78 - Wher e F means Upgr ade package i f l ower ver si on i s i nst al l ed onl y, v means ver bose and h means di spl ay t he hash mar k.
To quer y t he i nf or mat i on of package # r pmqi packagename To Li st al l f i l es bel ongs t o package # r pmql packagename
When you i nst al l t he package package s r ecor d wi l l mai nt ai n i n l ocal dat abase / var / l i b/ r pm. Lat er you can ver i f y t he si ze, owner , per mi ssi on, MD5 sumand modi f y t i me agai nst t he RPM dat abase. # r pmV or - - ver i f y packagename Exampl e: [ r oot @exampl e ~] # r pm- V ht t pd S. 5. . . . T c / et c/ ht t pd/ conf / ht t pd. conf
Ther e ar e some out put r egar di ng t he ver i f i cat i on. Whi l e ver i f yi ng t he package you can get t he f ol l owi ng char act er s:
S Fi l e Si ze di f f er s M Mode di f f er s ( i ncl udes per mi ssi ons and f i l e t ype) 5 MD5 sumdi f f er s D Devi ce maj or / mi nor number mi smat ch RH302
Leading the way in IT testing and certification tools, www.testking.com
- 79 - L r eadLi nk( 2) pat h mi smat ch U User owner shi p di f f er s G Gr oup owner shi p di f f er s T mTi me di f f er s When you use t he Redhat di st r i but ed Redhat Ent er pr i se Li nux, Redhat si ngs al l package f i l e wi t h t he GPG pr i vat e si gnat ur e. You can get one f i l e name RPM- GPG- KEY f i l e cont ai ni ng t he si gnat ur e of al l packages. Fi r st you shoul d i mpor t t hat key i nt o your l ocal dat abase t hen bef or e i nst al l i ng any package you can ver i f y t he i nt egr i t y of package. # r pm- - i mpor t RPM- GPG- KEY # r pm- - checksi g packagename RPM Dependencies Resolution When you t r y t o i nst al l t he new package, i t di spl ay t he messages of dependenci es. I t t akes l ong t i me by i dent i f yi ng and i nst al l t he dependenci es packages. Ther e one opt i ons - - ai d whi ch aut omat i c r esol v t he dependenci es. # r pm- i vh - - ai d packagename Installing Package using Package Management tool Ther e i s one gr aphi cal package management t ool t o manage t he package. # syst em- conf i g- packages RH302
Leading the way in IT testing and certification tools, www.testking.com
- 80 -
When you open t hi s di al og i t checks t he backup of al l package f r om t he l ocal cd. I f you want t o speci f y al t er nat i ve l ocat i on. # syst em- conf i g- packages - - t r ee=f t p: / / ser ver 1. exampl e. com/ pub #syst em- conf i g- packages - - t r ee=ht t p: / / ser ver 1. exampl e. com/ r hel 4 #syst em- conf i g- packages - - t r ee=/ backup
Installing Kernel RH302
Leading the way in IT testing and certification tools, www.testking.com
- 81 - Ker nel cal l ed t he cor e of Oper at i ng Syst em. You shoul d abl e t o i nst al l , uni nst al l t he ker nel pr ovi ded i n r pm f or mat . You shoul d t hi nk one caut i on bef or e upgr adi ng t he ker nel . When you upgr ade i t r emoves t he l ower ver si on of ker nel . Suppose i f any har dwar e woul dn t suppor t by your new ker nel what wi l l happen ?? Needs t o r e- i nst al l . So bet t er i n case of ker nel , i nst al l new ker nel , check ever y per f or mance, har dwar e suppor t of new ker nel and r emove manual l y ol d ver si on of ker nel . # r pmi vh ker nel - ver si on When you i nst al l new ker nel r ecor d wi l l aut omat i cal l y add i n boot l oader conf i gur at i on f i l e. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 82 - User and Group Administration When you l ogi n t o t he syst em needs t o suppl y your i dent i t y t o t he syst em t hat i s cal l ed t he user . One user can bel ong t o mor e gr oups, gr oup i s t he r epr esent at i ve name of user s. / et c/ passwd f i l e i s cal l ed t he user dat abase f i l e, whi ch mai nt ai ns t he r ecor d of al l cr eat ed user s. / et c/ shadow f i l e cont ai ns t he MD5 encr ypt ed user s passwor d. See the example: r oot : x: 0: 0: r oot : / r oot : / bi n/ bash bi n: x: 1: 1: bi n: / bi n: / sbi n/ nol ogi n daemon: x: 2: 2: daemon: / sbi n: / sbi n/ nol ogi n adm: x: 3: 4: adm: / var / adm: / sbi n/ nol ogi n l p: x: 4: 7: l p: / var / spool / l pd: / sbi n/ nol ogi n sync: x: 5: 0: sync: / sbi n: / bi n/ sync shut down: x: 6: 0: shut down: / sbi n: / sbi n/ shut down hal t : x: 7: 0: hal t : / sbi n: / sbi n/ hal t mai l : x: 8: 12: mai l : / var / spool / mai l : / sbi n/ nol ogi n news: x: 9: 13: news: / et c/ news: uucp: x: 10: 14: uucp: / var / spool / uucp: / sbi n/ nol ogi n oper at or : x: 11: 0: oper at or : / r oot : / sbi n/ nol ogi n games: x: 12: 100: games: / usr / games: / sbi n/ nol ogi n Pat t er n of / et c/ passwd f i l e i s l ogi nname: passwor d: UI D: GI D: comment : home di r ect or y: l ogi n shel l Si mi l ar l y user s encr ypt ed passwor d st or es i n / et c/ shadow f i l e RH302
Leading the way in IT testing and certification tools, www.testking.com
- 83 - r oot : $1$pPOCmMEL$GpUuTt SZUcFh0QQnbr NyS0: 13352: 0: 99999: 7: : : bi n: *: 13345: 0: 99999: 7: : : daemon: *: 13345: 0: 99999: 7: : : adm: *: 13345: 0: 99999: 7: : : l p: *: 13345: 0: 99999: 7: : : sync: *: 13345: 0: 99999: 7: : : shut down: *: 13345: 0: 99999: 7: : : hal t : *: 13345: 0: 99999: 7: : : I n Redhat Ent er pr i se Li nux, when you cr eat e t he user at same t i me gr oup al so cr eat ed wi t h t he same user name. That gr oup i s cal l ed t he user s pr i vat e gr oup. When you cr eat e ei t her User or Gr oup, syst ems wi l l assi gn a new uni que I D cal l ed User I D and Gr oup I D. Al l cr eat ed gr oup i nf or mat i on st or es i n / et c/ gr oup f i l e. r oot : x: 0: r oot bi n: x: 1: r oot , bi n, daemon daemon: x: 2: r oot , bi n, daemon sys: x: 3: r oot , bi n, adm adm: x: 4: r oot , adm, daemon t t y: x: 5: RH302
Leading the way in IT testing and certification tools, www.testking.com
- 84 - di sk: x: 6: r oot l p: x: 7: daemon, l p mem: x: 8: kmem: x: 9: wheel : x: 10: r oot mai l : x: 12: mai l news: x: 13: news uucp: x: 14: uucp man: x: 15: games: x: 20: gopher : x: 30: di p: x: 40: Command Description Id Di spl ays user and Gr oup I D Groups Di spl ays al l bel ongs gr oup name and I D whoami Di spl ays Logon name w, who , users Di spl ays al l l ogged on user s name Useradd Adds t he user on Syst em Userdel Del et es t he user f r omsyst em groupadd Adds t he gr oup on Syst em groupdel Del et es t he gr oup f r omSyst em RH302
Leading the way in IT testing and certification tools, www.testking.com
- 85 - Passwd Changes t he passwor d of user Exampl e: # user add user 1 # passwd user 1 #gr oupadd t r ai ni ng #gr oupdel t r ai ni ng When you cr eat e t he user named user 1, syst em adds t he r ecor d i n / et c/ passwd f i l e, / et c/ shadow f i l e, / et c/ gr oup f i l e, / var / spool / mai l / user 1 f i l e as wel l as cr eat es t he home di r ect or y. By def aul t i t cr eat es same gr oup name wi t h user cr at es and make bel ongs t hat user pr i mar i l y t o t hat gr oup. Gener al l y pr i mar y gr oup i s used t o def i ne t he owner shi p ei t her f i l e/ di r ect or y or pr ocess gr oup owner wi l l be t he pr i mar y gr oup of t he user but suppl ement ar y gr oup i s used t o access t he r esour ces. I n Li nux Ever y f i l e or di r ect or y i s owned by some user or some gr oup. As wel l as per mi ssi on al so def i ned t o owner user , owner gr oup member and ot her s. - r w- r - - r - - 1 user 1 admi n 5 J ul 26 14: 46 r hce See second, t hi r d and f our t h char act er r epr esent s t he per mi ssi on t o owner user user 1. Fi f t h, Si xt h and Sevent h r epr esent s per mi ssi on t o admi n gr oup member . Ei ght , ni ne RH302
Leading the way in IT testing and certification tools, www.testking.com
- 86 - and t ent h char act er s r epr esent s t he per mi ssi on t o ot her s. Her e ot her s means nei t her owner user nor owner gr oup member t hese ar e cal l ed ot her s. Modifying User Accounts user mod command hel ps t modi f y t he user account s. By def aul t user s home di r ect or y cr eat es i n / home, passwor d never expi r e, nor mal user s user i d st ar t t o assi gn f r om500 et c. Thi s def aul t pr oper t i es r eads f r om / et c/ def aul t / user add and / et c/ l ogi n. def s f i l e. When user cr eat e i n l i nux syst em, one gr oup wi l l cr eat e wi t h same user name and user makes bel ongs t o pr i mar i l y t o t hat gr oup. Synt ax: user mod [ opt i ons] user name Opt i ons Descr i pt i on Exampl e - s By def aul t bash assi gns t o ever y user i n RHEL 4. usi ng s opt i on i s user mod command you can change t he passwor d. user mod s / bi n/ sh user 1 - d By def aul t user s home di r ect or y cr eat es i n / home/ user name, usi ng d opt i on can change t he user s home di r ect or y. user mod d / r home/ user 1 user 1 - g By def aul t user bel ongs pr i mar i l y t o gr oup cr eat ed at user cr eat i ng t i me, usi ng g user mod g t r ai ni ng user 1 RH302
Leading the way in IT testing and certification tools, www.testking.com
- 87 - opt i on can change t he pr i mar y gr oup of user . - G Usi ng G opt i on we can make user bel ongs t o mor e t han one gr oup t o access per mi ssi on user mod G admi n user 1 - L Lock t he user account user mod L user 1 - U Unl ock t he user account user mod U user 1 - e Set t he account expi r e t i me user mod e dat e user 1 Setting password policies I n RHEL 4 passwor d i s never expi r e by def aul t as wel l as t her e i s no any f or ce t o change t he user s passwor d. When cr eat i ng user i n Li nux Syst em, i t r eads t he def aul t conf i gur at i on t o assi gn t o user s f r om / et c/ l ogi n. def s and / et c/ def aul t / user add f i l e. You can see on t hi s f i l e t hat passwor d i s never expi r e. Here is the default Configuration of /etc/login.defs # *REQUI RED* # Di r ect or y wher e mai l boxes r esi de, _or _ name of f i l e, r el at i ve t o t he # home di r ect or y. I f you _do_ def i ne bot h, MAI L_DI R t akes pr ecedence. # QMAI L_DI R i s f or Qmai l # #QMAI L_DI R Mai l di r RH302
Leading the way in IT testing and certification tools, www.testking.com
- 88 - MAI L_DI R / var / spool / mai l #MAI L_FI LE . mai l
# Passwor d agi ng cont r ol s: # # PASS_MAX_DAYS Maxi mumnumber of days a passwor d may be used. # PASS_MI N_DAYS Mi ni mumnumber of days al l owed bet ween passwor d changes. # PASS_MI N_LEN Mi ni mumaccept abl e passwor d l engt h. # PASS_WARN_AGE Number of days war ni ng gi ven bef or e a passwor d expi r es. # PASS_MAX_DAYS 99999 PASS_MI N_DAYS 0 PASS_MI N_LEN 5 PASS_WARN_AGE 7
# # Mi n/ max val ues f or aut omat i c ui d sel ect i on i n user add # UI D_MI N 500 RH302
Leading the way in IT testing and certification tools, www.testking.com
- 89 - UI D_MAX 60000
# # Mi n/ max val ues f or aut omat i c gi d sel ect i on i n gr oupadd # GI D_MI N 500 GI D_MAX 60000
# # I f def i ned, t hi s command i s r un when r emovi ng a user . # I t shoul d r emove any at / cr on/ pr i nt j obs et c. owned by # t he user t o be r emoved ( passed as t he f i r st ar gument ) . # #USERDEL_CMD / usr / sbi n/ user del _l ocal
# # I f user add shoul d cr eat e home di r ect or i es f or user s by def aul t # On RH syst ems, we do. Thi s opt i on i s ORed wi t h t he - mf l ag on # user add command l i ne. # RH302
Leading the way in IT testing and certification tools, www.testking.com
- 90 - Syt ax: chage [ opt i ons] user Opt i ons Descr i pt i on Exampl e - M Maxi mum number of days a passwor d may be used Chage M 20 user 1 - m Mi ni mum number of days al l owed bet ween passwor d changes. Chage m10 user 1 - W Number of days war ni ng gi ven bef or e a passwor d expi r es. Chage W5 user 1 - I Number of days account shoul d i nact i ve bef or e passwor d expi r es. Chage I 2 user 1 Redhat User and Group Manager I f enj oy on wor ki ng wi t h t he Redhat s User and Gr oup Manager , you can use t he GUI Ver si on of t hi s t ool t o cr eat e, del et e, modi f y t he user account s. Cl i ck Appl i cat i ons Syst emSet t i ngs User and Gr oup RH302
Leading the way in IT testing and certification tools, www.testking.com
- 91 -
Changing Ownership Ever y r esour ces ar e owned by one par t i cul ar user as wel l as user s pr i vat e gr oup. Lat er admi ni st r at or can change t he owner shi p of f i l e or di r ect or y usi ng t he chown or chgr p command. Synt ax: chown [ - R] user : gr oup f i l e/ di r ect or y Wher e R opt i ons i s cal l ed r ecur si ve. I t changes t he owner of al l f i l es as wel l as al l sub- di r ect or i es. Exampl e: chown R user 1: admi n / dat a Whi ch changes t he owner of / dat a t o user 1 user and admi n gr oup owner . RH302
Leading the way in IT testing and certification tools, www.testking.com
- 92 - I f you woul d l i ke t o change t he gr oup owner shi p onl y you can use t he chgr p command. Exampl e: chgr p admi n / dat a : Whi ch changes t he gr oup owner of / dat a t o admi n. Changing Permission Ever y Resour ces ar e cont r ol l ed by t he owner user , owner gr oup member and ot her s per mi ssi on. - r w- r - - r - - 1 nar ayan admi n 5 J ul 26 14: 46 r hce chmod command i s used t o change t he per mi ssi on of f i l e or di r ect or y. # chmod u+r wx / dat a : Whi ch set t he r ead, wr i t e and execut e per mi ssi on on / dat a di r ect or y t o owner user . #chmod g+r wx / dat a : Whi ch set t he r ead, wr i t e and execut e per mi ssi on on / dat a t o owner gr oup member # chmod o- r wx / dat a : Whi ch r emoves t he r ead, wr i t e and execut e per mi ssi on t o ot her s. Her e + oper at or wor ks t o add t he per mi ssi on and r emoves t he per mi ssi on. You can assi gn t he per mi ssi on by numer i c met hod al so. Read : 4 Wr i t e : 2 Execut e : 1 RH302
Leading the way in IT testing and certification tools, www.testking.com
- 93 - Tot al Per mi ssi on i s 7. # chmod 770 / dat a : Whi ch assi gns t he r ead, wr i t e and execut e per mi ssi on t o owner user and al l owner gr oup member but no any per mi ssi on t o ot her s. #chmod 754 / dat a : Whi ch assi gns t he r ead, wr i t e and execut e per mi ssi on t o owner user , r ead and execut e per mi ssi on t o gr oup member and r ead onl y per mi ssi on t o ot her s. Special Permission: 1. SUID or SGID bit on Executable File: Li ke f i l es or di r ect or i es, pr ocess al so on under t he some owner shi p. By def aul t pr ocess st ar t under t he owner shi p of execut er . Means who i s goi ng t o execut e t he command, pr ocess st ar t under t he owner shi p or secur i t y cont ext of t hat user or gr oup. When SUI D or SGI D bi t i s set t he execut abl e f i l e, pr ocess st ar t s under t he secur i t y cont ext of f i l e owner t hen execut er . Exampl e: When user 1 uses t he cat command, pr ocess st ar t on user 1 s owner shi p. But when we set t he SUI D or SGI D bi t on cat command, al ways pr ocess st ar t on r oot s owner shi p because r oot i s t he owner of cat command. # chmod u+s f i l e #chmod g+s f i l e RH302
Leading the way in IT testing and certification tools, www.testking.com
- 94 - #chmod u- s f i l e Bef or e set t i ng SUI D or SGI D per mi ssi on i s l i ke t hi s - r wxr - xr - x 1 r oot r oot 19140 Oct 5 2004 / bi n/ cat When you set t he SUI G and SGI D bi t you wi l l get - r wsr - sr - x 1 r oot r oot 19140 Oct 5 2004 / bi n/ cat SUI D or SGI D bi t appear on user and gr oup per mi ssi on i n pl ace of x. I f s appear smal l t hat means wi t h execut e per mi ssi on. I f s appear S t hen SUI D or SGI D wi t hout x per mi ssi on. 2. SGID bit on directory By def aul t f i l es or di r ect or y cr eat es wi t h owner shi p of user and user s pr i mar y gr oup. When we set he SGI D bi t on di r ect or y, t he gr oup owner of f i l e or sub- di r ect or y cr eat ed on t hat di r ect or y aut omat i cal l y wi l l be t he gr oup owner of par ent gr oup. Exampl e: dr wxr wx- - - 3 r oot admi n 12324 J ul y 20 2006 12: 30 dat a I n Out put per mi ssi on i s onl y t o owner user and t o owner gr oup member . When user 1 whi ch bel ongs t o admi n gr oup cr eat e t he f i l e i n / dat a owner wi l l be user 1 as wel l as user 1 s pr i mar y gr oup. # chmod g+s / dat a RH302
Leading the way in IT testing and certification tools, www.testking.com
- 95 - When you set t he SGI D bi t on di r ect or y, when user user 1 cr eat es t he f i l e i n / dat a gr oup owner wi l l be admi n. 3. Sticky Bit When one di r ect or y can access i n r ead, wr i t e and execut e mode by mor e t han one user , one user can r emove ot her user s f i l e. St i cky Bi t pr eser ve t o del et e by ot her user . #chmod o+t / dat a dr wxr wx- - T 3 r oot admi n 12324 J ul y 20 2006 12: 30 dat a St i cky Bi t appear s by t char act er i n execut e posi t i on. I f t appear i n smal l case i t means wi t h execut e per mi ssi on and i f t appear s i n T t hen i t means wi t hout execut e per mi ssi on. Assigning Permission on individual User/Group basis Ther e i s anot her commands set f acl and get f acl commands, whi ch set s t he per mi ssi on t o i ndi vi dual user or t o i ndi vi dual gr oup. #get f acl f i l ename or di r ect or y : Di spl ays t he per mi ssi on assi gned t o user s and gr oups. # set f acl - m u: user 10: r wx f i l ename/ di r ect or y : Whi ch set s t he r ead, wr i t e and execut e per mi ssi on t o user 10 # set f acl m g: admi n: r wx f i l ename/ di r ect or y: Whi ch set s t he r ead, wr i t e and execut e per mi ssi on t o admi n gr oup member . #set f acl x u: user 10 f i l e/ di r ect or y : Whi ch r emoves t he per mi ssi on assi gned t o user user 10 RH302
Leading the way in IT testing and certification tools, www.testking.com
- 96 - # set f acl x g: admi n f i l e. di r ect or y Remember t hat t o assi gn t he per mi ssi on wi t h acl f i l esyst em shoul d mount wi t h acl opt i on. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 97 - NIS Client Configuration NI S ( Net wor k I nf or mat i on Ser ver ) i s a t r adi t i onal di r ect or y ser vi ce, use f or cent r al i zed t o manage user account s. Usi ng NI S, you can t appl y al l pol i cy f or user . NI S i s a RPC ( Remot e Pr ocedur e Cal l ) Ser vi ce needs t o r un por t map ser vi ce al so i n ser ver . As wel l as NI S i s not based on DNS ( Domai n Name Ser vi ces) , i t i s di r ect l y bi nd t he domai n name wi t h I P Addr ess. For RHCT, you shoul d know how t o conf i gur e t he NI S Cl i ent i n al r eady ser ver conf i gur ed envi r onment . Let conf i gur e t he NI S Cl i ent by t aki ng some NI S ser ver I nf or mat i on: i . NI S domai n name i s exampl e. com i i . NI S Ser ver i s 192. 168. 0. 254 i i i . NI S user s home di r ect or y i s i n / ni suser s a. Type aut hconf i g or syst em- conf i g- aut hent i cat i on command RH302
Leading the way in IT testing and certification tools, www.testking.com
- 98 -
b. Sel ect on use NI S t hen cl i ck on Next c. Type Domai n : exampl e. com d. Ser ver : 192. 168. 0. 254
e. Cl i ck on ok I t means user s ar e aut hent i cat ed f r om t he NI S ser ver 192. 168. 0. 254. When user l ogi n on your Cl i ent machi ne, home di r ect or y shoul d pr esent i n l ogged on syst em. I al r eady wr i t t en about t he Aut omount f eat ur e. We can mount t he user s home di r ect or y i n cl i ent machi ne t o make pr esent user s home di r ect or y. a. mkdi r / ni suser s RH302
Leading the way in IT testing and certification tools, www.testking.com
- 99 - b. vi / et c/ aut o. mast er / ni suser s / et c/ aut o. home - - t i meout =60 Thi s l i ne speci f y t he mount poi nt by r eadi ng / et c/ aut o. home as wel l as unmount t he / ni suser s i f user doesn t use wi t hi n 60 seconds. c. vi / et c/ aut o. home * - r w, sof t , i nt r 192. 168. 0. 254: / ni suer s/ & Whi ch l i ne speci f y t o mount al l t he cont ent s of / ni suser s di r ect or y f r omser ver . d. ser vi ce aut of s r est ar t : aut of s ser vi ce cont r ol s t he aut o mount f eat ur e of l i nux syst em. Af t er changi ng conf i gur at i on, need t o r est ar t t he aut of s ser vi ce. e. Now l ogi n as ser ver s user s. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 100 - Managing Printer CUPS ( Common Uni x Pr i nt i ng Syst em) t he def aul t pr i nt i ng ser vi ce i n Redhat Ent er pr i se Li nux suppor t s many f eat ur es l i ke I PP ( I nt er net Pr i nt i ng Pr ot ocol ) based ser vi ce, can cont r ol pr i nt i ng j obs et c. a. I nst al l i ng Local l y connect ed pr i nt er - Type syst em- conf i g- pr i nt er command
- Cl i ck on New - Type Queue Name ( Pr i nt er Name) - Sel ect Queue Type In GUI You will get the screen like: RH302
Leading the way in IT testing and certification tools, www.testking.com
- 101 -
you shoul d sel ect l ocal l y connect ed i f pr i nt er i s l ocal l y connect ed
I f your Pr i nt er ser ver i s Uni x based t hen you shoul d sel ect Uni x Pr i nt Queue I n GUI ver si on of Pr i nt er Management t ool you wi l l get Net wor k CUPS and Uni x LPD, i f CUPS i s usi ng as pr i nt i ng ser ver , you shoul d use t he Net wor k CUPS and i f LPRng i s usi ng you shoul d use Uni x LPD. When you use CUPS speci f y t he ser ver and pr i nt er name / pr i nt er s/ pr i nt er name and when LPRng i s usi ng use ser ver and j ust pr i nt er name RH302
Leading the way in IT testing and certification tools, www.testking.com
- 102 -
I f your Pr i nt er ser ver i s Wi ndows based t hen you shoul d sel ect Wi ndows Pr i nt Queue I f your Pr i nt er Ser ver i s Novel l based t hen you shoul d sel ect Novel l pr i nt er I f your Pr i nt er i s st andal one pr i nt er sel ect J et di r ect Pr i nt queue. When you sel ect Local pr i nt er devi ce, you need t o gi ve t he devi ce name wher e your pr i nt er i s connect ed. I f your pr i nt er i s connect ed i t par al l el por t use / dev/ l p0 i f pr i nt er connect ed on usb t he use / dev/ usb/ l p0. I f you ar e goi ng t o i nst al l t he Net wor k based pr i nt er , you need t o pass t he pr i nt er ser ver name and pr i nt queue name. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 103 -
Whi l e speci f yi ng devi ce or ser ver and queue name, you need t o sel ect t he manuf act ur er and model of pr i nt er .
Sel ect t he Manuf act ur er and Model t hen cl i ck cl i ck on next . Cl i ck on Fi ni sh CUPS pr i nt i ng ser vi ce i s cont r ol l ed by cups daemon. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 104 - Whi l e you st ar t t he cups ser vi ce i t r eads t he f i l e o / et c/ cups/ pr i nt er s. conf o / et c/ cups. cupsd. conf / et c/ cups/ pr i nt er s. conf f i l e cont ai ns al l pr i nt er s name and ot her pr i nt er r el at ed par amet er s. / et c/ cups/ cupsd. conf i s t he mai n conf i gur at i on f i l e. Managing Printer through HTTP CUPS has new f eat ur e t hat can manager t hr ough Br owser . Type ht t p: / / l ocal host : 631 on your br owser
Now you wi l l get t he mai n cups page f r om wher e you can manage j obs, pr i nt er cl ass, queues et c. Her e I m goi ng t o show you how t o i nst al l t he net wor k based pr i nt er . RH302
Leading the way in IT testing and certification tools, www.testking.com
- 105 - When you get t he CUPS mai n page, cl i ck on Manager Pr i nt er s Cl i ck on Add pr i nt er Type r oot and passwor d
Type Queue Name, Locat i on and Descr i pt i on t hen cont i nue Sel ect Devi ce f or pr i nt er , i f you ar e goi ng t o i nst al l net wor k based pr i nt er t hen sel ect ei t her ht t p or i pp.
Type Devi ce URL or Addr ess Exampl e: ht t p: / / ser ver 1. exampl e. com/ pr i nt er s/ pr i nt er 1 RH302
Leading the way in IT testing and certification tools, www.testking.com
- 106 -
Above exampl e shows t hat i nst al l i ng net wor k based pr i nt er i nst al l ed i n ser ver 1. exampl e. com named pr i nt er 1. Sel ect Manuf act ur er as wel l as Model Cl i ck on Fi ni sh Now You can t est usi ng t he some pr i nt i ng command. Commands Descr i pt i on l pr Sends Pr i nt i ng j ob t o pr i nt er Lpq Pr i nt s al l pr i nt i ng queue of pr i nt er l pr m Removes t he queue of pr i nt er The X Window System X Wi ndows Syst em i s t he f oundat i on cl ass, whi ch pr ovi des t he Gr aphi cal User I nt er f ace on Li nux. X Wi ndow syst em i s RH302
Leading the way in IT testing and certification tools, www.testking.com
- 107 - ver y f l exi bl e and mor e t r anspar ent , whi ch devel oped on cl i ent and ser ver ar chi t ect ur e. On Redhat Ent er pr i se Li nux, X wi ndow Syst em i s t he syst em havi ng mul t i pl e Deskt op Envi r onment , Di spl ay Manager and Fi l e Manager . i . GNOME i s t he def aul t deskt op on Redhat Ent er pr i se Li nux. i i . KDE anot her execel l ent Deskt op on Redhat Ent er pr i se Li nux. Di f f er ent deskt op havi ng di f f er ent Di spl ay Manager . i . GDM Di spl ay Manager of GNOME i i . KDM Di spl ay Manager of KDE i i i . XDM Di spl ay Manager of X Wi ndow Si mi l ar l y, t her e ar e di f f er ent f i l e manager met aci t y f or GNOME, kwmf or KDE and f or X wi ndow Syst em. Gl obal Def aul t deskt op and di spl ay manager i s speci f i ed i n / et c/ sysconf i g/ deskt op f i l e. DI SPLAYMANAGER=KDE DESKTOP=KDE Whi ch cal l s by / et c/ X11/ pr ef dm scr i pt s execut es on X wi ndow syst eml oadi ng t i me. User can cr eat e user speci f i c def aul t deskt op t hen gl obal set t i ngs usi ng switchdesk command. Whi ch cr eat es ~/ . Xcl i ent s and ~/ . Xcl i ent s- def aul t f i l e. Whi l e user RH302
Leading the way in IT testing and certification tools, www.testking.com
- 108 - l ogi n i nt o GUI f i r st checks whet her user speci f i c def aul t deskt op i s speci f i ed or not . I f exi st s l oads t he user s deskt op ot her wi se r eads f r om / et c/ sysconf i g/ deskt op and l oads t he def aul t deskt op speci f i ed i n gl obal f i l e. #swi t chdesk GNOME When Di spl ay Manager i s GDM, i t appear s as bel ow f i gur e.
When Di spl ay Manager i s kdm, Logi n Scr een appear s as f ol l ow f i gur e
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 109 -
When Di spl ay Manager i s xdm, Logi n Scr een appear s as f ol l ow f i gur e
To st ar t t he X wi ndow Syst em, r unl evel shoul d be 5 or manual l y can l oad by usi ng st ar t x command # i ni t 5 #st ar t x Whi l e Loadi ng X Wi ndow Syst em, You can f ace di f f er ent Pr obl em. i . Mi sconf i gur at i on of Vi deo car d, Moni t or , Resol ut i on et c. Af t er I nst al l at i on, you can conf i gur at i on Vi deo car d, Moni t or t ype, Resol ut i on et c by usi ng # system-config-display command. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 110 -
When you sel ect t he Opt i ons , i t wi l l wr i t e i n / et c/ X11/ xor g. conf f i l e. Whi l e l oadi ng t he GUI i t checks t he conf i gur at i on i n / et c/ X11/ xor g. conf f i l e. I f f i l e i s mi ssi ng i t gi ves pr obl emat t hat t i me you can sol ve usi ng syst em- conf i g- di spl ay command. Si mi l ar l y xf s ser vi ce pr ovi des t he ser ver of f ont r ender i ng f or Gr aphi cal I nt er f ace. You shoul d check whet her t hi s ser ver i s r unni ng or not . # ser vi ce xf s st at us #ser vi ce xf s st ar t RH302
Leading the way in IT testing and certification tools, www.testking.com
- 111 - Software RAID (Redudant Array of Inexpensive Disks) Whi l e you use t he si ngl e di sk t o st or e dat a what wi l l happen i f your di sk cr ashed. You l ose al l dat a f r om your di sk. Yes, RAI D i s comes her e f or f aul t t ol er ance. I f you ar e st or i ng t he dat a i n RAI D devi ce, dat a i s avai l abl e i f one di sk become f ai l . Ther e di f f er ent l evel of RAI D gener al l y we use RAI D Level 0, RAI D Level 1 and RAI D Level 5 i n our dai l y wor ks. RAID Level 0 Also called stripping without parity RAI D l evel i s cal l ed st r i ppi ng i t s l i ke vol ume, whi ch i s combi nes of mul t i pl e di sks.
Disk 1 10GB Disk 2 10 GB Volume Disks 20 GB RH302
Leading the way in IT testing and certification tools, www.testking.com
- 112 - See on t he above Fi gur e t hat when you use t wo di sks i n RAI D Level 0, you wi l l get new vol ume wi t h combi ned si ze of t wo di sks. Usi ng t he RAI D Level 0 i s j ust t o make Vol ume or t o i ncr ease t he per f or mance of di sk. RAID Level 1 : Mirroring RAI D Level 1 i s cal l ed Mi r r or i ng, when you wr i t e t he dat a i t wr i t es i n mor e t hen one di sks at a t i me. So, when one di sk become f ai l , dat a can r ecover f r omanot her di sk. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 113 -
When you conf i gur e t he RAI D Level 1, i t aut omat i cal l y mi r r or s t he dat a wr i t t en on one di sk i nt o anot her di sk. So one di sk i s used t o wr i t e mi r r or ed dat a. When one di sk cr ashed, dat a can r ecover f r om anot her di sk. For RAI D Level 1 mi ni mum2 di sks ar e r equi r ed. RAID Level 5 : Stripping with Parity RAI D Level 5 i s cal l ed St r i ppi ng wi t h Par i t y, when you wr i t e t he dat a i t wr i t es par i t y i nf or mat i on i nt o anot her di sk. So, when one di sk becomes f ai l , dat a can r ecover f r om anot her di sk. I n compar i son wi t h RAI D Level 1, RAI D Level 5 has good dat a r ead per f or mance. But f or RAI D Level 5 mi ni mum3 di sks ar e r equi r ed.
Disk 1 10GB Disk 2 10 GB Volume Disks 10 GB Disk 1 10GB Disk 2 10 GB Disk 3 10 GB RH302
Leading the way in IT testing and certification tools, www.testking.com
- 114 -
When you conf i gur e t he RAI D Level 5, i t wr i t es t he par i t y i nf or mat i on i nt o anot her di sk, so when one di sk cr ashed, dat a can r ecover f r omanot her di sk.
Creating RAID Level 0 #mdadm C / dev/ md0 - - l evel =0 - - r ai d- devi ces=2 / dev/ hda1 / dev/ hdb1 usi ng mdadmcommand can cr eat e t he RAI D devi ce. The above exampl e cr eat es t he Fi r st RAI D devi ce md0 usi ng / dev/ hda1 and / dev/ hdb1 devi ces. Creating RAID Level 1 #mdadm C / dev/ md0 - - l evel =1 - - r ai d- devi ces=2 / dev/ hda1 / dev/ hdb1 - - spar e- devi ces=1 / dev/ hdc1 Whi ch cr eat es t he devi ce / dev/ md0 of RAI D Level 1. When we wr i t es dat a i nt o / dev/ md0 i t mi r r or i nt o hda1 and Volume Disks 20 GB RH302
Leading the way in IT testing and certification tools, www.testking.com
- 115 - hdb1 bot h devi ces. As wel l as one di sk speci f i ed t he spar e di sk, whi ch aut omat i cal l y used when di sk ei t her hda1 or hdb1 become cr ashed i n RAI D Ar r ay. Creating RAID Level 5 #mdadm C / dev/ md0 - - l evel =5 - - r ai d- devi ces=3 / dev/ hda1 / dev/ hdb1 / dev/ hdc1 - - spar e- devi ces=1 / dev/ hdd1 Whi ch cr eat es t he devi ce md0 of RAI D Level 5. When we wr i t es t he dat a i nt o md0 devi ce i t uses di sks t o wr i t e dat a as wel l as one di sk i s used t o wr i t e t he par i t y i nf or mat i on. Remember that you need to create these partitions in Software RAID Type with System ID FD.
Af t er Cr eat i ng t he RAI D Devi ce, you need t o cr eat e t he f i l esyst em #mkf s t ext 3 / dev/ md0 Or # mke2f s j / dev/ md0 Mounting RAID Device # mkdi r / dat a #mount / dev/ md0 / dat a RH302
Leading the way in IT testing and certification tools, www.testking.com
- 116 - You need t o wr i t e i nt o / et c/ f st ab f i l e t o mount aut omat i cal l y at boot t i me / dev/ md0 / dat a ext 3 def aul t s 0 0 Checking RAID Status: # mdadm --detail /dev/md0 Simulating fail of RAID Array Disk #mdadm --set-faulty /dev/md0 /dev/hda1 Removing failed Disks from RAID Array #mdadm --remove /dev/md0 /dev/hda1 Adding New Disk into RAID Array #mdadm --add /dev/md0 /dev/hdd1
Creating RAID Device At installation Time See sample Here RH302
Leading the way in IT testing and certification tools, www.testking.com
- 117 -
At I nst al l at i on t i me al so you can cr eat e t he RAI D devi ce. J ust you need t o cr eat e t he par t i t i ons wi t h Sof t war e RAI D Fi l eSyst em Type. Af t er t hat cl i ck on RAI D but t on. Then t ype t he mount poi nt , choose f i l e syst em t ype, RAI D devi ce, RAI D Level , RAI D member s and t ype t he number of di sks used as spar e di sks. See sample here
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 118 -
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 119 - Logical Volume Manager (LVM) I woul d l i ke t o i nt r oduce about LVM t hr ough t he exampl e : I cr eat ed / usr par t i t i on wi t h si ze 5000 MB and / var / wi t h 1000 MB. Af t er some t i me you r equi r e mor e space i n / var / due t o l og f i l e management , you have f r ee space i n / usr . Can you manage t he space of par t i t i on by dynami cal l y i ncr easi ng or decr easi ng t he si ze of par t i t i ons. Nor mal l y no, you need t o cr eat e t he LVM. I n LVM you need t o cr eat e t he Physi cal vol ume, Vol ume Gr oup and Logi cal Gr oup. Creating Logical Volume i . Cr eat e t he par t i t i ons havi ng 8e syst emI D. i i . Synchr oni ze wi t h par t i t i on t abl e usi ng par t pr obe command Create the Physical Volume Fi r st St eps of cr eat i ng t he Logi cal Vol ume i s by cr eat i ng t he Physi cal Vol ume. Onl y t he physi cal Vol ume di sks can be member of Vol ume Gr oup. #pvcr eat e / dev/ hda12 / dev/ hda13 : Thi s exampl e cr eat es t he / dev/ hda12 as wel l as / dev/ hda13 as a physi cal Vol ume. Creating Volume Group Vol ume Gr oup i s t he gr oup name of al l member havi ng combi ned si ze of al l bel ongs physi cal Vol ume. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 120 - # vgcr eat e vol 0 / dev/ hda12 : Thi s exampl e cr eat es t he vol 0 Vol ume Gr oup named vol 0 wi t h t he member of / dev/ hda12. Creating Logical Volume Logi cal Vol ume i s t he di st r i but ed Vol ume of Vol ume Gr oup. We use t he Logi cal Vol ume. # l vcr eat e n dat a1 L 50M vol 0 : Thi s exampl e cr eat es t he Logi cal vol ume named dat a1 wi t h t he si ze 50M. Si mi l ar l y you can cr eat e mul t i pl e Logi cal vol ume on same Vol ume Gr oup. # l vcr eat e n dat a2 L 100M vol 0 : Whi ch cr eat es t he second Logi cal Vol ume named dat a2 wi t h 100M si ze. Now t o use t he Logi cal Vol ume you need t o cr eat e t he f i l e syst emon Logi cal Vol ume. # mkf s t ext 3 / dev/ vol 0/ dat a1 #mkf s t ext 3 / dev/ vol 0/ dat a2 Now mount t he Logi cal Vol ume #mount t ext 3 / dev/ vol 0/ dat a1 / dat a1 #mount t ext 3 / dev/ vol 0/ dat a2 / dat a2 I f you want mount aut omat i cal l y at boot t i me you need t o wr i t e i n / et c/ f st ab f i l e. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 121 - / dev/ vol 0/ dat a1 / dat a1 ext 3 def aul t s 1 2 As I descr i bed t he f eat ur e of Logi cal Vol ume, we can r esi ze Logi cal Vol ume dynami cal l y. Let s i ncr ease or decr ease t he si ze of Logi cal Vol ume and br i ngs on onl i ne. # l vext end L+20M / dev/ vol 0/ dat a1 : Whi ch i ncr ease t he si ze of Logi cal Vol ume dat a1 by 20M. I f you check t he si ze usi ng df command of di r ect or y / dat a1 , you wi l l get t he i ni t i al si ze, i f you want as same as Logi cal Vol ume, you need t o br i ng t he Logi cal Vol ume onl i ne by usi ng t he ext 2onl i ne command. # ext 3onl i ne d / dev/ vol 0/ dat a1 Now / dat a1 di r ect or y knows t hat t he si ze of dat a1 Logi cal Vol ume i s 70M. You can ver i f y by usi ng t he df command. You can di spl ay t he pr oper t i es of Logi cal Vol ume, Vol ume Gr oup, Logi cal Vol ume by usi ng pvdi spl ay, vgdi spl ay and l vdi spl ay command. Exampl e: #pvdi spl ay / dev/ hda12 #vgdi spl ay vol 0 #l vdi spl ay / dev/ vol 0/ dat a1 RH302
Leading the way in IT testing and certification tools, www.testking.com
- 122 - Si mi l ar l y you can use l vr esi ze command t o r esi ze as wel l as vgext end t o add new physi cal vol ume i nt o t he Vol ume Gr oup. Exampl e: I f you want t o add / dev/ hda13 i nt o t he Vol ume vol 0 #vgext end vol 0 / dev/ hda13 Ver i f y usi ng t he vgdi spl ay command. Configuring LVM at Installation Time I f you want t o conf i gur e t he LVM at I nst al l at i on t i me, j ust cr eat e t he par t i t i ons havi ng Logi cal Vol ume Fi l e Syst em. Then cl i ck on LVM, speci f y t he Vol ume Gr oup.
Af t er speci f yi ng t he Vol ume Gr oup Name, Cl i ck on Add but t on and t ype Logi cal Vol ume name, mount poi nt , si ze and f i l esyst em. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 123 -
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 124 - Implementing User Quotas
Quot a keeps i ndi vi dual user or gr oup f r omoccupi ed al l space avai l abl e on t he i ndi vi dual par t i t i ons. Admi ni st r at or can appl y t he quot as pol i cy per user or per gr oup basi s on number of bl ocks or number of i nodes. Her e I mgoi ng t o i mpl ement t he quot a on user s home di r ect or y. We can appl y t he r ul es of how much i ndi vi dual user can occupi ed t he space or how many i nodes can use. Quot a f eat ur e i n i mpl ement ed i n Li nux Ker nel j ust you have t o enabl e on f i l e syst emusi ng usr quot a or gr pquot a opt i ons whi l e mount i ng t he f i l e syst em. At boot t i me t o mount t he f i l esyst emr c. sysi ni t r eads t he f i l e / et c/ f st ab f i l e so you shoul d speci f y t he opt i on i n t hi s f i l e. LABEL=/ home / home ext 3 def aul t s, usr quot a, gr pquot a 1 2 usr quot a opt i ons enabl e t he user quot a on / home f i l e syst emand gr pquot a opt i on enabl e t he gr oup quot a on / home f i l e syst em. To enabl e t hi s opt i ons ei t her you shoul d r eboot t he syst emor r e- mount t he f i l e syst em. # mount o r emount / home RH302
Leading the way in IT testing and certification tools, www.testking.com
- 125 - Now cr eat e t he bl ank f i l e t o st or e t he i nf or mat i on of user quot a and gr oup quot a i nf or mat i on. #t ouch / home/ aquot a. user #t ouch / home/ aquot a. gr oup Now i ni t i al i ze t he quot a dat abase of user and gr oup usi ng t he quot acheck command. # quot acheck ugf m/ home By def aul t user quot a opt i on onl y enabl e so i f you ar e goi ng t o i mpl ement gr oup quot a, you shoul d use t he g opt i on. # quot aong ug / home J ust on t he quot a on / home f or user and gr oup I f you want t o of f t he quot a use t he quot aof f command Now set t he pol i cy f or user and gr oup usi ng t he edquot a command. # edquot a u user 1 / home Disk quotas for user ez (uid 504) Filesystem blocks soft hard inodes soft hard /dev/hdda6 300 400 500 20 0 0 I n t he above exampl e, user 1 al r eady occupi ed 300 KB, and now set t he 400 sof t l i mi t t o gi ve t he war ni ng and 500 KB RH302
Leading the way in IT testing and certification tools, www.testking.com
- 126 - i s t he har d l i mi t t hat user user 1 can t exceeds t he har d l i mi t . Si mi l ar l y you can set t he quot a l i mi t by usi ng t he number of i nodes. J ust speci f y t he har d l i mi t and sof t l i mi t on i nodes. Si mi l ar l y we can set t he quot a t o gr oup member . #edquot a up user 1 user 2 user 3 user 4 : Whi ch t r ansf er t he pol i cy of user 1 t o ot her user user 2 user 3 and user 4. Monitoring Quota of users #r epquot a / home : Whi ch r epor t s t he quot a i nf or mat i on of / home #quot a user name : Whi ch r epor t s t he quot a i nf or mat i on of i ndi vi dual user . RH302
Leading the way in IT testing and certification tools, www.testking.com
- 127 - Troubleshooting I n r eal t i me wor ki ng you can get di f f er ent t ypes of pr obl emand shoul d f ace as wel l as sol ve. I can t expl ai n what pr obl emwi l l you f ace. Her e I t r y t o expl ai n some i mpor t ant f i l e as wel l as i mpor t ant par amet er s of f i l es. 1. Troubleshooting with networking: i . Check whet her f i l e / et c/ sysconf i g/ net wor k f i l e exi st s of not as wel l as t hi s par amet er NETWORKI NG=yes HOSTNAME=? GATEWAY=? NI SDOMAI N=? i i . Check t he i nt er f ace conf i gur at i on f i l e / et c/ sysconf i g/ net wor k- scr i pt s/ i f cf g- et h0 DEVI CE=et h0 ONBOOT=yes BOOTPROTO=st at i c OR dhcp I PADDR=x. x. x. x NETMASK=x. x. x. x GATEWAY=x. x. x. x RH302
Leading the way in IT testing and certification tools, www.testking.com
- 128 - # check whet her devi ce i s down # i f conf i g, i f down et h0, i f up et h0 et c i i i . Check Whet her Modul e of devi ce i s l oaded or not usi ng l smod command and t r y t o manage modul es usi ng i nsmod, r mmod, deopmod, modpr obe command. i v. Check al i ases i s cr eat ed or not i n / et c/ modul es. conf f i l e v. Check t he Rout i ng Tabl e or Gat eway # r out e n command Remove i f i ncor r ect r out i ng t abl e i s added usi ng r out e add command. # r out e add net x. x. x. x net mask x. x. x. x gw x. x. x. x # r out e del net x. x. x. x net mask x. x. x. x gw x. x. x. x 2. Troubleshooting with X Window System Somet i me you wi l l f ace pr obl emwhi l e boot i ng t he syst em i n Runl evel 5. Ther e ar e some cases, i n whi ch you f ace pr obl emwhi l e l oadi ng t he GUI . i . Check whet her f i l e / et c/ X11/ xor g. conf i i . I f doesn t exi st s conf i gur e Vi deo car d, moni t or , r esol ut i on et c usi ng syst em- conf i g- di spl ay. i i i . Check whet her xf s ser vi ce i s r unni ng or not . i v. Check t he def aul t r unl evel v. Check whet her Har d l i mi t quot a i s t ouched. 3. Troubleshooting with System Boot RH302
Leading the way in IT testing and certification tools, www.testking.com
- 129 - Thi s i s t he most i mpor t and most gi ve mi nd t o sol ve t he boot r el at ed pr obl em. You shoul d whi ch, whi ch f i l es used at boot t i me and how t o t r oubl eshoot . i . Boot l oader Check whet her MBR ( Mast er Boot Recor d) i s cr ashed, i f MBR become cr ashed, Boot l oader can t l oad OS, whet her Boot l oader i s mi s- conf i gur ed ? I f pr obl emwi t h boot l oader , check t he conf i gur at i on. When you boot t he syst em, you wi l l get t he gr ub scr een t o sel ect Oper at i ng Syst emf r omt he Li st . I n gr ub scr een t her e l ot s of opt i on avai l abl e. Pr ess c f or Gr ub Pr ompt , e t o edi t t he par amet er s, b t o boot , a t o append et c. See t he sampl e of gr ub pr ompt , Gr ub>r oot ( hd0, 0) Gr ub>ker nel / vml i nuz- 2. 6. 9- 5. EL r o r oot =LABEL=/ r hgb qui et gr ub> i ni t r d / i ni t r d- 2. 6. 9- 5. EL. i mg Gr ub>boot Now i f passed par amet er s ar e cor r ect , you successf ul l y abl e t o boot t he Syst em.
Si mi l ar l y use di f f er ent shor t cut s t o edi t or t r oubl e shoot . Li ke e, a et c.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 130 - I f you f or get t he r oot s passwor d what you wi l l do ? I al r eady expl ai ned t hat t her e ar e di f f er ent r unl evel s. You need t o boot your syst emi n Si ngl e user mode. J ust pr ess t he a key i n gr ub scr een You wi l l get l i ne l i ke:
ker nel / vml i nuz- 2. 6. 9- 5. EL r o r oot =LABEL=/ r hgb qui et s Type s at t he end of l i ne t hen pr ess ent er key, now your syst emwi l l boot i n si ngl e user mode, r oot wi l l aut omat i cal l y l ogged i n bash shel l , j ust change t he passwor d and boot .
I f boot l oader cr ashed, you need t o r e- i nst al l new boot l oader . At t hat t i me, you need t o st ar t t he syst emi n Rescue mode. Booting system in Rescue Mode i . St ar t t he syst emwi t h RHEL 4 1 st CD or boot . i so cd You will get the screen like this RH302
Leading the way in IT testing and certification tools, www.testking.com
- 131 -
i i . Type l i nux r escue i n boot pr ompt . i i i . Sel ect t he Gener al Opt i ons i v. Sel ect opt i on t o use or not t o use Et her net car d and assi gn t he I P Addr ess v. Cl i ck on Cont i nue vi . Check t he message t hat , pr evi ous par t i t i ons ar e mount ed i n / mnt / sysi mage di r ect or y. vi i . Now change t he Root f i l e syst em # chr oot / mnt / sysi mage Now I nst al l t he Boot l oader # gr ub- i nst al l / dev/ hda RH302
Leading the way in IT testing and certification tools, www.testking.com
- 132 - i i . Ker nel Fi l e : Check whet her Ker nel f i l e i s cr ashed or r emoved f r omt he syst em, at t hat t i me, you can i nst al l at r escue mode. i i i . Check t he i ni t conf i gur at i on f i l e / et c/ i ni t t ab conf i gur at i on i v. Check t he / et c/ f st ab t hat wr i t i ng i n i n- pr oper ways or wr i t i ng i n- pr oper f i l e syst em. Remember t hat when pr obl emi n / et c/ f st ab f i l e, syst emwi l l boot i n emer gency mode, t hat i s cal l ed f i l e syst em mai nt enance mode. you can manual l y boot t he syst em i n emer gency mode Gr ub>ker nel / vml i nuz- 2. 6. 9- 5. EL r o r oot =LABEL=/ r hgb qui et emer gency J ust pr ovi de t he r oot passwor d, r emount t he r oot ( / ) f i l esyst emi n r ead and wr i t e mode, edi t t he / et c/ f st ab f i l e.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 133 - Section 3 RedHat Certified Engineer (RHCE) Preparation Can you do independently ? Can Configure DNS Master Server ? Can Configure and Maintain Slave DNS server ? Can Configure DNS Global Options ? Can Configure FTP Server ? Can deny or allow real user or anonymous login via FTP ? Can Configure NFS server as per needs ? Can Configure NFS Client ? Can Share Data through Samba for Windows Users ? Can Share with Different Security Options ? Can Share with user or hosts based Authentication ? Can Share as per user needs ? Can Configure Sendmail Server ? Can Configure procmail and fetchmail ? Can Configure Apache Web server for IP based web site hosting ? Can Configure Apache web server for Name based web site hosting ? Can Configure Apache web Server with user or hosts based Authentication ? RH302
Leading the way in IT testing and certification tools, www.testking.com
- 134 - Can Configure Apache web server by implementing SSL ? Can Configure Squid Proxy Server ? Can Configure NIS Master and Slave Server ? Can Configure Time, Origin based Login ? Can Limit number of process or logins to users ? Can Secure Stand Alone with TCP_Wrappers ? Can Secure Transient Services with TCP_Wrappers ? Can Secure Transient Services with xinetd mechanism ? Can you Configure the Iptables firewall ? RHCE is the 100% practical Exam so you should know every thing above mentioned topics. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 135 - Domain Name Server (DNS) Fi r st you shoul d know what DNS wi l l do, I woul d l i ke t o go t hr ough by exampl e, when you t r y t o access t he www. t est ki ng. com, i t wi l l wor k and easy t o r emember . But syst em wor ks on t he basi s of Logi cal Addr ess cal l ed I P Addr ess but di f f i cul t t o r emember 202. 2. 2. 2 et c. So t her e wi l l DNS comes, whi ch conver t s t he Name t o I P and I P t o Name as wel l as def i ne t he Mai l Exchanger of t he Domai n. i . Resol ve t he host name i nt o I P Addr ess cal l ed For war d Lookup i i . Resol ve t he I P Addr ess i nt o host name cal l ed Rever se Lookup
I n Redhat Ent er pr i se Li nux, BI ND ( Ber ker enl y I nt er net Name Domai n) i s used as a DNS Syst em, whi ch i s wor l d s most used Sof t war e. Lets go through by example of configuring the Forward Lookup: Fi r st you need t o def i ne t he zone, whi ch i s cal l ed t he par t of domai n. Al l zone i nf or mat i on wi l l wr i t e i nt o / et c/ named. conf . #vi / et c/ named. conf zone exampl e. com I N { t ype mast er ; RH302
Leading the way in IT testing and certification tools, www.testking.com
- 136 - f i l e exampl e. com. zone; }; Figure of /etc/named.conf
Gener al l y DNS ser ver ar e i n t wo t ypes one i s cal l ed mast er , whi ch has al l conf i gur at i on dat a and anot her i s cal l ed sl ave, whi ch has t he backup of mast er conf i gur at i on. When Mast er DNS become f ai l s, sl ave pr ovi des t he ser vi ce t o cl i ent . # named- checkconf : whi ch checks t he conf i gur at i on of / et c/ named. conf conf i gur at i on RH302
Leading the way in IT testing and certification tools, www.testking.com
- 137 - / et c/ named. conf i s t he f i l e wher e we wr i t e t he zone, t ype of zone and dat abase of zone conf i gur at i on. I f you check i n t hi s f i l e at t he t op t her e i s gl obal opt i ons, whi ch speci f i ed t he di r ect or y opt i ons i n / var / named di r ect or y. Now you need t o cr eat e t he exampl e. com. zone f i l e i nt o / var / named di r ect or y. But t hi s i s t he changes f r om RHEL 3 t o RHEL 4, i n RHEL 3 DNS r uns on / r oot di r ect or y but i n RHEL 4 r oot di r ect or y of DNS i s separ at ed usi ng t he chr oot means f r om now DNS has i t s own r oot di r ect or y. Whi ch i s def i ned i n / et c/ sysconf i g/ named f i l e ROOTDI R=/ var / named/ chr r oot Let s go t o cr eat e t he zone dat abase f i l e: Gener al l y i t st or e t he i nf or mat i on i n f ol l owi ng synt ax: [ domai n] [ t t l ] [ cl ass] [ t ype] [ r dat a] Wher e domai n speci f y domai n name, t t l t i me t o l i ve how much i nf or mat i on shoul d be cashed, cl ass r ecor d cl assi f i cat i on usual l y I N means I nt er net , t ype, Recor d Type ei t her SOA, MX of A and r dat a speci f y dat a f or r ecor d. #vi / var / named/ chr oot / var / named/ exampl e. com. zone $TTL 3434 @I N SOA exampl e. com. admi n. exampl e. com. ( RH302
Leading the way in IT testing and certification tools, www.testking.com
- 138 - 100; Ser i al Number 1H; Ref r esh Ti me 1M; Ret r y Ti me 1W; Expi r e Ti me 1D; Mi ni mumTi me t o Li ve ) @I N NS 192. 168. 0. 1 @I N NS 192. 168. 0. 2 www I N A 192. 168. 0. 3 f t p I N A 192. 168. 0. 4 I n Fi r st Li ne def i ned t he Ti me t o Li ve on cache Name ser ver , Cache name ser ver st or es t he l ookup i nf or mat i on i nt o t he cached and gi ves r epl y t o cl i ent r at her t han l ookup t i mes t o t i mes. Her e @ symbol i s r ever sed f or zone name exampl e. com, ever y zone shoul d st ar t wi t h SOA t hat means t hi s i s compl et e dat abase f or par t i cul ar zone can r epl y t o cl i ent . admi n. exampl e. com i s t he emai l addr ess t o whi ch DNS shoul d send t he mai l . I n DNS dat abase f i l e, t her e ar e f i ve t i me par amet er s RH302
Leading the way in IT testing and certification tools, www.testking.com
- 139 - i . Fi r st i s Ser i al Number Sl ave wi l l t r y t o r ef r esh wi t h mast er DNS ser ver on def i ned r ef r esh t i me i nt er val but quest i on i s t hat when sl ave shoul d copy t he mast er s dat abase f i l e when changes occur r ed i n mast er ! ! Remember t hat when you made any changes on mast er , you need t o upgr ade t he Ser i al Number . When sl ave cont act t o mast er , i t checks ser i al Number , i f ser i al Number i s updat ed t hen sl ave DNS copy t he updat ed por t i on f r omMast er . i i . Ref r esh Ti me : Ti me t o Ref r esh wi t h Mast er DNS ser ver by Sl ave DNS ser ver i i i . Ret r y Ti me : Ti me t o r et r y i f f i r st r ef r esh f ai l ed i v. Expi r e Ti me: Domai n when shoul d expi r e v. Mi ni mumTi me t o Li ve f or Negat i ve Answer i ng Now you need t o speci f y t he DNS Name ser ver whi ch speci f i ed by NS r ecor d. I conf i gur ed t her e ar e t wo DNS ser ver f or exampl e. com one i s mast er 192. 168. 0. 1 and anot her i s 192. 168. 0. 2, whi ch i s sl ave DNS ser ver . Now you need t o add host on zone by usi ng A Recor d Type. www I N A 192. 168. 0. 3 Whi ch speci f y t hat www. exampl e. com i s 192. 168. 0. 3 Wher e A r ecor d speci f y Associ at e I P Addr ess. Now l et s conf i gur e by speci f yi ng t he Mai l Exchanger of domai n. Mai l Exchanger i s t he host , whi ch i s r esponsi bl e t o del i ver y t he mai l t o domai n user s. #vi / var / named/ chr oot / var / named/ exampl e. com. zone RH302
Leading the way in IT testing and certification tools, www.testking.com
- 140 - $TTL 3434 @I N SOA exampl e. com. admi n. exampl e. com. ( 100; Ser i al Number 1H; Ref r esh Ti me 1M; Ret r y Ti me 1W; Expi r e Ti me 1D; Mi ni mumTi me t o Li ve ) @I N NS 192. 168. 0. 1 @I N NS 192. 168. 0. 2 www I N A 192. 168. 0. 3 f t p I N A 192. 168. 0. 4 mai l I N A 192. 168. 0. 5 mai l 1 I N A 192. 168. 0. 6 @I N MX 5 mai l . exampl e. com. @I N MX 10 mai l 1. exampl e. com. See t he conf i gur at i on, mai l . exampl e. com i s associ at ed wi t h 192. 168. 0. 5 and mai l 1. exampl e. comi s associ at ed wi t h 192. 168. 0. 6. We can Speci f y t he Mai l Exchanger of domai n RH302
Leading the way in IT testing and certification tools, www.testking.com
- 141 - usi ng MX r ecor d Type, Wher e mai l . exampl e. com i s t he pr i mar y Mai l Ser ver f or exampl e. com domai n and mai l 1. exampl e. com i s t he secondar y mai l exchanger whi ch speci f i ed by t he numer i cal val ue. Fi r st Pr i or i t y wi l l gi ve t o host havi ng l owest number . #named- checkzone exampl e. com / var / named/ chr oot / var / named/ exampl e. com. zone : whi ch checks t he conf i gur at i on of / var / named/ chr oot / var / named/ exampl e. com. zone conf i gur at i on. # ser vi ce named st ar t | r est ar t | st at us Now conf i gur e t he Cl i ent DNS ser ver #vi / et c/ r esol v. conf nameser ver 192. 168. 0. 1 nameser ver 192. 168. 0. 2 #host www. exampl e. com #nsl ookup f t p. exampl e. com #di g mai l . exampl e. com Now i t s t i me t o conf i gur e t he DNS wi t h l oad bal anci ng. Yes, you access t he www. hot mai l . com si t e what one si ngl e host can pr ovi de ser vi ce t o mi l l i ons of user at a t i me no no, you need t o conf i gur e mor e t han one host f or www. hot mai l . com. BI ND has mechani sm t o r edi r ect t he r equest t o di f f er ent host s. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 142 -
#vi / var / named/ chr oot / var / named/ exampl e. com. zone $TTL 3434 @I N SOA exampl e. com. admi n. exampl e. com. ( 100; Ser i al Number 1H; Ref r esh Ti me 1M; Ret r y Ti me 1W; Expi r e Ti me 1D; Mi ni mumTi me t o Li ve ) @I N NS 192. 168. 0. 1 @I N NS 192. 168. 0. 2 www 0 I N A 192. 168. 0. 3 www 0 I N A 192. 168. 0. 4 www 0 I N A 192. 168. 0. 5 www 0 I N A 192. 168. 0. 6 RH302
Leading the way in IT testing and certification tools, www.testking.com
- 143 - Now f our host s ar e conf i gur ed f or www. You need t o conf i gur e web ser ver i n t hese f our host s t o pr ovi de ser vi ce i n equal l oad bal anci ng. J ust check usi ng host command on cl i ent . Lets go with the Reverse Lookup Rever se l ookup maps Name i nt o I P Addr ess, when user quer y usi ng I P your DNS ser ver shoul d r epl y t o cl i ent by mappi ng i nt o name. # vi / et c/ named. conf zone 0. 168. 192. i n- addr . ar pa I N { t ype mast er ; f i l e 0. 168. 192. i n- addr - ar pa. zone; }; I n Rever se Lookup you need t o use t he i n- addr - ar pa keywor d because I P Addr esses ar e managed by ARPA, si mi l ar l y speci f i ed t he t ype and f i l e name. # vi / var / named/ chr oot / var / named/ 0. 168. 192. i n- addr . ar pa. zone $TTL 5454 @I N SOA @admi n. t est ki ng. com. ( 100; Ser i al Number RH302
Leading the way in IT testing and certification tools, www.testking.com
- 144 - 1H; Ref r esh Ti me 1M; Ret r y Ti me 1W; Expi r e Ti me 1D; Mi ni mumt i me t o Li ve ) @I N NS 192. 168. 0. 1 @I N NS 192. 168. 0. 2 3 I N PTR www. exampl e. com. 4 I N PTR f t p. exampl e. com. 5 I N PTR mai l . exampl e. com. # ser vi ce named st ar t | r est ar t # host 192. 168. 0. 3 Global Options in /etc/named.conf
di r ect or y : Pat h of di r ect or y use t o conf i gur e t he zone dat abase f i l e. By def aul t / var / named di r ect or y. al l ow- quer y : Cl i ent s l i st t o al l ow quer y on DNS ser ver RH302
Leading the way in IT testing and certification tools, www.testking.com
- 145 - al l ow- t r ansf er : Who can be sl ave name ser ver ? Al l owed host can t r ansf er t he DNS dat abase of Zone i nt o sl ave ser ver . For war der s : For war d t o whom i t DNS ser ver unabl e t o r esol ve t he host . Exampl e acl I nt er nal { 192. 168. 0. 0/ 24; 172. 24. 0. 0/ 26; }; opt i ons { di r ect or y / var / named; al l ow- quer y { I nt er nal ; }; f or war der s { 202. 2. 2. 2; }; al l ow- t r ansf er { 192. 168. 0. 2; }; I n exampl e I cr eat ed one ACL ( Access Cont r ol Li st ) , whi ch cont ai ns t wo di f f er ent net wor k. I n di r ect or y opt i ons def aul t di r ect or y i s wr i t t en so zone dat abase f i l e shoul d cr eat e on t hi s di r ect or y. host f r om ei t her 0 or 24 net wor k can quer y t o DNS ser ver , I f DNS ser ver unabl e t o r esol ve cl i ent r equest i t f or war ds r equest t o next dns ser ver 202. 2. 2. 2 and 192. 168. 0. 2 can be sl ave ser ver by copyi ng mast er DNS dat abase. Configuring Slave DNS server I al r eady ment i oned t hat DNS can be ei t her mast er or sl ave ser ver . Sl ave pr ovi des t he backup t o Mast er ser ver . RH302
Leading the way in IT testing and certification tools, www.testking.com
- 146 - I n my Conf i gur at i on Exampl e: 192. 168. 0. 1 i s t he mast er and 192. 168. 0. 2 i s t he sl ave ser ver # vi / et c/ named. conf zone exampl e. com I N { t ype sl ave; mast er s { 192. 168. 0. 1; }; f i l e exampl e. com. zone; }; I n Mast er you need t o al l ow t r ansf er . # ser ver named st ar t | r est ar t May be You unabl e t o t r ansf er t he dat abase f r om mast er t o sl ave i f t her e i s not wr i t e per mi ssi on t o named gr oup i n / var / named/ chr oot / var / named. When you exami ne t he Log f i l e ( / var / l og/ messages) you wi l l get t he er r or s of per mi ssi on deni ed er r or .
# chmod g+w / var / named/ chr oot / Now agai n r est ar t t he named ser vi ce, dat abase f i l e wi l l t r ansf er f r ommast er t o sl ave ser ver . RNDC ( Remot e Name Daemon Cont r ol ) : Ut i l i t y whi ch cont r ol s t he Named ser vi ce, whi ch uses t he encr ypt ed key t o manage RH302
Leading the way in IT testing and certification tools, www.testking.com
- 147 - secur e communi cat i on. / et c/ r ndc. conf i s t he mai n conf i gur at i on f i l e f or r hdc ser vi ce. # r ndc r el oad : whi ch r el oad t he r ndc by usi ng r ndc conf i gur at i on f i l e. I f you f eel t he need t o secur e your DNS ser ver , you l l want t o change t hi s key. The f ol l owi ng command aut omat i cal l y set s up a new key i n / et c/ r ndc. key, wi t h a key si ze of 512 bi t s. # r ndc- conf gen - a - b 512 By def aul t i n Redhat Ent er pr i se Li nux, r oot ser ver comes wi t h conf i gur at i on, when user sends r equest t o DNS ser ver ei t her DNS r epl y t o cl i ent or f or war d t he r equest t o anot her DNS ser ver or sends t he r equest t o r oot name ser ver , wher e al l DNS r ecor d mai nt ai ned. Her e i s t he def aul t conf i gur at i on of r oot name ser ver . zone " . " { t ype hi nt ; f i l e " named. ca" }; RH302
Leading the way in IT testing and certification tools, www.testking.com
- 148 -
FTP Server Configuration
FTP i s t he f i l e t r ansf er pr ot ocol use t o t r ansf er f i l es bet ween net wor ks. FTP ser vi ces r uns on por t 20 and 21, wher e 20 f or dat a and 21 f or user aut hent i cat i on.
I n Redhat Ent er pr i se Li nux vsf t pd ( Ver y Secur ed FTP) i s used as FTP ser ver . You need t o i nst al l vsf t pd package. #r pmi vh vsf t pd- * By def aul t Real User as wel l as Anonymous can Logi n i n FTP ser ver . Real user Logi n i n user s home di r ect or y and anonymous l ogi n i n / var / f t p/ di r ect or y.
/ et c/ vsf t pd/ vsf t pd. conf i s t he mai n f t p conf i gur at i on f i l e. I wi l l go t hr ough t he some conf i gur at i on of vsf t pd. conf
anonymous_enabl e=YES I f you want t o deny anonymous you can wr i t e anonymous_enabl e=no Wher e # symbol i s used comment
l ocal _enabl e=YES Whet her l ogi n al l ow t o r eal user or not ? I al r eady wr ot e t hat anonymous as wel l r eal user s ar e al l ow t o l ogi n. wr i t e_enabl e=yes
Thi s opt i ons enabl e l ogged i n user s t o access f ul l y r oot f i l esyst emas wel l as can cr eat ed di r ect or y i n f t p pr ompt . RH302
Leading the way in IT testing and certification tools, www.testking.com
- 149 -
Local _umask=022 What t o set t he def aul t per mi ssi on of upl oaded f i l es ? By def aul t set t t i ng 022 means 666 022 - - - - - - 644 So t hi s mask set t he per mi ssi on of r w- r - - r on upl oaded f i l es.
You Know t hat by def aul t Real user s onl y can upl oad f i l es i nt o FTP ser ver anonymous can downl oad onl y. Ther e ar e opt i ons ei t her enabl e t o upl oad t o anonymous or not .
#anon_upl oad_enabl e=YES #anon_mkdi r _wr i t e_enabl e=YES I f you want t o enabl e f i l e upl oad by anonymous uncomment anon_upl oad_enabl e=yes l i ne. But r emember t hat you need t o cr eat e a di r ect or y wi t h owner shi p of f t p user as wel l as wr i t e per mi ssi on t o f t p user .
Anonymous user can cr eat e di r ect or y or can wr i t e f r omf t p pr ompt or not ? i f you uncomment t he l i ne anon_mkdi r _wr i t e_enabl e=yes, anonymous can cr eat e t he di r ect or y i n f t p pr ompt .
You want t o di spl ay message on di r ect or y basi s ? When user changes di r ect or y t hr ough FTP can di spl ay di r ect or y message. Thi s opt i on enabl e by def aul t . RH302
Leading the way in IT testing and certification tools, www.testking.com
- 150 -
di r message_enabl e=YES To di spl ay di r ect or y message, you need t o cr eat e f i l e . message and wr i t e message what you want t o di spl ay.
FTP ser ver mai nt ai ns t he l og of upl oadi ng and downl oadi ng f i l es i n / var / l og/ xf er l og f i l e. Thi s opt i on al so by def aul t enabl e.
xf er l og_enabl e=YES
FTP ser vi ce uses 20 and 21 Por t , wher e 20 f or f t p dat a and 21 f or user aut hent i cat i on.
connect _f r om_por t _20=YES
#chown_upl oads=YES #chown_user name=whoever Owner shi p change or not of upl oaded f i l e havi ng no owner shi p, exampl e upl oaded by anonymous. Exampl e: Chown_upl oads=yes Chow_user name=user 1 Now Upl oaded f i l es owner shi p wi l l be user user 1.
Denying Certain users logging through FTP / et c/ vsf t pd. f t puser s f i l e i s used t o deny t he r eal user s f or f t p ser vi ce. Ent er t he user name one per l i ne t o whomyou want t o deny. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 151 - User 1 User 2 User 3 / et c/ vsf t pd. user _l i st f i l e some t i me used t o deny, some t o t o al l ow. I F you use user l i st _enabl e=yes i n vsf t pd. conf f i l e, t hi s f i l e i s used t o deny, i f user l i st _enabl e=no t hen onl y t he user wr i t t en i n / et c/ vsf t pd. user _l i st ar e al l owed t o t o access t he f t p ser vi ce.
Af t er changi ng t he conf i gur at i on r est ar t t he vsf t pd ser vi ce. # ser vi ce vsf t pd r est ar t I f you woul d l i ke t o st ar t vsf t pd ser vi ce aut omat i cal l y at next r eboot #chkconf i g vsf t pd on
FTP Client Ther e ar e di f f er ent ways of accessi ng t he f t p sevi ce. One way i s usi ng f t p or l f t p cl i ent t ool s. #f t p ser ver or #l f t p u user name ser ver When you connect to ftp server will get like this prompt RH302
Leading the way in IT testing and certification tools, www.testking.com
- 152 -
Some Commands runs in FTP prompt Commands Description Put Uploads single file at a time Mput Can upload multiple files using wildcard Get Download Single File mget Download Multiple Files mkdir Creates directory from ftp prompts Ls List Directory Contents Pwd Displays absolute Working path cd Change Directory User Allows enter username and passowrd
I f you enj oy t o wor k wi t h Gr aphi cal User I nt er f ace ver si on, t her e ar e l ot s of t ool s f or f t p connect i ons. I n Redhat Ent er pr i se Li nux 5 gFTP and Kget et c appl i cat i ons. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 153 - I n Gnome Cl i ck on Appl i cat i onsI nt er net gFTP
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 154 - NFS Server Configuration NFS ( Net wor k Fi l e Syst em) i s t he st andar d Fi l e shar i ng ser vi ces i n Li nux and Uni x. Thr ough NFS, we can shar e t he dat a i n Li nux Envi r onment . Redhat Ent er pr i se Li nux uses NFS i n bot h ser ver and cl i ent si de.
NFS i s ver y easy t o conf i gur e you need t o j ust wr i t e i n / et c/ expor t s f i l e. Synt ax: Di r ect or y Cl i ent ( Per mi ssi on)
Exampl e: / pub *. exampl e. com( r w, sync) / publ i c 192. 168. 0. 0/ 255. 255. 255. 0( r w, sync) 192. 168. 1. 0/ 255. 255. 255. 0( r o, sync)
Cl i ent Li st can speci f y ei t her usi ng I P Addr ess or host name. *. exampl e. com r epr esent s al l t he member s of exampl e. com domai n. Si mi l ar l y cl i ent l i st can wr i t e usi ng I P Addr ess/ subnet mask. I n above exampl e 0 net wor k get s i n r ead and wr i t e mode as wel l as 1 net wor k get s i n r ead onl y mode.
Options in NFS: ro : Shar ed per mi ssi on Read onl y rw : Shar ed per mi ssi on Read and Wr i t e sync : Shar ed per mi ssi on i n sync mode no_root_squash : Remot e r oot user get s per mi ssi on as l ocal r oot user all_squash : Al l r emot e user mapped as anonymous user RH302
Leading the way in IT testing and certification tools, www.testking.com
- 155 -
Once you've modified /etc/exports, you need to do more. First, this file is simply the default set of exported directories. You need to activate them with the exportfs -a command. exportfs r refresh /etc/exports shares. As well as exportfs v list all shared directories from local computer. Using GUI tool, you can configure the NFS server using system-config-nfs command
Click on Add
Click on General Options RH302
Leading the way in IT testing and certification tools, www.testking.com
- 156 -
NFS is the RPC service so you need to start portmap with nfs.
# service nfs start #service portmap restart
Similarly you can check what data are shared from the remote host using showmount command.
#showmount e server
You can use the shared directory from the server using mount command as well as using Autofs feature. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 157 - Samba Server Configuration Samba hel ps t o shar e t he dat a bet ween Li nux and Wi ndows Syst em. Mi cr osof t devel oped Net BI OS pr ot ocol over TCP/ I P t o r esol ve Name si mi l ar l y SMB wor ks based on Net BI OS pr ot ocol .
SMB hel ps Shar i ng Dat a Shar i ng Pr i nt er s Aut hent i cat i on and Aut hor i zat i on Name Resol ut i on wi t h WI NS ser ver Samba Server Installation #r pmi vh samba- * #r pmi vh samba- cl i ent - * samba package pr ovi des t he ser ver conf i gur at i on i nt er f ace and samba- cl i ent pr ovi des t he samba cl i ent t ool t o connect t o Mi cr osof t shar es.
Let s go t o connect t o Mi cr osof t Shar e: #smbcl i ent L / / comput er 1 U admi ni st r at or %passwor d
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 158 - Thi s command di spl ays al l shar ed dat a f r om comput er comput er 1. Wher e comput er 1 i s t he Mi cr osof t Wi ndows net bi os name. SMB aut hent i cat e t o user so user name i s admi ni st r at or and passwor d i s passwor d.
Suppose t est di r ect or y i s shar ed f r om comput er 1 and you want t o connect t o shr ed di r ect or y #smbcl i ent / / comput er 1/ t est U admi ni st r at or %passwor d Af t er Connect i ng you wi l l get smb pr ompt . Smb: <> l s Smb: <> get f i l ename Smb: <>put f i l ename Anot her way of connect i ng t o wi ndows shar e usi ng mount or smbmount command. #mount t smbf s / / comput er 1/ t est / mnt / smb o user name=admi ni st r at or , passwor d=passwor d I t wi l l mount t he shar ed t est di r ect or y i nt o / mnt / smb di r ect or y. I t br i ngs t he ext er nal wi ndows shar ed di r ect or y i nt o t he Li nux Fi l esyst em Hi r er chy. When mount i ng t he samba shar ed dat a, you need t o speci f y t he smbf s f i l esyst em.
#umount / mnt / smb unmount s t he mount ed f i l esyst em
#smbmount / / comput er 1/ t est / mnt / smb o user name=admi ni st r at or %passwor d smbmount al so same as mount command but onl y use t o mount samba shar ed dat a. Samba Server Configuration RH302
Leading the way in IT testing and certification tools, www.testking.com
- 159 - / et c/ samba/ smb. conf i s t he mai n conf i gur at i on f i l e f or samba ser ver i n l i nux as wel l as ot her f i l es l ocat ed i n / et c/ samba di r ect or y. smb i s t he samba ser vi ce.
When you i nst al l samba r pm package i t i nst al l t he package wi t h def aul t conf i gur at i on f i l e / et c/ samba/ smb. conf . I t i s bet t er way t o go wi t h basi c exampl e.
1. Shar i ng Dat a #vi / et c/ samba/ smb. conf [ gl obal ] net bi os name=l i nuxser ver wor kgr oup=mygr oup ser ver st r i ng=shar i ng f r oml i nux ser ver secur i t y=shar e
[ dat a] pat h=/ dat a br owsabl e=yes wr i t abl e=yes publ i c=yes
I r ecommend you r ename t he def aul t smb. conf f i l e and cr eat e new. Ther e ar e some t ags ar e pr edef i ned exampl e, gl obal , pr i nt er s, homes et c. Gl obal sect i on i s used t o def i ne t he gl obal opt i on t o ot her shar e dat a. net bi os name=l i nuxser ver RH302
Leading the way in IT testing and certification tools, www.testking.com
- 160 - I al r eady met i oned t hat Mi cr osof t Wi ndows uses net bi os pr ot ocol t o r esol ve comput er name same t hi ng what name shoul d r esol ve or what name shoul d di spl ay i n net wor k pl aces. Your shar e wi l l di spl ay wi t h l i nuxser ver name.
Your samba shar e bel ong whi ch gr oup t hat def i nes usi ng wor kgr oup di r ect i ves. Thi s shar e bel ongs t o mygr oup.
Ser ver st r i ng di r ect i ves i s used t o wr i t e t he descr i pt i on of shar e. And secur i t y def i nes t he l evel of secur i t y of samba shar e. Val ue of Secur i t y can be:
Security=Server : Ser ver Secur i t y mode i s l ef t over f r om t he t i me when samba was nt capabl e of act i ng as a domai n member ser ver . I t i s hi gl y r ecomemded not t o use t hi s f eat ur e. Security=User : User l evel secur i t y f i r st because i t s si mpl er . I n user - l eel secur i t y, t he cl i ent sends a sessi on set up r equest di r ect l y f ol l owi ng pr ot ocol negot i at i on. Thi s r equest pr ovi des a user name and passwor d. The ser ver can ei t her accept or r ej ect t he user name and passwor d combi nat i on. security=share : I n shar e l evel secur i t y, t he cl i ent aut hent i cat es i t sel f separ at el y f or each shar e. I t sends a passwor d al ong wi t h each t r ee connect i on r equest , but i t does not expl i ci t l y send a user name wi t h t hi s oper at i on.
Now i t s t i me t o def i ne shar e name. [ dat a] i s t he shar e name of shar ed di r ect or y.
RH302
Leading the way in IT testing and certification tools, www.testking.com
path i s t he di r ect or y t o shar e, br owsabl e=yes means shar ed di r ect or y appear i n net wor k pl aces, i f you woul d l i ke t o shar e as hi dden shar e use no opt i on. wr i t abl e=yes, t hi s i s shar e l evel per mi ssi on. Di r ect or y i s shar i ng i n r ead and wr i t e mode. publ i c=yes, guest user of wi ndows can access or not .
Now you have t o st ar t t he smb ser vi ce #ser vi ce smb st ar t | r est ar t
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 162 - 2. Shar i ng Dat a wi t h user Aut hent i cat i on
#vi / et c/ samba/ smb. conf [ gl obal ] net bi os name=l i nuxser ver wor kgr oup=mygr oup ser ver st r i ng=shar i ng f r oml i nux ser ver secur i t y=user smb passwd f i l e=/ et c/ samba/ smbpasswd encr ypt passwor ds=yes
[ dat a] pat h=/ dat a br owsabl e=yes wr i t abl e=yes publ i c=yes
When you woul d l i ke t o shar e dat a wi t h user based aut hent i cat i on, means bef or e accessi ng t he dat a shoul d ask f or samba user and passwor d. You shoul d use t he user i n secur i t y t ype. smb passwd f i l e r epr esent s wher e t o st or e t he user name and passwor d of samba user . Passwor ds shoul d sent on encr ypt f or mat or not def i ne by encr ypt passwor ds opt i ons.
Now you need t o cr eat e t he samba user #smbpasswd a user 1 : I t wi l l cr eat e t he user 1 as a samba user and st or es t he user name and passwor d i nt o t he f i l e as def i ned i n smb passwd f i l e di r ect i ves.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 163 - J ust r est ar t t he smb ser vi ce. #ser vi ce smb st ar t | r est ar t Go t o wi ndows syst emand access t he shar ed f r oml i nux usi ng l i nuxser ver net bi os name. When you t r y t o access i t ask f or user name and passwor d of l i nux ser ver .
Some ot her i mpor t ant opt i ons
i . host s al l ow = 172. 24. 192. 168. 0 : Def i ne whi ch host s can access t he shar e.
i i . val i d user s= user 1 user 2 : Def i ne Whi ch user can access t hi s shar e
i i i . r ead onl y : Whet her shar e t he dat a r ead onl y mode or not
i v. wr i t e l i st : Whi ch user or gr oup can access i n r ead and wr i t e mode even dat a shar ed i n r ead onl y mode.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 164 - Exampl e:
#vi / et c/ samba/ smb. conf [ gl obal ] net bi os name=l i nuxser ver wor kgr oup=mygr oup ser ver st r i ng=shar i ng f r oml i nux ser ver secur i t y=user smb passwd f i l e=/ et c/ samba/ smbpasswd encr ypt passwor ds=yes host s al l ow= 172. 24. 192. 168. 0. [ dat a] pat h=/ dat a br owsabl e=yes wr i t abl e=yes publ i c=yes val i d user s=user 1
[ dat a1] pat h=/ dat a1 br owsabl e=yes wr i t abl e=no wr i t e l i st =user 2 @t r ai ni ng
[ dat a2] pat h=/ dat a2 br owsabl e=yes wr i t abl e=no host s al l ow=172. 24
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 165 - # ser vi ce smb r est ar t Logi n i n Wi ndows syst em and access f r om Net wor k Pl aces or go t o t he r un and t ype \ \ l i nuxser ver RH302
Leading the way in IT testing and certification tools, www.testking.com
- 166 - Sharing Users Home Directory SMB can use f or user aut hent i cat i on al so, i f you ar e usi ng samba domai n user s home di r ect or y shoul d access f r omt he cl i ent machi ne.
Example
#vi / et c/ samba/ smb. conf [ gl obal ] net bi os name=l i nuxser ver wor kgr oup=mygr oup ser ver st r i ng=shar i ng f r oml i nux ser ver secur i t y=user smb passwd f i l e=/ et c/ samba/ smbpasswd encr ypt passwor ds=yes
[ homes] publ i c=no br owsabl e=yes wr i t abl e=yes
#user add user 1 #user add user 2 #user add user 3 #smbpaswd a user 1 #smbpasswd a user 2 #smbpasswd a user 3
#ser vi ce smb r est ar t | st ar t
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 167 - Sharing Printer through Samba Samba al so hel ps t o shar e t he pr i nt er connect ed i n l i nux ser ver .
#vi / et c/ samba/ smb. conf [ gl obal ] net bi os name=l i nuxser ver wor kgr oup=mygr oup secur i t y=shar e pr i nt i ng=cups pr i nt cap name=/ et c/ pr i nt cap l oad pr i nt er s=yes
[ pr i nt es] pat h=/ var / spool / samba publ i c=yes br owsabl e=yes wr i t abl e=no pr i nt abl e=yes
pr i nt i ng def i ne t he sof t war e used t o pr i nt t he document . / et c/ pr i nt cap f i l e mai nt ai ns al l pr i nt er named i nst al l ed on l ocal syst em.
Pr i nt er s i s t he pr edef i ned t ag whi ch r epr esent s al l i nst al l ed pr i nt er . / var / spool / samba i s t he spool i ng di r ect or y.
Ther e i s t ool name testparm, whi ch checks t he synt ax of / et c/ samba/ smb. conf . RH302
Leading the way in IT testing and certification tools, www.testking.com
- 168 - I f you woul d t o l i ke t o conf i gur e t he SAMBA ser ver usi ng Redhat GUI Ver si on t ool #syst em- conf i g- samba
Si mi l ar l y you can conf i gur e samba ser ver t hr ough br owser cal l ed samba swat . Open br owser and t ype ht t p: / / l ocal host : 901
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 169 - Samba Swat Conf i gur at i on wi ndow
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 170 - Sendmail Server
Sendmai l i s t he def aul t mai l ser ver i n Redhat Ent er pr i se Li nux 5 havi ng l ot s of f eat ur es.
I t r out es mai l i n di f f er ent t ypes addr esses Suppor t s f or vi r t ual domai n as wel l as vi r t ual user s Can Masquer ade Emai l Addr esses Aut omat i cal l y r et r y f or f ai l ed emai l By Def aul t al l ows connect i ons onl y f r oml ocal host Rej ect s mai l f r omunr esol vabl e domai n Ant i - SpamFeat ur es added
Her e i s t he over vi ew of Emai l t r ansf er
Users Mail Client Program Local Mail Transport Agent ISPs MTA Domain MTA Users get the Message RH302
Leading the way in IT testing and certification tools, www.testking.com
- 171 -
When user sends t he message usi ng Mai l Cl i ent pr ogr am l i ke kmai l , Evol ut i on Mai l . Mai l wi l l send t o Local Mai l Tr anspor t Agent . Local Mai l Tr anspor t Agent uses t he Mul t i pl e MTA i n bet ween t he sour ce MTA and Dest i nat i on MTA. I SP s MTA sear ch t he domai n mai l exchanger of dest i nat i on domai n. Then I SP s MTA and Dest i nat i on MTA st ar t t he negot at i on t o est abl i sh t he connect i on. Af t er Compl et i ng t he Negot at i on connect i on wi l l est abl i shed and accor di ng t o t he Admi ni st r at or s pol i cy mai l wi l l accept or r ej ect by t he dest i nat i on MTA.
For Sendmai l you need t o i nst al l i . sendmai l i i . sendmai l - cf i i i . dovecot
I n RHCE examyou need t o conf i gur e t he basi c mai l ser ver .
Some Important Files needs to remember i . /etc/mail/sendmail.cf : I t i s t he mai n sendmai l cof i gur at i on f i l e, whi ch i s r ead by sendmai l ser vi ce. Thi s f i l e i s t he Mi cr o 4 Language s out put gener at ed usi ng sendmai l . mc f i l e. i i . /etc/mail/sendmail.mc : I t i s t he f i l e used t o conf i gur e t he mai l sendmai l conf i gur at i on f i l e. I t RH302
Leading the way in IT testing and certification tools, www.testking.com
- 172 - i s i n r eadabl e f or mat . What ever you made changes you need t o gener at e sendmai l . cf f i l e. i i i . /etc/mail/access : I t i s t he f i l e t o al l ow or deny mai l comi ng f r omhost , net wor k, domai n or mai l addr ess. i v. /etc/mail/virtusertable : Thi s f i l e hel ps t o map t he vi r t ual addr ess i nt o t he r eal addr ess. v. /etc/mail/local-host-names : I t cont ai ns t he l i st of domai ns t o accept t he mai l comi ng f or . vi . / et c/ al i ases : Thi s f i l e i s used t o al i as t he emai l addr ess. vi i . / et c/ dovecot . conf : I t i s t he dovecot conf i gur at i on f i l e used t o enabl e i map, i maps, pop3, pop3s pr ot ocol s.
Lets go to configure the mail server
Suppose I mgoi ng t o conf i gur e t he mai l ser ver f or exampl e. comdomai n. I speci f i ed t hat mai l exchanger of exampl e. comdomai n i s mai l . exampl e. comassoci at ed I P 192. 168. 0. 5. Yes I mdoi ng on mai l . exampl e. comhost . i . vi / et c/ mai l / l ocal - host - names exampl e. com
i i . vi / et c/ mai l / sendmai l . mc dnl DAEMON_OPTI ONS( `Por t =smt p, Addr =127. 0. 0. 1, Name=MTA' ) i i i . m4 / et c/ mai l / sendmai l . mc >/ et c/ mai l / sendmai l . cf i v. vi / et c/ mai l / access RH302
Leading the way in IT testing and certification tools, www.testking.com
- 173 - 192. 168. 0 ACCEPT v. vi / et c/ dovecot . conf pr ot ocol s = i map i maps pop3 pop3s v. ser vi ce sendmai l st ar t vi . ser vi ce dovecot st ar t
I mher e goi ng t o conf i gur e t he mai l ser ver f or exampl e. comdomai n so I shoul d speci f y t he domai n name t o whi ch mai l comi ng accept by t hi s host . I al r eady wr ot e t hat by def aul t sendmai l ser ver accept t he connect i on onl y f r oml ocal host . Now need t o al l ow t he smt p or pop connect i on f r omot her host s al so so I comment t he l i ne cont ai ni ng t o al l ow onl y t o l ocal host usi ng dnl wor d. sendmai l . mc i s t he mai n user conf i gur at i on f i l e wr i t t en i n Mi cr o 4 Language wher e dnl comment t he l i ne. Af t er changi ng t he conf i gur at i on of sendmai l . mc f i l e needs t o cr eat e sendmai l . cf usi ng m4 because sendmai l ser ver r eads t he sendmai l . cf f i l e.
Access f i l e def i ne t o accept or r ej ect mai l s comi ng f r om; 192. 168. 0 ACCEPT 192. 168. 1 REJ ECT @cr acker . or g REJ ECT nobody@ REJ ECT user 1@yahoo. com ERROR: 550 I nval i d Emai l Addr ess
Her e you can def i ne whi ch mai l accept or r ej ect comi ng. I n Above exampl e mai l comi ng f r om192. 168. 0 net wor k accept s, comi ng f r om192. 168. 1 net wor k r ej ect s, mai l f r om cr acker . or g domai n r ej ect s, any mai l comi ng havi ng nobody RH302
Leading the way in IT testing and certification tools, www.testking.com
- 174 - i n emai l addr ess r ej ect s . Usi ng ERROR: 550 er r or Code you can di spl ay user def i ne er r or message.
By def aul t dovecot st ar t t he i map pr ot ocol i f you want t o st ar t pop pr ot ocol you shoul d wr i t e i n dovecot conf i gur at i on f i l e / et c/ dovecot . conf .
# vi / et c/ dovecot . conf pr ot ocol s = i map i maps pop3 pop3s #ser vi ce dovecot st ar t | r est ar t RH302
Leading the way in IT testing and certification tools, www.testking.com
- 175 - Let s go t o map t he vi r t ual addr ess i nt o r eal addr ess. / et c/ mai l / vi r t user t abl e f i l e i s used t o map t he vi r t ual addr ess i nt o t he r eal addr ess. @abc. com user 1 i nf o@xyz. com user 2 admi n@t est ki ng. com user 3
I n above exampl e, mai l comi ng f or any user of abc. com domai n wi l l send t o user user 1, mai l comi ng t o i nf o@xyz. com wi l l send t o user 2 and mai l comi ng t o admi n@t est ki ng. comt o user 3.
Aliasing Real Address to Read Address Suppose you ar e wor ki ng as a Admi ni st r at or i n abc. comand t her e ar e t wo empl oyee havi ng user 1 and user 2 user name. When user user 1 absent user 2 wi l l handl e al l user 1 s r esponsi bi l i t i es, now you shoul d f or war d al l mai l s comi ng t o user 1 t o user 2. Yes f or t hi s t her e i s a f i l e / et c/ al i ases, f r omt hi s f i l e we can al i as t he user .
User 1: user 2 : Al l mai l comi ng t o user user 1 wi l l send t o user user 2. But r emember t hat af t er changi ng t he conf i gur at i on of al i ases f i l e needs t o gener at e t he dat abase f i l e al i ases. db usi ng newaliases command.
Af t er Conf i gur i ng mai l ser ver , you can di r ect l y send or check t he mai l by l ogi n i nt o t he mai l ser ver i n 25 and 110 por t s. 25 por t i s used by SMTP ( Si mpl e Tr ansf er Pr ot ocol ) and 110 i s used by POP3 ( Post Of f i ce Pr ot ocol ) . RH302
Leading the way in IT testing and certification tools, www.testking.com
- 176 -
Exampl e of l ogi n i nt o mai l ser ver i n SMTP por t .
#t el net mai l . exampl e. com25 hel o mai l . exampl e. com mai l f r om: user 1@exampl e. com r cpt t o: user 2@exampl e. com dat a Hel l o user 2 . qui t
Yes SMTP pr ot ocol i s used t o send t he message so I shown you t he exampl e of sendi ng mai l f r omSMTP por t . Let s go t o check t he mai l vi a pop por t .
# t el net mai l . exampl e. com110 user user 1 pass mypasswor d st at t op 1 123 ( Gi ve t he val ue of st at out put ) qui t RH302
Leading the way in IT testing and certification tools, www.testking.com
- 177 - Lets Go with sendmail.mc more options Thi s i s t he mai n conf i gur at i on f i l e f or sendmai l ser ver pr ogr am. Her e dnl i s comment and par ent heses st ar t s wi t h back quot e and end wi t h si ngl e quot e.
The f ol l owi ng i ncl ude command adds t he cf . m4 command as a macr o pr ocessi ng pr ot ot ype; by def aul t , i t r equi r es i nst al l at i on of t he sendmai l - cf - * RPM.
So ever y t i me when you make changes i nt o sendmal . mc f i l e needs t o gener at e sendmai l . cf f i l e usi ng m4 command.
i ncl ude( `/ usr / shar e/ sendmai l - cf / m4/ cf . m4' ) dnl
Local Ver si on associ at ed wi t h i nst al l ed sendmai l ser ver
VERSI ONI D( `set up f or Red Hat Li nux ' ) dnl CONFI GURI NG SENDMAI L 597 Def i ned t he OS t ype.
OSTYPE( `l i nux' ) dnl
Wr i t e t he next mai l ser ver name t o f or war d al l out oi ng mai l . Gener al l y t hi s i s t he Mai l ser ver of your I SP.
dnl def i ne( `SMART_HOST' , `smt p. your . pr ovi der ' )
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 178 - Def i ned t he dat abase name cont ai ni ng t he l i st of bl ack l i st i ng.
FEATURE( `access_db' , `hash - T<TMPF> - o/ et c/ mai l / access. db' ) dnl FEATURE( `bl ackl i st _r eci pi ent s' ) dnl
I f t he r oot user t r i es t o l og i n, t he EXPOSED_USER command r equi r es t he f ul l e- mai l addr ess. EXPOSED_USER( `r oot ' ) dnl The LOCAL_DOMAI N command speci f i es an al i as f or t he l ocal comput er ; l ocal host . l ocal domai n i s a def aul t al i as i n / et c/ host s. LOCAL_DOMAI N( `l ocal host . l ocal domai n' ) dnl
MASQUERADE_AS changes t he domai n t o al l out goi ng mai l s. MASQUERADE_AS( `t est ki ng. com' ) dnl dnl # masquer ade not j ust t he header s, but t he envel ope as wel l dnl # dnl FEATURE( masquer ade_envel ope) dnl dnl # dnl # masquer ade not j ust @mydomai nal i as. com, but @*. mydomai nal i as. comas wel l dnl # dnl FEATURE( masquer ade_ent i r e_domai n) dnl dnl # RH302
Leading the way in IT testing and certification tools, www.testking.com
- 179 - usi ng MASQUERADE_DOMAI N you can masquer ade t o mul t i pl e domai ns wi t h same.
dnl MASQUERADE_DOMAI N( l ocal host ) dnl dnl MASQUERADE_DOMAI N( l ocal host . l ocal domai n) dnl dnl MASQUERADE_DOMAI N( abc. com) dnl dnl MASQUERADE_DOMAI N( exampl e. com) dnl
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 180 - Apache overview Apache web ser ver i s t he most wi del y used ht t p daemon based web ser ver . Whi ch pr ovi des t he secur e as wel l as non- secur e cont ent s t r ansf er bet ween cl i ent and ser ver usi ng ht t p or ht t ps pr ot ocol s. Apache l oads l ot s of modul es dynami cal l y t o i nt er pr et t he CGI , Per l , PHP et c scr i pt s on br owser .
LoadModul e access_modul e modul es/ mod_access. so LoadModul e aut h_modul e modul es/ mod_aut h. so LoadModul e aut h_anon_modul e modul es/ mod_aut h_anon. so LoadModul e aut h_dbm_modul e modul es/ mod_aut h_dbm. so LoadModul e aut h_di gest _modul e modul es/ mod_aut h_di gest . so LoadModul e l dap_modul e modul es/ mod_l dap. so LoadModul e aut h_l dap_modul e modul es/ mod_aut h_l dap. so LoadModul e i ncl ude_modul e modul es/ mod_i ncl ude. so LoadModul e l og_conf i g_modul e modul es/ mod_l og_conf i g. so LoadModul e env_modul e modul es/ mod_env. so LoadModul e mi me_magi c_modul e modul es/ mod_mi me_magi c. so LoadModul e cer n_met a_modul e modul es/ mod_cer n_met a. so LoadModul e expi r es_modul e modul es/ mod_expi r es. so LoadModul e def l at e_modul e modul es/ mod_def l at e. so LoadModul e header s_modul e modul es/ mod_header s. so LoadModul e user t r ack_modul e modul es/ mod_user t r ack. so LoadModul e set envi f _modul e modul es/ mod_set envi f . so LoadModul e mi me_modul e modul es/ mod_mi me. so LoadModul e dav_modul e modul es/ mod_dav. so LoadModul e st at us_modul e modul es/ mod_st at us. so LoadModul e aut oi ndex_modul e modul es/ mod_aut oi ndex. so LoadModul e asi s_modul e modul es/ mod_asi s. so RH302
Leading the way in IT testing and certification tools, www.testking.com
- 181 - LoadModul e i nf o_modul e modul es/ mod_i nf o. so LoadModul e dav_f s_modul e modul es/ mod_dav_f s. so LoadModul e vhost _al i as_modul e modul es/ mod_vhost _al i as. so LoadModul e negot i at i on_modul e modul es/ mod_negot i at i on. so LoadModul e di r _modul e modul es/ mod_di r . so LoadModul e i map_modul e modul es/ mod_i map. so LoadModul e act i ons_modul e modul es/ mod_act i ons. so LoadModul e spel i ng_modul e modul es/ mod_spel i ng. so LoadModul e user di r _modul e modul es/ mod_user di r . so LoadModul e al i as_modul e modul es/ mod_al i as. so LoadModul e r ewr i t e_modul e modul es/ mod_r ewr i t e. so LoadModul e pr oxy_modul e modul es/ mod_pr oxy. so LoadModul e pr oxy_f t p_modul e modul es/ mod_pr oxy_f t p. so LoadModul e pr oxy_ht t p_modul e modul es/ mod_pr oxy_ht t p. so LoadModul e pr oxy_connect _modul e modul es/ mod_pr oxy_connect . so LoadModul e cache_modul e modul es/ mod_cache. so LoadModul e suexec_modul e modul es/ mod_suexec. so LoadModul e di sk_cache_modul e modul es/ mod_di sk_cache. so LoadModul e f i l e_cache_modul e modul es/ mod_f i l e_cache. so LoadModul e mem_cache_modul e modul es/ mod_mem_cache. so
/ et c/ ht t pd i s t he r oot di r ect or y of ht t pd ser vi ce, / et c/ ht t pd/ conf / ht t pd. conf i s t he mai n conf i gur at i on f i l e f or ht t p ser vi ce.
By def aul t ht t pd ser vi ce r uns under t he owner shi p of apache user and apache gr oup on por t 80.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 182 - User apache Gr oup apache # Change t hi s t o Li st en on speci f i c I P addr esses as shown bel ow t o # pr event Apache f r omgl ommi ng ont o al l bound I P addr esses ( 0. 0. 0. 0) # #Li st en 12. 34. 56. 78: 80 Li st en 80
I nst al l i ng ht t p ser vi ce # r pmi vh ht t pd- * Or #syst em- conf i g- packages t r ee=/ var / f t p/ pub
/ var / www/ ht ml i s t he def aul t di r ect or y i f you woul d l i ke t o change t he def aul t change RH302
Leading the way in IT testing and certification tools, www.testking.com
- 183 - <Di r ect or y " / var / www/ ht ml " > i n / et c/ ht t pd/ conf / ht t pd. conf f i l e.
By def aul t Di r ect or yI ndex i s i ndex. ht ml or i ndex. ht ml . r ar
Di r ect or yI ndex i ndex. ht ml i ndex. ht ml . var
Si mi l ar l y AccessFi l eName i s . ht access
AccessFi l eName . ht access
Starting httpd service
#service httpd start #chkconfig level 35 httpd on
1. Set t i ng Def aul t Page f or ht t p ser vi ce When you t est t he ht t p ser vi ce t hr ough br owser by t ypi ng ht t p: / / l ocal host , i t wi l l di spl ay message page.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 184 -
To change t he def aul t page #cd / var / www/ ht ml #cat >i ndex. ht ml <ht ml > <head> <t i t l e>: : : t est page f or l ocal host : : : </ t i t l e> </ head> <body>Test page</ body> </ ht ml >
Now Open t he br owser and t ype ht t p: / / l ocal host you wi l l get you i ndex. ht ml page.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 185 - We can Conf i gur e t he apache web ser ver f or web si t e ei t her one si t e one i p or by shar i ng t he I P Addr ess means mul t i pl e web si t e on si ngl e I P Addr ess.
2. Apache conf i gur at i on f or I P based web si t e Bef or e st ar t i ng t hi s Fi r st f ul l y conf i gur ed t he DNS.
Vi r t ual host maps t he vi r t ual di r ect or y i nt o t he r eal pat h. Ser ver name def i ne t he ser vi ce name f or vi r t ual host . Document Root di r ect i ves def i nes t he pat h of document f or web si t e. Ser ver Admi n i s t he emai l addr ess t o mai l when er r or occur r ed on ser ver . Di r ect or yI ndex di r ect i ves def i nes t he def aul t page f or t he web si t e.
You can Access t he web si t e ei t her usi ng GUI br owser or consol e br owser . Li nks i s t he consol e based br owser .
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 186 - 3. Exampl e of Conf i gur i ng Apache webser ver f or Name based web si t e
I f you want t o host mul t i pl e web si t e on si ngl e I P Addr ess. Exampl e www. exampl e. comas wel l as www. abc. comar e associ at ed i n 192. 168. 0. 3.
You shoul d use t he Di r ect or y di r ect i ves t o def i ne t he pat h of di r ect or y.
Now Cr eat e t he Access Fi l e i n di r ect or y def i ned i n di r ect or y di r ect i ves i n Vi r t ul ahost .
#cd /var/www/example RH302
Leading the way in IT testing and certification tools, www.testking.com
- 188 - #vi .htaccess AuthName Only to Authorized Users AuthType basic AuthUserFile /etc/httpd/conf/mypasswd Require valid-user
# htpasswd c /etc/httpd/conf/mypasswd user1 # htpasswd m /etc/httpd/conf/mypasswd user2 #chgrp apache /etc/httpd/conf/mypasswd #chmod g+r /etc/httpd/conf/mypasswd #service httpd restart
For User based Aut hent i cat i on you need t o cr eat e t he . ht access f i l e by def i ni ng Aut hent i cat i on di al og message, aut hent i cat i on t ype, f i l e st or es t he ht t p user name and passwor d and r equi r ed t o aut hent i cat e.
ht passwd command cr eat es t he ht t p user and ask f or passwor d. I al r eady t ol d you t hat ht t pd ser ver r uns under t he owner shi p apache user and gr oup so need t o change t he owner shi p and set t he r ead onl y per mi ssi on t o gr oup.
When you access t he www. exampl e. comwebsi t e, i t asks f or t he user name and passwor d.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 189 -
5. Virtual Hosting with Host based Authentication I shown you t he exampl e of user based aut hent i cat i on, now goi ng t o conf i gur e whi ch host or net wor k can access t he web si t e or deny t o whi ch si t e.
# vi /etc/httpd/conf/httpd.conf <VirtualHost 192.168.0.3> ServerName www.example.com DocumentRoot /var/www/example ServerAdmin admin@example.com <Directory /var/www/example> Order Allow, Deny Allow from .example.com </Directory> DirectoryIndex index.html index.htm index.php </VirtualHost>
#service httpd restart
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 190 - To al l ow or deny t o host you can use or der al l ow, deny or deny, al l ow.
Or der al l ow, deny : Expl i ci t Al l owed t o cl i ent s speci f i ed i n al l ow f r omand deny ever yone el se. Or der deny, al l ow : Expl i ci t deni ed t o cl i ent s speci f i ed i n deny f r omand al l ow ever yone el se.
I n Above exampl e al l owed t o al l member of exampl e. com domai n and deny t o ever yone.
6. Conf i gur i ng Apache Web ser ver t o execut e CGI Scpr i pt s
You shoul d cr eat e your own scr i pt Al i as di r ect or y f or CGI Scr i pt s and needs t o pl ace al l CGI scr i pt s on al i ases di r ect or y.
Now your CGI scr i pt s i s r eady t o execut e #links www.example.com/cgi-bin/test.sh
7. Conf i gur i ng Secur e HTTP Apache web ser ver pr ovi des f eat ur e of secur e ht t p by l oadi ng t he mod_ssl . so modul e. By def aul t communi cat i on usi ng t he ht t p pr ot ocol i s pl ai n t ext f or mat so t her e i s sol ut i on of make encr ypt ed communi cat i on usi ng apache web ser ver by conf i gur i ng ht t ps. ht t ps pr ot ocol uses 443 t cp por t .
Encr ypt i on i s based on ei t her RSA or DSa al gor i t hm. Pr i vat e ket s, sel f - si gned cer t i f i cat es or cer t i f i cat e si gnat ur e r equest s can be gener at ed usi ng t he openssl ut i l i t y.
/etc/httpd/conf/ssl.key/server.key i s t he pr i vat e key f i l e and /etc/httpd/conf/ssl.crt/server.crt i s t he sel f si nged cer t i f i cat e.
/etc/httpd/conf.d/ssl.conf i s t he mai n SSL conf i gur at i on f i l e. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 192 -
# vi /etc/httpd/conf.d/ssl.conf <VirtualHost 192.168.0.3> ServerName www.example.com DocumentRoot /var/www/example DirectoryIndex index.html serverAdmin admin@example.com SSLEngine on SSLcertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLcertificateKeyFile /etc/httpd/conf/ssl.key/server.key </VirtualHost>
Now you need t o cr eat e t he cer t i f i cat e f i l e and key f i l e. I n Redhat Ent er pr i se Li nux al r eady pr e- conf i gur ed MakeFi l e i s st or ed i n / et c/ ht t pd/ conf or / usr / shar e/ ssl / cer t s di r ect or y. Now you need t o j ust use t he make command.
Open t he Br owser and t ype ht t ps: / / www. exampl e. comnow you wi l l get t he si gned cer t i f i cat e.
Ther e i s GUI ver si on of Redhat s ht t p conf i gur at i on t ool :
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 193 - #system-config-httpd
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 194 - Squid Server Squi d i s t he i nt er net cache pr oxy ser ver f or FTP, HTTP and ot her cl i ent s r equest . Squi d suppor t s FTP, HTTP as wel l as SSL and ot her pr ot ocol s.
Installing Squid / et c/ squi d/ squi d. conf i s t he mai n squi d conf i gur at i on f i l e pr ovi des by squi d r pmpackage.
#rpm ivh squid-* or #system-config-packages tree=/var/ftp/pub
I n Redhat Ent er pr i se Li nux you need t o know t he basi c conf i gur at i on t o r un squi d pr oxy ser ver . RH302
Leading the way in IT testing and certification tools, www.testking.com
- 195 - 1. Por t : by def aul t squi d r uns on por t 3128, you can change t hat por t usi ng ht t p_por t di r ect i ves ht t p_por t 8080 : I t r uns t he squi d on 8080 por t 2. ACL You Need t o cr eat e t he Access Cont r ol Li st t o make al l ow or deny t he I nt er net Access.
#service squid start | restart #chkconfig squid on
Proxy Configuration in Client
Af t er Conf i gur i ng t he squi d pr oxy ser ver you need t o set t he pr oxy i nf or mat i on i n cl i ent br owser . Open t he Fi r ef ox br owser RH302
Leading the way in IT testing and certification tools, www.testking.com
- 196 - Cl i ck on Edi t Pr ef er ences Cl i ck on Gener al Cl i ck Connect i on Set t i ngs Sel ect Manual Pr oxy Conf i gur at i on o Type Pr oxy addr ess and por t number r unni ng on.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 197 - NIS (Network Information Services)
NI S i s t he t r adi t i onal di r ect or y ser vi ces f or cent r al i zed aut hent i cat i on devel oped by Sun Mi cr o Syst ems. St i l l i t i s used as a st andar d aut hent i cat i on met hod i n Li nux.
I n Net wor k envi r onment one ser ver can be Mast er NI S and mor e t han one can be sl ave NI S ser ver s. Mast er NI S i s t he ser ver havi ng al l or i gi nal conf i gur at i on and i nf or mat i on but sl aves ar e cal l ed t he backup of mast er .
You need t o I nst al l ypser v, ypbi nd and yp- t ool s r pm packages f or NI S ser ver . Anot her way i nst al l usi ng Redhat s GUI package management t ool syst em- conf i g- packages. #syst em- conf i g- packages - - t r ee=/ var / f t p/ pub
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 198 - Cl i ck on Net wor k Ser ver s gr oup and sel ect ypser v.
Her e I mgoi ng t o conf i gur e ni s1. exampl e. comas a mast er NI S ser ver and ni s2. exampl e. comas a sl ave NI S ser ver .
Configuring NIS Master Server
1. You need t o set t he domai n name
#domainname example.com #vi /etc/sysconfig/network NISDOMAIN=example.com You know domai nname command di spl ays or set s t he domai n f or cur r ent sessi on. I f you woul d l i ke t o set per manent l y use t he NI SDOMAI N di r ect i ves i n / et c/ sysconf i g/ net wor k f i l e.
2. vi /var/yp/MakeFile
Her e I m Goi ng t o Conf i gur e Mast er as wel l as Sl ave NI S Ser ver s so i f you have onl y mast er ser ver you can set NOPUSH=t r ue but i f you have Mast er as wel l as sl ave ser ver , you need t o set NOPUSH=f al se. NOPUSH=f al se
Now set t he par amet er s t o map wi t h cl i ent . al l : passwd gr oup host s # r pc ser vi ces . . I set comment af t er host s because I woul d l i ke t o map onl y passwd , gr oup and host s i nf or mat i on. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 199 -
Now you need t o publ i sh t he maps i nf or mat i on i nt o di r ect or y. MakeFi l e i s t he pr econf i gur ed f i l e, j ust make si mpl e changes you need t o publ i sh on di r ect or y usi ng make command.
3. cd /var/yp # make Af t er successf ul l y r unni ng make command check i n / var / yp/ t her e you wi l l get t he di r ect or y same name as domai n.
4. St ar t t he ypser v and yppasswdd ser vi ce # service ypserv start #service yppasswdd start # service portmap restart
NI S al so RPC ser vi ces so i t r equi r ed por t map ser vi ce.
5. Now def i ne al l NI S ser ver s i n Mast er Ser ver # / usr / l i b/ yp/ ypi ni t m
I t wi l l ask f or t he NI S ser ver Next host t o add: ni s1. exampl e. com Next host t o add: ni s2. exampl e. com J ust Type al l your sl ave NI S ser ver name and pr ess ct r l - D
6. St ar t t he ser vi ces
# service ypserv restart RH302
Leading the way in IT testing and certification tools, www.testking.com
- 200 - # service yppasswdd restart #service portmap restart
Now your NI S Mast er Ser ver i s r eady. Let s go t o conf i gur e NI S sl ave i n ni s2. exampl e. com. 1. You need t o set t he domai nname domainname example.com # vi /etc/sysconfig/network NISDOMAIN=example.com
2. /usr/lib/yp/ypinit s nis1.example.com
I al r eady t ol d t o you t hat Sl ave ser ver i s backup of mast er ni s ser ver , when you r un t hi s command, i t wi l l copy al l i nf or mat i on publ i shed i n di r ect or y f r ommast er ser ver . 3. St ar t t he ser vi ces #service ypserv start #service yppasswdd start #service portmap restart
Sharing Users Home Directory NI S onl y aut hent i cat e t o user s but when user l ogi n i nt o cl i ent machi ne, user r equi r e user s home di r ect or y. So Fi r st you need t o shar e user s home di r ect or y f r omser ver .
#vi /etc/exports /rhome *.example.com(rw,sync)
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 201 - Her e al l r emot e user s home di r ect or y ar e cr eat ed i nt o / r home so I shar ed t hi s di r ect or y.
#service nfs start #service portmap restart
NIS Client I n cl i ent machi ne : a. Type authconfig or system-config- authentication command
f . Sel ect on use NI S t hen cl i ck on Next g. Type Domai n : exampl e. com h. Ser ver : 192. 168. 0. 254 RH302
Leading the way in IT testing and certification tools, www.testking.com
- 202 -
i . Cl i ck on ok I t means user s ar e aut hent i cat ed f r om t he NI S ser ver 192. 168. 0. 254. When user l ogi n on your Cl i ent machi ne, home di r ect or y shoul d pr esent i n l ogged on syst em. I al r eady wr i t t en about t he Aut omount f eat ur e. We can mount t he user s home di r ect or y i n cl i ent machi ne t o make pr esent user s home di r ect or y. a. mkdir /rhome b. vi /etc/auto.master /rhome /etc/auto.home --timeout=60 Thi s l i ne speci f y t he mount poi nt by r eadi ng / et c/ aut o. home as wel l as unmount t he / ni suser s i f user doesn t use wi t hi n 60 seconds. c. vi /etc/auto.home * -rw,soft,intr 192.168.0.254:/rhome/& RH302
Leading the way in IT testing and certification tools, www.testking.com
- 203 - Whi ch l i ne speci f y t o mount al l t he cont ent s of / r home di r ect or y f r omser ver . f . ser vi ce aut of s r est ar t : aut of s ser vi ce cont r ol s t he aut o mount f eat ur e of l i nux syst em. Af t er changi ng conf i gur at i on, need t o r est ar t t he aut of s ser vi ce. g. Now l ogi n as ser ver s user s. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 204 - System Security
Pluggable Authentication Modules Redhat Ent er pr i se Li nux uses PAM ( Pl uggabl e Aut hent i cat i on Modul es) t o aut hent i cat e t o user s by l oadi ng modul es f r om / l i b/ secur i t y.
I woul d l i ke t o go by exampl e of aut hent i cat i on, #t ouch / et c/ nol ogi n When you cr eat e t hi s bl ank f i l e, when user s t r y t o l ogi n l ocal l y on t hi s machi ne, i t deni es. Si mi l ar l y I comment ed t he t t y2 i n / et c/ secur et t y f i l e, when r oot t r y t o l ogi n i n t er mi nal 2 i t deni es t o l ogi n.
What wi l l checks t hi s ?? PAM yes PAM s modul es checks t hi s al l t hi ngs you can modi f y t he conf i gur at i on as per you needs. Pam_nol ogi n. so modul es check whet her / et c/ nol ogi n f i l e i s cr eat ed or not , pam_secur et t y. so modul e checks whi ch t er mi nal ar e avai l abl e t o l ogi n t o r oot user .
/ l i b/ secur i t y: Thi s di r ect or y cont ai ns l i st of pammodul es / et c/ pam. d/ : Thi s di r ect or y cont ai ns l i st of pam appl i cat i ons / et c/ secur i t y/ : Thi s di r ect or y cont ai ns l i st of secur i t y conf i gur at i on f i l es, whi ch r eads by pammodul es.
When you r ead t he f i l e / et c/ pam. d/ l ogi n RH302
Leading the way in IT testing and certification tools, www.testking.com
- 205 - Tests Control Values Modules and parameters Auth required pam_securetty.so Auth required pam_nologin.so Etc.
PAM uses di f f er ent t ypes of met hods t o aut hent i cat e t o user s. Tests:
Auth: Aut hent i cat i on Management , whether to prompt for a username and or a password. Account: Account Management , it may deny access according to time, password expiration, or a specific list of restricted users. Password : passwor d management , It may ask for password to allow or deny the access. Sessions : Checks whether users session is running to not.
Control Values Required : If the module works, the command proceeds. If it fails, go to the next command in the configuration file but result is already determined that should fail. Requisite: Same as Required but It stops of checking other modules when one return fail result. Sufficient: If the module works, the login or other authentication proceeds. Optional: Ignore to PAM result either pass or faile.
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 206 - PAM configuration for Time based login PAM has the capabilities to control the users to login at any time. Using PAM can define the time for user to allow login. For this you need to configure /etc/security/time.conf file, this file is checks by pam_times.so module. /etc/security/time.conf the main configuration file for time based authentication using PAM. This file has the syntax of: Services:terminals:users:times Generally services represent the pam services, terminals represents the name of terminal, users means name of user and times allowed time to run program. Time can write Su, Mo, Tu, We, Th, Fr, Sa, Wk, Wd, Al login;*;user1;Al0900-1730 This example allow login to user user1 between 9 am to 17:30pm Login;*;user2;SuMo1200-1400 This example allow log to user user2 between 12pm to 14 pm. Time.conf file is reads by pam_time.so but you need to call either in login or system-auth pam file. #vi /etc/pam.d/login RH302
Leading the way in IT testing and certification tools, www.testking.com
PAM configuration for Origin based login Anot her way of cont r ol l i ng t o user s i s al l owi ng or deny l ogi n on cer t ai n host s. PAM can do t hi s.
/ et c/ secur i t y/ access. conf i s t he mai n conf i gur at i on f i l e f or or i gi n based aut hent i cat i on. I t has f ol l owi ng synt ax:
permission:users:origins
I n Per mi ssi ons ei t her + or can use wher e + al l ow t o access and deny t o access. Second f i el d cont ai ns t he l i st of user s ei t her t o al l ow or t o deny and or i gi ns r epr esent s whi ch t er mi nal or host . Her e you can user ALL and EXCEPT oper at or .
-:ALL EXCEPT root: LOCAL Thi s exampl e deny t o al l user s l ogi n l ocal l y except r oot user .
-:user1 : ALL EXCEPT tty5 Thi s exampl e deny t o l ogi n i n al l t er mi nal s except t t y5.
-:nisuser1:ALL EXCEPT station1.example.com
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 208 - Thi s exampl e deny t o l ogi n i n al l host s except st at i on1. exampl e. com
Access. conf f i l e i s r ead by pam_access. so modul e. So you need t o cal l t hi s modul e.
PAM al so can cont r ol t he number of l ogi ns t o user , gr oup member s as wel l as can cont r ol number of pr ocesses can r un by user s.
# vi /etc/security/limits.conf user1 hard nproc 5 @training maxlogins 10 user2 - maxlogins 1
Her e user user 1 can r un maxi mum pr ocess 5, t r ai ni ng gr oup member s maxi mumcan l ogi n 10, user user 2 can l ogi n one at a t i me.
Thi s conf i gur at i on f i l e i s r ead by pam_l i mi t s f i l e.
# vi /etc/pam.d/system-auth session required /lib/security/pam_limits.so
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 209 - RH302
Leading the way in IT testing and certification tools, www.testking.com
- 210 - Securing Services: Using TCP Wrappers TCP wr apper s can cont r ol some ser vi ces whi ch i s compi l ed wi t h l i bwr ap. so modul es. Some ser vi ces has t hei r own mechani sm t o cont r ol t he host s l i ke ht t p, samba et c ser vi ces.
But some ser vi ces mai l , f t p, sshd et c doesn t have i t s own secur i t y mechani sm t o cont r ol host s. So These ser vi ces can cont r ol by TCP Wr apper s.
TCP Wrappers can control these services: Sendmai l Sshd Vsf t pd St unnel , Gdm Nf s Por t map Sl adp Dovecot Al l xi net d based ser vi ces
TCP wr apper s uses mai n t wo f i l es / et c/ host s. al l ow and / et c/ host s. deny.
Client Validating process by TCP wrappers
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 211 - When cl i ent r equest f or cer t ai n ser vi ces i t checks f i r st i n / et c/ host s. al l ow whet her cl i ent i s l i st ed or not i f l i st ed expl i ci t l y al l owed t o access t he ser vi ce. I f not l i st ed t hen checks t he / et c/ host s. deny f i l e i f cl i ent l i st i n mat ched i n host s. deny f i l e t hen deny t o access, i f not mat ched t hen al l ow t o access t he ser vi ce.
Vsftpd: ALL EXCEPT .example.com nfs,portmap : ALL EXCEPT .example.com, trusted.craker.org sshd:ALL dovecot: ALL EXCEPT .example.com EXCEPT station10.example.com
You can use t he ALL, EXCEPT oper at or t o al l ow or deny t he ser vi ces. Fi r st Exampl e vsf t pd al l owed t o access onl y f r om exampl e. com domai n, second exampl e al l owed t o access nf s and por t map f r om exampl e. com domai n and t r ust ed. cr acker . or g host . Thi r d exampl e deny t o l ogi n usi ng ssh f r omany host .
I f mul t i pl e i nt er f ace ar e connect ed i nt o you machi ne and want s t o al l ow or deny on i nt er f ace basi s:
sshd@192.168.0.1: ALL EXCEPT .example.com sshd@192.168.1.1 : ALL RH302
Leading the way in IT testing and certification tools, www.testking.com
- 212 -
I n t hi s exampl e i f ssh l ogi n t o 192. 168. 0. 1 al l ow f r om exampl e. comdomai n but ssh l ogi n t o 192. 168. 1. 1 deny
Si mi l ar l y you can set mul t i pl e opt i ons whi l e al l owi ng or denyi ng.
Exampl e: Sshd: ALL :spawn echo Someone trying to attack through ssh to %s from %c | mail s Danger admin
By t hi s exampl e, when anyone t r y t o l ogi n usi ng ssh i nt o ser ver i t wi l l sends t he mai l t o admi n user wi t h ser ver ( %s) i nf or mat i on as wel l as Cl i ent ( %c) i nf or mat i on.
Securing Xinetd Based services TCP wr apper s can cont r ol xi net d based ser vi ces l ocat ed i n / et c/ xi net d. d/ di r ect or y. To al l ow or deny t o t r ansi ent ser vi ces, you need t o know t he ser ver pr ogr amof ser vi ces.
Here is the output of /etc/xinetd.d/telnet file Ser vi ce t el net { di sabl e = no f l ags = REUSE socket _t ype = st r eam wai t = no user = r oot RH302
Leading the way in IT testing and certification tools, www.testking.com
- 213 - ser ver = / usr / sbi n/ i n. t el net d ser ver pr ogr am name l og_on_f ai l ur e +=USERI D i nst ances = 20 per _sour ce = 1
}
Controlling telnet connection #vi / et c/ host s. deny i n. t el net d: ALL EXCEPT . exampl e. com
Si mi l ar l y xi net d i t sel f has i t s own mechani sm t o cont r ol t he ser vi ce. / et c/ xi net d. conf i s t he gl obal conf i gur at i on f i l e, i f you make any changes on t hi s f i l e, i t af f ect s al l xi net d based ser vi ces.
Ther e ar e t hr ee di r ect i ves t o cont r ol xi net d based ser vi ce Access_f r om= 192. 168. 0. 0/ 24 No_access = 192. 168. 0. 100 Access_t i mes = 09: 39- 17: 30
Controlling Telnet Here is the output of /etc/xinetd.d/telnet file Ser vi ce t el net { RH302
Leading the way in IT testing and certification tools, www.testking.com
- 214 - di sabl e = no f l ags = REUSE socket _t ype = st r eam wai t = no user = r oot ser ver = / usr / sbi n/ i n. t el net d ser ver pr ogr am name l og_on_f ai l ur e +=USERI D i nst ances = 20 per _sour ce = 1 Access_f r om= 192. 168. 0. 0/ 24 No_access = 192. 168. 0. 100 Access_t i mes = 09: 39- 17: 30
}
I t al l ows t el net connect i on f r om 192. 168. 0. 0/ 24 net wor k except 192. 168. 0. 100 bet ween 9: 30 amt o 17: 30 pm. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 215 - Introduction to iptables
I pt abl es i s t he def aul t packet f i l t er i ng t ool i n Li nux, whi ch f i l t er packet s based on Layer 2, Layer 3 and Layer 4 of t he OSI Model .
Ther e ar e t hr ee t abl e t ypes i n i pt abl es Fi l t er Nat Mangl e Fi l t er t abl e i s used t o f i l t er t he packet s on t he basi s of r ul es and chai ns, nat i s used t o t r ansl at e t he Net wor k Addr ess, mangl e i s t he combi ned f eat ur es of nat and f i l t er .
Si mi l ar l y f i l t er uses di f f er ent chai n: I NPUT, OUTPUT, FORWARD, POSTROUTI NG and PREROUTI NG. Chai n Tabl es suppor t I NPUT Fi l t er , mangl e OUTPUT Fi l t er , mangl e FORWARD Fi l t er , mangl e POSTROUTI NG Nat , mangl e PREROUTI NG Nat , mangl e
INPUT: Thi s chai n i s used t o f i l t er t he packet s comi ng i nt o t he l ocal syst em. I t checks bef or e ent er i ng i nt o t he syst em. OUTPUT: Thi s chai n checks t he out goi ng l ocal l y gener at ed packet s. FORWARD: Thi s chai n checks t he f or war di ng packet s f r om one net wor k t o anot her net wor k. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 216 - POSTROUTING : Thi s chai n t r ansl at e t he addr ess af t er l eavi ng t he syst em. PREROUTING : Thi s chai n Tr ansl at e t he addr ess bef or e ent er i ng i nt o t he syst em.
#iptables L : Def aul t t abl e i s f i l t er so i t l i st s t he chai n as wel l as r ul es conf i gur ed t o f i l t er . #iptables F : I t f l ush al l r ul es.
#iptables t nat L : I t di spl ays al l Net wor k addr ess t r ansl at i on r ul es.
Let s go t o appl y t he f i l t er r ul es, bef or e t hat you need t o know t he opt i ons used t o f i l t er .
-p protocol name (Layer 4) -i Incoming Interface -o Outgoing Interface -s Source Address -d Destination Address --sport Source Port --dport Destination Port
Exampl e: #iptables t filter A INPUT s 192.168.0.100 p tcp --dport 8080 j DROP
RH302
Leading the way in IT testing and certification tools, www.testking.com
- 217 - Act i on can be DROP, ACCEPT, LOG. I n above exampl e connect i on t o 8080 por t i s dr opped.
#iptables t filter A INPUT s ! 192.168.0.0/24 p tcp dport 20 j DROP I t deny t he f t p connect i on f r om out si de t he 192. 168. 0. 0/ 24 net wor k. #iptables t filter A OUTPUT -d 192.168.1.1 p tcp --dport 23 j DROP Whi ch dr ops t he t el net connect i on t o 192. 168. 1. 1 f r om l ocal syst em
# iptables t filter A FORWARD s 192.168.0.10 d 192.168.1.10 p tcp --dport 25 j DROP
Order of checking rules i pt abl es checks t he r ul es f r omt he t op, when one r ul e mat ch i t appl y. When r ul e doesn t mat ch i t appl y t he chai n pol i cy.
You can conf i gur e t he chai n usi ng #iptables P INPUT DROP I t set t he pol i cy of I NPUT chai n dr op.
Af t er appl yi ng your own r ul es and chai n pol i cy you need t o save i nt o f i l es t o appl y aut omat i cal l y at next r eboot . #service iptables save i t wi l l save your r ul es and pol i cy conf i gur at i on i nt o / et c/ sysconf i g/ i pt abl es f i l e. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 218 -
# iptables F : It flush all rules
NAT ( Network Address Translation) Nat al l ows t o t r ansl at e f r om pr i vat e i p t o publ i c, so i t make possi bl e t o access t he publ i c net wor k as wel l as i t hi des t he i nt er nal I P Addr ess. Usi ng NAT we can conf i gur e f or SNAT ( Sour ce NAT) as wel l as Dest i nat i on NAT ( DNAT) . SNAT: Whi ch al l ows t o change t he sour ce addr ess, suppose I my Li nux ser ver i s connect ed t o I SP usi ng l eased l i ne so I got publ i c I P 202. 2. 2. 2, whi ch i s connect ed t o et h0 and anot her et h1 devi ce connect ed t o my l ocal LAN havi ng I P 192. 168. 0. 1. Now t o shar e I nt er net ei t her I shoul d conf i gur e Pr oxy ser ver or shar e t hr ough SNAT. When packet s comes f r om pr i vat e LAN SNAT changes t he sour ce Addr ess t o 202. 2. 2. 2 and make possi bl e t o access t he i nt er net .
# iptables t nat A POSTROUTING s 192.168.0.0/24 j SNAT -to-source 202.2.2.2
Si mi l ar l y you can use MASQUERADE i f you woul d l i ke t o t r ansl at e t he addr ess i nt o what ever assi gned i nt o devi ce.
#iptables t NAT A POSTROUTING o eth0 j MASQUERADE I f i p dynami cal l y changi ng i nt o et h0 i nt er f ace Masquer adi ng i s good. RH302
Leading the way in IT testing and certification tools, www.testking.com
- 219 -
DNAT Dest i nat i on NAT Al l ows t o change t he dest i nat i on addr ess.
When r equest f or www. exampl e. com comes i n my I nt er net ser ver I shoul d r edi r ect t o 192. 168. 0. 1. Yes t hi s i s DNAT, cl i ent r equest comes as a dest i onat i on t o 202. 2. 2. 2 but I have t o r edi r ect i nt o anot her host . #iptables t nat p tcp --dport 80 j DNAT --to-destination 192.168.0.1 #iptables t nat p tcp --dport 20 j DNAT to-destination 192.168.0.2 www 192.168.0. 1 mail 192.168.0. 2 ftp 192.168.0. 3 Example.com domain
ISP Public IP : eth0 202.2.2.2 Private IP eth1 :202.2.2.2 RH302
Leading the way in IT testing and certification tools, www.testking.com