Linux Papers Word File

What Is Linux?
1. Linux is a freely distributed implementation of a UNIX-like kernel, the lowlevel core of an operating system.
2. Because Linux takes the UNIX system as its inspiration, Linux and UNIX
programs are very similar. In fact, almost all programs written for UNIX can
be compiled and run on Linux.
3. Some commercial applications sold for commercial versions of UNIX can
run unchanged in binary form on Linux systems.
Linux History :
4. Linux was developed by Linus Torvalds at the University of Helsinki, with
the help of UNIX programmers from across the Internet.
5. It began as a hobby of Linus Torvalds who was inspired by Andy
Tanenbaums Minix, a small UNIX like system, but has grown to become a
complete system in its own right.
6. The Linux was having copyright but it can be freely distributed.
7. Versions of Linux are now available for a wide variety of computer systems
using many different types of CPUs.
8. Even some handheld PDAs and Sonys Playstations 2 and 3 run on Linux. If
its got a processor, someone somewhere is trying to get Linux running on it.
-------------------------------------------------------------------------------Write a Short Note on GNU & Linux Distribution?
GNU was initiated by richard stallman in the year 1983, it is recursive
acronym for GNU is Not a Unix.
The GNu projects recommends that the distribution assign copyright for GNU
packages to free s/w.
This restricts comercial companies who take advantages of opens source s/w
by manupulating and adding their own data to it.
it confirms to be the most standard method of compiling and installing
it is pronounced as gnoo
LINUX DISTRIUTION:Distribution are also called as flavours in linux some of the well known
distributors are as folloes
RHEL,DEBIAL,CALDERA,MANDRAKE,SLACK WARE
SUSE,GENTOO,UBUNTU,FEDORA,PUPPY,CENTOS ,TURBOLINUX
-RHEL is an universal distributors, since it contains all the features of linux,It
is targetted towards commercial market.
-Debian:-this mostly carries GNU this was used as the non-commericial OS
debian has been used as a platform for other Linux Distributors.
-Caldera:- This was initiated in the year 1997 for the commericial world this
OS mainly focused in companies.caldera was invented to use i commercial
areas.
-Mandarake : - it has same features as red hat it provides ease of use with
GUI
-slackware :- This was designed to buit N/W related aspects in linux This
covered Major drawback in Networkings.
-Suse: - This is widely used in europian countries
-Turbolinux: - This was initiated in Chienese, Japenese, and english languages

-Ubuntu: - Ubuntu is probably the most well- known linux distributors. it is
based on debian.
-Fedora: - It is a project with strong focus on free s/w and it is sponsored by
redhat.
-Centos: - it is the community project that takes the RHEL code removes all
Redhat trademarks and makes it available for free used and distributions.
-Gentoo: - A distribution designed for advanced Linux users,Containly only
Linux Src codes.
LINUX SYSTEM ADMINISTRATOR?
System administrator is athe admin who has entire authority to configure the
system every system has its own admin.
A linux system admin achieve full control of what system does and how it
does
It undertake entire control of enabling and disabling the necessary features
Admin is a person who have access and authority to operate the system.
Ultimately admin is known to be a SUPER USER who has root access.
The Dusties and the responsiblities of system admin are as follows:
Installing and configuring servers Installing and configuring application
software Creating and maintaining user accounts Backing up and
restoring files Monitoring and tuning performance Configuring a secure
system Using tools to monitor security
Installing and configuring servers
The standard Red Hat Linux graphical user interface (GUI) requires a
graphical layer called XFree86. This is a server.
It runs even on a standalone machine with one user account. It must be
configured. (Fortunately, Red Hat Linux has made this a simple and painless
part of installation on all but the most obscure combinations of video card
and monitor.
In certain areas the client-server nomenclature can be confusing, though.
While you cannot have a graphical desktop without a server, you can have
World Wide Web access without a Web server, file transfer protocol (FTP)
access without running an FTP server, and Internet e-mail capabilities
without ever starting a mail server.
You may well want to use these servers, all of which are included in Red Hat
Linux, but then again you may not.
And whenever a server is connected to other machines outside your physical
control, there are security implications you want users to have easy
access to the things they need, but you dont want to open up the system
youre administering to the whole wide world.
Linux distributions used to be shipped with all imaginable servers turned on
by default.
Creating and Maintaining User Accounts
Not just anyone can show up and log on to a Linux machine. An account
must be created for each user and you guessed it no one but the
system administrator may do this. Thats simple enough.
But theres more, and it involves decisions that either you or your company
must make. You might want to let users select their own passwords, which
would no doubt make them easier to remember, but which probably would
be easier for a malefactor to crack.
You might want to assign passwords, which is more secure in theory but
which increases the likelihood that users will write them down on a
conveniently located scrap of paper a risk if many people have access to
the area where the machine(s) is located.
You might decide that users must change their passwords periodically, and
you can configure Red Hat Linux to prompt users to do so.
To what may specific users have access? It might be that there are aspects of
your business that make World Wide Web access desirable, but you dont
want everyone spending their working hours surfing the Web.
If your system is at home, you may wish to limit your childrens access to the
Web, which contains sites to which few if any parents would want their
children exposed.
Explain GRUB.config files?
grub.conf GRUB stands for the modest acronym Grand Unified Bootloader. It
is the default boot loader used by Fedora Core and Red Hat Enterprise Linux.
GRUB offers a nice graphical interface, giving you a basic choice between
which installed operating systems or kernels you want to run.
The /etc/grub.conf file is a symbolic link to the actual file that is located in
/boot/grub/grub.conf. Listing 8-3 shows a typical grub.conf file.
# grub.conf generated by anaconda #
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
#
all kernel and initrd paths are relative to /boot/, eg.
#
root (hd0,1)
#
kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#
initrd /initrd-version.img
#boot=/dev/hda default=0 timeout=5
splashimage=(hd0,1)/grub/splash.xpm.gz hiddenmenu password --md5
$1$ANJi7kLJ$/NODBfkCTkMAPxZgC8WK10
title Fedora Core (2.6.10-1.770_FC3)
root (hd0,1)
kernel /vmlinuz-2.6.10-1.770_FC3 ro root=/dev/VolGroup00/LogVol00 rhgb
quiet
initrd /initrd-2.6.10-1.770_FC3.img
root (hd0,1)
quiet
initrd /initrd-2.6.10-1.766_FC3.img
root (hd0,1)
quiet initrd /initrd-2.6.9-1.724_FC3.img

#title Fedora Core (2.6.9-1.667)
#
root (hd0,1)
#
kernel /vmlinuz-2.6.9-1.667 ro root=/dev/VolGroup00/LogVol00 rhgb
quiet
#
initrd /initrd-2.6.9-1.667.img title Other rootnoverify (hd0,0)
chainloader +1
As you can see, the default=0 line indicates that the first title section should
be booted by default.
GRUB starts its counting at 0 instead of 1. The title line contains the label
that will be shown in the boot menu for that kernel.
The root line specifies that Linux will be booted off the first hard drive. The
kernel line indicates the kernels location on the file system. In the Other title
section, notice that GRUB is calling a chain loader to be used for loading a
different operating system;
in this case it is actually Windows XP. GRUB uses a chain loader because it
doesnt support loading Windows XP.
GRUB uses a chain loader to load any operating system that it doesnt
support.
-----------------------------------------------------------------------------------------------------------LILO
1. LILO, short for Linux Loader, is a boot manager.
2. It allows you to boot multiple operating systems, provided each system
exists on its own partition.
3. In addition to booting multiple operating systems, with LILO, you can
choose various kernel configurations or versions to boot, This is especially
handy when youre trying kernel upgrades before adopting them.
4. Configuring LILO is straightforward: A configuration file (/etc/lilo.conf)
specifies which partitions are bootable and, if a partition is Linux, which
kernel to load.
5. When the /sbin/lilo program runs, it takes this partition information and
rewrites the boot sector with the necessary code to present the options as
specified in the configuration file.
6. At boot time, a prompt (usually lilo:) is displayed, and you have the option
of specifying the operating system, a default can be selected after a timeout
period.
7. LILO loads the necessary code, the kernel, from the selected partition and
passes full control over to it.
8. LILO is what is known as a two-stage boot loader. The first stage loads LILO
itself into memory and prompts you for booting instructions with the lilo:
prompt or a colorized boot menu.
9. Once you select the OS to boot and press enter, LILO enters the second
stage, booting the Linux operating system.
10. LILO has somewhat fallen out of favor with most of the newer Linux
distributions. Some of the distributions do not even give you the option of
selecting or choosing LILO as your boot manager.
-----------------------------------------------------------------------------------------------------------LILO.CONF
LILO is the boot time LInux LOader. At boot time it gives you the option of
booting into different operating systems and even into different kernel
versions of the Linux operating system.
The information on where operating systems should be loaded from, and
which one is started by default is stored in lilo.conf.
Whenever this file is changed, lilo must be run again in order for changes to
take effect. If there is anything wrong with the syntax of lilo.conf, lilo alerts
you to that problem when you run it again.
The first section contains general information, such as which drive is the boot
drive (boot=/dev/hda), and how many tenths of a second the LILO prompt
should be displayed on the screen (timeout=50, which is 5 seconds). In this
lilo.conf, the operating system booted by default is linux (default=linux).
After the initial general preferences section, you will see the boot images
section. lilo.conf enables up to 16 boot images to be defined.
The first image defined here is the default linux image that boots with the
vmlinuz-2.4.9ac10 kernel. Its root file system is located on the first IDE disk
on the fifth partition, at /dev/hda5.
The second image defined is the Windows boot partition. If you type DOS
(label=DOS) at the LILO prompt, you boot into this Windows installation.
As you can see, Windows is installed on the first partition of the first IDE disk
(/dev/hda1).
The lilo.conf file
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
message=/boot/message
linear
default=linux
image=/boot/vmlinuz-2.4.9-ac10
label=linux
read-only
root=/dev/hda5
append=hdd=ide-scsi
other=/dev/hda1
optional label=DOS
---------------------------------------------------------------------------------------------------------SYSLOG.CONF
The syslog daemon logs any notable events on your local system. It can
store these logs in a local file or send them to a remote log host for added
security.
It can also accept logs from other machines when acting as a remote log
host- These options and more, such as how detailed the logging should be,
are set in the syslog.conf file.
LD.SO.CONF
This configuration file is used by ldconfig, which configures dynamic linker
runtime bindings. It contains a listing of directories that hold shared libraries.
Shared library files typically end with .so, whereas static library files typically
end with -a, indicating they are an archive of objects.
You may need to edit this file if youve installed a program that has installed
a shared library to a different library directory that is not listed in the
id.so.conf file. In this case, you get an error at runtime that the library does
not exist.
LOGROTATE.CONF
logrotate.conf and the files within the logrotated directory determine how
often your log files are rotated by the logrotate program. Log rotation refers
to the process of deleting older log files and replacing them with more recent
ones.
logrotate can automatically rotate, compress, remove, and mail your log
files. Log files can be rotated based on size or on time, such as daily, weekly,
or monthly.
For every program that has a separate log rotation configuration file in
logrotate.d, and uses syslogd for logging.
there should be a logrotconfig file for all log entries in /etc/syslog.conf, as
well as log files produced by external applications, such as Apache.
This is because syslog needs to save log entries for these programs in
separate files so that their log files can be rotated independently of one
another.
----------------------------------------------------------------------------------------------------------Managing rc Scripts Using chkconfig
Fedora Core and Red Hat Enterprise Linux come with a useful tool called
chkconfig.
It helps the system administrator manage rc scripts and xinetd configuration
files without having to manipulate them directly.
It is inspired by the chkconfig command included in the IRIX operating
system. Type chkconfig --list to see all the services chkconfig knows about,
and whether they are stopped or started in each runlevel.
An abridged example output is shown in the following listing. The chkconfig
output can be a lot longer than that listed here, so be prepared to pipe it
through less or more.
The first column is the name of the installed service. The next seven columns
each represent a runlevel, and tell you whether that service is turned on or
off in that runlevel.
Since xinetd is started on the system whose chkconfig output is excerpted,

at the end of chkconfigs report is a listing of what xinetd started services are
configured to begin at boot time.
The listing is abridged, since a lot of services can be started from xinetd, and
theres no need to show all of them.
Listing 8-11 shows how chkconfig can be an effective tool for handling all
your network services and controlling which ones get started up at boot
time. This is the output of chkconfig --list:
To turn a service off or on using chkconfig, use this syntax:

chkconfig -level[0-6](you must choose the runlevel) servicename off|on|reset
So, to turn off the gpm daemon turned on previously, type:
chkconfig --level 2 gpm off
To turn on xinetd, type:
chkconfig xinetd on
--------------------------------------------------------------------------------Managing rc Scripts by Hand
If you want to configure which services are started at boot time, you need to
edit the rc scripts for the appropriate runlevel. The default runlevel is 3,
which is full multiuser mode without a graphical interface and runlevel 5 with
a graphical interface.
So, to change the services that are started in the default runlevel, you
should edit the scripts found in /etc/rc3.d, or /etc/rc5.d depending on your
system.
When you look at a directory listing of the rc directories, notice that the files
either start with S or K. The files that start with S are startup files, and the
files that start with K are kill files.
The S scripts are nm in the numerical order listed in their filenames. It should
be mentioned that if a startup script is set to S15. the K script should be K85
(or in general, SN becomes SM with M = 100-n; the idea being the last
started service is the first killed).
Scripts that do not start with a capital S do not run upon startup. One good
way to keep scripts from starting up at boot time without deleting them is to
rename the file with a small s at the beginning instead of a capital S.
This way you can always put the script back into the startup configuration by
capitalizing the initial letter.
When the system starts up, it runs through the scripts in the rc directory of
the runlevel its starting up in. So when the system starts up in runlevel 3, it
runs the scripts in the /etc/rc3.d directory.
--------------------------------------------------------------Steps required for boot system
1. BIOS
BIOS stands for Basic Input/Output System
Performs some system integrity checks
Searches, loads, and executes the boot loader program.
It looks for boot loader in floppy, cd-rom, or hard drive. You can press a key
(typically F12 of F2, but it depends on your system) during the BIOS startup
to change the boot sequence.
Once the boot loader program is detected and loaded into the memory, BIOS
gives the control to it.
So, in simple terms BIOS loads and executes the MBR boot loader.
2. MBR
MBR stands for Master Boot Record.

It is located in the 1st sector of the bootable disk. Typically /dev/hda, or
/dev/sda
MBR is less than 512 bytes in size. This has three components 1) primary
boot loader info in 1st 446 bytes 2) partition table info in next 64 bytes 3)
mbr validation check in last 2 bytes.
It contains information about GRUB (or LILO in old systems).
So, in simple terms MBR loads and executes the GRUB boot loader.
3. GRUB
GRUB stands for Grand Unified Bootloader.
If you have multiple kernel images installed on your system, you can choose
which one to be executed.
GRUB displays a splash screen, waits for few seconds, if you dont enter
anything, it loads the default kernel image as specified in the grub
configuration file.
GRUB has the knowledge of the filesystem (the older Linux loader LILO didnt
understand filesystem).
Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to
this). The following is sample grub.conf of CentOS.
4. Kernel
Mounts the root file system as specified in the root= in grub.conf
Kernel executes the /sbin/init program
Since init was the 1st program to be executed by Linux Kernel, it has the
process id (PID) of 1. Do a ps -ef | grep init and check the pid.
initrd stands for Initial RAM Disk.
initrd is used by kernel as temporary root file system until kernel is booted
and the real root file system is mounted. It also contains necessary drivers
compiled inside, which helps it to access the hard drive partitions, and other
hardware.
5. Init
Looks at the /etc/inittab file to decide the Linux run level.
Following are the available run levels
0 halt
1 Single user mode
2 Multiuser, without NFS
3 Full multiuser mode
4 unused
5 X11
6 reboot
6. Runlevel programs
When the Linux system is booting up, you might see various services getting
started. For example, it might say starting sendmail . OK. Those are the
runlevel programs, executed from the run level directory as defined by your
run level.
Depending on your default init level setting, the system will execute the
programs from one of the following directories.
Run level 0 /etc/rc.d/rc0.d/

----------------------------------------------------------------------------------------------------------The Boot Loader
The GRUB program used by Fedora Core and Enterprise Linux uses a twostep
process to begin loading the operating system.
These two steps are typically referred to as stages one and two. In stage one,
a program on the MBR is used to find the second stage program that will
begin the process of loading the operating system into system memory.
GRUB uses a configuration file called /boot/grub/grub.conf to provide
information to the second-stage loader.
Later in this chapter you learn how to make changes to the /boot/
grub/grub.conf configuration file.
The first thing the second stage loader does is present you with a nice
graphical menu screen, as shown in Figure 6-1. As you can see from Figure 61, there are two versions of the kernel listed with one highlighted.
This is the kernel that will be loaded by default. But you can use the GRUB
menu to select different Linux kernels, or even different operating systems,
to load.
In many cases, when someone decides to try Linux for the first time, he or
she is already running MS Windows and is planning to set up the system to
do a dual boot.
So, when the GRUB menu appears there is an additional choice for the other
operating system.
Most of the time Windows is already installed and Linux is installed later. In
this case, the Linux installation would take care of making the changes to the
/etc/boot/grub.conf file to present the other operating system as a choice on
the GRUB menu.
fstab
fstab contains important information about your file systems, such as what
file system type the partitions are, where they are located on the hard drive,
and what mount point is used to access them.
This information is read by vital programs such as mount, umount, and fsck.
mount runs at start time and mounts all the file systems mentioned in the
fstab file, except for those with noauto in their line.
If a partition you want to access is not listed in this file, you have to mount it
manually. This can get tedious, so its better to list all of your file systems in
fstab.
When fsck is run at bootup, it also checks all the file systems listed in fstab
for consistency.
It then fixes corrupted file systems, usually because they were not
unmounted properly when the system crashed or suddenly lost power.
File systems with an fs_passno value of 0 (the number in the last column) are
not checked at boot time. As you can see in Listing 8-2, almost all file
systems are checked at startup except for the floppy drive, which is not
checked by fsck at bootup.
The fstab line has six fields, and each field represents a different
configuration value.
The first field describes the file system, which can be a partition name, the
label of a disk partition, a logical volume, or a remote file system. The
second field is the mount point used to access the file system.
The third field describes the file system type. The fourth field is the place for
any mount options you may need.
The fifth field is 0 or 1 to determine whether dump backs up this file system.
The final field sets the order in which fsck checks these file systems.
cron files and Use of cron file

cron is a daemon that executes commands according to a preset schedule
that a user defines.
It wakes up every minute and checks all cron files to see what jobs need to
be run at that time.
cron files can be set up by users or by the administrator to take care of
system tasks. Basically, users edit their crontab files by telling cron what
programs theyd like run automatically and how often theyd like to run
them.
User crontab files are stored in /var/spool/cron/. They are named after the
user they belong to. System cron files are stored in the following
subdirectories of the /etc directory:
cron.d cron.daily cron.hourly cron.monthly cron.weekly
crontab in the /etcdirectory is sort of the master control file set up to run all
the scripts in the cron.daily directory on a daily basis, all the scripts in the
cron.hourly directory on an hourly bases, and so on with cron.monthly and
cron.weekly.
cron.d is where system maintenance files that need to be run on a different

schedule than the other /etc cron files are kept. By default, a file in cron.d
called sysstatruns a system activity accounting tool every 10 minutes, 24
7.
syslog.conf
The syslog daemon logs any notable events on your local system. It can
store these logs in a local file or send them to a remote log host for added
security.
It can also accept logs from other machines when acting as a remote log
host. These options and more, such as how detailed the logging should be,
are set in the syslog.conf file.
Listing 8-4 is an excerpt that demonstrates the syntax and logic of the
syslog.conf file.
The first entry specifies that all messages that are severitylevel info or
higher should be logged in the /var/log/messages file.
Also indicated by the first entry is that any mail, news, private
authentication, and cron messages should be logged elsewhere.
Having separate log files makes it easier to search through logs if they are
separated by type or program.
The lines following this one specify the other places where those messages
should be logged
Authentication privilege messages contain somewhat sensitive information,
so they are logged to /var/log/secure.
That file can be read by root only, whereas /var/log/messages is sometimes
set to be readable by everyone or at least has less stringent access control.
By default, /var/log/messages is set to be read by root only as well.
Configuring Secure System

If there is a common thread in Linux system administration, it is the security
of the computer and data integrity.
The system administrators task, first and foremost, is to make certain that
no data on the machine or network is likely to become corrupted, whether by
hardware or power failure, misconfiguration or user error (to the extent that
the latter can be avoided), or malicious or inadvertent intrusion from
elsewhere.
No one involved in computing has failed to hear of the succession of
increasingly serious attacks on machines connected to the Internet. For the
most part, these attacks have not targeted Linux systems.
Depending on how a Linux machine is connected, and to what; the sensitivity
of the data it contains; and the uses to which it is put, security can be as
simple as turning off unneeded services
monitoring the Red Hat security mailing list to make sure that all security
advisories are followed, regularly using system utilities to keep the system
up to date, and otherwise engaging in good computing practices to make
sure that the system runs robustly.
Its almost a full-time job, involving levels of security permissions within the
system and systems to which it is connected; elaborate firewalls to protect
not just Linux machines but machines that, through their use of non-Linux
software, are far more vulnerable; and physical securitymaking sure that
no one steals the machine itself!
For any machine connected to another machine, security means hardening
against attacks and making certain that no one else uses your machine as a
platform for launching attacks against others.
RAID
RAID is an acronym for Redundant Array of Inexpensive, or Independent
(depending on who you ask), Disks.
There are two types of RAID that can be used on computer systems. These
types are hardware RAID and software RAID.
In addition, there are six different RAID levels commonly used regardless of
whether hardware or software RAID is used. A brief explanation of hardware
and software RAID is in order. Following this explanation is a description of
the six RAID levels.
Hardware Raid In hardware RAID the disks have their own RAID
controller with built-in software that handles the RAID disk setup, and I/O.
The controller is typically a card in one of the systems expansion slots, or it
may be built onto the system board.
The hard RAID interface is transparent to Linux, so the hardware RAID disk
array looks like one giant disk.
The operating system does not control the RAID level used, it is controlled by
the hardware RAID controller. Most dedicated servers use a hardware RAID
controller.
Software RAID In software RAID there is no RAID controller card. The
operating system is used to set up a logical array, and the operating system
controls the RAID level used by the system.
RAID level 0 This RAID level requires at least two disks and uses a
method called striping that writes data across both drives.
There is no redundancy provided by this level of RAID, since the loss of either
drive makes it impossible to recover the data. This level of RAID does give a
speed increase in writing to the disks.
RAID level 1 This RAID level requires at least two disks and uses a
method called mirroring.
With mirroring, the data is written to both of the drives. So, each drive is an
exact mirror of the other one, and if one fails the other still holds all the data.
There are two variants to level 1 with one variant using a single disk
controller that writes to both disks as described above. The other variant
uses two disk controllers, one for each disk. This variant of RAID level 1 is
known as duplexing.
RAID level 5 This RAID level, which is the most widely used, requires at
least three disks and uses striping to write the data across the two disks
similarly to RAID level 1.
But unlike RAID level 1, this level of RAID uses the third disk to hold parity
information that can be used to reconstruct the data from either, but not
both, of the two disks after a single disk failure.
The / Directory
The / directory is called the root directory and is at the top of the file
systemstructure.
In many systems, the /directory is the only partition on the system, and all
other directories are mounted under it.
A file system with the / directory mounted as the only partition, with all other
directories contained within it.
The primary purpose of the / directory is booting the system and correcting
any problems that might be preventing the system from booting.
According to the FHS, the / directory must contain, or have links to, the
following directories:
bin This directory contains command files for use by the system
administrator or other users. The bin directory cannot contain subdirectories.
boot On Red Hat systems, this is the directory containing the kernel, the
core of the operating system. Also in this directory are files related to booting
the system, such as the boot loader and the initial ramdisk.
dev This directory contains device nodes through which the operating
system can access hardware and software devices on the system.
etc This directory and its subdirectories contain most of the system
configuration files. If you have the X Window System installed on your
system, the X11 subdirectory is located here. home This directory
contains the directories of users on the system. Subdirectories of home will
be named for the user to whom they belong.
initrd This directory is used as a mount point when the system is
booting. It doesnt contain any data, but it is very important that it be there.
This directory is not part of the FHS. lib The shared system files and
kernel modules are contained in this directory and its subdirectories.
media This directory contains the mount points for removable media
such as floppy drives, CD-ROM drives, and USB devices such as flash
memory sticks, which are typically automounted by the system.
mnt This directory is the location of the mount point for temporary file
systems, such as those on floppies or CDs, which traditionally have been
manually mounted.
opt This directory and its subdirectories are often used to hold
applications installed on the system.
proc This directory is a mount point for virtual information about
currently running system processes. This directory is empty until the proc file
system is mounted.
root This is the home directory of the root user. Dont confuse this with
the / directory, which has the same name.
sbin Contained in this directory are system binaries used by the system
administrator or the root user.
selinux This directory is similar to the /proc directory in that it contains
information about the selinux stored in the memory of the running kernel.
srv This directory is intended to hold site-specific data for system
provided services.
sys This directory is the mount point for a virtual file system of type
sysfs that is used to hold information about the system and devices.
tmp This directory contains temporary files used by the system.
usr This directory is often mounted on its own partition. It contains
shareable, read-only data. Subdirectories can be used for applications,
typically under /usr/local.
var Subdirectories and files under var contain variable information, such
as system logs and print queues.
Explain init process?
Once kernel and drivers are loaded, Linux starts loading the rest of the
system. This starts with the First Process, known as init and it has the
process id of 1 (the kernel itself has the process id of 0, which cannot be
displayed by using the "ps" command).
The init process takes control of the boot operation. The init process in turn
runs /etc/rc.d/rc.sysinit, which performs a number of tasks, including network
configuration, SELinux status, keyboard maps, system clock, partition
mounts, and host names.
The runlevels are controlled by a configuration file which init process reads
from the location /etc. The name of the init configuration file is "inittab".
The init process then determines the runlevel by looking at the initdefault
directive in /etc/inittab configuration file. The following are the defined
runlevels. The init process remains active as long as the system is running.
BootStrapping Process:
When a computer is turned on the computer BIOS finds the primary bootable
device(Usually the computer HDD)and loads the initial bootstrap program
from the Master Boot Recorder
The First 512 bytes of the HDD then Transfers Control to this Code.
It carries out an exhaustive series of tests on the hardware. This is to check
what devices are present, which are working properly and which aren't.
This step is usually called POST (Power-On Self-Test). The version banner and
a series of messages are displayed during this step. (Remember my friend
who uses "bootslapping" instead of "bootstrapping"? Well, the POST on his
system doesn't show any errors!!)
Then, it initializes the Hardware. This step is a very significant one, cause it
guarantees that all hardware devices are operating without conflicts on the
IRQ lines and I/O ports. When this step's about to be over, it displays a table
of installed PCI devices.
Then comes the turn of the "operating system". The BIOS searches for the
operating system to boot. Depending on the BIOS setting, this step may want
to access the boot sector of a floppy disk, any hard disk or any CD-ROM in
the system.
As soon as a valid device is found, the BIOS copies the contents of its first
sector into RAM, starting from the physical address 0x00007c00, then jumps
to that address and executes the code just loaded.
That's all. These are the operations that the BIOS is scheduled to perform.
Once this is over, it's the Boot Loader that takes over. So, let's now move on
to the next section.
--------------------------------------------------------------------------------------------What Is DHCP? How It is Configured
Using Dynamic Host Configuration Protocol (DHCP), you can have an IP
address and the other information automatically assigned to the hosts
connected to your network.
This method is quite efficient and convenient for large networks with many
hosts, because the process of manually configuring each host is quite
timeconsuming.
By using DHCP, you can ensure that every host on your network has a valid
IP address, subnet mask, broadcast address, and gateway, with minimum
effort on your part.
Setting Up the Server

The program that runs on the server is dhcpd and is included as an RPM on
the Fedora Core and Red Hat Enterprise Linux installation CDs.
You can install it using the Package Management tool by following these
instructions.
1. On Enterprise Linux choose Applications System Settings Add/Remove
Applications from the top panel. On Fedora Core 4 choose Desktop System
Settings Add/Remove Applications.
2. Scroll down the list until you see a listing for Network Servers.
3. Click the Details link for Network Servers. The screen shown in Figure 11-6
appears.
4. Click Close; then click Update, and finally click Continue.
5. Insert the requested numbered installation CD when prompted and click
OK.
6. After the package is installed, click Close to exit the Package Management
tool.
--------------------------------------------------------------------------------------------Configuring the DHCP Client
First, you need to be sure that you NIC is properly configured and recognized
by your system.
After that, it is easy to tell your system to use DHCPto obtain its
IPinformation. Follow these steps.
1. Using your favorite text editor, open the
/etc/sysconfig/networkscripts/ifcfg-eth0 file.
2. Find the line bootproto=static.
3. Change static to dhcp.
4. Save your changes.
5. Restart the network by issuing the command service network restart, and
your system will receive its IPinformation from the DHCPserver.
--------------------------------------------------------------------------------------------Advantages of NFS:
NFS provides is centralized control, maintenance, and administration.
It is much easier, for example, to back up a file system stored on a single
server than it is to back up directories scattered across a network, on
systems that are geographically dispersed, and that might or might not be
accessible when the backup is made.
NFS makes it trivial to provide access to shared disk space, or limit access
to sensitive data.
When NFS and NIS are used together, changes to system wide
configuration files, such as authentication files or network configuration
information, can be quickly and automatically propagated across the network
without requiring system administrators to physically visit each machine or
requiring users to take any special action.
NFS can also conserve disk space and prevent duplication of resources.
Read-only file systems and file systems that change infrequently, such as
/usr, can be exported as readonly NFS mounts.
Upgrading applications employed by users throughout a network is a matter

of installing the new application and changing the exported file system to
point at the new application.
--------------------------------------------------------------------------------------------Disadvantages of NFS:
As a distributed, network-based file system, NFS is sensitive to network
congestion. Heavy network traffic slows down NFS performance.
Heavy disk activity on the NFS server adversely affects NFSs performance.
In the face of network congestion or extreme disk activity, NFS clients run
more slowly because file I/O takes longer.
If an exported file system is not available when a client attempts to mount
it, the client system can hang.
An exported file system represents a single point of failure. If the disk or
system exporting vital data or application becomes unavailable for any
reason, such as a disk crash or server failure, no one can access that
resource.
NFS suffers from potential security problems because its design assumes a
trusted network, not a hostile environment in which systems are constantly
being probed and attacked.
The primary weakness of most NFS implementations based on protocol
versions 1, 2, and 3 is that they are based on standard (unencrypted) remote
procedure calls (RPC).
--------------------------------------------------------------------------------------------Uses of NFS:
NFS is often used to provide diskless clients, such as X terminals or the
slave nodes in a cluster, with their entire file system, including the kernel
image and other boot files.
To export shared data or project-specific directories from an NFS server
and to enable clients to mount these remote file systems anywhere they see
fit on the local system.
To provide centralized storage for users home directories. Many sites
store users home directories on a central server and use NFS to mount the
home directory when users log in or boot their systems.
NFS can be used in almost any situation requiring transparent local access
to remote file systems.
--------------------------------------------------------------------------------------------Less Secure Services
These are non-secure services that should not be used, since they trust that
the network is absolutely secure. they are as follows:
Telnet
Telnet is a protocol and application that enables someone to have access to a
virtual terminal on a remote host. It resembles text-based console access on
a UNIX machine.
FTP
FTP is a ubiquitous file transfer protocol that runs over ports 20 and 21. For
transferring software packages from anonymous FTP repositories, such as
ftp.redhat.com, FTP is still the standard application to use. However, for

personal file transfers, you should use scp.
scp encrypts the traffic, including passwords. Once you have successfully
logged on to an FTP server, you can type help for a list of available
commands.
rsync
rsync is an unencrypted file transfer program that is similar to RCP It includes
the added feature of allowing just the differences between two sets of files
on two machines to be transferred across the network. Because it sends
traffic unencrypted, it should be tunneled through SSH. Otherwise, it should
not be used. The rsync server listens on port 873.
rsh
rsh is an unencrypted mechanism for executing commands on remote hosts.
Normally you specify a command to be run on the remote host on rshs
command line, but if no command is given, you are logged into the remote
host using rlogin.
rshs syntax:
rsh remotehostname remotecommand
rlogin
rlogin is a remote login program that connects your terminal to a remote
machines terminal. rlogin is an non-secure protocol, because it sends all
information, including passwords, in plain text. It also enables an implicit
trust relationship to exist between machines, so that you can use rlogin
without a password.
finger
finger enables users on remote systems to look up information about users
on another system. Generally finger displays a users login name, real name,
terminal name, idle time, login time, office location, and phone number.
talk and ntalk
talk and ntalk are real-time that protocols. The talk server runs on port 517
and the ntalk server runs on port 518. To send someone else a talk request,
type
talk or ntalk username@hostname
--------------------------------------------------------------------------------------------LINUX MACHINE SERVERS
HTTP
The most common Web server used on Linux is Apache. Apache is started
out of a systems rc scripts. Apache is easily configurable, and its
configuration files live in /etc/httpd/conf/.
sshd
The secure shell daemon (sshd) is started out of the systems rc scripts. Its
global system configuration files are in /etc/ssh, and users SSH configuration
files are in $HOME/.ssh/. The SSH server listens on port 22.
ftpd
The FTP daemon uses ports 20 and 21 to listen for and initiate FTP requests.
Its configuration files ftpaccess, ftpconversions, ftpgroups, ftphosts, and
ftpusers, are located in the /etc directory.
DNS
The Domain Name Service (DNS), which maps IP addresses to hostnames, is
served by the named program on port 53. Its configuration file is named.conf
in the /etc directory.
------------------------------------------------------------------------------------------------------------------Define : (Secure Services)
SSH: Secure shell is also known as SSH is a secure telnet replacement that
encrypts all trafics including password,using a public private encryption key
exchange protocol.
it provides the same functionality of telnet plus other useful functions such
as traffic tunnels.
SCP: Secure copy also known as scp is a part of the ssh package. it is a
secure alternative to RCP and FTP becoz like SSH the pwd is not sent over the
network in he plaintext
scp syntax
SCPUser@host:file1user@host:file2
SFTP: Secure File Transfer Protocol (SFTP) is a secure version of File Transfer
Protocol (FTP), which facilitates data access and data transfer over a Secure
Shell (SSH) data stream. It is part of the SSH Protocol. This term is also
known as SSH File Transfer Protocol
--------------------------------------------------------------------------------------------Configuring NFS Client
1. Configuring a client system to use NFS involves making sure that the
portmapper and NFS file locking daemons statd and lockd are available,
adding entries to the clients /etc/fstab for the NFS exports and mounting the
exports using the mount command.
2. Make sure that the portmapper is running on the client system using the
portmap initialization script: service portmap status
3. If the output says portmap is stopped (it shouldnt be), start the
portmapper: service portmap start
4. Presumably, you have already started nfslock on the server, so all that
remains is to start it on the client system: service nfslock start
5. Now mount the file system. To mount /home from the server use following
command command as root: mount t nfs bubba:/home /home
6. If you want to mount by specifying client mount options. mount t nfs
bubba:/home /home o rsize=8292,hard
a. rsize sets the NFS read buffer size to n bytes
b. Hard enables failed NFS file operations to continue retrying after
reporting server not responding on the system.
7. Using Automount Services
a. The easiest way for client systems to mount NFS exports is to use autofs,
which automatically mounts file system not already mounted when the file
system is first accessed.
b. Autofs uses the automount daemon to mount and unmount file systems
that automount has been configured to control.
c. Autofs uses a set of map files to control automounting. A master map
file, /etc/auto.master, associates mount points with secondary map files. The
secondary map files, in turn control the file systems mounted under the
corresponding mount points
d. Example consider the following /etc/auto.master autofs configure file:
/home /etc/auto.home /var
/etc/auto.var --timeout 600
--------------------------------------------------------------------------------------------NFS SERVER CONFIGURATION AND STATUS FILES
1) The server configuration file is /etc/exports, which contains a list of file
systems to export, the clients permitted to mount them, and the export
options that apply to client mounts.
2) Each line in /etc/exports has the following format : dir [host(options)]
[host(options)] ...
i) dir specifies a directory or file system to export.
ii) host specifies one or more hosts permitted to mount dir.
iii) options specifies one or more mount options.
3) If you omit host, the listed options apply to every possible client system.
4) If you omit options, the default mount options will be applied.
5) host can be specified as a single name, an NIS netgroup, as a group of
hosts using the form address/netmask, or as a group of hosts using the
wildcard characters ? and *. Multiple host(options) entries are accepted,
which enables you to specify different export options depending on the host
or hosts mounting the directory.
6) When specified as a single name, host can be any name that DNS or the
resolver library can resolve to an IP address. If host is an NIS netgroup, it is
specified as @groupname. The address/netmask form enables you to specify
all hosts on an IP network or subnet.
7) Example Lines in /etc/exports file :
i) /usr/local *.example.com(ro)
This line permits all hosts with a name of the format somehost.example.com
to mount /usr/local as a read-only directory.
ii) /usr/devtools 192.168.1.0/24(ro)
This line uses the address /net mask from in which the net mask is specified
in Classless Inter-domain Routing (CIDR) format. In CIDR format, the net
mask is given as the number of bits (/24, in this example) used to determine
the network address. A CIDR address of 192.168.1.0/24 allows any host with
an IP address in the range 192.168.1.1 to 192.168.1.254 (192.168.1.0 is
excluded because it is the netwrok address; 192.168.1.255 is excluded
because it is the broadcast address) to mount /usr/devtools read-only.
iii) /home 192.168.0.0/255.255.255.0(rw)
This line specify that with an IP address in the range 192.168.0.1 to

192.168.0.254 to mount /home in read write mode.
iv) /projects @dev (rw)
This line permits any member of the NIS netgroup named dev to mount
/projects in read write mode.
v) /var/spool/mail 192.168.0.1 (rw)
This line permits only the host IP address is 192.168.0.1 to mount /var/mail.
vi) /opt/kde gss/krb5(ro)
This line allows any host using RPCSEC_GSS security to mount /opt/kds in
read only mode.
8) There are various other option available other than ro and rw some of
them are Secure, Insecure, Sync, Async and many more.
--------------------------------------------------------------------------------------------Configuring Linux Firewall packages
1) Linux provides a few different mechanisms for system security. One of
these mechanisms is Linuxs firewall packages.
2) Two of the firewalling packages available are tcp-wrappers and ipchains.
3) tcp-wrappers is a minimalistic packet filtering application to protect
certain network ports.
4) ipchains is a packet filtering firewall.
5) Another important firewall package, called iptables,
1. tcp-wrappers
a. The TCP Wrapper program is a network security tool whose main functions
are to log connections made to inetd services and restrict certain computers
or services from connecting to the tcp-wrapped computer.
b. TCP wrappers works only on programs that are started from inetd. So
services such as sshd, apache, and sendmail cannot be wrapped with tcpwrappers.
2. ipchains
a. ipchains is Linuxs built-in IP firewall administration tool. Using ipchains
enables you to run a personal firewall to protect your Linux machine.
b. If the Linux machine is a routing gateway for other machines on your
network, it can act as a packet filtering network firewall if more than one
network interface is installed.
--------------------------------------------------------------------------------------------Comparing xinetd and Standalone
1. Which services are stand-alone, and which are started from inetd or
xinetd? Sometimes it can get confusing keeping track of how to start a
certain service, or keep it from running in the first place.
2. In order to control a service, you need to know what spawns it.
3. xinetd or inetd services are started from inetd, or from xinetd on newer
systems. Each of these services should ideally have its own file in the
/etc/xinetd.d directory, so you should look in that directory to enable or
disable these services.
4. Example of xinetd services: rlogin service similar to telnet, but enables
trust relationships between machines rsh remote shell
5. Standalone services are started from the rc scripts specifically written for
them in the rc directories. You can enable or disable these services from
those directories.
6. Example apache Web server sshd ssh server
--------------------------------------------------------------------------------------------Explain concept of Caching proxy server?
1. A caching proxy server is software (or hardware) that stores (caches)
frequently requested Internet objects such as Web pages, Java Scripts, and
downloaded files closer (in network terms) to the clients that request those
objects.
2. When a new request is made for a cached object, the proxy server
provides the object from its cache instead of following the request to go to
the source.
3. That is the local cache serves the requested object as a proxy or
substitute for the actual server.
4. The motivation for using a caching proxy server is two-fold:
To provide accelerated Web browsing by reducing access time for
frequently requested objects
To reduce bandwidth consumption by caching popular data locally, that is,
on a server that exists between the requesting client and the Internet.
5. The Web proxy we used in linux is called Squid.
6. The following rpmquery command will show you if Squid is installed $
rpmquery squid Squid -2.5.Stables-1.FC3.1
7. If squid is not installed, youll obviously need to install it before
proceeding.
8. squid provide full support for SSL.
Note : Secure Sockets Layer (SSL), are cryptographic protocols that provide
communication security over the Internet.
--------------------------------------------------------------------------------------------Standalone Services
These services are started from the rc scripts specifically written for them in
the rc directories. You can enable or disable these services from those
directories.
apache: Web server sshd: SSH server sendmail: Mail server qmail: Mail
server postfix: Mail server thttpd: Semi lightweight Web server boa:
Lightweight Web server named: DNS server xfs: X font server xdm: X
display manager portmap: Maps RPC services to ports rpc.quotad:
Serves quota information knfsd: User space portion of the NFS daemon
rpc.mountd: NFS mount sewer rpc.ypbind: NIS sewer squid: Web proxy
server nessuad: Penetration-testing server postgresql: Database server
mysql: Database sewer oracle: Database server
--------------------------------------------------------------------------------------------state and explain e-mail services in linux?
SMTP Server
As said before the purpose of SMTP server is to transfer email between mail
servers. To send email, the client sends the message to an outgoing mail
server, which in turn contacts the destination mail server for delivery.
SMTP protocol does not require authentication. It allows anyone on the
Internet to send email to anyone else or even to large groups of people.
On RHEL6 the default SMTP email server is 'postfix' installed by postfix rpm.
The 'postfix' service listen on port 25 TCP/IP, it is configured on /etc/postfix
directory files and logs on /var/log/maillog.
# yum install postfix
/etc/postfix/main.conf
The main postfix SMTP server configuration file is /etc/postfix/main.conf. The
following are the main directives that can be configured.
# cat /etc/postfix/main.conf
# This directive configures from which domain the postfix server is going to
be the SMTP server.
mydomain = info.net
# It complements the email address with 'mydomain' domain. For example a
mail for user 'john' -> 'john@info.net'
myorigin = $mydomain
# In which server interfaces the SMTP server port 25 TCP/IP must be
listening. In this case it will be listening on all system interfaces.
inet_interfaces = all
# The mydestination parameter specifies the list of domains that this
machine considers itself the final destination for.
mydestination = $myhostname, localhost.$mydomain, localhost,
$mydomain, server.$mydomain, mail.$mydomain
# The mynetworks parameter specifies the list of "trusted" SMTP clients that
have more privileges than "strangers".
mynetworks = 192.168.01.0/24, 127.0.0.0/8
# The home_mailbox parameter specifies the pathname of a mailbox file
relative to a user's home directory where the mailbox will be stored
home_mailbox = Maildir/
Once configured the postfix service just start it and make sure that it will be
started at boot.
# /etc/init.d/postfix restart
# chkconfig postfix on
--------------------------------------------------------------------------------------------What is DNS Servers? what are its Types?
A DNS (Domain Name System) server is a type of web server used to interact
with the domain name system, which is the global directory of domain
names and corresponding IP addresses.
DNS technology automatically translates long and confusing IP address
(which are segmented number sequences separated by dots, such as
127.0.0.1) into standard domain names that are easier to remember.
DNS servers operate using special software that transmits data from the DNS
server to various web hosts upon request.
In basic terms, the internet would fail to exist as we know it without the
Domain Name System and DNS servers.
Different types of DNS server:1. Master:
The master contains all the information about the domain and supplies this
information when requested. A master server is listed as -an authoritative
server when it contains the information you are seeking and it can provide
that information.
2. Slave:
The slave is intended as a backup in case the master server goes down or is
not available. This server contains the same information as the master and
provides it when requested if the master server cannot be contacted.
3. Caching:
A caching server does not provide information to outside sources; it is used
to provide domain information to other servers and workstations on the local
network. The caching server remembers the domains that have been
accessed. Use of a caching server speeds up searches since the domain
information is already stored in memory and the server knows exactly where
to go rather than having to send out a request for domain information.
The information that the master and slave servers provide is provided by
configuring it.
--------------------------------------------------------------------------------------------Configuring a Primary Master Server
The /etc/named.conf file on the master server also needs to be
modified. Assuming that you already set up this server as a caching-only
server, you just need to add the following lines to /etc/named.conf. (This
example uses the names you defined earlier; be sure to use your own names
and IPaddresses.)
zone tactechnology.com { notify no; type master; file tactech.com; };
For the reverse lookup you add this section:
zone 1.168.192.in-addr.arpa { notify no; type master; file tac.rev; };
to create the zone files that are referenced by the /etc /named.conf
file. First you create the file /var/named/tactech.com by beginning with the
Start of Authority section (SOA). For an explanation of the information
contained in zone files, refer to the zone file section earlier in this chapter.
@ IN SOA main.tactechnology.com.mail.tactechnology.com. ( / 200005203
; Serial/ 8h; Refresh/ 2h; Retry/ 1w; Expire/ 1d); Minimum TTL/
Next you add name server and mail exchange information:
NS
main.tactechnology.com./
NS
terry.tactechnology.com./
MX 10 main;Primary Mail Exchanger/
MX 20 p200;Secondary Mail Exchanger/
Finally, you add information about your localhost, and mail, FTP, and Web
server. You can also add information about every workstation on your
network. Next, you set up the reverse lookup zone file, which is called
tac.rev. Again, you need to start with the SOAheader as shown:
@ IN SOA main.tactechnology.com. mail.tactechnology.com.(

200005203;Serial
8h
; Refresh
2h
; Retry
1w
; Expire
1d)
; Minimum TTL
Next, you add the information about your name servers and their IP
addresses.
NS
main.tactechnology.com. 1
PTR
main.tactechnology.com. 2
PTR
p200.tactechnology.com.
If you have done everything as explained here, your name server should be
working properly after you restart it. You made some changes to the
/etc/named.conf file, so before you can check what you did, you need to
restart the named daemon.
service named restart
--------------------------------------------------------------------------------------------Mail Delivery Agent (MDA) ,How It Works?
After the MDA receives the message from the MTA, it places the message in
the receivers mailbox file that is identified by the username. On your Red
Hat system this is a program called procmail.
The location of the users mailbox file is
/usr/spool/mail/<users name>.
The final step in the process happens when the user who is the intended
receiver of the message reads the message.
The user does this using the MUA on his or her PC. An optional program is a
mail notifier that periodically checks your mailbox file for new mail. If you
have such a program installed, it notifies you of the new mail.
The Red Hat Linux shell has a built-in mail notifier that looks at your mailbox
file once a minute.
If new mail has arrived, the shell displays a message just before it displays
the next system prompt. It wont interrupt a program youre running.
You can adjust how frequently the mail notifier checks and even which
mailbox files to watch. If you are using a GUI, there are mail notifiers
available that play sounds or display pictures to let you know that new mail
has arrived.
Mail User Agent (MUA)

To be able to send mail, you or your users need a program called a mail user
agent, commonly abbreviated as MUA and widely referred to as a mail client.
The MUA provides users an interface for reading and writing email messages.
Two types of MUAs are available:
those that have a graphical user interface (GUI), such as Mozilla Thunderbird
or KMail, and those that have a command line interface (CLI), such as Mutt or
elm.
Whether your MUAis a GUI or CLI, the functionality is the same. After
composing an email message, the MUA sends it to a mail transfer agent
(MTA), which transmits the message across the network.
--------------------------------------------------------------------------------------------Configuring vsftpd
Depending on the type of installation you selected, the installer, might or
might not have installed vsftpd. To find out, execute the command rpmquery
vsftpd. If the output resembles the following, vsftpd is installed:
# rpmquery vsftpd vsftpd-2.0.1-5
If, on the other hand, you see this message, you must at least install the
binary RPM before continuing with this chapter:
# rpmquery vsftpd package vsftpd is not installed
If vsftpd is installed, configure it to start at boot time using the chkconfig
command:
# chkconfig --levels 0123456 vsftpd off # chkconfig --levels 345 vsftpd on
Alternatively, you can use the graphical Service Configuration tool. To do so,
type system-config-services at a command prompt or select Main Menu
System Settings Server Setting Services. add the following line to the
bottom of /etc/vsftpd/vsftpd.conf, the vsftpd configuration file:
listen=YES
This entry configures vsftpd to run as a standalone daemon. The case is
important, so add the line as shown. Start vsftpd:
# service vsftpd start
Finally, try to log in as an anonymous user. You can use a login name of ftp or
anonymous:
$ ftp localhost
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.0.1)
Name (localhost:bubba): ftp
331 Please specify the password.
Password: 230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -a
227 Entering Passive Mode (127,0,0,1,100,97)
150 Here comes the directory listing.
drwxr-xr-x 3 0
0
16 Jan 22 14:17 .
drwxr-xr-x 3 0
0
16 Jan 22 14:17 ..
drwxr-xr-x 2 0
0
6 Oct 04 06:36 pub
226 Directory send OK.
ftp> close
221 Goodbye.
ftp> bye
Advantages of VSFTPD
* Faster login time.
* Uses less memory.
* Allows virtual access on any IP address.
* Better security model.
* Allows virtual user quotas.
* More compatible with software RAID systems.
-----------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------Explain Apache web server with its features?

The Apache Web servers origins are the National Center for Supercomputing
Applications (NCSA) HTTP server (referred to as httpd).
NCSAs httpd was the most popular of the early HTTP servers, and its source
code was in the public domain. After NCSAs active development of their
httpd effectively stopped (late 1994 and early 1995).
A small group of Web administrators who had modified the source code to
address their own site- specific needs or to patch various bugs gathered
together to coordinate their activities and merge their code changes into a
single code free.
Apache Features
Apache is an open-source software project, so anyone can contribute code
for inclusion in the server, although whether such code is accepted is up to
members of the core Apache team. User feedback drives Apaches
development and defines its feature set.
Features include:
Apache is easily extensible using Dynamic Shared Objects (DSOs), more
commonly known as modules. Modules extend Apaches capabilities and new
features without requiring recompilation because they can be loaded and
unloaded at runtime, just as shared program libraries can be dynamically
loaded and unloaded at runtime.
Apache has a rich set of access controls and gives Web site administrators
considerable flexibility in choosing authentication mechanisms. You can use a
simple text file;
a binary database format that supports very large numbers of users without
becoming bogged down executing authentication requests; third-party
databases such as MySQL, PostgreSQL, or Oracle; and even site-wide
authentication methods such as LDAP.
Apache supports virtual hosts, also known as multi-homed servers, which
enables a single machine to provide Web services for multiple domains or IP
addresses (or hostnames).
Apache enables administrators to define multiple directory index files, the
default page to display when a Web client requests a directory URL.
So, for example, the server can return index.html, index.htm, index.php, or
execute a script named index.cgi when a client requests a directory URL,
depending on what Apache finds in the requested directory.
--------------------------------------------------------------------------------------------Creating a Secure Server with SSL
SSL-enabled Web sites use a different URL prefix, https, to indicate that
HTTP protocol request and document transfers are encrypted.
You can create a secure Web server using the Secure Sockets Layer (SSL) to
encrypt communications between your Web server and Web clients
Lamentably, the Internet is a much less secure place than it used to be. If the
Web site you administer will be used for electronic commerce or for
exchanging any type of information that needs to kept private, these
transactions need to be secure.
SSL-enabled Web sites use a different URLprefix, https, to indicate that
HTTPprotocol request and document transfers are encrypted. Youve
probably visited SSL-enabled Web sites yourself
. This section describes how to create a secure Web server using the Secure
Sockets Layer (SSL) to encrypt communications between your Web server
and Web clients.
It gives an overview of SSL, describes how digital certificates fit into the
security picture, and how to create a self-signed certificate.
Afinal section discusses obtaining a digital certificate from a recognized
certificate authority and lists a number of certificate authorities from which
you can obtain a valid certificate.
For more information about SSL and certificate creation, the following online
resources will prove helpful:
Building a Secure RedHat Apache Server HOWTO (www.tldp.org
/HOWTO/SSL-RedHat-HOWTO.html)
SSLCertificates HOWTO (www.tldp.org/HOWTO/SSLCertificatesHOWTO/index.html)
OpenSSLWeb site (www.openssl.org)
--------------------------------------------------------------------------------------------Write a short note on Mailing List?
Mailing lists are an easy, low-maintenance way to allow people who share a
common interest or goal to communicate with each other.
One of the most popular mailing list managers right now is Mailman, the GNU
Mailing List Manager.
There are several reasons for its popularity, but perhaps the chief reason is
that, aside from its initial installation and setup, Mailman can be
administered using a browser-based interface, which makes it ideal for use
by groups whose members or participants are geographically dispersed.
Mailman is also rich in built-in functionality that other mailing list manager
software (such as the venerable Majordomo) requires add-in software to
support, such as:
Automatic bounce processing Automatic message archiving and hooks
for third-party archival solutions Web-based message archive access
Content filtering Digest creation, maintenance, and delivery Excellent
tools for individual and mass membership management Integrated Usenet
gateway Intelligent detection of autoresponse message loops Passwordbased authentication Passwordless handling of certain user tasks Per-list
and per-user-per-list configurability Spam filtering Strong moderation
and privacy controls Subscription blacklists Support for approximately
two dozen languages in its Web pages and email notices
You can find out more about Mailman by reading the documentation installed
in /usr/share/doc/mailman-2.1.5, the README files in /usr/lib /mailman, and
by visiting the project Web site at http://www.list.org.
--------------------------------------------------------------------------------------------/etc/sysconfig/authconfig
The /etc/sysconfig/authconfig file provides settings to /usr/sbin /authconfig,
which is called from /etc/rc.sysinit for the kind of authorization to be used on
the host. The basic syntax for lines in this file is:
USE <service name> =<value>
Some sample lines from the file are shown here. USEMD5=value, where
value is one of the following: yes MD5 is used for authentication. no
MD5 is not used for authentication. USEKERBEROS=value, where value
is one of the following: yes Kerberos is used for authentication. no

Kerberos is not used for authentication. USELDAPAUTH=value, where
value is one of the following: yes LDAPis used for authentication. no
LDAPis not used for authentication.
--------------------------------------------------------------------------------------------/etc/sysconfig/clock
The /etc/sysconfig/clock file controls the interpretation of values read from
the system clock. Currently, the correct values are as follows:
UTC=value, where value is one of the following Boolean values: true
Indicates that the hardware clock is set to Universal Time. Any other value
indicates that it is set to local time. ARC=value, where value is the
following: true Indicates the ARC consoles 42-year time offset is in
effect. Any other value indicates that the normal UNIX epoch is assumed
(for Alpha-based systems only). ZONE=filename Indicates the time zone
file under /usr/share /zoneinfo that /etc/localtime is a copy of, such as:
ZONE= America/New York. Identifies the time zone file copied into /etc
/localtime, such as ZONE=America/New York. Time zone files are stored
in /usr/share/zoneinfo.
--------------------------------------------------------------------------------------------/etc/sysconfig/init
The /etc/sysconfig/init file controls how the system will appear and function
during the boot process. The following values may be used:
BOOTUP=value, where value is one of the following: BOOTUP=color
means the standard color boot display, where the success or failure of
devices and services starting up is shown in different colors.
BOOTUP=verbose means an old-style display, which provides more
information than purely a message of success or failure. Anything else
means a new display, but without ANSI formatting. RES_COL=value, where
value is the number of the column of the screen to start status labels. It
defaults to 60. MOVE_TO_COL=value, where value moves the cursor to the
value in the RES_COL line. It defaults to ANSI sequences output by echo -e.
SETCOLOR_SUCCESS=value, where value sets the color to a color
indicating success. It defaults to ANSI sequences output by echo -e, setting
the color to green. SETCOLOR_FAILURE=value, where value sets the color
to one indicating failure. It defaults to ANSI sequences output by echo -e,
setting the color to red. SETCOLOR_WARNING=value, where value sets the
color to one indicating warning. It defaults to ANSI sequences output by echo
-e, setting the color to yellow. SETCOLOR_NORMAL=value, where value
sets the color to normal. It defaults to ANSI sequences output by echo -e.
LOGLEVEL=value, where value sets the initial console logging level for the
kernel. The default is 7; 8 means everything (including debugging); 1 means
nothing except kernel panics. syslogd will override this once it starts.
PROMPT=value, where value is one of the following Boolean values: yes
Enables the key check for interactive mode. no Disables the key check
for interactive mode.
---------------------------------------------------------------------------------------------
/etc/sysconfig/kudzu
The /etc/sysconfig/kuzdu is used by /etc/init.d/kudzu, and it allows you to
specify a safe probe of your systems hardware by kudzu at boot time. Asafe
probe is one that disables serial port probing. SAFE=value, where value is
one of the following: yes kuzdu does a safe probe. no kuzdu does a
normal probe.
--------------------------------------------------------------------------------------------/etc/sysconfig/mouse
The /etc/sysconfig/mouse file is used by /etc/init.d/gpm to specify information
about the available mouse. The following values may be used:
FULLNAME=value, where value refers to the full name of the kind of mouse
being used. MOUSETYPE=value, where value is one of the following:
microsoft AMicrosoft mouse. mouseman AMouseMan mouse.
mousesystems AMouse Systems mouse. ps/2 APS/2 mouse. msbm
AMicrosoft bus mouse. logibm ALogitech bus mouse. atibm An
ATI bus mouse. logitech ALogitech mouse. mmseries An older
MouseMan mouse. mmhittab An mmhittab mouse.
XEMU3=value, where value is one of the following Boolean values: yes
The mouse has only two buttons, but three mouse buttons should be
emulated. no The mouse already has three buttons.
XMOUSETYPE=value, where value refers to the kind of mouse used when X is
running. The options here are the same as those provided by the
MOUSETYPE setting in this same file. DEVICE=value, where value is the
mouse device. In addition, /dev/mouse is a symbolic link that points to the
actual mouse device.
--------------------------------------------------------------------------------------------/etc/sysconfig/selinux (# means a new point always)
This file is a link to /etc/selinux/config and is used to control selinux on the
system. It contains two settings that control the state of selinux enforcing,
permissive, or disabled and the type of policy, either targeted or strict.
Asample of this file is shown here.
# This file controls the state of SELinux on the system. # SELINUX= can take
one of these three values: #
enforcing - SELinux security policy is
enforced. #
permissive - SELinux prints warnings instead of enforcing. #
disabled - SELinux is fully disabled. SELINUX=permissive # SELINUXTYPE=
type of policy in use. Possible values are: #
targeted - Only targeted
network daemons are protected. #
strict - Full SELinux protection.
SELINUXTYPE=targeted
--------------------------------------------------------------------------------------------/etc/sysconfig/samba
The /etc/sysconfig/sambafile is used to pass arguments to the smbd and the
nmbd daemons at boot time.
The smbd daemon offers file-sharing connectivity for Windows clients on the
network.
The nmbd daemon offers NetBIOSover-IP naming services. For more

information about what parameters you can use in this file, type man smbd.
By default, this file sets smbd and nmbd to run in daemon mode.
--------------------------------------------------------------------------------------------/etc/sysconfig/sendmail
The /etc/sysconfig/sendmail file allows messages to be sent to one or more
recipients, routing the message over whatever networks are necessary.
The file sets the default values for the Sendmail application to run. Its
default values are to run as a background daemon, and to check its queue
once an hour in case something has backed up and stalled the process.
The following values may be used: DAEMON=value, where value is one of
the following Boolean values: yes Sendmail should be configured to
listen to port 25 for incoming mail. yes implies the use of Sendmails -bd
options. no Sendmail should not be configured to listen to port 25 for
incoming mail. QUEUE=1h, which is given to Sendmail as -q$QUEUE. The
-q option is not given to Sendmail if /etc/sysconfig/sendmail exists and
QUEUE is empty or undefined.
--------------------------------------------------------------------------------------------Setting Up the IP Address
The first thing you should do is set an IP address on your network interfaces.
This step provides your computer with an identity on the network.
If you havent set the IP address already in the installation process, you need
to edit the configuration files by hand.
To set the IP address on your first Ethernet interface eth0, edit the /etc/
sysconfig/network-scripts/ifcfg-eth0 file. A copy of this file is shown in Listing
8-7. Insert your interfaces IPaddress on the line that says:
IPADDR=
You should also check that the rest of the lines look all right, but pay special
attention to the following two lines:
BROADCAST=192.168.1.255
NETMASK=255.255.255.0
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.1.255
IPADDR=192.168.1.10
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
USERCTL=no
Listing 8-7 The /etc/sysconfig/network-scripts/ifcfg-eth0 file
--------------------------------------------------------------------------------------------Configuring Dual Monitors
In Fedora Core or Enterprise Linux, you can use two video cards and monitors
on your system if you desire. To configure a second video card and monitor,
do the following:
1. On Enterprise Linux 4 choose Applications System Settings Display to

open the Display Settings dialog box. On Fedora Core 4 choose Desktop
System Settings Display to open the Display Settings dialog box.
2. Click the Dual Head tab, shown in Figure 9-5, in the Display Settings dialog
box.
3. Select the Use Dual Head check box.
4. Click the Configure button (next to the Second Monitor Type), choose your
monitor from the list, and then click OK.
5. Enter the appropriate information for the video card type, display
resolution, and color depth.
6. Select whether you want individual desktops on each display or a single
desktop spanning both displays by selecting the appropriate choice.
7. Click OK twice to exit the configuration tool.
--------------------------------------------------------------------------------------------System configuration files in the /etc/sysconfig directory
APMD
apmd contains configuration information for the advanced power
management daemon to follow. This is most useful for laptops rather than
servers, since it contains lots of settings to suspend your linux machine, and
restore it again.
CLOCK
This file contains information on which time zone the machine is set to, and
whether or not it is using Greenwich Mean Time for its system clock time.
AMD
amd is the file system automounter daemon. It automatically mounts an
unmounted file system whenever a file or directory within that file system is
accessed.
UPS
This file contains information on what UPS is attached to your system. You
can specify your UPS model, to make it easier for the Linux system to
communicate with your UPS when the UPS needs to shut down the system.
--------------------------------------------------------------------------------------------Classless Interdomain Routing (CIDR)
1. CIDR was invented several years ago to keep the Internet from running out
of IP addresses.
2. The class system of allocating IP addresses can be very wasteful. Anyone
who could reasonably show a need for more than 254 host addresses was
given a Class B address block of 65,533 host addresses.
3. Even more wasteful was allocating companies and organizations Class A
address blocks, which contain over 16 million host addresses.
4. People realized that addresses could be conserved if the class system was
eliminated. By accurately allocating only the amount of address space that
was actually needed, the address space crisis could be avoided for many
years.
5. This solution was first proposed in 1992 as a scheme called supernetting.
Under supernetting, the class subnet masks are extended so that a network
address and subnet mask could, for example, specify multiple Class C
subnets with one address.
6. For example, if you needed about a thousand addresses, you could
supernet 4 Class C networks together.
7. CIDR will probably keep the Internet happily in IP addresses for the next
few years at least.
8. After that, IPv6, with 128 bit addresses, will be needed. Under IPv6,0 even
careless address allocation would comfortably enable a billion unique IP
addresses for every person on earth
----------------------------------------------------------------------------------How to Add a New User in Linux
To add/create a new user, all youve to follow the command useradd or
adduser with username. The username is a user login name, that is used
by user to login into the system.
Only one user can be added and that username must be unique (different
from other username already exists on the system).
For example, to add a new user called tecmint, use the following command.
[root@tecmint ~]# useradd tecmint
When we add a new user in Linux with useradd command it gets created in
locked state and to unlock that user account, we need to set a password for
that account with passwd command.
[root@tecmint ~]# passwd tecmint
Changing password for user tecmint.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
Once a new user created, its entry automatically added to the /etc/passwd
file. The file is used to store users information and the entry should be.
tecmint:x:504:504:tecmint:/home/tecmint:/bin/bash
The above entry contains a set of seven colon-separated fields, each field
has its own meaning. Lets see what are these fields:
Username: User login name used to login into system. It should be between
1 to 32 charcters long.
Password: User password (or x character) stored in /etc/shadow file in
encrypted format.
User ID (UID): Every user must have a User ID (UID) User Identification
Number. By default UID 0 is reserved for root user and UIDs ranging from 199 are reserved for other predefined accounts. Further UIDs ranging from
100-999 are reserved for system accounts and groups.
Group ID (GID): The primary Group ID (GID) Group Identification Number
stored in /etc/group file.
User Info: This field is optional and allow you to define extra information
about the user. For example, user full name. This field is filled by finger
command.
Home Directory: The absolute location of users home directory.
Shell: The absolute location of a users shell i.e. /bin/bash.
---------------------------------------------------------------------------------------Enabling CGI
CGI, the Common Gateway Interface, is a protocol that defines a standard
method enabling Web servers to communicate with external programs.
These programs are known as CGI scripts, CGI programs, or, more
colloquially, just CGIs.
The ScriptAlias directive associates a directory name with a file system path,
which means that Apache treats every file in that directory as a script. If not
present add the following directive to httpd.conf:
ScriptAlias /cgi-bin/ /var/www/cgi-bin
This directive tells Apache that any URL beginning with /cgi-bin/ should be
served from /var/www/cgi-bin. Thus, given a URL of http://localhost/cgibin/cgiscript.pl or http://your.server.name/cgi-bin/cgiscript.p1, Apache reads
and executes the script /var/www /cgi-bin/cgiscript.pl.
#!/usr/bin/perl
Print Content-type: text/html\r\n\r\n;
Print <html>\n; Print <head>\n;
Print <title> CGI Page Test</title\n;
Print <link rel=stylesheet type=text/css href=rhlnsa3.css>\n;
Print </head>\n ;
Print <body>\n;
Print <h1>PHP test page</h1>\n;
Print <div id=content>\n;
Print <html>\n;
Print <head>\n;
Print <title> CGI Page Test</title\n;
Print <link rel=stylesheet type=text/css href=rhlnsa3.css>\n;
Print </head>\n ;
Print <body>\n;
Print <h1>PHP test page</h1>\n;
Print <div id=content>\n;
Save this script as cgitest.pl, make it executable (chmod 755 cgitest p1),
and then put it in /var/www/cgi -bin.
Finally, open the URL http: //localhost/cgi-bin/cgitest.pl if accessing the
server locally or http://your.server.name/cgi-bin/cgitest.pl if accessing the
server remotely, replacing your.server.name with the name of your Web
server.
------------------------------------------------------------------------------------------------------Enabling PHP
PHI is an extremely popular and capable HTML scripting language. As
shipped in Fedora Core and RHEL, PHP is enabled and ready to run, so this
section simply presents a short PHP script you can use to make sure that PHP
is working properly.
Create the PHP script shown in Listing below, and save it as
/var/www/html/tests/phptest.php.
<html>
<head>
<title> PHP test page</title>
<link rel=stylesheet type=text/css href=rhlnsa3.css>
</head>
<body>
<h1>PHP test page</h1>
<div id=content>
<pre>
<? php
system(ls lh /var/www); ?>
</pre>
</div>
<? php include (footer.html); ?>
</body>
</html>
Open the document in your Web browser, using the URL
http://localhost/tests/phptest.shtml if accessing the server locally or
http://your.server.name/tests/phptest.php if accessing the server remotely,
replacing your.server.name with the name of your Web server.
The PHP script uses the system () function to invoke is -lh/var/www, which in
turn displays the file listing.
------------------------------------------------------------------------------------------Explain RPM Query commands with Options?
<name>-<version>-<release>.<arch>.rpm
Name: name of the software package.
Version: version of the software package.
Release: release version of the RPM.
Arch: architecture (i 386, noarch, nc, etc.)
If Arch is SEC, RPM contains source code for
building the package.
RPM options Syntax:
rpm -i [options ]
(also rpm install)
rpm -U [options ] (also rpm --upgrade)
rpm -e [options ] (also rpm --uninstall)
rpm -q [options (also rpm query)
rpm -V [options (also rpm --verify)
RPM Command Options
-i : install a package
-v : verbose
-h : print hash marks as the package archive
is unpacked.
-q query operation
-a queries all installed packages
-f : file name
-d : refers documentation.
-p : specify a package name

I : list the files in the package
------------------------------------------------------------------------------------Explain memory file system and its use?
CRAMFS
cramfs is designed to cram a file system onto a small flash memory device,
so it is small, simple, and able to compress things well. The largest file size is
16 MB, and the largest file system size is 256 MB.
Since cramfs is so compressed, it isnt instantly updateable. The mkcramf s
tool needs to be run to create or update a cramfs disk image.
The image is created by compressing files one page at a time, so this
enables random page access. The metadata is not compressed, but it has
been optimized to take up much less space than other file systems. For
example, only the low 8 bits of the GID are stored. This saves space but also
presents a potential security issue.
TMPFS
tmpfs is structured around the idea that whatever is put in the /tmp file
system is accessed again shortly. tmpfs exists solely in memory, so what you
put in /tmp doesnt persist between reboots.
Mounting a special-purpose file system on / trap as an in-memory file system
is a performance boost but is rarely done in Linux because of the
performance available from the traditional Linux file system. But for those
who feel that they need the performance gains from storing /tmp in memory,
this option is now available in Linux.
RAMFS
ramfs is basically cramfs without the compression.
/DEV/PTS
a. /dev/pts is a lightweight version of devfs. Instead of having all the device
files supported in the virtual file system, it provides support for only virtual
pseudo terminal device files. /dev/pts was implemented before devfs.
DEVFS
a. The Device File System (devfs) is another way to access real character
and block special devices on your root file system.
b. The old way used major and minor numbers to register devices. devfs
enables device drivers to register devices by name instead.
-------------------------------------------------------------------------Explain IP address,net Masking,Subnetting?
An Internet Protocol address (IP address) is a numerical label assigned to
each device (e.g., computer, printer) participating in a computer network
that uses the Internet Protocol for communication. An IP address serves two
principal functions: host or network interface identification and location
addressing. Its role has been characterized as follows: "A name indicates
what we seek. An address indicates where it is. A route indicates how to get
there."
The designers of the Internet Protocol defined an IP address as a 32-bit
number and this system, known as Internet Protocol Version 4 (IPv4), is still
in use today. However, because of the growth of the Internet and the
predicted depletion of available addresses, a new version of IP (IPv6), using
128 bits for the address, was developed in 1995. IPv6 was standardized as
RFC 2460 in 1998, and its deployment has been ongoing since the mid2000s.
IP addresses are usually written and displayed in human-readable notations,
such as 172.16.254.1 (IPv4), and 2001:db8:0:1234:0:567:8:1 (IPv6).
Subnet mask:-A Subnet mask is a 32-bit number that masks an IP address,
and divides the IP address into network address and host address. Subnet
Mask is made by setting network bits to all "1"s and setting host bits to all
"0"s. Within a given network, two host addresses are reserved for special
purpose, and cannot be assigned to hosts. The "0" address is assigned a
network address and "255" is assigned to a broadcast address, and they
cannot be assigned to hosts.
Subnet Mask
255.255.240.000
11111111.11111111.11110000.00000000
IP Address 150.215.017.009 10010110.11010111.00010001.00001001
Subnet Address 150.215.016.000
10010110.11010111.00010000.00000000
The subnet address, therefore, is 150.215.016.000.
subnetting:-Subnetting enables the network administrator to further divide
the host part of the address into two or more subnets. In this case, a part of
the host address is reserved to identify the particular subnet. This is easier to
see if we show the IP address in binary format.
The full address is:
10010110.11010111.00010001.00001001
The Class B network part is:
10010110.11010111
The host address is:
00010001.00001001
If this network is divided into 14 subnets, however, then the first 4 bits of the
host address (0001) are reserved for identifying the subnet.
---------------------------------------------------------------------------------Write a syntax for create new user,modify and delete user?
To add/create a new user, all youve to follow the command useradd or
adduser with username. The username is a user login name, that is used
by user to login into the system.
Only one user can be added and that username must be unique (different
from other username already exists on the system).
For example, to add a new user called tecmint, use the following command.
[root@tecmint ~]# useradd tecmint
When we add a new user in Linux with useradd command it gets created in
locked state and to unlock that user account, we need to set a password for
that account with passwd command.
[root@tecmint ~]# passwd tecmint
Changing password for user tecmint.
New UNIX password:

passwd: all authentication tokens updated successfully.
Once a new user created, its entry automatically added to the /etc/passwd
file. The file is used to store users information and the entry should be.
tecmint:x:504:504:tecmint:/home/tecmint:/bin/bash
userdel command examples(remove user/delete user)
To remove the user named vivek or account named vivek from the local
Linux system / server / workstation, enter:
# userdel vivek
To remove the users home directory and mail spool pass the -r option to
userdel, enter:
# userdel -r vivek
The above command will remove all files along with the home directory itself
and the users mail spool. Please note that files located in other file systems
will have to be searched for and deleted manually. Pass the -f option orce
removal of files, even if not owned by user:
# userdel -r -f vivek
To remove any SELinux user mapping for the user pass the -Z option:
# userdel -Z -r -f vivek
Modify user
usermod Modify user login accounts
----------------------------------------------------------------------------------How to Install application and configure in Linux?
In both theoperating system you can simply click it and it will ask you some
very basic configuration questions like, do you accept the licence agreement
or the directory you want to install the software to. Although in Linux, It
seems tough to install the programs/softwares but It's not true.
The second package manager format is DEB, stands for Debian. Debian
packages and the APT (Advanced Packagin Tool) has made advanced
features that are now commonly used, like, automatic dependency resolution
and signed packages.
APT For Debian based distributions, like, Ubuntu, Linux Mint etc.
The APT is the tool, commonly used to install packages, remotely from the
software repository. In short it's a simple command based tool that you use
to install files/softwares.
Complete command is apt-get and it's the easiest way to install
files/Softwares packages. This easy tools informs you about packages that
are currently being installed and also it informs you about the packages that
are available in repositories.
apt-get install ${packagename}
To remove/uninstall any software, just use remove
apt-get remove ${packagename}
The software packages are somewhere in the online repositoies, APT handles
a local database on the user's hard drive that contains informations about
the available packages and where they are located.
So when the types the command, apt-get install conky, the APT will start
finding the package named conky in the database and will install conky once
user types 'y' (yes). To get the all newly uploaded packages on the
repositories, user need to update APT regularly.
To update APT database:
apt-get update
To update the APT database and also upgrade the security updates and
patches that might be available for some installed softwares, users may do it
at once just by using the commands like this:
apt-get update; apt-get upgrade
And remember all of the package management tools I am discussing, will
need user to be in root or superuser, for example to install software in debian
based distributions you will use apt-get followed by sudo then It will ask you
to enter password.
sudo apt-get install conky
sudo apt-get remove conky
sudo apt-get update
Insert password to install any package

-----------------------------------------------------------------------------------Network Configuration Files in /etc/sysconfig/network-scripts
You can use the files in this directory to set the parameters for the hardware
and software used for networking. The scripts contained here are used to
enable network interfaces and set other network-related parameters.
ifcfg-networkinterfacename
A few files fall into this specification. Red Hat specifies a separate
configuration file for each network interface. In a typical Red Hat install, you
might have many different network interface config files that all follow the
same basic syntax and format. You could have ifcfg-eth0 for your first
Ethernet interface, ifcfgirlan0 for your infrared network port, ifcfg-lo for the
network loopback interface, and ifcfg-ppp0 for your PPPnetwork interface.
ifup and ifdown
These files are symlinks to /sbin/ifup and /sbin/ifdown. In future releases,
these symlinks might be phased out. But for now, these scripts are called
when the network service is started or stopped.
In turn, ifup and ifdown call any other necessary scripts from within the
network-scripts directory. These should be the only scripts you call from this
directory. You call these scripts with the name of the interface that you want
to bring up or down. If these scripts are called at boot time, then boot is used
as the second argument. For instance, to bring your Ethernet interface down
and then up again after boot, you would type:
ifup eth0 ifdown eth0
-------------------------------------------------------------------------------Which Command is used to change the expiration Policy for user
Password?explain.
As shown below, any user can execute the chage command for himself to
identify when his password is about to expire.
Syntax: chage -list username (or) chage -l username
$ chage --list dhinesh
Last password change
: Apr 01, 2009
Password expires
: never
Password inactive
: never
Account expires
: never
Minimum number of days between password change
:0
Maximum number of days between password change
: 99999
Number of days of warning before password expires
:7
If user dhinesh tries to execute the same command for user ramesh, hell get
the following permission denied message.
$ chage --list ramesh
chage: permission denied
Note: However, a root user can execute chage command for any user
account.
When user dhinesh changes his password on Apr 23rd 2009, it will update
the Last password change value as shown below.
$ date
Thu Apr 23 00:15:20 PDT 2009
$ passwd dhinesh
Enter new UNIX password:
passwd: password updated successfully
$ chage --list dhinesh
: Apr 23, 2009
Password expires
: never
Password inactive
: never
Account expires
: never
:0
: 99999
:7
-------------------------------------------------------------------------------------How to disable password aging for an user account
To turn off the password expiration for an user account, set the following:
-m 0 will set the minimum number of days between password change to 0
-M 99999 will set the maximum number of days between password change
to 99999
-I -1 (number minus one) will set the Password inactive to never
-E -1 (number minus one) will set Account expires to never.
# chage -m 0 -M 99999 -I -1 -E -1 dhinesh
# chage --list dhinesh
: Apr 23, 2009
Password expires
: never
Password inactive
: never
Account expires
: never
:0
: 99999
:7
-------------------------------------------------------------------------------------------POSTFIX MAIL SERVER
1. Postfix is a mail transport agents used every day at sites that handle
thousands and tens of thousands of messages per day.
2. The best part is that Postfix is fully compatible with Sendmail at the
command level.
3. The similarity is deliberate, for Postfix was designed to be a
highperformance, easier-to-use replacement for Sendmail.
Configuring Postfix
1. The configuration file is /etc/postfix/main.cf . The following variables need
to be checked or edited a. Domain name: mydomain =example.com
b. Local machine domain: myhostname=coondog.example.com
c. Domain name appended to unqualified addresses myorigin=$mydomain
This causes all mail going out to have your domain name appended.
d. The mydestination variable tells Postfix what addresses it should deliver
locally. mydestination=$myhostname, localhost, localhost.$mydomain
2. Postfix supports a larger number of configuration variables than the four
just listed, but these are the mandatory changes you have to make.
3. Create or modify /etc/aliases file : At the very least, you need aliases for
Postfix, postmaster, and root in order for mail sent to those addresses to get
to a real person. Example : postfix: root postmaster: root root: bubba
4. After creating or modifying the aliases file, regenerate the alias database
using Postfixs newaliases command. /usr/sbin/newaliases
5. The last step is to start Postfix: # service postfix start Starting postfix:
[ OK ]
-------------------------------------------------------------------------------------------Explain the following value of allow overide directive of<Directory>
block of FTP Server Config-File
All The same as specifying AuthConfig FileInfo Limit
AuthConfig User access directives
FileInfo Document type direcives
Limit Host access directives
None No directives can be overridden on a per-directive basis
--------------------------------------------------------------------------------------------EDQUOTA
The primary command to edit quotas is edquota. The use of the command is
simple. Let's say you want to edit a quota for the user stephanie. The
command would be:
edquota -t
When you run this command, you will see something similar to:
Filesystem Block grace

period Inode grace period
/dev/VolGroup00/LogVol02
7days 7days
Change the number of days under Block and Inode to suit your needs. Make
sure the format is exactly as you see it above (no space in 7days). Note that
you can set up this grace period for days, hours, minutes, or seconds.
-----------------------------------------Create the Database Files
Although your system now knows that quotas are enabled, it has no idea
what to do with that feature. Before quotas can actually be enforced, we
have to use the quotacheck command will build a table of the current disk
usage of the file systems.
To create the tables we issue the quotacheck command with the -c option
and the option that instructs quotacheck if we are enabling quotas for
groups, users, or both. So, for enabling quotas for users only, our command
looks like:
quotacheck -cu /home
Now we run the command again, replacing the -c option with the -av options:
-a Check all locally mounted, quota-enabled partitions.
-v Use verbose output.
Our new command looks like:
quotacheck -avu
Now the database has the necessary data it needs to use quotas. We're not
done yet, though. We still have to configure a per-user quota.
---------------------------------------Disk Quota Reports
Every once in a while you will want to see a report on quota usage. There is a
simple to use command for this:
repquota -a
This command will give you all of the information you need to know where
each user is with regards to their set disk quotas.
-----------------------------------------------------------------------------------------------------Write the Purpose of te following VSFTPD Configuration files
anonymous_enable When enabled, anonymous users are allowed to log
in. The usernames anonymous and ftp are accepted.
The default value is YES.
Anonymous User Options
The following is a list of directives which control anonymous user access to
the server. To use these options, the anonymous_enable directive must be
set to YES.
anon_mkdir_write_enable When enabled in conjunction with the
write_enable directive, anonymous users are allowed to create new
directories within a parent directory which has write permissions.The default
value is NO.
anon_root Specifies the directory vsftpd changes to after an anonymous

user logs in.
There is no default value for this directive.
anon_upload_enable When enabled in conjunction with the write_enable
directive, anonymous users are allowed to upload files within a parent
directory which has write permissions.
The default value is NO.
anon_world_readable_only When enabled, anonymous users are only
allowed to download world-readable files.
The default value is YES.
ftp_username Specifies the local user account (listed in /etc/passwd)
used for the anonymous FTP user. The home directory specified in
/etc/passwd for the user is the root directory of the anonymous FTP user.
The default value is ftp.
no_anon_password When enabled, the anonymous user is not asked for
a password.
-----------------------------------------------------------------write_enable When enabled, FTP commands which can change the file
system are allowed, such as DELE, RNFR, and STOR.
-----------------------------------------------------------------ftpd_banner When enabled, the string specified within this directive is
displayed when a connection is established to the server. This option can be
overridden by the banner_file directive.
By default vsftpd displays its standard banner.
-----------------------------------------------------------------banned_email_file If the deny_email_enable directive is set to YES, this
directive specifies the file containing a list of anonymous email passwords
which are not permitted access to the server.
The default value is /etc/vsftpd.banned_emails.
-----------------------------------------------------------------local_enable When enabled, local users are allowed to log into the
system.
---------------------------------------------------------------------------------chown_username Specifies the ownership of anonymously uploaded files
if the chown_uploads directive is enabled.
The default value is root.
------------------------------------------------------------------------------------------------------------Explain the Usages of
Logrotate.conf,Grub.conf,issues,aliases,syslog.conf?
Logrotate.conf : logrotate.conf and the files within the logrotate.d
directory determine how often your log files are rotated by the logrotate
program. Log rotation refers to the process of deleting older log files and
replacing them with more recent ones. logrotate can automatically rotate,
compress, remove, and mail your log files. Log files can rotated based on
size or on time, such as daily, weekly or monthly.
Syslog.conf: This daemon logs any notable events on your local system. It
can store logs in a local file or send them to a remote log host for added
security. It can also accept logs from other machines when acting as a
remote log host. These options and more, such as how detailed the logging
should be are set in the syslog.conf file. a. Authentication previlege
messages contain somewhat sensitive information so they are logged to
/var/log/secure. That file can be read by root only, whereas
/var/log/messages is sometimes set to be readable by everyone .
grub.conf : The /etc/grub.conf file is a symbolic link to the actual file that is
located in /boot/grub/grub.conf file.
Issue : Whatever is in this file shows up as a prelogin banner on your
console.
Issue.net : This file generally contains the same thing as /etc/issue. It shows
up when you attempt to telnet into the system.
aliases: /etc/aliases is the email aliases file for the Sendmail program, and
Postfix uses /etc/postfix/aliases a. For example root user mail box can be
alias as b. root: taleen c. Root: taleen@buffy.xena.edu
-----------------------------------------------------------------------------------------How does GRUB work?
When a computer boots, the BIOS transfers control to the first boot device,
which can be a hard disk, a floppy disk, a CD-ROM, or any other BIOSrecognized device. We'll concentrate on hard disks, for the sake of simplicity.
The first sector on a hard is called the Master Boot Record (MBR). This sector
is only 512 bytes long and contains a small piece of code (446 bytes) called
the primary boot loader and the partition table (64 bytes) describing the
primary and extended partitions.
By default, MBR code looks for the partition marked as active and once such
a partition is found, it loads its boot sector into memory and passes control
to it.
GRUB replaces the default MBR with its own code.
Furthermore, GRUB works in stages.
Stage 1 is located in the MBR and mainly points to Stage 2, since the MBR is
too small to contain all of the needed data.
Stage 2 points to its configuration file, which contains all of the complex
user interface and options we are normally familiar with when talking about
GRUB. Stage 2 can be located anywhere on the disk. If Stage 2 cannot find
its configuration table, GRUB will cease the boot sequence and present the
user with a command line for manual configuration.
Stage 1.5 also exists and might be used if the boot information is small
enough to fit in the area immediately after MBR.
The Stage architecture allows GRUB to be large (~20-30K) and therefore
fairly complex and highly configurable, compared to most bootloaders, which
are sparse and simple to fit within the limitations of the Partition Table.
-------------------------------------------------------------------------------------------------LOGICAL VOLUMES
1. Logical Volume Manager (LVM) enables you to be much more flexible with
your disk usage than you can be with conventional old-style file partitions.
2. Normally if you create a partition, you have to keep the partition at that
size indefinitely.
3. For example, if your system logs have grown immensely, and youve run
out of room on your /var partition, increasing a partition size without LVM is a
big pain. You would have to get another disk drive, create a /var mount point
on there too, and copy all your data from the old /var to the new /var disk
location.
4. With LVM in place, you could add another disk, and then assign that disk to
be part of the /var partition. Then youd use the LVM file system resizing tool
to increase the file system size to match the new partition size.
5. Normally you might think of disk drives as independent entities, each
containing some data space but when you use LVMs, you need a new way of
thinking about disk space.
6. First you have to understand that space on any disk can be used by any
file system. A Volume Group is the term used to describe various disk spaces
(either whole disks or parts of disks) that have been grouped together into
one volume.
7. Volume groups are then bunched together to form Logical volumes.
8. Logical volumes are akin to the historic idea of partitions. You can then use
a file system creation tool such as fdisk to create a file system on the logical
volume.
9. The Linux kernel sees a logical volume in the same way it sees a regular
partition.
10. Some Linux tools for modifying logical volumes are pvcreate for creating
physical volumes, vgcreate for creating volume groups, vgdisplay for
showing volume groups, and mke2fs for creating a file system on your logical
volume.
---------------------------------------------------------------------------------------------USES OF NFS
use of NFS is to provide centralized storage for users home directories.
Many sites store users home directories on a central server and use NFS to
mount the home directory when users log in or boot their systems.
Usually, the exported directories are mounted as /home/username on the
local (client) systems,
but the export itself can be stored anywhere on the NFS server, for example,
/exports/users/username. Figure 12-1 illustrates both of these NFS uses.
-------------------------------------------------------------------------------------------------What are different CLasses of IP Address
-------------------------------------------------------------------------------------------------What is the use of Samba Server?and how to enable and disable it.
Samba is software that can be run on a platform other than
Microsoft Windows, for example, UNIX, Linux, IBM System 390,
OpenVMS, and other operating systems.
-------------------------------------------------------------------------------------------------IFCONFIG command with example
ifconfig is used to configure, or view the configuration of, a network
interface.
ifconfig stands for "interface configuration". It is used to view and change the
configuration of the network interfaces on your system.
Running the ifconfig command with no arguments, like this:
ifconfig
will display information about all network interfaces currently in
operation. The output will resemble the following:
The ifconfig command will display the configuration of all active

Ethernet card. Without specifying any parameter this command will
show all active Ethernet card.
---------------------------------------------------------------------------------------------------RC SCRIPTS
1. The /etc/inittab file specifies which scripts to run when runlevels change.
2. These scripts are responsible for either starting or stopping the services
that are particular to the runlevel.
3. Because of the number of services that need to be managed, rc scripts are

used.
4. The main one, /etc/rc.d/rc, is responsible for calling the appropriate scripts
in the correct order for each runlevel.
5. Such a script could easily become extremely uncontrollable to keep this
from happening, a slightly more elaborate system is used.
6. For each runlevel, a subdirectory exists in the /etc/rc.d directory.
7. These runlevel subdirectories follow the naming scheme of rc X .d, where
X is the runlevel. For example, all the scripts for runlevel 3 are in
/etc/rc.d/rc3.d.
8. In the runlevel directories, symbolic links are made to scripts in the
/etc/rc.d/init.d directory.
9. Instead of using the name of the script as it exists in the /etc/rc.d/init.d
directory, however, the symbolic links are prefixed with an S, if the script is
to start a service, or with a K, if the script is to stop (or kill) a service.
10. These two letters are casesensitive. You must use uppercase letters, or
the startup scripts will not recognize them.
11. In many cases, the order in which these scripts are run makes a
difference. For example, you cant start services that rely on a configured
network interface without first enabling and configuring the network
interface.
--------------------------------------------------------------------------------Disk Partitioning
To see how your Linux disks are currently partitioned and what file systems
are on them, look at the /etc/fstab file.
Partitioning an x86 machine
1. When partitioning an x86 PC, you need to be mindful of the limitations
present in the x86 architecture.
2. You are allowed to create 4 primary partitions, Primary partitions are the
only partitions that are bootable.
3. You can create more partitions if you make logical partitions, Logical
partitions are set into a primary partition.
4. So if you choose to make logical partitions, you are allowed to make only
three primary partitions for operating system use, and the fourth partition is
dedicated to hosting the logical partitions.
Mounting other OS partitions/slices
1. Not only can Linux read other operating systems file systems, it can also
mount disk drives from other systems and work with their partition tables.
2. However, it is necessary to compile two options into the kernel to do this.
3. You must have the file system support and the file partitioning support
turned on in the kernel.
4. Usually file system support is compiled as a module by default, but disk
partition support usually has to be explicitly compiled.
----------------------------------------------------------------------2) EXT2
ext2 has become the standard file system for Linux. It is the next generation
of the ext file system. The ext2 implementation has not changed much since
it was introduced with the 1.0 kernel back in 1993.
Since then there have been a few new features added. One of these was
sparse super blocks, which increases file system performance.
ext2 was designed to make it easier for new features to be added, so that it
can constantly evolve into a better file system. Users can take advantage of
new features without reformatting their old ext2 file systems.
ext2 also has the added bonus of being designed to be POSIX compliant.
New features that are still in the development phase are access control lists,
undelete, and on-the-fly compression.
ext2 is flexible, can handle file systems up to 4TB large, and supports long
filenames up to 1,012 characters long.
In case user processes fill up a file system, ext2 normally reserves about 5
percent of disk blocks for exclusive use by root so that root can easily
recover from that situation. Modern Red Hat boot and rescue diskettes now
use ext2 instead of minix.
EXT3
i) The extended 3 file system is a new file system introduced in Red Hat 7.2.
ext3 provides all the features of ext2, and also features journaling and
backward compatibility with ext2.
The backward compatibility enables you to still run kernels that are only
ext2 aware with ext3 partitions.
ii) You can upgrade an ext2 file system to an ext3 file system without losing
any of your data. This upgrade can be done during an update to Red Hat 7.2.
iii) ext3 support comes in kernels provided with the Red Hat 7.2 distribution.
If you download a kernel from somewhere else, you need to patch the kernel
to make it ext3 aware, with the kernel patches that come from the Red Hat
ftp site.
It is much easier to just stick with kernels from Red Hat.
iv) ext3s journaling feature speeds up the amount of time it takes to bring
the file system back to a sane state if its not been cleanly unmounted (that
is, in the event of a power outage or a system crash).
----------------------------------------------------------------------------------------Bootstrapping
When a computer is turned on, the computer's BIOS finds the
primary bootable device (usually the computer's hard disk) and
loads the initial bootstrap program from the master boot record
(MBR), the first 512 bytes of the hard disk, then transfers control to
this code.
Bootstrapping done in following two phase.
1) Kernel Loading
i) Once GRUB has started and you have selected Linux as the operating
system to boot, the first thing to get loaded is the kernel.
ii) No operating system exists in memory at this point, and PCs (by their
unfortunate design) have no easy way to access all of their memory.
iii) Thus, the kernel must load completely into the first megabyte of available
random access memory (RAM), In order to accomplish this, the kernel is
compressed.
iv) The head of the file contains the code necessary to bring the CPU into
protected mode (thereby removing the memory restriction) and decompress
the remainder of the kernel.
2) Kernel Execution
i) With the kernel in memory, it can begin execution, It knows only whatever
functionality is built into it, which means any parts of the kernel compiled as
modules are useless at this point.
ii) At the very minimum, the kernel must have enough code to set up its
virtual memory subsystem and root file system (usually, the ext3 file
system).
iii) Once the kernel has started, a hardware probe determines what device
drivers should be initialized.
iv) From here, the kernel can mount the root file system, root system is same
as that of C drive in windows OS.
v) The kernel mounts the root file system and starts a program called init.
---------------------------------------------------------What is Kernel?
The kernel of UNIX is the hub of the operating system: it allocates
time and memory to programs and handles the filestore and
communications in response to system calls.
------------------------------------------------------------------What is RUNLEVELS list various runlevels and explain them?
The term runlevel has been used a few times so far in this chapter and now
is a good time to learn more about runlevels and why they are used.
There are typically eight runlevels on Linux systems, but we are only
interested in the seven used on Fedora Core or Enterprise Linux systems.
Each of the runlevels has a set of processes associated with that runlevel
that will be started by entering that runlevel.
The runlevels on a Fedora Core or Enterprise Linux system and their purpose
are:
0 Halt 1 Single-user mode 2 Not used (user-definable) 3
Full multiuser mode (without a graphical user interface, GUI) 4 Not used
(user-definable) 5 Full multiuser mode (with a GUI) 6 Reboot
The /etc/inittab file controls the default runlevel for the system to use when
it boots.
1. The init process is the first non-kernel process that is started, and,
therefore, it always gets the process ID number of 1.
2. init reads its configuration file, /etc/inittab, and determines the runlevel
where it should start.
3. Essentially, a runlevel dictates the systems behavior.
4. Each level (designated by an integer between 0 and 6) serves a specific
purpose.
5. A runlevel of initdefault is selected if it exists; otherwise, you are

prompted to supply a runlevel value.
----------------------------------------------------------------------------------Squid Installation / Configuration of Squid
The configuration process includes the following steps:
Verify the kernel configuration 2. Configuration Squid 3. Modifying Netfilter
configuration. 4. Starting Squid 5. Testing the configuration.
Verifying Kernel Configuration
i) We use term Verifying Kernel Configuration because we use various kernel
features such as IP forwording and Netfilter in Squid cofuguration.
ii) Netfilter is important because it supports various features like IP Table,
Connection Tracking, Full NAT(Network Address Translation) and support for the
redirect target.
iii) Here check ip forwarding : Command: # sysctl n nst.ipv4.ip_forward 1
iv) Above command check ip forwarding is enabled or not, if output returns 1 it
means ip forwarding is enabled else if output return 0 it means ip forwarding is
disabled.
v) If it return 0 then we need to enable it using command : # sysct1 w net.ipv4.
ip_forward = 1 O/P : net.ipv4. ip_forward = 1
Configuring Squid
i) The Squid configuration file on Fedora Core and RHEL, system is
/etc/squid/squid.conf.
ii) The initialization script that controls Squid is /etc/rc.d/init.d/squid, which reads default
values from /etc/sysconfig/squid.
iii) Useful command with Squid
Modifying Netfilter
i) Modifying your netfilter firewall rules is an optional step.
ii) If we are not using netfilter to maintain a firewall or provide LAN access to internet
then its completely optional step.
Starting Squid
i)
To start Squid # service squid start O/P : Starting Squid:
ii)
ii) To start and stop automatically: # chkconfig level 0123456 squid off #
chkconfig level 345 squid on
Testing the Configuration
i) You first configure the Web browser.
ii) If you are using Firefox, select Edit Preferences to open Preferences dialog box.
iii) On general tab, click Connection Settings to open Connection Settings dialog box,
then click Manual proxy configuration radio button and type the hostname or IP address
of the proxy server in the HTTP Proxy text box. Type 3128 in the accompanying Port
text box.
iii)
Click ok to close the Connection Settings dialog box and OK again to save
your changes and close the Preferences dialog box
Configuring the Time Server
You will need to do the following tasks in order to configure time server :
1. Install the NTP software. 2. Locate suitable time servers to server as reference
clocks. 3. Configure your local time server. 4. Start the NTP daemon on the local time
server. 5. Make sure that the NTP daemon responds to requests.
Installing NTP
1. Installing NTP software is simple. Use the rpmquery command to make sure that the
ntp package is installed:
2. Example : $ rpmquery ntp Output : Ntp-4.2.0.a.20040617-4
3. If installed, version name will get displayed. If the ntp package isnt installed, install it
using the installation tool of your choice before proceeding.
Selecting Reference Clocks
1. NTP is also hierarchical and organizes time servers into several strata(levels) to
reduce the load on any given server, or set of servers.
2. Stratum 1 servers are referred to as primary server, stratum 2 servers as secondary
servers, and so on.
There are more secondary servers than primary servers, Secondary servers sync to
primary servers, and clients sync to secondary or tertiary servers.
4. NTP also provides for syncing to pool servers, a large class of publicity accessible
secondary servers maintained as a public service for use by the Internet connected
computing community at large.
5. You can check all pool servers using following command $ host pool.ntp.org
Procedure for configuration of NTP Server 1. Add the following lines to /etc/ntp.conf:
broadcast 224.0.1.1 autokey crypto pw serverpassword keysdir /etc/ntp
2. Generate the key files and certificates using the following commands: # cd /etc/ntp #
ntp keygen T I p serverpassword
3. If ntpd is running, restart it: # service ntpd restart
4. If ntpd is not running, start it: # service ntpd start
5. Use the following chkconfig commands to make sure that ntpd starts in at boot time
and in all multiuser run level: chkconfig --level 0123465 ntpd off chkconfig level 145
ntpd on
Optimizing NFS
1. Using a journaling file system offers many advantages for an NFS server such as in
the event of the crash, journaling file system recover much more quickly than nonjournaling file system.
2. Spread NFS exported file systems across multiple disks and, if the possible, multiple
disk controllers, the purpose of this strategy is to avoid disk hot spots, which occur when
I/O operations concentrate on a single disk or a single area of a disk.
3. Replace IDE disks with serial ATA disks and If you have the budget for it then use
Fiber channel disk arrays.
4. If your NFS server is using RAID, use RAID 1/0 to maximize write speed and to
provide redundancy in the event of a disk crash.
5. RAID 5 seems compelling at first because it ensures good read speeds, which is
important for NFS clients, but RAID5s write performance is lackluster(lack) and good
write speeds are important for NFS servers.
6. Consider replacing 10-Mbit Ethernet cards with 100-Mbit Ethernet cards throughout
the network.
7. A common NFS optimization is to minimize the number of write intensive NFS
exports.
8. In extreme cases, re-segmenting the network might be the answer to NFS
performance problems.
Configuring a Caching DNS server
1. Begin by verifying the zone information in /etc/named.conf. when you installed the
BIND package, the /etc/named.conf file was created and it contained zone information
for your localhost.
2. Next, you need to check the configuration of the /var/named/named.local file, this file
contains the domain information for the localhost, and is typically created when BIND is
installed.
3. You need to check the /etc/nsswitch file to be sure it contains the following line: hosts:
files nisplus dns
4. You need to check the /etc/resolv.conf file to make sure that the IP address
(127.0.0.1) of your localhost is listed as a name server.
5. Finally, you need to check that your /etc/host.conf contains the word bind.
6. After you have completed all of the previous steps, it is time to start the named
daemon and check your work.
7. Type service named start at a command prompt, press Enter, wait for the prompt to
return and then type rndc status and Press Enter.
8. You will see output similar to this: Number of zones: 8 Debug level: 0 Xfers running:0
.. Server is up and running
9. You have successfully configured and started your caching name server.
Using SFTP
As an alternative to configuring vsftpd with SSL, you can use sftp-server, a program that
is part of the OpenSSH (Secure Shell) suite of secure client and server programs.
sftp-server implements the server-side portion of the FTP protocol. You do not invoke it
directly; the SSH daemon, $ sshd, does so when it receives an incoming FTP request.
You need to have the OpenSSH-related packages installed, but they are part of the
standard Fedora Core 3 and RHEL installation. The following is a rpmquery
command:
# rpmquery openssh{, -{clients,askpass,server}}
If the packages are not installed, install them before proceeding. If they are installed,
make sure the following line appears in /etc/ssh/sshd_config:
Subsystem sftp /usr/libexec/openssh/sftp-server
This directive tells sshd to execute the program /usr/libexec/openssh/sftp-server to
service the SFTP subsystem. Again, this entry should be part of the stock installation,
but if it isnt, add it to the configuration file and then restart the SSH daemon using the
following command:
# service sshd restart
From the clients perspective, very little changes. The client command to execute is
sftp rather than ftp, and the set of supported commands is more limited than it is
standard FTP commands. One important difference that between clear-text FTP and
secure FTP is that sftp does not support anonymous FTP; users will always be
prompted to provide a password unless they have set up SSH keys. However, you
can configure vsftpd to provide anonymous FTP and then use OpenSSH to provide
secure, authenticated FTP service for users that have valid accounts on the system.
The two services FTP and SFTP can exist side by side because sftp uses port 115 and
FTP uses port 25.

Linux Papers Word File

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Linux Papers Word File

Transféré par

Droits d'auteur :

Formats disponibles

What Is Linux?

-Turbolinux: - This was initiated in Chienese, Japenese, and english languages

quiet initrd /initrd-2.6.9-1.724_FC3.img

Since xinetd is started on the system whose chkconfig output is excerpted,

To turn a service off or on using chkconfig, use this syntax:

MBR stands for Master Boot Record.

Run level 0 /etc/rc.d/rc0.d/

cron files and Use of cron file

cron.d is where system maintenance files that need to be run on a different

Configuring Secure System

Setting Up the Server

Upgrading applications employed by users throughout a network is a matter

ftp.redhat.com, FTP is still the standard application to use. However, for

This line specify that with an IP address in the range 192.168.0.1 to

@ IN SOA main.tactechnology.com. mail.tactechnology.com.(

Mail User Agent (MUA)

--------------------------------------------------------------------------------------------Explain Apache web server with its features?

is one of the following: yes Kerberos is used for authentication. no

The nmbd daemon offers NetBIOSover-IP naming services. For more

1. On Enterprise Linux 4 choose Applications System Settings Display to

-p : specify a package name

New UNIX password:

Insert password to install any package

Filesystem Block grace

anon_root Specifies the directory vsftpd changes to after an anonymous

-------------------------------------------------------------------------------------------------What are different CLasses of IP Address

The ifconfig command will display the configuration of all active

3. Because of the number of services that need to be managed, rc scripts are

5. A runlevel of initdefault is selected if it exists; otherwise, you are

Vous aimerez peut-être aussi