Académique Documents
Professionnel Documents
Culture Documents
1. Linux is a freely distributed implementation of a UNIX-like kernel, the lowlevel core of an operating system.
2. Because Linux takes the UNIX system as its inspiration, Linux and UNIX
programs are very similar. In fact, almost all programs written for UNIX can
be compiled and run on Linux.
3. Some commercial applications sold for commercial versions of UNIX can
run unchanged in binary form on Linux systems.
Linux History :
4. Linux was developed by Linus Torvalds at the University of Helsinki, with
the help of UNIX programmers from across the Internet.
5. It began as a hobby of Linus Torvalds who was inspired by Andy
Tanenbaums Minix, a small UNIX like system, but has grown to become a
complete system in its own right.
6. The Linux was having copyright but it can be freely distributed.
7. Versions of Linux are now available for a wide variety of computer systems
using many different types of CPUs.
8. Even some handheld PDAs and Sonys Playstations 2 and 3 run on Linux. If
its got a processor, someone somewhere is trying to get Linux running on it.
-------------------------------------------------------------------------------Write a Short Note on GNU & Linux Distribution?
GNU was initiated by richard stallman in the year 1983, it is recursive
acronym for GNU is Not a Unix.
The GNu projects recommends that the distribution assign copyright for GNU
packages to free s/w.
This restricts comercial companies who take advantages of opens source s/w
by manupulating and adding their own data to it.
it confirms to be the most standard method of compiling and installing
it is pronounced as gnoo
LINUX DISTRIUTION:Distribution are also called as flavours in linux some of the well known
distributors are as folloes
RHEL,DEBIAL,CALDERA,MANDRAKE,SLACK WARE
SUSE,GENTOO,UBUNTU,FEDORA,PUPPY,CENTOS ,TURBOLINUX
-RHEL is an universal distributors, since it contains all the features of linux,It
is targetted towards commercial market.
-Debian:-this mostly carries GNU this was used as the non-commericial OS
debian has been used as a platform for other Linux Distributors.
-Caldera:- This was initiated in the year 1997 for the commericial world this
OS mainly focused in companies.caldera was invented to use i commercial
areas.
-Mandarake : - it has same features as red hat it provides ease of use with
GUI
-slackware :- This was designed to buit N/W related aspects in linux This
covered Major drawback in Networkings.
-Suse: - This is widely used in europian countries
But theres more, and it involves decisions that either you or your company
must make. You might want to let users select their own passwords, which
would no doubt make them easier to remember, but which probably would
be easier for a malefactor to crack.
You might want to assign passwords, which is more secure in theory but
which increases the likelihood that users will write them down on a
conveniently located scrap of paper a risk if many people have access to
the area where the machine(s) is located.
You might decide that users must change their passwords periodically, and
you can configure Red Hat Linux to prompt users to do so.
To what may specific users have access? It might be that there are aspects of
your business that make World Wide Web access desirable, but you dont
want everyone spending their working hours surfing the Web.
If your system is at home, you may wish to limit your childrens access to the
Web, which contains sites to which few if any parents would want their
children exposed.
Explain GRUB.config files?
grub.conf GRUB stands for the modest acronym Grand Unified Bootloader. It
is the default boot loader used by Fedora Core and Red Hat Enterprise Linux.
GRUB offers a nice graphical interface, giving you a basic choice between
which installed operating systems or kernels you want to run.
The /etc/grub.conf file is a symbolic link to the actual file that is located in
/boot/grub/grub.conf. Listing 8-3 shows a typical grub.conf file.
# grub.conf generated by anaconda #
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
#
all kernel and initrd paths are relative to /boot/, eg.
#
root (hd0,1)
#
kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#
initrd /initrd-version.img
#boot=/dev/hda default=0 timeout=5
splashimage=(hd0,1)/grub/splash.xpm.gz hiddenmenu password --md5
$1$ANJi7kLJ$/NODBfkCTkMAPxZgC8WK10
title Fedora Core (2.6.10-1.770_FC3)
root (hd0,1)
kernel /vmlinuz-2.6.10-1.770_FC3 ro root=/dev/VolGroup00/LogVol00 rhgb
quiet
initrd /initrd-2.6.10-1.770_FC3.img
title Fedora Core (2.6.10-1.766_FC3)
root (hd0,1)
kernel /vmlinuz-2.6.10-1.766_FC3 ro root=/dev/VolGroup00/LogVol00 rhgb
quiet
initrd /initrd-2.6.10-1.766_FC3.img
title Fedora Core (2.6.9-1.724_FC3)
root (hd0,1)
kernel /vmlinuz-2.6.9-1.724_FC3 ro root=/dev/VolGroup00/LogVol00 rhgb
10. LILO has somewhat fallen out of favor with most of the newer Linux
distributions. Some of the distributions do not even give you the option of
selecting or choosing LILO as your boot manager.
-----------------------------------------------------------------------------------------------------------LILO.CONF
LILO is the boot time LInux LOader. At boot time it gives you the option of
booting into different operating systems and even into different kernel
versions of the Linux operating system.
The information on where operating systems should be loaded from, and
which one is started by default is stored in lilo.conf.
Whenever this file is changed, lilo must be run again in order for changes to
take effect. If there is anything wrong with the syntax of lilo.conf, lilo alerts
you to that problem when you run it again.
The first section contains general information, such as which drive is the boot
drive (boot=/dev/hda), and how many tenths of a second the LILO prompt
should be displayed on the screen (timeout=50, which is 5 seconds). In this
lilo.conf, the operating system booted by default is linux (default=linux).
After the initial general preferences section, you will see the boot images
section. lilo.conf enables up to 16 boot images to be defined.
The first image defined here is the default linux image that boots with the
vmlinuz-2.4.9ac10 kernel. Its root file system is located on the first IDE disk
on the fifth partition, at /dev/hda5.
The second image defined is the Windows boot partition. If you type DOS
(label=DOS) at the LILO prompt, you boot into this Windows installation.
As you can see, Windows is installed on the first partition of the first IDE disk
(/dev/hda1).
The lilo.conf file
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
message=/boot/message
linear
default=linux
image=/boot/vmlinuz-2.4.9-ac10
label=linux
read-only
root=/dev/hda5
append=hdd=ide-scsi
other=/dev/hda1
optional label=DOS
---------------------------------------------------------------------------------------------------------SYSLOG.CONF
The syslog daemon logs any notable events on your local system. It can
store these logs in a local file or send them to a remote log host for added
security.
It can also accept logs from other machines when acting as a remote log
host- These options and more, such as how detailed the logging should be,
are set in the syslog.conf file.
LD.SO.CONF
This configuration file is used by ldconfig, which configures dynamic linker
runtime bindings. It contains a listing of directories that hold shared libraries.
Shared library files typically end with .so, whereas static library files typically
end with -a, indicating they are an archive of objects.
You may need to edit this file if youve installed a program that has installed
a shared library to a different library directory that is not listed in the
id.so.conf file. In this case, you get an error at runtime that the library does
not exist.
LOGROTATE.CONF
logrotate.conf and the files within the logrotated directory determine how
often your log files are rotated by the logrotate program. Log rotation refers
to the process of deleting older log files and replacing them with more recent
ones.
logrotate can automatically rotate, compress, remove, and mail your log
files. Log files can be rotated based on size or on time, such as daily, weekly,
or monthly.
For every program that has a separate log rotation configuration file in
logrotate.d, and uses syslogd for logging.
there should be a logrotconfig file for all log entries in /etc/syslog.conf, as
well as log files produced by external applications, such as Apache.
This is because syslog needs to save log entries for these programs in
separate files so that their log files can be rotated independently of one
another.
----------------------------------------------------------------------------------------------------------Managing rc Scripts Using chkconfig
Fedora Core and Red Hat Enterprise Linux come with a useful tool called
chkconfig.
It helps the system administrator manage rc scripts and xinetd configuration
files without having to manipulate them directly.
It is inspired by the chkconfig command included in the IRIX operating
system. Type chkconfig --list to see all the services chkconfig knows about,
and whether they are stopped or started in each runlevel.
An abridged example output is shown in the following listing. The chkconfig
output can be a lot longer than that listed here, so be prepared to pipe it
through less or more.
The first column is the name of the installed service. The next seven columns
each represent a runlevel, and tell you whether that service is turned on or
off in that runlevel.
(or in general, SN becomes SM with M = 100-n; the idea being the last
started service is the first killed).
Scripts that do not start with a capital S do not run upon startup. One good
way to keep scripts from starting up at boot time without deleting them is to
rename the file with a small s at the beginning instead of a capital S.
This way you can always put the script back into the startup configuration by
capitalizing the initial letter.
When the system starts up, it runs through the scripts in the rc directory of
the runlevel its starting up in. So when the system starts up in runlevel 3, it
runs the scripts in the /etc/rc3.d directory.
--------------------------------------------------------------Steps required for boot system
1. BIOS
BIOS stands for Basic Input/Output System
Performs some system integrity checks
Searches, loads, and executes the boot loader program.
It looks for boot loader in floppy, cd-rom, or hard drive. You can press a key
(typically F12 of F2, but it depends on your system) during the BIOS startup
to change the boot sequence.
Once the boot loader program is detected and loaded into the memory, BIOS
gives the control to it.
So, in simple terms BIOS loads and executes the MBR boot loader.
2. MBR
When fsck is run at bootup, it also checks all the file systems listed in fstab
for consistency.
It then fixes corrupted file systems, usually because they were not
unmounted properly when the system crashed or suddenly lost power.
File systems with an fs_passno value of 0 (the number in the last column) are
not checked at boot time. As you can see in Listing 8-2, almost all file
systems are checked at startup except for the floppy drive, which is not
checked by fsck at bootup.
The fstab line has six fields, and each field represents a different
configuration value.
The first field describes the file system, which can be a partition name, the
label of a disk partition, a logical volume, or a remote file system. The
second field is the mount point used to access the file system.
The third field describes the file system type. The fourth field is the place for
any mount options you may need.
The fifth field is 0 or 1 to determine whether dump backs up this file system.
The final field sets the order in which fsck checks these file systems.
syslog.conf
The syslog daemon logs any notable events on your local system. It can
store these logs in a local file or send them to a remote log host for added
security.
It can also accept logs from other machines when acting as a remote log
host. These options and more, such as how detailed the logging should be,
are set in the syslog.conf file.
Listing 8-4 is an excerpt that demonstrates the syntax and logic of the
syslog.conf file.
The first entry specifies that all messages that are severitylevel info or
higher should be logged in the /var/log/messages file.
Also indicated by the first entry is that any mail, news, private
authentication, and cron messages should be logged elsewhere.
Having separate log files makes it easier to search through logs if they are
separated by type or program.
The lines following this one specify the other places where those messages
should be logged
Authentication privilege messages contain somewhat sensitive information,
so they are logged to /var/log/secure.
That file can be read by root only, whereas /var/log/messages is sometimes
set to be readable by everyone or at least has less stringent access control.
By default, /var/log/messages is set to be read by root only as well.
hardware or power failure, misconfiguration or user error (to the extent that
the latter can be avoided), or malicious or inadvertent intrusion from
elsewhere.
No one involved in computing has failed to hear of the succession of
increasingly serious attacks on machines connected to the Internet. For the
most part, these attacks have not targeted Linux systems.
Depending on how a Linux machine is connected, and to what; the sensitivity
of the data it contains; and the uses to which it is put, security can be as
simple as turning off unneeded services
monitoring the Red Hat security mailing list to make sure that all security
advisories are followed, regularly using system utilities to keep the system
up to date, and otherwise engaging in good computing practices to make
sure that the system runs robustly.
Its almost a full-time job, involving levels of security permissions within the
system and systems to which it is connected; elaborate firewalls to protect
not just Linux machines but machines that, through their use of non-Linux
software, are far more vulnerable; and physical securitymaking sure that
no one steals the machine itself!
For any machine connected to another machine, security means hardening
against attacks and making certain that no one else uses your machine as a
platform for launching attacks against others.
RAID
RAID is an acronym for Redundant Array of Inexpensive, or Independent
(depending on who you ask), Disks.
There are two types of RAID that can be used on computer systems. These
types are hardware RAID and software RAID.
In addition, there are six different RAID levels commonly used regardless of
whether hardware or software RAID is used. A brief explanation of hardware
and software RAID is in order. Following this explanation is a description of
the six RAID levels.
Hardware Raid In hardware RAID the disks have their own RAID
controller with built-in software that handles the RAID disk setup, and I/O.
The controller is typically a card in one of the systems expansion slots, or it
may be built onto the system board.
The hard RAID interface is transparent to Linux, so the hardware RAID disk
array looks like one giant disk.
The operating system does not control the RAID level used, it is controlled by
the hardware RAID controller. Most dedicated servers use a hardware RAID
controller.
Software RAID In software RAID there is no RAID controller card. The
operating system is used to set up a logical array, and the operating system
controls the RAID level used by the system.
RAID level 0 This RAID level requires at least two disks and uses a
method called striping that writes data across both drives.
There is no redundancy provided by this level of RAID, since the loss of either
drive makes it impossible to recover the data. This level of RAID does give a
speed increase in writing to the disks.
RAID level 1 This RAID level requires at least two disks and uses a
method called mirroring.
With mirroring, the data is written to both of the drives. So, each drive is an
exact mirror of the other one, and if one fails the other still holds all the data.
There are two variants to level 1 with one variant using a single disk
controller that writes to both disks as described above. The other variant
uses two disk controllers, one for each disk. This variant of RAID level 1 is
known as duplexing.
RAID level 5 This RAID level, which is the most widely used, requires at
least three disks and uses striping to write the data across the two disks
similarly to RAID level 1.
But unlike RAID level 1, this level of RAID uses the third disk to hold parity
information that can be used to reconstruct the data from either, but not
both, of the two disks after a single disk failure.
The / Directory
The / directory is called the root directory and is at the top of the file
systemstructure.
In many systems, the /directory is the only partition on the system, and all
other directories are mounted under it.
A file system with the / directory mounted as the only partition, with all other
directories contained within it.
The primary purpose of the / directory is booting the system and correcting
any problems that might be preventing the system from booting.
According to the FHS, the / directory must contain, or have links to, the
following directories:
bin This directory contains command files for use by the system
administrator or other users. The bin directory cannot contain subdirectories.
boot On Red Hat systems, this is the directory containing the kernel, the
core of the operating system. Also in this directory are files related to booting
the system, such as the boot loader and the initial ramdisk.
dev This directory contains device nodes through which the operating
system can access hardware and software devices on the system.
etc This directory and its subdirectories contain most of the system
configuration files. If you have the X Window System installed on your
system, the X11 subdirectory is located here. home This directory
contains the directories of users on the system. Subdirectories of home will
be named for the user to whom they belong.
initrd This directory is used as a mount point when the system is
booting. It doesnt contain any data, but it is very important that it be there.
This directory is not part of the FHS. lib The shared system files and
kernel modules are contained in this directory and its subdirectories.
media This directory contains the mount points for removable media
such as floppy drives, CD-ROM drives, and USB devices such as flash
memory sticks, which are typically automounted by the system.
mnt This directory is the location of the mount point for temporary file
systems, such as those on floppies or CDs, which traditionally have been
manually mounted.
opt This directory and its subdirectories are often used to hold
applications installed on the system.
proc This directory is a mount point for virtual information about
currently running system processes. This directory is empty until the proc file
system is mounted.
root This is the home directory of the root user. Dont confuse this with
the / directory, which has the same name.
sbin Contained in this directory are system binaries used by the system
administrator or the root user.
selinux This directory is similar to the /proc directory in that it contains
information about the selinux stored in the memory of the running kernel.
srv This directory is intended to hold site-specific data for system
provided services.
sys This directory is the mount point for a virtual file system of type
sysfs that is used to hold information about the system and devices.
tmp This directory contains temporary files used by the system.
usr This directory is often mounted on its own partition. It contains
shareable, read-only data. Subdirectories can be used for applications,
typically under /usr/local.
var Subdirectories and files under var contain variable information, such
as system logs and print queues.
Explain init process?
Once kernel and drivers are loaded, Linux starts loading the rest of the
system. This starts with the First Process, known as init and it has the
process id of 1 (the kernel itself has the process id of 0, which cannot be
displayed by using the "ps" command).
The init process takes control of the boot operation. The init process in turn
runs /etc/rc.d/rc.sysinit, which performs a number of tasks, including network
configuration, SELinux status, keyboard maps, system clock, partition
mounts, and host names.
The runlevels are controlled by a configuration file which init process reads
from the location /etc. The name of the init configuration file is "inittab".
The init process then determines the runlevel by looking at the initdefault
directive in /etc/inittab configuration file. The following are the defined
runlevels. The init process remains active as long as the system is running.
BootStrapping Process:
When a computer is turned on the computer BIOS finds the primary bootable
device(Usually the computer HDD)and loads the initial bootstrap program
from the Master Boot Recorder
The First 512 bytes of the HDD then Transfers Control to this Code.
It carries out an exhaustive series of tests on the hardware. This is to check
what devices are present, which are working properly and which aren't.
This step is usually called POST (Power-On Self-Test). The version banner and
a series of messages are displayed during this step. (Remember my friend
who uses "bootslapping" instead of "bootstrapping"? Well, the POST on his
system doesn't show any errors!!)
Then, it initializes the Hardware. This step is a very significant one, cause it
guarantees that all hardware devices are operating without conflicts on the
IRQ lines and I/O ports. When this step's about to be over, it displays a table
of installed PCI devices.
Then comes the turn of the "operating system". The BIOS searches for the
operating system to boot. Depending on the BIOS setting, this step may want
to access the boot sector of a floppy disk, any hard disk or any CD-ROM in
the system.
As soon as a valid device is found, the BIOS copies the contents of its first
sector into RAM, starting from the physical address 0x00007c00, then jumps
to that address and executes the code just loaded.
That's all. These are the operations that the BIOS is scheduled to perform.
Once this is over, it's the Boot Loader that takes over. So, let's now move on
to the next section.
--------------------------------------------------------------------------------------------What Is DHCP? How It is Configured
Using Dynamic Host Configuration Protocol (DHCP), you can have an IP
address and the other information automatically assigned to the hosts
connected to your network.
This method is quite efficient and convenient for large networks with many
hosts, because the process of manually configuring each host is quite
timeconsuming.
By using DHCP, you can ensure that every host on your network has a valid
IP address, subnet mask, broadcast address, and gateway, with minimum
effort on your part.
The FTP daemon uses ports 20 and 21 to listen for and initiate FTP requests.
Its configuration files ftpaccess, ftpconversions, ftpgroups, ftphosts, and
ftpusers, are located in the /etc directory.
DNS
The Domain Name Service (DNS), which maps IP addresses to hostnames, is
served by the named program on port 53. Its configuration file is named.conf
in the /etc directory.
------------------------------------------------------------------------------------------------------------------Define : (Secure Services)
SSH: Secure shell is also known as SSH is a secure telnet replacement that
encrypts all trafics including password,using a public private encryption key
exchange protocol.
it provides the same functionality of telnet plus other useful functions such
as traffic tunnels.
SCP: Secure copy also known as scp is a part of the ssh package. it is a
secure alternative to RCP and FTP becoz like SSH the pwd is not sent over the
network in he plaintext
scp syntax
SCPUser@host:file1user@host:file2
SFTP: Secure File Transfer Protocol (SFTP) is a secure version of File Transfer
Protocol (FTP), which facilitates data access and data transfer over a Secure
Shell (SSH) data stream. It is part of the SSH Protocol. This term is also
known as SSH File Transfer Protocol
--------------------------------------------------------------------------------------------Configuring NFS Client
1. Configuring a client system to use NFS involves making sure that the
portmapper and NFS file locking daemons statd and lockd are available,
adding entries to the clients /etc/fstab for the NFS exports and mounting the
exports using the mount command.
2. Make sure that the portmapper is running on the client system using the
portmap initialization script: service portmap status
3. If the output says portmap is stopped (it shouldnt be), start the
portmapper: service portmap start
4. Presumably, you have already started nfslock on the server, so all that
remains is to start it on the client system: service nfslock start
5. Now mount the file system. To mount /home from the server use following
command command as root: mount t nfs bubba:/home /home
6. If you want to mount by specifying client mount options. mount t nfs
bubba:/home /home o rsize=8292,hard
a. rsize sets the NFS read buffer size to n bytes
b. Hard enables failed NFS file operations to continue retrying after
reporting server not responding on the system.
7. Using Automount Services
a. The easiest way for client systems to mount NFS exports is to use autofs,
which automatically mounts file system not already mounted when the file
system is first accessed.
b. Autofs uses the automount daemon to mount and unmount file systems
that automount has been configured to control.
c. Autofs uses a set of map files to control automounting. A master map
file, /etc/auto.master, associates mount points with secondary map files. The
secondary map files, in turn control the file systems mounted under the
corresponding mount points
d. Example consider the following /etc/auto.master autofs configure file:
/home /etc/auto.home /var
/etc/auto.var --timeout 600
--------------------------------------------------------------------------------------------NFS SERVER CONFIGURATION AND STATUS FILES
1) The server configuration file is /etc/exports, which contains a list of file
systems to export, the clients permitted to mount them, and the export
options that apply to client mounts.
2) Each line in /etc/exports has the following format : dir [host(options)]
[host(options)] ...
i) dir specifies a directory or file system to export.
ii) host specifies one or more hosts permitted to mount dir.
iii) options specifies one or more mount options.
3) If you omit host, the listed options apply to every possible client system.
4) If you omit options, the default mount options will be applied.
5) host can be specified as a single name, an NIS netgroup, as a group of
hosts using the form address/netmask, or as a group of hosts using the
wildcard characters ? and *. Multiple host(options) entries are accepted,
which enables you to specify different export options depending on the host
or hosts mounting the directory.
6) When specified as a single name, host can be any name that DNS or the
resolver library can resolve to an IP address. If host is an NIS netgroup, it is
specified as @groupname. The address/netmask form enables you to specify
all hosts on an IP network or subnet.
7) Example Lines in /etc/exports file :
i) /usr/local *.example.com(ro)
This line permits all hosts with a name of the format somehost.example.com
to mount /usr/local as a read-only directory.
ii) /usr/devtools 192.168.1.0/24(ro)
This line uses the address /net mask from in which the net mask is specified
in Classless Inter-domain Routing (CIDR) format. In CIDR format, the net
mask is given as the number of bits (/24, in this example) used to determine
the network address. A CIDR address of 192.168.1.0/24 allows any host with
an IP address in the range 192.168.1.1 to 192.168.1.254 (192.168.1.0 is
excluded because it is the netwrok address; 192.168.1.255 is excluded
because it is the broadcast address) to mount /usr/devtools read-only.
iii) /home 192.168.0.0/255.255.255.0(rw)
5. Standalone services are started from the rc scripts specifically written for
them in the rc directories. You can enable or disable these services from
those directories.
6. Example apache Web server sshd ssh server
--------------------------------------------------------------------------------------------Explain concept of Caching proxy server?
1. A caching proxy server is software (or hardware) that stores (caches)
frequently requested Internet objects such as Web pages, Java Scripts, and
downloaded files closer (in network terms) to the clients that request those
objects.
2. When a new request is made for a cached object, the proxy server
provides the object from its cache instead of following the request to go to
the source.
3. That is the local cache serves the requested object as a proxy or
substitute for the actual server.
4. The motivation for using a caching proxy server is two-fold:
To provide accelerated Web browsing by reducing access time for
frequently requested objects
To reduce bandwidth consumption by caching popular data locally, that is,
on a server that exists between the requesting client and the Internet.
5. The Web proxy we used in linux is called Squid.
6. The following rpmquery command will show you if Squid is installed $
rpmquery squid Squid -2.5.Stables-1.FC3.1
7. If squid is not installed, youll obviously need to install it before
proceeding.
8. squid provide full support for SSL.
Note : Secure Sockets Layer (SSL), are cryptographic protocols that provide
communication security over the Internet.
--------------------------------------------------------------------------------------------Standalone Services
These services are started from the rc scripts specifically written for them in
the rc directories. You can enable or disable these services from those
directories.
apache: Web server sshd: SSH server sendmail: Mail server qmail: Mail
server postfix: Mail server thttpd: Semi lightweight Web server boa:
Lightweight Web server named: DNS server xfs: X font server xdm: X
display manager portmap: Maps RPC services to ports rpc.quotad:
Serves quota information knfsd: User space portion of the NFS daemon
rpc.mountd: NFS mount sewer rpc.ypbind: NIS sewer squid: Web proxy
server nessuad: Penetration-testing server postgresql: Database server
mysql: Database sewer oracle: Database server
--------------------------------------------------------------------------------------------state and explain e-mail services in linux?
SMTP Server
As said before the purpose of SMTP server is to transfer email between mail
servers. To send email, the client sends the message to an outgoing mail
server, which in turn contacts the destination mail server for delivery.
SMTP protocol does not require authentication. It allows anyone on the
Internet to send email to anyone else or even to large groups of people.
On RHEL6 the default SMTP email server is 'postfix' installed by postfix rpm.
The 'postfix' service listen on port 25 TCP/IP, it is configured on /etc/postfix
directory files and logs on /var/log/maillog.
# yum install postfix
/etc/postfix/main.conf
The main postfix SMTP server configuration file is /etc/postfix/main.conf. The
following are the main directives that can be configured.
# cat /etc/postfix/main.conf
# This directive configures from which domain the postfix server is going to
be the SMTP server.
mydomain = info.net
# It complements the email address with 'mydomain' domain. For example a
mail for user 'john' -> 'john@info.net'
myorigin = $mydomain
# In which server interfaces the SMTP server port 25 TCP/IP must be
listening. In this case it will be listening on all system interfaces.
inet_interfaces = all
# The mydestination parameter specifies the list of domains that this
machine considers itself the final destination for.
mydestination = $myhostname, localhost.$mydomain, localhost,
$mydomain, server.$mydomain, mail.$mydomain
# The mynetworks parameter specifies the list of "trusted" SMTP clients that
have more privileges than "strangers".
mynetworks = 192.168.01.0/24, 127.0.0.0/8
# The home_mailbox parameter specifies the pathname of a mailbox file
relative to a user's home directory where the mailbox will be stored
home_mailbox = Maildir/
Once configured the postfix service just start it and make sure that it will be
started at boot.
# /etc/init.d/postfix restart
# chkconfig postfix on
--------------------------------------------------------------------------------------------What is DNS Servers? what are its Types?
A DNS (Domain Name System) server is a type of web server used to interact
with the domain name system, which is the global directory of domain
names and corresponding IP addresses.
DNS technology automatically translates long and confusing IP address
(which are segmented number sequences separated by dots, such as
127.0.0.1) into standard domain names that are easier to remember.
DNS servers operate using special software that transmits data from the DNS
server to various web hosts upon request.
In basic terms, the internet would fail to exist as we know it without the
Domain Name System and DNS servers.
Different types of DNS server:1. Master:
The master contains all the information about the domain and supplies this
information when requested. A master server is listed as -an authoritative
server when it contains the information you are seeking and it can provide
that information.
2. Slave:
The slave is intended as a backup in case the master server goes down or is
not available. This server contains the same information as the master and
provides it when requested if the master server cannot be contacted.
3. Caching:
A caching server does not provide information to outside sources; it is used
to provide domain information to other servers and workstations on the local
network. The caching server remembers the domains that have been
accessed. Use of a caching server speeds up searches since the domain
information is already stored in memory and the server knows exactly where
to go rather than having to send out a request for domain information.
The information that the master and slave servers provide is provided by
configuring it.
--------------------------------------------------------------------------------------------Configuring a Primary Master Server
The /etc/named.conf file on the master server also needs to be
modified. Assuming that you already set up this server as a caching-only
server, you just need to add the following lines to /etc/named.conf. (This
example uses the names you defined earlier; be sure to use your own names
and IPaddresses.)
zone tactechnology.com { notify no; type master; file tactech.com; };
For the reverse lookup you add this section:
zone 1.168.192.in-addr.arpa { notify no; type master; file tac.rev; };
to create the zone files that are referenced by the /etc /named.conf
file. First you create the file /var/named/tactech.com by beginning with the
Start of Authority section (SOA). For an explanation of the information
contained in zone files, refer to the zone file section earlier in this chapter.
@ IN SOA main.tactechnology.com.mail.tactechnology.com. ( / 200005203
; Serial/ 8h; Refresh/ 2h; Retry/ 1w; Expire/ 1d); Minimum TTL/
Next you add name server and mail exchange information:
NS
main.tactechnology.com./
NS
terry.tactechnology.com./
MX 10 main;Primary Mail Exchanger/
MX 20 p200;Secondary Mail Exchanger/
Finally, you add information about your localhost, and mail, FTP, and Web
server. You can also add information about every workstation on your
network. Next, you set up the reverse lookup zone file, which is called
tac.rev. Again, you need to start with the SOAheader as shown:
$ ftp localhost
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.0.1)
Name (localhost:bubba): ftp
331 Please specify the password.
Password: 230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -a
227 Entering Passive Mode (127,0,0,1,100,97)
150 Here comes the directory listing.
drwxr-xr-x 3 0
0
16 Jan 22 14:17 .
drwxr-xr-x 3 0
0
16 Jan 22 14:17 ..
drwxr-xr-x 2 0
0
6 Oct 04 06:36 pub
226 Directory send OK.
ftp> close
221 Goodbye.
ftp> bye
Advantages of VSFTPD
* Faster login time.
* Uses less memory.
* Allows virtual access on any IP address.
* Better security model.
* Allows virtual user quotas.
* More compatible with software RAID systems.
-----------------------------------------------------------------------------------------------------------------
A small group of Web administrators who had modified the source code to
address their own site- specific needs or to patch various bugs gathered
together to coordinate their activities and merge their code changes into a
single code free.
Apache Features
Apache is an open-source software project, so anyone can contribute code
for inclusion in the server, although whether such code is accepted is up to
members of the core Apache team. User feedback drives Apaches
development and defines its feature set.
Features include:
Apache is easily extensible using Dynamic Shared Objects (DSOs), more
commonly known as modules. Modules extend Apaches capabilities and new
features without requiring recompilation because they can be loaded and
unloaded at runtime, just as shared program libraries can be dynamically
loaded and unloaded at runtime.
Apache has a rich set of access controls and gives Web site administrators
considerable flexibility in choosing authentication mechanisms. You can use a
simple text file;
a binary database format that supports very large numbers of users without
becoming bogged down executing authentication requests; third-party
databases such as MySQL, PostgreSQL, or Oracle; and even site-wide
authentication methods such as LDAP.
Apache supports virtual hosts, also known as multi-homed servers, which
enables a single machine to provide Web services for multiple domains or IP
addresses (or hostnames).
Apache enables administrators to define multiple directory index files, the
default page to display when a Web client requests a directory URL.
So, for example, the server can return index.html, index.htm, index.php, or
execute a script named index.cgi when a client requests a directory URL,
depending on what Apache finds in the requested directory.
--------------------------------------------------------------------------------------------Creating a Secure Server with SSL
SSL-enabled Web sites use a different URL prefix, https, to indicate that
HTTP protocol request and document transfers are encrypted.
You can create a secure Web server using the Secure Sockets Layer (SSL) to
encrypt communications between your Web server and Web clients
Lamentably, the Internet is a much less secure place than it used to be. If the
Web site you administer will be used for electronic commerce or for
exchanging any type of information that needs to kept private, these
transactions need to be secure.
SSL-enabled Web sites use a different URLprefix, https, to indicate that
HTTPprotocol request and document transfers are encrypted. Youve
probably visited SSL-enabled Web sites yourself
. This section describes how to create a secure Web server using the Secure
Sockets Layer (SSL) to encrypt communications between your Web server
and Web clients.
It gives an overview of SSL, describes how digital certificates fit into the
security picture, and how to create a self-signed certificate.
Afinal section discusses obtaining a digital certificate from a recognized
certificate authority and lists a number of certificate authorities from which
you can obtain a valid certificate.
For more information about SSL and certificate creation, the following online
resources will prove helpful:
Building a Secure RedHat Apache Server HOWTO (www.tldp.org
/HOWTO/SSL-RedHat-HOWTO.html)
SSLCertificates HOWTO (www.tldp.org/HOWTO/SSLCertificatesHOWTO/index.html)
OpenSSLWeb site (www.openssl.org)
--------------------------------------------------------------------------------------------Write a short note on Mailing List?
Mailing lists are an easy, low-maintenance way to allow people who share a
common interest or goal to communicate with each other.
One of the most popular mailing list managers right now is Mailman, the GNU
Mailing List Manager.
There are several reasons for its popularity, but perhaps the chief reason is
that, aside from its initial installation and setup, Mailman can be
administered using a browser-based interface, which makes it ideal for use
by groups whose members or participants are geographically dispersed.
Mailman is also rich in built-in functionality that other mailing list manager
software (such as the venerable Majordomo) requires add-in software to
support, such as:
Automatic bounce processing Automatic message archiving and hooks
for third-party archival solutions Web-based message archive access
Content filtering Digest creation, maintenance, and delivery Excellent
tools for individual and mass membership management Integrated Usenet
gateway Intelligent detection of autoresponse message loops Passwordbased authentication Passwordless handling of certain user tasks Per-list
and per-user-per-list configurability Spam filtering Strong moderation
and privacy controls Subscription blacklists Support for approximately
two dozen languages in its Web pages and email notices
You can find out more about Mailman by reading the documentation installed
in /usr/share/doc/mailman-2.1.5, the README files in /usr/lib /mailman, and
by visiting the project Web site at http://www.list.org.
--------------------------------------------------------------------------------------------/etc/sysconfig/authconfig
The /etc/sysconfig/authconfig file provides settings to /usr/sbin /authconfig,
which is called from /etc/rc.sysinit for the kind of authorization to be used on
the host. The basic syntax for lines in this file is:
USE <service name> =<value>
Some sample lines from the file are shown here. USEMD5=value, where
value is one of the following: yes MD5 is used for authentication. no
MD5 is not used for authentication. USEKERBEROS=value, where value
/etc/sysconfig/kudzu
The /etc/sysconfig/kuzdu is used by /etc/init.d/kudzu, and it allows you to
specify a safe probe of your systems hardware by kudzu at boot time. Asafe
probe is one that disables serial port probing. SAFE=value, where value is
one of the following: yes kuzdu does a safe probe. no kuzdu does a
normal probe.
--------------------------------------------------------------------------------------------/etc/sysconfig/mouse
The /etc/sysconfig/mouse file is used by /etc/init.d/gpm to specify information
about the available mouse. The following values may be used:
FULLNAME=value, where value refers to the full name of the kind of mouse
being used. MOUSETYPE=value, where value is one of the following:
microsoft AMicrosoft mouse. mouseman AMouseMan mouse.
mousesystems AMouse Systems mouse. ps/2 APS/2 mouse. msbm
AMicrosoft bus mouse. logibm ALogitech bus mouse. atibm An
ATI bus mouse. logitech ALogitech mouse. mmseries An older
MouseMan mouse. mmhittab An mmhittab mouse.
XEMU3=value, where value is one of the following Boolean values: yes
The mouse has only two buttons, but three mouse buttons should be
emulated. no The mouse already has three buttons.
XMOUSETYPE=value, where value refers to the kind of mouse used when X is
running. The options here are the same as those provided by the
MOUSETYPE setting in this same file. DEVICE=value, where value is the
mouse device. In addition, /dev/mouse is a symbolic link that points to the
actual mouse device.
--------------------------------------------------------------------------------------------/etc/sysconfig/selinux (# means a new point always)
This file is a link to /etc/selinux/config and is used to control selinux on the
system. It contains two settings that control the state of selinux enforcing,
permissive, or disabled and the type of policy, either targeted or strict.
Asample of this file is shown here.
# This file controls the state of SELinux on the system. # SELINUX= can take
one of these three values: #
enforcing - SELinux security policy is
enforced. #
permissive - SELinux prints warnings instead of enforcing. #
disabled - SELinux is fully disabled. SELINUX=permissive # SELINUXTYPE=
type of policy in use. Possible values are: #
targeted - Only targeted
network daemons are protected. #
strict - Full SELinux protection.
SELINUXTYPE=targeted
--------------------------------------------------------------------------------------------/etc/sysconfig/samba
The /etc/sysconfig/sambafile is used to pass arguments to the smbd and the
nmbd daemons at boot time.
The smbd daemon offers file-sharing connectivity for Windows clients on the
network.
address and subnet mask could, for example, specify multiple Class C
subnets with one address.
6. For example, if you needed about a thousand addresses, you could
supernet 4 Class C networks together.
7. CIDR will probably keep the Internet happily in IP addresses for the next
few years at least.
8. After that, IPv6, with 128 bit addresses, will be needed. Under IPv6,0 even
careless address allocation would comfortably enable a billion unique IP
addresses for every person on earth
----------------------------------------------------------------------------------How to Add a New User in Linux
To add/create a new user, all youve to follow the command useradd or
adduser with username. The username is a user login name, that is used
by user to login into the system.
Only one user can be added and that username must be unique (different
from other username already exists on the system).
For example, to add a new user called tecmint, use the following command.
[root@tecmint ~]# useradd tecmint
When we add a new user in Linux with useradd command it gets created in
locked state and to unlock that user account, we need to set a password for
that account with passwd command.
[root@tecmint ~]# passwd tecmint
Changing password for user tecmint.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
Once a new user created, its entry automatically added to the /etc/passwd
file. The file is used to store users information and the entry should be.
tecmint:x:504:504:tecmint:/home/tecmint:/bin/bash
The above entry contains a set of seven colon-separated fields, each field
has its own meaning. Lets see what are these fields:
Username: User login name used to login into system. It should be between
1 to 32 charcters long.
Password: User password (or x character) stored in /etc/shadow file in
encrypted format.
User ID (UID): Every user must have a User ID (UID) User Identification
Number. By default UID 0 is reserved for root user and UIDs ranging from 199 are reserved for other predefined accounts. Further UIDs ranging from
100-999 are reserved for system accounts and groups.
Group ID (GID): The primary Group ID (GID) Group Identification Number
stored in /etc/group file.
User Info: This field is optional and allow you to define extra information
about the user. For example, user full name. This field is filled by finger
command.
Home Directory: The absolute location of users home directory.
Shell: The absolute location of a users shell i.e. /bin/bash.
---------------------------------------------------------------------------------------Enabling CGI
CGI, the Common Gateway Interface, is a protocol that defines a standard
method enabling Web servers to communicate with external programs.
These programs are known as CGI scripts, CGI programs, or, more
colloquially, just CGIs.
The ScriptAlias directive associates a directory name with a file system path,
which means that Apache treats every file in that directory as a script. If not
present add the following directive to httpd.conf:
ScriptAlias /cgi-bin/ /var/www/cgi-bin
This directive tells Apache that any URL beginning with /cgi-bin/ should be
served from /var/www/cgi-bin. Thus, given a URL of http://localhost/cgibin/cgiscript.pl or http://your.server.name/cgi-bin/cgiscript.p1, Apache reads
and executes the script /var/www /cgi-bin/cgiscript.pl.
#!/usr/bin/perl
Print Content-type: text/html\r\n\r\n;
Print <html>\n; Print <head>\n;
Print <title> CGI Page Test</title\n;
Print <link rel=stylesheet type=text/css href=rhlnsa3.css>\n;
Print </head>\n ;
Print <body>\n;
Print <h1>PHP test page</h1>\n;
Print <div id=content>\n;
Print <html>\n;
Print <head>\n;
Print <title> CGI Page Test</title\n;
Print <link rel=stylesheet type=text/css href=rhlnsa3.css>\n;
Print </head>\n ;
Print <body>\n;
Print <h1>PHP test page</h1>\n;
Print <div id=content>\n;
Save this script as cgitest.pl, make it executable (chmod 755 cgitest p1),
and then put it in /var/www/cgi -bin.
Finally, open the URL http: //localhost/cgi-bin/cgitest.pl if accessing the
server locally or http://your.server.name/cgi-bin/cgitest.pl if accessing the
server remotely, replacing your.server.name with the name of your Web
server.
------------------------------------------------------------------------------------------------------Enabling PHP
PHI is an extremely popular and capable HTML scripting language. As
shipped in Fedora Core and RHEL, PHP is enabled and ready to run, so this
section simply presents a short PHP script you can use to make sure that PHP
is working properly.
Create the PHP script shown in Listing below, and save it as
/var/www/html/tests/phptest.php.
<html>
<head>
<title> PHP test page</title>
<link rel=stylesheet type=text/css href=rhlnsa3.css>
</head>
<body>
<h1>PHP test page</h1>
<div id=content>
<pre>
<? php
system(ls lh /var/www); ?>
</pre>
</div>
<? php include (footer.html); ?>
</body>
</html>
Open the document in your Web browser, using the URL
http://localhost/tests/phptest.shtml if accessing the server locally or
http://your.server.name/tests/phptest.php if accessing the server remotely,
replacing your.server.name with the name of your Web server.
The PHP script uses the system () function to invoke is -lh/var/www, which in
turn displays the file listing.
------------------------------------------------------------------------------------------Explain RPM Query commands with Options?
<name>-<version>-<release>.<arch>.rpm
Name: name of the software package.
Version: version of the software package.
Release: release version of the RPM.
Arch: architecture (i 386, noarch, nc, etc.)
If Arch is SEC, RPM contains source code for
building the package.
RPM options Syntax:
rpm -i [options ]
(also rpm install)
rpm -U [options ] (also rpm --upgrade)
rpm -e [options ] (also rpm --uninstall)
rpm -q [options (also rpm query)
rpm -V [options (also rpm --verify)
RPM Command Options
-i : install a package
-v : verbose
-h : print hash marks as the package archive
is unpacked.
-q query operation
-a queries all installed packages
-f : file name
-d : refers documentation.
in use today. However, because of the growth of the Internet and the
predicted depletion of available addresses, a new version of IP (IPv6), using
128 bits for the address, was developed in 1995. IPv6 was standardized as
RFC 2460 in 1998, and its deployment has been ongoing since the mid2000s.
IP addresses are usually written and displayed in human-readable notations,
such as 172.16.254.1 (IPv4), and 2001:db8:0:1234:0:567:8:1 (IPv6).
Subnet mask:-A Subnet mask is a 32-bit number that masks an IP address,
and divides the IP address into network address and host address. Subnet
Mask is made by setting network bits to all "1"s and setting host bits to all
"0"s. Within a given network, two host addresses are reserved for special
purpose, and cannot be assigned to hosts. The "0" address is assigned a
network address and "255" is assigned to a broadcast address, and they
cannot be assigned to hosts.
Subnet Mask
255.255.240.000
11111111.11111111.11110000.00000000
IP Address 150.215.017.009 10010110.11010111.00010001.00001001
Subnet Address 150.215.016.000
10010110.11010111.00010000.00000000
The subnet address, therefore, is 150.215.016.000.
subnetting:-Subnetting enables the network administrator to further divide
the host part of the address into two or more subnets. In this case, a part of
the host address is reserved to identify the particular subnet. This is easier to
see if we show the IP address in binary format.
The full address is:
10010110.11010111.00010001.00001001
The Class B network part is:
10010110.11010111
The host address is:
00010001.00001001
If this network is divided into 14 subnets, however, then the first 4 bits of the
host address (0001) are reserved for identifying the subnet.
---------------------------------------------------------------------------------Write a syntax for create new user,modify and delete user?
To add/create a new user, all youve to follow the command useradd or
adduser with username. The username is a user login name, that is used
by user to login into the system.
Only one user can be added and that username must be unique (different
from other username already exists on the system).
For example, to add a new user called tecmint, use the following command.
[root@tecmint ~]# useradd tecmint
When we add a new user in Linux with useradd command it gets created in
locked state and to unlock that user account, we need to set a password for
that account with passwd command.
[root@tecmint ~]# passwd tecmint
Changing password for user tecmint.
So when the types the command, apt-get install conky, the APT will start
finding the package named conky in the database and will install conky once
user types 'y' (yes). To get the all newly uploaded packages on the
repositories, user need to update APT regularly.
To update APT database:
apt-get update
To update the APT database and also upgrade the security updates and
patches that might be available for some installed softwares, users may do it
at once just by using the commands like this:
apt-get update; apt-get upgrade
And remember all of the package management tools I am discussing, will
need user to be in root or superuser, for example to install software in debian
based distributions you will use apt-get followed by sudo then It will ask you
to enter password.
sudo apt-get install conky
sudo apt-get remove conky
sudo apt-get update
As shown below, any user can execute the chage command for himself to
identify when his password is about to expire.
Syntax: chage -list username (or) chage -l username
$ chage --list dhinesh
Last password change
: Apr 01, 2009
Password expires
: never
Password inactive
: never
Account expires
: never
Minimum number of days between password change
:0
Maximum number of days between password change
: 99999
Number of days of warning before password expires
:7
If user dhinesh tries to execute the same command for user ramesh, hell get
the following permission denied message.
$ chage --list ramesh
chage: permission denied
Note: However, a root user can execute chage command for any user
account.
When user dhinesh changes his password on Apr 23rd 2009, it will update
the Last password change value as shown below.
$ date
Thu Apr 23 00:15:20 PDT 2009
$ passwd dhinesh
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
$ chage --list dhinesh
Last password change
: Apr 23, 2009
Password expires
: never
Password inactive
: never
Account expires
: never
Minimum number of days between password change
:0
Maximum number of days between password change
: 99999
Number of days of warning before password expires
:7
-------------------------------------------------------------------------------------How to disable password aging for an user account
To turn off the password expiration for an user account, set the following:
-m 0 will set the minimum number of days between password change to 0
-M 99999 will set the maximum number of days between password change
to 99999
-I -1 (number minus one) will set the Password inactive to never
-E -1 (number minus one) will set Account expires to never.
# chage -m 0 -M 99999 -I -1 -E -1 dhinesh
# chage --list dhinesh
Last password change
: Apr 23, 2009
Password expires
: never
Password inactive
: never
Account expires
: never
Minimum number of days between password change
:0
Maximum number of days between password change
: 99999
Number of days of warning before password expires
:7
-------------------------------------------------------------------------------------------POSTFIX MAIL SERVER
1. Postfix is a mail transport agents used every day at sites that handle
thousands and tens of thousands of messages per day.
2. The best part is that Postfix is fully compatible with Sendmail at the
command level.
3. The similarity is deliberate, for Postfix was designed to be a
highperformance, easier-to-use replacement for Sendmail.
Configuring Postfix
1. The configuration file is /etc/postfix/main.cf . The following variables need
to be checked or edited a. Domain name: mydomain =example.com
b. Local machine domain: myhostname=coondog.example.com
c. Domain name appended to unqualified addresses myorigin=$mydomain
This causes all mail going out to have your domain name appended.
d. The mydestination variable tells Postfix what addresses it should deliver
locally. mydestination=$myhostname, localhost, localhost.$mydomain
2. Postfix supports a larger number of configuration variables than the four
just listed, but these are the mandatory changes you have to make.
3. Create or modify /etc/aliases file : At the very least, you need aliases for
Postfix, postmaster, and root in order for mail sent to those addresses to get
to a real person. Example : postfix: root postmaster: root root: bubba
4. After creating or modifying the aliases file, regenerate the alias database
using Postfixs newaliases command. /usr/sbin/newaliases
5. The last step is to start Postfix: # service postfix start Starting postfix:
[ OK ]
-------------------------------------------------------------------------------------------Explain the following value of allow overide directive of<Directory>
block of FTP Server Config-File
All The same as specifying AuthConfig FileInfo Limit
AuthConfig User access directives
FileInfo Document type direcives
Limit Host access directives
None No directives can be overridden on a per-directive basis
--------------------------------------------------------------------------------------------EDQUOTA
The primary command to edit quotas is edquota. The use of the command is
simple. Let's say you want to edit a quota for the user stephanie. The
command would be:
edquota -t
When you run this command, you will see something similar to:
replacing them with more recent ones. logrotate can automatically rotate,
compress, remove, and mail your log files. Log files can rotated based on
size or on time, such as daily, weekly or monthly.
Syslog.conf: This daemon logs any notable events on your local system. It
can store logs in a local file or send them to a remote log host for added
security. It can also accept logs from other machines when acting as a
remote log host. These options and more, such as how detailed the logging
should be are set in the syslog.conf file. a. Authentication previlege
messages contain somewhat sensitive information so they are logged to
/var/log/secure. That file can be read by root only, whereas
/var/log/messages is sometimes set to be readable by everyone .
grub.conf : The /etc/grub.conf file is a symbolic link to the actual file that is
located in /boot/grub/grub.conf file.
Issue : Whatever is in this file shows up as a prelogin banner on your
console.
Issue.net : This file generally contains the same thing as /etc/issue. It shows
up when you attempt to telnet into the system.
aliases: /etc/aliases is the email aliases file for the Sendmail program, and
Postfix uses /etc/postfix/aliases a. For example root user mail box can be
alias as b. root: taleen c. Root: taleen@buffy.xena.edu
-----------------------------------------------------------------------------------------How does GRUB work?
When a computer boots, the BIOS transfers control to the first boot device,
which can be a hard disk, a floppy disk, a CD-ROM, or any other BIOSrecognized device. We'll concentrate on hard disks, for the sake of simplicity.
The first sector on a hard is called the Master Boot Record (MBR). This sector
is only 512 bytes long and contains a small piece of code (446 bytes) called
the primary boot loader and the partition table (64 bytes) describing the
primary and extended partitions.
By default, MBR code looks for the partition marked as active and once such
a partition is found, it loads its boot sector into memory and passes control
to it.
GRUB replaces the default MBR with its own code.
Furthermore, GRUB works in stages.
Stage 1 is located in the MBR and mainly points to Stage 2, since the MBR is
too small to contain all of the needed data.
Stage 2 points to its configuration file, which contains all of the complex
user interface and options we are normally familiar with when talking about
GRUB. Stage 2 can be located anywhere on the disk. If Stage 2 cannot find
its configuration table, GRUB will cease the boot sequence and present the
user with a command line for manual configuration.
Stage 1.5 also exists and might be used if the boot information is small
enough to fit in the area immediately after MBR.
The Stage architecture allows GRUB to be large (~20-30K) and therefore
fairly complex and highly configurable, compared to most bootloaders, which
are sparse and simple to fit within the limitations of the Partition Table.
-------------------------------------------------------------------------------------------------LOGICAL VOLUMES
1. Logical Volume Manager (LVM) enables you to be much more flexible with
your disk usage than you can be with conventional old-style file partitions.
2. Normally if you create a partition, you have to keep the partition at that
size indefinitely.
3. For example, if your system logs have grown immensely, and youve run
out of room on your /var partition, increasing a partition size without LVM is a
big pain. You would have to get another disk drive, create a /var mount point
on there too, and copy all your data from the old /var to the new /var disk
location.
4. With LVM in place, you could add another disk, and then assign that disk to
be part of the /var partition. Then youd use the LVM file system resizing tool
to increase the file system size to match the new partition size.
5. Normally you might think of disk drives as independent entities, each
containing some data space but when you use LVMs, you need a new way of
thinking about disk space.
6. First you have to understand that space on any disk can be used by any
file system. A Volume Group is the term used to describe various disk spaces
(either whole disks or parts of disks) that have been grouped together into
one volume.
7. Volume groups are then bunched together to form Logical volumes.
8. Logical volumes are akin to the historic idea of partitions. You can then use
a file system creation tool such as fdisk to create a file system on the logical
volume.
9. The Linux kernel sees a logical volume in the same way it sees a regular
partition.
10. Some Linux tools for modifying logical volumes are pvcreate for creating
physical volumes, vgcreate for creating volume groups, vgdisplay for
showing volume groups, and mke2fs for creating a file system on your logical
volume.
---------------------------------------------------------------------------------------------USES OF NFS
use of NFS is to provide centralized storage for users home directories.
Many sites store users home directories on a central server and use NFS to
mount the home directory when users log in or boot their systems.
Usually, the exported directories are mounted as /home/username on the
local (client) systems,
but the export itself can be stored anywhere on the NFS server, for example,
/exports/users/username. Figure 12-1 illustrates both of these NFS uses.
-------------------------------------------------------------------------------------------------What is the use of Samba Server?and how to enable and disable it.
Samba is software that can be run on a platform other than
Microsoft Windows, for example, UNIX, Linux, IBM System 390,
OpenVMS, and other operating systems.
-------------------------------------------------------------------------------------------------IFCONFIG command with example
ifconfig is used to configure, or view the configuration of, a network
interface.
ifconfig stands for "interface configuration". It is used to view and change the
configuration of the network interfaces on your system.
Running the ifconfig command with no arguments, like this:
ifconfig
will display information about all network interfaces currently in
operation. The output will resemble the following:
ext2 has become the standard file system for Linux. It is the next generation
of the ext file system. The ext2 implementation has not changed much since
it was introduced with the 1.0 kernel back in 1993.
Since then there have been a few new features added. One of these was
sparse super blocks, which increases file system performance.
ext2 was designed to make it easier for new features to be added, so that it
can constantly evolve into a better file system. Users can take advantage of
new features without reformatting their old ext2 file systems.
ext2 also has the added bonus of being designed to be POSIX compliant.
New features that are still in the development phase are access control lists,
undelete, and on-the-fly compression.
ext2 is flexible, can handle file systems up to 4TB large, and supports long
filenames up to 1,012 characters long.
In case user processes fill up a file system, ext2 normally reserves about 5
percent of disk blocks for exclusive use by root so that root can easily
recover from that situation. Modern Red Hat boot and rescue diskettes now
use ext2 instead of minix.
EXT3
i) The extended 3 file system is a new file system introduced in Red Hat 7.2.
ext3 provides all the features of ext2, and also features journaling and
backward compatibility with ext2.
The backward compatibility enables you to still run kernels that are only
ext2 aware with ext3 partitions.
ii) You can upgrade an ext2 file system to an ext3 file system without losing
any of your data. This upgrade can be done during an update to Red Hat 7.2.
iii) ext3 support comes in kernels provided with the Red Hat 7.2 distribution.
If you download a kernel from somewhere else, you need to patch the kernel
to make it ext3 aware, with the kernel patches that come from the Red Hat
ftp site.
It is much easier to just stick with kernels from Red Hat.
iv) ext3s journaling feature speeds up the amount of time it takes to bring
the file system back to a sane state if its not been cleanly unmounted (that
is, in the event of a power outage or a system crash).
----------------------------------------------------------------------------------------Bootstrapping
When a computer is turned on, the computer's BIOS finds the
primary bootable device (usually the computer's hard disk) and
loads the initial bootstrap program from the master boot record
(MBR), the first 512 bytes of the hard disk, then transfers control to
this code.
Bootstrapping done in following two phase.
1) Kernel Loading
i) Once GRUB has started and you have selected Linux as the operating
system to boot, the first thing to get loaded is the kernel.
ii) No operating system exists in memory at this point, and PCs (by their
unfortunate design) have no easy way to access all of their memory.
iii) Thus, the kernel must load completely into the first megabyte of available
random access memory (RAM), In order to accomplish this, the kernel is
compressed.
iv) The head of the file contains the code necessary to bring the CPU into
protected mode (thereby removing the memory restriction) and decompress
the remainder of the kernel.
2) Kernel Execution
i) With the kernel in memory, it can begin execution, It knows only whatever
functionality is built into it, which means any parts of the kernel compiled as
modules are useless at this point.
ii) At the very minimum, the kernel must have enough code to set up its
virtual memory subsystem and root file system (usually, the ext3 file
system).
iii) Once the kernel has started, a hardware probe determines what device
drivers should be initialized.
iv) From here, the kernel can mount the root file system, root system is same
as that of C drive in windows OS.
v) The kernel mounts the root file system and starts a program called init.
---------------------------------------------------------What is Kernel?
The kernel of UNIX is the hub of the operating system: it allocates
time and memory to programs and handles the filestore and
communications in response to system calls.
------------------------------------------------------------------What is RUNLEVELS list various runlevels and explain them?
The term runlevel has been used a few times so far in this chapter and now
is a good time to learn more about runlevels and why they are used.
There are typically eight runlevels on Linux systems, but we are only
interested in the seven used on Fedora Core or Enterprise Linux systems.
Each of the runlevels has a set of processes associated with that runlevel
that will be started by entering that runlevel.
The runlevels on a Fedora Core or Enterprise Linux system and their purpose
are:
0 Halt 1 Single-user mode 2 Not used (user-definable) 3
Full multiuser mode (without a graphical user interface, GUI) 4 Not used
(user-definable) 5 Full multiuser mode (with a GUI) 6 Reboot
The /etc/inittab file controls the default runlevel for the system to use when
it boots.
1. The init process is the first non-kernel process that is started, and,
therefore, it always gets the process ID number of 1.
2. init reads its configuration file, /etc/inittab, and determines the runlevel
where it should start.
3. Essentially, a runlevel dictates the systems behavior.
4. Each level (designated by an integer between 0 and 6) serves a specific
purpose.
Modifying Netfilter
i) Modifying your netfilter firewall rules is an optional step.
ii) If we are not using netfilter to maintain a firewall or provide LAN access to internet
then its completely optional step.
Starting Squid
i)
To start Squid # service squid start O/P : Starting Squid:
ii)
ii) To start and stop automatically: # chkconfig level 0123456 squid off #
chkconfig level 345 squid on
Testing the Configuration
i) You first configure the Web browser.
ii) If you are using Firefox, select Edit Preferences to open Preferences dialog box.
iii) On general tab, click Connection Settings to open Connection Settings dialog box,
then click Manual proxy configuration radio button and type the hostname or IP address
of the proxy server in the HTTP Proxy text box. Type 3128 in the accompanying Port
text box.
iii)
Click ok to close the Connection Settings dialog box and OK again to save
your changes and close the Preferences dialog box
Configuring the Time Server
You will need to do the following tasks in order to configure time server :
1. Install the NTP software. 2. Locate suitable time servers to server as reference
clocks. 3. Configure your local time server. 4. Start the NTP daemon on the local time
server. 5. Make sure that the NTP daemon responds to requests.
Installing NTP
1. Installing NTP software is simple. Use the rpmquery command to make sure that the
ntp package is installed:
2. Example : $ rpmquery ntp Output : Ntp-4.2.0.a.20040617-4
3. If installed, version name will get displayed. If the ntp package isnt installed, install it
using the installation tool of your choice before proceeding.
Selecting Reference Clocks
1. NTP is also hierarchical and organizes time servers into several strata(levels) to
reduce the load on any given server, or set of servers.
2. Stratum 1 servers are referred to as primary server, stratum 2 servers as secondary
servers, and so on.
There are more secondary servers than primary servers, Secondary servers sync to
primary servers, and clients sync to secondary or tertiary servers.
4. NTP also provides for syncing to pool servers, a large class of publicity accessible
secondary servers maintained as a public service for use by the Internet connected
computing community at large.
5. You can check all pool servers using following command $ host pool.ntp.org
Procedure for configuration of NTP Server 1. Add the following lines to /etc/ntp.conf:
broadcast 224.0.1.1 autokey crypto pw serverpassword keysdir /etc/ntp
2. Generate the key files and certificates using the following commands: # cd /etc/ntp #
ntp keygen T I p serverpassword
3. If ntpd is running, restart it: # service ntpd restart
4. If ntpd is not running, start it: # service ntpd start
5. Use the following chkconfig commands to make sure that ntpd starts in at boot time
and in all multiuser run level: chkconfig --level 0123465 ntpd off chkconfig level 145
ntpd on
Optimizing NFS
1. Using a journaling file system offers many advantages for an NFS server such as in
the event of the crash, journaling file system recover much more quickly than nonjournaling file system.
2. Spread NFS exported file systems across multiple disks and, if the possible, multiple
disk controllers, the purpose of this strategy is to avoid disk hot spots, which occur when
I/O operations concentrate on a single disk or a single area of a disk.
3. Replace IDE disks with serial ATA disks and If you have the budget for it then use
Fiber channel disk arrays.
4. If your NFS server is using RAID, use RAID 1/0 to maximize write speed and to
provide redundancy in the event of a disk crash.
5. RAID 5 seems compelling at first because it ensures good read speeds, which is
important for NFS clients, but RAID5s write performance is lackluster(lack) and good
write speeds are important for NFS servers.
6. Consider replacing 10-Mbit Ethernet cards with 100-Mbit Ethernet cards throughout
the network.
7. A common NFS optimization is to minimize the number of write intensive NFS
exports.
8. In extreme cases, re-segmenting the network might be the answer to NFS
performance problems.
Configuring a Caching DNS server
1. Begin by verifying the zone information in /etc/named.conf. when you installed the
BIND package, the /etc/named.conf file was created and it contained zone information
for your localhost.
2. Next, you need to check the configuration of the /var/named/named.local file, this file
contains the domain information for the localhost, and is typically created when BIND is
installed.
3. You need to check the /etc/nsswitch file to be sure it contains the following line: hosts:
files nisplus dns
4. You need to check the /etc/resolv.conf file to make sure that the IP address
(127.0.0.1) of your localhost is listed as a name server.
5. Finally, you need to check that your /etc/host.conf contains the word bind.
6. After you have completed all of the previous steps, it is time to start the named
daemon and check your work.
7. Type service named start at a command prompt, press Enter, wait for the prompt to
return and then type rndc status and Press Enter.
8. You will see output similar to this: Number of zones: 8 Debug level: 0 Xfers running:0
.. Server is up and running
9. You have successfully configured and started your caching name server.
Using SFTP
As an alternative to configuring vsftpd with SSL, you can use sftp-server, a program that
is part of the OpenSSH (Secure Shell) suite of secure client and server programs.
sftp-server implements the server-side portion of the FTP protocol. You do not invoke it
directly; the SSH daemon, $ sshd, does so when it receives an incoming FTP request.
You need to have the OpenSSH-related packages installed, but they are part of the
standard Fedora Core 3 and RHEL installation. The following is a rpmquery
command:
# rpmquery openssh{, -{clients,askpass,server}}
If the packages are not installed, install them before proceeding. If they are installed,
make sure the following line appears in /etc/ssh/sshd_config:
Subsystem sftp /usr/libexec/openssh/sftp-server
This directive tells sshd to execute the program /usr/libexec/openssh/sftp-server to
service the SFTP subsystem. Again, this entry should be part of the stock installation,
but if it isnt, add it to the configuration file and then restart the SSH daemon using the
following command:
# service sshd restart
From the clients perspective, very little changes. The client command to execute is
sftp rather than ftp, and the set of supported commands is more limited than it is
standard FTP commands. One important difference that between clear-text FTP and
secure FTP is that sftp does not support anonymous FTP; users will always be
prompted to provide a password unless they have set up SSH keys. However, you
can configure vsftpd to provide anonymous FTP and then use OpenSSH to provide
secure, authenticated FTP service for users that have valid accounts on the system.
The two services FTP and SFTP can exist side by side because sftp uses port 115 and
FTP uses port 25.