Académique Documents
Professionnel Documents
Culture Documents
0 ES
Introduction:
Unix is the first Operating system in the world, developed by Kem Thompson
and Dennis Ritchie in 1969 at Bell Lab by AT&T Company
IBM : AIX
SGI : IRIX
HP : HP
Sun : Solaris
FSF:
Free software foundation organization, they start a project by name
GNU. The mail aim of this project is to develop such a O.S that can run on
any platform.
In 1991, a student Linus Tarvalds developed a kernel named Linus’s Kernel
plus GNU application called Linux O.S
Linux is a open source technology.
Different companies that provide Linux in Market are Redhat, SuSe,
Mandrake, Turbo, Knoppix etc.
Features:
a. Linux is the fastest Operating system in the world. It runs 2 to 3 times
fast than windows O.S
b. Linux is the very secured O.S because there is no any problem of
virus.
c. Linux file format is text format and windows file format is binary
format.
d. Linux is very reliable O.S because kernel of linux is very stable as
compare to windows kernel not crashed easily.
e. Kernel of linux is vcery small, it can be stored in floppy
f. Linux uses the x-Window system which is advanced network
windowing system. Using this system we can display output of any
workstation monitor attached in the network
Advantages of Linux:
a. Virus Proof
b. Crash Proof
c. Economical
d. Multiuser, multi desktop and multi tasking
Mode of Login
1
[root@station2~]#
to switch from one text mode to another
Alt+Ctrl+F1 to Alt+Ctrl+F6
In case of Graphical Mode
Ctrl+Alt+F7
Common Command
Some of the Common system command are as follow:
1. Date : to display date and time
2. Cal : to display the calendar
3. Cal 11 2006 : display the calendar of Month 11 and year 2006
4. Clear : To clear the screen
5. ls : to list directory contents
color identification
blue : Directories
White : Files
Green : Executable files
Red ; Zip files, rpm, tar file
Different switches used with “ls” command
ls –a : shows all hidden files and directory. Any file followed by (.) is hidden
file
ls –al : show all hidden files and directory with long listing or whole
description
2
Creating file and Directory:
a. Creating file:
The ‘cat’ command is used to create a file
Syntax:
# cat > filename
example:
# cat > abc.txt
(Ctrl +D) is used to save the file.
c. Creating Directory
The ‘mkdir’ command is used to create directory
Syntax:
Mkdir [directory_name]
Example:
# mkdir raj
Option used:
cd : To change directory
cd .. : To come out from directory
cd : to jump to root directory
cd - : to jump to previous directory
where
r = recursively
f= force
3
rm –r <directory>
example;
rm –r raj
this will remove directory step by step ,first remove sub directory and then
finally main directory.
b. Copy directory
#cp –r [source]directory [destination]
to copy a directory into another directory recursively
More than one file can be copied at a time if the destination is directory
Syntax:
cp [option] file1 file2 file 3 Destination
Syntax:
# mv : move /rename files and directory
Example:
# mv [option] file destination
example:
# mv t.txt /home/raj/
more than one file can be moved at a time if the destination is a directory
4
Getting Help:
The command that are used to get the help are discussed as :
a. Whatis
Display a short description of command , it uses a database that is updated
nightly. Often not available immediately after installation.
Syntax:
# Whatis cal
b. Help
Display usage summary and argument list
Syntax:
<command> --help
Example:
#Date –help
Option:
-c : Clear before displaying
-s : Squeeze multiple blank lines into a single blank line
5
-rwxrwxrwx : files
drwxrwxrwx : directory
files and directory permission are symbolized by ten character.
1. Symbolic Method:
Syntax:
Chmod mode directory/filename
Mode Option:
1. u,g,o
2. w,r,x
3. +,-
4. =
2. Numeric Method:
In this method, calculation are based on following numbers
r=4 w=2 x=1 0= no permission
Example:
#chmod 777 file/directory
in this case user get 7 means that user has permission of read/write/execute,
group get 7 means read/write/execute and ame for other
6
# chmod 531 file/directory
in this case user get 5 means that user has permission of read/execute,
group get 3 means write/execute and other get 1 means that other has
permission to execute.
Figure
7
Representation Of Media Devices:
All the device file are stored in /dev/
Hard disk ; /dev/hdx
Where x is
a : /dev/hda : Primary master
b : /dev/hdb : Primary slave
c : /dev/hdc : Secondary master
d : /dev/hdd : Secondary slave
CD-rom:
/dev/cdrom
/dev/cdrom1
/dev/cdrecorder
Floppy:
/dev/fd0
/dev/fd1
Mounting CD Rom
# mount –t auto /dev/hdc /media/cdrom
-t : file type
auto : file type
in order to check where cdrom is attached we can open the file fstab
#vi /etc/fstab
now in case of RHEl 3.0 we have to use command in order to unmount.
# umount /media/cdrom
and then eject the cdrom
in case of RHEL 4.0 we simply type
# eject
Mounting Floppy
#mount –t auto /dev/fd0 /media/floppy
in case of floppy we have to umount first then only we remove floppy
otherwise all content of floppy may be lost or floppy may be physically
damaged.
# umount /media/floppy
Mounting USB media :- directed by the kernel as SCSI device
/dev/sdax
Vi Editor:
Using vi , we can create or modify any file
8
Vi, vim Editor
Vi is the standard file editor for Unix and Vim is the standard file editor for
Linux
For Red hat Linux vi and Vim both are same
There are three mode of vi editor
1. command mode
2. insert mode
3. save and Exit Mode
1. Command mode is again divided into 3 mode
a. Cursor movement
b. Copy, paste, delete, undo
c. Text search
a. Cursor Movement
J : Down
K : UP
L : RIGHT
H : LEFT
c. Text Search
/text
example
/then
2. Insert Mode
Option I, insert, a ,o, O
i : insert mode start at the point where cursor is. Same is
used with
insert option
a : insert mode start after one character
o : insert mode start after one line
O : insert mode start before one line
9
User and Group Administrator
Example:
#adduser rakesh
#passwd rakesh
Now open the file /etc/passwd to check the entry of user
#vi /etc/passwd
it contain 7 entry of each user
1. Username
2. Password
3. userid
4. groupid
5. blank (User information field ) comment
6. home directory
7. login shell
password entry for each user will be stored in /etc/shadow
# vi /etc/shadow
10
in order to get the information about the group we need /etc/group
#vi /etc/group
it contain four field
1. Group name
2. password
3. GroupId
4. Member of group
Syntax:
#finger username
#finger rakesh
syntax:
#id username
#id rakesh
Creating Group:
Syntax:
#groupadd groupname
#groupadd –g gid groupname
Example:
#groupadd raj
Exercise:
Create a user that should have uid=1000 shell=sh description and home
directory as /data
Sol:
#useradd –u 1000 –c rakeshpundir –s /bin/sh –d /data rakesh
#passwd rakesh
Grpahically
System Setting :-> User & Group
OR
#system-config-user
Every user have two group one is elementary group or primary group and
secondary group
-g : Primary Group
-G : Secondary Group
Creating Group
#groupadd g1
#groupadd g2
Steps:
11
1. adding group to the user
#usermod –g g1 –G g2 rakesh
2. To change id of the user
#usermod –u 1001 rakesh
3. change comment
#usermod –c rakeshsingh
4. change home directory
#usermod –d /rakesh-home rakesh –m
5. change shell
#usermod –s /bin/bash rakesh
6. change user login name
#usermod –l newname oldname
#usermod –l rajesh rakesh
7. Change Group name
#groupmod –n newname oldname
#groupmod –n group1 g1
8. change Group id
#groupmod –g 2005 group1
Example:
#find /etc –name passwd
this command will search for all file name passwd in /etc and its
subdirectories
now we can redirtect the standard outpout
#find /etc –name passwd > output
output is a file where command output will be stored. Standard error is still
displayed on the screen
#cat output
If the target file of the file redirection with > already exists, the existing file
will be overwritten. To append data to an existing file use >> to redirect
instead of >
#find /etc –name passwd >> output
12
#find /etc/ -name passwd 2>>errorfile
#cat errorfile
Symbolic links:
A symbolic link point to another file. We can display the link name and the
referenced file by ‘ls –l’
#ls –l pf
lrwxrwxrwx 1 root root pf->/etc/passwd
file type: l for symbolic link
the content of the symbolic link is the name of the file that is referenced
Syntax:
Ln –s filename [linkname]
Example:
Ln –s /etc/passwd password
There are seven fundamental file type
- : regular file
d : symbolic link
b : block special file
c : character special file
p : named file
s : socket
character special file are used to communicate with hardware one character
at a time. Block special file is used to communicate with hardware a block of
data at a time : 512 bytes, 1024 bytes, 2048 bytes
ls –l /dev |less { to check c and b files}
named pipe type of file that passes data between processes. It stores no data
itself socket file are used for inter process communication.
The ‘du’ command reports the number of kilobytes contained by the items
within a directory
#du –s
#du –h
-s : used to request only the summary directory information
#du –s /etc
Aliases:
13
Aliases are shortcut names for large commands. If we have command that
run often, but take a considerable amount of typing, we can reduce these to
an aliases.
Alias c=clear
We can make a permanent entry of alias in .bashrc file
Type:
#vi .bashrc
alias c=`clear`
save and exit
Test your change by logging out, logging back and type the following
#alias
#c
Default Permission:
The default permission for files is 666 and directory is 777. umask is used to
withhold permission. Default root’s umask is 022. without a umask in effect,
only file created will have 666 permission and directory will have 777. this
means that anyone on the system will have read and write access to any file.
A umask of 002 will result in file created with 664 permission and directory
with permission 775.
Default umask on Red hat enterprise linux is 002. to change
#umask 022
umask is typically set by script run at login time. The next time you lig in
umask will be set bask to your default unless you add command to one of
your startup files such as .bashrc.
Run Level:
To check the run level we need to see the file /etc/inittab
#vi /etc/inittab
defaults run – level used by RHS are
0 : hault ( do not set init default to this)
1 : single user mode
2 : multi user mode without networking
3 : multi-user mode with networking
4 : unused
5 : X11 (Graphical)
6 : reboot
#runlevel : this command shows that in which run level you are at
present
#vi /etc/inittab
line No 18 : id:5:initdefault
(we can change this value from 1 to 5 as per our need)
14
Line No 44 :
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
.
.
.
6:2345:respawn:/sbin/mingetty tty6
in these line if we add one more line the number of virtual console increase
and if we remove one line , virtual console terminal decrease.
For adding
7:2345:respawn:/sbin/mingetty tty7
after editing this file we need to sane and exit
#init q : this command is used to activate the change made.
INSTALLATION:
Installation can be done either by CDROM , NFS, LAN, FTP
Partition type and its size
/ 10000MB
/boot 128MB
/home 1000MB
swap 256 MB ( 1.5 to 2 times more than RAM Size)
Note:
While installation we have to make sure that firewall option should be disable
1. No firewall
2. Selinux disable
Following Package are needed at the time of installation.
Desktop
1. X Window
2. GNOME
Application
1. Text Editor
15
2. Graphical Internet
3. Text Based Internet
Server
1. Server configuration tools
2. Web Server
3. Mail server
4. DNS server
5. FTP Server
6. Network Server
7. Legacy Network Server ( in this select Telnet)
System
1. Administrative Tools
2. System tools
3. Printing tools
While Installing Redhat linux 4.0 WS with the help of NFS and FTP, we have to
perform the following step
First we have to check the rpm of ftp/nfs
ftp : vsftp-2.0.1…….
nfs : nfs-utils-1.0.6……
Now copy the disk 1 of the Redhat linux into the folder “/var/ftp/pub”
Now copy RPMS of remaining CD’s (Disk 2,3,and 4) inside
/var/ftp/pub/RedHat/RPMS/
Now we need to configure the exports file.
#vi /etc/exports
/var/ftp/pub 192.168.0.0/255.255.255.0(rw,sync)
save and exit
now start the service
#service portmap restart
#chkconfig portmap on
#service nfs restart
#chkconfig nfs on
Now Boot the new system from disk 1 of Redhat linux and type
Linux askmethod
Choose language : English
Keyboard Type : U.S
Installation Method : NFS Image
NFS Server name : 192.168.0.254
NFS Dierctory : /var/ftp/pub
And continue the installation
There is slightly change in case of FTP
In case of FTP:
Boot the system from disk 1 of redhat linux and type
Linux askmethod
Choose language : English
16
Keyboard Type : U.S
Installation Method : FTP
Then first mentioned your system ip address in order to identify itself in
network
192.168.0.24
255.255.255.0
then mentioned the FTP server address as
192.168.0.254
255.255.255.0
mount point : pub ( as in case of FTP the default path is /var/ftp)
and continue the installation
Kick Start
Kick start is one of the automatic installation method. Before making kick
start file we need to check the rpm
Rpm : system-config-kickstart
Kick start consist of installation wizard which we can configured for another
system like general information, root password, package , set the language,
keyboard type, network, installation type etc. then save the kick start with
any name say nfsks.cfg under /root
Suppose we use NFS type then we have to mentioned
NFS Ip address : 192.168.0.254
Path : /var/ftp/pub
Now we have to edit the file nfsks.cfg by editing one line
Selinux-disable
Now we have to configure the file /etc/exports
#vi /etc/exports
/root 192.168.0.0/255.255.255.0(rw,sync)
/var/ftp/pub 192.168.0.0/255.255.255.0(rw,sync)
17
RPM namegenerally includes version, release and architecture for which it
was build.
Like
Zip-2.3-8.i386.rpm
To install RPM:
#rpm –i rpm_name
To Remove RPM
#rpm –e rpm_name
To Upgrade RPM:
#rpm –U rpm_name
18
Installing dependent packages:
Suppose we have 4 rpm’s r1,r2,r3 and r4 , we need to install r4 but r4
depends on remaining rpm’s then we use this command.
Example:
#at 10:30
at>eject
at>eject –t
ctrl+D
Option used
#at now
#at now+5 minutes
#at now+5 hours
#at now+5 days
#at tomorrow
#at 10:30 july 16 2006
we can also restrict the user not to use the ‘at’ command. Restriction will be
provided by root login with administrator.
#vi /etc/at.deny
inside this file we have to just mentioned the name of the user in order to
restrict him not to use ‘at’ command.
Just save and exit form the file
By default all users are allowed to use ‘at’ command. ‘at.deny’ is default in
system. We can also create a file ‘at.allow’ file. Once we create this file, now
by default all users will be restricted to use ‘at’ command and only that user
which have entry on ‘at.allow’ will allow to use the ‘at’ command.
Another method is to make an entry inside the ‘crontab’ file. Entry will be
done by the root. Difference between these two method is crontab is used to
19
perform the same task many times whereas job through ‘at’ command will be
removed after the task has been performed.
Minute : 0-59
Hours : 0-23
Day of Month : 1-31
Month : 1-12
Day of Week : 0-7
0 and 7 are Sunday
#Whereis eject
this command display the path of the command. It is better to use the full
path of the command inside crontab instead of just the name of the
command.
We can also make the entry as
35 10 * * * eject
36 10 * * * eject –t
In this case. These two jobs will be performed at 10:35 in every month.
Some command which are executed with ‘at’ or ‘crontab’ send their output to
the user mail box. These command are executed on background and their
output is transferred to the particular user’s mail box. In order to see the
output of the command we use.
#mutt
This command will open the mailbox from where we check the output
Some of the switched used with the ‘crontab’
#crontab –l
List out all the job scheduled in crontab.
#crontab –r
Can remove the job from the crontab.
Fdisk:
20
Representation of Hard disk
/dev/hdx
/dev/had : Primary Master
/dev/hdb : Primary Slave
/dev/hdc : Secondary Master
/dev/hdd : Secondary slave
Fdisk command is used to create a partition
#fdisk –l
Display the partition Listing
Creating Partition
#fdisk /dev/had
Press(m for help): m
Some important switches are
D : delete partition
N : New
L : listing
Q : quit
W : Save and Exit
T : changed type
Press : n
l: Logical (5 or above)
p: Logical partition( 1-4)
Type l
First cylinder (Take as default): Press Enter
Last Cylinder or +size or +sizeM or +sizeK (….) : +100M
Command (m for help) : w
# partprobe
( to update the partition table without restarting the computer)
21
There are two method of doing so
a. creating partition
b. Creating file
A. Creating Partition:
i. We have to create one partition of size say 200MB and change its
type to 82 (swap type) . save and exit and then run the command
“partprobe”
ii. Format the partition say /dev/hda9
#mkswap /dev/hda9
iii. Make the swap partition active
#swapon /dev/hda9
iv. to check the entry of swap partition
# cat /proc/swaps
If we want to make the permanent entry in fstab then
#vi /etc/fstab
/dev/hda9 swap swap defaults 0 0
B. Creating file
i. first make an empty file
#touch /swp
ii. Now we customize the size of the swap
# dd if=/dev/zero of=/swp bs=1M count=200
iii. Format the newly created swap file
#mkswap /swp
iv. Active the swap file
#swapon /swp
To check the entry of swap file
#cat /proc/swaps
If we want that automatically this swap file activate , we need to make the
entry in /etc/ec.local
# vi /etc/rc.local
Make the following entry
Swapon /swp
Save and exit
User Quota:
Monitoring and controlling disk space usage is another important part of a
system administrator tasks. User quota is used to restrict the amount of disk
space on each partition by each user.
Steps
1. Edit the file /etc/fstab
# vi /etc/fstab
Search the following line
“LABEL=/home /home etx3 defaults 1 2”
Just add ‘usrquota’ after the word ‘defaults” as
“LABEL=/home /home ext3 defaults,usrquota 1 2”
22
Where –o I used to active comma separator used in fstab
After given a quota we must remount the directory with user quota or if we
restart the system , it automatically remount.
We can set the quota either by setting blocks soft and hard limit of inode
( Number of maximum file created)
Note:
We can generate the file of big size to check the quota
Syntax:
#dd if=/dev/zero of=bigfile bs=1M count=3
To check the quota for particular user after login
#quota
To set the grace period for particular user
#edquota –T username
We can also set the quota for particular user by using following command.
#setquota -u username 2000 3000 20 25 /home
23
LVM
Logical Volume manager
LVM is an extensible partitioning tool using which we can modify or resize any
partition without changing our existing data.
/dev/hdax
Figure
/dev/hdax
24
After adding we need to run ext2online command in order to assign file
system type to the added size
#ext2online /dev/vg00/lv00
RAID
Redundant Array Of Inexpensive Disk
RAID is a series of disk which can save your data even if there is catastrophic
failure on one of the disk
RAID are classified as RAID0, RAID1 and RAID 5
RAID 0 : require minimum 2 HDD and also known as stripping without parity
RAID 1: require minimum 2 HDD and also known as disk mirroring
RAID 5: minimum 3 HDD requirement and also known as stripping with parity
First we create the two partition say each of 100MB and then change its type
to (‘fd’) Raid
Now we create a RAID
#mdadm –C /dev/md0 –level=1 –raid-disks=2 /dev/hda8 /dev/hda9
Now check the raid
#cat /proc/mdstat
‘OR’
#mdadm --detail /dev/md0
Format the newly created RAID
#mkfs.ext3 /dev/md0
Now mount it
#mkdir /raid
#mount /dev/md0 /raid
In order to check first we fail any one of the partition
#mdadm --manage /dev/md0 --fail /dev/hda8
Check the status of the RAID
#mdadm --detail /dev/md0
Removing the failure partition
#mdadm --manage /dev/md0 --remove /dev/hda8
25
To add new disk partition
#mdadm --manage /dev/md0 --add /dev/hda10
Note:
In order to add new partition first we create the partition and change its type
to ‘fd’
26
3. service which are based on xinetd that is some back ground process
services
to check the service whether ON or OFF use
#service service_name status
#chkconfig –list
#chkconfig –list service_name
Example:
#service nfs status
#chkconfig –list
#chkconfig –list nfs
#ntsysv : will start /stop all the services in a particular run level. It will display
the dialog box in which all the services are mentioned
DHCP
Dynamic Host Configuration Protocol
DHCP provides IP address to host computer dynamically by the range of
addresses or statically or fixed address by MAC address
Service Profile
Type : System V managed Service
Package : dhcp
Daemon : dhcpd
Script : dhcpd
File : /etc/dhcpd.conf
Port : 67,68
27
Option nis-domain : “RHCE”;
Option domain-name : “example.com”;
Option domain-name-server : 172.24.254.254;
#chkconfig dhcpd on
#chkconfig portmap on
Client Side
#dhclient
Dhclient is used to give the request to dhcp server to assign an address to
client
Now if we want to assign the static IP address by their MAC address
#vi /etv/dhcpd.conf
Set the following configuration
host stationX {
hardware Ethernet 00:34:e3:5r:q1:34;
fixd-address 172.24.0.54;
where
x : Station number
NFS
Network File System
NFS server is used for file sharing and directory sharing between linux to
linux machine
Service Profile
Type : System V-managed
Package : nfs-utils
Daemon : rpc.rquotad, rpc.statd.nfsd
Script : nfs
Port : 2048
Configuration File : /etc/exports
Server Setting
First make the folder which you want to share
28
#mkdir /share
#cd /share
#touch a d f
#chmod o+w a b
Now open the configuration file
#vi /etc/exports
Make the following entry
/share 172.24.0.0/255.255.0.0(rw,sync)
Client
Mount the /share directory on client machine
#mount –t nfs:172.24.254.254:/share /mnt
Where /mnt is a mount point
29
If we give no permission then it will take (ro,sync)
#export –r
#export –a
#export –ar
If we run this command then there is no need to restart portmap and nfs
again and again.
NIS
Network Information Service
NIS provide simple directory service for system and account information. NIS
server is used to manage the system and account information on multiple
system from the central server.
Service Profile
Type : system V manage
Package : Server
Portmap ypserv make
Client
Authconfig authconfig-gtk portmap yp-
tools ypbind
Daemon : rpc.ypserv rpc.yppasswddd
Script : ypserv, yppasswdd
Configuration : /etc/sysconfig/network
/var/yp/Makefile
Server Setting:
Steps
1. Check the rpm’s
#vi /etc/sysconfig/network
Define the following line
NISDOMAIN=ICON
Save and exit
#vi /var/yp/Makefile
Search for “/all: “ line
Remove all the entry except
all: passwd group hosts netid
save and exit
30
#service portmap restart
#chkconfig portmap on
#service ypserv restart
#chkconfig ypserv on
/rhome/nisuser1 172.24.0.0/255.255.0.0(rw,sync)
Client Setting:
1. Check the rpm’s
31
#vi /etc/auto.master
#vi /etc/auto.misc
DNS
Domain Name Server
Service Profile
Server Setting
1. Edit the file named.conf
#vi /var/named/chroot/etc/named.conf
Edit the line after copying line N 37 to line 47
Zone “example.com”{
Type master;
File “example.zone”;
32
Allow-update {none;} ;
};
Zone “24.172.in-addr.arpa”IN{
Type master;
File “example.local”;
Allow-update {none;};
};
33
save and exit
DNS Client
Now finally use the Dig and nslookup command to check the DNS from client
side
Term
IN : Internet
SOA : Start Of Authority
TTL : Time to Line
NS : Name server
A : Address Record
PTR : Pointer Record
MX : Mail server
SOA is the first line in the zone file. It identifies the name server as the
authoritative source for information about this domain
TTL indicate how long to hold the data in their cache
NS shows the name of name server
A shows the IP address for name server
MX is a mail Exchange record
PTR is used to point to the name server
CNAME is CONONICAL name shows the real name of the host
34
Server Profile
Steps
Client Side:
1. Click on Mozilla Web Browser
2. Click editPreferences
3. Click on “Connection Setting”
4. Select “ Manual Proxy Configuration”
Http Proxy : 172.24.254.254 Port 8080
35
Send Mail
Sendmail is used to configure the mail server on the server in order to send
and receive the mail.
Service Profile
36
#touch /var/spool/mail/root
CUPS
Common Unix Printer System
UPS is the primary printing system under Re Hat Enterprise Linux. CUPS
support a new Internet Printing Protocol (IPP), based on HTTP/1.1
Configuration
Steps:
1. Type the following command
#printconfig
Or
#system-config-printer
Assign
Queue name : xyz
Device name : IPP
Select Printer Driver “ raw printer queue”
Server : server1.example.com
Path for the Queue Directory : /printer/xyz
FTP:
File Transfer Protocol
FTP provides file sharing between linux to linux , linux to Unix and Linux to
Windows
37
Service Profile
B
In user access, client machine connect to Target machine by having
username and password on Target machine
User entry in these two file are not allowed to access ‘ftp’
If we want that user entry in vsftpd.user_list can only access ftp server then
we need a entry in vsftpd.conf
#vi /etc/vsftpd/vsftpd.conf
Add following line
Userlist-deny = No
#vi /etc/vsftpd/vsftpd.conf
Anonymous-enable = yes
#uncomment line 27
Anon-upload-enable = yes
#uncomment
Chown-uploads = yes
Chown-username = daemon
38
#chmod 777 upload
Chgrp ftp upload
Assign group owner ship to ftp to ‘upload’ directory
In Graphical
ftp://rakesh@172.24.254.254
To upload: put
To download : get
Example:
#put <filename> to upload any file in user home directory
#get <filename. To download any file from user home directory
Service Profile
Steps:
39
2. For multiple Hosting we need to uncomment line number 1003
NameVirtualHost 172.24.254.254:80
Now copy line No 1016 to No. 1022 and paste at last
<VirtualHost 172.24.254.254:80>
ServerAdmin root@server1.example.com
DocumentRoot /www
ServerName server1.example.com
</VirtualHost>
#vi /etc/httpd/conf/httpd.conf
<VirtualHost 172.24.254.254:80>
ServerAdmin root@server1.example.com
DocumentRoot /www
ServerName Server1.example.com
<Directory /www>
Option Indexes Includes
AllowOverride Authconfig
</Directory>
</VirtualHost>
40
#htpasswd –c /etc/httpd/ht.access raj
#chgrp apache /etc/httpd/ht.access
#elinks http://server1.example.com
SSH or Secure Shell is used for the purpose of remote login between linux to
linux and linux to Unix. The main difference between SSH and telnet is that
SSH can be used for file transfer.
Service Profile
41
If you want to directory
#scp –r 172.24.254.254:/root/raj /mnt
Service Profile
#smbpasswd –a raj
#smbpasswd –a rakesh
On client side
42
#smbclient //172.24.254.254/raj –U raj
GUI
Smb://172.24.254.254
IP Forwarding
In Linux, we can’t use a computer with two network interface to route
between two or more subnet. To be able to do this we need to make sure that
we enable IP forwarding. We should make sure that module is loaded. To
check type
#cat /proc/sys/net/ipv4/ip-forward
If forwarding is enabled, the number 1 is returned. If forwarding is not
enabled, the number 0 is returned.
To enable IP forwarding
#vi /etc/sysctl.conf
Line no.7
Net.ipv4.ip_forward = 1
Save and exit
To activate permanently
#sysctl –p
Or another method is
#echo 1 >/proc/sys/net/ip_forward
This work for temporary use till system is ‘ON’
Second network
#netconfig –d eth0:1 (-d : virtual)
IP Address : 172.25.254.254
Subnet : 255.255.0.0
Default Gateway : 172.24.254.254
Primary Server : 172.24.254.254
Security Policies
According to the service management, there are three type of security
policies
1. Security within a service
2. security provided by TCP wrappers
43
3. security provided by xinetd
TCP Wrappers
Configuration needed two file
a. Hosts.allow
b. Hosts.deny
By default all are allowed
#vi /etc/hosts.deny
Vsftpd: 172.25.0.0/255.255.0.0
#vi /etc/hosts.deny
Vsftpd: ALL EXCEPT 172.24.0.0/255.255.0.0
44
Sshd : ALL EXCEPT 172.24.0.0/255.255.0.0 EXCEPT 172.24.0.1
Some of the daemon are
Imapd
Ipop3d
Smbd, nmbd
Telnet
Telnet service is used for the purpose of remote login between linux to linux,
linux to unix and linux to windows
Service Profile
Type : xinetd
Package : telnet-server, telnet
Daemon : based on xinetd
Script : based on xinetd
Configuration : /etc/xinetd.d/telnet
Security setting
1. For particular system
#vi /etc/xinetd.d/telnet
Only_from = 172.24.0.6
45
No_access = 172.24.0.6
Time setting
#vi /etc/xinetd/telnet
Acees_time = 04:15=04:30
#vi /etc/hosts.deny
Ipop3d : ALL
Imapd : ALL
These permission are set when host from local network can access pop3 and
imap and hosts from other network does’nt allow
Digital Certification
46
Certificate is used for the purpose of authentication
Steps
1. Check for devecot.pem file in
#cd /usr/share/ssl/certs
#rm dovecot.pem
#make dovecot.pem
In this we have to make the following entries
a. country
b. state
c. street
d. company and unit name
e. station name
f. email address
after making all those entry we need to copy this file
#cp dovecot.pem /usr/share/ssl/private/dovecot.pem
Overwrite : yes
To check the status or entry
#openssl x509 –noout-subject </usr/share/ssl/private/dovecot.pem
UMask
User Mask
Default value for root = 0022
Default value for users = 0002
When we create any new file. The default value will be 666. in this case
Umask means 666-002 = 664 for normal user and for the root the default
value will be 666-022=644
The default value for a directory is 777. in this case umask means that
whenever we create new directory, the default valkue for normal user 777-
002 = 775 and for root, the default value 777-022 = 755
Remote Installation
Documentation for linux remote installation with pxe boot rom client
1. TFTP Server
2. DHCP Server
3. CD No. 1 of Redhat Linux
Steps:
47
1. First install the TFTP Server and DHCP Server
2. Copy all the files from CD1 isolinux folder to /tftpboot/linux-install
folder (Syntax as follow)
#cp /media/cdrom/isolinux/* /tftpboot/linux-install
3. After copying above files copy as following from ftpdboot folder
#cp /tftpboot/linux-install/isolinux.cfg /tftpboot/linux-
install/pxelinux.cfg/default
Note 1: remember we are copying isolinux.cfg file and also renaming it to
default (***default**** is a filename)
Note 2: in above guidelines our motive is to copy all bootable files from the
CDROM to TFTP folder which are required for remote boot.
#chkconfig tftp on
(note : it will permanent ‘ON’ tftp service and also work after computer
restart)
#service xinetd restart
(note : it will start all subservices which are dependent on xinetd master
service , includingtftp also)
Note:
To make installation more easy we can also implement kick start along with
TFTP
Some Important File Settings:
1. GRUB.CONF
GRUB stands for GRand Unified Bootloader. It is the default boot loader used
by Red Hat Linux
48
Grub.conf file found in /boot/grub/grub.conf and its symbolic links found in
/etc/grub.conf
#vi /etc/grub.conf
Default = 0
Timeout = 5
Splash image=(hd0,0)/grub/splash.xpm.gz
Hidden menu
Title Redhat Linux
Root (hd0,0)
Kernel /vmlinuz-2.6.9-5.EL ro root=LABEL=/ rhgb quiet
Initrd /initrd-2.6.9-5.EL.img
2. INITTAB FILE
Run level setting are done in inittab file. Inittab found in
/etc/inittab
#vi /etc/inittab
id:5:initdefault:
si::sysinit:/etc/rc.d/rc.sysinit
l0:0:wait:/etc/rc.d/rc 0
l1:1:wait:/etc/rc.d/rc 1
l2:2:wait:/etc/rc.d/rc 2
l3:3:wait:/etc/rc.d/rc 3
l4:4:wait:/etc/rc.d/rc 4
l5:5:wait:/etc/rc.d/rc 5
l6:6:wait:/etc/rc.d/rc 6
X:5:respawn:/etc/x11/prefdm –nodaemon
49
In this case the password will be encrypted and directed (>>) to file
grub.conf
Now open file
#vi /etc/grub.conf
Copy that password line from the bottom most and paste it bellow hidden
menu option as
Password –md5 <password>
Save and exit
Step 1 :
Start in single user mode and change the password:
#passwd root
Type password as ‘redhat’ and then restart the system , if problem still
occurs do the
step 2:
We start the system with single user mode
#vi /etc/passwd
Check the following line
Root:x:0:0:root:/root:/bin/bash
Just check the first and last option, it should be root and /bin/bash
Case I:
If username is changed then do as follow
#username –l oldname newname
Case II:
If shell is changed to /sbin/nologin then change it to.
#usermode –s /binbash root
Before changing the shell, first check that /bin/bash exist in /etc/shells. If not
then install the rpm of bash shell
#rpm –q bash
If problem still occurs do step Step 3
Step 3:
Check the file shadow find out if theree is a (!)mark at the starting of
password entry. If present, remove it . (!) mark lock the password
Root:!$2gr………….
And also check the last three column, it should be blank empty ( : : :)
If problem still occurs do the Step 4
Step 4:
Sometime some attribute are set on the /etyc/passwd or /etc/shadow file,
which make these two file write and append protected. If such attribute are
present, we need to remove that.
Command to check the attribute
#lsattr /etc/passwd
50
#lsattr /etc/shadow
---------- /etc/passwd
Suppose attribute is set
---ai----- /etc/passwd
---ai----- /etc/shadow
In this case we need to remove the attribute
#chattr –ai /etc/passwd
#chattr –ai /etc/shadow
Note:
In order to add attribute (+) sign is used, to remove (-) sign is used. If
problem still occurs then use the Step 5
If system shows message that ‘chattr’ and ‘lsattr’ command not found, we
need to check the rpm if not installed . we need to install the rom
#rpm –q e2fsprogs
Step 5:
Open the file /etc/securetty file to check the entry of virtual console and tty
entry
#vi /etc/securetty
Check the following entry
Console
vc /1
vc /2
vc/3
vc /4
vc /5
vc /6
vc /7
vc /8
vc /9
vc /10
vc /11
tty 1
tty 2
tty 3
tty 4
tty 5
tty 6
tty 7
tty 8
tty 9
tty 10
tty 11
if we remove any one line say tty1 then we cannot login at terminal 1 but we
can login to another terminal. If we remove all these entry then we cannot
login to any terminal. So in that case we need to make all these entry and
again check for username and password
if problem still occur do step 6
51
Step 6:
Check the file /etc/nologin, if present remove this file. Then open the file
#vi /etc/rc.local
Check the entry /etc/nologin in the file if present remove that: in rc.local file
only one entry is present
Touch /var/lock/subsys/local
If you find “ touch /etc/nologin” remove this line . even if we remove nologin
file from /etc and if we restart, again the file will create . that is why we nned
to remove the entry from /etc/rc.local file. If problem still accur then use Step
7
Step 7:
Check the permission for /etc/securetty file , it should be 600 (rw for user no
permission for the group and other)
#ll /etc/securetty
If permission are changed we cannot login. So first change the permission
#chmod 600 /etc/securetty
Then login if problem still occur then do Step 8
Step 8:
Check the file /etc/pam.d/login
#vi /etc/pam.d/login
Check for following line
Auth required denied.so
Remove this line if present. If problem still present then check the following
line
Account required pam_access.so
If this line is present, we cannot login through root, remove this line and
along with this also check the file
#vi /etc/security/access.conf
Remove the following line from the bottom
-:ALL:ALL
If problem still occur so Step 9
Step 9:
If password is changing but still unable to login
Copy two file
#cp /etc/passwd- /etc/passwd
#cp /etc/shadow- /etc/shadow
Sometime we find that shadow file and its back file shadow- does’nt exist, in
this case we need to generate the shadow file as
#pwconv
Step 10:
Sometime the password age expired then do the following to check the age
#chage –l root
If password age is expired
#chage root
In this
Account Expiration date : Change the date
52
Or
#chage –E -1 root
In this case the root password will never expire.
Step 11:
If problem still occur then simply open the file /etc/pam.d/login
And make all the field as optional
Step 12:
Sometime attribute is set on /etc/shadow file, password age is expired ad the
root permission is changed for command ‘chattr’
In this case first change the permission for ‘chattr’
#chmod 700 /usr/bin/chattr
Remove the attribute on shadow file
#chattr –ai /etc/shadow
And finally set the date for the password
#chage –E -1 root
53