CyberCorps Participant’s Guide - University of Southern ...usm.maine.edu/sites/default/files/tech/CyberCorps Participant Guide... · CyberCorps Participant’s Guide 2 ... The VyOS

CyberCorpsParticipant’sGuide

2

Thispageintentionallyleftblank.

3

Table of Contents FamiliarizationGuides............................................................................................................7

NetworkAdminFamiliarization........................................................................................................7Overview..............................................................................................................................................7Creatinganetworkmap......................................................................................................................7MonitoringNetworkTraffic...............................................................................................................10ManagingandProtectingaNetwork.................................................................................................11pfSenseFirewallRuleBasics..............................................................................................................14pfSensePacketCaptures...................................................................................................................15NetworkAdminTools/Skills...............................................................................................................16

EmailAdminFamiliarization...........................................................................................................17Overview............................................................................................................................................17SquirrelMail.......................................................................................................................................18Apache...............................................................................................................................................19Postfix................................................................................................................................................20Dovecot..............................................................................................................................................20EmailAdminTools/Skills....................................................................................................................21HelpdeskAdminTools/Skills..............................................................................................................22

SystemAdminFamiliarization........................................................................................................23Overview............................................................................................................................................23ManagingSystemServices................................................................................................................23ConfigurationandLayout..................................................................................................................24Creatingandmanaginguseraccounts...............................................................................................25SystemAdminTools/Skills.................................................................................................................25

ChatAdminFamiliarization............................................................................................................26Overview............................................................................................................................................26StartingandStopping........................................................................................................................26ConfigurationandLayout..................................................................................................................27Creatingandmanaginguseraccounts...............................................................................................27

WebAdminFamiliarization............................................................................................................28FamiliarizationActivity......................................................................................................................28ApacheRestartActivity......................................................................................................................28WebSiteAdminTools/Skills..............................................................................................................29

ITStaffJobDescriptionsforVCCLL........................................................................................30SystemAdministratorJobDescription............................................................................................30

Summary............................................................................................................................................30EssentialDutiesandResponsibilities.................................................................................................30

NetworkAdministratorJobDescription.........................................................................................31

4

Summary............................................................................................................................................31EssentialDutiesandResponsibilities.................................................................................................31

HelpDeskSpecialistJobDescription...............................................................................................32Summary............................................................................................................................................32EssentialDutiesandResponsibilities.................................................................................................32

WebmasterJobDescription...........................................................................................................33Summary............................................................................................................................................33EssentialDutiesandResponsibilities.................................................................................................33

EmailAdministratorJobDescription..............................................................................................34Summary............................................................................................................................................34EssentialDutiesandResponsibilities.................................................................................................34

SupportingDocuments.........................................................................................................35BasicConnectivityTestingTools.....................................................................................................35

ping....................................................................................................................................................35telnet.................................................................................................................................................35traceroute..........................................................................................................................................35

ITHelpDeskNotes&Flowchart.....................................................................................................36CreateTicket......................................................................................................................................36ContactHelpdesk...............................................................................................................................36CompleteTicket.................................................................................................................................36

OTRSquickguide(v0.1.0_10/4/2015)............................................................................................38ToLogIn............................................................................................................................................38ToCreateCustomerUser..................................................................................................................38Tickets................................................................................................................................................38

View/SearchTextFiles...................................................................................................................40head...................................................................................................................................................40tail......................................................................................................................................................40cat......................................................................................................................................................40less.....................................................................................................................................................40grep....................................................................................................................................................41sort.....................................................................................................................................................42

Pidgininstructions(v0.1_04/14/2015)...........................................................................................43Addingcontacts.................................................................................................................................43JoiningGroup/Chatrooms.................................................................................................................43

UserManagementCommands.......................................................................................................44w........................................................................................................................................................44who....................................................................................................................................................44adduser..............................................................................................................................................44deluser...............................................................................................................................................45addgroup...........................................................................................................................................45delgroup............................................................................................................................................45

5

passwd...............................................................................................................................................46SystemManagementCommands...................................................................................................47

ps.......................................................................................................................................................47top.....................................................................................................................................................47htop...................................................................................................................................................47netstat...............................................................................................................................................48service................................................................................................................................................49ssh......................................................................................................................................................50

FilePermissionManagementCommands.......................................................................................51chmod................................................................................................................................................51chown................................................................................................................................................52sudo...................................................................................................................................................52

HelpandEditorCommands............................................................................................................53man....................................................................................................................................................53apropos..............................................................................................................................................53emacs.................................................................................................................................................54

FileSystemCommands...................................................................................................................55df........................................................................................................................................................55du.......................................................................................................................................................55

LinuxCheatSheet...........................................................................................................................56

Index....................................................................................................................................57

6

Thispageintentionallyleftblank.

7

Familiarization Guides

WelcometotheVirtualCybersecurityCollaborativeLearningLaboratory(VCCLL)!WehavedevelopedthisparticipantguidetobroadoverviewofthevariousrolesyoumayplayinBetaPortscenariosandtoprovideaquick,easy-to-usereferencekitoftools,methodsandtechniques.Theguidehasbeendesignedtoprovideclear,simpleexplanationsanddirections,whichwillhelpyouthroughoutthelearningexperience.Inaddition,theSupportingDocumentssectionprovidessomeadditionalmaterialsthatshouldhelpyougetthemostoutofthisexcitingvirtualexperience.

NetworkAdminFamiliarization

OverviewThenetworkadministrator’sroleistoplanandcoordinatethedesign,installationandconnectivityofcomputerandnetworksystemstoensurethestableoperationofanorganization’sinformationtechnology(IT)assets.Thenetworkadminmustensurethatuptime,performance,resources,andthesecurityofallnetworksystemsmeettheneedsofusers.Tofulfilltheseorganizationalduties,anetworkadminisresponsiblefordeveloping,configuring,maintainingandsupportingallnewandexistingnetworkhardware,softwareandcommunicationslinks.

Ideally,networkadminsshouldbeabletoquicklyrespondtoallofthefollowingquestionsregardingthenetworksystemsforwhichtheyareresponsible.

• WhatInternetProtocol(IP)subnetsandaddressesdoyoumanage?• Whatserversandendpointsarerunningonyournetwork(s)?• Aretheserverslocalorhostedatanexternalsite?• Whatservices(openports)areavailableoneachserverandhost?• Howisyournetworkconfigured,protectedandisolated?• Whatconnectionsareallowedbetweenservers,hostsandInternetusers?• Isthenetworktrafficfromortospecificendpointsanomalous?• Ifanomalous,wheredothoseconnectionsoriginateandterminate?Iftheconnections

includehostsoutsideyournetwork,wherearetheseendpointslocated?

Fortunately,networkadministratorshaveavarietyoftoolsandapplicationsattheirdisposaltohelpthemmeettheirmyriadresponsibilities.Inthesectionsbelow,thevariousfacetsofthepositionareorganizedintobroadcategories.Withineachcategory,you’llfindabriefdiscussionofthetoolsandapplicationsavailabletomeetthemostcommonneeds.

CreatinganetworkmapAbasicresponsibilityforallnetworkadministratorsistounderstandthenetworklayoutandtoknowwhatserversandendpointsarerunningonthenetwork.Inmanycases,anetworkdiagram

8

mayalreadybeavailable;however,itisimportanttoensurethatnetworkdiagramsarekeptup-to-datebyre-mappingthenetworkonaregularbasis.

Severaltoolsexisttofacilitatenetworkmappingandconnectivitytesting.Inthissection,we’llexplainhowtheUnix/Linuxpingandtraceroutecommandscanbeusedforthispurpose.

pingisasimplecommandusedtotestthereachabilityofahostonanetwork.Italsoreportstheround-triptimeformessagessentfromtheoriginatinghosttoadestinationhostandback.

Forexample,thepingsessionshownbelowisusedtoconfirmthatthehost10.0.2.100isreachableviathenetwork.Notetheuseofthe-c(count)option,whichtakesanintegerargumentrepresentingthenumberofpingpacketsthatshouldbesent.Bydefault,onLinuxsystems,pingwillcontinuesendingpingsuntilCtrl-Cispressed.

ping -c 4 10.0.2.100 PING 10.0.2.100 (10.0.2.100): 56 data bytes 64 bytes from 10.0.2.100: icmp_seq=0 ttl=62 time=1.582 ms 64 bytes from 10.0.2.100: icmp_seq=1 ttl=62 time=1.701 ms 64 bytes from 10.0.2.100: icmp_seq=2 ttl=62 time=1.715 ms 64 bytes from 10.0.2.100: icmp_seq=3 ttl=62 time=1.807 ms

--- 10.0.2.100 ping statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 1.582/1.701/1.807/0.080 ms

Thetraceroutecommanddisplaystheentireroutebetweenthesourcehostandthedestination.traceroutelistsalltheroutersitpassesthroughalongtheway.Inaddition,itmeasuresandreportsthetransitdelaysofpacketsacrossthenetwork.

$ traceroute 10.0.2.100traceroute to 10.0.2.100 (10.0.2.100), 64 hops max, 40 byte packets 1 192.168.100.1 (192.168.100.1) 0 ms 4 ms 0 ms 2 172.35.100.1 (172.35.100.1) 0 ms 3 ms 1 ms 3 10.0.2.100 (10.0.2.100) 9 ms 0 ms 0 ms

Basedontheabovetraceroutecommandresult,wecanseethattherearetworoutersbetweenthesourceanddestinationhosts,withIPaddresses192.168.110.1and172.35.100.1.Usingthisinformation,aswellastheIPaddressofthesourcehost(inthisinstance192.168.100.122),wecanbegintobuildasimplenetworkdiagram,asshowninthefigurebelow.(Note:Thenetworkswitchesshowninthediagramareassumedtoexist,sincetheirpresenceisnotdisclosedbythetraceroutecommand.)

9

However,thispictureofthenetworkisincomplete.Runningathost192.168.100.122,traceroutecanonly“see”therouterinterfacesonthesideoftheroutersitfaces.Toseetheaddressesofthenetworkinterfacesontheothersideoftheserouters,traceroutemustberunfromtheoppositeside,aswell.So,nowwelogintotheoriginaldestinationhost(10.0.2.100)andruntraceroutebacktotheoriginalsourcehost(192.169.100.122).

$ traceroute 192.168.100.122 traceroute to 192.168.100.122 (192.168.100.122), 30 hops max, 60 byte packets 1 10.0.2.15 (10.0.2.15) 0.865 ms 0.850 ms 0.838 ms 2 172.35.100.2 (172.35.100.1) 0.956 ms 0.945 ms 0.931 ms 3 192.168.100.122 (192.168.100.122) 3.123 ms 3.122 ms 3.111 ms

Now,giventheseaddressesfortheinterfacesontheothersideoftherouters,wecancompletethenetworkdiagramfortheportionofthenetworkthatincludesthesetwohosts.

Tocreatenetworkdiagramsoflarger,morecomplexnetworks,itisnecessarytologintohostsindifferentpartsofthenetworkandtoruntraceroutebackandforthamongseveralknownhosts.AndwhileinthisexampleweusedtwoLinuxsystemsasthesourcehosts,otheroptionsareavailable.Forexample,mostrouterandfirewallsystems(includingtheVyOSrouterandpfSensefirewallusedintheBetaPortenvironment)alsoprovideaccesstonetworksoftwaretoolssuchaspingandtraceroute.

Formoreinformationontheseandsimilarcommands,seeBasicConnectivityTestingintheSupportingDocumentssection,aswellasthefamiliarizationguidesforVyOSandpfSense.

10

MonitoringNetworkTrafficNetworktrafficmonitoringtouchesatleasttwomajorareasofconcerntonetworkadmins,includingboththeamountandtypeoftraffictraversingthenetwork.Administratorsmustbeconstantlyalerttopotentialbottleneckswithintheirnetworks,whichcanleadtosubstandardperformance.Theymustalsobeonthelookoutforpotentiallyanomaloustrafficthatmaybeindicativeofanattack,suchasdenial-of-service(DOS),datamodificationorexfiltration,brute-forceloginattempts,andothers.

Networktrafficmonitoringcanbeaccomplishedusingavarietyofmethodsandtechniques.Inthissection,wewillfocusonpassivetechniques.

tcpdumpisacommand-linetoolthatallowstheusertodisplaynetworkpacketsbeingtransmittedorreceivedoveranetworktowhichaparticularhostisattached.tcpdumpprintsthecontentsofnetworkpackets,eitherthosereadinrealtimefromanetworkinterfacecard,orfromapreviouslysavedpacketfile.Thiscommandisavailableonawiderangeofdevices,includingdesktopandserversystems,routersandfirewalls.RunningtcpdumponUnix/Linux-basedsystemsoftenrequiresrootprivileges.Rootprivilegesincludepowersthattherootaccounthasonthesystem(i.e.,completeaccesstoallfilesandcommands).

tcpdumpsupportsawidevarietyofoptions.Afewcommonexamplesaregivenbelow.

Toseealistofavailablenetworkinterfacesonwhichlisteningispossible:

$ sudo tcpdump -D

Tolistenoninterfaceeth0:

$ sudo tcpdump -i eth0

Tolistenonanyavailableinterface(usefulonroutersorfirewalls):

$ sudo tcpdump -i any

Bydefault,tcpdumpdisplaysabaresummaryofpacketinformation.Thelevelofdetail(verbosity)canbeincreasedbyaddingthe-voption.Beverbosewhilecapturingpackets:

$ sudo tcpdump -v

Bemoreverbosewhilecapturingpackets(uptothreevscanbeused):

$ sudo tcpdump -vv

BeverboseandprintthedataofeachpacketinbothhexandASCII,excludingthelinklevelheader:

$ sudo tcpdump –vX

Runningtcpdumpfromanetworkhost,suchasadesktoporserver,canprovideusefulinformationregardingthetrafficonanetwork.Itcanbeevenmoreinformativetorunpacketcapturesonnetworkroutersandfirewalls,sincethesedevicesareableto“see”allnetworktraffictraversingtheirportionsofthenetwork.Thismakesitpossibleforanetworkadministratortogetabetterpictureofallthehostscommunicatingonthenetwork,aswellasthevolumeofnetworktraffic.

11

TheVyOSroutersoftwareisLinux-based,sotcpdumpcanberunfromthecommandlineinthesamewayasonanyLinuxhost.WhenrunningtcpdumponanyhostbywayofanSSHloginsession,it’simportanttofilteroutthetrafficgeneratedbytheloginsessionitself.So,forexample,tocapturenetworkpacketsonaVyOSrouterviaanSSHconnection,displayingIPaddressesandportnumbers(ratherthanhostnamesandportnames),whilefilteringouttrafficgeneratedbytheSSHloginsession(assumingtherouter’sSSHserverisrunningonthedefaultport):

$ tcpdump -nn port not ssh

Formoreinformationandexamplesseethetcpdumpmainpage.

ManagingandProtectingaNetworkWithintheBetaPortenvironment,networkadminsusetwotypesofnetworkdevicestoconfigureandprotecttheirnetworks:VyOSroutersandpfSensefirewalls.Inthissection,we’llprovideabriefoverviewofthesetwodevices.

VyOS

VyOS1isaLinux-basednetworkoperatingsystemthatprovidessoftware-basednetworkroutingandotherfunctionality.InBetaPort,VyOSisusedexclusivelyforrouting.VyOSroutersareconfiguredandcontrolledbywayofacommandlineinterface(CLI).

TheVyOSCLIiscomprisedofanoperationalmodeandaconfigurationmode.Operationalmodeallowsforcommandstoperformoperationalsystemtasksandtoviewsystemandservicestatus,whileconfigurationmodeallowsforthemodificationofsystemconfiguration.TheCLIprovidesabuilt-inhelpsystem.IntheCLIthe[?]keymaybeusedtodisplayavailablecommands.The[tab]keycanbeusedtoauto-completecommandsandwillpresentthehelpsystemuponaconflictorunknownvalue.

Routerconfigurationisnecessaryonlywhennewnetworksareaddedorintheextremelyrareinstancewhenexistingroutesmustbechanged.Therefore,inthisguidewe’llcoveronlyasmallnumberofoperationalmodecommands.

ConfiguredinterfacesonaVyOSsystemcanbedisplayedusingtheshowinterfacescommand.

vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin DownInterface IP Address S/L Description--------- ---------- --- -----------eth0 10.0.2.15/24 u/u Publiceth1 172.35.100.1/24 u/u LANlo 127.0.0.1/8 u/u ::1/128 Aspecificinterfacecanbeshown,providinggreaterdetail,usingtheshow interfaces <type> <name>command.

1http://vyos.net

12

vyos@vyos:~$ show interfaces ethernet eth0 eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:44:3b:0f brd ff:ff:ff:ff:ff:ff inet 10.16.2.15/24 brd 10.0.2.255 scope global eth0 inet6 fe80::20c:29ff:fe44:3b0f/64 scope link valid_lft forever preferred_lft forever Description: OUTSIDE RX: bytes packets errors dropped overrun mcast 274397 3064 0 0 0 0 TX: bytes packets errors dropped carrier collisions 257276 1890 0 0 0 0

Finally,theconfiguredroutescanbeshownusingtheshowiproutecommand.vyos@vyos:~$ show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF I - ISIS, B - BGP, > - selected route, * - FIB route C>* 10.0.2.0/24 is directly connected, eth0 C>* 127.0.0.0/24 is directly connected, lo C>* 172.35.100.0/24 is directly connected, eth1 S>* 192.68.100.0/24 [1/0] via 172.35.100.2, eth1

pfSense

Behindeachrouter(ontheLANside)withintheBetaPortenvironmentapfSense2firewallhasbeeninstalled.pfSenseisanopensourcefirewall/routercomputersoftwaredistributionbasedonFreeBSDUnix.pfSensecanbeconfiguredandoperatedthroughaweb-basedinterface,andrequiresnoknowledgeoftheunderlyingFreeBSDsystemtomanage.

ToaccessapfSensefirewall,typetheIPaddressoftheLAN-facingnetworkadapterintotheaddressbarofyourWebbrowser.Afterloggingin,thefirewall’smenu-drivenGUIinterfaceisdisplayed.Aportionofthefirewall’shomescreenisshownbelow.ThepfSensenavigationmenuislocatedatthetop,providingreadyaccesstoallofthefirewall’sfunctionality.

Belowthemenubar,adashboardcontainingtwopanesisdisplayed,givingahigh-leveloverviewofthefirewall’sstatus,includingsysteminformationandalistoftheactiveinterfaces.

2https://www.pfsense.org/

13

AmongthemostimportantfeaturesofthepfSensefirewallfornetworkadministratorsaretheabilitytomonitornetworkactivityby“sniffing”networktrafficandtrackingtheactivityofthemostactivenetworkhosts.

pfSenseprovidesapacket-captureutilitysimilartothetcpdumpcommand,describedearlier.Toactivatethisutility,selectDiagnostics->PacketCapturefromthemenu.

Finally,thepfToputilitycanbeusedtomonitornetworktrafficandconnectionsinrealtime.YoucanaccesspfTopviatheGUImenu,atDiagnostics->pfTop.

FormoreinformationoncapturingpacketsandmonitoringnetworktrafficusingpfSense,seethepfSensePacketCapturesdocument.

Asitsnameimplies,thepfSensefirewallalsoprovidestheabilitytocontrolwhatkindsoftrafficareallowedtotraversethenetwork.Fine-grainedrulescanbesetup,basedonprotocol,sourceanddestinationnetworkaddressesandports,amongothercriteria.Thescreenshotbelowshowsa

14

firewallconfiguredtoallowallIPv4andIPv6topassthroughthefirewallinboth(inboundandoutbound)directions.

FirewallrulesaremanagedatFirewall->Rules.FormoreinformationonconfiguringfirewallrulesinpfSense,seethepfSenseFirewallRuleBasicssectionbelow.

pfSenseFirewallRuleBasicsFirewallrulescontrolwhattrafficisallowedtoenteraninterfaceonthefirewall.Oncetrafficispassedontheinterfaceitentersanentryinthestatetableiscreated.Astatetableentryallowsthroughsubsequentpacketsthatarepartofthatconnection.

FirewallrulesonInterfaceandGrouptabsprocesstrafficintheInbounddirectionandareprocessedfromthetopdown,stoppingatthefirstmatch.Wherenouser-configuredfirewallrulesmatch,trafficisdenied.Onlywhatisexplicitlyallowedviafirewallruleswillbepassed.

FirewallrulesaremanagedatFirewall->Rules.Multiplerulesmaybeselectedforsomeactionsbyclickingontheirroworcheckingtheboxatthestartoftheirrow.Rulesmaybedeletedorreorderedinbulkinthisway.

OntheFirewallRulespage,thereisatabforeachinterface,plusatabforeachactiveVPNtype(IPsec,OpenVPN,PPTP),andatabforFloatingRules,whichcontainsmoreadvancedrulesthatapplytomultipleinterfacesanddirections.

Wheneditingarulemanyoftheoptionsareexplainedindetailontheruleeditorscreen.Bemindfulofthedefaultsettingsontheruleeditor,especiallytheprotocol.NewrulesdefaulttoTCPonly.

Whenenteringaddressesintofirewallrules,thefollowingchoicesaregivenforthesourceanddestinationaddresses.Someoftheseoptionsonlyappearinspecificfieldsorcircumstances,orifcertainfeaturesareenabled.

15

any-0.0.0.0to255.255.255.255,orallIPv6addressesSinglehostoralias-SelectthisandenteroneIPaddress(1.2.3.4,aa:bb:cc:dd::1)ortypethenameofanAliasthathasalreadybeenconfigured(Firewall>Aliases)Network-Selectthisandenteranetworkandmask(10.99.0.0/16,aa:bb:cc:dd::0/64)LANnet-ThesubnetconfiguredontheLANinterfaceunderInterfaces>LAN.OnpfSense2.2+,thisalsoincludesstaticroutenetworksonthatinterface.LANaddress-TheIPaddressconfiguredontheLANinterfaceunderInterfaces>LANzzzNet/zzzaddress-WorksthesameasLANabovebutforotherinterfaces(WAN,OPT1,OPT2,etc.)PPTPclients-AutomaticallylocateandusetheaddressesofPPTPclientsL2TPclients-AutomaticallylocateandusetheaddressesofL2TPclientsThisFirewall(self)-AnyIPaddressassignedtoanyinterfaceonthisfirewall(pfSense2.2+)

ThesemacrosarehandybecausetheyallowgenericrulestobecreatedthatrefertoLANoraspecificinterface.IfthatinterfaceIPaddressorsubnetchangesinthefuture,theruleswillberebuiltcorrectlyandtheywillnotneedmanuallyadjusted.

pfSensePacketCaptures

WebGUIPacketCaptures

ApacketcapturemaybeperformedwithinthepfSenseGUIinterfaceunderDiagnostics>PacketCapture.Thesettingsworkthesameastcpdump.ThecapturecanbeviewedintheGUIordownloadedforlaterviewingwithtcpdumporWireshark.

Variousfiltersmaybeaddedtorestrictthescopeofthecapture,suchasaspecificProtocol,Hostaddress,orPort(amongothers).Thesizeofthecapturemaybeadjustedaswell.Oftenafewthousandpacketsarenecessarytocatchcertainactivity.

TheLevelofdetailselectoronlycontrolsthelevelofdetaildisplayedinthepfSenseGUIforviewingthecontentsofacapture.Itmaybeadjustedafteracapturehasbeentaken,toviewthecapturewithmoredetail,adjustthisvalueandclickViewCapture.

ClickStarttostartacapture.Whileacaptureisrunning,aStopbuttonisalsodisplayedtostopacaptureinprogress.

ViewCaptureshowsthecontentsofthepreviouscapture.

DownloadCaptureinitiatesadownloadofthecapturefileforviewinglocally(orsendingtoaremotetechnician.)

tcpdump

tcpdumpalsocomesinstalledwithpfSense.ItcanbeusedoverSSHorontheconsoleinashell.InthisexampleamethodofcapturingtrafficotherthanSSH,ARP,DNSandSTPishighlighted.ThecapturewillbedirectedtoafilecalledSniff_outputinthecurrentdirectory.

16

$ tcpdump -i em0 not port 22 and not port 53 and not arp and not stp >> Sniff_output

The-iisdesignatingtrafficfromtheem0interface.Inthisexampletrafficfromoneofthesubnetsem0connectedtopfSenseisbeinggrabbed.

pftop

pftopisatoolbuiltintopfSensethatcanmonitortraffic/connections.ThistoolcanbefoundintheGUIunderDiagnostics>pftoporbyconnectingtopfSenseviaSSHortheconsole.

NetworkAdminTools/Skills

Generalusetools/conceptsLogginginwithSSHsudocat, head, tail, lessgrep, grep -vsortdups -efnetstat -atunemacsUsingpipeswithabovecommands

Specifictools&applicationspasswd(Tochangeuserpasswords)adduser(Tosetupuseraccounts)mount(Filesystemsattachedlayoutofsystem)who(whoisloggedin)htop(alternativetotopwithabetterlayout)addgroup(creationofanewgroup)andhowtoaddedausertoagroupservice <service name> <start|stop|status> pfsense(webinterface)VyOScommandsshow interfaces

Logfiles/var/log/syslog /var/log/auth.log

17

EmailAdminFamiliarization

OverviewEmailserviceswithinBetaPortareprovidedthroughaWeb-basedemailpackage.Ofcourse,theemailpackagedoesnotworkalone.ItreliesonseveralotherpackagestoprovideWebserviceandavarietyofemailservices:

ApacheWebserver3providestheWebservicesthatSquirrelMailreliesupon.

Postfix4isamailtransferagent(MTA)packagethatprovidesemailservices,specificallytheSimpleMailTransferProtocol(SMTP).ThismeansthatPostfixhandlesincomingandoutgoingemailservices.

Dovecot5isanInternetMessageAccessProtocol(IMAP)andPostOfficeProtocol,version3(POP3)serverpackagethatallowsemailclientstoretrievemessagesfromamailserveroveraTCP/IPconnection.

Insummary,SquirrelMail6isaWebapplicationthatrunsontopoftheApacheWebservertoprovideeasyandconvenientaccesstoemailservicesprovidedbyPostfixandDovecot.

It’seasytoseeeachofthesepackagesatwork(andtoensurethattheservicesarerunningandlisteningforconnections)insupportofSquirrelMailbyrunningthenetstatcommand.Thefollowing(excerpted)exampleusesoptionsatnp,which(lefttoright)specifythatallnetworkservicesusingthetcpprotocolshouldbeshownusingnumericIPaddressesonly,alongwiththeirassociatedprocesses.NotethatmasterreferstoaPostfixprocess.

$ sudo netstat -atnpActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1017/mastertcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 880/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 880/dovecot tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 880/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 880/dovecot tcp6 0 0 :::25 :::* LISTEN 1017/master tcp6 0 0 :::993 :::* LISTEN 880/dovecot tcp6 0 0 :::995 :::* LISTEN 880/dovecot tcp6 0 0 :::110 :::* LISTEN 880/dovecot tcp6 0 0 :::143 :::* LISTEN 880/dovecot tcp6 0 0 :::80 :::* LISTEN 1143/apache2

3https://httpd.apache.org4http://www.postfix.org5http://www.dovecot.org6https://squirrelmail.org/

18

AbriefoverviewoftheconfigurationandlayoutofSquirrelMailandeachofthepackagesthatsupportsitwillbeprovidedinthesectionsbelow.

SquirrelMailAsdescribedabove,SquirrelMailisawebmailpackage,specificallyaWebapplicationthatrunsonApacheWebservers.Assuch,SquirrelMailissimplyacollectionofserver-sidescriptsandtext-basedconfigurationfiles.

StartingandStopping

SinceSquirrelMailisanapplication,ratherthanaservice,thereisn’taspecificcommandavailabletostartand/orstopit.Itis,however,possibletodisableandlaterre-enableaSquirrelMailWebsiteusingacoupleofApachecommands:

TotemporarilydisableSquirrelMail:

$ sudo a2dissite squirrelmailSite squirrelmail disabled.

Toactivatethenewconfiguration,youneedtorun:

$ sudo service apache2 reload * Reloading web server apache2

Tore-enableSquirrelMail:

$ sudo a2ensite squirrelmailSite squirrelmail disabled.

Toactivatethenewconfiguration,youneedtorun:


Importantnote:SincethisprocessrequiresreloadingtheentireWebserver,itisextremelyimportanttocoordinatethisactivityaheadoftimewithyourWebAdministratorandHelpDesk!

ConfigurationandLayout

Asawebmailapplication,SquirrelMailhasthreedifferenttypesofconfigurationfiles:1)Generalconfigurationsettingswhichaffectthebehavioroftheentireapplication,2)Individualuserconfigurationsettings,whichaffecttheapplication’sbehavioronanindividualuserbasis,and3)ApacheWebserverconfigurationsettings,whichgoverntheapplication’sbehaviorasaWebservice.Thefirsttwotypesofconfigurationwillbediscussedhere,andtheApacheconfigurationwillbediscussedintheApachesectionthatfollows.

OnUbuntuservers,generalconfigurationsettingsarecontainedinseveralfileslocatedinthe/etc/squirrelmaildirectory.Themostimportantofthesefilesisconfig.pl,whichisactuallyaperllanguagescriptthatprovidesasimplemenu-drivenapplicationforsettingandsavingconfigurationsettings.

19

Theconfigurationsettingsforindividualusersarestoredinper-userfilesinthedirectory/var/lib/squirrelmail/data/withtheextension.pref.Addressbookdataforindividualusersisalsostoredinthisdirectory,infileswiththeextension.abook.

Creatingandmanaginguseraccounts

SquirrelMailuseraccountsareactuallycreatedandmanagedasnormaluseraccountsontheemailserveritself.Therefore,thecommandstoadd,modifyandremoveemailaccountsarethesameasthosetoadd,modifyandremovesystemaccounts.UserManagementCommandsintheSupportingDocumentssectionfordetailsonhowtousethesecommands.

ApacheSinceconfigurationandmanagementofApacheWebserveristheresponsibilityoftheWebAdministrator,thediscussioninthissectionwillbelimitedtothoseaspectsthatdirectlyaffecttheSquirrelMailapplication.FormoreinformationonApache,seetheWebAdminFamiliarizationactivity.

StartingandStopping

Asdiscussedintheprevioussection,enablingordisablingtheSquirrelMailapplicationalsorequiresthattheApacheWebserverberestartedorreloaded.ThecommandforreloadingApacheisshownagainhereforyourconvenience:


Importantnote:Onceagain,itisextremelyimportanttocoordinatethisactivitywithyourorganization’sWebAdministratorandHelpDeskpersonnel,asrestartingtheserverisverylikelytoaffectseveralotherimportantservices.

ConfigurationandLayout

LikeallApacheWebsitesandapplicationsonUbuntu,configurationdatafortheSquirrelMailapplicationisstoredinadirectorynamed/etc/apache2/sites-available.Bydefault,SquirrelMail’sconfigurationisstoredinafilenamedsquirrelmail.conf.Amongthemostimportantsettingsisthedocumentroot,bydefault,/usr/share/squirrelmail/.AlltheSquirrelMailserver-sidescriptsthatcontroltheapplication’sbehaviorarestoredinthisdirectory.Othersettingsincludedirectoryindexsettingsandaccessrestrictions.

20

PostfixPostfixisamailtransferagent(MTA)thatroutesanddeliverselectronicmail.Thus,itisthesoftwareresponsibleforreceivingemailmessagesforSquirrelMailusersfromotherserversandforroutingthemessagestheysendtothedestinationemailservers.

StartingandStopping

Dependingonitsconfiguration,aPostfixservermayactuallyhavethreeormoreprocessesrunningatanygiventime.But,regardlessofhowmanyprocessesitcomprises,thePostfixservercanbestopped,startedandrestartedusingthefollowingcommands.

$ sudo /etc/init.d/postfix stop$ sudo /etc/init.d/postfix start$ sudo /etc/init.d/postfix restart

Ratherthanstopping/startingorrestartingtheserver,itissometimespreferabletosimplyforcePostfixtoreloaditsconfiguration.Thisstepisrequiredfollowinganyconfigurationchangesandmustbedonebeforechangestakeeffect.ToforcePostfixtoreloadit’sconfiguration,usethefollowingcommand.

$ sudo service postfix reload

Configurationandlayout

OnUbuntusystems,thePostfixconfigurationfilesarelocatedinthedirectory/etc/postfix.Thetwoprimaryconfigurationfilesaremain.cfandmaster.cf.Themain.cffilestoressite-specificPostfixconfigurationparameterswhilemaster.cfdefinesthedaemonprocesses.Onceamailserverhasbeensetup,thereisveryseldomanyreasontochangeitsconfiguration.

Postfixlogmessagesarewrittento/var/log/mail.log.Reviewinglogmessagesisanimportantdutyofanyserveradministrator,aslogfilesrecordallservertransactionsandcanoftenprovideinformationthat’susefulindeterminingtherootcauseofanyunusualbehavior.Forinformationandtipsonsearchingandviewlogfiles,seeView/SearchTextFilesintheSupportingDocumentssection.

DovecotDovecotisanIMAPandPOP3serverpackagethatallowsemailclients,includingWeb-basedclientslikeSquirrelMail,toretrievemessagesfromamailserveroveraTCP/IPconnection.

StartingandStopping

LikePostfix,theDovecotservertypicallyhasseveralprocessesrunning.Allassociatedprocessescanbestopped,startedorrestartedusingthefollowingcommands.

$ sudo service dovecot stop$ sudo service dovecot start

21

$ sudo service dovecot restart

Likeanyotherserversystem,Dovecotmustberestartedafteranyconfigurationchangesbeforethosechangestakeeffect.

Configurationandlayout

OnUbuntusystems,theDovecotconfigurationfilesarelocatedinthedirectory/etc/dovecot.Themainconfigurationfileisdovecot.conf,whichrarelyrequiresanychangesfollowinginstallation.Inaddition,thedirectory/etc/dovecot/conf.dholdsnumerousotherconfigurationfiles.Again,afterasuccessfulinstallation,configurationchangesarerarely,ifever,required.

Dovecotlogmessagesarewrittentothegenerallog,prefacedwiththeservicenamedovecot,ratherthantoadedicatedlogfile.OnUbuntusystems,generallogmessagesarewrittento/var/log/syslog.Toviewallmessagesin/var/log/syslogassociatedwithDovecotservices,useacommandlikethefollowing.

$ grep dovecot /var/log/syslog

Formoreinformationandtipsonsearchingandviewlogfiles,seeView/SearchTextFilesintheSupportingDocumentssection.

EmailAdminTools/Skills

Generalusetools/conceptsLogginginwithsshsudocat, head, tail, lessgrep, grep -vsortdups -efnetstat -atunemacsUsingpipeswithabovecommands

Specifictools&applicationsApacheWebserverSquirrelMailProsodyPostfixDovecotpasswdadduser

22

Logfiles/var/log/mail.log /var/log/apache2/access.log /var/log/apache2/error.log

HelpdeskAdminTools/Skills


Specifictools&applicationsOTRSticketingsystemwhohtopping

23

SystemAdminFamiliarization

OverviewAsystemadministrator,orsysadmin,istheindividualresponsiblefortheconfigurationandreliableoperationofcomputersystems,especiallymulti-usersystemssuchasservers.Thesystemadministrator(likeNetworkAdministrators)mustensurethatuptime,performance,resources,andsecurityofallsystemsmeettheneedsofusers.Tomeettheseresponsibilities,thesystemadministratorisresponsibleforacquiring,installingandupgradingcomputercomponentsandsoftware;providingroutineautomation;maintainingsecuritypolicies;troubleshooting;andtrainingandsupervisingsupportstaff.

Fortunately,systemadministratorshaveavarietyoftoolsandapplicationsattheirdisposaltohelpthemmeettheirmyriadresponsibilities.Inthesectionsbelow,thevariousresponsibilitiesofthepositionareorganizedintobroadcategories.Withineachcategory,you’llfindabriefdiscussionofthetoolsandapplicationsavailabletomeetasysadmin’sneeds.

ManagingSystemServicesBydefinition,serversystemstypicallyprovideoneormorenetworkservices,suchasWeb,email,chat,file,databaseandothers.Inmanycases,theresponsibilityofmanagingtheseandotherservicesmaybesplitamongsysadminsandoneormoreotherspecialtyadmins,suchasWebserver,email,ordatabaseadmins.Inthesecases,closecooperationandconstantcommunicationamongtheadminsiscriticaltoensuremaximumavailability,reliabilityandsecurityofsystemservices.

Eachserviceisprovidedthroughoneormoreserverprogramscalleddaemons,programsthatrunasbackgroundprocesses,ratherthanbeingunderthedirectcontrolofaninteractiveuser.Inmostcases,daemonsarecontrolledthroughscriptsthatuseconsistentinterfaces.

Toviewallservicesrunningonasystem,severalcommandsareavailable.Forexample,toseealistofallrunningprocesses,alongwithprocessID(PID)numbers,starttime,processnameandotherinformation,usethecommand:

$ sudo ps -ef

Alternatively,thetopandhtopcommandsprovideadynamic,real-timeviewofsystemsummaryinformationandalistofrunningtasks.Processesare,bydefault,displayedinorderbytheirconsumptionofresources(CPUandmemory),fromgreatesttoleast.ThePID,theuserassociatedwiththeprocess,andotherinformationisalsodisplayed.Todisplaythisinformationusingdefaultparameters,simplyruntoporhtop(amoreuser-friendlyversionoftop)atthecommandline.

Whilenearlyallsystemservicesareconfigured,bydefault,toautomaticallystartandstopwhenthesystemisbootedandshutdown,itisoccasionallynecessarytostart,stoporrestartarunningservice.Forexample,configurationchangesorupdatestoaservicenearlyalwaysrequirearestart.Asmentionedabove,mostdaemonsarecontrolledthroughscriptsthatusecommoninterfacesto

24

start,stoporrestarttheservice,ortoforceittoreloaditsconfiguration.Italsousuallypossibleforthesysadmintocheckaservice’sstatusinthisway.

Forexample,theApacheWebserverisoneofaverylargenumberofservicescontrolledthroughtheservicecommand.Tostart,stop,restartorreloadApache,usecommandslikethefollowing:

$ sudo service apache2 start$ sudo service apache2 stop$ sudo service apache2 restart$ sudo service apache2 reload

Youcanalsocheckaservice’scurrentstatusbyusingtheservicecommandwiththestatusargument.Forexample:

$ sudo service apache2 statusApache2 is running (pid 1583).

Formoreinformationontheseandsimilarcommands,seeSystemManagementCommandsintheSupportingDocumentssection.

ConfigurationandLayoutOnUbuntusystems,systemconfigurationsettingsforthevastmajorityofapplicationsandservicesarecontainedintextfileslocatedinatop-leveldirectorynamed/etc.Relativelysmallorsimpleapplicationssuchasupdatedb,whichautomaticallyupdatesadatabaseusedbythelocatecommand,areconfiguredthroughasinglefilein/etcwiththeextension.conf.OtherapplicationssuchasApacheWebserverandPostfixemailsystemhavetheirownsubdirectorieswithin/etccontainingmultipleconfigurationfiles.Thejobofmaintainingthesemorecomplexapplicationsusuallyfallstoaspecialistadministrator,suchasaWeboremailadmin.However,asmentionedabove,closecoordinationandcooperationbetweenthevariousadministratorsworkingonaserversystemisamust.

Inadditiontoconfigurationfiles,mostserviceshavetheirownlogfiles,wheretheyregularlyrecordavarietyofmessagesregardingroutinetransactionsand,moreimportantly,messagesrelatedtoexecutionerrorsorotherproblems.OnLinuxsystems,theselogfilesarefoundinthedirectory/var/log.Aswasthecasewithconfigurationfiles,thetypeandnumberoflogfilesfrequentlydependsonthesizeand/orcomplexityoftheapplication.Themoresimpleandcommonapplicationstypicallywritetheirlogmessagestothefile/var/log/syslog.Morecomplexservices,suchastheApacheWeborPostfixemailservershavetheirownfilesoreventheirowndirectorieswithin/var/log.Again,thejobofmaintainingthesemorecomplexapplicationsusuallyfallstoaspecialistadministratorbut,asalways,coordinationiskey.

Formoreinformationandtipsonsearchingandviewconfigurationandlogfiles,seeView/SearchTextFilesintheSupportingDocumentssection.Forinformationontextediting,seeHelpandEditorCommands,alsointheSupportingDocumentssection.

25

CreatingandmanaginguseraccountsCreatingandmanaginguseraccountsisacoreresponsibilityformanysystemadministrators.Sysadminsareregularlycalledupontocreate,modifyandremoveuseraccountsortochangeusers’passwords.Thesetasksarecarriedoutusingcommandssuchasadduser,deluserandpasswd.SeeUserManagementCommandsintheSupportingDocumentssectionfordetails.

Inaddition,sysadminsareresponsibleformanagingfileanddirectorypermissionstoensurethatonlyauthorizedusershavetheappropriateaccessrightstovieworeditfilesorexecutecommands.SeeFilePermissionManagementCommandsintheSupportingDocumentssectionforinformationonthecommandsusedtosetandmodifyfileaccesspermissions.

SystemAdminTools/Skills


Specifictools&applicationspasswdadduser addgroupwhohtopaddgroupservice df

Logfiles/var/log/syslog /var/log/auth.log

26

ChatAdminFamiliarization

OverviewChatservices,alsocalledExtensibleMessagingandPresenceProtocol(XMPP)services,areprovidedinBetaPortthroughanOpenSourceXMPPserverpackage.Prosody7isasmall,lightweightimplementationoftheXMPPapplicationprotocolthatiseasytoconfigureandmanage.

Prosodysupportsbothclient-to-serverandserver-to-servercommunications.ThismeansthatuserswhohaveanaccountonaProsodyservercaneasilycommunicatewithuserswhohaveaccountsonotherXMPPserversjustaseasilyastheycanwithusershavingaccountsonthesameserver.Bydefault,Prosodylistensforclientconnectionsonport5222andserverconnectsonport5269.

It’seasytoconfirmthatProsodyislisteningonthecorrectportsbyrunningthenetstatcommand.Thefollowing(excerpted)exampleusesoptions-atnp,which(lefttoright)specifythatallnetworkservicesusingthetcpprotocolshouldbeshownusingnumericIPaddressesonly,alongwiththeirassociatedprocesses.Notethatlua5.1referstoaProsodyprocess.ThisisduetothefactthatProsodyiswritteninLua,anembeddedscriptinglanguagethatisoftenusedingameprogrammingbecauseofitsspeed.

$ sudo netstat -atnpActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0 0.0.0.0:5269 0.0.0.0:* LISTEN 1046/lua5.1 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 878/sshd tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN 1046/lua5.1 tcp6 0 0 :::5269 :::* LISTEN 1046/lua5.1 tcp6 0 0 :::22 :::* LISTEN 878/sshd tcp6 0 0 :::5222 :::* LISTEN 1046/lua5.1

XMPPservicessupportawidevarietyofclients.ThestandardclientforBetaPortusersisPidginInternetMessenger.FormoreinformationonPidgin,seePidginInstructionsintheSupportingDocumentssection.

StartingandStoppingWhileProsodyshouldseldomeverrequirerestarting,it’simportanttoknowhowtostop,start,restartandreloadtheservice.

TostopProsody:$ sudo service prosody stop * Stopping Prosody XMPP Server prosody [ OK ]

TostartProsody:

7https://prosody.im

27

$ sudo service prosody start * Starting Prosody XMPP Server prosody [ OK ]

TorestartProsody:$ sudo service prosody restart * Restarting Prosody XMPP Server prosody [ OK ]

ToforceProsodytoreloaditsconfiguration,suchasafteraconfigurationchange:$ sudo service prosody reload * Reloading Prosody XMPP Server prosody [ OK ]

ConfigurationandLayoutOnUbuntusystems,theProsodyconfigurationfilesarelocatedinthedirectory/etc/prosody.Theprimaryconfigurationfileisprosody.cfg.

Prosodylogmessagesarewrittentothedirectory/var/log/prosody,intotwoseparatelogfiles:prosody.logandprosody.err.Reviewinglogmessagesisanimportantdutyofanyserveradministrator,aslogfilesrecordallservertransactionsandcanoftenprovideinformationthat’susefulindeterminingtherootcauseofanyunusualbehavior.Forinformationandtipsonsearchingandviewlogfiles,seeView/SearchTextFilesintheSupportingDocumentssection.

CreatingandmanaginguseraccountsProsodyuseraccountsarecreatedandmanagedusingacommandnamedprosodyctl.Thiscommandrequiressudoprivileges,whichrestrictsitsusetothosesystemusershavingadministrativeprivileges.

TocreateanewProsodyaccountandspecifytheuser’spasswordinonecommand,useprosodyctlwiththeregistercommand,followedbythenewusername,theserver’sfully-qualifieddomainname,andthenewuser’spassword.Forexample:

$ sudo prosodyctl register ella elko.26maidenlane.net afwtl7j4

Tochangeanexistinguser’spassword,useprosodyctlwiththepasswdcommand,followedbytheuser’sjid.Thejidlooksjustlikeanemailaddress,anditconsistsoftheusername,followedby‘@’,followedbytheserver’sfullyqualifieddomainname.Forexample,tochangethepasswordforella,whoseaccountwascreatedabove,usethefollowingcommandline,afterwhichyouwillbepromptedforthenewpassword.

$ sudo prosodyctl passwd [email protected]

Finally,toremoveauseraccountfromaProsodyserver,useprosodyctlwiththedelusercommand,followedbytheuser’sjid.Forexample,toremovetheuseraccountella,createdabove,usethefollowingcommandline.

$ sudo prosodyctl deluser [email protected]

28

WebAdminFamiliarization

FamiliarizationActivity1. Itisessentialtofamiliarizeyourselfasquicklyaspossibletothewebservicesyour

companyprovides.Itisalsoessentialforyoutodevelopastrongsenseoftheavailabilityoftheseservicessothatyouarebetterpositionedtoprevent,detectandrespondtounusualactivitythatmaydisruptcompanyoperations.

2. Startbydeterminingwhichwebpagesandweb-basedservicesyourcompanyprovides.Besuretodistinguishbetweenthosethatareservingtheconsumers/publicversusthoseforinternal/companyuse.Usethefollowingspacetorecordyournotes.

3. Visiteachofthewebpagesandeachofwebpagestowhichtheyarelinked.Familiarizeyourselfwithboththeircontentandavailability.Payparticularattentiontopublicfacingwebpagesasmaintenanceoftheiravailabilityiscriticaltocompanyviability.Usethefollowingspacetorecordyournotes.

4. Determinewhichweb-basedservicesareprovidedbyyourcompany.Besuretodistinguishbetweenthosethatareservingthegeneralpublicversusthoseforinternal/companyuse.Usethefollowingspacetorecordyournotes.

5. Reviewtheweblogs(especiallytheaccessanderrorlogfiles).Familiarizeyourselfwith“normal”trafficpatterns.Remembertocommunicatewithyourwebadministratorcolleaguesandseektheirinputasyoudevelopyourownsenseof“normal”.

6. Reviewthetrainingmaterialsthathavebeenprovided.Thesematerialsincludedescriptionsofthetools/commandsusefultowebadministrators.Payparticularattentiontotools/commandsusedtoconfigureandmanagetheApache-basedwebservices.

ApacheRestartActivityOnetaskthatawebadministratormustsometimesperformisarestartofthewebserver.Beawarethatrestartingwebservicesshouldbeperformedonlywhennecessaryasittemporarilypreventsusersfromaccessingwebpagesandweb-basedservices.Theimageandviabilityofthecompanycansufferifwebpagesand/orweb-basedservicesaretakenoff-lineorotherwisemadeunavailable.

ThisactivitypresumesyouhavealreadycompletedtheFamiliarizationActivity(above).

1. NotifytheHelpDeskofyourintentiontorestartthewebserverandthereasonfordoingso.Itisessentialtodocumenttherationaleandreasonsforneedingtorestartthewebserver.

2. Logintoyourwebserverusingsshortelnetandmakesureyoursystemincludestheinit.dcommand(usuallyplacedinthe/etcdirectory).Confirmthepresenceofthefilebyissuingthefollowingcommand:

$ ls /etc/i*

3. Issuethefollowingcommand:

$ sudo /etc/init.d/apache reload

29

Iftheabovecommanddoesnotachievethedesiredoutcomethenusethemoredisruptiverestartcommand:

$ sudo /etc/init.d/apache restart

4. EnsureApacheserverhasrestartedandwebservicesrestored.Reviewtheerrorlog,confirmpublicandinternalaccessibilitytocorrespondingwebpagesandweb-basedservices.

$ cat /var/log/apache2/error.log

5. ReporttotheHelpDeskthatallwebserviceshavebeenrestored.

WebSiteAdminTools/Skills

Generalusetools/conceptsLogginginwithsshsudocat, head, tail, lessgrep, grep -vsortps -efnetstat -atunemacsUsingpipeswithabovecommands

Specifictools&applicationsApacheWebserverchownchmod

Logfiles/var/log/mail.log /var/log/apache2/access.log /var/log/apache2/error.log

30

IT Staff Job Descriptions for VCCLL

SystemAdministratorJobDescription

SummaryResponsiblefordesigning,organizing,modifying,andsupportingacompany'scomputersystems.DesignsandinstallsLANs,WANs,Internetandintranetsystems,andnetworksegments.

EssentialDutiesandResponsibilities• SupportLANs,WANs,networksegments,Internet,andintranetsystems.• Respondpromptlytohelpdeskticketsandstatusqueries.• Maintainsystemefficiency.• Troubleshootproblemsreportedbyusers.• Maintainnetworkandsystemsecurity.• Analyzeandisolateissues.• Monitorserveranddesktopsystemstoensuresecurityandavailability.• Evaluateandmodifysystem'sperformance.• Maintainnetworkserverssuchas(web,file,email,chat)servers

31

NetworkAdministratorJobDescription

SummaryResponsiblefordesigning,organizing,modifying,installing,andsupportingacompany'scomputersystems.DesignsandinstallsLANs,WANs,Internetandintranetsystems,andnetworksegments.

EssentialDutiesandResponsibilities• InstallandsupportLANs,WANs,networksegments,Internet,andintranetsystems.• Installandmaintainnetworkhardwareandsoftware.• Monitorandanalyzenetworkactivitytoensuresecurityandavailability.• Maintainintegrityofthenetwork,serverdeployment,andsecurity.• Ensurenetworkconnectivitythroughoutacompany'sLAN/WANinfrastructureisonpar

withtechnicalconsiderations.• Performnetworkaddressassignment.• Respondpromptlytohelpdeskticketsandstatusqueries.• Assignroutingprotocolsandroutingtableconfiguration.• Maintainnetworkservicessuchasgatewaysandfirewalls.

32

HelpDeskSpecialistJobDescription

SummaryResponsibleforprovidingtechnicalassistanceandsupportrelatedtocomputersystems,hardware,orsoftware.Respondstoqueries,runsdiagnosticprograms,isolatesproblem,anddeterminesandimplementssolution.

EssentialDutiesandResponsibilities• Providetechnicalassistanceandsupportforincomingqueriesandissuesrelatedto

computersystems,networks,software,andhardware.• Respondtoquerieseitherinperson,inwriting(includesemailandchat)oroverthephone.• Writetrainingmanuals.• Askquestionstodeterminenatureofreportedproblemsinsupportofquickandcorrect

resolution.• Walkcustomerthroughproblem-solvingprocess.• ActaspointofcontactforalluserstotheITdepartment.• Trackallraisedissuesandbeinthelooponeffortstoresolveevenifnotactively

coordinating(thehelpdeskshouldneverloosetouchwiththeproblemorthecustomer).• ActasITeyesandearsforproblemsaffectingmultipleusers.• RespondpromptlytostatusqueriesfromotherITareas.

33

WebmasterJobDescription

SummaryResponsibleformaintainingWebsites.Ensuressitesarefunctioningproperlyandareavailabletousers.Testsspeedofaccessandimprovesuponloadingspeed.

EssentialDutiesandResponsibilities• Maintainwebsitesforclientsandbusinesses.• Ensurethewebservers,andsupportingsoftwareareoperatingproperly.• Designwebsites.• Generateandrevisewebpages.• Examineandanalyzesitetraffic.• ConfigurewebserverssuchasApache.• Serveasthebackupserveradministratoronthewebserver.• Regulateandmanageaccessrightsofdifferentusersonwebsite.• Createandmodifyappearanceandsettingofsite.• Respondpromptlytohelpdeskticketsandstatusqueries.• Keepthehelpdeskinformedofanyandallissuesasthewebsiteistheorganizationsfaceto

theworld

34

EmailAdministratorJobDescription

SummaryResponsibleformailserveraccountmanagement,trackingmailserverusage,andbackingupandrestoringemailfiles.Installsandconfiguresnewmailservers.

EssentialDutiesandResponsibilities• Createandmaintainemailaccounts• Resetuserpasswords,asrequired• Assistwithloginandemailclientproblems• MonitorandrespondtoPostmaster(error)messages• Trackmailserverusage• Monitormailserverconnections• Trackdiskspaceusage• Monitormailserverlogs• Controlincomingandoutgoingspammailings

35

Supporting Documents

BasicConnectivityTestingTools

pingpingisoneofthebasictools.Itsendsrepeatedpackets(ICMPratherthanTCPorUDP)tothespecified<host>. $ ping [options] <host>

Thelistofavailableoptionscanbefoundusingmanpages.Themostusefuloptionis-c <count>(replace<count>withthenumberofpingstosend).Thiscanbecritical,becausepingcanalsobeusedasadenial-of-service(DOS)attackand,yes,itispossibletoDOSyourselfwithping.No,youwouldnotbethefirst.Itisimportanttounderstandthatpingonlytellsyouwhethertheserverisup,notthatanyservicesarerunning.Asanexample,ifyoupingaWebserver,youknowthehardwareandOSarerunning,butnotthattheWebserveritselfisnecessarilyrunning.

telnettelnetisaveryoldandusefultool,becauseitisverygeneric. $ telnet <host> <port>

Bydefault,thetelnetservicerunsonport23soifyouuseacommandlinelikethefollowing. $ telnet www.somehost.com

Theconnectionwillbemadeonport23,whichisthedefaultforthetelnetservice.Duetosecurityconcernsthetelnetserviceisoftendisabled.However,itisalsopossibletousethetelnetclienttoconnecttoportsotherthanthedefault.Forexample,ifyouuseacommandlinelikethisone. $ telnet www.somehost.com 80

Theconnectioninthiscasewillbemadeonport80(typicallyusedbyaWebserver)atthedestinationhost,andyoucanenterHTTPcommandstointeractwiththehost’sWebserver,ifthereisonelisteningonthatport.Inthisway,it’spossibletoshowwhethertheWebserverrunningonport80isupandrunning.Inlikefashion,thetelnetcommandcanbeusedtoconnecttootherservices,suchasSMTP,onport25.

traceroutetracerouteattemptstoshowthehopsbetweenhostsontheInternet.Itiscriticaltonotethattracerouteonlyshowstheinterfacefacingthesourcehostaspacketspassthroughrouters.$ traceroute <host>

Example:Hereisanexampleofrunningtraceroutebetweentwohosts(192.168.1.7to172.16.1.2)withasinglerouterinbetween.Thusthe192.168.1.7machineseesthefollowing.

36

$ traceroute 172.16.1.2 traceroute to 172.16.1.2 (172.16.1.2), 64 hops max, 52 byte packets 1 192.168.1.1 (192.168.1.1) 3.877 ms 0.995 ms 0.902 ms 2 172.16.1.2 (172.16.1.2) 2.631 ms 1.318 ms 1.236 ms

While,fromtheotherendofthenetworkconnection,172.16.1.2seesthefollowing. $ traceroute 192.168.1.7 traceroute to 192.168.1.7 (192.168.1.7), 64 hops max, 52 byte packets 1 172.16.1.101 (172.16.1.101) 0.552 ms 0.904 ms 1.265 ms 2 192.168.1.7 (192.168.1.7) 18.025 ms 18.673 ms 19.584 ms

Sotobuildanaccuratenetworkmapyouneedtocheckbothsidesofarouter,asisthecaseifyouarelookingforanetworkfault.Inthecaseofafault,youoftenhavetogetsomebodyontheotherendtochecktheroutesrunningbackinyourdirection.

ITHelpDeskNotes&Flowchart

CreateTicketUponticketcreation,thehelpdesktechnicianshouldemailtheuserandanyotherinterestedpartiestoinsurethateveryoneconnectedtotheissueisawareofitsstatus.

ContactHelpdeskWhenatechnicianassignedaticketdeterminesthattheissuecannotberesolved,eitherbecauseoftechnicalreasonsorbecausetheissuecannotbeduplicated,heorsheshouldimmediatelycontactthehelpdesktohelpdeterminenextstepsinaddressingtheissue.

CompleteTicketUponcompletingthehelpdeskticket,thetechnicianwhoclosesitshouldemailthehelpdesk,theuserandanyotherinterestedpartytokeepeveryoneinformed.

37

Figure1:Sourcedfromhttp://visual.ly/it-help-desk-flowchart

38

OTRSquickguide(v0.1.0_10/4/2015)OTRS8isanOpenSourceticketingsystemusedbyBetaPortcompaniestomanagetheirhelpdeskoperations.

ToLogInGoto:

http://helpdesk.[company_name].com/otrs/(yesyouneedthetrailing/)

Enteryourlogincredentials.

ToCreateCustomerUserAfterloggingin

1. Click“Admin”intheheadermenu2. Inthe“CustomerManagement”sectionclick“CustomerUser”3. Click“AddCustomerUser”buttoninleftsidebar4. Fillinthefollowingformfields.

a. Firstnameb. Lastnamec. Username(Customerwillusethistologin.)d. Emaile. CustomerID(Customer’sticketswillbemarkedwiththisID.)

5. Set“Valid”to“Valid”ifitisnotalready.6. Click“Submit”buttonatbottomofpage.

TicketsClickingthe“Tickets”headerbuttondisplaysalistofpossibleviewsandactions.Themostusefulofthesewillbethequeueorstatusview,dependingonwhichyouprefer.Bothdisplaylistsofactivetickets;queueviewseparatesthemintoseparatepagesbywhichqueuetheyarein,whilestatusdoesnot.Queueviewdefaultstothemostdetailedlistingmode,andStatusviewdefaultstothesimplestmode.ItshouldbenotedthatOTRSsystemticketscannotbedeleted,onlyclosed.

ToCreateTicket

Afterloggingin:

1. Click“Tickets”buttoninheadermenu2. Click“newemailticket”inthedropdownmenu3. Fillintheform:

a. Selectqueuefromdropdownmenub. Entercustomeruser(Thisdoeshavesomeautocomplete.)c. Entersubject

8https://www.otrs.com/otrs-free-help-desk

39

d. EntertextAllotherfieldsarenotrequired

4. Click“sendmail”buttonatbottomofpage

ToLockATicketToYourAccount

Eithercheckaticketinoneofthelistviewsorselectit,thenclickthe“Lock”button,asshownbelow.

.

TOCLOSEATICKET

Sameaslockingaticketexceptyouclickthe“Close”buttoninsteadof“Lock.”Thisbuttonislocatedinthesamerow,farthertotheright,asshownintheabovescreenshot.

40

View/SearchTextFiles

headTheheadcommanddisplaysthebeginningofafile.Theformatoftheheadcommandis:

$ head <filename>

Bydefault,youcanonlyreadthefirsttenlinesofafile.Youcanchangethenumberoflinesdisplayedbyspecifyinganumberoption.

$ head -20 <filename>

Theabovecommandwoulddisplaythefirst20linesofafilenamed<filename>.

tailThereverseofheadistail.Usingtail,youcanviewthelasttenlinesofafile.Youcanalsochangethenumberoflinesdisplayedbyspecifyinganumberoption.Thiscanbeparticularlyusefulforviewingthemostrecentlinesofalogfileforimportantsystemmessages.

$ tail -15 /var/log/auth.log

Example:

Youcanusetailtowatchlogfilesastheyarebeingupdated.Usingthe-foption,tailautomaticallyprintsnewmessagesfromanopenfiletothescreeninreal-time.Forexample,toactivelywatch/var/log/syslog,enterthefollowingatashellprompt:

$ tail -f /var/log/syslog

PressCtrl-cwhenyouarefinishedwithautomatedupdating.

catThecatcommandisaversatileutility.Itcanbeusedtoviewtext,tocreatetextfiles,andtojoinfiles.Itsnameisshortforconcatenate,whichmeanstocombinefiles.

Enteringthecatcommandfollowedbyafilenamedisplaystheentirecontentsofthefileonthescreen.Ifthefileislong,thecontentsscrolloffthescreen.Inthiscase,youmaywanttousethelesscommandinstead,describedbelow.

lesslessisaprogramthatletsyouviewtextfiles.ThisisveryhandysincemanyofthefilesusedtocontrolandconfigureLinuxarehumanreadable.

lessisinvokedbysimplytyping:

41

$ less <filename>

Controllingless

Oncestarted,lesswilldisplaythetextfileonepageatatime.YoumayusethePageUpandPageDownkeystomovethroughthetextfile.Toexitless,type"q".Herearesomecommandsthatlesswillaccept.

PageUporb Scrollbackonepage

PageDownorspace Scrollforwardonepage

G Gototheendofthetextfile

1G Gotothebeginningofthetextfile

/characters Searchforwardinthetextfileforanoccurrenceofcharacters

n Repeattheprevioussearch

h Displayacompletelistlesscommandsandoptions

q Quit

grepThegrepcommandisusefulforfindingspecificcharacterstringsinafile.Forexample,tofindeveryreferencemadetothetext"pattern"inthefile<filename>,enter:$ grep <pattern> <filename>

Eachlinein<filename>thatincludesthetext<pattern>islocatedanddisplayedonthescreen.

Thegrepcommandacceptsanumberofoptionsthatwillchangeitsbehavior.Asmallselectionoftheseisshownbelow.Formoreinformation,seethemanpageforgrep.

-v Invertthesenseofmatching,toselectnon-matchinglinesforthegivensearchcriteria.

-ANUM PrintNUMlinesoftrailingcontextaftermatchinglines.

-BNUM PrintNUMlinesofleadingcontextbeforematchinglines.

Example:

TosearchanApacheWebserver’saccesslogforentriespertainingtoaparticularclientIPaddressoraddressrange,youcanuseallorpartoftheaddressasakeywordforthesearch:$ grep 10.0.1.212 /var/log/apache2/access.log

42

sortThesortcommandisusedtosort/orderlinesintextfiles.Youcansortthedatainatextfileanddisplaytheoutputonthescreen,orredirectittoafile.

Basedonyourrequirements,sortprovidesseveralcommandlineoptionsforsortingdatainatextfile.Forexample,tosortthelinesofatextfile<filename>inreverseorder,usethe-roption:$ sort -r <filename>

Inaddition,filesmaysometimescontainduplicateentriesthatarenotimportanttothegoalsoftheuser.Tosortthelinesofatextfile<filename>whileremovingduplicatelines,usethe-u(forunique)option:$ sort -u <filename>

Finally,whensortingonnumericvalues,bestresultsareobtainedbyusingthe-noption,whichsortsbynumericvalue,ratherthanthealphabeticalorderofdigits.$ sort -n <filename>

Examples:

Itissometimesdesirabletosortthelinesofafilebasedonsomecharactersthatarenotatthebeginningofafile.Entriesinmanylogfilesarehighlystructuredsothatitispossibletospecifysortingonaspecificfield.Asanexample,/var/log/syslogrecordslogmessagesfromawidevarietyofservices,thenamesofwhicharegiveninthefifthfieldofeachlogentry.Tosortlogentriesbasedonthenameoftheservice,locatedinfield#5,youwouldusethe-koptiontospecifysortingonthisfield:$ sort -k 5 /var/log/syslog

ThesortcommandisoftenusedincombinationwithotherLinuxcommands,whicharejoinedusingapipe.Thepipetakestheoutputofacommandonitsleftandredirectsthatoutputasinputtothecommandonitsright.

Forexample,sayyouwouldliketogetasortedlistofIPaddressesthathaveconnectedtoyouremailserver’sSMTPserviceforwhichreverseDNSlookupshavefailed.(ThismayindicatethattheIPdoesnotbelongtoalegitimatemailserver.)Theseentrieswillbefoundinafilenamed/var/log/mail.logandwillcontainthetext“connectfromunknown”withtheIPaddressappearinginfield#8.Toobtainalistofthesespecificentries,sortedbyIPaddress,usethefollowingcommand.$ grep 'connect from unknown' /var/log/mail.log | sort -k 8

43

Pidgininstructions(v0.1_04/14/2015)Pidgin9istheIMclientprovidedforuseonallcomputerswithintherange.Pidginislocatedinthe“Start”menuintheInternetfolder.YoucanalsostartPidginbyenteringpidgininaterminal.

Addingcontacts IntheBuddylistwindowclickthe“Buddies”menuandselect:

NewInstantMessage-toopenachatwiththatpersonAddBuddy-toaddsomeonetoyourbuddylist

Note:Boththeseoptionswillopenawindowandaskforthenameofthecontactyouwishtoadd.AddBuddywillalsohavesomeadditionalfieldsthatmaybeleftblank.

JoiningGroup/ChatroomsNote:atpresentyoumayonlyjoinchatroomsontheserveryouraccountisregisteredto.

IntheBuddylistwindowclickthe“Buddies”menuandselect:

JoinAChat-toopenaroomAddChat-toaddaroomtoyourbuddylist

Note:Boththeseoptionswillopenawindowandaskforthenameoftheroomyouwishtoadd.Atthebottomofthewindowwillbea“RoomList”buttonthatcanbeusedtogetalistofthechatroomsonaserver.AddChatwillalsohavesomeadditionalfieldsthatmaybeleftblank.Ifyouenterthenameofagroupthatdoesnotexist,weatherbytypoordeliberately,aroomwiththegivennamewillbecreated.

9https://www.pidgin.im

44

UserManagementCommands

wwdisplaysinformationabouttheuserscurrentlyonthemachine,aswellastheirprocesses.Theheadershows,inthisorder,thecurrenttime,howlongthesystemhasbeenrunning,howmanyusersarecurrentlyloggedon,andthesystemloadaveragesforthepast1,5,and15minutes.Notethatsudoprivilegesarenotrequiredtorunthiscommand.

Example:

Toshowinformationaboutaparticularusernameonly,addtheusernameasanargument.$ w username

whoThewhocommandcanbeusedtolisttheuser’sname,terminalline,logintime,elapsedtimesinceactivityoccurredontheline,andtheprocessIDofthecommandinterpreterforeachcurrentsystemuser.

Examples:

Usewhotodisplayinformationaboutuserscurrentlyloggedin:$ whoShowthesameinformationasabove,withcolumnheadings:$ who -H

Displayallloginnamesandthenumberofuserscurrentlyloggedon:$ who –q

adduserTheaddusercommandisusedtoadduserstothesystemaccordingtocommand-lineoptionsandconfigurationinformationcontainedinthefile/etc/adduser.conf.adduseroffersafriendlierfront-endthanthelowerleveluseraddcommand.Thecommandwill,bydefault,choosepolicy-conformantuserid(UID)andgroupid(GID)values,createahomedirectorywithskeletalconfiguration,andrunacustomscript,amongotherfeatures.Whenrunningadduser,youwillbeaskedaseriesofquestions.Theprocedurewillbe:

• Assignandconfirmapasswordforthenewuser.• Enteranyadditionalinformationaboutthenewuser,knownasGECOSdata,including

name,buildingandofficenumber,telephone,etc.Thesefieldsareentirelyoptionalandcaneachbeskippedbypressing<Enter>ifyoudonotwishtoutilizethesefields.

• Finally,youwillbeaskedtoconfirmthattheinformationyouprovidedwascorrect.Press<y>tocontinue.

45

Examples:

Addingormodifyinguseraccountsrequiressudoprivileges.Youcanaddanewuserbytyping:$ sudo adduser username

Ifthenewusershouldhavetheabilitytoexecutecommandswithroot(administrative)privileges,youwillneedtogivethenewuseraccesstosudo.Youcandothisbyaddingthenewuser’susernametoaspecialgroupcalledsudo:$ sudo usermod -a -G sudo username

Userswhobelongtothegroupsudoareabletoexecuteanycommandwithrootprivileges.

deluserThedelusercommandisusedtoremoveauserfromthesystem:$ sudo deluser username

Examples:

Itisoftendesirabletoremovetheuser’shomedirectoryatthesametimethattheaccountisdeleted:$ sudo deluser --remove-home username

If,additionally,allfilesownedbytheusershouldbedeleted,includingfilesoutsidetheuser’shomedirectory,usethisoptioninstead:$ sudo deluser --remove-all-files username

addgroupTheaddgroupcommandisusedtoaddgroupstothesystem.Youcanaddanewuserbytyping:$ sudo addgroup newgroup

Example:

Useaddgrouptocreatethegroupprogrammers:$ sudo addgroup programmers

delgroupThedelgroupcommandisusedtoremoveagroupfromthesystem:$ sudo delgroup groupname

Itshouldbenotedthatsomelimitationsexistonwhichgroupscanberemoved.Forexample,theprimarygroupforanyexistingusercannotberemoved.

46

Example:

Itmaynotbedesirabletoremovegroupsthatstillhavemembers.Topreventthisfromoccurringaccidently,addthefollowingoption:$ sudo delgroup --only-if-empty groupname

passwdThepasswdcommandchangespasswordsforuseraccounts.Anormalusermayonlychangethepasswordforhis/herownaccount,whileauserwithrootprivilegesmaychangethepasswordforanyaccount.passwdalsochangesaccountinformation,suchasthefullnameoftheuser,theuser´sloginshell,orhis/herpasswordexpirydateandinterval.

Forpasswordchanges,theuserisfirstpromptedforhis/heroldpassword,ifoneispresent.Thispasswordisthenencryptedandcomparedagainstthestoredpassword.Theuserhasonlyonechancetoenterthecorrectpassword.Userswithrootprivilegesarepermittedtobypassthisstepsothatforgottenpasswordsmaybechanged.

Afterthepasswordhasbeenentered,passwordaginginformationischeckedtoseeiftheuserispermittedtochangethepasswordatthistime.Ifnot,passwdrefusestochangethepasswordandexits.

Theuseristhenpromptedtwiceforareplacementpassword.Thesecondentryiscomparedagainstthefirstandbotharerequiredtomatchinorderforthepasswordtobechanged.

Thepasswordisthentestedforcomplexity.Asageneralguideline,passwordsshouldconsistof6to8charactersincludingoneormorecharactersfromeachofthefollowingsets:

• lowercasealphabetics• digits0thru9• punctuationmarks

Examples:

Usepasswdtodisplayaccountstatusinformationforallusers.Thestatusinformationconsistsofsevenfields.Thefirstfieldistheuser´sloginname.Thesecondfieldindicateswhethertheuseraccountislocked(L),hasnopassword(NP),orhasausablepassword(P).Thethirdfieldgivesthedateofthelastpasswordchange.Thenextfourfieldsaretheminimumage,maximumage,warningperiod,andinactivityperiodforthepassword.Theseagesareexpressedindays.$ sudo passwd –a –S

Usepasswdtolocktheaccountnameduser1.Thisoptiondisablesanaccountbychangingthepasswordtoavaluethatmatchesnopossibleencryptedvalue,andbysettingtheaccountexpiryfieldto1.$ sudo passwd –l user1

47

SystemManagementCommands

psThepscommandreportsonactiveprocesses.(Aprocessisdefinedasaprograminexecution.)Thesyntaxofthiscommandisquitesimple.$ ps [options]

Bydefault(whenrunwithoutoptions),psdisplaysinformationonallprocessesbelongingtothelogged-inuser.ItdisplaystheprocessID(pid=PID),theterminalassociatedwiththeprocess(tname=TTY),thecumulatedCPUtimein[DD-]hh:mm:ssformat(time=TIME),andtheexecutablename(ucmd=CMD).Outputisunsortedbydefault.Amorecommoninvocationofthepscommand,especiallyforsystemadministrators,displaysinformationonallprocessesthatarecurrentlyrunningonthesystem.The-eoptionspecifiesthatallrunningprocessesbedisplayed,whilethe-foptionspecifiesafullformatlisting.Asshowninthisexample,optionscanbegroupedbehindasingle-character.$ ps -ef

Thepscommandprovidesasnapshotofthesystemstateatasinglemomentintime.Ifyouwanttohaverepetitiveupdatesinrealtime,usethetoporhtopcommands,describedbelow.

topThetop programprovidesadynamicreal-timeviewofarunningsystem.ItcandisplaysystemsummaryinformationaswellasalistofprocessesorthreadscurrentlybeingmanagedbytheLinuxkernel.Thetypesofsystemsummaryinformationshownandthetypes,orderandsizeofinformationdisplayedforprocessesareuserconfigurable.topisusefulforsystemadministrators,asitshowswhichusersandprocessesareconsumingthemostsystemresourcesatanygiventime.Althoughtopcantakeanumberofoptionstotailortheinformationdisplayed,runningtopwithoutanyoptionsprovidesawealthofinformationaboutarunningsystem.$ top

Example:Pressingnwhiletopisrunningallowstheusertochangethenumberofprocessesdisplayed.Thedefaultisanunlimitednumberofprocesses.

htophtopisdesignedasanalternativetothetopprogram.Itshowsafrequentlyupdatedlistoftheprocessesrunningonacomputer,normallyorderedbytheamountofCPUusage.Unliketop,htopprovidesafulllistofprocessesrunning,insteadofthetopresource-consumingprocesses.htopusescolorandprovidesvisualinformationaboutprocessor,swapandmemorystatus.Unliketop,htopprovidesmoreflexiblescrollingcapabilities.

48

It is important to use commands such as htop to monitor processes and resource utilization to be able to quickly detect unusual events or system behavior.

Example:

Runninghtopwiththe-uoption,followedbyausername,showsonlytheprocessesofagivenuser.$ htop -u bondj

It is best to take advantage of the interactive display control features of htop by using the special keys while the command is active. Start htop by simply entering the following command. $ htop

The following keys, among others, are active while using htop:

• Pressing<F1>displaysahelpscreen.Pressanykeytoreturntohtopmainscreen.• Pressing<F2>or<s>displaysthesetupmenuforcontrollingwhatisdisplayedandhow.• Pressing<Arrows>,<PgUP>,<PgDn>,<Home>,<End>keysprovidescrollingcapability.• Pressing<F5>or<t>displaysatreeviewinwhichprocessesareorganizedbyparenthood• Pressing<space>tags/untagsaprocess.• Pressing<F9>or<k>sendsakillsignaltothecurrentlytaggedprocess(es).Usecautiously!• Pressing<F10>or<q>toquithtop.

netstatnetstatisausefultoolforcheckingyournetworkconfigurationandactivity.Itisveryoftenusedtocheckactiveconnections,aswellasnetworksocketsthatarethatarewaitingforaconnection(i.e.,listening).

Examples:

Todisplayallactiveconnectionsandservices,includingTCPandUDP,usethenetstatcommandwithoptions-atun,forall,tcp,udp,withnumericaddress.$ netstat –atun Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:5269 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN tcp 0 0 10.0.1.195:22 10.0.1.54:51643 ESTABLISHED tcp 0 368 10.0.1.195:22 10.0.1.54:51646 ESTABLISHED tcp6 0 0 :::5269 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN

49

tcp6 0 0 :::25 :::* LISTEN tcp6 0 0 :::993 :::* LISTEN tcp6 0 0 :::995 :::* LISTEN tcp6 0 0 :::5222 :::* LISTEN tcp6 0 0 :::110 :::* LISTEN tcp6 0 0 :::143 :::* LISTEN tcp6 0 0 :::80 :::* LISTEN udp 0 0 10.0.1.195:123 0.0.0.0:* udp 0 0 127.0.0.1:123 0.0.0.0:* udp 0 0 0.0.0.0:123 0.0.0.0:* udp6 0 0 ::1:123 :::* udp6 0 0 :::123 :::*

TodisplayallactiveTCPconnectionsandservices,includingtheassociatedprocesses,usethenetstatcommandwithoptions-atnp,forall,tcp,withnumericaddressandprocessinformation.Notethatsudoisrequiredtodisplaytheprocessnames.$ sudo netstat –atnp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:5269 0.0.0.0:* LISTEN 1046/lua5.1 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 878/sshd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2051/master tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 2329/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 2329/dovecot tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN 1046/lua5.1 tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 2329/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 2329/dovecot tcp6 0 0 :::5269 :::* LISTEN 1046/lua5.1 tcp6 0 0 :::22 :::* LISTEN 878/sshd tcp6 0 0 :::25 :::* LISTEN 2051/master tcp6 0 0 :::993 :::* LISTEN 2329/dovecot tcp6 0 0 :::995 :::* LISTEN 2329/dovecot tcp6 0 0 :::5222 :::* LISTEN 1046/lua5.1 tcp6 0 0 :::110 :::* LISTEN 2329/dovecot tcp6 0 0 :::143 :::* LISTEN 2329/dovecot tcp6 0 0 :::80 :::* LISTEN 1710/apache2

serviceTheservicecommandisusedtoruninitializationscriptsforvariousLinuxserverprograms.Thesescriptsarenormallystoredinthe/etc/init.ddirectory.Theservicecommandcanbeusedtostart,stop,andrestarttheserverprograms.

Examples:

TostarttheProsodyXMPPchatserver:$ sudo service prosody start * Starting Prosody XMPP Server prosody [ OK ]

Tostart,stoporrestarttheApacheWebserver,usecommandslikethefollowing:

$ sudo service apache2 start$ sudo service apache2 stop$ sudo service apache2 restart

50

sshsshisaprogramthatenablessecurecommunicationsfromaclienttoahostcomputer.Youshouldgettheusualpasswordprompt(orbetoldyoucan'tlogin,ifpasswordsaredisabled)whentheconnectionismade.

Examples:

Thegeneralformforloggingintoahostisshownbelow.

$ ssh <username>@<hostname or IP address>

Usesshtoconnecttothecomputernamedlaptopasuserjoe:$ ssh joe@laptop

UsesshtoconnecttothecomputerwithIPaddress192.168.1.1asusermike:$ ssh [email protected]

51

FilePermissionManagementCommands

chmodThechmodcommandisusedtochangetheaccessrightsforafile/directory.Morespecifically,chmodchangesthefilemodebitsofeachgivenfile,whichcanbeeitherasymbolicrepresentationofchangestomake,oranoctalnumberrepresentingthebitpatternforthenewmodebits.NotethateverythinginLinuxisafile.Directoriesarefiles,filesarefilesanddevicesarefiles.Userswithsudoprivilegesareabletoaccessanyfileonthesystem.

Theformatofasymbolicmodeis[ugoa...][[+-=][perms...]...],wherepermsiseitherzeroormorelettersfromthesetrwxXst,orasingleletterfromthesetugo.Multiplesymbolicmodescanbegiven,separatedbycommas.

Acombinationofthelettersugoacontrolswhichusers’accesstothefilewillbechanged:theuserwhoownsit(u),otherusersinthefile’sgroup(g),otherusersnotinthefile’sgroup(o),orallusers(a).Ifnoneofthesearegiven,theeffectisasif(a)weregiven,butbitsthataresetintheumaskarenotaffected.

Theoperator+causestheselectedfilemodebitstobeaddedtotheexistingfilemodebitsofeachfile;-causesthemtoberemoved;and=causesthemtobeaddedandcausesunmentionedbitstoberemovedexceptthatadirectory’sunmentionedsetuserandgroupIDbitsarenotaffected.

ThelettersrwxXstselectfilemodebitsfortheaffectedusers:read(r),write(w),execute(orsearchfordirectories)(x),execute/searchonlyifthefileisadirectoryoralreadyhasexecutepermissionforsomeuser(X),setuserorgroupIDonexecution(s),restricteddeletionflagorstickybit(t).Insteadofoneormoreoftheseletters,youcanspecifyexactlyoneofthelettersugo:thepermissionsgrantedtotheuserwhoownsthefile(u),thepermissionsgrantedtootheruserswhoaremembersofthefile’sgroup(g),andthepermissionsgrantedtousersthatareinneitherofthetwoprecedingcategories(o).

Anumericmodeisfromonetofouroctaldigits(0-7),derivedbyaddingupthebitswithvalues4,2,and1.Omitteddigitsareassumedtobeleadingzeros.ThefirstdigitselectsthesetuserID(4)andsetgroupID(2)andrestricteddeletionorsticky(1)attributes.Theseconddigitselectspermissionsfortheuserwhoownsthefile:read(4),write(2),andexecute(1);thethirdselectspermissionsforotherusersinthefile’sgroup,withthesamevalues;andthefourthforotherusersnotinthefile’sgroup,withthesamevalues.

Examples:

Giventhefollowingfilesandpermissions:-rw-r--r-- 1 user user 0 Nov 19 20:13 file1 -rw-r--r-- 1 user user 0 Nov 19 20:13 file2 -rw-r--r-- 1 user user 0 Nov 19 20:13 file3 -rw-r--r-- 1 user user 0 Nov 19 20:13 file4

Usechmodtoaddownerexecute(x)bittofile1:$ chmod u+x file1

Thisiswhatthefilelistingforfile1nowlookslike: -rwxr--r-- 1 user user 0 Nov 19 20:13 file1

52

Usechmodtoaddotherwrite(w)andexecute(x)bitstofile2:$ chmod o+wx file2

Thisiswhatthefilelistingforfile2nowlookslike:

-rw-r--rwx 1 user user 0 Nov 19 20:13 file2

Usechmodtoremovegroupread(r)bitfromfile3:

$ chmod g-r file3

Thisiswhatthefilelistingforfile3nowlookslike:-rw----r-- 1 user user 0 Nov 19 20:13 file3

Usechmod,innumericmode,toaddread(4),write(2)andexecute(1)toeveryoneforfile4:$ chmod 777 file4

Thisiswhatthefilelistingforfile4nowlookslike: -rwxrwxrwx 1 user user 0 Nov 19 20:13 file4

chownThechowncommandisusedtochangethefileownerand/orgroup.

Examples:

Usechowntochangetheownerofmydirectorytoroot:$ chown root mydirectory

Youcanchangetheownerof mydirectorytorootandthegrouptostudents:

$ chown root:students mydirectory

Youcanchangetheownerof mydirectory,alongwithitsincludedfiles,toroot(Note:Greatcareshouldbeexercisedwhenapplyingchownrecursively):$ chown -hR root mydirectory

sudoThesudocommandisusedtoexecuteaprivilegedcommand(onethattypicallyrequiresbeingloggedonasroot).Youwillbepromptedforyourpasswordthefirsttimeyouusesudo.

Example:Usesudotoexecutethemountcommand,whichcanonlybeexecutedbyroot:

$ sudo mount /dev/sda3 /media/flashdrive

53

HelpandEditorCommands

manmanisusedfordisplayingmanualpages(usuallycalledmanpages).Manpagesareself-containedreferencedocumentsstoredonthehost’sharddrive.Theyareusuallyshort,butsomemanpagescanbequitelong.Ubuntu'smanpagesystemhasareferenceforeverycommand-lineprogram,andinmanycasesitistheonlysourceofinformation.Itoffersaquickreferencetotheswitchesandoptionsavailableinterminal-basedcommandsandprograms.mandisplaysmanpagesusingapagingsystem,whichdisplaystheinformationonepageatatime.

Example:Usemantodisplaythemanpagesforthepscommand:$ man ps

aproposTheaproposcommandprovidesameansofsearchingmanpagenamesanddescriptions.Eachmanualpagehasashortdescriptionavailablewithinit.apropossearchesthedescriptionsforinstancesofkeyword.Keywordisusuallyaregularexpression,asif(-r)wasused,ormaycontainwildcards(-w),ormatchtheexactkeyword(-e).Usingtheseoptions,itmaybenecessarytoquotethekeywordorescape(\)thespecialcharacterstostoptheshellfrominterpretingthem.

Options:

apropos[-e|-w|-r]keyword...

-rInterpreteachkeywordasaregularexpression.Thisisthedefaultbehavior.Eachkeywordwillbematchedagainstmanpagenamesanddescriptionsindependently.Itcanmatchanypartofeither.Matchingisnotlimitedtowordboundaries.

-wInterpreteachkeywordasapatterncontainingshellstylewildcards.Eachkeywordwillbematchedagainstthemanpagenamesandthedescriptionsindependently.If(-e,--exact)isalsoused,amatchwillonlybefoundifanexpandedkeywordmatchesanentiredescriptionorpagename.Otherwise,thekeywordisalsoallowedtomatchonwordboundariesinthedescription.

-eEachkeywordwillbeexactlymatchedagainstthepagenamesandthedescriptions.

Example:Tofindthemanpagescontainingthekeywordpsyoucouldenterthefollowingcommand:$ apropos –e ps

54

emacsemacsisoneoftheoldestandmostversatiletexteditorsavailableforLinuxandUNIX-basedsystems.Itiswellknownforitspowerfulandricheditingfeatures.emacsisalsomorethanjustatexteditor;itcanbecustomizedandextendedwithdifferent"modes"thatsupportspecializededitingfeaturesparticulartotasks(e.g.,writingJava,CorPythonprograms).Ittakestimetolearnhowbesttointeractwithemacs--bepatient.

Commandsinemacsarecontrolcharacters(e.g.,holddownthe<CTRL>keywhiletypinganothercharacter).Hereareafewofthemostcommonlyusedcommands.

HelpCommands

<CTRL>-h help-command:firstcharacterinlotsofusefulhelpcommands

<CTRL>-ht help-with-tutorial:commandtorunthetutorial

<CTRL>-ha command-apropos:promptsforastringandthensearchesforallemacscommandsthatcontainsthatstring

<CTRL>-h? help-for-help:describeshowtousethehelpfacilities

FileReading/WritingCommands

<CTRL>-x<CTRL>-f

find-file:firstpromptsforafilenameandthenloadsthatfileintoaneditorbufferofthesamename

<CTRL>-x<CTRL>-s

save-buffer:savesthebufferintotheassociatedfilename

OtherCommands

<CTRL>-x<CTRL>-c

save-buffers-kill-emacs:whenyouarefinishedediting,tosavetheeditedbutunsavedbuffersandtoreturnyoutotheUNIXprompt

<CTRL>-g keyboard-quit:ifwhiletypingacommandyoumakeamistakeandwanttostop,thisabortsacommandinprogress

<CTRL>-xu undo:undoesthelastcommandtyped,incaseyoumadeamistake

Example:Tostartemacsandopenafilenamedmyfile:

$ emacs myfile

55

FileSystemCommands

dfThedf(diskfilesystem)commanddisplaystheamountofdiskspaceavailableononeormorefilesystems.Bydefault,dfreportsthespaceavailableonallcurrentlymountedfilesystems.Diskspaceisshownin1-kilobyteblocksbydefault,whichcanbedifficulttoread.Usingthe-h(human-readable)optioncausesdftoprintsizesinhumanreadableformat(e.g.,1K,234M,2G).

Example:

Todisplayallmountedfilesystemsandtheirdiskusageinhuman-readableform:$ df -h

duThedu(diskusage)commandreportsthesizesofdirectorytrees,includingofalloftheircontentsandthesizesofindividualfiles.Thismakesitusefulfortrackingdownspacehogs,i.e.,directoriesandfilesthatconsumelargeorexcessiveamountsofspaceonaharddisk.

duiscommonlyemployedbysystemadministratorsasasupplementtoautomatedmonitoringandnotificationprogramsthathelppreventkeydirectoriesandpartitions(logicallyindependentsectionsofaharddisk)fromfillingup.Full,orevennearlyfull,directoriesandpartitionscancauseasystemtoslowdown,preventusersfromlogginginandevenresultinasystemcrash.Althoughvisuallyidentifyingheavyconsumersofdiskspacecanbepracticaliftherearerelativelyfewusersonasystem,itisclearlynotefficientforlargesystemswithhundredsorthousandsofusers.

Thebasicsyntaxisasfollows.Ofcourse,likemostLinuxcommands,duacceptsanumberofoptionsthatcanchangeitsbehavior.

Generalformat:$ du <directories and/or files>

Example:

It’sagoodideaforsystemadministratorstomonitorthesizesofusers’homedirectories,lookingoutforspacehogs.Thefollowingcommandlineshowstheoverallsizeofthe/homedirectory,alongwithitsfirst-levelsubdirectories.Inthisexampletheresultsarepipedthroughthesortcommandtodisplaythedirectoriesinreverseorderbysize,fromlargesttothesmallest.Formoreinformationonsort,seeView/SearchTextFilesintheSupportingDocumentssection.

$ sudo du --max-depth=1 /home/ | sort –rn

56

LinuxCheatSheet

57

Index

addgroup,45adduser,44ApacheWebserver,19apropos,53cat,40chmod,51chown,52delgroup,45deluser,27,45df,55Dovecot,20du,55emacs,54firewallrules,14grep,41head,40htop,47less,40Linuxcheatsheet,56man,53manpages,53mount,52netstat,48networkdiagram,7networktrafficmonitoring,10OTRS,38

packetcapture,15passwd,46pfSense,12pfSensefirewall,13pftop,16Pidgin,43ping,8,35Postfix,20processID(PID),23Prosody,26prosodyctl,27ps,47service,49show interfaces,11show ip route,12sort,42SquirrelMail,18ssh,50sudo,52tail,40tcpdump,10,15telnet,35top,47traceroute,8,35useraccounts,25VyOS,11w,44who,44XMPP,26