DocumentL

Maha avatar baba

Redhat LINUX Admin documentation

LINUX ENTERPRISE SERVER EDITION Version 4

1. Linux Essential (RH033) 2. Linux System Admin (RH133) 3. Linux Network

Security (RH253)

Topics

Linux File System

/(Root)

-etc -bin -sbin -lib -root -usr -mnt -media -var -boot -tmp -opt -dev

-home-proc -lost-found -selinux

bin - used to store user commands. /usr/bin /also stores user commands

sbin – System Administrator commands /usr/sbin also stores system commands

root – home directory of the super user

media – mount points for file systems mounted

boot – contains kernel and other files used during system startup

lost+found – used by fsck to place files whose names cannot be found during file system

repair

lib – contains many library files

dev – store device files

etc – Contains configuration files

var – variable files such as log files and directories

proc – A virtual file system, that contains system information used by certain programs

tmp – a “scratch pad” for users and programs, /tmp has global read/write access.

home – location of user home directories

opt – installation directory for third-party package such as Star Office

selinux – security enhanced linux

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

File System Table

# vi /etc/fstab

Column1 - Directory Partition information (/dev/hda9 or LABEL=home)

Column 2 – Mount point (/dev/hda6, /data, /misc )

Column 3 – File system (ext3, nfs, ext2, swap, smbfs)

Column 4 – option

Column 5 – dumb directory

Column 6 – File system check

Page No 1

Add new device to fstab

# vi/etc/fstab

/dev/hda8 /data ext3 defaults 12

/dev/sb1 /xyz vfat defaults 00

:wq!

# service nfs start / restart

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

CD Writing

i) Nautilus CD Writing or Burning from GUI Mode

Go to X window double click /root explorer,

Copy Files or directory from Source and then click GO option from the menu. Select CD

CREATOR. Then click CDWRITING icon

ii) CD Writing or Burning from Virtual Mode

# mkdir abc

# cd abc (Put all dumbs inside this directory)

# cd..

# mkisofs –r –o abc.iso abc

# cdrecord –v dev=1,0,0 abc.iso

# cdrecord –scanbus (Where your cd writer is present)

# man cdrecord (help)

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

Commands UPDATEDB, SLOCATE, LOCATE

# updatadb (update databse)

# slocate grub.conf (locate the path grub.conf)

# locate httpd.conf (locate path httpd.conf)

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

linux dump from cd (4 cd’s) to harddrive

Inser disk 1 from drive and come to super user prompt

# mount /media/cdrom

# cd /media/cdrom

# ls

# cp – av RedHat /var/ftp/pub

# cp –av images /var/ftp/pub

# umount /media/cdrom

# eject

Page No 2



# cd /media/cdrom

# ls



# eject



# cd /media/cdrom

# ls



# eject

Note : cp -u -update copy only when the SOURCE file is newer than the

destination file or when the

destination file is missing

example : cp –avu Redhat /var/ftp/pub

------------------------------------------------------------------------------------------------------------

----------------------------------------------------

Redhat Installation through Network File Sharing)

NFS (Network File Sharing method for Linux Installation)

From Server

Note: Put all Linux dump cd’s to the server in the directory path /var/ftp/pub

# vi /etc/exports

/var/ftp/pub *(ro,sync) (For all the client users access this directory ie [*])

Note: Assume if you want to share the /var/ftp/pub to particular client, the command as

follows:

/var/ftp/pub 192.168.10.2 /255.255.255.0 (rw,sync) (Read /Write access

permission)

:wq!

# exportfs –r (read all shared directories)

# exportfs –av (append and verbose all shared directories)

# service nfs start / restart

# service portmap start / restart

To Client

Note : Put the Linux 1st cd to the client machine and boot. Follow the commands.

Page No 3

boot : linux askmethod

Linux installation through network

1)NFS image

ii)HARDDRIVE

2)FTP

3)HTTP

4)CDROM

Select NFS image

Servername : server1.example.com (or) 192.168.0.20 – server ip

Redhat Dir : /var/ftp/pub

Now the installation starting

NFS (Network File Sharing for some folders

Some examples mounting through NFS

# vi /etc/exports

/mnt/cdrom *(ro,sync)

/mnt/floppy *(rw,sync)

/home/user2 *(ro,sync)

:wq!

# exportfs –r (read all shared directories)

# exportfs –av (append and verbose all shared directories)

# service nfs restart

# service portmap restart

To Client

# showmount –e 192.168.10.1

# mount 192.168.10.1:/var/ftp/pub /data1

# mount 192.168.10.1:/mnt/cdrom /data2

# mount 192.168.10.1:/mnt/floppy /data3

# cd /data1

# ls

# cd /data2

# ls

# cd /data3

# ls

NFS Overview

Page No 4

File sharing service.

RPC based service, so it requires Portmap.

Packages:

nfs-utils

Provides:

nfsd - Provides userland portion of NFS service.

lockd - NFS lock manager (kernel module)

rpciod -

rpc.mountd - Provides mounting services.

rpc.rquotad - Returns quota information.

rpc.statd - Used by lockd to recovery locks after a server crash.

portmap

Provides portmap program. Portmap maps calls made by other hosts to the

correct RPC service. Because portmap is compiled with tcp wrappers

support (libwrap), those that need to access portmap must be given access

via /etc/hosts.allow and/or /etc/hosts.deny.

Ports

TCP/UDP 111 - portmap

UDP 2049 - nfsd

The other NFS related services vary in the port numbers they use. Clients

contact portmap to find out the port number the other RPC services use.

Required Services

Listed in startup order:

NFS Server

portmap

nfs

NFS Client

portmap

nfslock

Configuration

/etc/exports

NFS server configuration file.

Format:

<directory> <host or network>(options) <host or network>(options) ......

It is critical that there not be any spaces between the host/network and

it's options.

Example:

Page No 5

# Allow all hosts in the somewhere.com domain to mount /var/ftp/pub read-

only

/var/ftp/pub *.somewhere.com(ro)

# Allow all hosts to mount /var/www/html read-only and allow certain hosts

# mount it read-write

/var/www/html *(ro) 192.168.1.0/255.255.255.0(rw)

192.168.2.10(rw)

# Allow certain hosts to mount /usr read-only and another read-write as

root

/usr 172.16.0.0/255.255.0.0(ro)

172.16.1.10(rw,no_root_squash)

# Allow access to /usr/local by everyone, but only as the anonymous user

/usr/local *(ro,all_squash,anonuid=100,anongid=100)

Restrictions

Root can't mount an nfs share as root unless no_root_squash is used.

Normally when root mounts a share, NFS maps root to the local user

nobody.

You can't export a directory that is a parent or child of another exported

directory within the same file system.

e.g. You can't export both /usr and /usr/local unless /usr/local is a

separate file system.

Common Export Options

no_root_squash - Remote hosts can access local shares as root

(Dangerous!)

ro - Read-only

rw - Read/Write

sync - All file system writes must be committed to disk before the

request can be completed.

all_squash - All remote users are mapped to a local anonymous user.

anonuid - Specify the uid to user for anonymous access.

anongid - Specify the gid to user for anonymous access.

/etc/fstab

Page No 6

Used for NFS client configuration

Example:

server:/usr /usr nfs user,soft,intr,rsize=8192,wsize=8192 0 0

Common NFS related mount options

soft - Processes return with an error on a failed I/O attempt

hard - If a process tries to access an unavailable share, it will hang until

data is retrieved.

intr - Allows NFS requests to be interrupted or killed if the server is

unreachable

nolock - Disable file locking in order to work with older NFS servers

rsize - Sets the number of bytes NFS reads from a share at one time

(default 1024)

wsize - Sets the number of bytes NFS writes to a share at one time (default

1024)

* Setting rsize and wsize to 8192 greatly increases performance.

Auto Mounting NFS shares

Requires autofs package to be installed.

Create entry in /etc/auto.misc for the NFS share:

ftp -fstype=nfs,intr,soft 192.168.1.20:/var/pub/ftp

If the default autofs setup is used, whenever someone accesses /misc/ftp, the

remote NFS share on 192.168.1.20 will be automatically mounted. The options

specified in the /etc/auto.misc have the same meaning as when they are used

in /etc/fstab.

NFS Utilities

exportfs

Used to maintain the table of exported file systems.

Example Usage:

exportfs -r # Refresh the share listing after modifying /etc/exports.

# This MUST be done in order for your changes to take effect.

exportfs -v # Display a list of shared directories

exportfs -a # Exports all shares listed in /etc/exports

Page No 7

# To export a filesystem not in /etc/exports

exportfs 192.168.1.0/255.255.255.0:/tmp

# Unexport a filesystem

exportfs -u 192.168.1.0/255.255.255.0:/tmp

showmount

Show mount information for an NFS server.

Does not require that any local NFS services be running in order to use it.

Example Usage:

showmount -e 192.168.1.67 # Shows available shares on host

192.168.1.67

showmount -a 192.168.1.67 # Shows the clients connected to host

192.168.1.67

# and the shares they have mounted.

rpcinfo

Reports RPC information.

Can determine if RPC services are running on a host.

Example Usage:

rpcinfo -p 192.168.1.77 # Display list of RPC services running on

192.168.1.77

------------------------------------------------------------------------------------------------------------------------------------------------------------------

KICK START INSTALLTION

From Server

# cd /etc

# cp anaconda-ks.cfg ks.cfg

Note : goto X window system, select System tools – KICKSTART. Modify basic

configuration installation method

NFS ip address : 192.168.10.1, Directory : /var/ftp/pub

Network : DHCP

Select the way you want to do (for Select language, keyboard layout, partition,

packages, boot loader etc.,)

Above information save the file to ks.cfg

Kick start installations possibility on four ways 1. FLOPPY 2.NFS 3.FTP 4.HTTP

# mount /media/floppy

Page No 8

# cp ks.cfg /media/floppy

# umount /media/floppyTo Client

Note : Put the Linux cd1 from the client machine and boot. Follow the any one command

with your

choice of installations

# linux ks=floppy

# linux ks=nfs:192.168.0.254:/kicks/ks.cfg (kicks – This is a directory which

contains ks.cfg file)

# linux ks=ftp:192.168.0.254:/kicksftp/ks.cfg cfg (kicksftp – This is a directory

which contains ks.cfg file)

# linux ks=http:192.168.0.254:/kickshttp/ks.cfg cfg (kickshttp – This is a

directory which stores in ks.cfg file)

Installation starting

Kickstart

Overview

Kickstart provides a way to do automated installations.

The Kickstart configuration file (ks.cfg) answers all the questions that are normally

asked during a normal install.

Allows you to automate most of the installation, including the following:

Language Selection

Mouse Configuration

Keyboard Selection/Configuration

Boot Loader Installation

Disk Partitioning

Network Configuration

Authentication (NIS, LDAP,Kerberos, Samba, and Hesoid)

Firewall Configuration

X Window System Configuration

Package Selection

Packages

mkkickstart - This package provides utilities that will create a kickstart file

based on the current machine's configuration.

ksconfig - Provides a graphical interface for creating kickstart files.

Creating a Kickstart File

Manual

Page No 9

Copy the sample.ks kickstart file from the RH-DOCS directory on the

documentation CD and modify it to meet your requirements. Be careful when

editing it because the sections must remain in order. The order is:

Command Section

%package Section

%pre & %post Sections

mkkickstart

Use the mkkickstart utility to create a kickstart configuration file based on the

current system's configuration.

ksconfig

Use the GUI tool ksconfig to create a kickstart file.

Kickstart Installation Types

Network

Requires a DHCP/BOOTP server.

ks.cfg file must be accessible from NFS, FTP, HTTP, or Samba (although I've

only been able to get it to work when the ks.cfg file is on NFS).

Can install from NFS, FTP, HTTP, & Samba.

Local

ks.cfg file must be put on a floppy boot disk.

Can install from a local CD-ROM or a local hard drive.

Kickstart Installation

Boot with a boot floppy. For a local kickstart installation, the ks.cfg must be located in

the root of the boot disk.

When SYSLINUX installation screen comes up, specify one of the following options:

ks=floppy - If ks.cfg is located on the floppy.

ks=hd:fd0/ks.cfg - Same as ks=floppy above.

ks=floppy dd - When ks.cfg is located on the floppy and you need a

driver disk.

ks=nfs:<server>:/path - ks.cfg file is on an NFS server.

ks=http:<server>:/path - ks.cfg file is on an HTTP server.

ks=ftp:<server>:/path - ks.cfg file is on an FTP server.

Additional Network Installation Info

When specifying "linux ks" at the installation prompt:

The ks.cfg file must be available via NFS.

By default, it is assumed that the ks.cfg file will be on the same server as

the DHCP/BOOTP server. To specify a different server for the ks.cfg file,

specify the following in the /etc/dhcpd.conf file:

Page No 10

filename "/path/to/ks.cfg"

next-server <hostname or IP>

If the path specified in the "filename" clause ends with a "/", then the file

that is looked for is: "/specified/path/<IP>-kickstart" where <IP> is the IP

address of the machine making the request.

Note that the path specified in the "filename" clause must be the full path

to the file and not the relative path from the NFS export. Kickstart will

automatically try to mount the NFS export based on the path's name. In the

above example, it would first try to mount "/path", then if that failed,

"/path/to".

If you don't wish to use DHCP to specify the location of the kickstart file, you can

specify one of the options listed above to point to the location of the ks.cfg file.

To install from NFS, the following directive must be used in the ks.cfg file right after

the "install" directive:

nfs --server <server> --dir <dir>

To install from HTTP or FTP, the following directive must be used in the ks.cfg file

right after the "install" directive:

url --url http://<server>/path

url --url ftp://<server>/path

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

User Creations, modification and password settings and removing

Four ways of user creations

1. adduser 2. useradd 3. redhat-config-user 4. click system settings – user &

groups

# useradd vasanth

# passwd vasanth

new password: xxxxxx

retype password: xxxxxx (at least 6 char)

# useradd –u 650 –d /home/vasanth –m vasanth

# useradd –u 700 –d /home/prem –m prem

# usermod –u 700 -o -l vasanth babaji (username modify from vasanth to babaji)

# passwd –d vasanth (remove the password)

# userdel –r vasanth (remove the vasanth user from /home dir)

Some of the important /etc configuration files modification and processing

# vi /etc/issue (After login to the user to display Terminal screen number, date and

time)

Page No 11

Terminal : \l

Date : \d

Time : \t

Hostname : \nwq!

Ctrl –d (refresh )

# vi /etc/motd (Set the title banner for after login to the user )

-----------------------------xxxxxxxxxxxxxx--------------------------

WELCOME TO ELMAQ

-----------------------------xxxxxxxxxxxxxx------------------------

:wq!

# login : user1

passwd : xxxxxx

# login : user2

passwd : xxxxxx

# vi /etc/shadow (users and groups password crypt)

disable the particular user id

:wq!

# login user1

do not login

#vi /etc/passwd (All users id and other information)

disable the particular user encrypt password

:wq!

# login user2

do not login

#vi /etc/group ((All the group id and other information are inside)

vi /etc/inittab

id : 5 (default) chage the run level 1 or 2 or 3 or 4 or 6

:wq!

Run level Description

0 – Shutdown

1- Single user mode

Page No 12

2 - Multiuse mode without network support

3 - Multi user mode with network support

4 -Not used

5 - Multiuse mode with X window

6 - System restart

Change the runlevel during startup (booting) linux

i) Press a key e come down again press e display Label = / (3 type runlevel), press

enter and press b (boot)

ii) Press a key a Label = / (3 type runlevel) and press enter

List the runlevel files (from runlevel 0-6)

# cd /etc/rc.d/rc6.d

# ls


#ls


# ls

List the services

# chkconfig -- list

# chkconfig network off

# chkconfig vsftpd on

# chkconfig xinetd on

# chkconfig xinetd off

# chkconfig smb on

# chkconfig nfs on

# chkconfig ypserv on

K – stop

S –start

# vi /etc/rc.d/rc.local ( create the shell scripts)

echo “ Your name “ $ name

read name

echo “ Your address “ $ address

read address

:wq!Page No 13

GRUB Redhat linux Enterprise

# vi /etc/rc.d/rc.sysinit (Modify the welcome to linux title screen)

we can modify “Welcome to linux title “ other wise “ Welcome to elmaq.edu”

:wq!

# vi /etc/redhat–release (Adding some text information)

“WELCOME TO LINUX TEAM”

:wq!

Adding new Terminals in run level for command interface

# vi /etc/inittab

copy 6 terminls and paste down

modify the terminal number example (8 –tty8, 9- tty9, 10-tty10, 11-tty11 etc.,)

:wq!

# init q

ctrl +d

Press the Function keys F8, F9, F10, F11 otherwise ctrl left cursor and right cursor.

View different terminals

Adding new Terminals in Graphical Mode

Come to command user mode

# startx -- :1 & new terminal set as F8




# startx (run only command mode on run level 3 or 5 )-----------------------------------------------------------------------------------------------------------------------------------------------------------------

Shutdown the linux

# shutdown –h now (shutdown immediate)

# shutdown –h 3 (After 3 minutes the machine will shutdown)

# halt (power off)

#poweroff

# reboot (restart)

# press ctrl +alt+del (restart)

------------------------------------------------------------------------------------------------------------

------------------------------------------------------

vi editor (user level)

# vi test.c (filename)

Page No 14

esc yy – copy

esc p –paste

esc dd –delete

esc cc – cut

------------------------------------------------------------------------------------------------------------

------------------------------------------------------

Switch Desk

KDE -Kool Desktop Environment or K desktop Environment

GNOME – GUN Network Object Module Environment

# init 3

# switchdesk kde

# startx

# init 3

# switchdesk gnome

# startx

------------------------------------------------------------------------------------------------------------

------------------------------------------------------

RPM (Redhat Package Manager)

Note : Before going to install the package, first come into Linux package directory then

apply the rpm -ivh command.

# rpm –qa|grep “samba” (package query for samba)

# rpm –qa|grep “telnet” (package query for telnet)

# rpm –ivh telnet-server(press tab key take full name of telnet package)

(install telnet package)

# rpm –ivh sendmail (press TAB key take full name of sendmail package)

(install telnet package)

# rpm –ivh redhat-config-samba –aid (press TAB key take full name of samba

package) (install telnet package)

# rpm –e sendmail (remove sendmail package from linux)

# rpm –e telnet (remove telnet package from linux)

# rpm –ql kernel/less (list the kernel oriented files)

# rpm –ql samba/less (list the samba oriented files)

# rpm –qf /etc/inittab (Which file required for inittab command)

# rpm –qf /etc/fstab (Which file required for fstab command)

# rpm –qf /etc/issue (Which file required for issue command)

Page No 15

# rpm –U kernel (press TAB key take full name of kernel) (Upgrade the kernel

package)

------------------------------------------------------------------------------------------------------------

-----------------------------------------------------

Network Configuration and connectivity

# redhat-config-network (Configure the Network Card )

Go to GUI Mode Click System tools – Network – New Ethernet connection – static ip

address 192.168.10.50/255.255.255.0

# netconfig

# ifconfig (display ip address)

# ifconfig eth0:192.168.0.23 up (ip address specify and up)

# ping 192.168.10.1 (Check the network connectivity)

# arp –a (Display Mac addresses for an added entry of the network machines)

# ifdown eth0 (disable the LAN card configuration)

# ifconfig

# ifup eth0 (enable the LAN card configuration)

# ifconfig

# service network restart /start

# ifup eth0 192.168.10.50 up

# service network restart

------------------------------------------------------------------------------------------------------------

------------------------------------------------------

IP aliashing

Define: More than one ip address we can create in single network card.

etho – this is real lan card for physical ip address

eth0:1 ---- virtual ip address



# netconfig –d eth0:1 (specify the ip 192.168.10.4)



list the network card scripts

# ls /etc/sysconfig/network-scripts/

# cd /etc/sysconfig/network-scripts

# ls

# rm ifcfg-eth0:1 (Remove the virtual lan)

# ifdown eth0:2 (disable the virtual configuration)

Page No 16

# ifconfig

# ifup eth0:2 (enable the virtual configuration)

# ifconfig------------------------------------------------------------------------------------------------------------------------------------------------------------------

Job Scheduling

Note : using cron and at command

Crontab

minutes of hour / hours of day / day of month / month of year

* * * *

# date (check the date & time)

# crontab –e (view the editor)

31 * * * * touch file1.txt

32 * * * * mkdir elmaq

35 * * * * echo “hello” >> /dev/tty2

:wq!

Service crond restart

# date

# ls

Go to terminal 2 (tty2) – alt+F2 and check it u-received message as hello.

Using crontab for user login

$ date

$ crontab –e

40 * * * * cat > bin.txt

42 * * * * echo “HAI “ >> dev/tty4

:wq!

Service crond restart

$ date

$ ls

# crontab –e

30 17 * * * * /sbin/ifdown eth0

30 9 * * * * /sbin/ifup eth0

00 20 * * * * /sbin/init 0

# crontab –e

42 * * * * echo “HAI “ >> dev/tty4

:wq!

service crond restart

Page No 17

$ date

$ ls

view the cron information

# cd /etc

# vi cron

# vi crontab

Denied the crontab permission for particular user

# vi /etc/crond.deny

user2 (crontab not access within user2)

user1 (crontab not access within user1)

:wq!

Go to user1 or user2 and type the following commands

# crontab –e (crontab denied)

# vi /etc/crond.allow (Allow the crontab permission)

root (super user)

vasanth (ordinary user)

:wq!

# crontab –help

# crontab –r

# crontab –l (list the crondtab informations)

# crontab –u user1 –r (delete a user1 from crontab)

crontab to Using vi editor method

# vi abc

48 * * * * touch bin.txt

:wq!

#crontab abc

#date

Display the crontab job scheduling report

# cd /var/spool/cron/

# cat root

Job scheduling at command

# at now + 1 min (one minute after the following commands will execute)

at > touch vasanth.txt

at > mkdir elmaq

at > echo “WECOME TO ELMAQ” >> /dev/tty2

Page No 18

at > useradd test

at > passwd test

at > ctrl + d (finish)

note : After one minute type the following command

# ls

Denied the at permission for particular user

# vi /etc/at.deny

root (at not access within root)

user1 (at not access within user1)

:wq!

login : user1

$ at now+1 min (Do not permit)

login : root

# at now+1 min (Do not permit)

# vi /etc/at.allow (Permit the at command)

user2

prem

:wq!

# atq (list the job with at )

# atrm 5 (remove a job from 5)

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

User Creation for Manual Method

# vi /etc/passwd

benq : :502:502:/home/benq:/bin/bash (benq is a user name, 502 is a user id, shell :

borne shell (bsh) )

#vi /etc/group

benq:x:502

# mkdir /home/benq

#chown –R benq.benq. /home/benq

# cd /home

login : benq (user login not good prompt)

# cp –av /etc/skel/. /home/benq

Page No 19

# useradd –D (view the user details)

login : benq (user login good prompt but without password)

# pwconv

# vi /etc/shadow

#pwunconv

#vi /etc/shadow

#vi /etc/passwd

#pwconv

#passwd benq

new password : xxxxxx

retype password : xxxxxx

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

FTP (File Tranfer Protocol)

Define: Get and Put the files to and from remote machine

# service vsftpd start /restart (Very secure FTP)

#

username : vasanth

password : xxxxxx

Group of files mget & mput

ftp > mget * (group of files received from the user vasanth)

ftp > mput * (group of files place to the user vasanth)

ftp > ls (list the files in your machine)

ftp > !ls (list the files from specified user)

ftp > bye (Exit)

Single file get & put

ftp > get vasanth.txt

ftp > get prem.txt

ftp > put vk.txt

ftp > vijay.bak

Page No 20

FTP scripts file

# vi /etc/vsftpd

# vi /etc/vsftpd/vsftpd.conf

ftpd “Welcome to Elmaq FTP”

:wq!

# vi /etc/vsftpd.user_list (denay the ftp users login)

root

vasanth

# vi /etc/vsftpd.ftpusers (denay the ftp users login)

root

vasanth

GFTP (Graphical FTP)

Note : go to X window click Internet – More Internet Application – gFTP

HOST : 192.168.0.20 PORT : 20 USER : vasanth Pass : xxxxxx FTP

Now connecting and transfer the files from source to destination, destination to source

and vise versa.

LFTP

# lftp 192.168.0.20

# lftp 192.168.0.20 > ls

< pub >

# cd pub

# mget * (only getting the files from remote machine, no files are putting)

#lftp [email protected]

password : xxxxx

vasanth@station1$ mget * (getting the files from remote user vasanth)

------------------------------------------------------------------------------------------------------------

------------------------------------------------------

Samba Configuration

Def: Share the folders from Linux to windows and windows to Linux

Sharing the folders from Linux to windows

# service smb start /restart /status

# mkdir /data (we take example samba sharing folder /data)

# cd /data

Page No 21

mailto:[email protected]

# cat > mn.txt

# cat > bm.txt

# useradd sambatest (samba user name)

# smbpasswd –a sambatest (set the sambapassword for the user name sambatest)

# vi /etc/smb.conf (samba configuration file)

Global settings

Workgroup = LINUXSRV – work group name

Hosts allow 192.168.0.70 . 127 (allow the samba for particular host machine)

Shared definitions (go to the last line Copy (esc 8 yy – 8 lines yanked & Paste)

[My share]

***************

***************

***************

[elmaq]

path = /home/vasanth

public =yes

writable =yes

valid user = user2 (particular user only access )

:wq!

# testparm (View the information about what folders we are sharing)

# service smb restart

# smbclient –L localhost

Go to windows and login to the samba username=sambatest and give the

password :xxxxxx

Double click Network neighborhood view /elmaq (domainname) – linux folder

(/home/vasanth)

(Click Network Servers options in X window and view the shared folders)

sambaclient and sambamount from linux to linux machine

# smbclient //localhost/elmaq (domai name)/-U username=user2 (smbuser)

# smbmount //192.168.10.2/elmaq –o username =user3 (smbuser)

Sharing folders from windows to Linux

Note: From windows machine sharing the drive C: or some folders (example /dumb) then

go to Linux machine.

# smbmount //192.168.0.10 /dump /test –o username=administrator

192.168.0.10 (windows machine ip)

/dump (soruce folder from windows)

Page No 22

/test (destination folder to linux)

administrator – windows user name

# cd/test

# ls

(or)

# mount –t smbfs –o username=administrator //192.168.0.100/dump /test

# smbtree (samba tree)

# smbclient //192.168.0.100/student –U administrator

password : xxxxx

smb:> ls (list the windows files)

smb:> mget * (getting & putting the files through samba ftp)

smb:>exit

Assign permanently samba and nfs mounting from fstab (linux to linux and windows

machine)

# vi /etc/fstab

192.168.0.15:/share /opt nfs defaults 0 0

//192.168.0.15 /sad /tmp smbfs defaults, username=vasanth,

passwd=xxxxxx 0 0

192.168.0.17:/var/ftp/pub /dump nfs defaults 0 0

:wq!

#service nfs restart

#service smb restart

# service netfs restart

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

GRUB and LILO Boot Loader

Grub to lilo

# lilo

Lilo to Grub

# grub–install /dev/hda

# vi /boot/grub/grub.conf

# root (hd0,0) (comment this line)

# kernel /vmlinuz-2-4-21-40 EL ro root = LABEL=/ (comment this line)

# initrd /initrd –2.4.21.4 EL.img (comment this line)

# boot (comment this line)

:wq!

After restart the linux system the command prompt appear

grub > root (hd0,0)

Page No 23

grub > cat (hd0,0)/grub/grub.conf

grub > kernel /vmlinuz-2-4-21-40 EL ro root = LABEL=/ 3

grub > initrd /initrd –2.4.21.4 EL.img

grub > boot

booting of the linux

set the password to grub loader

Method 1:

Goto gnome or KDE terminal and type the following commands:

# grup-md5-crypt

password : xxxxxx

retype : xxxxxx

$4567898@#637 (copy this encrypt password and paste to:

# vi /etc/grub.conf

Before the title in linux

Password --md5 $4567898@#63

After the title in linux

Password --md5 $4567898@#63

:wq!

Method 2:

# grub–md5-crypt >> /boot/grub/grub.conf

new passward : xxxxxx

retype password :xxxxxx

#vi /boot/grub/grub.conf

Remove the password at bottom of the line

set the password to LILO

# rpm –qa|grep “lilo”

# vi /etc/lilo.conf----------------------------------password : xxxxxx------------------------------------:wq!

Restart the system

Page No 24

mailto:$4567898@#637

mailto:$4567898@#637

mailto:$4567898@#637

We don’t know grub password but want remove it from grub.conf

Insert the Linux disk1 in to the cdrom drive then boot. The command prompt appears

boot: linux rescue

# chroot /mnt/sysimage

# vi /etc/grub.conf

Remove the password line

:wq!

# exit

# exit

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

Services

# netsysv (what services should be automatically started)

# system-config-services – Display the all services in X window.

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

Permissions

U – user 4 – read r - read

G – group 2 – write w- write

O – others 1- execute x-execute

# cat > file1

# cat > file 2

# ls –l

# chmod 677 file1

# chmod ugo=rwx file2

# ls –l

# mkdir test

# cp *.txt test

# chmod –R 766 test (R - Recursively)

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

Chown (Change Owner)

# chown vasanth test1 (now changing the ownership to user vasanth)

# chown prem test2 (now changing the ownership to user prem)

# chgrp vasanth test1 (now changing the group to vasanth)

# chgrp prem test2 (now changing the group to prem)

# chown nobody.elmaq sharefile (ownership – nobody but group=elmaq)

SGID (set Group ID)

Page No 25

Special permission – numeric value 2

Create 3 users

useradd class1

passwd –d class1

useradd class2

passwd –d class2

useradd class3

passwd –d class3

Create a group

groupadd elmaq

vi /etc/group

check the groupname - elmaq groupid

elmaq:x:710 class1,class2 (users membership)

vi /etc/passwd

class1:x:690:690 - > 690 change the group id to 710

class1:x:690:710 (here userid – 690(class1) and 710(elmaq) is called group id)

class2:x:691:710 (here userid – 691(class2) and 710(elmaq) is called group id)

class3:x:692:692 (here userid – 692(class3) and 692(class3) is called group id)

above statements the class1 and class2 had membership from elmaq group

Go to root login. Create one common folder for accessing group permission

# mkdir /home/angels (here angles is a common folder for accessing the group membership users)

# chown nobody.elmaq /home/angles (Set the group ownership of elmaq group)

#chmod 2770 /home/angles (set the group id and permissions for user=rwx group=rwx and other=none)

Go to other Terminals

Login class1

$ cd /home/angles (permissions accept)

Login class2

$ cd /home/angles (permissions accept)

Login class3

$ cd /home/angles (permissions denied) – because this user not membership from elmaq group

Page No 26

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

STRICKY BIT

This is special file permission for Directories. For access this directory only the user

ownership and super user.

Others can’t access.

Logon to a user (for example student)

Login student

# ls –ld /tmp

# cd /tmp

# mkdir stricky

# ls –ld stricky

# chmod 1770 stricky (1 – stricky bit ) (or) chmod 1755 stricky

(or)

# chmod o+t stricky

# ls –ld stricky

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

UMASKLogin from root

root # umask

0022

666 ( - ) File Permission 777( -) Directory Permission

022 = 644 (rw r r) 022 = 755 (rwx rx rx)

vasanth $: umask

0002

666 (-)File Permission 777( -) Directory Permission

002 = 664 (rw rw r) 002 = 775 (rwx rwx rx)

Change umask

root # umask 044

666 (-)File Permission

044 = 622 (rw w w)

# cat > mk.txt

# cat > bn.txt

Page No 27

# ls –l

vasanth $ : umask 044

666 (-)File Permission

044 = 622 (rw w w)

# cat > low.txt

# cat > high.txt

# ls –l

If you want to change the umask permanently in privilege & non privilege users for following:

# vi /etc/bashrc

umask = 044 – set the umask .

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

SWITCH USER# su – user2 (Skip from root to user2)

# su – (come back to root)

# su – user3 (Skip from root to user3)

# su –

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

CREATE A NEW PARTITION

# df –h (Check the free space of your Harddisk)

# fdisk –l

# fdisk /dev/hda

:m help

:p (print the partition)

:n (new partition)

first range : 4024 (cylinders)

last range : +500M

-t (change the partition id)

partition (1-13) 13 (Partition volume example /hda13)

-l (File System type)

- 83 (linux File system)

-w (writing table)

ctrl +c (exit)

# partprobe (without restart system the partition defined)

# mkfs.ext3 /dev/hda13 (ext3 linux filesystem) (or) # mkfs –t ext3 /dev/hda13 (or) mkfs – j /dev/hda13

# e2label /dev/hda13 /data (Label name = /data)

Page No 28

# mkdir /data

# mount /dev/hda13 /data (mount /hda13 to /data)

# vi /etc/fstab

/dev/hda13 /data /ext3 defaults 0 0

:wq!

#service nfs restart (It is automatically mounted every time starts the Linux machine /dev/hda4 to /data)

DELETE A PARTITION

Note : (Before delete a partition , first umount the partition files systems)

# fdisk /dev/hda

# command (m) help : d

# partition (1-9) : 9 (deletion partition)

# command(m) : w (writing table)

# partprobe

TCP Wrappers

*Security

*Ssh – Connect to remote machine securerly

*telnet – It is an insecure way of connecting to a remote machine because the

username and password are transmitted in clear text

# vi /etc/hosts.deny

sshd:ALL (Disable the service (Secure Shell SSH) for all machines)

sshd:192.168.10.3 (Disable the service (Secure Shell SSH) for particular ip machine)

vsftp : ALL EXCEPT 192.168.0.30

portmap:ALL

icmp:ALL

in.telnetd.ALL EXCEPT 192.168.0.50

# vi /etc/hosts.allow

vsftpd:192.168.10.4 (Allow the ftp permission for particular ip machine)

Page No 29

sshd:192.168.10.3 (Allow the ssh permission for particular ip machine )

icmp:192.168.10.5 (Allow the icmp permission for particular ip machine )

ALL EXCEPT vsftpd:ALL

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

Disable the Telnet Service

Telnet is xinetd based service. There is no such deamon

# cd /ect/xinetd.d

# vi telnet

disable = yes (telnet service is disabled)

:wq:

# service xinetd restart

Telnet service from linux to linux machine

Telent – Port 23. It is in secure way of connecting to a remote machine.

From server

# service xinetd start /restart

# telnet 192.168.0.20

login : vasanth

password :xxxxxx

To client

# service xinetd start /restart

# telnet 192.168.0.22

login : prem

password :xxxxxx

Telnet service from Linux to windows machine

Go to win 9x or xp /2000 click start select RUN – telnet 192.168.0.20

Login : vasanth

Password : xxxxxx

$ ls

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

SSH (Secure shell)ssh – Connect to remote machine securely

Page No 30

From server

# service sshd start /restart

# ssh 192.168.0.20 (or) # ssh [email protected]

login : vasanth

password :xxxxxx (This machine is Root password for secure login)

# scp file.txt 192.168.0.22:/home/prem (secure copy for file.txt from client machine)

# scp bin.txt 192.168.0.22:/home/prem (secure copy for bin.txt from client machine)

To client

# service sshd start /restart

# ssh 192.168.0.22 (or) # ssh [email protected]

login : prem

password :xxxxxx (This machine Root password for secure login)

# scp elmaq.txt 192.168.0.20:/home/vasanth (secure copy for elmaq.txt from server)

# scp letter.txt 192.168.0.20:/home/vasanth (secure copy for letter.txt from server)

# vi /etc/ssh/sshd_config

# vi /etc /known_hosts (list the users login)

#vi /etc/services (show the protocols port value)

# vi /etc/securetty

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

RESCUE MODETrouble shooting

# vi /etc/fstab

# LABEL / (comment 1st line)

:wq!

# vi /etc/shadow

# root ::1 (comment 1st line)

:wq!

# vi /etc/inittab

# id : 0 (default) change the run level 0)

:wq!

# vi /etc/passwd

root:x:0:0:root:/root:/bin/bash – this is normal startup

root:x:0:0:root:/root:/bin/bash/nologin – root not login

:wq!

----------------------------------------------------------------------------------------------------------------------------

----------------------------------------

Page No 31

BACKUP / COMPRESS / UNCOMPRESS

# mkdir back (put all files inside this directory)

using gzip

# tar cvf back.tar back (grouping of directory)

# ls –l back.tar

# tar tvf back.tar (list all files inside back.tar)

# gzip back.tar

# ls –l back.tar.gz

gunzip

# ls

# gunzip back.tar.gz

Extracting

Copy back.tar.gz to /home/user directory (or) some other directory

# cp back.tar.gz /home/user

# cd /home/user

# tar xvf back.tar

# ls

using bzip / bunzip

# bzip2 back.tar

# ls

# bunzip back.tar.bz2

Extracting

Copy back.tar.bz2 to /home/user directory (or) some other directory

# cp back.tar.bz2 /home/user

# cd /home/user

# tar xvf back.tar

# ls

tar to unformatted floppies

1. Floppy low-level format 2. Do not mount the floppy disk

# tar czvf /dev/fd0 mydir (folder)

# tar xzvf /dev/fd0/mydir

# tar czvf back.tar.gz back

# tar xzvf back.tar.gz

Page No 32

#tar czvf back.tar.bz2 back

#tar xzvf back.tar.bz2

compress / uncompress

# compress back.tar

# ls –l back.tar.z

# uncompress back.tar.z

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

IPTABLES

FIREWALL

# service iptables restart

# iptables – L (list the iptables INPUT /OUTPUT /FORWARD)

# iptables –A INPUT –p tcp –j DROP (or) REJECT [A –Append, p –protocol, j-jump) -

DROP tcp in your machine

# iptables – L

# iptables –A INPUT –p icmp –j DROP (or) REJECT [A –Append, p –protocol, j-jump) -

DROP icmp in your machine

# ping 192.168.0.20 (This is your machine ip address) do not ping

# iptables –F (Refresh the iptables rules)

# ping 192.168.0.20 (This is your machine ip address) ping successfully

# iptables –A INPUT –p tcp --dport 22 –j DROP (or) REJECT [A –Append, p –

protocol, j-jump,--dport –destination port)

[DROP tcp for other

machines, not this machine]

# iptables –A INPUT –p tcp –s 192.168.0.22 --dport 22 –j DROP (or) REJECT [A –

Append, p –protocol, s- source port

j-jump,--dport – destination port) [DROP tcp for particular ip

(192.168.0.22), not this machine]

# iptables –A INPUT –p icmp –s 192.168.0.22 –j DROP (or) REJECT [A –Append, p

–protocol, j-jump, s-source port)

Page No 33

[DROP icmp for particular

ip (192.168.0.22), not this machine]

# iptables –D INPUT 1 (delete)

# Iptables –D INPUT 2

# service iptables save

# iptables – L

# iptables –F (Refresh the iptables rules)

SET THE IPTABLES FROM SERVER (IP ADDRESS 192.168.0.254)

INPUT CHAINS

Iptables –A INPUT –j REJECT (From the sever all ports and services Rejects to the all

client machines)

Iptables –A INPUT –I eth0 –j REJECT (From the sever interface Rejects to the all client

machines)

Iptables –A INPUT –I eth0 –s 192.168.0.40 –j REJECT (From the sever interface

Rejects to only a

client machine192.168.0.40)

Iptables –A INPUT –p tcp –j REJECT (From the server network services (ftp, telnet, ssh,

pop, http etc.,)

Reject to the all client machines)

Iptables –A INPUT –p tcp –s 192.168.0.30 –j REJECT (From the server network

services (ftp, telnet, ssh, pop, http etc.,)

Reject to only the client machine 192.168.0.35 other clients

can access for all services)

Iptables –A INPUT –p tcp –s 192.168.0.30 –dport 23 –j REJECT (From the server

network service telnet can

(Reject to only the client machine 192.168.0.35 but other

services can access)

iptables –A INPUT ! –s 192.168.0.254 –j DROP (Drop all services expect

192.168.0.254)

OUTPUT CHAINS

Iptables –A OUTPUT –j REJECT (From server can’t access to the client machines

service)

Iptables –A OUTPUT –o eth0 –j REJECT (From server can’t access from all the

outbound eth0’s)

Iptables –A OUTPUT –o eth0 –s 192.168.0.50 –j REJECT (From server can’t access

from only a 192.168.0.50

Page No 34

outbound eth0)

Iptables –A OUTPUT –p tcp –j REJECT (From server can’t access form all the client

machi nes tcp protocol service)

Iptables –A OUTPUT –p tcp –d 192.168.0.30 –j REJECT (From server can’t access

form only a client machine

192.168.0.35 for all tcp protocol service)

Iptables –A OUTPUT –p tcp –d 192.168.0.30 –dport 21 –j REJECT (From server can’t

access form only a client machine

192.168.0.35 FTP protocol. But other services

allowed)

# vi /etc/services (list the protocol port values)

# vi /etc/sysconfig /iptables

------------------------------------------------------------------------------------------------------------

-------------------------------------------------------

IPTABLES – NAT

iptables –t nat –A POSTROUTING –o eth1 –j MASQURADE

For enabling the NAT on the eth1, which represents the entire network.

ech0 “1” > /proc/sys/net/ipv4/ip_forward

vi /etc/sysctl.conf

net.ipv4.icmp_echo_ignore_all=1

net.ip_forward=1

iptables –t nat –A PREROUTING –i eth0 –p tcp --dport 80 –j REDIRECT --to -port

3128

For redirecting the port from 80 to 3128. Before the client access the eth0, the redirect

takes place.

iptables –A FORWARD –s 192.168.10.0/24 –d scs.yahoo.com –j DROP

This will DROP all forward connection in 192.168.10.0 network, it will stop all movements

in the server system, it will stop the transaction through scs.yahoo.com.

iptables –A FORWARD –s 192.168.10.234/32 –d scs.yahoo.com –j ACCEPT

scs.yahoo.com can access only through 192.168.0.234

Page No 35

------------------------------------------------------------------------------------------------------------

-------------------------------------------------------

LINUX BOOTING DISK CREATION FROM RHEL 3

1.Insert the RH first cd and mount /mnt/cdrom

2. insert the blank floppy disk and mount /mnt/floppy

3. cd /mnt/cdrom

# cat bootdis..img>/dev/fd0

# dd if=bootdisk.img of=/dev/fd0

In Dos Envirnment the command as

RAWRITE.exe

LINUX BOOTING DISK CREATION FROM RHEL 4

1. Plug the USB Pen drive

2. Service kudzu start

3. vi/etc/fstab

check the file system entry for usb pendrive

/dev/sda1 /media/usbdisk vfst defaults 0 0

4. cd /var/ftp/pub/images (Redhat images directory)

5. dd < diskboot.img > /dev/sda1 (now making the booting disk to pen derive)

(note : Pen drive file system VFAT)

reboot the linux system

6. go to the BIOS setup (change the BOOT device priority first boot – USB pen 2nd

boot- harddisk 3rd boot – cdrom)

7. boot : (the command prompt appears)

Linux typical mount points

/ /boot /home/usr /var /opt /tmp

------------------------------------------------------------------------------------------------------------

-------------------------------------------------------

CONTROLLING SERVICES

# redhat-config-services

# ntsysv (list what services start / stop)

# chkconfig – list

# service

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

FLOPPY DISK FORMATTING

Page No 36

Low level format

# fdformat /dev/fd0H1440 (/usr/bin/fdformat)

High level format

# mkfs –t vfat /dev/fd0

# mke2fs /dev/hda13 (Formatting to ext2 file system)

#mkfs –t ext3 /dev/fd0 (Formatting to ext3 file system)

#mkfs –J /dev/hda10 (Formatting to ext3 file system)

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

REMOVE THE LINUX COMMANDS HISTROY

Command mode

# HISTSIZE=0

# HISTFILESIZE=0

Remove history commands from root permanently

# vi .bash_profile

user specific statements

HISTSIZE=0

HISTFILESIZE=0

export USERNAME BASH_ENV PATH HIST SIZE HISTFILESIZE

::wq!

# export HISTFILESIZE=0

# export HISTSIZE=0

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

VIRTUAL NETWORK SCRIPTS

# cd /etc/sysconfig/network/network_scripts (all network services display)

# echo “1” > /proc/sys/net/ipv4/icmp_ignore_all (pinging off your machine ip address)

# echo “1” > /proc/sys/net/ipv4/ip_forward (pinging off your machine ip address)

# vi /etc/sysctl.conf (network ipv4_forward information)

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

NETWORK INFORMATION SERVICE

RPM

Page No 37

YPSERV - SERVER SIDEYP-TOOLS - SERVER SIDE

YPBIND - CLIENT

FROM NIS SERVER

# domainname <domain name>

(or)

system-config-authentication

use NIS – information

use MD5 password – authentication

use shadow password – authendication

click next button

domain : <domain name>

server : <server ip address>

finish

vi /etc/yp/yp.conf

vi /etc/yp/ypserv.conf

vi/var/yp/Makefile (Make for the NIS Databases)

# vi /etc/sysconfig/network/nertwork_scripts (check the domain name)

chkconfig ypserv on

# service ypserv restart

# /usr/lib/yp/ypint –m

-------

server host : server1.example.com

press ctrl+d

press y (updating NIS database)

#service yppasswdd restart

Note : Through NFS the NIS server users /home directory can sharing to the NIS client

Note : The root permissions u=rwx g=rx o=rx (ie chmod 755 /root)

vi /etc/exports

/home *(rw,sync)

/root *(rw,sync)


# exportfs –av

TOCLIENT

system-config-authentication

(or)

authconfig

use NIS – information

use MD5 password – authentication

Page No 38

use shadow password – authendication

click next button

domain : <domain name>

server : <server ip address>

finish

# service ypbind restart

# cd /etc/securetty

# login : (from nis user name)

NIS Trouble Shooting (client side)

ypwhich - return name of NIS server or map master

yptest – test NIS configuration

Note : NIS server users /home directory can permanently mount to the NIS client

vi /etc/fstab

192.168.0.254:/home /home nfs defaults 0 0

192.168.0.254:/root /root nfs defaults 0 0

service nfs restart

service netfs restart

Note : logout the existing users & logon to the NIS server users.

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

Linux commands (Alias)

# alias k=”ls – l”

# alias m= “mkdir “

# alias r= “rm”

#alias c=”clear”

check the filetype

# file < filename>

# file <directory name>

# file.txt

# file vasanth.txt

CAT command

# cat –A <filename> show all characters

# cat –s <filename> sqeeral

# cat –b <filename> number specify each line.

Page No 39

Help Utilities

# man passwd

# passwd --help

# ls --help

# info less

# info passwd

Graphical Editor

# xemacs

# vi

# kwrite

# kmail

# gedit

# ooffice (Word)

# oocalc (Excel)

# oopadmin ( printadmin)

whereis

# whereis update

# whereis grep

# whereis smb.conf

find

# find / -name *.html

# find /var/www/html -type f –name *.html –exec rm –f {} /;

# find / -name mount

# find /home/vasanth –name “*.txt” –exec cp {} {}.org \;

# find /home/vasanth –name “*.txt” –exec cp {} \txtbackup \; (Search all text files

and copy to \txtbackup folder)

# find /home/vasanth –name “*.txt” –exec rm {} \; (Remove all the text files for

specified folder)

# which csh

# which sh

# which rm

# which bsh

Note : which command is used to identify the path /bin & /sbin

Login

Page No 40

# exe login <username>

# exe login kumar

Date & Time change

# date –s “2005-04-30”

# date –s “2005-04-30 18:45”

# date + “%x” – date

# date + “%X” - time

# date +d

# date +c

ls

# ls –l (detail information)

# ls – a (hidden)

# ls –R (subdirectory listing)

# ls –li (list the files inode)

SoftLink

# ln –s kl kumar

Different inode and different filename

HardLink

# ln kl kumar1

same inode different filename

Checking free space.

# du –s –h

# df –h

# df /opt

Modify the Linux HOST NAME

Go to X window network configuration – Change the HOST NAME , IP Address, & set new

HOSTNAME & IPADDRESS.

SET Command (set the default editor)

# set – o emacs

# set –o vi

# shopt –o vi

# shopt - emacs

Page No 41

# set –o noclobber (clobber on)

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

DHCP CONFIGURATION

# ntsysv

Display what services automatically started.

# chkconfig dhcpd on

# chkconfig – list dhcpd

cp /usr/share/doc/dhcp-3.op.1/dhcpd.conf.sample /etc/dhcpd.conf

# vi /etc/dhcpd.conf

subnet 192.168.0.0 net mask 255.255.255.0

Range dynamic_bootp 192.168.0.21 192.168.0.40 ;

:wq (save & exit)

# service dhcpd restart

# touch /var/lib/dhcp/dhcp.leases

# vi /var/lib/dhcp/dhcp.leases

# ddns (other users access)

# dhclient (dhcp client)

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

Shell Script Command Execution

# vi sum.sh

echo “ enter 1 st value: “

read num1

echo “ enter 2 nd value: “

read num1

sum = `expr num1+num2’

echo “Total” $sum

:wq!(Save & Exit)------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

Squid Proxy

1. Set the proxy server, to restrict the particular websites sharing to the client users.

2. To create the partition volume capacity at least 100 MB up to 2 GB. This partition

can be used to configure the squid proxy.

Take the 1000 MB capacity partition (for example /dev/hda9) for squid configuration.

# fdisk -l

Page No 42

#mkdir /squid

# mount /dev/hda9 /squid

# ls /squid

# df – h

# vi /etc/fstab

/dev/hda9 /squid ext3 0 0

:wq! (save & exit)

cd /etc/squid/

cp squid.conf squid.conf.bak

vi /etc/squid/squid.conf

line no : 53 http port:3142 (specify the port value for example 8080)

line no : 695 cache_dir ufs /var/spool/squid 1000 16 256

line no : 705 cache_access_log /var/log/squid/access.log

line no : 710 cache_log /var/log/squid/cache.log

line no : 720 cache_store_log /var/log/squid/store.log

line no 1860 : #http_access allow our_networks

acl network src 192.168.0.0/24

acl domain_allow dstdomain .yahoo.com .naukri.com .rediff.com

http_access allow network domain_allow

acl server src 192.168.0.254/32

http_access allow server

acl elmaq src 192.168.0.30/24

http_access deny elmaq

:wq!

# squid –z (update the database to squid partition /dev/hda9)

# service squid restart------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

RAID – Partitions

mdadm --create /dev/md0 --level=5 --raid-devices=3 /dev/had {10,11,12} –

Initialize RAID 5 array

mke2fs –j -b 4096 –R stride=16 /dev/md0 (4096 – 4K blocks, chunk size=64k – stride=16) - Format the disk with an

ext3 file system

Page No 43

vi /proc/mdstat – Make sure that the array has finished building

mdadm --manage /dev/md0 --fail /dev/hda10 - Simulate a single disk failure

mdadm --manage /dev/md0 --add /dev/hda10 – Add in the new good drive

mdadm --manage /dev/md0 --remove /dev/hda10 – If drive failed, remove the

existing drive

mdadm –detail /dev/md0 – display the RAID information

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

LVM (logical Volume Manager)

First Time creation

/dev/hda10 = 500MB /dev/hda11 = 400MB /dev/hda12 = 350MB

pvcreate /dev/hda10 /dev/11 /dev/hda12 9 (Physical Volume creations)

pvdisplay (physical volume display)

vgcreate backup /dev/hda10 /dev/hda11 /dev/hda12 (volume group- backup)

vgdisplay (display the volume group size )

lvcreate –L 2000M backup –n logbackup (logical volume group – logbackup

(2GB capacity)

mkfs –j /dev/backup/logbackup

mount /dev/backup/logbackup /data (Now /data contains 2GB capacity)

vi /etc/fstab

/dev/backup/logbackup /data ext3 defaults 0 0

Extend LVM (Do not umount the existing LVM file system-for example /data )

/dev/hda13 – 150MB /dev/hda14 - 100 MB (extra LVM partitions)

pvcreate /dev/hda13 /dev/hda14 (Physical Volume creations)

vgextend backup /dev/hda13 /dev/hda14 ( Expand the capacity in existing volume

group –backup)

vgdisplay ( display the volume group size )

Page No 44

lvextend -L +250M /dev/backup/logbackup( Expand the capacity in existing Logical

volume +250 MB)

ext2online /dev/backup/logbackup (to enlarge the file system)

Note: Now /data contains 2.25GB capacity – 2000MB and +250MB capacity extended.

Remove LVM

umount /dev/backup/logbackup

lvremove /dev/backup/logbackup (Logical volume remove logbackup)

vgchange –an backup (this deactivates the volume group)

vgremove backup (this deletes the volume group)

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

Make a swap partition

# fdisk /dev/had

#m (for help)

#n (add a new partition)

# First cylinder(1755)

# Last cylinder or megabytes +500M

# t – change the system partition id

# hda(1-10) - 10

# l – file system (82 – Linux swap)

# w (save)

# partprobe

# mkswap –v1 /dev/hda10

# vi/etc/fstab

/dev/hda10 swap swap defaults 0 0

:wq!


# swapon –a (active the swap partition)

# swapon –s (check the status of the swap partition)------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

DISK QUOTAS

# vi /etc/fstab

set the quota’s for

LABEL=/home /home ext3 defaults

usrquota,grpquota 1 1

Page No 45

:wq!

# mount –o remount /home

USER QUOTA

# quotacheck –cm /

# quotaon /home

# edauota –u vasanth (username)

Files systems blocks soft hard inods soft

1568 100 (Soft limit 100K) 200 (Hard limit 200K) 287

0

# login : vasanth

# cat >bim.txt

GROUP QUOTA

# edquota –g elmaq (groupname)

Files systems blocks soft hard inods soft

1568 100 (Soft limit 100K) 200 (Hard limit 200K) 287

0

login : test1 (This test1 is grouped from elmaq)

login : test2 (This test2 is grouped from elmaq)

Create any files from the user’s test1 or test2; do not exceed 100k to 200k.

Because the quotas defined maximum of 200K.

# repquota –a (reports the users quota)

# quota vasanth (report for particular user quota)

quotacheck command options

-a = scan all file systems, quota enables /etc/mtab

-v = performs verbose scan

-u = user quota scan

-g = group scan

-m = remove the scanner files

for example the command as follows

quotacheck –avugm /home

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

Page No 46

SUDO

vi /etc/sudoers

# User Alias specification

User_Alias USERS=user1, user2

#Cmnd_Alias specifications

Cmnd_Alias COMMAND = /usr/sbin/useradd,/usr/bin/passwd,/sbin/shutdown –h

now

#User Privilage specification

root ALL=(ALL) ALL

USERS ALL=ALL, COMMAND

Login user1

User1@server1$ sudo /usr/sbin/useradd kannan

User1@server1$ sudo /usr/sbin/passwd kannan

User1@server1$ sudo /sbin/shutdown –h now

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

PAM (Pluggable Authentication Module)

/etc/pam.d – PAM account specifications

/lib/security – PAM Accounts Service

/etc/pam.d

1. login – account required /lib/security/pam_access.so

2. vsftpd – account required /lib/security/pam_ftp.so

3. crond – account required /lib/security/pam_deny.so

4. hwbrowser – account required /lib/security/pam_deny.so

5. system-config-display – account required /lib/security/pam_deny.so

6. system-config-samba – account required /lib/security/pam_deny.so

7. system-config-securitylevel – account required /lib/security/pam_deny.so

8. system-config-rootpassword – account required /lib/security/pam_deny.so

9. sshd – account required /lib/security/pam_deny.so

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

Auto Mounter (cd, floppy & nfs)

/etc/auto.misc

Enable the following options

Page No 47

cd –fstype =iso9660,ro,nosuid,nodev :/dev/cdrom (automount the cdrom

from /misc/cd)

pub –fstype=nfs,intr,soft : 192.168.0.254:/pub (automount the nfs

pub folder from misc/pub)

floppy -fstype=auto :/dev/fd0 (automount the floppy

from /misc/floppy)

/etc/auto.master

/misc /etc/auto.misc --timeout=60

service autofs restart

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

E-Mail Configuration

Configuring of IMAP & POP

Open the file /etc/dovecot.conf

Enable the line protocols=imap imaps pop3 pop3s

Save the file

Service dovecot restart

Configuration of Sendmail (SMTP)

Open the file /etc/mail/sendmail.mc

Edit the line “DAEMON_OPTIONS..... “

change the IP address to the mailserver's IP address.

Save the file.

Now in the prompt issue the following command...

# m4 sendmail.mc > sendmail.cf

Open the file /etc/mail/submit.mc

Edit the line “FEATURE..... “

change the IP address to the mailserver's IP address.

Save the file.


# m4 submit.mc > submit.cf

Open the file /etc/mail/local-host-names

Page No 48

Add the following parameters

a. ur mail servers name (ex: server1.example.com)

b. mail

c. localhost.localdomain

d. localhost

e. just ur domain name (ex: example.com)

Open the file /etc/mail/access

Add the following parameters to the list existing there...

ur mail servers name (ex: server1.example.com)

(i.e) server1.example.com RELAY

ur domain name (ex: eample.com) RELAY

mail RELAY

<ur mail servers IP> RELAY


# makemap hash access.db < access

# service sendmail restart

Create 3 users for user1, user2 and user3

Now create an account in the 'evolution' mail service from server

(server1.example.com)

Tools -> settings

Add new Mail Account ->

FullName : user1

E-mail: [email protected] (click forward)

Receiving Mail : IMAP

Host : server1.example.com (or) u r mail server ip address (Click Forward)

Sending Mail : SMTP

Host : server1.example.com (Click Forward)

Name: [email protected]

Finish

Go to user1 inbox

Tools -> settings


FullName : user2


Page No 49






Sending Mail : SMTP



Finish

Go to user2 inbox

Tools -> settings


FullName : user3




Sending Mail : SMTP



Finish

Go to user3 inbox

GO to Client machine For Example Station1.example.com

Before going to configure the evolution mail

Put the entry for /etc/hosts - Mail server IP and Mail server name

For example

Vi /etc/hosts

192.168.0.254 server1.example.com

Go to Evolution Mail

Tools -> settings


FullName : user1




Sending Mail : SMTP



Finish

Page No 50






Go to user1 inbox




For example

Vi /etc/hosts


Go to Evolution Mail

Tools -> settings


FullName : user2




Sending Mail : SMTP



Finish

Go to user2 inbox




For example

Vi /etc/hosts


Go to Evolution

Tools -> settings


FullName : user3




Sending Mail : SMTP


Page No 51





Finish

Go to user3 inbox

Note: Now u can send and receive the mails from station1 (ie user1) to

station2 (ie user2) and vice versa.

(Send and Receive the Mails from linux server to Windows outlook express)

Go to outlook express

Select tools - > accounts -> Add mail

Display name: user1

E-mail Address : [email protected]

(click next……..)

My incoming mail server is a IMAP

Incoming mail : 192.168.0.254 ( this is linux mail server ip address)

Outgoing Mail (SMTP) server

192.168.0.254 ( this is linux mail server ip address)


Account name : user1 ( this is linux mail server username)

Passwd : xxxxx


finish

go to inbox of (192.168.0.254) u can send and receive the mails from linux

server to outlook express and vice versa

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

X Desktop Management Control ProtocolXDMCP

In linux you need to provide font using either X font server (xfs) or hard coded font path

in xf86 config and xf86config -u conf files. If you plan to use xfs font server, modify the

file given below,

vi /etc/rc.d/init.d/xfs (make the following modifications)

Page No 52



“ daemon xfs -droppriv -daemon -port -1 ”

(change the following line as)

“ daemon xfs -droppriv -daemon -port 7100 ”

vi /etc/X11/fs/config (make the following modifications)

check whether the following line is commented,

“ #dont listen to tcp ports by default for security reasons ”“ #no-listen = tcp ”

If you change or add the port use this comand to restart your x font server,

service xfs restart

vi /etc/X11/xdm/xdm-config (make the following modifications):

Display Manager.request port : 0(comment it)! Display Manager.request port : 0

vi /etc/X11/xdm/Xaccess (make the following modifications, this allows all hosts to connect)

#* #any host can get a login window

(change to)

* #any host can get a login window

vi /etc/X11/gdm/gdm.conf (make the following modifications)

[xdmcp] “ Enable = false ”

(change to)

“ Enable = True ”

Make sure, “ port = 177 ”

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

DNS (Domain Name System)

Server:

[server1.example.com, 192.168.0.254]

Page No 53

1) service named restart

2) cp /etc/named.conf /var/named/chroot/etc/named.conf

3) cp /etc/named/* /var/named/chroot/var/named

4) cd /var/named/chroot/etc/

5) vi named.conf

zone "java.com" IN {

type master;

file "java.com.zone";

allow-update { none; };

};

zone "0.168.192.in-addr.arpa" IN {

type master;

file "java.com.local";

allow-update { none; };

};

6) cd /var/named/chroot/var/named

7) cp localhost.zone java.com.zone

8) cp named.local java.com.local

9) vi java.com.zone

$TTL 86400

@ IN SOA server1.example.com. root.server1.example.com (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS server1.example.com

www IN A 192.168.0.254

26. vi java.com.local

$TTL 86400

@ IN SOA server1.example.com. root.server1.example.com. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

Page No 54

3600000 ; Expire

86400 ) ; Minimum

IN NS server1.example.com

254 IN PTR www.java. .com (Domain 1 specified) Two Domains for

Same IP address

254 IN PTR www.virtual.com (Domain 2 specified)


vi /etc/hosts

192.168.0.254 www.java.com

192.168.0.254 www.cirtual.com

neat

Device:

Static IP add : 10.0.0.25

Netmask : 255.0.0.0

DNS:

Primary DNS : 10.0.0.25

DNS Path : redhat.com/

DNS Client:


2) neat

Device:

Static IP add : 10.0.0.24

Netmask : 255.0.0.0

DNS:

Primary DNS : 10.0.0.25

DNS Path : redhat.com/

3) vi /etc/resolv.conf

search www.java.com

nameserver 192.168.0.254

4) vi /etc/hosts

192.168.0.254 www.java.com

192.168.0.254 www.cirtual.com


DNS check utility

Page No 55

http://www.cirtual.com/

http://www.java.com/

http://www.cirtual.com/


http://www.virtual.com/

dig –x 192.168.0.254

host www.java.com

host www.virtual.com

host 192.168.0.254

nslookup www.java.com

nslookup www.vitrual.com

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

CONFIGURING APACHE TO HOST A SINGLE SITE

In this scenario, we are going to host a website www.vk.com on IP 192.168.10.99. We

assume that you have already configured DNS server to resolve this domain.

1.Create a directory under /var called /website. Put the webpages that you have

already created for your website in this directory. If you don't have a website ready,

create one single html file for testing.

2.Open the file /etc/httpd/conf/httpd.conf. Go to the end of the file by pressing G. The

last 7 files will look sa here under :-

#<VirtualHost *>

# ServerAdmin [email protected]

# DocumentRoot /www/docs/dummy-host.example.com

# ServerName dummy-host.example.com

# ErrorLog logs/dummy-host.example.com-error_log

# CustomLog logs/dummy-host.example.com-access_log common

#</VirtualHost>

3.Copy these 7 lines by issuing the command 7yy. Paste these 7 lines at the end by

pressing p. Your file will look as here under :-

#<VirtualHost *>






#</VirtualHost>

Page No 56

http://www.vk.com/

http://www.vitrual.com/


http://www.virtual.com/


#<VirtualHost *>






#</VirtualHost>

4.Change the last 7 lines to the following :-

<VirtualHost 192.168.10.99>

DocumentRoot /var/website

</VirtualHost>

5. Save the file and exit.

6)Now, at the prompt, issue the command service httpd start

7)Start a web browser and type www.vk.com at the address bar.

8)You will see index.html which will be the first page of ur website

CONFIGURING APACHE TO HOST MULTIPLE SITES ON SAME IP

In this scenario, we are going to host website www.vk.com and www.redhat.com on IP

192.168.10.99. We assume that you have already configured DNS server to resolve

these domains.

1.Create a directory under /var called /website to store www.vk.com webpages and a

directory under /var called /newweb to store www.redhat.com webpages. Put the

respective webpages that you have already created for your websites in the

corresponding directories. If you don't have a website ready, create one single html file

for testing in each directory.

2.Open the file /etc/httpd/conf/httpd.conf. Go to the end of the file by pressing G. The

last 7 files will look sa here under :-

#<VirtualHost *>






#</VirtualHost>

Page No 57

http://www.redhat.com/

http://www.vk.com/


http://www.vk.com/

http://www.vk.com/

3.Copy these 7 lines by issuing the command 7yy. Paste these 7 lines at the end by

pressing p. Your file will look as here under :-

#<VirtualHost *>






#</VirtualHost>

#<VirtualHost *>






#</VirtualHost>

4. Repeat Step 3. The end of the file will look like here under :-

#<VirtualHost *>






#</VirtualHost>

#<VirtualHost *>






#</VirtualHost>

Page No 58

#<VirtualHost *>






#</VirtualHost>

5.If you want to host multiple domains on the same IP, there is a directive called

NameVirtualHost that you need to configure. You will find this directive to be

commented just above the Virtual Host area. Change it to NameVirtualHost

192.168.10.99 . Once this is done, change the last lines to the following :-


DocumentRoot /var/website

DirectoryIndex index.html

</VirtualHost>


DocumentRoot /var/newweb


</VirtualHost>

6. Save the file and exit.

7. Now, at the prompt, issue the command service httpd start

8. Start a web browser and type www.vk.com at the address bar.

9. You will see the index.html which will be the first page of www.vk.com

10. Now type www.redhat.com at the address bar.

11. You will see the ndex.html which will be the first page of www.redhat.com

NOTE : If you do not give the DirectoryIndex directive, you will always get the

index.html of www.vk.com only.

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

MULTI PLE SITES ON SAME IP ADDESS AND ALSO SHARING THE FOLDERS

THROUGH HTTP

Line No : 1004 NameVirtualHost 192.168.0.254:80

Page No 59

http://www.vk.com/



http://www.vk.com/

http://www.vk.com/

(www.java.com)

VirtualHost 192.168.0.254:80>

ServerAdmin [email protected]

DocumentRoot /var/www/html/java (This folder contains the web index.html)


ServerName www.java.com

ErrorLog logs/dummy-java.com-error_log

CustomLog logs/dummy-java.com-access_log common

<Location javanotes> (This javanotes folder contains /var/www/html/java)

Order allow,deny

Allow from all

</Location>

</VirtualHost>

(www.virtual.com)

<VirtualHost 192.168.0.254:80>

ServerAdmin [email protected]

DocumentRoot /var/www/html/virtual (This folder contains the web index.html)


ServerName www.virtual.com

ErrorLog logs/dummy-virtual.com-error_log

CustomLog logs/dummy-virtual.com-access_log common

</VirtualHost>

service httpd restart

go to FIRE ROX and type the following with address bar

http://www.java.com

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

Alternatives Introduction

It is possible for several programs fulfilling the same or similar functions to be installed

on a single system at the same time. For example, many systems have several text

editors installed at once.

Page No 60

This gives choice to the users of a system, allowing each to use a different editor, if

desired, but makes it difficult for a program to make a good choice of editor to invoke if

the user has not specified a particular preference.

In our example, we are going to create a link called editor, which will have a generic

name of myeditor. This link and generic name are going to be associated with 3 text

editors, namely gedit, kwrite and emacs. We will then switch the default editor between

these 3 editors according to user preference. The steps to implement this scenario are

less, but the concept is not that simple to understand.

Implementing Our Alternative

Issue the following commands:-

Code:

alternatives --install /etc/alternatives/editor myeditor /usr/bin/kwrite 90

alternatives --install /etc/alternatives/editor myeditor /usr/bin/gedit 90

alternatives --install /etc/alternatives/editor myeditor /usr/bin/emacs 90

The first command installs a link editor under /etc/alternatives directory, links it to a

generic name of myeditor, which in turn is linked to the kwrite application with a priority

of 90. The next two commands do the same thing for gedit and emacs.

Now, Issue the following command

Code:

alternatives --config myeditor

Your output will be as follows :-

code:

There are 3 programs which provide 'myeditor'.

Selection Command

-----------------------------------------------

*+ 1 /usr/bin/kwrite

2 /usr/bin/gedit

3 /usr/bin/emacs

Page No 61

Enter to keep the current selection[+], or type selection number:

The option with the + sign is the default application. As you see, the above command

also expects you to specify another choice if you wish to. Now, we have successfully

created our alternative and have associated it with the above 3 applications.

Now, double click on the Home icon on your desktop. I am assuming that you are

currently working on KDE. Right click on any text file and then select Open With ->

Other. In the window that is displayed, type /etc/alternatives/myeditor in the Open With

Text Box and then tick the checkbox at the bottom that says Remember Application

Association for this type of file and then click on the OK button. That's it. As you see in

the above output, kwrite is the default editor. That is, whenever you double click on a

text file, it will be opened in kwrite. Run the previous command again

code:

alternatives --config myeditor

You will get the following output. Just type 2 as the selection number and press enter :-

code:

There are 3 programs which provide 'myeditor'.

Selection Command

-----------------------------------------------

*+ 1 /usr/bin/kwrite

2 /usr/bin/gedit

3 /usr/bin/emacs

Enter to keep the current selection[+], or type selection number: 2

------------------------------------------------------------------------------------------------------------

--------------------------------------------------------

Trouble shooting QUESTIONS

1. Rename your /etc/fstab configuration file. One possible name is /etc/bak.fstab

2. Rename your /etc/passwd configuration file. One possible name is /etc/bak.passwd

Page No 62

3. Backup your /boot/grub/grub.conf configuration file. One possible name is

/etc/bak.grub.conf

Edit the currently existing /boot/grub/grub.conf configuration file. Change the entry in the kernel

Command line for root to the label for a different directory. For example

#root (hda0,0)

# cat (hd0,0)/grub/grub.conf

# Kernel /vmlinuz-2.4.21.EL ro root =LABEL=/boot

# initrd /initrd.img

4. LVM (For example To create a LVM Grouping of each 500 MB of /dev/hda5 & /dev/hda6 and mount to the /misc )

5. Remove the .bash_profile .bash_logout .bashrc files from non privileged users &

correct it.

6. Add nologin option to /etc/passwd in users section. Example (vasanth:x: 500:500:/ home/vasanth /bin/bash/nologin)

and logon to the user.

7. Rename your /etc/shadow configuration file. One possible name is /etc/bak.shadow

8. Administrator not knowing the root password, but he wants login to root.

9. Modify some of the options or remove the file /etc/X11/xorg.conf and wcorrect it (X

window trouble)

10. Modify some of the options inside the /etc/X11/xinit/xinitrc and correct it (X window

trouble)

11. Change the runlevel to using /etc/inittab command

12. Damage the file systems like /home /var /opt /tmp and correct it

13. Permanently assign the different label name to the existing file system

14. Change the label name for existing files systems like LABEL=/, LABEL=/home, LABEL=/var & reboot the

system, analyze the problem and correct it.

15. Using fdisk create a new partition, delete a partition, formatting, mounting, and permanently assign the

drives from the fstab.

16. Set the Grub Boot loader password & remove the Boot loader password using Linux

boot CD.

17. Trouble shooting X windows System

# vi /etc/X11/xorg.conf

Font path = “ “(Remove the font path)

Page No 63

:wq!

# startx (problem starting)

# service xfs off (problem starting in X window).

18. Apache trouble shooting

Problem : apache service could not start

# vi /etc/httpd/conf/httpd.conf

listen 0.0.0.80 line no : 151 -> enable this line

:wq! (save & exit)

# Service httpd restart (service could not start)

19. Corrupt the file /bin/bash. And correct it.

20. Corrupt the file /sbin/init. And correct it

21. Damage the Existing Linux swap and make a new swap partition and include the /etc/fstab

22. chattr + i /etc/passwd, chattr +i /etc/group, chattr +i /etc/shadow (This is read only files). The users not login.

23. chattr + i /etc/securetty (This is read only files). Virtual console / tty problem

24. Open the file vi /etc/X11/fs/config comment to all FONT PATH options. And restart the

system.

25. Comment the 1ST line from vi/etc/fstab for following

# LABEL=/ / ext3 defaults 1 2

:wq!

Reboot the system & correct it.

26. i) Rename your /etc/inittab configuration file. One possible name is /etc/bak.initttab

ii) /etc/inittab

# id:5:initdefault: (reboot the system and correct it)

27. For example your system was installed win98 and LINUX. (Problem creating -clear

the linux MBR)

Booting your system through win98 boot disk and apply the command FDISK

/MBR,

Restart the system now LINUX MBR is cleared. Recover the LIUNX MBR.

28. Rename your /etc/rc.d/rc.sysinit configuration file. One possible name is

/etc/rc.d/bak.rc.sysinit

29. Rename your /etc/profile configuration file. One possible name is /etc/bak.profile

Page No 64

30. Rename your /etc/bashrc configuration file. One possible name is /etc/bak.bashrc

31. After typing the following command, check it three times and hit enter but once

dd if= /dev/zero of=/dev/hda bs=446 count=1; reboot (wiped out your boot

sector)

32. Use the following commands can overwrite the MOUNT command.

# cp /bin/date /bin/mount (reboot the system) correct that problem

33. /etc/shadow

#root:$1$1PlkLa::: (restart the system and correct it)

34. Go to vi /etc/sysconfig/network

Netwroking = yes (change Networking=no)

Hostname = localhost localhostdomain

:wq! (save and exit)

Problem : All Daemons are not functioning or not working

35. Go to vi /etc/selinux/config

SElinux = disabled (change SElinux = enforcing=0 or enforcing=1)

Save, exit and restart the system and correct that problem.

36. Remove all permissions to /tmp for the command as chmod 000 /tmp and restart

the linux system. The X window

problems creating.

37. Remove all permissions to /home for the command as chmod 000 /home and

restart the linux system. The X window

problems creating.

38. You can check it whether /tmp or /home directory is full (ie No Diskspace) or not.

Because if any one is full the Xwindow problem is create it.

Page No 65

MAIL CONFIGURATION

cd /etc/mail

SENDMAIL CONFIGURATION

vi sendmail.mc

Page No 66

dnl # DAEMON-OPTIONS (port=smtp,Addr=127.0.0.1,NAME=MTA dnl -- line no 105

(Comment this line


m4 sendmail.mc > sendmail.cf

chkconfig sendmail on

service sendmail restart

IMAP,IMAPs,POP3 and POP3s Incoming Mail Configuration

vi /etc/dovecot.conf

protocols = imap imaps pop3 pop3s

Note :

(If the Examinar asking question IMAP you choose only IMAP)

(If the Examinar asking question IMAPs(IMAP secure) you choose only IMAPs)


chkconfig dovecot on

service dovecot restart

go to X window and click Evolution mail and configure the mail for user JOHN in POP3

and SMTP.

Now user john gets the mail.

go to X window and click Evolution mail and configure the mail for user JANE in IMAP and

SMTP.

Now user jane gets the mail.

Send the mail from ROOT to user JOHN using MAIL and MUTT Command

Go to virtual console and apply the following commands :

root@server1# mail -v [email protected]

Subject : HAI this is test mail

. (dot)

Page No 67

CC : (Carbon copy)

ctrl-z ( mail informations stopped)

root@server1# mutt

Press a key m (MAIL)

To: [email protected]

Subject: TESTING MAIL

Press y to sending a Mail

Go to Evolution Mail click Send&Receive options, the user JOHN gets the mail.

----------------------------------------------------------------------------------------------------------------------------

---------------------------------------

Create a MAIL Certification

cd /usr/share/ssl/certs

rm dovecot.pem

make dovecot.pem

Country Name (2 letters code) GB : in

State (or) province name (fullname) : tamilnadu

Localityname (city) : Coimbatore

Organisation name (eg.company): elmaq

Organisation Unit Name(eg:section): Redhat

Common Name (eg.Your Name or yours servers.hostname) : server1.example.com

E-mail Address : [email protected]

cd /usr/share/ssl/certs/dovecot.pem (This is for Evolutation config. Mail certification)

cp /usr/share/ssl/certs/dovecot.pem /usr/share/ssl/private (This Mail certification

for mutt)

----------------------------------------------------------------------------------------------------------------------------

----------------------------------------

IPTABLES

Page No 68

Configure imaps in such a way that john gets authenticated and allowed to use Imaps.

Cracker.org machines should not get authenticated

Iptables –A INPUT –s 192.168.1.0/255.255.255.0 –p tcp –dport 993 –j REJECT

(IMAPs)


(IMAP)

Configure POP3 on your system such that user jane is able to receive mails. Disable

POP3 for cracker.org machines


(POP3)


(POP3s)

----------------------------------------------------------------------------------------------------------------------------

---------------------------------------

Create a MAIL ALIASES for example.com as something.com

Vi /etc/aliases (go to last line)

example.com: something.com

NIS CLIENT (using Auto Mount)

Vi /etc/auto.master

/rhome /etc/auto.misc

:wq ! (save and exit)

vi /etc/auto.misc

Go to last line

nisuser1 -rw,soft,intr server1.example.com:/rhome/nisuser1

::wq! (save and exit)

service autofs restart

Page No 69

chkconfig autofs on

go to virtual console and logon to the nisuser1

Page No 70

Page No 71

Page No 72

Documents

DocumentL