RHCE Total

8/8/2019 RHCE Total

1/152

1

RHCERed Hat Certified Engineer

Session 1Session 1

M. A. Agheli M. A. Agheli

8/8/2019 RHCE Total

2/152

2

History Of UNIX & LinuxHistory Of UNIX & Linux19571957:: Bell Labs found they needed an operating systemBell Labs found they needed an operating system

which at the time was running various batch jobs.which at the time was running various batch jobs.19651965:: Bell Labs create Multics (Multiplexed Information andBell Labs create Multics (Multiplexed Information and

Computing Service)Computing Service)19691969:: SummerSummer 19691969 UNIX was developed by AT&TUNIX was developed by AT&T19751975:: Sixth edition of UNIX released MaySixth edition of UNIX released May 1975197519851985: GNU project startedGNU project started19911991: Linux is introduced by Linus Benedict Torvalds whoLinux is introduced by Linus Benedict Torvalds who

was a second year student of Computer Science at thewas a second year student of Computer Science at theUniversity of HelsinkiUniversity of Helsinki

19931993: NetBSD & FreeBSD releasedNetBSD & FreeBSD released19941994: Red Hat Linux is introducedRed Hat Linux is introduced

8/8/2019 RHCE Total

3/152

3

F irst Article About LinuxF irst Article About LinuxF rom: [email protected]. FI (Linus Benedict Torvalds)F rom: [email protected]. FI (Linus Benedict Torvalds)Newsgroups: comp.os.minixNewsgroups: comp.os.minix

Subject: What would you like to see most in minix?Subject: What would you like to see most in minix?Summary: small poll for my new operating systemSummary: small poll for my new operating systemMessageMessage- - ID : D ate:D ate: 2525 Aug Aug 91 2091 20: :5757::0808 GMTGMTOrganization: University of HelsinkiOrganization: University of Helsinki

Hello everybody out there usingHello everybody out there using minixminix --I' m doing a (free) operating system (just a hobby, won ' t be big andI' m doing a (free) operating system (just a hobby, won ' t be big andprofessional like gnu) forprofessional like gnu) for 386 386((486486) AT clones. This has been brewing) AT clones. This has been brewingsince april, and is starting to get ready. I' d like any feedback onsince april, and is starting to get ready. I' d like any feedback onthings people like/dislike in minix, as my OS resembles it somewhatthings people like/dislike in minix, as my OS resembles it somewhat(same physical layout of the file(same physical layout of the file- -system (due to practical reasons)system (due to practical reasons)among other things). I' ve currently ported bash(among other things). I' ve currently ported bash(11. .0808) and gcc() and gcc(1 1..4040),and),andthings seem to work.This implies that I' ll get something practical within athings seem to work.This implies that I' ll get something practical within afew months, and I' d like to know what features most people would want.afew months, and I' d like to know what features most people would want.a

Any suggestions are welcome, but I won ' t promise I' ll implement them : Any suggestions are welcome, but I won ' t promise I' ll implement them :- -))Linus ([email protected])Linus ([email protected])PS. YesPS. Yes - - it ' s free of any minix code, and it has a multiit ' s free of any minix code, and it has a multi- -threaded fs.threaded fs.I t is NOT protable (usesI t is NOT protable (uses 386 386 task switching etc), and it probably nevertask switching etc), and it probably neverwill support anything other than ATwill support anything other than AT- -harddisks, as that ' s all I have :harddisks, as that ' s all I have :- -(.(.

8/8/2019 RHCE Total

4/152

4

G NU & GP LG NU & GP LGNU Project:

F ocused on creating a Unixlike operating systemthatcould be freely distributed

GPL:Global Public license(Copyleft)

8/8/2019 RHCE Total

5/152

5

Maj or Linux DistributorsMaj or Linux Distributors

Ma ndr ak e LinuxMa ndr ak e LinuxSlackwa re LinuxSlackwa re LinuxSuSE LinuxSuSE Linux

Turbo Linux Turbo Linux

Vector Linux Vector Linux

Ca lder a LinuxCa lder a LinuxCorel LinuxCorel LinuxDebi an LinuxDebi an LinuxKond ara LinuxKond ara Linux

Red H a t LinuxRed H a t Linux

8/8/2019 RHCE Total

6/152

6

The Adv ant ag e of Linux The Adv ant ag e of LinuxLo w purch ase costLo w purch ase costOpen Source Soft ware (OSS)Open Source Soft ware (OSS)UNIX herit ag eUNIX herit ag eM ulti UserM ulti UserScalabilityScalability

Vendor support Vendor support

Reli able uptimeReli able uptimeSecuritySecurityLogg ing SystemLogg ing System

8/8/2019 RHCE Total

7/152

7

The Dis adv ant ag e of Linux The Dis adv ant ag e of Linux

Steep learning curveSteep learning curveHardware supportHardware supportEndEnd--user applicationsuser applications

8/8/2019 RHCE Total

8/152

8

A Comp arison Of Win A Comp arison Of Win 99x, NT, andx, NT, and

LinuxLinuxL inuxL inux Win NT Win NT Win 9x Win 9xFeatureFeature

GoodGoodGoodGoodPoorPoorScalability Scalability

GoodGoodGoodGoodExcellentExcellentDesktop App. SupportDesktop App. SupportGoodGoodGoodGoodNoneNoneEnterprise App. SupportEnterprise App. Support

GoodGoodGoodGoodExcellentExcellentHardware SupportHardware Support

ExcellentExcellentPoorPoorGoodGoodL icensing CostL icensing CostExcellentExcellentGoodGoodGoodGoodNetwork PerformanceNetwork Performance

GoodGoodGoodGoodPoorPoorSecurity Security

8/8/2019 RHCE Total

9/152

9

Linux F ilesystem Hier archyLinux F ilesystem Hier archyEssenti a l Bin ary F ilesEssenti a l Bin ary F iles/bin/bin

Boot Lo ader F ilesBoot Lo ader F iles/boot/boot

Device F ilesDevice F iles/dev /dev

Confi guration F ilesConfi guration F iles/etc/etc

User Home DirectoriesUser Home Directories/home/home

Shared Libr aries and Kernel M odulesShared Libr aries and Kernel M odules/lib/lib

M ount P oint for Tempor arily Mounted F SM ount P oint for Tempor arily Mounted F S/mnt/mnt

System Inform a tion Virtu al F ile SystemSystem Inform a tion Virtu al F ile System/proc/proc

root User Home Directoryroot User Home Directory/root/root

Essenti a l System Bin ariesEssenti a l System Bin aries/sbin/sbin

Tempor ary F iles Tempor ary F iles/tmp/tmp

Shareable F ilesShareable F iles/usr/usr

NonNon--Shareable F ilesShareable F iles/v ar/v ar

8/8/2019 RHCE Total

10/152

10


SessionSession 2 2


8/8/2019 RHCE Total

11/152

11

Inst alling LinuxInst alling Linux

H ard ware RequirementsH ard ware RequirementsH arddis k P artitionin gH arddis k P artitionin gBoot Lo aderBoot Lo aderInst all P ackag esInst all P ackag esX Confi gurationX Confi guration

8/8/2019 RHCE Total

12/152

12

Overvie w of the Inst a lla tion P rocessOvervie w of the Inst a lla tion P rocess1.1. Startin g the inst allation processStartin g the inst allation process

Inst a lla tion M odeInst a lla tion M odeLanguag eLanguag e

Keybo ardKeybo ardM ouseM ouse

2.2. P artitionin g P artitionin g 3.3. Boot Lo ader Inst a lla tionBoot Lo ader Inst a lla tion4.4. Net w ork Confi gura tionNet w ork Confi gura tion

5.5. Settin g the time zoneSettin g the time zone

8/8/2019 RHCE Total

13/152

13

5.5. F ire wa ll Confi gura tionF ire wa ll Confi gura tion6.6. Specifyin g authentic a tion optionsSpecifyin g authentic a tion options

(option a l)(option a l)7.7. Specifyin g user accountsSpecifyin g user accounts8.8. Selectin g packag esSelectin g packag es9.9. Inst a lling packag esInst a lling packag es10.10. Cre a tin g a boot dis k Cre a tin g a boot dis k 11.11. Confi gura tion the X Windo w s systemConfi gura tion the X Windo w s system

(option a l)(option a l)

Overvie w of the Inst a lla tion P rocessOvervie w of the Inst a lla tion P rocess

8/8/2019 RHCE Total

14/152

14

Inst alling Linux:Inst alling Linux: Consoles & M ess ag e Lo gsConsoles & M ess ag e Lo gs

ContentsKeystrokesConsole

Text-based installation procedureCtrl+Alt+F11

Shell promptCtrl+Alt+F22

Messages from installation programCtrl+Alt+F33

Kernel messagesCtrl+Alt+F44

Other messages, including filesystem creation messages

Ctrl+Alt+F55

Graphical installation procedureCtrl+Alt+F77

8/8/2019 RHCE Total

15/152

15

Confi gurin g Inst a llTime OptionsConfi gurin g Inst a llTime Options

after Inst a lla tionafter Inst a lla tionauthconfig authconfig

ntsysv ntsysv setupsetupredhatredhat--config config--

kbdconfig kbdconfig

mouseconfig mouseconfig timeconfig timeconfig sndconfig sndconfig netconfig netconfig

8/8/2019 RHCE Total

16/152

16


SessionSession 3 3


8/8/2019 RHCE Total

17/152

17

SHELLSHELL

Some of Import ant BASH V ariablesSome of Import ant BASH V ariablesP ATHP ATH SHELLSHELL P SP S11 P SP S22

bash (Bourne A ga in Shell)bash (Bourne A ga in Shell)

ashash sachsach

tcshtcsh mcmc

P S1, P S2 S w itchesP S1, P S2 S w itches\\u ,u , \\h ,h , \\W , W , \\d ,d , \\t ,t , \\s ,s , \\$ , $$ , $

8/8/2019 RHCE Total

18/152

18

Some of Linux Comm andsSome of Linux Comm ands ((11))lslsinfoinfohelphelpmanmanechoecho

rmrmmv mv cpcptactaccatcat

rmdirrmdirmk dirmk dir p w d p w dtouchtouchcdcd

logoutlogoutdatedatelesslessaliasaliasclearclear

ha ltha ltrebootrebootexitexit

8/8/2019 RHCE Total

19/152

19


SessionSession 4 4


8/8/2019 RHCE Total

20/152

20

BASHBASH TAB key Features TAB key Features R eview Pages & CommandsR eview Pages & Commands

Q uotin g in BASH:Q uotin g in BASH: value value

value value

`value``value`

Redirection Oper ators:Redirection Oper ators:>> >>>> | |

8/8/2019 RHCE Total

21/152

21

Import ant Comm and F ormsImport ant Comm and F ormscmdcmdcmd &cmd & (fg, ctrl+z, bg)(fg, ctrl+z, bg)cmdcmd11 ; cmd; cmd22(cmd(cmd11 ; cmd; cmd22))cmdcmd11 `cmd`cmd22`cmdcmd11 | cmd| cmd22cmdcmd11 && cmd&& cmd22cmdcmd11 || cmd|| cmd22

{ cmd{ cmd11 ; cmd; cmd22 }}

8/8/2019 RHCE Total

22/152

22

Linux F ile TypesLinux F ile TypesNorm al fileNorm al file--NormalNormal

Norm al directoryNorm al directoryddDirectoriesDirectories

--Hard link Hard link Shortcut to a file or directoryShortcut to a file or directoryllSymbolic link Symbolic link P ass d ata bet w een 2 processP ass d ata bet w een 2 processssSocketSocket

Lik e soc k ets, user c anLik e soc k ets, user c ant w ork directly w itht w ork directly w ithppNamed pipeNamed pipeP rocesses ch aracter h w communic ationP rocesses ch aracter h w communic ationccCharacter deviceCharacter device

Maj or & minor numbers for controlin g dev.Maj or & minor numbers for controlin g dev.bbBlock deviceBlock device

8/8/2019 RHCE Total

23/152

23

Bash Speci al V ariablesBash Speci al V ariablesSpecifies number of arguments g iven to the comm andSpecifies number of arguments g iven to the comm and$#$#

Returns v alue of the l ast pro g ram to be usedReturns v alue of the l ast pro g ram to be used$?$?

P rocesses number of the current shellP rocesses number of the current shell$$$$

P rocesses number of the l ast child processP rocesses number of the l ast child process$!$!

Specifies individu ally quoted argumentsSpecifies individu ally quoted arguments$@$@

Specifies all arguments quoted as w holeSpecifies all arguments quoted as w hole$*$*Specifies position al argument v alue, w hereSpecifies position al argument v alue, w here n n is the positionis the position$n$n

Specifies n ame of the current shellSpecifies n ame of the current shell$0$0

8/8/2019 RHCE Total

24/152

24

Process Text StreamsProcess Text Streamssort,sort, cut, head, tail, split, wc, uniq, grepcut, head, tail, split, wc, uniq, grepR

edirecting CommandR

edirecting Commands outputs outputteetee

Create, Monitor & Kill ProcessesCreate, Monitor & Kill Processesps, pstree,ps, pstree, top, kill, killalltop, kill, killall

Modify Process Priority Modify Process Priority ( ( renicerenice ) )

Some of Linux Comm andsSome of Linux Comm ands ((22))

8/8/2019 RHCE Total

25/152

25

RHCERed Hat Certified EngineerM. A. Agheli M. A. Agheli

SessionSession 5 5

8/8/2019 RHCE Total

26/152

26

Create Partitions and FilesystemCreate Partitions and Filesystemfdisk, mkefdisk, mke22fs,fs, mkfs.*mkfs.*

Maintain the Integrity of FilesystemMaintain the Integrity of Filesystemee22fsck, fsck.*,fsck, fsck.*, du, df du, df

Filesystem Mounting & Umounting Filesystem Mounting & Umounting mount, umount, /etc/fstabmount, umount, /etc/fstab


8/8/2019 RHCE Total

27/152

27

Use File PermissionsUse File Permissionschmod, chown,chmod, chown, chgrp, suchgrp, su

Create Hard & Symbolic L inks ( Create Hard & Symbolic L inks ( lnln ) )Find System Files ( Find System Files ( find, locate, whichfind, locate, which ) )

Using Emergency & Single UserUsing Emergency & Single UserModeMode


8/8/2019 RHCE Total

28/152

28

Insert ModeInsert Mode

Normal ModeNormal Mode

Command ModeCommand Mode

vi vi P o w erful Text EditorP o w erful Text Editor

dd n+dd (Delete)

yy n+yy (Copy)

p (paste)

P (P aste)

/ (Search)

v(Visual) (Text Selection)

Insert Text

Delete

w

q

wq = x

q!

r

s ///

8/8/2019 RHCE Total

29/152

29


SessionSession 6 6

8/8/2019 RHCE Total

30/152

30

Run LevelsRun LevelsDefinitionRun Le vels

This runle vel halts the system0

This runle vel sets single-user mode1

Multiuser mode without net working2

Multiuser mode with net working3

Not used4

X-based log in5

This runle vel reboot the system6

init & ch k confi g Comm andsinit & ch k confi g Comm ands

/etc/initt ab/etc/initt ab

/etc/rc.d/init.d & /etc/rc[0123456].d//etc/rc.d/init.d & /etc/rc[0123456].d/

8/8/2019 RHCE Total

31/152

31

Confi gurin g Boot lo aderConfi gurin g Boot lo ader

L ILOL ILO

Edit /etc/lilo.conf & executeEdit /etc/lilo.conf & execute lilolilocommandcommand

GR UBGR UBEdit /boot/grub/grub.conf Edit /boot/grub/grub.conf

8/8/2019 RHCE Total

32/152

32

Manage Users, Groups & R elated FilesManage Users, Groups & R elated Filesuseradd, userdel, groupadd, groupdel, passwd, vipw, vigruseradd, userdel, groupadd, groupdel, passwd, vipw, vigr/etc/passwd, /etc/shadow, /etc/skel, /etc/profile,/etc/passwd, /etc/shadow, /etc/skel, /etc/profile,

Configure and use system log filesConfigure and use system log files/etc/syslog.conf, /etc/logrotate.conf /etc/syslog.conf, /etc/logrotate.conf

Scheduling Jobs (at & crontab commands)Scheduling Jobs (at & crontab commands)Backup & R estore ToolsBackup & R estore Tools

tar, bzip2, gziptar, bzip2, gzip

Administr a tive T ask s Administr a tive T ask s

8/8/2019 RHCE Total

33/152

33


SessionSession 7 7

8/8/2019 RHCE Total

34/152

34

Linux Inst allation andLinux Inst allation andP ackag e Ma nag ementP ackag e Ma nag ement

Mak e and Inst a ll P rogramsMak e and Inst a ll P rogramsfrom Sourcefrom SourceR P M R P M (Redh a t P ackag e Ma nag er)(Redh a t P ackag e Ma nag er)

8/8/2019 RHCE Total

35/152

8/8/2019 RHCE Total

36/152

36

Confi gurin g ModemsConfi gurin g Modems

redh a tredh a t--confi gconfi g--net w ork net w ork --tui Comm andtui Comm and

in Text M odein Text M odeModem Confi gura tion F ilesModem Confi gura tion F iles

k ppp Comm and in X w indo w k ppp Comm and in X w indo w

8/8/2019 RHCE Total

37/152

37


SessionSession 8 8

8/8/2019 RHCE Total

38/152

38

Shell ScriptsShell Scripts# Comments# Comments#! Special Comments#! Special Comments

Assign a Value Assign a Valuex=y x=y x=x=$y $y

x=${y}x=${y} x=x=\\ $y $y

x=$y x=$y export x,y,zexport x,y,zx=${y}esx=${y}es export x= $y export x= $y x=$yesx=$yes

8/8/2019 RHCE Total

39/152

39

Shell ScriptsShell ScriptsControl ConstructsControl Constructs

readread commandcommandtesttest command ( [ ] )command ( [ ] )

if if ; then; then ; else; else ; fi; ficase ...; in pattern)case ...; in pattern) ;; esac;; esac

while while ; do; do ; done; doneuntiluntil ; do; do ; done; donefor x infor x in ; do; do ; done; donebreak, continue, exit (for, while, until)break, continue, exit (for, while, until)

8/8/2019 RHCE Total

40/152

40


SessionSession 9 9

8/8/2019 RHCE Total

41/152

41

Ins talli n g a n dIns talli n g a n dCo n figuri n gCo n figuri n g

XX

8/8/2019 RHCE Total

42/152

42

Bas ic X Co n cept sBas ic X Co n cept s

X ClientX Client

X ServerX Server

X P rotocolX P rotocol

8/8/2019 RHCE Total

43/152

43

Bas ic X Co n cept sBas ic X Co n cept s

X Windo w Ma nag erX Windo w Ma nag er

X Des k top Ma nag erX Des k top Ma nag er

X Displ a y Ma nag erX Displ a y Ma nag er

8/8/2019 RHCE Total

44/152

44

Ins talli n g XIns talli n g X

1.1. Determine the proper X serverDetermine the proper X server

2.2. Inst a ll the proper p ackag esInst a ll the proper p ackag es

8/8/2019 RHCE Total

45/152

45

X Server Selectio nX Server Selectio nXF reeXF ree8686--**

Ins tallatio n the Package sIns tallatio n the Package sfreetypefreetypeg tk+g tk+XF reeXF ree8686--libslibs

XF reeXF ree8686--7575dpidpi--fontsfontsredh a tredh a t--confi gconfi g --xfreexfree8686

XF reeXF ree8686--xfsxfsXF reeXF ree8686--xdmxdmXF reeXF ree8686--t w mt w m

XF reeXF ree8686--toolstoolsxinitrcxinitrc

8/8/2019 RHCE Total

46/152

46

Co n figuri n g XCo n figuri n g X

redh atredh at--confi gconfi g--xfreexfree8686

xvidtunexvidtune

8/8/2019 RHCE Total

47/152

47

I mporta n t X Directorie s & File sI mporta n t X Directorie s & File s

/usr/X/usr/X1111R R66/bin/bin/etc/X/etc/X1111/etc/X/etc/X1111/X F/X F 8686Confi gConfi g

8/8/2019 RHCE Total

48/152

48

Co n figure a n d U s e PPPCo n figure a n d U s e PPP

redh a tredh a t--confi gconfi g--net w ork net w ork --tuitui

Comm and in Text M odeComm and in Text M odeModem Confi guration F ilesModem Confi guration F iles

k ppp Comm and in X w indo w k ppp Comm and in X w indo w

8/8/2019 RHCE Total

49/152

49


SessionSession 1010

8/8/2019 RHCE Total

50/152

50

IP (network & host portion)IP (network & host portion)192192..168168..168168..11 :: 1100000011000000..1010100010101000..1010100010101000..0000000100000001

Static IPStatic IP Dynamic IPDynamic IP

Netmask AddressNetmask Address255255..255255..255255..00 :: 1111111111111111 ..1111111111111111 ..1111111111111111 ..0000000000000000Network AddressNetwork Address

192192..168168..168168..00 :: 1100000011000000..1010100010101000..1010100010101000..0000000000000000Broadcast AddressBroadcast Address

192192..168168..168168..255255 :: 1100000011000000..1010100010101000..1010100010101000..1111111111111111

Network Bas ics Network Bas ics

8/8/2019 RHCE Total

51/152

51

Cla ss full Addre ss in g Sy s temCla ss full Addre ss in g Sy s temNetwork ClassesNetwork Classes

Class AClass A 11..00..00..00--126126..00..00..00 ( (88 bits)bits)Class BClass B 128128..00..00..00--191191..00..00..00 ( (1616 bits)bits)Class CClass C 192192..00..00..00--223223..00..00..00 ( (2424 bits)bits)

R eserved IPR eserved IP127127..00..00..00--127127..255255..255255..255255 ( ( L oop back Addr.)L oop back Addr.)224224..00..00..00--239239..255255..255255..255255 ( (Multicast Protocols)Multicast Protocols)240240..00..00..00--255255..255255..255255..255255 ( (do not used)do not used)

Public & Private Networks (Valid & Invalid IPes)Public & Private Networks (Valid & Invalid IPes)1010..00..00..00--1010..255255..255255..255255172172..1616..00..00--172172..3131..255255..255255192192..168168..00..00--192192..168168..255255..255255

8/8/2019 RHCE Total

52/152

52

Net. Addr.:Net. Addr.: 192192..168168..168168..00 == 1100000011000000..1010100010101000..1010100010101000..0000000000000000Netmasks:Netmasks:255255..255255..255255..00 (*/(*/2424) : ) : 1111111111111111 ..1111111111111111 ..1111111111111111 ..0000000000000000

255255..255255..255255..128128 (*/(*/2525) : ) :1111111111111111

..1111111111111111

..1111111111111111

..1100000000000000

255255..255255..255255..192192 (*/(*/2626) : ) : 1111111111111111 ..1111111111111111 ..1111111111111111 ..1111000000000000255255..255255..255255..224224 (*/(*/2727) : ) : 1111111111111111 ..1111111111111111 ..1111111111111111 ..1111110000000000255255..255255..255255..240240 (*/(*/2828) : ) : 1111111111111111 ..1111111111111111 ..1111111111111111 ..1111111100000000255255..255255..255255..248248 (*/(*/2929) : ) : 1111111111111111 ..1111111111111111 ..1111111111111111 ..1111111111000000255255..255255..255255..252252 (*/(*/3030) : ) : 1111111111111111 ..1111111111111111 ..1111111111111111 ..1111111111110000255255..255255..255255..254254 (*/(*/3131) : ) : 1111111111111111 ..1111111111111111 ..1111111111111111 ..11111111111111 00

Cla ss less Addre ss in g Sy s temCla ss less Addre ss in g Sy s tem ((Sub n et)Sub n et)

8/8/2019 RHCE Total

53/152

53

TCP/ I P Model (TCP/ I P Model (11))

ApplicationProtocols

TransportProtocols

InternetProtocols

Network AccessProtocols

8/8/2019 RHCE Total

54/152

54


Network Access ProtocolsNetwork Access Protocols All functions necessary to access the physical All functions necessary to access the physical

network network

Internet ProtocolsInternet Protocols

IPIP ( ( Internet ProtocolInternet Protocol

ConnectionlessConnectionless ) )ICMPICMP ( ( Internet Control Message ProtocolInternet Control Message Protocol ) )

8/8/2019 RHCE Total

55/152

55


Transport Protocols Transport Protocols TCP TCP (Transmission Control Protocol)(Transmission Control Protocol)

ConnectionConnection--basedbasedUDPUDP (User Datagram Protocol)(User Datagram Protocol)

ConnectionlessConnectionless

Application Protocols Application ProtocolsPrevilage Ports ( Previlage Ports (00--10231023) )/etc/services/etc/services

8/8/2019 RHCE Total

56/152

56

Type s of TCP/ I P Service sType s of TCP/ I P Service s

StandStand--a lonea lone

xinetdxinetd (and its confi g )(and its confi g )

8/8/2019 RHCE Total

57/152

57

R elated TCP/ I P Comma n dsR elated TCP/ I P Comma n ds

ps x ps xnetst a tnetst a t --a pa p ----inet | grep LISTENinet | grep LISTEN

Start the d aemonStart the d aemonStop the d aemonStop the d aemonRest art the d aemonRest art the d aemonSta tus the d aemonSta tus the d aemon

Co n trolli n g TCP/ I P Daemo nsCo n trolli n g TCP/ I P Daemo ns

8/8/2019 RHCE Total

58/152

8/8/2019 RHCE Total

59/152

59

Co n figuratio n Network Co n figuratio n Network

Initi a lizin g Net w ork H ard wareIniti a lizin g Net w ork H ard wareLoad rel a ted moduleLoad rel a ted module

Net w ork Confi gura tion ToolsNet w ork Confi gura tion Toolsnetconfi gnetconfi gredh a tredh a t--confi gconfi g--net w ork net w ork

8/8/2019 RHCE Total

60/152

60


Other Net w ork ToolsOther Net w ork Tools

tcpdumptcpdumpnm a pnm a ptethere a ltethere a l

iptr aff iptr aff

ifconfi gifconfi g pin g pin gtraceroutetraceroute

netst a tnetst a t

8/8/2019 RHCE Total

61/152

61


Net w ork Confi gura tion F ilesNet w ork Confi gura tion F iles/etc/hosts/etc/hosts/etc/host.conf /etc/host.conf /etc/services/etc/services/etc/resolv.conf /etc/resolv.conf

/etc/sysconfi g /net w ork /etc/sysconfi g /net w ork /etc/sysconfi g /net w ork /etc/sysconfi g /net w ork --scripts/*scripts/*

IP Aliasin gIP Aliasin g

8/8/2019 RHCE Total

62/152

62


SessionSession 1212

8/8/2019 RHCE Total

63/152

63

DHCPDHCP Adv ant ag e & dis adv ant ag e of Adv ant ag e & dis adv ant ag e of DHC PDHC P

DHC P Server Confi gura tionDHC P Server Confi gura tion/etc/dhcpd.conf /etc/dhcpd.conf /v ar/lib/dhcp/dhcpd.le ases/v ar/lib/dhcp/dhcpd.le ases

DHC P Client Confi gura tionDHC P Client Confi gura tionnetconfi g comm andnetconfi g comm and

A E l f dh d fA E l f dh d f

8/8/2019 RHCE Total

64/152

64

An Example of dhcpd.co n f An Example of dhcpd.co n f ddnsddns--upd a teupd a te--style adstyle ad--hochoc ;;

subnetsubnet 192192..168168..00..00 netm ask netm ask 255255..255255..255255..00 {{rangerange 192192..168168..00..1 1921 192..168168..00..2525;;option routersoption routers 192192..168168..00..11;;option subnetoption subnet- -m ask mask 255255..255255..255255..00;;option dom ainoption dom ain--namename "dom ain.com""dom ain.com" ;;option dom ainoption dom ain--namename--serversservers 192192..168168..11..11;;def aultdef ault--leaselease--timetime 2160021600;;maxmax--leaselease--timetime 4320043200;;

# w e want the n ameserver to a ppe ar at a fixed address# w e want the n ameserver to a ppe ar at a fixed address

host dnshost dns11 {{hard ware ethernethard ware ethernet 1212::3434::5656::7878:AB:CD:AB:CD ;;fixedfixed--addressaddress 192192..168168..00..2020;;

}}}}

8/8/2019 RHCE Total

65/152

65

dhcpd.lea s es Formatdhcpd.lea s es Format

leaselease 192192..168168..11..88 {{startsstarts 3 20043 2004//0404//12 0912 09::3434::1212endsends 6 20046 2004//0707//15 2315 23::4949::5757hard ware ethernethard ware ethernet 0000::0909:e:e66::8888::00a :a :0505

}}......

8/8/2019 RHCE Total

66/152

2004Agust 66

NFS NFSRela ted D aemonsRela ted D aemons

rpc.nfsdrpc.nfsdrpc.portm a prpc.portm a prpc.mountdrpc.mountd

Inst a lla tionInst a lla tion

nfsnfs--utilsutils portm a p portm a p

8/8/2019 RHCE Total

67/152

67

NFS Co n figuratio n NFS Co n figuratio nServer SideServer Side

Edit /etc/exports fileEdit /etc/exports fileP ATHP ATH host_lists(options)host_lists(options)

RunRun exportfsexportfs rrcomm andcomm andredh atredh at--confi gconfi g --nfsnfsComm andComm and

Client SideClient Sidemountmount t nfs server: P ATH M ountpointt nfs server: P ATH M ountpointEditEdit /etc/fst ab/etc/fst abfilefileserver: P ATH M .P .server: P ATH M .P . nfsnfs roro 00 00

8/8/2019 RHCE Total

68/152

68

SAM BA (SAM BA (11))Rela ted ServicesRela ted Services

smbdsmbd

nmbdnmbdRela ted P ackag esRela ted P ackag essamb asamb a

samb asamb a--commoncommonsamb asamb a--clientclient

8/8/2019 RHCE Total

69/152

69

SAM BA (SAM BA (22))Server Confi gurationServer Confi gura tion

G lob a l DirectivesG lob a l DirectivesService DirectivesService Directives

Client Confi gura tionClient Confi gura tionsmbmount //server/sh are /m.p.smbmount //server/sh are /m.p.

smbclient //server/sh aresmbclient //server/sh areConfi guration w ith SWATConfi guration w ith SWAT

8/8/2019 RHCE Total

70/152

70


SessionSession 1313

8/8/2019 RHCE Total

71/152

71

TCP/ I P Service sTCP/ I P Service s

C lient Server

Process

Port

Port

Port

Process

2. C lient bindsto port

1. server binds toport and listens

4. Server designates port

3. C lient connectsto server

5. C lient and server communicate

8/8/2019 RHCE Total

72/152

72

R emote Logi nR emote Logi n

Telnet Telnet

Server & ClientServer & ClientSSHSSH

Server & ClientServer & Client

8/8/2019 RHCE Total

73/152

73

The Apache Web Server The Apache Web Server M odulesM odules

mod_ authmod_ authmod_infomod_infomod_phpmod_phpmod_includemod_include

mod_perlmod_perlmod_sslmod_ssl

8/8/2019 RHCE Total

74/152

74

Ins tallatio n ApacheIns tallatio n Apache

rpmrpm Uvh httpdUvh httpd--[^d]*.rpm[^d]*.rpm

rpmrpm Uvh httpdUvh httpd--devel*.rpmdevel*.rpm

(for support apache modules)(for support apache modules)

8/8/2019 RHCE Total

75/152

75

Bas ic Co n figuratio nBas ic Co n figuratio n

httpd.conf httpd.conf SectionSection 11::

The G lob al Environment The G lob al EnvironmentSectionSection 22::

The Ma in Confi guration The Ma in Confi guration

SectionSection 33:: The Virtu a l Host Confi guration The Virtu a l Host Confi guration

8/8/2019 RHCE Total

76/152

76

Apache Adva n cedApache Adva n cedCo n figuratio nCo n figuratio n

Authentic a tion in Ap ache Authentic a tion in Ap acheConfi gure w ith P H PConfi gure w ith P H P

Confi gure w ith SSLConfi gure w ith SSLConfi gure Virtu a l HostConfi gure Virtu a l Host

8/8/2019 RHCE Total

77/152

8/8/2019 RHCE Total

78/152

78

Con figure Apache with PHPCon figure Apache with PHP

rpmrpm Uvh phpUvh php--44*.rpm*.rpm

Co n figure Apache with SSLCo n figure Apache with SSL

rpmrpm Uvh mod_ssl*.rpmUvh mod_ssl*.rpm

8/8/2019 RHCE Total

79/152

79

Co n figure Virtual Ho s tCo n figure Virtual Ho s t

< Virtu alHost< Virtu alHost 127127..00..00..22>>ServerAdminServerAdmin w ebm [email protected] w ebm [email protected] /v ar/ www /html/vh//v ar/ www /html/vh/ServerN ameServerN ame www .vh.com www .vh.com

< /Virtu alHost>< /Virtu alHost>

Confi gurin g Confi gurin g /etc/hosts/etc/hosts filefileConfi gurin g Confi gurin g httpd.conf httpd.conf filefile

8/8/2019 RHCE Total

80/152

80

StartStart

StopStopRest artRest art

Relo adRelo adStatusStatus

Apache Admi n is tratio nApache Admi n is tratio n

8/8/2019 RHCE Total

81/152

81

Trouble s hooti n g the ApacheTrouble s hooti n g the Apache

/v ar/lo g /mess ag es/v ar/lo g /mess ag es

/v ar/lo g /httpd//v ar/lo g /httpd/

/usr/sbin/httpd/usr/sbin/httpd SS(for virtu al host)(for virtu al host)

8/8/2019 RHCE Total

82/152

82

Securi n g Your Network Securi n g Your Network Usin g Usin g lokk itlokk itoror redh a tredh a t--confi gconfi g--securitylevelsecuritylevel Comm andComm andP ass w ord & P hysic a l SecurityP ass w ord & P hysic a l SecuritySecurin g TC P /I PSecurin g TC P /I P

Usin g Trip w ireUsin g Trip w ire

Keepin g UpKeepin g Up--toto--Da te on Linux SecurityDa te on Linux SecurityIssuesIssues

8/8/2019 RHCE Total

83/152

83


SessionSession 1414

8/8/2019 RHCE Total

84/152

84

FTPFTPInst a lla tionInst a lla tion

rpmrpm ivh vsftp*.rpmivh vsftp*.rpmConfi g F ileConfi g F ile

/etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf

Access Levels Access Levels

Anonymouse Access ( Anonymouse Access ( anonymouse_enableanonymouse_enable))User Access (User Access ( tcp_wrappers needstcp_wrappers needs))

8/8/2019 RHCE Total

85/152

85

Cache Server (Squid)Cache Server (Squid)

Inst all squidInst all squidrpmrpm ivh squid*.rpmivh squid*.rpm

Ma nag ing squidMa nag ing squid

start, stop, rest art, st a tus,start, stop, rest art, st a tus,relo adrelo ad

8/8/2019 RHCE Total

86/152

86

Squid Log File sSquid Log File s/v ar/lo g /squid/ access.lo g /v ar/lo g /squid/ access.lo g ((cache_ access_lo gcache_ access_lo g))/v ar/lo g /squid/c ache.lo g /v ar/lo g /squid/c ache.lo g ((cache_lo gcache_lo g))

/v ar/lo g /squid/store.lo g/v ar/lo g /squid/store.lo g((cache_store_lo gcache_store_lo g))

8/8/2019 RHCE Total

87/152

87

An Example of s quid.co n fAn Example of s quid.co n f

http_porthttp_port 80818081cache_effective_user squidcache_effective_user squidcache_effective_ group squidcache_effective_ group squid

acl all srcacl all src 00..00..00..00//00..00..00..00http_ access a llo w allhttp_ access a llo w all

cache_dir ufs /c achecache_dir ufs /c ache 1024 16 321024 16 32 visible_hostn ame w s visible_hostn ame w s11

8/8/2019 RHCE Total

88/152

88

R unn in g SquidR unn in g Squidservice squid st artservice squid st art

squidsquid dd11 zz

squidsquid dd11 f /etc/squid/squid.conf f /etc/squid/squid.conf

8/8/2019 RHCE Total

89/152

89

The Ki n d of Proxie sThe Ki n d of Proxie s

Upstre am P roxyUpstre am P roxycache_peer yourproxy.com p arentcache_peer yourproxy.com p arent 3128 31303128 3130

prefer_direct off prefer_direct off

Tr ansp arent P roxy Tr ansp arent P roxyhttpd_ accel_host virtu alhttpd_ accel_host virtu alhttpd_ accel_porthttpd_ accel_port 8080httpd_ accel_ w ith_proxy onhttpd_ accel_ w ith_proxy onhttpd_ accel_uses_host_he ader onhttpd_ accel_uses_host_he ader on

8/8/2019 RHCE Total

90/152

90


SessionSession 1515

8/8/2019 RHCE Total

91/152

8/8/2019 RHCE Total

92/152

92

Type of

R oute

sType of

R oute

s

Sta tic routeSta tic route

Dyn amic routeDyn amic route

C f i lC f i l

8/8/2019 RHCE Total

93/152

93

Compo n en ts of R outi n g R ule sCompo n en ts of R outi n g R ule s

Destin a tion I P AddressDestin a tion I P Address

An Interf ace An Interf ace An Option a l G a te wa y IP An Option a l G a te wa y IP Address Address

8/8/2019 RHCE Total

94/152

94

R outi n g Comma n dR outi n g Comma n droute addroute add netnet net_addr net_addr netm ask netm ask mask_addr mask_addr interface interface

route addroute add hosthost ip_addr ip_addr interface interface

route add def ault ga te wa yroute add def ault ga te wa y ip_addr ip_addr interface interface

A EAn ExampleAn Example

8/8/2019 RHCE Total

95/152

95

A

192.168.1.2

B

192.168.1.3

C

192.168.1.4

D

192.168.1.5

E

192.168.100.2

F

192.168.100.3

G

192.168.100.4

H

192.168.100.5

Gateway192.168.1.1

192.168.100.110.1.1.1

Router 10.1.1.2

Internet

eth0 eth1eth2

An Example An Example

l d ll d l

8/8/2019 RHCE Total

96/152

96

R elated R ule sR elated R ule sroute addroute add netnet 192192..168168..11..00 netm ask netm ask 255255..255255..255255..00 etheth00route addroute add netnet 192192..168168..100100..00 netm ask netm ask 255255..255255..255255..00etheth11route addroute add netnet 1010..11..11..00 netm ask netm ask 255255..255255..255255..00 etheth22route add def ault ga te wa yroute add def ault ga te wa y 1010..11..11..22 etheth22

ll

8/8/2019 RHCE Total

97/152

97

R es ultR es ultIf aceIf aceUseUseRef Ref M etricM etricF lag sF lag sG enm ask G enm ask G a te wa yG a te wa yDestin a tionDestin a tion

eth0eth0000000UHUH255.255.255.255255.255.255.255**192.168.1.1192.168.1.1

Eth1Eth1000000UHUH255.255.255.255255.255.255.255**192.168.100.1192.168.100.1

Eth2Eth2000000UHUH255.255.255.255255.255.255.255**10.1.1.110.1.1.1

eth0eth0000000UU255.255.255.0255.255.255.0**192.168.1.0192.168.1.0

Eth1Eth1000000UU255.255.255.0255.255.255.0**192.168.100.0192.168.100.0

Eth2Eth2000000UU255.255.255.0255.255.255.0**10.1.1.010.1.1.0

eth2eth2000000UG

UG

0.0.0.00.0.0.010.1.1.210.1.1.20.0.0.00.0.0.0lolo000000UU255.0.0.0255.0.0.0**127.0.0.0127.0.0.0

U: Network link is up H: Dest. Addr. Refers to a host G : Gateway

8/8/2019 RHCE Total

98/152

98

Electro n icElectro n icMailMail

(Se n dmail)(Se n dmail)

H E il Is S n t n d R i dH E il Is S n t n d R i d

8/8/2019 RHCE Total

99/152

99

How Email Is Sen t an d R eceivedHow Email Is Sen t an d R eceived

mail2 MTA

[email protected]@mail1.com

mail1 MTA

?

?

CC

8/8/2019 RHCE Total

100/152

100

Co n cept sCo n cept sM TA :M TA : Ma il Tr ansport A gentMa il Tr ansport A gentSM T P (serverSM T P (server--toto--server)server)

Simple Ma il Tr ansport P rotocolSimple Ma il Tr ansport P rotocolP O P (Ma il Access)P O P (Ma il Access)

P ost Office P rotocolP ost Office P rotocolIM A P (Ma il Access)IM A P (Ma il Access)

Interim Ma il Access P rotocolInterim Ma il Access P rotocol

M DA :M DA : Ma il Delivery A gentMa il Delivery A gentM UA :M UA : Ma il User A gentMa il User A gent

Ad f S d ilAd f S d il

8/8/2019 RHCE Total

101/152

101

Adva n tage of Se n dmailAdva n tage of Se n dmailOlder M TA Older M TA P o w erful M TA P o w erful M TA

Di s adva n tage of Se n dmailDi s adva n tage of Se n dmailSlo w Slo w Hi gh Lo ad EnvironmentHi gh Lo ad EnvironmentCrypto Confi gura tionCrypto Confi gura tion

MTAMTA

8/8/2019 RHCE Total

102/152

102

MTAsMTAsSendm a ilSendm a ilP ostfixP ostfixEximEximQ ma ilQ ma il

MUA sMUA sEvolution, Km a ilEvolution, Km a il (KDE)(KDE)BalsaBalsa (G NO ME)(G NO ME)M ozilla Ma ilM ozilla Ma il

R i d P kR i d P k

8/8/2019 RHCE Total

103/152

103

R equired Package sR equired Package s

sendm a ilsendm a il

sendm a ilsendm a il--cf cf im a pim a p ((Confi g xinetd)Confi g xinetd)((cont ains I M A P & P O Pcont ains I M A P & P O P 33))

8/8/2019 RHCE Total

104/152

8/8/2019 RHCE Total

105/152

8/8/2019 RHCE Total

106/152

106

R ejecti n g EmailR ejecti n g EmailEditEdit /etc/m a il/ access/etc/m a il/ access filefilesp am.comsp am.com REJECTREJECT

yahoo.com yahoo.com OK OK

service sendm a il rest artservice sendm a il rest art

SessionSession 1616

8/8/2019 RHCE Total

107/152

107


SessionSession 1616

8/8/2019 RHCE Total

108/152

108

h d l kh d l k

8/8/2019 RHCE Total

109/152

109

Where do I look?Where do I look?

//etc/nss w itch.conf etc/nss w itch.conf ((n ameservice s w itch)nameservice s w itch)

t@localhost:~$ cat /etc/nsswitch.conft@localhost:~$ cat /etc/nsswitch.confhosts: files dnshosts: files dns

ilil

8/8/2019 RHCE Total

110/152

110

File sFile s

Search order determined bySearch order determined bynss w itch.conf nss w itch.conf

It is polite to h a ve /etc/hosts first!It is polite to h a ve /etc/hosts first!sjh@mccoy:~$ cat /etc/hostssjh@mccoy:~$ cat /etc/hosts127127. .00..00..11 localhostlocalhost193193. .6262..8181..135135 mccoy.tardis.ed.ac.uk mccoy mccoy.tardis.ed.ac.uk mccoy

193193. .6262..8181..134134 baker.tardis.ed.ac.uk baker baker.tardis.ed.ac.uk baker193193. .6262..8181..132132 packages.tardis.ed.ac.uk packages packages.tardis.ed.ac.uk packages

D S lD S l

8/8/2019 RHCE Total

111/152

111

D NS Traver s alD NS Traver s al

1.1. Loc a l filesLoc a l files2.2. Dns server loc a llyDns server loc a lly3.3. Item in c ache?Item in c ache?4.4. Root server,Root server, w ork your wa y w ork your wa y

do w ndo w n

R l i NR l i N

8/8/2019 RHCE Total

112/152

112

R es olvi n g Name sR es olvi n g Name s

Confi gura tion F iles for the Loc a lConfi gura tion F iles for the Loc a lHost N ame Resolution (import antHost N ame Resolution (import antfor testin g)for testin g)

/etc/resolv.conf /etc/resolv.conf

/etc/nss w itch.conf /etc/nss w itch.conf /etc/host.conf /etc/host.conf

DNSDNS

8/8/2019 RHCE Total

113/152

113

D NSD NS

BINDBIND Ber k ley Internet N ame D aemonBer k ley Internet N ame D aemonDentsDents bu gg y as hell (still in a lph a?)bu gg y as hell (still in a lph a?)D jbdnsD jbdns Dan BernsteinDan Bernstein s DNS servers DNS serverBanyan VINESBanyan VINES dondon t go there!t go there!

N d ( d )N d ( d )

8/8/2019 RHCE Total

114/152

114

Named ( n ame dee) Named ( n ame dee)/etc/n amed.conf:/etc/n amed.conf:this defines a directory to store the DNS config files this defines a directory to store the DNS config files

Contains info about what zones we serve, and where to find config files! Contains info about what zones we serve, and where to find config files! Config file for named Config file for named tells us if we are master / slave, allow or deny zone transfers,tells us if we are master / slave, allow or deny zone transfers,what the IPs of other master / slave servers are, etc.what the IPs of other master / slave servers are, etc.

< DNSROOT>/root.hints:< DNSROOT>/root.hints:Contains "pointers" to the Root Servers Contains "pointers" to the Root Servers

< DNSROOT>/< DNSROOT>/127127..00..00::Config for reverse Config for reverse- -lookup to the local host/subnet lookup to the local host/subnet

< DNSROOT>/ < zone>:< DNSROOT>/ < zone>:Config for zone Config for zone

< DNSROOT>/ < in< DNSROOT>/ < in--addr. arpa file>addr. arpa file>Config for reverse lookup for your zone Config for reverse lookup for your zone

A s imple n amed co n fA s imple n amed co n f

8/8/2019 RHCE Total

115/152

115

A imple amed.co f A imple amed.co f ## n amed.custom## n amed.custom - - custom confi guration for bindcustom confi guration for bind

zone "." {zone "." {type hint;type hint;file "root.lists";file "root.lists";

};};options {options {

directory "/v ar/n amed/";directory "/v ar/n amed/";};};zone "zone "00..00..127127.in.in--addr. arpa" {addr. arpa" {

type m aster;type m aster;file "file "127127..00..00";";

};};zone "hq. alim.ir" {zone "hq. alim.ir" {

type m aster;type m aster;

file "hq. a lim.ir";file "hq. a lim.ir";};};zone "zone "168168..168168..192192.in.in--addr. arpa" {addr. arpa" {

type m aster;type m aster;file "file "192192..168168..168168";";

};};

DNS DDNS D

8/8/2019 RHCE Total

116/152

116

D NS DataD NS DataDNS d atabases cont a in more th an justDNS d atabases cont a in more th an just

hostn amehostn ame--toto--address records:address records:SOA SOA Start Of AuthorityStart Of Authority it is the d addy!it is the d addy!

IN NSIN NS N ame ServerN ame ServerIN M XIN M X Ma il eXch angerMa il eXch angerIN A IN A A record (Address record) A record (Address record)

IN CNA M EIN CNA M E Canonic al NA M ECanonic al NA M E

A s imple zo n e fileA s imple zo n e file

8/8/2019 RHCE Total

117/152

117

A imple zo e fileA imple zo e file@ IN SOA hq. a lim.ir. root.hq. a lim.ir. (@ IN SOA hq. a lim.ir. root.hq. a lim.ir. (

199609206199609206 ; seri a l, tod a ys d a te + tod a ys seri a l #; seri a l, tod a ys d a te + tod a ys seri a l #88H ; refresh, secondsH ; refresh, seconds22H ; retry, secondsH ; retry, seconds44W ; expire, seconds W ; expire, seconds11D ) ; minimum, secondsD ) ; minimum, seconds

NSNS hq. a lim.ir.hq. a lim.ir.

M XM X 1010 hq. a lim.ir. ; P rim a ry Ma il Exch angerhq. a lim.ir. ; P rim a ry Ma il Exch anger TXT TXT "Alim IT Center""Alim IT Center"

loca lhostloca lhost A A 127127..00..00..11routerrouter A A 192192..168168..168168..11hq. a lim.ir.hq. a lim.ir.A A 192192..168168..168168..22nsns A A 192192..168168..168168..33

www www A A 207207..159159..141141..192192ftpftp CNA M ECNA M E hq. a lim.ir.hq. a lim.ir.m a ilm a il CNA M ECNA M E hq. a lim.ir.hq. a lim.ir.ne w sne w s CNA M ECNA M E hq. a lim.ir.hq. a lim.ir.

A s imple i nA s imple i n-- addr.arpa fileaddr.arpa file

8/8/2019 RHCE Total

118/152

118

A imple iA imple i addr.arpa fileaddr.arpa file$TTL$TTL 33DD

@ IN SOA hq. a lim.ir. root.hq. a lim.ir. (@ IN SOA hq. a lim.ir. root.hq. a lim.ir. (199609206199609206 ; Seria l; Seria l2880028800 ; Refresh; Refresh72007200 ; Retry; Retry604800604800 ; Expire; Expire8640086400) ; M inimum TTL) ; M inimum TTL

NS hq. a lim.ir.NS hq. a lim.ir.; Servers; Servers11 P TR router.hq.a lim.ir.P TR router.hq.a lim.ir.22 P TR hq.a lim.ir.P TR hq.a lim.ir.22 P TR funn.hq.a lim.ir.P TR funn.hq.a lim.ir.; Wor k sta tions; Wor k sta tions200200 P TR w sP TR w s--177200177200.hq. a lim.ir..hq. a lim.ir.201201 P TR w sP TR w s--177201177201.hq.a lim.ir..hq. a lim.ir.202202 P TR w sP TR w s--177202177202.hq. a lim.ir..hq. a lim.ir.

F d D NSF d D NS

8/8/2019 RHCE Total

119/152

119

Forward D NSForward D NShq. a lim.ir ( as per /etc/n amed.conf)hq. a lim.ir ( as per /etc/n amed.conf)

SOA SOA Start Of AuthorityStart Of Authority it is the d addy!it is the d addy!IN NSIN NS N ame ServerN ame ServerIN M XIN M X Ma il eXch angerMa il eXch angerIN A IN A A record (Address record) A record (Address record)

IN CNA M EIN CNA M E Canonic al NA M ECanonic al NA M E

R s D NSR s D NS

8/8/2019 RHCE Total

120/152

120

R ever s e D NSR ever s e D NS

192192..168168..168168 ((as per /etc/n amed.conf as per /etc/n amed.conf ))SOA SOA IN NSIN NSIN P TR IN P TR P ointerP ointer

DNS R n d R bi nDNS R n d R bi n

8/8/2019 RHCE Total

121/152

121

D NS R oun d R obi nD NS R oun d R obi n

F ault toler ance? Throu gh nifty DNSF ault toler ance? Throu gh nifty DNShack shack s

www.teviot.com. www.teviot.com. 60 60 ININ A A 1010..00..11..100100 www.teviot.com. www.teviot.com. 60 60 ININ A A 1010..00..22..100100 www.teviot.com. www.teviot.com. 60 60 ININ A A 1010..00..33..100100

C n Mi s t k sC n Mi s t k s

8/8/2019 RHCE Total

122/152

122

Commo n Mi s take sCommo n Mi s take s

F orgettin g to increment the Seri a l Number!F orgettin g to increment the Seri a l Number!CNA M E pointin g a t another CNA M E!CNA M E pointin g a t another CNA M E!F

orgettin g theF

orgettin g the

..

In a ppropri a te pl aces!In a ppropri a te pl aces!Underscores in hostn ames!Underscores in hostn ames!F orgettin g to relo ad the d aemon!F orgettin g to relo ad the d aemon!

Version control issues Version control issues clobber ch anges!clobber ch anges! TTL Issues TTL Issues

Tes t Tool sTes t Tool s

8/8/2019 RHCE Total

123/152

123

Tes t Tool sTes t Tool snsloo k upnsloo k updigdig

dig mail.hq. alim.irdig mail.hq. alim.ir

dig dig --xx 192192..168168..168168..22dig dig 168168..168168..192192.in.in--addr. arpa . AXF R addr. arpa . AXF R

w hois w hois

http:// www .squish.net/dnschec k /http:// www .squish.net/dnschec k / James P onder James P onder s DNS chec k w eb p ag es DNS chec k w eb p ag e

SessionSession 1717

8/8/2019 RHCE Total

124/152

124


FirewallFirewall

8/8/2019 RHCE Total

125/152

125

FirewallFirewall

ControlControl Allo w only those p ack ets th a t you are Allo w only those p ack ets th a t you are

interested to p ass throu gh.interested to p ass throu gh.SecuritySecurityRe ject p ack ets from m a licious outsidersRe ject p ack ets from m a licious outsiders

Wa tchfulness Wa tchfulnessLog pack ets to/from outside w orldLog pack ets to/from outside w orld

R equired Propertie s:R equired Propertie s:

Firewall Type sFirewall Type s

8/8/2019 RHCE Total

126/152

126

Firewall Type sFirewall Type s

P ack et F ilterin gP ack et F ilterin g

P roxyP roxy--Based F ire wa llBased F ire wa ll

Statefull

Stateless

P k t Filt d LiP k t Filt d Li

8/8/2019 RHCE Total

127/152

127

Packet Filter u n der Li n uxPacket Filter u n der Li n ux11st gener a tionst gener a tionipfw (from BSD)ipfw (from BSD)

22nd gener a tionnd gener a tion

ipfwadm ( L inuxipfwadm ( L inux 22..00) )33rd gener a tionrd gener a tion

ipchains ( L inuxipchains ( L inux 22..22) )

44th gener a tionth gener a tioniptable ( L inuxiptable ( L inux 22..44 && 22..66) )

Ins talli n g Iptable sIns talli n g Iptable s

8/8/2019 RHCE Total

128/152

128

Ins talli n g I ptable sIns talli n g I ptable s

Kernel Supports Ipt ablesKernel Supports Ipt ablesNetworking O ptionsNetworking O ptions --> TCP/IP Networking > TCP/IP Networking - -> Network Packet Filtering > Network Packet Filtering Networking O ptionsNetworking O ptions --> TCP/IP Networking > TCP/IP Networking - -> IP: advanced router> IP: advanced router --> *> *Networking O ptionsNetworking O ptions --> IP: NetfilterNetworking O ptions> IP: NetfilterNetworking O ptions --> IP: Netfilter> IP: Netfilter

F or P ack ets Tr affic Control :F or P ack ets Tr affic Control :Networking O ptions> QoS and/or fair queueing Networking O ptions> QoS and/or fair queueing --> *> *

# rpm# rpm - -ivhivh \\ipt ablesipt ables--11..22..66aa--22.i.i386386.rpm.rpm

Chai ns of Table sChai ns of Table s

8/8/2019 RHCE Total

129/152

129

INPUTINPUTControls packets entering your systemControls packets entering your system

O UTPUTO UTPUTControls packets leaving your systemControls packets leaving your system

FOR WAR DFOR WAR D

Controls what packets can move from oneControls what packets can move from onenetwork to another through your systemnetwork to another through your system

Chai of TableChai of Table

8/8/2019 RHCE Total

130/152

130

Forward

In put

Output

Local Process

R outi n gDeci s ion

8/8/2019 RHCE Total

131/152

131

1.1. When a packet comes in, the kernel first looks at When a packet comes in, the kernel first looks at

the destination of the packet: this is called routing.the destination of the packet: this is called routing.2.2. If itIf its destined for this boxs destined for this box

Passes downwards in the diagramPasses downwards in the diagram

To INPUT chain To INPUT chainIf it passes, any processes waiting for that packet will receiveIf it passes, any processes waiting for that packet will receiveit.it.

O therwise go to stepO therwise go to step 33

C ontinue

8/8/2019 RHCE Total

132/152

Packet Statu s inPacket Statu s in

8/8/2019 RHCE Total

133/152

133

Packet Statu i Packet Statu i I ptable sI ptable s

Est ablishedEst ablished

Ne w Ne w Rela tedRela tedInv a lidInv a lid

8/8/2019 RHCE Total

134/152

134

R es ult s of Packet Checki n gR es ult s of Packet Checki n g

ACCE P T ACCE P T

DRO PDRO PREJECTREJECT

8/8/2019 RHCE Total

135/152

NetworkThe Path of PacketThe Path of Packetin Iptable sin Iptable s

8/8/2019 RHCE Total

136/152

136

Mangle TablePRERO U TING C hain

NAT TablePRERO U TING C hain Destination NAT

Mangle INP U T

Filter INP U T

Local process

Routing decision

Mangle OU

TPU

T

Mangle FORWARD

ManglePOSTRO U TING

NATPOSTRO U TING C hain

Network

Source NAT

Based on routing

Routingdecision

i ptablei ptable

NAT O U TP U T

Filter O U TP U T

Filter FORWARD

Table s of Chai nsTable s of Chai ns

8/8/2019 RHCE Total

137/152

137

Table s of Chai nsTable s of Chai ns

PO STRO UTIPO STRO UTINGNGP

R ERO UTINGPR ERO UTINGFOR WAR DFOR WAR DO UTPUTO UTPUTINPUTINPUTChainChain

tabletable

**********MANG L EMANG L E

****--**--NATNAT

----******FIL TE R FIL TE R

8/8/2019 RHCE Total

138/152

138

Buildi n g a R ule s ource/de s tin atio nBuildi n g a R ule s ource/de s tin atio n

ipt ablesipt ables ss 200200..200200..200200..11R efers to packet from a specific IP addressR efers to packet from a specific IP address

The The --ss refers to the source of the packet, where therefers to the source of the packet, where thepacket is coming from.packet is coming from.

A corresponding A corresponding --dd refers to the destination, whererefers to the destination, where

the packet is going to.the packet is going to.

Buildi n g a Rule Actio nBuildi n g a Rule Actio n

8/8/2019 RHCE Total

139/152

139

Buildi g a R ule ActioBuildi g a R ule Actio

iptablesiptables ss 200200..200200..200200..11 --j DRO Pj DRO P The The --jj determines what happens to thedetermines what happens to the

Buildin

g a R uleBuildin

g a R uleI P addre ss ran ge sI P addre ss ran ge siptablesiptables ss 200200..200200..200200..00//2424 --j DRO Pj DRO P

IPs that matchIPs that match 200200..200200..200200.*.* The The //2424 refers to the number of bits that are fixed,refers to the number of bits that are fixed,counting from the left.counting from the left.

Other Actio nsOther Actio ns

8/8/2019 RHCE Total

140/152

140

Other ActioOther Actio

R EDI R ECTR EDI R ECTSends packets to a proxy Sends packets to a proxy

LO

GLO

G Tracks packets as they match rules Tracks packets as they match rulesR ETU R NR ETU R N

Terminates user defined chains Terminates user defined chains

Buildi n g a R uleBuildi n g a R ule

8/8/2019 RHCE Total

141/152

141

appe n din g rule s to table sappe n din g rule s to table s

iptablesiptables A A IN P UTIN P UT ss 200200..200200..200200..11 --j DRO Pj DRO P The The --A A appends the rule to an iptableappends the rule to an iptable

The TheINPUTINPUT

specifies the iptablespecifies the iptable

This command makes your system to ignore all packets This command makes your system to ignore all packetsfromfrom 200200..200200..200200..11

iptablesiptables A A OUT P UTOUT P UT dd 200200..200200..200200..11 j DRO Pj DRO P This command does not allow your system to sent packets to This command does not allow your system to sent packets to200200..200200..200200..11


8/8/2019 RHCE Total

142/152

142

on ly blocki n g s ome packet son ly blocki n g s ome packet sipt ablesipt ables A IN P UT A IN P UT ss 200200..200200..200200..11 p tcp p tcp ----destin ationdestin ation--port telenet port telenet j j DRO PDRO P

The The --pp specifies a specific protocol: tcp, udp, or icmpspecifies a specific protocol: tcp, udp, or icmp The The --destinationdestination--portport is where the packet is going is where the packet is going

Y ou can user the service name or the port number Y ou can user the service name or the port numberCould useCould use 2323 in this examplein this example

Keep in mind that the sourceKeep in mind that the source--port is very different from the destinationport is very different from the destination--port.port.In this example the inbound message is going to your telenet server. TheIn this example the inbound message is going to your telenet server. Thetelenet client that is sending you the message could be running on any port.telenet client that is sending you the message could be running on any port.

----dport ==dport == ----destinationdestination--portport----sport ==sport == ----sourcesource--portport


8/8/2019 RHCE Total

143/152

143

multiple n etwork i n terface smultiple n etwork i n terface s Assume your machine has two interface cards. O ne to a L AN named Assume your machine has two interface cards. O ne to a L AN namedetheth00 and the other to the Internet named pppand the other to the Internet named ppp00

iptablesiptables A INPUT A INPUT p tcpp tcp ----dport telnetdport telnet i pppi ppp00 j DRO Pj DRO P The The --ii option specifies the input interfaceoption specifies the input interface

The is also a The is also a --oo option for the output interfaceoption for the output interface

iptablesiptables A INPUT A INPUT p tcpp tcp ----dport telnetdport telnet i ethi eth00 j ACCEPTj ACCEPT

Together these rules would accept telnet requests from the L AN but Together these rules would accept telnet requests from the L AN butblock telnet requests from the Internet.block telnet requests from the Internet.

Buildi n g a Rule Table Policie sBuildi n g a Rule Table Policie s

8/8/2019 RHCE Total

144/152

144

Buildi n g a R ule Table Policie sBuildi n g a R ule Table Policie s

iptablesiptables P FOR WAR D ACCEPTP FOR WAR D ACCEPT The The --PP option followed by a table name and actionoption followed by a table name and actiondetermines the default policy of the table. If no ruledetermines the default policy of the table. If no rule

in the table matches this default action is taken.in the table matches this default action is taken. The usual policies are The usual policies are

INPUT = ACCEPTINPUT = ACCEPTO

UTPUT = ACCEPTO

UTPUT = ACCEPTFOR WAR D = DEN Y FOR WAR D = DEN Y


8/8/2019 RHCE Total

145/152

145

Addi n g R ule s to Table sAddi n g R ule s to Table siptablesiptables A INPUT A INPUT ss 200200..200200..200200..11 --j DRO Pj DRO P

Appends the rule to the end of the table Appends the rule to the end of the table

iptablesiptables I INPUTI INPUT 33 ss 200200..200200..200200..11 --j DRO Pj DRO PInserts the rule as ruleInserts the rule as rule 33 in the table, moving all other rulesin the table, moving all other rulesdowndown 11..

iptablesiptables R INPUTR INPUT 33 ss 200200..200200..200200..11 --j DRO Pj DRO PR eplaces ruleR eplaces rule 33 in the tablein the table

iptablesiptables D INPUTD INPUT 33Deletes ruleDeletes rule 33 in the tablein the table

Operatio ns to ma n age wholeOperatio ns to ma n age whole

8/8/2019 RHCE Total

146/152

146

chai nschai ns--NN Create a new chainCreate a new chain

--X X Delete an empty chainDelete an empty chain

--PP Change the policy for a builtChange the policy for a built--in chainin chain--LL L ist the rules in a chainL ist the rules in a chain

--FF Flush the rules out of a chainFlush the rules out of a chain

--ZZ Zero the packet and byte counters on allZero the packet and byte counters on allrules in a chainrules in a chain

Ma n ipulate rule s ins ide a chai nMa n ipulate rule s ins ide a chai n

8/8/2019 RHCE Total

147/152

147

--A A Append a new rule to a chain Append a new rule to a chain

--II Insert a new rule at some position in aInsert a new rule at some position in achainchain

--R R R eplace a rule at some position in a chainR eplace a rule at some position in a chain

--DD Delete a rule at some position in a chainDelete a rule at some position in a chain

--DD Delete the first rule that matches in a chainDelete the first rule that matches in a chain

An ExampleAn Example

8/8/2019 RHCE Total

148/152

148

192.168.1.5GW: 192.168.1.1

192.168.1.6GW: 192.168.1.1

192.168.1.7GW: 192.168.1.1

192.168.1.1

Internet

Firewall

eth0

eth1Web Server

SSH Server Accessible ONLY via LAN

SessionSession 1818

8/8/2019 RHCE Total

149/152

149



Advanced Advanced

Traffic Shapi n g (C BQ )Traffic Shapi n g (C BQ )

8/8/2019 RHCE Total

150/152

150

Traffic Shapi n g (C BQ )Traffic Shapi n g (C BQ )/etc/rc.d/init.d/cbq.init/etc/rc.d/init.d/cbq.init

((http://ovh.dl.sourcefor ge.net/sourcefor ge/cbqinit/cbq.inithttp://ovh.dl.sourcefor ge.net/sourcefor ge/cbqinit/cbq.init- -v v00..77..33))

Inst a llInst a ll sh a pecf gsh a pecf gR P MR P M

/etc/sysconfi g /cbq/*/etc/sysconfi g /cbq/* ((00020002--FFFF )FFFF )

/etc/rc.d/init.d/cbq.init st art/etc/rc.d/init.d/cbq.init st art

Sample of C BQ Sample of C BQ

8/8/2019 RHCE Total

151/152

151

Co n figuratio nCo n figuratio nDEVICE=ethDEVICE=eth0 0,,1010M bit,M bit,11M bitM bit

RATE=RATE=1010 KbitKbitP RIO=P RIO=55RULE=:RULE=:2121,,192192..168168..11..00//2424

8/8/2019 RHCE Total

152/152

T he End

Good Luck

Documents

RHCE Total