Upload
rudolph-terry
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
11
Advanced UnixAdvanced Unix
Administrative ToolsAdministrative Tools
22
VMWare Image SetupVMWare Image Setup
We all need to check out the VMWare We all need to check out the VMWare FC6 image that you’ll be usingFC6 image that you’ll be using• Login as rootLogin as root• Password should be “thoughtpolice”Password should be “thoughtpolice”• Now create a non-root account for Now create a non-root account for
yourself:yourself: adduser <userid>adduser <userid>
• Create a password:Create a password: Passwd <userid>Passwd <userid>
33
Administrative ToolsAdministrative Tools
Superuser rootSuperuser root• Unrestricted accessUnrestricted access• Become a superuserBecome a superuser
Log in to rootLog in to root Use su or su –Use su or su –
• Inherits the env from current shellInherits the env from current shell
• Only use superuser when it is neededOnly use superuser when it is needed• Change root password periodicallyChange root password periodically
Employment status change for SAEmployment status change for SA Unauthorized accessUnauthorized access
44
Administrative ToolsAdministrative Tools
• Always lock your screenAlways lock your screen Use xlock or simply log offUse xlock or simply log off
• Controlling su accessControlling su access System VSystem V BSD – member’s of group 0BSD – member’s of group 0 Linux – GNU su does not check Linux – GNU su does not check
membership of group 0membership of group 0
• Run a command with su same timeRun a command with su same time su root –c “command”su root –c “command”
55
Administrative ToolsAdministrative Tools Facility sudoFacility sudo
• Selective accessSelective access• Allow some user to run specific commands Allow some user to run specific commands
as root without having to know the root as root without having to know the root passwordpassword
RUN sudo commandRUN sudo command• Type in user’s own passwordType in user’s own password• Good for a configurable time, default 5 minutesGood for a configurable time, default 5 minutes
• Configuration file /etc/sudoersConfiguration file /etc/sudoers UsersUsers CommandsCommands FormatFormat
Users host=commandsUsers host=commands
66
Administrative ToolsAdministrative Tools
More about Facility sudoMore about Facility sudo• Select the commands for sudo with Select the commands for sudo with
carecare No shell scriptsNo shell scripts No utility which provides shell escapesNo utility which provides shell escapes
• Editor visudoEditor visudo LockLock Syntax checkingSyntax checking
77
Quick Sudo LabQuick Sudo Lab
As a normal user type the following:As a normal user type the following:
/bin/cat /etc/sudoers/bin/cat /etc/sudoers Now try the following:Now try the following:
sudo /bin/cat /etc/sudoerssudo /bin/cat /etc/sudoers Now add the following to Now add the following to
/etc/sudoers/etc/sudoers
<your id> ALL=/bin/cat /etc/sudoers<your id> ALL=/bin/cat /etc/sudoers Now try step 2 again…Now try step 2 again…
88
Administrative ToolsAdministrative Tools
• Advantages of sudoAdvantages of sudo Command logging - accountabilitiesCommand logging - accountabilities Operators can do choresOperators can do chores Hide the real root passwordHide the real root password Revoke the privilege without changing Revoke the privilege without changing
the root passwordthe root password A list of users with privileged access is A list of users with privileged access is
maintained maintained Less chance of root shell left unattendedLess chance of root shell left unattended
99
Administrative ToolsAdministrative Tools
• Disadvantages of sudoDisadvantages of sudo Breach in security of a personal account can Breach in security of a personal account can
equal a compromise of the root account equal a compromise of the root account Logging can be subvertedLogging can be subverted
• sudo cshsudo csh• sudo susudo su
1010
Administrative ToolsAdministrative Tools Communicating with UsersCommunicating with Users
• Command writeCommand write writewrite username [tty] username [tty]
• only talks on local systemonly talks on local system Ctrl–D ends the Ctrl–D ends the writewrite session it session it Replying with Replying with writewrite will create a two-way will create a two-way
communicationcommunication• Command Command talk talk oror ytalk ytalk
Must have a daemon listeningMust have a daemon listening Separate window for sender and receiverSeparate window for sender and receiver
• To refuse write, talk and ytalk requestsTo refuse write, talk and ytalk requests Use the command Use the command mesg n or ymesg n or y Default is Default is nn Root account overrides the settingRoot account overrides the setting
1111
Administrative ToolsAdministrative Tools
More about Communicating with UsersMore about Communicating with Users• Sending message to allSending message to all
Command = Command = wallwall Very useful for system announcementsVery useful for system announcements
““System going down. Save your work and logoff”System going down. Save your work and logoff”
• The message of the DayThe message of the Day /etc/motd/etc/motd /etc/issue/etc/issue /etc/issue.net/etc/issue.net
1212
Administrative ToolsAdministrative Tools
Administration toolsAdministration tools• Examples:Examples:
Digital Unix: SETUPDigital Unix: SETUP HP-UX: SAMHP-UX: SAM Solaris: admintoolSolaris: admintool
• Good Good Quick start to system administrationQuick start to system administration
• Mask the raw commandsMask the raw commands Easy: combine several stepsEasy: combine several steps
• DownsideDownside The command prompt is ususally fasterThe command prompt is ususally faster Not all commands available through menuNot all commands available through menu Slow down the learning processSlow down the learning process
1313
Administrative ToolsAdministrative Tools
HP-UX’s SAMHP-UX’s SAM• Perform a variety of system Perform a variety of system
management tasksmanagement tasks System configurationSystem configuration Change a parameterChange a parameter File system managementFile system management ……
• Detailed loggingDetailed logging
1414
Administrative ToolsAdministrative Tools
Admin tools for LinuxAdmin tools for Linux• LinuxconfLinuxconf• WebminWebmin• Yet Another System Tool (YaST)Yet Another System Tool (YaST)
1515
ManualsManuals
Unix has two typesUnix has two types• Man pagesMan pages
Individual commandsIndividual commands For formatFor format RoutinesRoutines
• Supplemental documentsSupplemental documents PrintedPrinted online from Internetonline from Internet DVD/CDROMDVD/CDROM RFCs (Request for Comments) for protocols, RFCs (Request for Comments) for protocols,
standards used on the Internetstandards used on the Internet
1616
Organization of man pagesOrganization of man pagesSolaris/Solaris/HP-UXHP-UX
LinuxLinux ContentsContents
11 11 User-level commands and applicationsUser-level commands and applications
22 22 System calls and kernel errorSystem calls and kernel error
33 33 Library callsLibrary calls
44 55 Standard file formatsStandard file formats
55 77 Miscellaneous files and documentsMiscellaneous files and documents
66 66 Games and demonstrationsGames and demonstrations
77 44 Device drivers and network protocolsDevice drivers and network protocols
1m1m 88 System administration commandsSystem administration commands
99 99 Obscure kernel specs and interfacesObscure kernel specs and interfaces
1717
ManualManual
Man pages are keptMan pages are kept• Under Under /usr/man/man#/usr/man/man# or or
/usr/share/man/man#/usr/share/man/man#• Format (troff, SGML)Format (troff, SGML)• Compressed (compress or gzip)Compressed (compress or gzip)
read manual pages: manread manual pages: man• $man title$man title
Example: $man lsExample: $man ls
• $man section title$man section title Example: $man 4 ttyExample: $man 4 tty Solaris Example: $man –s 4 tty Solaris Example: $man –s 4 tty
1818
ManualManual
More about reading manual pages: More about reading manual pages: manman• MANPATHMANPATH
/etc/man.config/etc/man.config Add new man pages besides the system ones.Add new man pages besides the system ones.
MANPATH=/home/share/localman:/usr/share/manMANPATH=/home/share/localman:/usr/share/man
• Keyword search in synopsisKeyword search in synopsis $man –k keyword$man –k keyword
Example: $man –k mountExample: $man –k mount
1919
Creating an ISO ImageCreating an ISO Image
Step One:Step One:• Place your cd’s or dvd in your drivePlace your cd’s or dvd in your drive• As root type the following to make image:As root type the following to make image:
dd if=/dev/cdrom of=/home/ISO/fc4-dvd.isodd if=/dev/cdrom of=/home/ISO/fc4-dvd.iso• The ISO image will be create in your current The ISO image will be create in your current
directorydirectory
2020
Mounting the ISO ImageMounting the ISO Image
Step twoStep two• Make directory under the /mnt directory Make directory under the /mnt directory
called isocalled iso• Then you can mount the ISO image with:Then you can mount the ISO image with:
mount -o loop=/dev/loop1 -t iso9660 filename.iso /mnt/isomount -o loop=/dev/loop1 -t iso9660 filename.iso /mnt/iso
• To simplify this add the following line to To simplify this add the following line to /etc/fstab/etc/fstab
/home/ISO/fc4-dvd.iso /mnt/iso iso9660 loop=/dev/loop1,noauto/home/ISO/fc4-dvd.iso /mnt/iso iso9660 loop=/dev/loop1,noauto
2121