RED HAT ENTERPRISE LINUX 4.0 ES

Introduction:Unix is the first Operating system in the world, developed by Kem Thompson and Dennis Ritchie in 1969 at Bell Lab by AT&T Company

IBM : AIXSGI : IRIXHP : HPSun : Solaris

FSF:Free software foundation organization, they start a project by name

GNU. The mail aim of this project is to develop such a O.S that can run on any platform.In 1991, a student Linus Tarvalds developed a kernel named Linus’s Kernel plus GNU application called Linux O.SLinux is a open source technology.Different companies that provide Linux in Market are Redhat, SuSe, Mandrake, Turbo, Knoppix etc.

Features and Advantage:

Features:a. Linux is the fastest Operating system in the world. It runs 2 to 3 times

fast than windows O.Sb. Linux is the very secured O.S because there is no any problem of

virus.c. Linux file format is text format and windows file format is binary

format.d. Linux is very reliable O.S because kernel of linux is very stable as

compare to windows kernel not crashed easily.e. Kernel of linux is vcery small, it can be stored in floppyf. Linux uses the x-Window system which is advanced network

windowing system. Using this system we can display output of any workstation monitor attached in the network

Advantages of Linux:a. Virus Proofb. Crash Proofc. Economicald. Multiuser, multi desktop and multi tasking

Mode of Login

There are two mode of login1. Text Mode (Alt+ctrl+F1)2. Graphical Mode (Alt+Ctrl+F7)

In case of Text ModeStation2 Login : rootPassword : redhat

1

[root@station2~]#to switch from one text mode to anotherAlt+Ctrl+F1 to Alt+Ctrl+F6In case of Graphical ModeCtrl+Alt+F7

Common CommandSome of the Common system command are as follow:1. Date : to display date and time2. Cal : to display the calendar3. Cal 11 2006 : display the calendar of Month 11 and year 20064. Clear : To clear the screen5. ls : to list directory contentscolor identificationblue : DirectoriesWhite : FilesGreen : Executable filesRed ; Zip files, rpm, tar fileDifferent switches used with “ls” command

ls –l or ll : used for long listing including file and directory permission(-) : file(d) : Directory(l) : Symbolic link

ls –a : shows all hidden files and directory. Any file followed by (.) is hidden file

ls –al : show all hidden files and directory with long listing or whole description

ls –d : shows all the directory

6. pwd: Present working directory

7. who am I : display the information of current terminal

8. who : display all the terminal in a network

9. history : it shows all the command your have used.By default history stores last 1000 command which u have run. If u want to change # vi /etc/profileHIST SIZE =10Save and exit# history –c ( to clear all the previous command reside in history)

2

Creating file and Directory:

a. Creating file:The ‘cat’ command is used to create a file Syntax:# cat > filenameexample:# cat > abc.txt(Ctrl +D) is used to save the file.

b. View the content of fileSyntax:# cat filenameExample:#cat abc.txt#cat –b abc.txt

c. Creating DirectoryThe ‘mkdir’ command is used to create directorySyntax:Mkdir [directory_name]Example:# mkdir rajOption used:cd : To change directorycd .. : To come out from directorycd : to jump to root directorycd - : to jump to previous directory

Deleting Files and directory:Syntax:For file:

rm <filename>example:

rm abc.txtfor directorysyntax:

rmdir <directory_name>Note: Only empty directory will be deleted)If we want to delete the tree structure of directory then we need to use the following commandSyntax:rm –rf <directory_name>

wherer = recursivelyf= force

in order to remove non empty directorySyntax:

3

rm –r <directory>

example;rm –r rajthis will remove directory step by step ,first remove sub directory and then finally main directory.

Another method of creating file :Touch : this command is used to create a blank file with size zero.# touch <filename>Example:#touch abc

Copying File and Directory:a. Copy file:

Syntax:# cp [source]filename [destination]

b. Copy directory#cp –r [source]directory [destination]to copy a directory into another directory recursively

c. cp –rf [source]directory [destination]to copy a directory forcely

syntax used for copy file or directory:cp [option] file destinationoption:-I : interactive : ask before overwriting file-r : Recursive-p : Preserve-f : forcely

More than one file can be copied at a time if the destination is directorySyntax:cp [option] file1 file2 file 3 Destination

Moving and Renaming File and Directory

Syntax:# mv : move /rename files and directory

Example:# mv [option] file destination

example:# mv t.txt /home/raj/more than one file can be moved at a time if the destination is a directory

# mv [option] file1 file2 file3 destination

4

Getting Help: The command that are used to get the help are discussed as :

a. WhatisDisplay a short description of command , it uses a database that is updated nightly. Often not available immediately after installation.

Syntax:# Whatis cal

b. HelpDisplay usage summary and argument listSyntax:<command> --helpExample:#Date –help

c. Man and Info:Both provide documentation for command. Almost every command has a “man” page. Collection of pages are called linux manual.# man date# info date

Viewing Text PageSyntax:#less [option] [filename]Example:# less abc.txtscroll with arrows/PgUp /PgDown

/text : search for textn : Next Match

Option:-c : Clear before displaying-s : Squeeze multiple blank lines into a single blank line

Simply we can also use “less” along with pipe | as # ll |less

File and Directory:‘ll’ is used to display the information about the files and directory including date, time, users,group, size, name and permission.Four symbols are used when displaying permission.R : ReadW : WriteX : Execute- : no permission

5

-rwxrwxrwx : filesdrwxrwxrwx : directoryfiles and directory permission are symbolized by ten character.

If we want to change permission, then there are two methods:1. symbolic2. Numeric

1. Symbolic Method:Syntax:Chmod mode directory/filenameMode Option:

1. u,g,o2. w,r,x3. +,-4. =

1. # chmod u+rwx file or directory : in case of user only2. # chmod ug+rwx file or directoty : in case of user and group3. # chmod u+w,g+r,o+x directory/file4. # chmod u+rw,g+rw directory/file5. # chmod u-r, g-w,o-rw directory/file6. # chmod ugo+rwx file/directory7. # chmod ugo-rwx file/directory

+ is used to add permission - is used remove permissionchmod ugo=rw directory/filethis command will assign read/write permission to u,g,osuppose we have one file astest.txtpermission : -r- - r- -r- -chmod u=w,g=wx,o=w test.txtthis command will assign write to user, write/execute to group and write to other while remove the previous permission.The main difference between +,= are + operator simply add the new permission with previous one and = assign the new permission while removing old (new permission overwrite an old)

2. Numeric Method:In this method, calculation are based on following numbersr=4 w=2 x=1 0= no permission

Example:#chmod 777 file/directoryin this case user get 7 means that user has permission of read/write/execute, group get 7 means read/write/execute and ame for other

# chmod 531 file/directory

6

in this case user get 5 means that user has permission of read/execute, group get 3 means write/execute and other get 1 means that other has permission to execute.

#chmod 742 file/directory7 : User : rwx4 :Group : r2 : Other : w

Linux file system:

Figure

Root : it is an home directory of super user (root) administratorEtc : it is the location of all configuration file and directory used for server

configuration or system configurationdev : it is a location of the device filehome : it is a location of home directory or regular usersproc : it is a virtual file system or directory not actually store on the disk and

contain system information# cat /proc/meminfo# cat /proc/cpuinfo

boot : contain kernel and boot related filessys : it is also a virtual directory and contain system informationmedia : it is a mount point of removable disk like cdrom floppy usb drive etc.tmp : it contain all temporary fileusr : it is used for software installationlib : it contain all library filesbin : it is the location of all executable files or command or user command

/usr/bin also contain user commandsbin : it contain all system command or super user command /usr/sbinmnt : it is a mount point for physical hard-disk or partitionopt : optional directory and used for temporary workingvar : it is a variable file system or directory and contain all log and error

message

file system type:Dos : Fat 1695/Xp/2000 : FAT32Xp/NT/2000 : NTFSLinux : EXT2,EXT3UNIX : VXFS

7

Representation Of Media Devices:All the device file are stored in /dev/ Hard disk ; /dev/hdxWhere x isa : /dev/hda : Primary masterb : /dev/hdb : Primary slavec : /dev/hdc : Secondary masterd : /dev/hdd : Secondary slave

In case of SCSI, Sata or USB we will use : /dev/sda

CD-rom:/dev/cdrom/dev/cdrom1/dev/cdrecorder

Floppy:/dev/fd0/dev/fd1

to access partition of windows in linux#mount –t vfat /dev/hdax /mntin order to check the label of any partition#e2label /dev/hdaxwhere x is number

Mounting CD Rom # mount –t auto /dev/hdc /media/cdrom-t : file typeauto : file typein order to check where cdrom is attached we can open the file fstab#vi /etc/fstabnow in case of RHEl 3.0 we have to use command in order to unmount.# umount /media/cdromand then eject the cdromin case of RHEL 4.0 we simply type # eject

Mounting Floppy#mount –t auto /dev/fd0 /media/floppyin case of floppy we have to umount first then only we remove floppy otherwise all content of floppy may be lost or floppy may be physically damaged.# umount /media/floppyMounting USB media :- directed by the kernel as SCSI device/dev/sdaxVi Editor:Using vi , we can create or modify any file

8

Vi, vim EditorVi is the standard file editor for Unix and Vim is the standard file editor for LinuxFor Red hat Linux vi and Vim both are sameThere are three mode of vi editor

1. command mode2. insert mode3. save and Exit Mode1. Command mode is again divided into 3 modea. Cursor movementb. Copy, paste, delete, undoc. Text searcha. Cursor Movement

J : DownK : UPL : RIGHTH : LEFT

b. Copy, paste delete, undodd : delete particular lineyy : copy particular lineu : Undop : pastendd : n is the number of line to be deletednyy : n is the number of line to be copied

c. Text Search/textexample/then

2. Insert ModeOption I, insert, a ,o, O

i : insert mode start at the point where cursor is. Same is used with

insert optiona : insert mode start after one charactero : insert mode start after one lineO : insert mode start before one line

3. Save and Exit:q : Quiet:q! : forcely quiet:wq! : save and forcely quiet:wq : save and exit

9

User and Group Administrator

There are three type of user account in Red hat Linux1. Super user or Administrative account2. Regular user account3. service account

1. Super User created automatically at the time of installation2. Regular user Account;a. Using command line method ‘useradd’ or ‘adduser’ commandb. Graphical method by using Red hat user manager utilitya. # adduser user_name (Recommended : minimum 6 character used in password)# passwd user_name

Example:#adduser rakesh#passwd rakesh Now open the file /etc/passwd to check the entry of user

#vi /etc/passwdit contain 7 entry of each user

1. Username2. Password3. userid4. groupid5. blank (User information field ) comment6. home directory7. login shell

password entry for each user will be stored in /etc/shadow# vi /etc/shadow

now in order to check the Userid, Group we use /etc/login.def# vi /etc/login.defwhen any user account is created then user will get userid, groupid automatically from /etc/login.def5th field is used for user information or comment6th field is used for home directory. When any user is created its default home directory is created inside /home/home/rakesh7th field is login shell. Default shell for user is /bin/bashdifferent shells are used

ksh, sh, csh, tcsh,zshshell is an user interface between user and O.S. linux command shell is a prompt that allow us to interact with our system by executing various command.In order to check the shell available use /etc/shells# vi /etc/shellsin order to get the information about the group we need /etc/group

10

#vi /etc/groupit contain four field

1. Group name2. password3. GroupId4. Member of group

# finger : this command is used to get the information about the user

Syntax:#finger username#finger rakesh

#id : this command is used to get userid, groupid of the user

syntax:#id username#id rakesh

Creating Group:Syntax:

#groupadd groupname#groupadd –g gid groupname

Example:#groupadd raj

Exercise:Create a user that should have uid=1000 shell=sh description and home directory as /dataSol:

#useradd –u 1000 –c rakeshpundir –s /bin/sh –d /data rakesh#passwd rakesh

GrpahicallySystem Setting :-> User & GroupOR#system-config-user

Every user have two group one is elementary group or primary group and secondary group

-g : Primary Group-G : Secondary Group

Creating Group#groupadd g1#groupadd g2

Steps:1. adding group to the user

11

#usermod –g g1 –G g2 rakesh2. To change id of the user#usermod –u 1001 rakesh3. change comment#usermod –c rakeshsingh4. change home directory#usermod –d /rakesh-home rakesh –m5. change shell#usermod –s /bin/bash rakesh6. change user login name#usermod –l newname oldname#usermod –l rajesh rakesh7. Change Group name#groupmod –n newname oldname#groupmod –n group1 g18. change Group id#groupmod –g 2005 group1

Redirecting Input /OutputThe standard Output of command , which normally display on the terminal can be redirected into a file. Similarly standard error, which normally display on the terminal can be redirected into a file.Common redirection operator

> : command>file : output command to file>> : command>>file : Append output of command to file< : command>file : receive input from file2> : command2>file : error from command to file2>> : command2>>file : append

Example:#find /etc –name passwdthis command will search for all file name passwd in /etc and its subdirectoriesnow we can redirtect the standard outpout#find /etc –name passwd > outputoutput is a file where command output will be stored. Standard error is still displayed on the screen#cat outputIf the target file of the file redirection with > already exists, the existing file will be overwritten. To append data to an existing file use >> to redirect instead of >#find /etc –name passwd >> output

Redirecting standard ErrorWe can redirect standard error with 2>#find /etc –name passwd 2>errorfilestandard output is displayed on the screen , redirect further standard error, appending to the same file with 2>>#find /etc/ -name passwd 2>>errorfile

12

#cat errorfile

Symbolic links:A symbolic link point to another file. We can display the link name and the referenced file by ‘ls –l’#ls –l pflrwxrwxrwx 1 root root pf->/etc/passwdfile type: l for symbolic linkthe content of the symbolic link is the name of the file that is referencedSyntax:

Ln –s filename [linkname]Example:

Ln –s /etc/passwd passwordThere are seven fundamental file type- : regular filed : symbolic linkb : block special filec : character special filep : named files : socket

character special file are used to communicate with hardware one character at a time. Block special file is used to communicate with hardware a block of data at a time : 512 bytes, 1024 bytes, 2048 bytesls –l /dev |less { to check c and b files}named pipe type of file that passes data between processes. It stores no data itself socket file are used for inter process communication.

Checking Free Space:In order to check the free and usage space per file system and directory and each sub directory we have two command

a. dfb. du

the ‘df’ command reports on a per file system basis. It report total disk space , disk space used , disk space free#df –h-h : used multipliers such as G or M for gigabytes and Megabytes

The ‘du’ command reports the number of kilobytes contained by the items within a directory #du –s#du –h-s : used to request only the summary directory information#du –s /etc

Aliases:

13

Aliases are shortcut names for large commands. If we have command that run often, but take a considerable amount of typing, we can reduce these to an aliases.Alias c=clearWe can make a permanent entry of alias in .bashrc fileType:#vi .bashrcalias c=`clear`save and exitTest your change by logging out, logging back and type the following#alias#c

Default Permission:The default permission for files is 666 and directory is 777. umask is used to withhold permission. Default root’s umask is 022. without a umask in effect, only file created will have 666 permission and directory will have 777. this means that anyone on the system will have read and write access to any file. A umask of 002 will result in file created with 664 permission and directory with permission 775.Default umask on Red hat enterprise linux is 002. to change#umask 022umask is typically set by script run at login time. The next time you lig in umask will be set bask to your default unless you add command to one of your startup files such as .bashrc.

Run Level:To check the run level we need to see the file /etc/inittab#vi /etc/inittabdefaults run – level used by RHS are0 : hault ( do not set init default to this)1 : single user mode2 : multi user mode without networking3 : multi-user mode with networking4 : unused5 : X11 (Graphical)6 : reboot

#runlevel : this command shows that in which run level you are at present

in init 3 runlevel, if you type command startx to go to the graphical mode then it will not ask you for password.By default we have 6 virtual console (text mode), but we van increase or decrease the number of text mode simply by editing the file /etc/inittab

#vi /etc/inittabline No 18 : id:5:initdefault(we can change this value from 1 to 5 as per our need)

14

Line No 44 :1:2345:respawn:/sbin/mingetty tty12:2345:respawn:/sbin/mingetty tty2...6:2345:respawn:/sbin/mingetty tty6in these line if we add one more line the number of virtual console increase and if we remove one line , virtual console terminal decrease.For adding7:2345:respawn:/sbin/mingetty tty7after editing this file we need to sane and exit#init q : this command is used to activate the change made.

Welcome Message at the time of login:We need to edit the file /etc/motd#vi /etc/motdtype any message which we want to display“WELCOME TO ICON”save and exit

INSTALLATION:Installation can be done either by CDROM , NFS, LAN, FTPPartition type and its size

/ 10000MB/boot 128MB/home 1000MBswap 256 MB ( 1.5 to 2 times more than RAM Size)

to check the RAM size do the following stepCtrl+alt+f7Then type the following#cat /proc/meminfothis command will display the size and other information regarding RAMCtrl+Alt+F7 to return to the installation mode.

Note:While installation we have to make sure that firewall option should be disable

1. No firewall2. Selinux disable

Following Package are needed at the time of installation.Desktop

1. X Window2. GNOME

Application1. Text Editor

15

2. Graphical Internet3. Text Based Internet

Server1. Server configuration tools2. Web Server3. Mail server4. DNS server5. FTP Server6. Network Server7. Legacy Network Server ( in this select Telnet)

System1. Administrative Tools2. System tools3. Printing tools

Max Space Needed : 6132MBMin Space Needed : 681 MB

While Installing Redhat linux 4.0 WS with the help of NFS and FTP, we have to perform the following stepFirst we have to check the rpm of ftp/nfsftp : vsftp-2.0.1…….nfs : nfs-utils-1.0.6……Now copy the disk 1 of the Redhat linux into the folder “/var/ftp/pub”Now copy RPMS of remaining CD’s (Disk 2,3,and 4) inside /var/ftp/pub/RedHat/RPMS/Now we need to configure the exports file.#vi /etc/exports/var/ftp/pub 192.168.0.0/255.255.255.0(rw,sync)save and exitnow start the service#service portmap restart#chkconfig portmap on#service nfs restart#chkconfig nfs on

Now Boot the new system from disk 1 of Redhat linux and typeLinux askmethodChoose language : EnglishKeyboard Type : U.SInstallation Method : NFS ImageNFS Server name : 192.168.0.254NFS Dierctory : /var/ftp/pubAnd continue the installationThere is slightly change in case of FTP

In case of FTP:Boot the system from disk 1 of redhat linux and typeLinux askmethodChoose language : English

16

Keyboard Type : U.SInstallation Method : FTPThen first mentioned your system ip address in order to identify itself in network192.168.0.24255.255.255.0then mentioned the FTP server address as192.168.0.254255.255.255.0mount point : pub ( as in case of FTP the default path is /var/ftp)and continue the installation

Kick StartKick start is one of the automatic installation method. Before making kick start file we need to check the rpmRpm : system-config-kickstartKick start consist of installation wizard which we can configured for another system like general information, root password, package , set the language, keyboard type, network, installation type etc. then save the kick start with any name say nfsks.cfg under /rootSuppose we use NFS type then we have to mentionedNFS Ip address : 192.168.0.254Path : /var/ftp/pubNow we have to edit the file nfsks.cfg by editing one lineSelinux-disableNow we have to configure the file /etc/exports#vi /etc/exports/root 192.168.0.0/255.255.255.0(rw,sync)/var/ftp/pub 192.168.0.0/255.255.255.0(rw,sync)

Now start the service#service portmap restart#chkconfig portmap on#Service nfs restart#chkconfig nfs on#service dhcpd restart#chkconfig dhcpd on

Now boot the new system by Disk 1 of RedHat linuxAnd typeLinux ks=nfs:192.168.0.254:/root/nfsks.cfgAnd continue the installation

RPM (RedHat Package Manager)RPM package contain the file and directories associated with specific application and program.

17

RPM namegenerally includes version, release and architecture for which it was build.LikeZip-2.3-8.i386.rpm

To install RPM:#rpm –i rpm_name

To Remove RPM#rpm –e rpm_name

In order to remove those package which has dependency#rpm –e rpm_name –nodeps

Switches used with RPM-i or --install-e or --erase-U or--Upgrade-F or --Freshenwe can install rpm by using#rpm –ivh rpm_name-I : Install-v : Verbose-h : Human view (Hash Sign)

To Upgrade RPM:#rpm –U rpm_name

To repair any corrupted rpm package#rpm –F rpm_name

To make any rpm query#rpm –q rpm_name

To check all rpm of related pacakes#rpm –qa |grep rpm_name

To check particular file associated with which rpm# rpm –qf /etc/passwdpasswd file is associated with setup-2.5 rpm

To check the rpm containing which file#rpm –ql rpm_namethis command will list all the file associated with particular rpm.

To get the information about the particular rpm.#rpm –qi rpm_name

To Install any rpm forely#rpm –ivh rpm_name –force

18

Installing dependent packages:Suppose we have 4 rpm’s r1,r2,r3 and r4 , we need to install r4 but r4 depends on remaining rpm’s then we use this command.

To check any rpm’s query#rpm –qa “sendmail*”

To check rpm’s of related service#rpm –qa |grep bind

Task Automation and Task SchedulingIt is used to perform the task at particular timeTwo command are used

a. atb. crontab

syntax:#at timeat>command Iat>command IIctrl+D

Example:#at 10:30at>ejectat>eject –tctrl+D

Option used#at now#at now+5 minutes#at now+5 hours#at now+5 days#at tomorrow#at 10:30 july 16 2006we can also restrict the user not to use the ‘at’ command. Restriction will be provided by root login with administrator.#vi /etc/at.denyinside this file we have to just mentioned the name of the user in order to restrict him not to use ‘at’ command. Just save and exit form the fileBy default all users are allowed to use ‘at’ command. ‘at.deny’ is default in system. We can also create a file ‘at.allow’ file. Once we create this file, now by default all users will be restricted to use ‘at’ command and only that user which have entry on ‘at.allow’ will allow to use the ‘at’ command.Another method is to make an entry inside the ‘crontab’ file. Entry will be done by the root. Difference between these two method is crontab is used to

19

perform the same task many times whereas job through ‘at’ command will be removed after the task has been performed.

Syntax: ( By root login)#crontab –esix field are listed1 2 3 4 5 6minute hour day of Month day of

commandmonth Week

Example:35 10 31 05 3 eject36 10 31 05 3 eject –t

Minute : 0-59Hours : 0-23Day of Month : 1-31Month : 1-12Day of Week : 0-70 and 7 are Sunday

#service crond restart

#Whereis ejectthis command display the path of the command. It is better to use the full path of the command inside crontab instead of just the name of the command.We can also make the entry as35 10 * * * eject36 10 * * * eject –t

In this case. These two jobs will be performed at 10:35 in every month.Some command which are executed with ‘at’ or ‘crontab’ send their output to the user mail box. These command are executed on background and their output is transferred to the particular user’s mail box. In order to see the output of the command we use.#muttThis command will open the mailbox from where we check the outputSome of the switched used with the ‘crontab’ #crontab –lList out all the job scheduled in crontab.

#crontab –rCan remove the job from the crontab.

#atq : list the job number scheduled in at#atrm jobno : to remove any job

Fdisk:

20

Representation of Hard disk/dev/hdx/dev/had : Primary Master/dev/hdb : Primary Slave/dev/hdc : Secondary Master/dev/hdd : Secondary slaveFdisk command is used to create a partition#fdisk –lDisplay the partition ListingCreating Partition#fdisk /dev/hadPress(m for help): m

Some important switches areD : delete partitionN : NewL : listingQ : quitW : Save and ExitT : changed type Press : nl : Logical (5 or above)p: Logical partition( 1-4)Type lFirst cylinder (Take as default): Press EnterLast Cylinder or +size or +sizeM or +sizeK (….) : +100MCommand (m for help) : w# partprobe( to update the partition table without restarting the computer)

Now we need to format the partition#mkfs.ext3 /dev/hdaxWhere x is the number of partition that is newly createdNow we mount this partition#mkdir /partx#mount –t ext3 /dev/hdax /partxOr#mount /dev/hdax /partxTo mount this partition permanently make the entry in fstab#vi /etc/fstab/dev/hdax /partx ext3 defaults 1 2

Increasing the Size of Swap PartitionThere are possibilities that any time we can increase the size of RAM, at that time we need to increase the size of swap partition as per the increased size of the RAM.

21

There are two method of doing soa. creating partitionb. Creating file

A. Creating Partition:i. We have to create one partition of size say 200MB and change its

type to 82 (swap type) . save and exit and then run the command “partprobe”

ii. Format the partition say /dev/hda9#mkswap /dev/hda9

iii. Make the swap partition active#swapon /dev/hda9

iv. to check the entry of swap partition# cat /proc/swaps

If we want to make the permanent entry in fstab then#vi /etc/fstab/dev/hda9 swap swap defaults 0 0

B. Creating filei. first make an empty file

#touch /swpii. Now we customize the size of the swap

# dd if=/dev/zero of=/swp bs=1M count=200iii. Format the newly created swap file

#mkswap /swpiv. Active the swap file

#swapon /swpTo check the entry of swap file#cat /proc/swapsIf we want that automatically this swap file activate , we need to make the entry in /etc/ec.local# vi /etc/rc.localMake the following entrySwapon /swpSave and exit

User Quota:Monitoring and controlling disk space usage is another important part of a system administrator tasks. User quota is used to restrict the amount of disk space on each partition by each user.Steps

1. Edit the file /etc/fstab# vi /etc/fstabSearch the following line “LABEL=/home /home etx3 defaults 1 2”Just add ‘usrquota’ after the word ‘defaults” as“LABEL=/home /home ext3 defaults,usrquota 1 2”

2. Remount the home partrition# mount –o remount /home

22

Where –o I used to active comma separator used in fstabAfter given a quota we must remount the directory with user quota or if we restart the system , it automatically remount.

3. Now check the mount quota# quotacheck –avumWhere

-a : Scan file system with quota enabled-v : Verbose mode-u : Scan for user quota-m : Remount file system with quota enabled

4. Now check the /home#cd /home#lsFile aquota.user will created)

5. Now add quota for particular user# edquota –u usernameOutput of this commandFile System Block soft hard inode soft hard/dev/hda2 24 0 0 9 0 01 block=1KbyteSuppose we set the userquota by block size i.e we set the soft limit to 3000 and Hard limit to 4000 i.e. 3M and 4M/dev/hda2 25 3000 4000 9 0 0Block and inode has a grace period of 7 days ( by default)

We can set the quota either by setting blocks soft and hard limit of inode ( Number of maximum file created)

6. Make the quota on# quotaon /home

7. We can generate the quota information #repquota /home

Note:We can generate the file of big size to check the quotaSyntax:#dd if=/dev/zero of=bigfile bs=1M count=3To check the quota for particular user after login#quotaTo set the grace period for particular user#edquota –T username

To assign quota of one user to another user#edquota –p user1 user2

We can also set the quota for particular user by using following command.#setquota -u username 2000 3000 20 25 /home

23

LVMLogical Volume manager

LVM is an extensible partitioning tool using which we can modify or resize any partition without changing our existing data.

/dev/hdaxFigure

/dev/hdax

In order to create LV ( logical volume) we need to create a partition.#fdisk /dev/hadPress( m for Help): nl : logicalp : PhysicalType ‘l’First Cylinder : Press EnterLast Cylinder (+sizeM or +sizeK) : +100MCommand : t : t for change the typePartition no : x : x is the number of partititonType : 8e : 8e for LVMCommand : w#partprobe

Now we create a Physical Volume (PV) #pvcreate /dev/hda8Display the PV Information#pvdisplayNow we create Volume group#vgcreate Vg00 /dev/hda8Display the Vg information#vgdisplayFinally we create a logical volume#lvcreate –n lv00 –L+50M vg00Where -n : logical name-L: sizeDisplay the LV information#lvdisplayAfter creating the logical volume, we need to format#mkfs.ext3 /dev/vg00/lv00Finally we mount it on /lvm#mkdir /lvm#mount /dev/vg00/lv00 /lvm

Extending the size of LVM#lvextend –L+50M /dev/vg00/lv00

24

After adding we need to run ext2online command in order to assign file system type to the added size#ext2online /dev/vg00/lv00

Reducing the size of LVM#lvreduce –L-20M /dev/vg00/lv00If the size of the logical volume is full and we need more space to store data we need to create new partition , change its type to LVM by ‘8e’ then create the physical volume and add that with volume group (vg00)#vgextend vg00 /dev/hda9After that extend the size of logical volume In order to delete the logical volume#umount /lvm#lvremove /dev/vg00/lv00#vgremove vg00#pvremove /dev/hda9#pvremove /dev/hda8Then finally using the fdisk remove hda8 and hda9

RAIDRedundant Array Of Inexpensive Disk

RAID is a series of disk which can save your data even if there is catastrophic failure on one of the diskRAID are classified as RAID0, RAID1 and RAID 5RAID 0 : require minimum 2 HDD and also known as stripping without parityRAID 1: require minimum 2 HDD and also known as disk mirroringRAID 5: minimum 3 HDD requirement and also known as stripping with parity

First we create the two partition say each of 100MB and then change its type to (‘fd’) Raid Now we create a RAID#mdadm –C /dev/md0 –level=1 –raid-disks=2 /dev/hda8 /dev/hda9Now check the raid#cat /proc/mdstat‘OR’#mdadm --detail /dev/md0Format the newly created RAID#mkfs.ext3 /dev/md0Now mount it #mkdir /raid#mount /dev/md0 /raidIn order to check first we fail any one of the partition#mdadm --manage /dev/md0 --fail /dev/hda8Check the status of the RAID#mdadm --detail /dev/md0Removing the failure partition#mdadm --manage /dev/md0 --remove /dev/hda8

25

To add new disk partition#mdadm --manage /dev/md0 --add /dev/hda10

Note:In order to add new partition first we create the partition and change its type to ‘fd’

Introduction to System ServiceEvery computer that connect to network require some IP address assign permanently to a computer host known as static IP address and some IP address leased by DHCP server for a limited period of time known as dynamic IP address.There are 2 standard IP address

1. IPv42. IPv6

IPv4 has a 32 bit and are in Octet-doted decimal listsExample: 192.168.254.254IPv6 address have 120 bits

To check the connectivity#ping 172.24.254.254To check the IP address#ifconfigTo set the IP address#netconfigOr#vi /etc/sysconfig/networkOr#vi /etc/sysconfig/network-scriptd/ifcfg-eth0Device = eth0Boot Proto = staticOnboot = yesIPaddr = 172.24.0.2Netmask = 255.255.0.0Gateway = 172.24.254.254

To make Network UP and DOWN#ifdown eth0#ifup eth0We can also assign temporary IP address to a LAN card. It will remain until we restart the computer then after that it will take IP address from ifcfg-eth0#ifconfig eth0 172.24.0.10

Introduction To System ServiceAccording to the service management, service are divided into three category

1. service which are managed by init command, which are not TCP/IP services

2. service which are managed by service command

26

3. service which are based on xinetd that is some back ground process services

to check the service whether ON or OFF use#service service_name status#chkconfig –list#chkconfig –list service_name

Example:#service nfs status#chkconfig –list#chkconfig –list nfs

To Make service ON or OFF#chkconfig nfs on#chkconfig nfs off

To stop the particular service for particular Run level#chkconfig –level 3 nfs off#chkconfig –level 3 5 on/offTo make on or off in run level 3 and 5

#ntsysv : will start /stop all the services in a particular run level. It will display the dialog box in which all the services are mentioned

DHCPDynamic Host Configuration Protocol

DHCP provides IP address to host computer dynamically by the range of addresses or statically or fixed address by MAC address

Service ProfileType : System V managed ServicePackage : dhcpDaemon : dhcpdScript : dhcpdFile : /etc/dhcpd.confPort : 67,68

First check the rpm#rpm –q dhcpCopy and rename dhcpd.conf.sample to dhcpd.conf in /etc#cp /usr/share/doc/dhcp-3.0.1/dhcpd.conf.sample /etc/dhcpd.confNow open file#vi /etc/dhcpd.conf

Set the following configurationSubnet : 172.24.0.0;Netmask : 255.255.0.0;Option router : 172.24.254.254;Option subnet-mask : 255.255.0.0;

27

Option nis-domain : “RHCE”;Option domain-name : “example.com”;Option domain-name-server : 172.24.254.254;

Range dynamic-bootp 172.24.0.1 172.24.0.10Save and exitStart the service

#service dhcpd restart#service portmap retstart

#chkconfig dhcpd on#chkconfig portmap on

Client Side#dhclientDhclient is used to give the request to dhcp server to assign an address to clientNow if we want to assign the static IP address by their MAC address

#vi /etv/dhcpd.confSet the following configuration

host stationX {hardware Ethernet 00:34:e3:5r:q1:34;

fixd-address 172.24.0.54;wherex : Station number

NFSNetwork File System

NFS server is used for file sharing and directory sharing between linux to linux machine

Service ProfileType : System V-managedPackage : nfs-utilsDaemon : rpc.rquotad, rpc.statd.nfsdScript : nfsPort : 2048Configuration File : /etc/exports

Check the rpm# rpm –q nfs-utils

Server SettingFirst make the folder which you want to share

28

#mkdir /share#cd /share#touch a d f#chmod o+w a bNow open the configuration file#vi /etc/exportsMake the following entry

/share172.24.0.0/255.255.0.0(rw,sync)

Save and exit

/share will be shared by the entire network

Start the service#service portmap restart#chkconfig portmap on#service nfs restart#chkconfig nfs onNote:We need to restart the service portmap before nfs service in order to assign port number.To check#showmount –e 172.24.254.254#showmount –e server1

ClientMount the /share directory on client machine#mount –t nfs:172.24.254.254:/share /mntWhere /mnt is a mount point

For sharing particular IP addressServer:#vi /etc/exports/share172.24.0.3/255.255.0.0(rw,sync)/share172.24.0.4/255.255.0.0(rw,sync)

For two different network#vi /etc/exports/share172.24.0.0/255.255.0.0(rw,sync)/share172.25.0.0/255.255.0.0(rw,sync)

For all world#vi /etc/exports/share*(rw,sync)If we give a space between the network and (rw,sync), then it will mount for everyone#vi /etc/exports/share172.24.0.0/255.255.0.0 (rw,sync)

29

If we give no permission then it will take (ro,sync)

#export –r#export –a#export –arIf we run this command then there is no need to restart portmap and nfs again and again.

NISNetwork Information Service

NIS provide simple directory service for system and account information. NIS server is used to manage the system and account information on multiple system from the central server.

Service ProfileType : system V managePackage : Server

Portmap ypserv makeClient

Authconfig authconfig-gtk portmap yp-tools ypbindDaemon : rpc.ypserv rpc.yppasswdddScript : ypserv, yppasswddConfiguration : /etc/sysconfig/network

/var/yp/Makefile

Server Setting:Steps

1. Check the rpm’s

#rpm –q portmap ypserv make

2. Edit the file

#vi /etc/sysconfig/networkDefine the following lineNISDOMAIN=ICONSave and exit

3. Edit the file

#vi /var/yp/MakefileSearch for “/all: “ lineRemove all the entry exceptall: passwd group hosts netidsave and exit

4. Start the service

30

#service portmap restart#chkconfig portmap on#service ypserv restart#chkconfig ypserv on

5. Now create a database for NIS server# /usr/lib/yp/ypinit –m

-m : Master

6. Now create a user with home directory /rhome/nisuserX#mkdir /rhome#adduser –d /rhome/nisuser1 nisuser1#passwd nisuser1

7. Make the entry of the home directory of user in /etc/exports file#vi /etc/exports

/rhome/nisuser1 172.24.0.0/255.255.0.0(rw,sync)

Save and exit

8. start the service#service portmap restart#chkconfig portmap on#service nfs restart#chkconfig nfs on#service yppasswdd restart#chkconfig yppasswdd on

9. Finally Update the database#cd /var/yp#make

Client Setting:1. Check the rpm’s

#rpm –q portmap authconfig authconfig-gtk yp-tools ypbind

2. Run the command#authconfigOr#system-config-authentication

In this enable and write the following option“Enable NIS option” and Press F12In NIS SettingDomain : ICONServer : 172.24.254.254

3. Edit Two File “auto.master” and “auto.misc”

31

#vi /etc/auto.master

/rhome /etc/auto.misc --timeout=60This file define the path of the home directory

#vi /etc/auto.misc

Nisuser1 -rw,soft,intr 172.24.254.254:/rhome/nisuser1Save and exit

4. Start the service#service autofs restart#chkconfig autofs on

5. Run the following command to check the password#ypcat passwd#getent passwdypcat will display the entry of server user informationgetent will display the entry of local and server user information

6. Finally login with user as “nisuser1” and passwd

DNSDomain Name Server

DNS translate IP address to hostname or vise versa

Service Profile

Type : System V managePackage : bind, bind-chroot, caching-nameserver, bind-utilsDaemon : namedScript : namedConfiguration file:

/var/named/chroot/etc/named.conf/var/named/chroot/var/named/*

Port : 52 (UDP), 53 (TCP)

Server Setting1. Edit the file named.conf

#vi /var/named/chroot/etc/named.confEdit the line after copying line N 37 to line 47Zone “example.com”{

Type master;File “example.zone”;

32

Allow-update {none;} ;};Zone “24.172.in-addr.arpa”IN{

Type master;File “example.local”;Allow-update {none;};

};

2. Now Enter inside the following directory#cd /var/named/chroot/var/namedMake two file by copying #cp localhost.zone example.zone#cp named.local example.local

3. Edit the file example.zone$TTL 86400@ IN SOA server1.example.com. root.server1.example.com. (

……….……….……….……)

@ IN NS server1.example.com.254.254 IN PTR server1.example.com.1.0 IN PTR station1.example.com.2.0 IN PTR station2.example.com.4.0 IN PTR station3.example.com.Note:Like this we can make entry all the stations connected to that network

Save and exit

4. Edit example.local file#vi example.local$TTL 86400@ IN SOA server1.example.com. root.server1.exampler.com (

………………………………….)

@ IN NS server1.example.com.Server1 IN A 172.24.254.254Station1 IN A 172.24.0.1Station2 IN A 172.24.0.2Station3 IN A 172.24.0.3Station4 IN A 172.24.0.4www IN CNAME server1www1 IN CNAME station1www2 IN CNAME station2www3 IN CNAME station3www4 IN CNAME station4

33

save and exit

5. Start the service#service named restart#chkconfig named on

6. Dig the server#dig server1.example.com#nslookup server1.example.com#nslookup 172.24.254.254

7. Check the file /etc/hosts file

DNS Client

Open the file and check the setting#vi /etc/resolv.confNameserver 172.24.254.254Search example.com

Savce and exit

Now finally use the Dig and nslookup command to check the DNS from client side

TermIN : InternetSOA : Start Of AuthorityTTL : Time to LineNS : Name serverA : Address RecordPTR : Pointer RecordMX : Mail serverSOA is the first line in the zone file. It identifies the name server as the authoritative source for information about this domainTTL indicate how long to hold the data in their cacheNS shows the name of name serverA shows the IP address for name serverMX is a mail Exchange recordPTR is used to point to the name serverCNAME is CONONICAL name shows the real name of the host

Squid Proxy Server

Proxy server is used for Internet Sharing

34

Server Profile

Type : System V managePackage : SquidDaemon : SquidScript : SquidConfiguration : /etc/squid/squid.confPort No : 8080 , 3128

Steps

1. Check the rpm’s#rpm –q squid

2. Edit the file squid.conf#vi /etc/squid/squid.confLine number 54http-port 8080

Line number 481cache-mem 100MB

Line number 1805 (syntax : acl acl_name acl_type network or domain)acl icon src 172.24.0.0/255.255.0.0

Line number 1865http-access allow icon

In order to deny we writehttp-access deny aclnameLikehttp-access deny icon

If we want to restrict any siteSyntax : acl aclname acltype Name or domainExample:acl icon1 dstdomain .hotmail.com

Start the service#service squid restart#chkkconfig squid on

Client Side:1. Click on Mozilla Web Browser2. Click editPreferences3. Click on “Connection Setting”4. Select “ Manual Proxy Configuration”

Http Proxy : 172.24.254.254 Port 8080

35

Send MailSendmail is used to configure the mail server on the server in order to send and receive the mail.

Service Profile

Type : System V managePackage : sendmail, sendmail-cf, procmail, mutt , m4Daemon : sendmailPort : 25Configuration File : /etc/mail/sendmail.mc

/etc/mail/sendmail.cf/etc/mail/access/etc/aliases

Steps:1. Edit the file sendmail.mc

Line number 105DAEMON-OPTION(……………………….)

Disable this line by addingdnl#

2. Now create a new sendmail.cf file through sendmail.mc#m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

3. In order to allow / restrict other network or client or any user to send mail we edit file /etc/mail/access

#vi /etc/mail/access172.24 OK172.24.0.4 REJECTroot@station6.example.com DISCARDOK : AllowREJECT : restrict and message reply will comeDISCARD : restrict and message reply will not come

4. In order to redirect the mail of any user to another we edit#vi /etc/aliasesRoot : raj,rakesh,root@station6.example.comAfter editing this file, we need to run the ‘newaliases command to update the file#newaliases

5. Start the Service#service sendmail restart#chkconfig sendmail on

6. To check the mail#muttIf any problem come that /var/spool/mail/root does not exits then create a file by

36

#touch /var/spool/mail/root

CUPSCommon Unix Printer System

UPS is the primary printing system under Re Hat Enterprise Linux. CUPS support a new Internet Printing Protocol (IPP), based on HTTP/1.1

Configuration

Steps:1. Type the following command

#printconfigOr#system-config-printer

AssignQueue name: xyzDevice name : IPPSelect Printer Driver “ raw printer queue”Server : server1.example.comPath for the Queue Directory : /printer/xyz

And finish the Wizard

2. Check the status of the Queue#lpq

3. To Print any file#lp <filename>#lpr <filename>

4. To remove any job#lprm job_numberOr #cancel job_number

5. To check status with job number#lpstat

FTP:File Transfer Protocol

FTP provides file sharing between linux to linux , linux to Unix and Linux to Windows

37

Service Profile

Type : System V managePackage : vsftpdDaemon : vsftpdScript : vsftpdConfiguration File : /etc/vsftpd/vsftpd.confPort : 21

FTP service provide two level of accessa. Anonymous Accessb. User Access

AIn Anonymous access client machine can connect to target machine

via users FTP and anonymous. In this case we don’t require password. By default these users have only permission to download (get)

BIn user access, client machine connect to Target machine by having

username and password on Target machine

For anonymous user FTP working directory is ‘/’/ = /var/ftp

We can also provide user level security We have two files#vi /etc/vsftpd.ftpuser#vi /etc/vsftpd.user_list

User entry in these two file are not allowed to access ‘ftp’If we want that user entry in vsftpd.user_list can only access ftp server then we need a entry in vsftpd.conf#vi /etc/vsftpd/vsftpd.confAdd following line

Userlist-deny = No

In order to assign upload permission to ftp and anonymous users

#vi /etc/vsftpd/vsftpd.confAnonymous-enable = yes

#uncomment line 27Anon-upload-enable = yes#uncommentChown-uploads = yesChown-username = daemon

Now create a directory inside /var/ftp#mkdir upload

38

#chmod 777 uploadChgrp ftp uploadAssign group owner ship to ftp to ‘upload’ directory

Start the Service

#service vsftpd restartAccess FTP#ftp 172.24.254.254For Anonymous userUsername = ftpPassword =`press Enter`

For User AccessUsername = rakeshPassword = *****

In Graphicalftp://rakesh@172.24.254.254

To upload: putTo download : getExample:

#put <filename> to upload any file in user home directory#get <filename. To download any file from user home directory

We can also open ftp server as#elinks ftp://172.24.254.254

APACHE WEB SERVERApache Web Server is used for Web Hosting. With the help of Apache we can host multiple Website.

Service Profile

Type : System V ManageDaemon : httpdScript : httpdPort : 80Package : httpd, portmap

Configuration File : /etc/httpd/conf/httpd.conf

Steps:

1. Check the rpm#rpm –q httpd

39

2. For multiple Hosting we need to uncomment line number 1003NameVirtualHost 172.24.254.254:80Now copy line No 1016 to No. 1022 and paste at last

<VirtualHost 172.24.254.254:80>ServerAdmin root@server1.example.comDocumentRoot /wwwServerName server1.example.com</VirtualHost>

Save and exit

Now create a directory#mkdir /www#cd /www#vi index.html

Now start the service #service httpd restart#service portmap restart#chkconfig httpd on#chkconfig portmap on

Now dig the site#dig server1.example.com#elinks http://server1.example.comRestriction For User to Access Web site

#vi /etc/httpd/conf/httpd.conf<VirtualHost 172.24.254.254:80>

ServerAdmin root@server1.example.comDocumentRoot /wwwServerName Server1.example.com<Directory /www>

Option Indexes IncludesAllowOverride Authconfig

</Directory></VirtualHost>

Now create one file .htaccess in /www#vi /www/.htaccessAuthName “allow users”AuthType BasicAuthUserFile /etc/httpd/ht.accessRequire valid-user

Save and Exit

Now create one user#adduser raj

40

#htpasswd –c /etc/httpd/ht.access raj#chgrp apache /etc/httpd/ht.access

Start the Service#service httpd restart#chkconfig httpd on

#elinks http://server1.example.com

Open SSH Server

SSH or Secure Shell is used for the purpose of remote login between linux to linux and linux to Unix. The main difference between SSH and telnet is that SSH can be used for file transfer.

Service Profile

Type : System V managePackage : open ssh, open ssh-server, openssh-clientDaemon : sshdPort : 22Script : sshdConfiguration File : /etc/ssh/sshd-config

If you want root should not login then#vi /etc/ssh/sshd-configLinePermitRootLogin NoUncomment line number 13 and 14Port 22Protocol 2,1Save and exit

Start the service#service sshd restart#chkconfig sshd on

#ssh raj@172.24.254.254 ( by User)#ssh 172.24.254.254 (By root)If you want to display any welcome Note at the time of connecting#BannerBanner /etc/banner

If you want to copy file from ssh server to client#scp 172.24.254.254:/root/install.log /mnt

41

If you want to directory#scp –r 172.24.254.254:/root/raj /mnt

If you want to copy file from client machine to ssh server#scp /root/anaconda-ks.cfg 172.24.254.254:/root

Remote shut down#ssh 172.24.0.6 init 6OrSlogin command can also be used

SambaSamba can be used to share file and printer between linux to linux, linux to Unix and Linux to windows

Service Profile

Type : System V ManagePackage : Samba, samba-common, samba-clientDaemon : smbd, nmbdScript : smbPort : 167,168,169Configuration file: /etc/samba/smb.conf/etc/samba/smbpasswd

Edit the file smb.conf#vi /etc/samba/smb.confWorkgroup = CORPServer String = SambaHost allow = 172.24.254.254/255.255.0.0Then copy last 8 line[raj]Path = /dataValid users = raj rakeshPublic = noWriteable = yesBrowse able = yesSave and exit

Now create a Users#adduser raj#adduser rakesh

#smbpasswd –a raj#smbpasswd –a rakesh

Start the service#service smb restart#chkconfig smb on

On client side

42

#smbclient //172.24.254.254/raj –U raj

GUISmb://172.24.254.254

Mounting share folder#smbmount //172.24.254.254/data /mnt –o username=rakesh

IP ForwardingIn Linux, we can’t use a computer with two network interface to route between two or more subnet. To be able to do this we need to make sure that we enable IP forwarding. We should make sure that module is loaded. To check type#cat /proc/sys/net/ipv4/ip-forwardIf forwarding is enabled, the number 1 is returned. If forwarding is not enabled, the number 0 is returned.To enable IP forwarding#vi /etc/sysctl.confLine no.7

Net.ipv4.ip_forward = 1Save and exitTo activate permanently

#sysctl –pOr another method is#echo 1 >/proc/sys/net/ip_forwardThis work for temporary use till system is ‘ON’

Now for the first network#netconfig

IP address : 172.24.254.254Subnet : 255.255.0.0Default Gateway : 172.25.254.254Primary server : 172.24.254.254

Second network#netconfig –d eth0:1 (-d : virtual)

IP Address : 172.25.254.254Subnet : 255.255.0.0Default Gateway : 172.24.254.254Primary Server : 172.24.254.254

Security PoliciesAccording to the service management, there are three type of security policies

1. Security within a service2. security provided by TCP wrappers

43

3. security provided by xinetd

TCP WrappersConfiguration needed two file

a. Hosts.allowb. Hosts.deny

By default all are allowed

Check the rpm#rpm –q tcp_wrappersSyntaxDaemon_list : client_list

Example 1: Network 172.24.0.0 are not allowed to use ftp service#vi /etc/hosts.denyVsftpd: 172.24.0.0/55.255.0.0

Example 2 : allowing 172.24.0.0 and deny outside network (172.25.0.0)#vi /etc/hosts.allowVsftpd: 172.24.0.0/255.255.0.0

#vi /etc/hosts.deny

Vsftpd: 172.25.0.0/255.255.0.0

In order to deny other networkVsftpd: ALL

Deny other network except 172.24.0.0In this case just make entry in hosts.deny

#vi /etc/hosts.denyVsftpd: ALL EXCEPT 172.24.0.0/255.255.0.0

Similarly we can make entry for SSH, IMAP, and POP3

Example 3: Network 172.26.0.0, 172.24.0.1, 172.24.0.2 allowed to use SSH service#vi /etc/hosts.allowSshd : 172.24.0.1 172.24.0.2 172.26.0.0/255.255.0.0

Example 4: Network example.com, redhat.com allowed to use telnet service#vi /etc/hosts.allowIn.telnetd : .example.com .redhat.comOr we can assign station wiseIn.telnetd : station1.example.com

Example 5: Allowing 172.24.0.0 except 172.24.0.1 to use ssh service and disallowing all other network#vi /etc/hosts.deny

44

Sshd : ALL EXCEPT 172.24.0.0/255.255.0.0 EXCEPT 172.24.0.1 Some of the daemon areImapdIpop3dSmbd, nmbd

TelnetTelnet service is used for the purpose of remote login between linux to linux, linux to unix and linux to windows

Service Profile

Type : xinetdPackage : telnet-server, telnetDaemon : based on xinetdScript : based on xinetdConfiguration : /etc/xinetd.d/telnet

Check the rpm#rpm –q telnet-server telnet

Edit the file#vi /etc/xinetd.d/telnetMake

Disable = noSave and exit

Start the service#service xinetd restart#chkconfig xinetd on

Security setting1. For particular system

#vi /etc/xinetd.d/telnetOnly_from = 172.24.0.6

Save and exitBy default all node in a network can access through telnet

2. For range of node#vi /etc/xinetd/telnetOnly_from = 172.24.0.{1,2,3,4}

3. Deny particular node#vi /etc/xinetd/telnet

45

No_access = 172.24.0.6

Time setting#vi /etc/xinetd/telnetAcees_time = 04:15=04:30

If we want to login with username as root and by default we cannot#vi /etc/securettyAdd two linePts/0Pls/1

Configuration of POP3 and IMAPIMAP is used for the authentication and POP3 is used for mailingWe need to configure#vi /etc/dovecot.confUncomment line No. 14Protocols = imap imaps pop3 pop3sSave and exitStart the service#service dovecot restart#chkconfig dovecot on#chkconfig xinetd onNow in order to provide securityAllowing local network to access the pop3 and imap and disallowing other#vi /etc/hosts.allowIpop3d : 172.24.0.0/255.255.0.0Imapd : 172.24.0.0/255.255.0.0

#vi /etc/hosts.denyIpop3d : ALLImapd : ALL

These permission are set when host from local network can access pop3 and imap and hosts from other network does’nt allow

In order to disallow outside network say 172.25.0.0Ipop3d : 172.25.0.0/255.255.0.0Imapd : 172.25.0.0/255.255.0.0

To check the status#nmap stationxOr#namp localhost

Digital Certification

46

Certificate is used for the purpose of authenticationSteps

1. Check for devecot.pem file in#cd /usr/share/ssl/certs#rm dovecot.pem#make dovecot.pemIn this we have to make the following entries

a. countryb. statec. streetd. company and unit namee. station namef. email address

after making all those entry we need to copy this file#cp dovecot.pem /usr/share/ssl/private/dovecot.pemOverwrite : yesTo check the status or entry#openssl x509 –noout-subject </usr/share/ssl/private/dovecot.pem

Low Level FormatThe command ‘shred’ is used for low level format 25 times, we can’t recover files after this#shred /dev/had

UMaskUser MaskDefault value for root = 0022Default value for users = 0002When we create any new file. The default value will be 666. in this case Umask means 666-002 = 664 for normal user and for the root the default value will be 666-022=644The default value for a directory is 777. in this case umask means that whenever we create new directory, the default valkue for normal user 777-002 = 775 and for root, the default value 777-022 = 755

Remote Installation

Documentation for linux remote installation with pxe boot rom client1. TFTP Server2. DHCP Server3. CD No. 1 of Redhat Linux

Steps:

47

1. First install the TFTP Server and DHCP Server2. Copy all the files from CD1 isolinux folder to /tftpboot/linux-install

folder (Syntax as follow)#cp /media/cdrom/isolinux/* /tftpboot/linux-install

3. After copying above files copy as following from ftpdboot folder#cp /tftpboot/linux-install/isolinux.cfg /tftpboot/linux-install/pxelinux.cfg/defaultNote 1: remember we are copying isolinux.cfg file and also renaming it to default (***default**** is a filename)

Note 2: in above guidelines our motive is to copy all bootable files from the CDROM to TFTP folder which are required for remote boot.

Now all TFTP configuration is completeTFTP Service is xinetd depended service, so first of all we have to on TFTP Service as follow

#chkconfig tftp on(note : it will permanent ‘ON’ tftp service and also work after computer restart)#service xinetd restart(note : it will start all subservices which are dependent on xinetd master service , includingtftp also)

DHCP Server Setting for Remote Boot

Step 1: install DHCP ServerStep 2: Edit DHCPD.conf file as follow

#vi /etc/dhcpd.confDhcpd file will be as follow

Subnet 172.24.0.0 netmask 255.255.0.0{Option domain-name “example.com”Option domain-name-server 172.24.0.254

Range dynamic-bootp 172.24.0.1 172.24.0.10Filename“/linux-install/pxelinux.0”;}

Restart the Service #Service dhcpd restart

Note:To make installation more easy we can also implement kick start along with TFTPSome Important File Settings:

1. GRUB.CONFGRUB stands for GRand Unified Bootloader. It is the default boot loader used by Red Hat Linux

48

Grub.conf file found in /boot/grub/grub.conf and its symbolic links found in /etc/grub.conf

#vi /etc/grub.confDefault = 0Timeout = 5Splash image=(hd0,0)/grub/splash.xpm.gzHidden menuTitle Redhat LinuxRoot (hd0,0)Kernel /vmlinuz-2.6.9-5.EL ro root=LABEL=/ rhgb quietInitrd /initrd-2.6.9-5.EL.img

2. INITTAB FILERun level setting are done in inittab file. Inittab found in/etc/inittab#vi /etc/inittabid:5:initdefault:si::sysinit:/etc/rc.d/rc.sysinitl0:0:wait:/etc/rc.d/rc 0l1:1:wait:/etc/rc.d/rc 1l2:2:wait:/etc/rc.d/rc 2l3:3:wait:/etc/rc.d/rc 3l4:4:wait:/etc/rc.d/rc 4l5:5:wait:/etc/rc.d/rc 5l6:6:wait:/etc/rc.d/rc 6

ca::ctrlaltdel:/sbin/shutdown –t3 –r now *1:2345:respawn:/sbin/mingetty tty12:2345:respawn:/sbin/mingetty tty23:2345:respawn:/sbin/mingetty tty34:2345:respawn:/sbin/mingetty tty45:2345:respawn:/sbin/mingetty tty56:2345:respawn:/sbin/mingetty tty6

X:5:respawn:/etc/x11/prefdm –nodaemon

Setting Grub PasswordTwo method are used to set grub passwordMethod I:#vi /etc/grub.confBelowHiddenmenuPassword = redhatThis password is not in encrypted form.

Method II: Encrypted form#grub-md5-crypt >>/etc/grub.confEnter two times the password

49

In this case the password will be encrypted and directed (>>) to file grub.confNow open file#vi /etc/grub.confCopy that password line from the bottom most and paste it bellow hidden menu option asPassword –md5 <password>Save and exit

Root Login Problem:When we type username as “root” and password as “redhat” , system unable to login. In this case we need to trouble shoot this problem. Different case is to be considered.

Step 1 :Start in single user mode and change the password:#passwd rootType password as ‘redhat’ and then restart the system , if problem still occurs do the

step 2:We start the system with single user mode #vi /etc/passwdCheck the following lineRoot:x:0:0:root:/root:/bin/bashJust check the first and last option, it should be root and /bin/bashCase I:

If username is changed then do as follow#username –l oldname newnameCase II:

If shell is changed to /sbin/nologin then change it to.#usermode –s /binbash rootBefore changing the shell, first check that /bin/bash exist in /etc/shells. If not then install the rpm of bash shell

#rpm –q bashIf problem still occurs do step Step 3

Step 3:Check the file shadow find out if theree is a (!)mark at the starting of password entry. If present, remove it . (!) mark lock the password Root:!$2gr………….And also check the last three column, it should be blank empty ( : : :)If problem still occurs do the Step 4

Step 4:Sometime some attribute are set on the /etyc/passwd or /etc/shadow file, which make these two file write and append protected. If such attribute are present, we need to remove that.Command to check the attribute#lsattr /etc/passwd

50

#lsattr /etc/shadow---------- /etc/passwdSuppose attribute is set---ai----- /etc/passwd---ai----- /etc/shadowIn this case we need to remove the attribute#chattr –ai /etc/passwd#chattr –ai /etc/shadow

Note:In order to add attribute (+) sign is used, to remove (-) sign is used. If problem still occurs then use the Step 5If system shows message that ‘chattr’ and ‘lsattr’ command not found, we need to check the rpm if not installed . we need to install the rom#rpm –q e2fsprogs

Step 5:Open the file /etc/securetty file to check the entry of virtual console and tty entry#vi /etc/securettyCheck the following entryConsolevc /1vc /2vc/3vc /4vc /5vc /6vc /7vc /8vc /9vc /10vc /11tty 1tty 2tty 3tty 4tty 5tty 6tty 7tty 8tty 9tty 10tty 11if we remove any one line say tty1 then we cannot login at terminal 1 but we can login to another terminal. If we remove all these entry then we cannot login to any terminal. So in that case we need to make all these entry and again check for username and passwordif problem still occur do step 6

51

Step 6:Check the file /etc/nologin, if present remove this file. Then open the file #vi /etc/rc.localCheck the entry /etc/nologin in the file if present remove that: in rc.local file only one entry is presentTouch /var/lock/subsys/localIf you find “ touch /etc/nologin” remove this line . even if we remove nologin file from /etc and if we restart, again the file will create . that is why we nned to remove the entry from /etc/rc.local file. If problem still accur then use Step 7

Step 7:Check the permission for /etc/securetty file , it should be 600 (rw for user no permission for the group and other)#ll /etc/securettyIf permission are changed we cannot login. So first change the permission#chmod 600 /etc/securettyThen login if problem still occur then do Step 8

Step 8:Check the file /etc/pam.d/login#vi /etc/pam.d/loginCheck for following lineAuth required denied.soRemove this line if present. If problem still present then check the following lineAccount required pam_access.soIf this line is present, we cannot login through root, remove this line and along with this also check the file#vi /etc/security/access.confRemove the following line from the bottom-:ALL:ALLIf problem still occur so Step 9

Step 9:If password is changing but still unable to loginCopy two file#cp /etc/passwd- /etc/passwd#cp /etc/shadow- /etc/shadowSometime we find that shadow file and its back file shadow- does’nt exist, in this case we need to generate the shadow file as#pwconv

Step 10:Sometime the password age expired then do the following to check the age#chage –l rootIf password age is expired#chage rootIn thisAccount Expiration date : Change the date

52

Or#chage –E -1 rootIn this case the root password will never expire.

Step 11:If problem still occur then simply open the file /etc/pam.d/loginAnd make all the field as optional

Step 12:Sometime attribute is set on /etc/shadow file, password age is expired ad the root permission is changed for command ‘chattr’In this case first change the permission for ‘chattr’#chmod 700 /usr/bin/chattrRemove the attribute on shadow file#chattr –ai /etc/shadowAnd finally set the date for the password#chage –E -1 root

53