Upload
cory-singleton
View
212
Download
0
Embed Size (px)
Citation preview
System System Administration: Administration: Core ConceptsCore Concepts
Chapter 11Chapter 11
Introduction Introduction
What is the job of the system What is the job of the system administrator?administrator? Keep one or more systems in a useful and Keep one or more systems in a useful and
convenient state for usersconvenient state for users
Introduction Introduction
A well-maintained systemA well-maintained system Runs quickly enough so users do not get too frustrated waiting Runs quickly enough so users do not get too frustrated waiting
for the system to respondfor the system to respond Has enough storage to accommodate users’ needsHas enough storage to accommodate users’ needs Provides a working environment appropriate to each user’s Provides a working environment appropriate to each user’s
abilities and requirementsabilities and requirements Is secure from malicious and accidental acts altering its Is secure from malicious and accidental acts altering its
performance or compromising the security of the data is holdsperformance or compromising the security of the data is holds Is backed up regularly, with recently backed-up files readily Is backed up regularly, with recently backed-up files readily
available.available. Backups must be tested regularlyBackups must be tested regularly
All software on the system is patched and updatedAll software on the system is patched and updated
System Administrator System Administrator and SuperUserand SuperUser
Much of what a system administrator does is work that Much of what a system administrator does is work that ordinary users do not have permission to doordinary users do not have permission to do
To perform these tasks, the administrator typically will To perform these tasks, the administrator typically will login as login as root (SuperUser)root (SuperUser) Some commands can only be executed by rootSome commands can only be executed by root Read, Write, and Execute file and directory access Read, Write, and Execute file and directory access
permissions do not affect rootpermissions do not affect root Some safeguards built in to some commands do not apply to Some safeguards built in to some commands do not apply to
rootroot When running with root privileges, the shell will display a When running with root privileges, the shell will display a
special prompt (#)special prompt (#)
System Administrator System Administrator and SuperUserand SuperUser
Gaining or granting Superuser privilegesGaining or granting Superuser privileges Bring the system up in single-user modeBring the system up in single-user mode Once the system is running in multi-user Once the system is running in multi-user
mode, login as rootmode, login as root Use the su (substitute user) commandUse the su (substitute user) command Use the sudo command to give users Use the sudo command to give users
superuser privlidges for a limited amount of superuser privlidges for a limited amount of time on a per-user per-command basistime on a per-user per-command basis
Using setuidUsing setuid
System Administration System Administration ToolsTools
Numerous tools exist to assist in system Numerous tools exist to assist in system administration it’s up to your imagination to administration it’s up to your imagination to make them work the way you wantmake them work the way you want
su (substitute user)su (substitute user) Gives you another user’s privilegesGives you another user’s privileges You must know the password of the user who’s You must know the password of the user who’s
privileges you want to useprivileges you want to use When su is used to become the superuser, a new When su is used to become the superuser, a new
shell is spawned and displays the # promptshell is spawned and displays the # prompt Use CONTROL-D or Use CONTROL-D or exitexit to terminate the session to terminate the session
System Administration System Administration ToolsTools
su (cont.)su (cont.) e.g. e.g.
$ id$ iduid=500(alex) gid=500(alex) groups=500(alex) context=user_u:system_r:unconfined_ruid=500(alex) gid=500(alex) groups=500(alex) context=user_u:system_r:unconfined_r$ su$ suPassword:Password:# id# iduid=0(root) gid=0(root) groups=0(root), 1(bin), 2(daemon), 3(sys), …uid=0(root) gid=0(root) groups=0(root), 1(bin), 2(daemon), 3(sys), …
su can be used with the –c option to run a single su can be used with the –c option to run a single command with other privilidgescommand with other privilidges e.g.e.g.
$ kill -15 4982$ kill -15 4982-bash: kill: (4982) – Operation not permitted-bash: kill: (4982) – Operation not permitted$ su –c “kill -15 4982”$ su –c “kill -15 4982”Password:Password:$$
System Administration System Administration ToolsTools
killkill Sends a signal to a processSends a signal to a process
The signal may or may not terminate the processThe signal may or may not terminate the process kill -15 or kill –TERMkill -15 or kill –TERM
will send a terminate signal to the process. The will send a terminate signal to the process. The process could ignore this.process could ignore this.
kill -9 or kill –killkill -9 or kill –kill will send a terminate signal that the process CAN’T will send a terminate signal that the process CAN’T
ignoreignore
System OperationSystem Operation
Booting the systemBooting the system The process of reading the Linux kernel into The process of reading the Linux kernel into
system memory and starting it runningsystem memory and starting it running
The last step of the boot procedure is for Linux The last step of the boot procedure is for Linux to run the init program as PID number 1to run the init program as PID number 1 init is the first genuine process to run after bootinginit is the first genuine process to run after booting init is the parent of all system processesinit is the parent of all system processes if you kill process 1, the system will crashif you kill process 1, the system will crash
System Operation System Operation init scriptsinit scripts
start and stop system servicesstart and stop system services The first script that init runs is /etc/rc.d/rc.sysinitThe first script that init runs is /etc/rc.d/rc.sysinit
performs basic system configurationperforms basic system configuration setting the clocksetting the clock hostnamehostname keyboard mappingkeyboard mapping setting up swap partitionssetting up swap partitions checking the file systems for errorschecking the file systems for errors turning on quota managementturning on quota management
System OperationSystem Operation init scripts (cont.)init scripts (cont.)
/etc/rc.d/rc/etc/rc.d/rc Runs next after rc.sysinitRuns next after rc.sysinit Runs the scripts for services that need to be started or Runs the scripts for services that need to be started or
stopped when the system is first brought up or that stopped when the system is first brought up or that need to be started or stopped when going from single need to be started or stopped when going from single user to multiuser and backuser to multiuser and back
Init scripts (rc - run command) are shell scripts located Init scripts (rc - run command) are shell scripts located in /etc/rc.d/init.din /etc/rc.d/init.d
run via symbolic link in the /etc/rc.d/rcrun via symbolic link in the /etc/rc.d/rcnn.d.d n refers to the runlevel the system is enteringn refers to the runlevel the system is entering
System OperationSystem Operation
Configuring ServicesConfiguring Services service utilityservice utility
reports on or changes the status of a servicereports on or changes the status of a service
system-config-servicessystem-config-services Displays the Service Configuration windowDisplays the Service Configuration window Two functionsTwo functions
Turns a system service on and offTurns a system service on and off Controls which services are stopped and started when Controls which services are stopped and started when
the system enters and leaves runlevels 3, 4, and 5the system enters and leaves runlevels 3, 4, and 5
Service Configuration GUIService Configuration GUI
System OperationSystem Operation
Configuring Services (cont.)Configuring Services (cont.) chkconfigchkconfig
Character basedCharacter based Duplicates much of the system-config-services Duplicates much of the system-config-services
utilityutility Add, remove, list startup information, and check Add, remove, list startup information, and check
the state of system servicesthe state of system services Changes the config only – not the current state of Changes the config only – not the current state of
servicesservices
System OperationSystem Operation Bringing the system downBringing the system down
Shutdown utility Shutdown utility Must be told what time to bring the system downMust be told what time to bring the system down Warns all users that the system is going downWarns all users that the system is going down
Halt utilityHalt utility Calls the shutdown utilityCalls the shutdown utility
Both bring the system down safelyBoth bring the system down safely CONTROL-ALT-DELCONTROL-ALT-DEL
Reboots the systemReboots the system
DO NOT TURN POWER OFF BEFORE SYSTEM IS DO NOT TURN POWER OFF BEFORE SYSTEM IS DOWNDOWN
System OperationSystem Operation
CRASH!!!!!CRASH!!!!! Occurs when the system suddenly stops or Occurs when the system suddenly stops or
fails.fails.
Run fsck on all local filesystems that were Run fsck on all local filesystems that were mounted at time of a crash – this is a file mounted at time of a crash – this is a file system check utility - (p.470) system check utility - (p.470)
System Administration UtilitiesSystem Administration Utilities Red Hat configuration toolsRed Hat configuration tools
system-config-authenticationsystem-config-authentication Displays Authentication Configuration window with Displays Authentication Configuration window with
two tabstwo tabs User InformationUser Information
Allows enabling of NIS, LDAP, Hesiod, and WinbindAllows enabling of NIS, LDAP, Hesiod, and Winbind AuthenticationAuthentication
Allows the use of shadow and MD5 passwordsAllows the use of shadow and MD5 passwords
system-config-bind (Fedora)system-config-bind (Fedora) Displays the DNS windowDisplays the DNS window
System Administration System Administration Utilities Utilities
Red Hat configuration tools Red Hat configuration tools system-config-bootsystem-config-boot
Displays the Boot Configuration windowDisplays the Boot Configuration window system-config-datesystem-config-date
Displays the date/time properties windowDisplays the date/time properties window system-config-displaysystem-config-display
Displays the Display Settings windowDisplays the Display Settings window system-config-httpdsystem-config-httpd
Displays the HTTP windowDisplays the HTTP window system-config-keyboardsystem-config-keyboard
Displays the keyboard windowDisplays the keyboard window
Config Utilities Config Utilities
System Administration System Administration UtilitiesUtilities
Red Hat configuration tools Red Hat configuration tools system-config-kickstartsystem-config-kickstart
Displays the Kickstart Configurator windowDisplays the Kickstart Configurator window used to create a Kickstart scriptused to create a Kickstart script
system-config-languagesystem-config-language Displays the Language Selection windowDisplays the Language Selection window
system-config-lvmsystem-config-lvm Displays the Logical Volume Management windowDisplays the Logical Volume Management window
system-config-mousesystem-config-mouse Displays the Mouse Configuration windowDisplays the Mouse Configuration window
System Administration System Administration UtilitiesUtilities
Red Hat configuration tools Red Hat configuration tools system-config-netbootsystem-config-netboot
Displays the Network installation and Diskless Displays the Network installation and Diskless Environment windowEnvironment window
system-config-networksystem-config-network Displays the Network Configuration window (p.571)Displays the Network Configuration window (p.571)
system-config-network-cmdsystem-config-network-cmd Displays the parameters that system-config-Displays the parameters that system-config-
network usesnetwork uses
System Administration System Administration Utilities Utilities
Red Hat configuration tools Red Hat configuration tools system-config-printersystem-config-printer
Displays the Printer Configuration windowDisplays the Printer Configuration window
system-config-rootpasswordsystem-config-rootpassword Displays the Root Password windowDisplays the Root Password window The passwd command can also be usedThe passwd command can also be used
system-config-sambasystem-config-samba Displays the Samba Server Configuration Displays the Samba Server Configuration
windowwindow
System Administration System Administration Utilities Utilities
Red Hat configuration tools Red Hat configuration tools system-config-servicessystem-config-services
Displays the Service Configuration windowDisplays the Service Configuration window Configures which services run at which runlevelConfigures which services run at which runlevel
system-config-soundcardsystem-config-soundcard Displays the Audio Devices windowDisplays the Audio Devices window
system-config-userssystem-config-users Displays the User Management windowDisplays the User Management window Used to manage users and groupsUsed to manage users and groups
System Administration UtilitiesSystem Administration Utilities Command Line Utilities Command Line Utilities
kudzukudzu Finds new and changed hardware and configures itFinds new and changed hardware and configures it
mkfsmkfs Creates a new filesystem Creates a new filesystem e.g. mkfs –t ext3 e.g. mkfs –t ext3 devicedevice
setserialsetserial Gets and sets serial port informationGets and sets serial port information
statstat Displays the information about a file or filesystemDisplays the information about a file or filesystem
Setting Up a Server – Admin TasksSetting Up a Server – Admin Tasks
Writing configuration filesWriting configuration files Specifying hosts and subnetsSpecifying hosts and subnets port-mapport-map rpcinforpcinfo xinetdxinetd TCP wrappersTCP wrappers chroot jailchroot jail
Setting up a Server Setting up a Server Standard Rules in writing Configuration Standard Rules in writing Configuration
FilesFiles Blank lines are ignoredBlank lines are ignored # anywhere on a line starts a comment that # anywhere on a line starts a comment that
continues to the end of the linecontinues to the end of the line When a name contains a SPACE, it must be When a name contains a SPACE, it must be
quoted by single or double quotesquoted by single or double quotes Lines can be broken by inserting a backslash Lines can be broken by inserting a backslash
(\) and pressing RETURN(\) and pressing RETURN
Setting Up a Server Setting Up a Server
Specifying Clients in config filesSpecifying Clients in config filesPatternPattern MatchesMatchesn.n.n.nn.n.n.n One IP addressOne IP address
namename One hostnameOne hostname
name starts with .name starts with . name ending with the specified stringname ending with the specified string
IP addr ending with .IP addr ending with . IP addresses starting with the specified IP addresses starting with the specified numbersnumbers
n.n.n.n/m.m.m.mn.n.n.n/m.m.m.m IP addresses based on subnet maskIP addresses based on subnet mask
ALLALL Always matchAlways match
LOCALLOCAL Any hostname that doesn’t contain a .Any hostname that doesn’t contain a .
EXCEPTEXCEPT Matches anything in the preceding list Matches anything in the preceding list that is not in the following listingthat is not in the following listing
Setting Up a ServerSetting Up a Server
rpcinfo and portmaprpcinfo and portmap rpcinfo displays information about programs rpcinfo displays information about programs
registered with portmapregistered with portmap RCP calls are made to programs to see if they are RCP calls are made to programs to see if they are
“alive”“alive”
Setting Up a Server Setting Up a Server xinetd xinetd SuperserverSuperserver
Replaced inetd and is more secureReplaced inetd and is more secure Listens for network connectionsListens for network connections
When a connection is made, it launches a specified When a connection is made, it launches a specified server daemon and forwards the data from the socket server daemon and forwards the data from the socket to the daemon’s standard inputto the daemon’s standard input
uses /etc/hosts.allow and /etc/hosts.denyuses /etc/hosts.allow and /etc/hosts.deny
Setting Up a ServerSetting Up a Server
xinetd xinetd Base configuration stored in /etc/xinetd.conf Base configuration stored in /etc/xinetd.conf
View the contents of /etc/xinetd.confView the contents of /etc/xinetd.conf defaultsdefaults
specifies the default configuration of xinetdspecifies the default configuration of xinetd files in the included in the /etc/xinetd.d directory specify files in the included in the /etc/xinetd.d directory specify
server specific configurationsserver specific configurations defaults can be overridden by server-specific defaults can be overridden by server-specific
configuration filesconfiguration files instancesinstances
specify the number of instances a daemon can run at one timespecify the number of instances a daemon can run at one time
Setting Up a Server Setting Up a Server DHCP DHCP
The client daemon (dhclient) contacts the server The client daemon (dhclient) contacts the server daemon (dhcpd), to obtain IP addressing and daemon (dhcpd), to obtain IP addressing and additional informationadditional information netmasknetmask broadcastbroadcast dnsdns etc.etc.
Broadcast basedBroadcast based Both client and server must be on the same subnetBoth client and server must be on the same subnet
Setting Up a Server Setting Up a Server
DHCP DHCP DHCP ClientDHCP Client
Requests network configuration parameters from Requests network configuration parameters from the DHCP serverthe DHCP server
Uses the obtained parameters to configure the Uses the obtained parameters to configure the network interfacenetwork interface
Need to have dhclient installedNeed to have dhclient installed DHCP lease information is stored in DHCP lease information is stored in
dhclient.leasesdhclient.leases
Setting Up a Server Setting Up a Server DHCP DHCP
DHCP Server DHCP Server Maintains a list of IP addresses and other configuration Maintains a list of IP addresses and other configuration
parametersparameters When requested, the DHCP server provides configuration When requested, the DHCP server provides configuration
parameters to a DHCP clientparameters to a DHCP client Need to have dhcp installedNeed to have dhcp installed To cause dhcpd to start when the system enters multiuserTo cause dhcpd to start when the system enters multiuser
/sbin/chkconfig dhcpd on/sbin/chkconfig dhcpd on
To start manuallyTo start manually /sbin/service dhcpd start/sbin/service dhcpd start
Setting Up a Server Setting Up a Server
DHCP DHCP DHCP Server DHCP Server
Simple DHCP serverSimple DHCP server Add clients to a networkAdd clients to a network Eliminates the need to maintain a list of assigned IP Eliminates the need to maintain a list of assigned IP
addresses addresses Some devices should NOT have an IP address assiged via Some devices should NOT have an IP address assiged via
DHCPDHCP RoutersRouters ServersServers SwitchesSwitches Others?Others?
Setting Up a Server Setting Up a Server
DHCP DHCP DHCP Server DHCP Server
Simple DHCP server configuration Simple DHCP server configuration /etc/dhcpd.conf/etc/dhcpd.conf
default-lease-time 600;default-lease-time 600;max-lease-time 86400;max-lease-time 86400;
option subnet-mask 255.255.255.0;option subnet-mask 255.255.255.0;option broadcast-address 192.168.1.255;option broadcast-address 192.168.1.255;option routers 192.168.1.1;option routers 192.168.1.1;option domain-name-servers 192.168.1.1;option domain-name-servers 192.168.1.1;
subnet 192.168.1.0 netmask 255.255.255.0 {rangesubnet 192.168.1.0 netmask 255.255.255.0 {range192.168.1.2 192.168.1.200}192.168.1.2 192.168.1.200}
Setting Up a Server Setting Up a Server DHCP DHCP
DHCP Server DHCP Server To install To install
Download latest version from the Internet Software Download latest version from the Internet Software Consortium (Consortium (www.isc.org))
Unpack the archiveUnpack the archive $ tar xzf ./dhcp-3.0.6.tar.gz$ tar xzf ./dhcp-3.0.6.tar.gz
Move the new directory that contains all the source filesMove the new directory that contains all the source files $ ./configure$ ./configure $ make$ make $ sudo make install$ sudo make install
Copy the server/dhcp.conf to /etcCopy the server/dhcp.conf to /etc
Setting Up a Server Setting Up a Server
DHCP DHCP DHCP Server DHCP Server
To install To install $ sudo touch /var/lib/dhcp/dhcp.leases$ sudo touch /var/lib/dhcp/dhcp.leases $ sudo chkconfig –level 35 dhcpd on$ sudo chkconfig –level 35 dhcpd on $ /etc/init.d/dhcp restart$ /etc/init.d/dhcp restart
Where do we go from Where do we go from here?here?
Read this chapterRead this chapter Try out some of the commandsTry out some of the commands We will be installing DHCP in future We will be installing DHCP in future
lessons on your VM.lessons on your VM.