Rhce Slides

Welcome!
RH033
Red Hat Linux Essentials
Objectives

Day 1
Introduction to Linux Introduction to Red Hat Enterprise Linux [ RHEL 4.0 ] Installation of Red Hat Linux Basic Fundamentals of Red Hat Linux Using CLI and GUI shells
Using GNOME & KDE desktop shells Using Virtual Consoles Managing files and directories Using Vim Editor
Introduction to Linux
What is Linux ?
A fully-networked 32/64-Bit Unix-like Operating System Unix Tools Like sed, awk, and grep (explained later) Compilers Like C, C++, Fortran, Smalltalk, Ada Network Tools Like telnet, ftp, ping, traceroute Multi-user, Multitasking, Multiprocessor Has the X Windows GUI Coexists with other Operating Systems Runs on multiple platforms Includes the Source Code
Where did it come from?

Linux Torvalds created it with assistance from programmers around the world first posted on Internet in 1991 Linux 1.0 in 1994; 2.2 in 1999 Today used on 7-10 million computers with 1000s of programmers working to enhance it
Open Source Software

When programmers on the Internet can read, redistribute, and modify the source for a piece of software, it evolves People improve it, people adapt it, people fix bugs. And this can happen at a speed that, compared to conventional software development, seems astonishing
How do you get it?

Download it from the Internet From a Distribution (e.g.RedHat) Linux kernel X Windows system and GUI Web, e-mail, FTP servers Installation & configuration support 3rd party apps Hardware support
Distribution Concept Free Distributions Fedora Core Debian and Ubuntu Gentoo Slackware Many, many more Commercial Distributions Red Hat Enterprise Suse Yellow Dog
Why is it significant?
Growing popularity Powerful Runs on multiple hardware platforms Users like its speed and stability No requirement for latest hardware Its free Freedom 0: The freedom to run the program, as you wish Freedom 1: The freedom to study the source code and change it to do what you wish Freedom 2: The freedom to copy and redistribute the program when you wish Freedom 3: The freedom to distribute modified versions, when you wish
10
Introduction to Red Hat Enterprise Linux [ RHEL 4.0 ]
11
Red Hat Enterprise Linux

Commercial Distribution Enterprise-targeted operating system Focused on mature open source technology 12-18 month release cycle Versions available started from 2.1, 3.0 now 4.0 Support available up to 24 x 7 coverage plans Supports many processor architectures Intel x86-compatible, Intel Itanium 2, AMD64, IBM PowerPC on eserver iSeries and eServer pSeries and IBM Mainframe on eServer zSeries and S/390
12
RHEL Product family

RedHat Advanced Server ( AS ) RedHat Enterprise Server ( ES ) RedHat Workstation ( WS ) RedHat Desktop
13
The Fedora Project

Red Hat-sponsored open source project Focused on latest open source technology Rapid four to six month release cycle Available as free download from the internet An open, community-supported proving ground for technologies which may be used in upcoming enterprise products Red Hat does not provide formal support for Fedora Project
14
Installation of Red Hat Enterprise Linux
15
Types of Installations
Fresh Installation ( New ) Upgradation
Methods of Installations
Attended Unattended
Modes of Installations
GUI Based ( Graphical Installation ) CLI Based ( Text Based Installation )
16
Sources of Installation
CD-ROM Hard Disk Network NFS Server FTP Server HTTP Server
17
Conventions for Naming the Disks and Partitions

Linux uses a very different naming scheme that provides far more information than that used by MSDOS or Microsoft Windows /dev/xxyN The dev refers to the devices directory. The devices directory is where all information about devices is stored The xx refers to the type of hard disk. The xx is replaced by hd for an Integrated Drive Electronics (IDE) hard disk and by sd for a Small Computer Systems Interface (SCSI) hard disk
IDE Hard Disk SCSI Hard Disk
= /dev/hd = /dev/sd
18
/dev/xxyN
Primary Master Primary Slave Secondary Master Secondary Slave
= = = =
/dev/hda /dev/hdb /dev/hdc /dev/hdd
The y is replaced by a letter representing each disk. For example, a would be the first disk and b the second
19
/dev/xxyN
The N is replaced by a number for each partition on a drive. For example, 1 would be the first partition and 2 the second
Primary partition /dev/hda1
Extended partition(/dev/hda2) /dev/hda5 1st logical partition /dev/hda6 2nd logical partition
Primary master IDE hard disk (/dev/hda)
20
Primary partition /dev/hda1
Extended partition(/dev/hda2) /dev/hda5 1st logical partition /dev/hda6 2nd logical partition
Primary master IDE hard disk (/dev/hda)

Primary partitions are represented by the numbers 1, 2, 3, and 4. Logical partitions start with 5.
/dev/hda1 is the device file for the first primary partition on the first EIDE disk /dev/hdb5 is the first logical partition on the second EIDE disk
21
Mount Point
The Linux operating system is a filing system Whenever you want to attach another filing system to Linux, you must tell Linux where to see the contents of the file system you are attaching. This is called the mount point. The mount point for the floppy drive file system is /media/floppy The mount point for the CD-ROM file system is /media/cdrom
22
The File System Hierarchy

In the Linux operating system, every file, directory, and device is one part of a grand hierarchy. The topmost member of this hierarchy is the root directory, and it is denoted by the symbol /
23
The Top Level Directories

Directory /bin /usr/bin /sbin /usr/sbin /var/log /home /boot /etc /media /proc Contain the log files made by various applications. The log files are invaluable in keeping track of applications activities and errors Contains all the personal directories of the users of the system Contains the files needed by the operating system to load itself into memory Contains the system configuration files used by various applications Contains the mount points for any removable devices in the system (such as CD-ROMs, floppy disks, and the usbdisk drives). Contains the system state information. The information in the files of this directory is maintained directly by the operating system kernel Contain programs meant to be used by system administrators Description Contain programs available to all users
24
Basic File System Types

A file system is the logical structure and software routines that control access to the storage space on disks. Unlike most operating systems, Linux supports several file system types. The Ext2 (Second Extended) file system is the most common Linux file system and is the second version of the Ext file system The Ext2 file system was designed to overcome deficiencies found in the Ext file system The Ext file system can handle partitions up to 2 gigabytes (GB) in size, whereas Ext2 can handle partitions up to 4 terabytes (TB) in size
25
Features of Ext2
The Ext2 file system has many other advanced features including provision for filenames up to 255 characters long Ext2 also reserves disk space on the partition for the superuser. This means that if a disk develops a problem, the superuser can still access that disk and rectify it
26
Ext3 file system

In Linux 7.2, ext2 is the default file system

Require check for consistency (e2fsck) when system is not properly shut down Ext => ext2 =>ext3 Support 256 char filenames, 4 Tera byte max filesize Others MS-Dos, FAT32, NTFS, ISO9660 Provide stronger data integrity in event of unclean shutdown Check for consistency is needed only on rare hardware failure Higher throughput, as it is optimizes hard drive head motion Provide easy transition from ext2 to ext3 other common filesystem are MS-DOS (FAT32, NTFS, ISO9660)
Starting from Linux 7.3, ext3 is the default file system

27
What is Boot loader ?

boot loader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to the operating system kernel software. The kernel, in turn, initializes the rest of the operating system
GRUB (GRand Unified Bootloader), which is installed by default, is a very powerful boot loader. GRUB can load a variety of free operating systems, as well as proprietary operating systems with chain-loading (the mechanism for loading unsupported operating systems, such as DOS or Windows, by loading another boot loader).
28
You may install the boot loader in one of two places: The master boot record (MBR) This is the recommended place to install a boot loader, unless the MBR already starts another operating system loader, such as System Commander. The MBR is a special area on your hard drive that is automatically loaded by your computer's BIOS, and is the earliest point at which the boot loader can take control of the boot process. If you install it in the MBR, when your machine boots, GRUB presents a boot prompt. You can then boot Red Hat Enterprise Linux or any other operating system that you have configured the boot loader to boot. The first sector of your boot partition This is recommended if you are already using another boot loader on your system. In this case, your other boot loader takes control first. You can then configure that boot loader to start GRUB, which then boots Red Hat Enterprise Linux.
29
What is SWAP Partition ?

swap partitions are used to support virtual memory. In other words, data is written to a swap partition when there is not enough RAM to store the data your system is processing.
30
Size of SWAP ?
At least 256 MB Twice the amount of RAM on your machine Swap should equal 2x physical RAM for up to 2 GB of physical RAM, and then 1x physical RAM for any amount above 2 GB, but never less than 32 MB. SWAP can also used after the installation Red Hat Enterprise Linux supports up to 32 swap files
31
Sample Partition Structure

Mount Point /boot / /usr /var /home SWAP Size 128 MB 2048 MB 2048 MB 512 MB 512 MB Use recommended size
32
Steps to install RHEL

Boot your computer from bootable media Start Installation Language, Keyboard and mouse selection Media selection if applicable Disk Partitioning Bootloader configuration Network and firewall configuration Authentication Setup Package Selection X server configuration
33
Basic Fundamentals
34
Local Logins
Text-mode login at virtual console Graphical login
Station1: Password:
Enter Your username here Enter Your password here
35
36
Virtual Consoles
Multiple non-GUI logins are possible through the use of virtual consoles There are by default 6 available virtual consoles Available through CTRL+ALT+F[1-6] ( here F is for Function Key ) If X is running, it is available as CTRL+ALT+F7
37
The command prompt

[root@station1 ~]# [amit@station1 ~]$ root and amit are usernames who has currently logged on the computer /root for root user /home/amit for amit user station1 is the hostname ( computer name ) of your computer ~ character represents the current user is working on to his/her home folder # character represents the current user is the super user ( Administrator) $ character represents the current user is the normal user ( Non-privileged )
38
Using CLI and GUI shells
39
What is "the shell"?

The shell is a program that takes your commands from the keyboard and gives them to the operating system to perform. In the old days, it was the only user interface available on a Unix computer. Nowadays, we have graphical user interfaces (GUIs) in addition to command line interfaces (CLIs) such as the shell.
40
Some Simple Commands

ls date cal clear pwd mkdir rmdir cd cat rm cp mv touch less more = = = = = = = = = = = = = = = list the files and directory display date and time display calendar clear the screen prints the name of current working directory creates the directory removes the directory changes the directory display the contents of file removes the files copy the files and directory move and rename ( files and directories ) updates the file/directory time-stamps pager command pager command
41
Redirecting Input and Output

Common Redirection Operators
> command > file >> command > file < command < file 2> command 2> file 2>> command 2>> file
directs the standard output of command to file Appends the standard output of command to file command receives its input from file Error messages from command are directed to file Error messages from command are appended to file
42
What have we learnt ?

Introduction to Linux Introduction to Red Hat Enterprise Linux [ RHEL 4.0 ] Installation of Red Hat Linux Basic Fundamentals of Red Hat Linux Using CLI and GUI shells Using GNOME & KDE desktop shells Using Virtual Consoles Managing files and directories
Welcome!
RH033
Objectives

Day 2
File Editing using vi editor Advanced usage of vi editor Users and Groups Management Understanding Permissions Linux File system Inodes Links Mounting Media Archives Compression Using GUI shells ( GNOME & KDE)
2
Using Linux File editing tool
Basic File editing vi editor

vi - the basic text editor three modes Command mode <= default startup Insert mode ex mode vi networknuts <= a typical example Enter insert mode <i> and <CR> Enter <ESC> return to command mode Navigate the cursor h move cursor left j moves cursor down k moves cursor up l moves cursor right
Advanced Uses of the editor

Position the cursor across a file or within a screen Insert into the file the output of a linux command Search for text and replace it Learn advanced reading and saving commands Configure vi and vim
Commands
G = go to last line in file 1G = go to first line in file H = go to first line on screen M = go to middle line on screen L = go to last line on screen z<Enter> = make current line first line on screen z= make current line last line on screen !!date = Inserts the current date and time in to file !}sort = Sorts the data of your file !}fmt -66 = formats the data of your file in to 66 column width Ex mode : Search and Replace command :%s/big/small :%s/big/small/g
Advanced Reading and Saving

:r newfile = writes data from other file to current file :r !date = writes date to your file :1,5w xnewfile = writes line 1 to 5 to new file xnewfile :.,$w ynewfile = writes from current line to end in to new file ynewfile :1,5w >> xfile = append xfile with line 1 to 5 :n = changes to next file :n! = abandoning changes :n# = jump to the previous file :set showmatch = shows the match :set textwidth=65 = sets the text width to 65 character :set number = sets the line numbers ( Note : You can use no with set command to unset changes you made ) Ex. :set nonumber = will remove line numbers
Users and Groups Management
What is User Account ?

When a computer is used by many people it is usually necessary to differentiate between the users, for example, so that their private files can be kept private. This is important even if the computer can only be used by a single person at a time, as with most computers. Thus, each user is given a unique username, and that name is used to log in.
What is Group ?
Is a collection of users which make easy for administrators to perform the task of administration level when they need to apply permissions and restrictions with same level to many of the users, then such permission and restrictions can be applied to related group.
10
The root user

The root user: a special administrative account Same like Administrator we called in Win* Sometimes called the superuser root has complete control over the system An unlimited capacity to damage the system!
11
Creating Users
useradd options user - Creates a new user. -c Assigns full name to user. -d Uses to define home folders location. -s Uses to define user's shell. (Use /sbin/nologin for users you wish to restrict from having shell access). -g Add user to group ( Primary Group ) -G Add user to group ( Secondary Group ) usermod options user - Modifies user account Same options as useradd. userdel options user - Deletes user account. -r : Remove user's home directory. passwd user - Changes the password of the specified user. If no user is specified, will change the password of the current user.
12
Creating Groups
groupadd group - Creates a group. groupmod options group - Modifies a group. -n : Rename group groupdel group - Deletes the specified group.
13
Configuration Files
/etc/passwd /etc/shadow /etc/group /etc/gshadow = = = = file contains user database file contains user password database file contains group database file contains group password database
14
User Information Commands

Find out who you are whoami Find out what groups you belong to groups, id Find out who is logged in users, who, w Login/reboot history last
15
User and Group ID Numbers

User names map to user ID numbers Group names map to group ID number Data stored on the hard disk is stored numerically
16
Understanding Permissions
17
What is Permission ?
Specifies what rights are you granting to users to access the resources are available in the computer, so that important resources such as files are protected from unauthorized users.
18
Methods of Implementing Permissions

Symbolic Method Numeric Method
19
Permissions- Symbolic Method

Four symbols are used when displaying and applying permissions

r w x -
Permission to read a file or list a directorys contents Permission to write to a file or create and remove files from a directory Permission to execute a program or change into a directory and do a long listing of the directory no permission ( in place of the r, w, or x )
20
Applying Permission with Symbolic Method

chmod command is used to change access modes Symbolic Method
chmod u+w,go-w somefile file name ( Grants write access to owner but denies it to group and other. ) chmod u=rw somefile file name ( Sets read and write permission to owner, with execute turned off, regardless of the current permission ) chmod +r somefile file name ( Make the file world-readable ) [ Note : +, - and = are operators to add, remove or overwrite the permission ]
21
Permissions- Numeric Method

Four numbers are used when displaying or applying permissions

4 2 1 0
Permission to read a file or list a directorys contents Permission to write to a file or create and remove files from a directory Permission to execute a program or change into a directory and do a long listing of the directory no permission ( in place of the 4, 2, or 1 )
22
Applying Permission with Numeric Method

chmod command is used to change access modes Numeric Method
chmod 664 somefile file name ( Grants Read and Write access to owner and group but read only it to and other. ) chmod 600 somefile file name ( Sets read and write permission to owner, with execute turned off, with others and group have no permissions ) chmod 444 somefile file name ( Make the file world-readable )
23
24
Permissions
r w x r x r x Owner has read Owner has write Owner has execute Group has read Group does not have write Group has execute Others have read Others do not have write Others have execute
25
Understanding File System
26
Partition and File System

Disk drives are divided into partitions Partition are formatted with file system, allows users to store data Default file system: ext3, the Third Extended Linux File System Other common file systems: ext2 and vfat iso9660 ( typically used for CDs)
27
Inodes
An inode table contains a list of all files in an ext2 or ext3 file system Directories have inode numbers associated with files. inodes contain information about the file or directory, including: Owner, group, permissions, size, location on disk, file type (file or directory) One inode is associated with each file. The system uses inodes as the definition of a file. The ls -il command displays the inode number: 80977 drwxr-x--- 1 user user 4096 Mar 19 11:23
28
Links
A link is a file that points to another file. ln creates a link from the original file to a new file in your directory. Most programs will access the link as if it was the file. This is similar to a shortcut in Windows. This allows for aliasing (when two or more names can exist for the same object) Easy way to point to a really long absolute pathname or filename
29
Using Links
Two types of links can be created Symbolic ( Soft ) Hard ln -s main soft ( This will create an soft link of file main ) ln main hard ( This will create an hard link of file main )
30
Mounting the media

Mounting means making a partition to access from an access point typically a folder to store and access data from it. Commands to mount media mount /media/floppy mount /media/cdrom mount /media/Device ID = = = Mounts floppy drive to your computer Mounts cdrom drive to your computer Mounts usb disk to your computer
Commands to unmount media umount /media/floppy = umount /media/cdrom = umount /media/Device ID = Unmounts floppy drive to your computer Unmounts cdrom drive to your computer Unmounts usb disk to your computer
31
Archive Files
Archiving places many files into one target file Easier to back up, store, and transfer tar Standard Linux archiving command
32
Using Archive files tar command

tar cvf archive_name files.. ( To create archive file ) tar tvf archive_name files.. ( To display files under archive file ) tar xvf archive_name files.. ( To extract files from archive file ) tar rvf archive_name files.. ( To append archive file )
33
File Compression
Results in smaller file size Text files can be compressed over 75% tar archives are often compressed
34
Compression Utilities
gzip, gunzip

Standard Linux compression utility Up to 75% compression for text files
bzip2, bunzip2

Newer Linux compression utility Generally achieves better compression than gzip
35
Using Compression
gzip somefile ( To create compressed file ) gunzip somefile ( To uncompress a compressed file ) bzip2 somefile ( To create compressed file ) bunzip2 somefile ( To uncompress a compressed file ) Note: - We can use z for gzip and j for bzip2 type of compression with tar
36
Using GUI shells ( GNOME & KDE)
37
Simple view of GNOME Desktop
38
Simple view of KDE Desktop
39

File Editing using vi editor Advanced usage of vi editor Users and Groups Management Understanding Permissions Linux File system
Inodes Links Mounting Media Archives Compression
Welcome!
RH033
Objectives
Day 4
Understanding Permissions Linux File system Inodes Links Mounting Media Archives Compression Introduction to string processing String Processing with Regular Expressions Finding and Processing Files Investigating and Managing Processes
2
Understanding Permissions



r w x -



4 2 1 0

10
Permissions
11
12

13
Inodes
14
Links
15
Using Links
16
Mounting the media

17
Archive Files
18

19
File Compression
20
gzip, gunzip

bzip2, bunzip2

21
Using Compression
22
Introduction to String Processing
23
Head and Tail

Head shows the first lines of a file Try head /etc/somefile Try head -n 5 /etc/somefile (shows the first 5 lines of the file) Tail shows the last lines of a file Try tail /etc/somefile Try tail -n 5 /etc/somefile (shows the last 5 lines of the file)
24
wc, sort, uniq , cut and paste

wc Word Count wc OPTIONS somefile Options ( -l , -w, -c ) sort Sorting Order sort OPTIONS somefile Options ( -r, -n ) uniq Removes duplicate lines in a file -u to show only truly uniq -d to show lines that are repeated in the input -c to count lines cut Display specific columns of the file data cut f3 d: /etc/passwd paste Paste files together paste file1.txt file2.txt > file3
25
aspell, expand
aspell To check spelling in file aspell somefile expand Expand tabs into spaces expand tabfile.txt > result.txt
26
String Processing with Regular Expressions
27
grep , sed and awk

grep Prints lines of files where a pattern is matched grep amit /etc/passwd sed Stream Editor :- Reads a file ; writes out the data performe search and replace sed s/big/small/ somefile sed s/big/small/g somefile awk Programming language for editing text awk /bash/ { print } /etc/passwd
28
Finding and Processing Files
29
slocate and find

slocate Search for files slocate somefile find Search for files find /home name somefile find /home iname somefile [ case-insensitive search ] find /home user amit group amit somefile find /home perm 755 find /home size 1000kb
30
Investigating and Managing Processes
31
What is a Process?
A process in an executing program with several components and properties. A process is a shell command or a program in execution. When you log in, a process is created. This process is executing the shell When you execute a shell command, a new process is created. When the command terminates, the new process dies. A single user can have many processes executing at the same time
32
ps
The command ps is used to determine the status of active processes. The command returns the process id (PID) number and other information such as the amount of CPU time the process has used (TIME) and the command which invoked the process (CMD). Options may be combined.
33
Top
The command top is used to show a real-time view of Linux tasks top can be used to display the CPU/memory usage of each task top
34
Terminate Processes
kill is used to terminate processes or to send signal to processes. Examples: kill PID Terminate the process with the process id (PID).
35

File Editing using vi editor Advanced usage of vi editor Users and Groups Management Understanding Permissions Linux File system
Welcome!
RH033
Objectives
Day 5
GNOME and KDE Desktop Shells Linux File system Inodes Links Mounting Media Archives Compression Introduction to string processing String Processing with Regular Expressions Finding and Processing Files Investigating and Managing Processes
2



r w x -



4 2 1 0
10

11
12
Permissions
13
Umask
umask is a value which is subtracted from default to determine new file/ directory permissions Default permission for files is 666 Default permission for directories is 777 Default Permission Umask = Effective Permission Non-Privileged Users umask is 002 roots umask is 022 Example : 666 002 = 664 666 244 = 422 777 222 = 555 777 027 = 750
14
15

16
Inodes
17
Links
18
Using Links
19
Mounting the media

20
Archive Files
21

22
File Compression
23
gzip, gunzip

bzip2, bunzip2

24
Using Compression
25
Introduction to String Processing
26
Head and Tail

Head shows the first lines of a file Try head /etc/somefile Try head -n 5 /etc/somefile (shows the first 5 lines of the file) Tail shows the last lines of a file Try tail /etc/somefile Try tail -n 5 /etc/somefile (shows the last 5 lines of the file)
27
wc, sort, uniq , cut and paste

wc Word Count wc OPTIONS somefile Options ( -l , -w, -c ) sort Sorting Order sort OPTIONS somefile Options ( -r, -n ) uniq Removes duplicate lines in a file -u to show only truly uniq -d to show lines that are repeated in the input -c to count lines cut Display specific columns of the file data cut f3 d: /etc/passwd paste Paste files together paste file1.txt file2.txt > file3
28
aspell, expand
aspell To check spelling in file aspell somefile expand Expand tabs into spaces expand tabfile.txt > result.txt
29
String Processing with Regular Expressions
30
grep , sed and awk

grep Prints lines of files where a pattern is matched grep amit /etc/passwd sed Stream Editor :- Reads a file ; writes out the data performe search and replace sed s/big/small/ somefile sed s/big/small/g somefile awk Programming language for editing text awk /bash/ { print } /etc/passwd
31
Finding and Processing Files
32
slocate and find

slocate Search for files slocate somefile find Search for files find /home name somefile find /home iname somefile [ case-insensitive search ] find /home user amit group amit somefile find /home perm 755 find /home size 1000kb
33
Investigating and Managing Processes
34
What is a Process?
A process in an executing program with several components and properties. A process is a shell command or a program in execution. When you log in, a process is created. This process is executing the shell When you execute a shell command, a new process is created. When the command terminates, the new process dies. A single user can have many processes executing at the same time
35
ps command
The command ps is used to determine the status of active processes. The command returns the process id (PID) number and other information such as the amount of CPU time the process has used (TIME) and the command which invoked the process (CMD). Options may be combined.
36
top command
The command top is used to show a real-time view of Linux tasks top can be used to display the CPU/memory usage of each task top
37
Terminate Processes
kill is used to terminate processes or to send signal to processes. Examples: kill PID Terminate the process with the process id (PID).
38

Understanding Permissions Linux File system
Introduction to string processing String Processing with Regular Expressions Finding and Processing Files Investigating and Managing Processes
Welcome!
RH033
Objectives
Day 5
GNOME and KDE Desktop Shells Using Network Clients Firefox and Elinks wget, gaim, gFTP, Evolution ssh, mutt, scp Introduction to bash scripting Writing Programs using bash scripting Introduction to Book -2 and EXAM Scheme
Using Network Clients
Firefox
Fast Lightweight, feature-rich web broswer Tabbed browsing Popup Blocking Support for many popular plugins Download manager Bookmark
Elinks
Best linux text-based web client ( web browser ) Full support for frames and SSL [ https websites ] Download manager Bookmark
wget
Retrieves files via HTTP and FTP Non-interactive- useful in shell scripts Can follow links and traverse directory trees on the remote server Example wget http://www.download.com/songsplayer/mplayer.exe
Gaim
Multi-protocol Instant messaging client Supports AIM, MSN, YAHOO, ICQ, Jabber, Gadu-Gadu, SILC, GroupWise Messenger, IRC and Zephyr networks Plugins can be used to add functionality
10
gFTP
Applications/Internet/gFTP Graphical FTP Client Allows Drag-and-Drop Transfers Optional secure transfer via ssh ( sftp )
11
Evolution
Default Email Client software Can maintain multiple accounts and once
mutt
Text based Email client Supports POP, IMAP and Local mail boxes
12
ssh: Secure Shell

ssh allows remote logins and remote command execution via a secure encrypted connection Example ssh root@station1.example.com
scp: Secure Copy

scp works like cp, except it copies from one host to another in a secure encrypted channel Example scp somefile root@station1.example.com:
13
Introduction to Shell Scripting
14
What is shell script ?

Shell scripts are text files that contains a series of commands or statements to be executed Shell scripts are useful for Automating commonly used commands Performing system administration and troubleshooting Creating simple applications
15
Creating Shell Scripts

Create a file using vi text editor Use # for comments [ Information ] Enter commands related to scripts Make the script executable chmod a+x script_name To Execute the new script Place the script in a directory in the executable path Or Specify the absolute or relative path to the script on the command line
16
Exit Status
Every command returns an exit status. The exit status will be a number in the range of 0 to 255 and it indicates whether or not the command ran successfully. 0 for success, 1 to 255 for failure Exit status of most recently executed command is kept in the $? Variable just like return values from shell functions Example: echo $?
17
Writing Programs using bash scripting
18
Sample Program 1
# Simple Program for users input echo -n "Enter Your Name :" read a echo -n "Enter Your Age :" read b echo "Hello Dear $a your age is $b Years"
19
Sample Program 2
# Addition of A and B number echo -n "Enter First number :" read a echo -n "Enter Second number :" read b c=èxpr $a + $b` echo "Result is" $c
20
Sample Program 3
# Multiply A and B echo -n "Enter First number :" read a echo -n "Enter Second number :" read b c=èxpr $a \* $b` echo "Result is" $c
21
Sample Program 4
# Divides A from B echo -n "Enter First number :" read a echo -n "Enter Second number :" read b c=èxpr $a / $b` echo "Result is" $c
22
Sample Program 5
# Subtract B from A echo -n "Enter First number :" read a echo -n "Enter Second number :" read b c=èxpr $a - $b` echo "Result is" $c
23
Sample Program 6
# To Check Bigger number between two numbers echo -n "Enter First number :" read a echo -n "Enter Second number :" read b if [ $a -gt $b ]; then echo "A is BIG" elif [ $a -eq $b ]; then echo "Both are equal" else echo "B is BIG" fi
24
Sample Program 7
# To show table of number given by user i=1 echo -n "Enter any number : " read n while [ $i -le 10 ] do echo "$n * $i = èxpr $i \* $n`" i=èxpr $i + 1` done
25
Sample Program 8
#Checks to see hosts 192.168.0.1 to 192.168.0.10 are alive for n in {1..10}; do host=192.168.0.$n ping -c2 $host &> /dev/null if [ $? = 0 ]; then # print host names 30 char wide and left justified printf "%-30s is alive\n" $host else printf "%-30s is NOT alive\n" $host fi done
26
RHCE EXAM SCHEME
27
Exam Requirements under Red Hat Enterprise Linux 4:
Under Red Hat Enterprise Linux 4, the certification exam consists of two parts conducted in a single day. The exam is performance-based, meaning that candidates must perform tasks on a live system, rather than answering questions about how one might perform those tasks.
28
The two parts of the RHCE Exam consist of:

Section I : Troubleshooting and System Maintenance (2:30 hours) Section II : Installation and Configuration (3:00 hours)
29
Details of Sections
SECTION I
Divided into two phases Phase 1 and Phase 2 Phase 1 contains 8 Questions including 5 Compulsory questions Time duration to complete Phase 1 is 1:00 hours Minimum marks required to pass 50 % for RHCT Minimum marks required to pass 80 % for RHCE If Phase 1 completes before given time then the remaining time will be added to phase 2 Phase 2 contains 2 Optional Questions Time duration to complete Phase 2 is 1:30 hours
30
Details of Sections
SECTION II
Divided into three phases Phase 1, Phase 2 and Phase 3 Phase 1 contains 8 to 10 Questions [ RHCT Level ] By completing this section successfully you becomes RHCT Minimum marks required to pass 70 % Phase 2 contains 8 to 10 Questions [ RHCE Level ] By completing this section successfully you becomes RHCE Minimum marks required to pass 70 %
Note :- To get pass RHCE exam you are required to pass RHCT Phase 3 contains 3 Optional Questions Time duration to complete total section II is 3:00 hours
31
How to get pass?

In order to pass the Red Hat Certified Engineer exam under Red Hat Enterprise Linux 4 you must meet all of the following requirements: A score of 80 or higher on Section I, consisting of five compulsory and five optional problems successful completion of the five Section I compulsory troubleshooting problems within one hour of that section's start time; 70 percent or more on the RHCT-level skills in Section II. 70 percent or more on the RHCE-level skills in Section II. These last two requirements enable RHCEs to demonstrate that they possess both RHCT-level and RHCE-level skills, as well as enabling a person who only has RHCT level skills to earn RHCT if they pass the required competencies. Candidates will be emailed exam results within three business days following the exam
32

GNOME and KDE Desktop Shells Using Network Clients Firefox and Elinks wget, gaim, gFTP, Evolution ssh, mutt, scp Introduction to bash scripting Writing Programs using bash scripting Introduction to Book -2 and EXAM Scheme
Welcome!
RH133
Red Hat Enterprise Linux System Administration
Objectives
Day 6
Installation of RHEL 4.0 NFS based FTP based HTTP based System Initialization and Services Understanding Boot Sequence Understanding GRUB Boot Loader Understanding Run Levels Understanding and Managing Services
Installation using NFS Server
Installing RHEL using NFS server

Steps

Boot Machine from Bootable Disk [ Use Disk 1 or Boot.iso Disk ] boot: linux askmethod [ From Disk 1 ] boot: linux text askmethod [ From Disk 1 ] boot: Only Press Enter Key [ From Boot.iso Disk ] boot: linux text [ From Boot.iso Disk ] Language and Key-Board Selection Choose the appropriate installation method NFS image Obtain IP-Address from Server Obtain Hostname from Server Type the Server Name : server1.example.com Type the folder Path : /var/ftp/pub Then Follow the remaining installation instructions
Installation using FTP Server
Installing RHEL using FTP server

Steps

Boot Machine from Bootable Disk [ Use Disk 1 or Boot.iso Disk ] boot: linux askmethod [ From Disk 1 ] boot: linux text askmethod [ From Disk 1 ] boot: Only Press Enter Key [ From Boot.iso Disk ] boot: linux text [ From Boot.iso Disk ] Language and Key-Board Selection Choose the appropriate installation method FTP Obtain IP-Address from Server Obtain Hostname from Server Type the Server Name : server1.example.com Type the folder Path : /pub Then Follow the remaining installation instructions
Installation using HTTP Server
Installing RHEL using HTTP server

Steps

Boot Machine from Bootable Disk [ Use Disk 1 or Boot.iso Disk ] boot: linux askmethod [ From Disk 1 ] boot: linux text askmethod [ From Disk 1 ] boot: Only Press Enter Key [ From Boot.iso Disk ] boot: linux text [ From Boot.iso Disk ] Language and Key-Board Selection Choose the appropriate installation method HTTP Obtain IP-Address from Server Obtain Hostname from Server Type the Server Name : server1.example.com Type the folder Path : /install Then Follow the remaining installation instructions
Partition Scheme
Try to install RHEL with following partition scheme with minimum installation. /boot 100 MB / 1024 MB /usr 2048 MB /var 2048 MB /home 512 MB Swap which will be 1.5 to 2.0 to your systems ram
Multiboot Systems
Red Hat Enterprise Linux and the GRUB boot loader can coexist with other operating systems, including the following: Windows /NT/2000/XP/2003 DOS, Windows 3.x/9x/ME Two major issues arise when implementing multi boot systems: Partitioning and the boot process
10
Validating the Installation

Virtual consoles during installation Five Virtual consoles are provided during the installation process. ALT-F1: The installer program in text mode ALT-F2: A bash shell ALT-F3: A log of installer messages ALT-F4: A log of kernel messages ALT-F5: stdout from mke2fs and grub commands ALT-F7: The installer program in graphical mode Post-boot validation dmesg and /var/log/dmesg /var/log/messages /root/install.log GRUB drops to a prompt if there is a problem loading files
11
System Initialization and Services
12
Order of the Boot Process

BIOS initialization Boot loader configuration [ GRUB initialization ] Stage 1 : small, resides in MBR or boot sector contains information about only Stage 2 and loads the stage 2 Stage 2: This is the core image of GRUB reads the file Grub.conf [ /boot/grub/grub.conf ] symbolic link [ /etc/grub.conf ] Kernel Loading Init Process [ /sbin/init ] Starting init also loads [ /etc/inittab ] file into memory rc loading [ /etc/rc.d/rc ] rc.sysinit loading for interactive startup [ /etc/rc.d/rc.sysinit ] System reads the file [ /etc/fstab ] to mount system partitions rc reads /etc/inittab file to load default or selected run level and Enter to selected run level rc.local for user defined scripts [ /etc/rc.d/rc.local ]
13
Order of the Boot Process

Loads the X server [ If Run Level 5 is selected ] prefdm script loads [ /etc/X11/prefdm ] prefdm reads the file /etc/sysconfig/desktop file to load display mangers such as kdm,gdm,xdm Then system reads file [ /etc/X11/xorg.conf ] this specifies the hardware components resources Monitor Keyboard Mouse Display Adaptor
14
GRUB and grub.conf

GRUB GRand Unified Bootloader Command-line interface available at boot prompt Boot form ext2/ext3, ReiserFS, FAT file systems Supports MD5 password protection /boot/grub/grub.conf Configuration file provides the information about kernel location and other parameters to load operating system Chain-loading is used for loading other operating system.
15
Run Levels
Run Levels are different modes to run linux with different configuration. Init defines 0 to 6 run levels Defines in file [ /etc/inittab ] Following chard details the run levels that linux defines by default: Runlevel Effect 0 Halt 1,s,emergency Single user modes ( Only root user can be logged on. Used to perform Maintenance ) 2 Multi-user, without NFS networking 3 Full multi-user mode. ( Includes networking ) 4 User definable, but duplicate of run level 3 5 X11 ( Includes networking ) 6 Reboot Note :- If there is no run level defined then system will attempt to boot to run level 9 which is undefined.
16
Daemon Process
A daemon process is a program that is run in the background, providing some system service Two types of daemons Standalone ( Controlled by init or by a startup script /etc/rc.d ) Transient : ( Controlled by the Super-daemon xinetd )
17
Controlling Services
Utilities to control default system services
system-config-services : graphical utility that requires an X interface to control services. Services can be added, deleted or reordered in run level 3 through 5 with this utility ntsysv : is a console-based interactive utility that allows you to control what services run when entering a given run level. It configures the current run level by default by using the - -level option you can configure other run levels chkconfig : scripts can be managed at each run level with the on and off chkconfig options. service : command is used to start or stop a standalone service immediately, we also can use other options start, stop, restart and reload
18

Installation of RHEL 4.0
NFS based FTP based HTTP based
System Initialization and Services Understanding Boot Sequence Understanding GRUB Boot Loader Understanding Run Levels
Understanding and Managing Services
Welcome!
RH133
Objectives
Day 7
Network Configuration IP Address Configuration Using Network Clients Filesystem Management Disk Partitioning Managing Partitions [ Mounting and Unmounting ] Virtual Memory using SWAP file and Partition Kernel Services and Configuration /proc folder kudzu
2
Network Configuration
IP Addressing
Is a 32bit Logical Address which make computer to communicate to each others using TCP/IP protocol. Defined in different classes From A to E Class A = Class B = Class C = 1 to 126
128 to 191 192 to 223
We can assign IP Address to computer by using two methods 1. 2. Static [ Manually ] Dynamic [ Using DHCP Server ]
Network Configuration Commands

ifconfig
Used to view the properties of active and inactive network interfaces ifconfig Ifconfig a = to display information about inactive network interface
ifup / ifdown
Used to activating and deactivating a network interface ifdown eth0 ifup eth0
mii-tool
Tool allows a system administrator to view, monitor, log and change the negotiated speed of Ethernet network cards mii-tool v = to view the current status of network interface card mii-tool v --force 100baseTx-FD eth0 To change the negotiated speed of Ethernet network card
Network Configuration Utilities

netconfig

Text-based network configuration tool Only writes config files. Does not activate device or changes. Use ifup/ifdown to active changes or restart the network service Used by kudzu when new network card found at boot time
system-config-network
GNOME-based network configuration tool Can be launched by a non-privileged user, but requires authentication as root.
Filesystem Management
CREATING LINUX PARTITIONS:

Step-1 Check the drive fdisk -l Step-2 Create new partition fdisk /dev/hda Step-3 Write the new table to running kernel configuration partprobe Step-4 Format the new partition mkfs.ext3 /dev/hdaN Step-5 Mount the new partition a) Temporary : Give the following command mount -t ext3 /dev/hdaN /mnt/newdata b) Permanent : vi /etc/fstab /dev/hdaN /mnt/newdata ext3 defaults 0 Step-6 Activate the mounting of new partition mount -a
DEFINING LABELS FOR PARTITION

e2label /dev/hdaN new Mount Temporary -mount LABEL=new /mnt/newdata Mount Permanent -vi /etc/fstab LABEL=new /mnt/new ext3 defaults
CREATING SWAP PARTITION

Step-1 Create a partition type of swap using FDISK fdisk /dev/hda Step-2 Change the System ID of partition and Format the partition as SWAP Press t for change the system ID of New Partition to linux SWAP Save and exit from fdisk command and run partprobe command mkswap /dev/hdaN Step-3 Enable the SWAP space swapon -a Step-4 Permanent availability to the system vi /etc/fstab /dev/hdaN swap swap defaults 00
10
CREATING SWAP FILE

Step-1 Creating a SWAP file dd if=/dev/zero of=/swapfile bs=1M Step-2 Configuring this file as SWAP mkswap /swapfile Step-3 Enabling the SWAP file Temporary swapon /swapfile Step-4 vi /etc/rc.d/rc.local Permanent swapon /swapfile Step-5 Activating and confirming swapon -a swapon -s count=300
11
What is Kernel?
The kernel is the heart of the whole operating system. It manages communication with hardware, decides which processes to run, and provides each process with an isolated, virtual address space in which to run. The kernel is what your boot loader, GRUB , loads into memory. The kernel loads device driver modules.
12
When you recompile your kernel, you can

Greatly improve the speed at which kernel services operate. Build in direct support for commonly used drivers. Configure the dynamic loading of appropriate drivers as modules. Lower the memory consumption of your kernel by removing unneeded components. Configure support for high-end hardware, such as memory above 4GB, hardware array controllers, symmetric multiprocessing (multiple CPU) support, and more.
13
Types of kernel
Monolithic Modular
14
Monolithic versus Modular

A monolithic kernel is a kernel where all the device modules are built directly into the kernel. Modular kernels have many of their devices built as separate loadable modules. Monolithic kernels can communicate with devices faster, since modular kernels can talk to the hardware only indirectly through a module table. Unfortunately, monolithic Linux kernels are huge. Bigger kernels reduce available RAM. In addition, some systems just can't boot a kernel that's too large. There used to be advantages to a monolithic kernel. Linux once had problems loading modular kernels for some hardware. With a monolithic kernel, the drivers would already be there. But now modular kernels load new drivers a lot more reliably. A modular kernel has greater flexibility. You can compile almost all your drivers as modules, and then each module can be inserted into the kernel whenever you need it. Modules keep the initial kernel size low, which decreases the boot time and improves overall performance. If Linux has trouble loading a kernel module, you can use the modprobe or insmod commands to load modules as needed.
15
The /proc filesystem

/proc is a virtual filesystem containing information about the running kernel Contents of files under /proc may be viewed using cat Provides information on system hardware, networking settings and activity, memory usage and more /proc/cpuinfo /proc/meminfo /proc/version /proc/partitions etc..
16
kudzu
The kudzu utility maintains a database of detected and configured hardware, found at /etc/sysconfig/hwconf As a part of the boot process, kudzu compares the currently detected hardware to the stored database If new hardware is detected , or previously existing hardware is removed, kudzu will attempt to automatically reconfigure the system or steer the administrator to the appropriate interactive configuration utility
17

Network Configuration IP Address Configuration Using Network Clients Filesystem Management Disk Partitioning Managing Partitions [ Mounting and Unmounting ] Virtual Memory using SWAP file and Partition Kernel Services and Configuration /proc folder kudzu
Welcome!
RH133
Objectives
Day 8
Logical Volume Manager Using LVM Formatting and Mounting LVM Resizing LVM Understanding RAID Creating RAID Volumes Managing RAID Volumes Disk Quota Management Appling Quota Grace Period
Logical Volume Manager
What is LVM?
The Logical Volume Manager (LVM) enables you to resize your partitions without having to modify the partition tables on your hard disk. This is most useful when you find yourself running out of space on a filesystem and want to expand into a new disk partition versus migrating all or a part of the filesystem to a new disk.
LVM Terms
Physical Volume: A physical volume (PV) is another name for a regular physical disk partition that is used or will be used by LVM.
Volume Group: Any number of physical volumes (PVs) on different disk drives can be added together into a volume group (VG).
Logical Volumes: Volume groups must then be subdivided into logical volumes. Each logical volume can be individually formatted as if it were a regular Linux partition. A logical volume is, therefore, like a virtual partition on your virtual disk drive.
PV1
PV2
PV1
PV2
VG ( Volume Group )
LV
Logical Volume Free Space VG ( Volume Group )
CREATING LVM
Step-1 Create two Partitions of 500 MB each using FDISK and set type as LINUX LVM Step-2 Create Physical Volumes pvcreate /dev/hda8 /dev/hda9 Step-3 Create Volume Group vgcreate VG1 /dev/hda8 /dev/hda9 Step-4 Change Volume Group to ACTIVE vgchange -a y VG1 Step-5 Create Logical Volume lvcreate -L +600M -n LV1 VG1 Step-6 Format the Logical Volume mkfs.ext3 /dev/VG1/LV1 Step-7 Mount in /etc/fstab /dev/VG1/LV1 /mnt/data ext3 defaults 00 Step-8 Activate the new volume mount -a
Check the newly mounted Logical Volume For Short details

pvscan lvscan vgscan
For Long Full Details

pvdisplay lvdisplay vgdisplay
RESIZING THE LVM

Step-1 Umount the LVM umount /dev/VG1/LV1 Step-2 Resize the LVM lvextend -L +200M /dev/VG1/LV1 Step-3 Make the LVM active vgchange -a y VG1 Step-4 Update the /etc/fstab for new size mount -a Step-5 Configuring the HDD for new extended space ext2online /dev/VG1/LV1
10
Understanding RAID
11
What is RAID ?
A Redundant Array of Independent Disks (RAID) is a series of disks that can save your data even if there is a catastrophic failure on one of the disks. While some versions of RAID make complete copies of your data, others use the so-called parity bit to allow your computer to rebuild the data on lost disks
12
RAID Levels
RAID 0
This level of RAID makes it faster to read and write to the hard drives. However, RAID 0 provides no data redundancy. It requires at least two hard disks. Reads and writes to the hard disks are done in parallel, in other words, to two or more hard disks simultaneously. All hard drives in a RAID 0 array are filled equally. But since RAID 0 does not provide data redundancy, a failure of any one of the drives will result in total data loss. RAID 0 is also known as 'striping without parity.'
13
RAID Levels
RAID 1
This level of RAID mirrors information to two or more other disks. In other words, the same set of information is written to two different hard disks. If one disk is damaged or removed, you still have all of the data on the other hard disk. The disadvantage of RAID 1 is that data has to be written twice, which can reduce performance. And it is expensive. To support RAID 1, you need an additional hard disk for every hard disk worth of data. RAID 1 is also known as disk mirroring
14
RAID Levels
RAID 5
Distributes, or 'stripes,' parity information evenly across all the disks. If one disk fails, the data can be reconstructed from the parity data on the remaining disks. RAID does not stop; all data is still available even after a single disk failure. RAID level 5 is the preferred choice in most cases: the performance is good, data integrity is ensured, and only one disk's worth of space is lost to parity data. RAID 5 is also known as disk striping with parity. This set of RAID requires at least 3 Disks.
15
RAID 0 Level
RAID 1 Level
RAID 5 Level
16
Creating RAID Volumes

Step-1 Create three partitions of 500MB each and set the type as LINUX RAID using fdisk Step-2 Create RAID-5 using mdadm mdadm C /dev/md0 -l 5 -n 3 /dev/hda8 /dev/hda9 /dev/hda10 Step-3 Format the RAID mkfs.ext3 /dev/md0 Step-4 Mount the RAID volume ---- /etc/fstab /dev/md0 /mnt/data ext3 defaults 00 Step-5 Activate the RAID mount -a Step-6 Check the RAID mdadm detail /dev/md0
17
Recovering from HDD failure

Step-1 Making a error disk mdadm manage /dev/md0 fail /dev/hda10 Step-2 Removing the faulty disk/partition mdadm manage /dev/md0 remove /dev/hda10 Step-3 Adding new partition mdadm manage /dev/md0 add /dev/hda10
18
Disk Quota Management
19
What is Disk Quota ?

Disk Quotas are used to limit a user's or a group of users' ability to consume disk space. This prevents a small group of users from monopolizing disk capacity and potentially interfering with other users or the entire system. Disk quotas are commonly used by ISPs, by Web hosting companies, on FTP sites, and on corporate file servers to ensure continued availability of their systems.
20
Applying Disk Quota

Step 1 - Open /etc/fstab file using vi editor vi /etc/fstab Step 2 - Add usrquota or grpquota to following line LABEL=/home /home ext3 defaults,usrquota Step 3 Remount the /home folder or reboot your machine mount o remount /home Step 4 Turn on the quota now quotacheck vgum /home quotaon /home Step 5 Now Apply the quota to a user using following quota edquota u username
00
21
Quota Commands
quota repquota edquota t : : : Run by user to check quota status Run by the root user to check the quota status for every user Assigns the grace period
22

Logical Volume Manager
Using LVM Formatting and Mounting LVM Resizing LVM Creating RAID Volumes Managing RAID Volumes Appling Quota Grace Period
Understanding RAID
Disk Quota Management
Welcome!
RH133
Objectives
Day 9
Package Management Installing and Removing RPM packages Querying RPM Packages ADR ( Automatic Dependency Resolution ) Kickstart Configuration Creating Kickstart File Using Kickstart File User Management PAP and SUDO Special Permissions Login Shells
2
Package Management
What is Package?
In the generic sense, an RPM package is a container of files. It includes the group of files associated with a specific program or application, which normally includes binary installation scripts, as well as configuration and documentation files. It also includes instructions on how and where these files should be installed and uninstalled.
What is RPM?
The RPM Package Manager greatly simplifies the distribution, installation, upgradation. And removal of software on RHEL systems. Software to be installed using rpm is distributed through rpm package files, which are essentially compressed archives of files and associated dependency information. Package files are named using the following format:
name-version-release.architecture.rpm
Installing and Removing Software

rpm command is used for following functions Install Upgrade Freshen Erase Examples
: : : :
-i -U -F -e
rpm -ivh zip-2.3-8.i386.rpm rpm -e zip
[ To install Package ] [ To remove Package ]
RPM Queries
rpm rpm rpm rpm rpm rpm -q -qa -qi -ql -qip -qlp : : : : : : To queries any installed package To queries all installed packages To show general information To show list of package files installed To show general information of uninstalled package To show list of packages of uninstalled package
ADR ( Automatic Dependency Resolution )

Used to automatic installation of dependent packages Invoked with aid option. Use in conjunction with rpmdb.redhat
Kickstart Configuration
What is kickstart?
Kickstart is a component of the installer that automates installed Kickstart supports all installation methods The installer reads information from an files rather than prompting for it to user Kickstart files can be made available via floppy, network servers like nfs, ftp, http.
10
How to use kickstart configuration

Can be configured from graphical tool KICKSTART
Commands from client side to use kickstart configuration

Via Floppy NFS FTP HTTP Command linux ks=floppy linux ks=nfs:192.168.0.254:/kickstart/fresh.cfg linux ks=ftp://192.168.0.254/pub/fresh.cfg linux ks=http://192.168.0.254/install/fresh.cfg
11
User Management
12
Creating Users
useradd options user - Creates a new user. -c Assigns full name to user. -d Uses to define home folders location. -s Uses to define user's shell. (Use /sbin/nologin for users you wish to restrict from having shell access). -g Add user to group ( Primary Group ) -G Add user to group ( Secondary Group ) usermod options user - Modifies user account Same options as useradd. userdel options user - Deletes user account. -r : Remove user's home directory. passwd user - Changes the password of the specified user. If no user is specified, will change the password of the current user.
13
Creating Groups
groupadd group - Creates a group. groupmod options group - Modifies a group. -n : Rename group groupdel group - Deletes the specified group.
14
Configuration Files
/etc/passwd /etc/shadow /etc/group /etc/gshadow = = = = file contains user database file contains user password database file contains group database file contains group password database
15
PAP ( Password Aging Policies )

By applying password aging polices root user can set up passwords age period for user This policy can be applied by following methods chage [ command ] /etc/login.defs [ Configuration file ]
16
SUDO
The sudo command allows users listed in /etc/sudoers to run administrative commands. Main configuration file vi /etc/sudoers Commands can be executed by using sudo command Example: sudo cat /etc/shadow
17
Special Permissions
Special permissions : a forth permission set SUID for an executable SGID for an executable SGID for a directory Sticky bit for a directory
18
Special Permissions for Executables

SUID : command run with permission of the owner of the command, not executor of the command
SGID
: command runs with group affiliation of the group of the command
19
Special Permissions for Directories

Sticky Bit: The sticky bit for a directory sets a special restriction on deletion of files, with the sticky bit set, only the owner of the file, and the superuser can delete files with the directory.
20
Login Shells
Login shells are first shells started when a user log in Shells launched from a login shell typically are not login shells
21
Startup Scripts : Order of Execution

Login Shells /etc/profile /etc/profile.d ~/.bash_profile ~/.bashrc /etc/bashrc Non-login Shells ~/.bashrc /etc/bashrc /etc/profile.d
22

Package Management
Installing and Removing RPM packages Querying RPM Packages ADR ( Automatic Dependency Resolution ) Creating Kickstart File Using Kickstart File PAP and SUDO Special Permissions Login Shells
Kickstart Configuration User Management
Welcome!
RH133
Objectives
Day 10
Printing and Administration Tools Understanding Printer Installing and Managing Printer Server and Client Using Scheduling [ cron ] System Logging X Windows System Understanding Server and Client Managing X Server Using Remote Desktop Configuration Utilities
Printing and Administration Tools
Understanding Printer
Printer TERMS
Printer Print Device Print Driver Print Server Print Client Network Printer Local Printer Print Queue Print Job
Common UNIX Printing Service [ CUPS ]

CUPS, the common printing system, is the primary printing system under Red Hat Enterprise Linux. CUPS supports a new Internet Printing Protocol, IPP, based on HTTP.
Installing and Managing Printer Server and Client CUPS Configuration Files
/etc/cups/cupsd.conf cupsd server configuration file /etc/cups/printers.conf Print queue configuration file
Printing Commands
system-config-printer : Utility to install and manage print devices lpr : command to send print jobs to print device lpq : command to view print queues lprm : command to remove print jobs lpadmin : command line tool for printer administration
Using Scheduling [ cron ]
cron
Used to schedule recurring events Use crontab to edit, install and view job schedules Command Examples Crontab OPTIONS -l list crontab -r removes crontab -e edits crontab
10
Using Crontab File

Fields in a crontab file can be separated by any number of tabs or spaces Minutes 0-59 Hour 0-23 Day of Month 1-31 Month 1-12 Day of Week 0-7 0 and 7 = Sunday 1 = Monday and so on..
11
Controlling Access to cron

Restrict / allow user access to cron /etc/cron.allow /etc/cron.deny Contains usernames to allow / deny access
12
System Logging
13
What is System Logging ?

An important part of maintaining a secure system is keeping track of the activities that take place on the system. If you know what usually happens, such as understanding when users log into your system, you can use log files to spot unusual activity Two main logging daemons
klogd
:The kernel log daemon service logs kernel messages and events
syslogd :The syslog daemon logs all other process activity. You can use the log files that syslogd generates to track activities on your system
14
Log Files
/var/log/dmesg /var/log/messages /var/log/maillog /var/log/secure : Kernel log messages : Standard system error messages : Mail System messages : Security, authentication, and xinetd messages
15
X Windows System
16
What is X Windows
The X Windows System is the foundation of the Linux graphical user interface (GUI). The X Windows System is maintained by X Consortium at http://www.X.org The X Window System is designed as a flexible and powerful client/server-based system
17
18
Methods to establish X environment

Two methods to establish the environment /usr/X11R6/bin/xinit /usr/X11R6/bin/startx
19
Configuration Utilities
system-config-display mouseconfig switchdesk
20

Printing and Administration Tools
Understanding Printer Installing and Managing Printer Server and Client Using Scheduling [ cron ] System Logging Understanding Server and Client Managing X Server Using Remote Desktop Configuration Utilities
X Windows System
Welcome!
RH133
Objectives
Day 11
Troubleshooting Understanding Troubleshooting Troubleshooting Procedures Common Troubleshooting Problems and Solutions X Windows Problems Booting Problems User Management Problems Basic Network Related Problems Using Rescue Environment From CD-ROM NFS, FTP, HTTP Servers Using Run Level 1 Using Syslogs to Solve Problems
2
Understanding Troubleshooting
What is Troubleshooting?
Troubleshooting help you to diagnose and solve technical problems that are occurring with your computer.
The process of Troubleshooting is both science and art.
The science comes from the concepts of hypothesis testing, experimentation, comparison and reproducing results. The science always to focus on likely causes The art of troubleshooting comes from realization that operating system, services and applications do not always work as we hope or anticipate, or even as their creators hops or anticipate. The art permits us consider the off-the wall and unlikely as possibilities
Golden Rules
Two troubleshooting golden rules:
Prioritize problems according to severity
Spend reasonable amount of time on each problem given its priority
Try to solve root of problem

Always start from very basic step first Avoid missing underlying cause Justify why a certain solution is successful
Troubleshooting Categories
Two categories of problems:

Hardware-related Software-related
Troubleshooting Procedures
Common Troubleshooting Problems and Solutions
X Windows Problems and Solutions

Problems

Unable to load Desktop Monitor Resolution Mouse Problem Hangs While loading Desktop system-config-display Is xfs is running
[ Try to start service permanently using chkconfig ]
Solutions

Is gpm is running
[ Try to start service permanently using chkconfig ]
Is /home or /tmp is full Is user reached a hard quota limit Is hostname resolved properly
10
Booting Problems
Problems
1. 2.
3.
4.
5.
No bootloader splash screen or prompt appears Kernel does not load at all, or loads partially before a panic occurs Kernel loads completely, but panics or fails when it tries to mount filesystem and run /sbin/init Kernel loads completely, and /etc/rc.d/rc.sysinit is started and interrupted Run Level errors
11
Booting Problems
Solutions Problem 1

GRUB is misconfigured Boot Sector is corrupt Bad BIOS settings Corrupt kernel Incorrect Parameters passed to the kernel by the bootloader Bootloader is misconfigured /sbin/init is corrupted or /etc/inittab is misconfigured Root filesystem is damaged and unmountable
Problem 2

Problem 3

12
Booting Problems
Solutions Problem 4

/bin/bash is missing or corrupted /etc/fstab may have an error Error in RAID or QUOTA specifications /etc/inittab is misconfigured Service-specific error Misconfigured X or related services in run level 5
Problem 5

13
User Management Problems

Problems

Unable to Login Forgot password User is using nologin shell User account is locked User account is expired User is having no password Change users password [ using runlevel 1 if roots password ]
Solutions

14
Basic Network Related Problems

Problems

Unable to ping to other network Unable to resolve host name Network Interface is not up Unable to display IP-Address Use netconfig command Enter valid entries for DNS server Enter valid entries for DHCP server [ If required ] Enter valid entries for Default Gateway Try to UP Ethernet Interface using ifup command
Solutions

15
Using Rescue Environment
16
Rescue Environment From

CD-ROM NFS Server FTP Server HTTP Server
17
Steps
CD-ROM Boot from first RHEL installation CD Type linux rescue at boot prompt NFS, FTP and HTTP Server Boot from first RHEL installation CD Type linux rescue askmethod at boot prompt [ Note : - use only linux rescue with using BOOT.ISO disk ]
18
Using Run Level 1
19
Using Syslogs to Solve Problems
20
Important Log Files

var/log/dmesg /var/log/messages /var/log/secure : Kernel log messages : Standard system error messages : Security, authentication, and xinetd messages
21

Troubleshooting
Understanding Troubleshooting Troubleshooting Procedures
Common Troubleshooting Problems and Solutions

X Windows Problems Booting Problems User Management Problems Basic Network Related Problems Using Rescue Environment From CD-ROM NFS, FTP, HTTP Servers Using Run Level 1 Using Syslogs to Solve Problems
Welcome!
RH253
Red Hat Network Services and Security Administration
Objectives
Day 12
Understanding and Managing DNS Server Understanding DNS Server Configuration Creating Zones Creating Zone Resource Records Client Configuration Testing DNS Understanding and Managing DHCP Server Understanding DHCP Server Server Configuration Creating Leases and Reservation Client Configuration Using DHCP Server to obtain IP-Address 2
Understanding and Managing DNS Server
Understanding DNS Server
What is DNS?
DNS is the Domain Name System, which maintains a database that can help your computer translate domain names such as www.redhat.com to IP addresses such as 216.148.218.197 and also translates IP address to domain names as well. DNS Allows machines to be logically grouped by name domains DNS is based on the named daemon, which is built on the BIND (Berkeley Internet Name Domain) package developed through the Internet Software Consortium Red Hat Enterprise Linux 4 includes BIND version 9
Types of DNS Server

You can set up four different types of DNS servers:
A master DNS server for your domain(s), which stores authoritative records for your domain. A slave DNS server, which relies on a master DNS server for data. A caching-only DNS server, which stores recent requests like a Proxy server. It otherwise refers to other DNS servers. A forwarding-only DNS server, which refers all requests to other DNS servers
ZONE
What is Zone?
A zone is a part of the DNS database administered by a single name server. Forward lookup Reverse lookup [ Maps Host name to IP-Address ] [ Maps IP-Address to Host name ]
Types of Zones

Main Records Types

A Record [ A Records map hostname to IP-Address ] PTR Record [ PTR Records map IP-Address to hostname ] CNAME Record [ CNAME Records map address alias ] MX Record [ MX Records map mail server for a domain ]
DNS Server Configuration
DNS Server Configuration Files

/etc/named.conf /var/named [ Main Configuration File ] [ Main Configuration Folder contains Zone Files ]
10
Steps to configure DNS Server

Step 1: Create Zones vi /etc/named.conf
zone example.com IN { type master; file example.com.zone; example.com.zone }; zone 0.168.192.in-addr.arpa IN { type master; file 192.168.0.zone; 192.168.0.zone };
11
Creating Zone Files

Step 1: Creating Zone Database Files vi /var/named/example.com.zone @ IN SOA station1.example.com. root.example.com. ( YYYYMMDDNNN; serial ; refresh ; retry ; expire ) NS station1.example.com. station1 IN A 192.168.0.1 station2 IN A 192.168.0.2 station3 IN A 192.168.0.3
12
Creating Zone Files

vi /var/named/192.168.0.zone
13
Other Configuration
Comment out following line from /etc/sysconfig/named file #ROOTDIR=/var/named/chroot Now start named service and also make it start permanent service named start chkconfig --level 345 named on
14
DNS Client Configuration
15
DNS Client Configuration Files

vi /etc/resolv.conf Contain the name of the domain to search and the nameserver information. search example.com nameserver 192.168.0.1
16
DNS Client Configuration Files

vi /etc/host.conf contain the order of search. order bind,hosts
17
Other Configuration Files

vi /etc/hosts Contain the entry of the local machine for local lookups 192.168.0.1 station1.example.com station1 192.168.0.2 station2.example.com station2 192.168.0.3 station3.example.com station3
18
Testing Configuration
dig station1.example.com nslookup station1.example.com dig -x 192.168.0.1 nslookup 192.168.0.1
19
Understanding and Managing DHCP Server
20
What is DHCP Server?

DHCP ( Dynamic Host Configuration Protocol ) protocol that allow a client computer to get network configuration information from DHCP server
21
22
DHCP Server Configuration Files

vi /etc/dhcpd.conf subnet 192.168.0.0 netmask 255.255.255.0 { option routers 192.168.0.1; option domain-name example.com; option domain-name-server 192.168.0.1; range 192.168.0.10 192.168.0.50; } host station101 { hardware ethernet 00:20:4A:40:1C:2D; fixed-address 192.168.0.101; }
23
DHCP Related Service

Temporary service dhcpd start Permanent chkconfig --level 345
dhcpd
on
24
DHCP Client Configuration

netconfig [ To obtain IP-Address from DHCP Server ] dhclient [ To release IP-Address from DHCP Server ] dhclient -r [ To renew IP-Address from DHCP Server ]
25

Understanding and Managing DNS Server
Understanding DNS Server Configuration Creating Zones Creating Zone Resource Records Client Configuration Testing DNS
Understanding and Managing DHCP Server

Understanding DHCP Server Server Configuration Creating Leases and Reservation Client Configuration Using DHCP Server to obtain IP-Address
Welcome!
RH253
Objectives
Day 13
Understanding and Managing NFS Server Understanding NFS NFS Server Configuration Creating Shares NFS Client Configuration Mounting NFS Shares Understanding and Managing SAMBA Server Understanding SAMBA Server SAMBA Server Configuration Creating Shares SAMBA Client Configuration Accessing SAMBA Shares 2
Understanding and Managing NFS Server
Understanding NFS Server
What is NFS?
A Network File System (NFS) allows remote hosts to mount file systems over a network and interact with those file systems as though they are mounted locally. This enables system administrators to consolidate resources onto centralized servers on the network. The Network File System (NFS) is the standard for sharing files on a directory with Linux and Unix computers. It was originally developed by Sun Microsystems in the mid-1980s. You can create shared NFS directories directly by editing the /etc/exports configuration file, or you can create them with Red Hat's NFS Configuration tool.
NFS:- Benefits and Problems

Benefits: -> DFS that allows local access to remote files. -> Uses standard client/server architecture. -> Using NFS the server export his data to other clients. -> Provide centralize storage solution. -> Users get their data irrespective of physical location. Problems: -> Network congestion. -> Heavy disk activity on NFS server. -> Its design assume a trusted environment, not a hostile environment. -> NFS is based on RPC (Remote Procedural Call) which is easy to exploit. -> For Security reasons NFS cannot be used over Internet.
NFS Services
portmap nfs rpc.mountd : Map calls made from other machines : Translates NFS requests in requests on the local system : Mounts and Unmounts filessystems
Server Configuration : Sharing Files

Exported files are defined in main configuration file /etc/exports Examples : vi /etc/exports /data *.example.com(ro,sync) station1.cracker.org(rw,sync) /data 192.168.0.0/255.255.255.0(ro,sync) Then After Exporting Files service portmap start service nfs start chkconfig --level 345 portmap on chkconfig --level 345 nfs on
Client Configuration : Mounting Shares

Mounting can be done by using following methods Mount command [ Temporary ] mount -t nfs station1.example.com:/data /mnt/data /etc/fstab file [ Permanent ] station1.example.com:/data /mnt/data nfs defaults
0 0
[ Note : NFS Shares are mounted at boot time by /etc/rc.d/init.d/netfs ]
NFS Commands
showmount -e :shows the available shares exportfs -v :Displays a list of shares files and options on a server exportfs -a :Exports all shares listed in /etc/exports ,or given name exportfs -u :Unexports all shares listed in /etc/exports ,or given name exportfs -r :Refresh the servers list after modifying /etc/exports
10
Understanding and Managing SAMBA Server
11
What is SAMBA?
Samba is a software package that comes with RHEL 4.0 that lets you share file systems and printers on a network with computers that use the Session Message Block (SMB) protocol. SMB is the protocol that is delivered with Windows operating systems for sharing files and printers You can do four basic things with Samba:
Share a Linux directory tree with Windows and Linux/Unix computers Share a Windows directory with Linux/Unix computers Share a Linux printer with Windows and Linux/Unix computers Share a Windows printer with Linux/Unix computers
12
SAMBA Services
smbd nmbd : Main File and Printer Sharing Service : Act as WINS Server
13
Managing SAMBA Server

Samba Server can be configured by two methods Configuration in /etc/samba/smb.conf File Using Configuration GUI Tool system-config-samba
14
SAMBA Server side configuration

Step1 : Creating samba shares vi /etc/samba/smb.conf [myshare] comment = My Shares from Station1 path = /myshare valid users = marc public = no writable = yes browseable = yes
15
SAMBA Server side configuration

Step 2: Test configuration testparm Step 3: Adding User to samba share who can access samba share smbpasswd -a marc Step 4: Starting SAMBA service service smb start chkconfig --level 345 smb on Step 5 :Testing SAMBA Shares smbclient -L //station1.example.com
16
SAMBA Client Configuration

Client can access samba shares using following methods smbclient //station1.example.com/myshare smbmount //station1/myshare /mnt -o username=marc Samba Mounts in /etc/fstab file //station1/myshare //station1/myshare /mnt /mnt smbfs smbfs defaults,username=marc 0 0 defaults,credentials=/etc/cred.txt 0 0
Then Create /etc/cred.txt vi /etc/cred.txt username=marc password=password
17
Samba Mounts in /etc/fstab file

vi /etc/fstab //station1/myshare /mnt smbfs defaults,username=marc 0 0
Using Credentials File vi /etc/fstab //station1/myshare /mnt
smbfs
defaults,credentials=/etc/cred.txt 0 0
Then Create /etc/cred.txt vi /etc/cred.txt username=marc password=password
18

Understanding and Managing NFS Server
Understanding NFS NFS Server Configuration Creating Shares NFS Client Configuration Mounting NFS Shares
Understanding and Managing SAMBA Server

Understanding SAMBA Server SAMBA Server Configuration Creating Shares SAMBA Client Configuration Accessing SAMBA Shares
Welcome!
RH253
Objectives
Day 14
Understanding and Managing FTP Server Understanding FTP Server FTP Server Configuration Allowing and Disallowing Users FTP Client Configuration Accessing FTP Server Understanding and Managing HTTP Server [ Apache Server ] Understanding Apache Web Server Hosting Web Sites Virtual Directory Access Control CGI Scripts 2
Understanding FTP Server
What is FTP?
FTP, the File Transfer Protocol, is one of the original network applications developed with the TCP/IP protocol suite. It follows the standard model for network services, as FTP requires a client and a server , the first implementations of FTP date back to 1971. FTP set out to solve the need to publish documents and software so that people could get them easily from other computer systems. On the FTP server, files were organized in a directory structure; users could connect to the server over the network ,and download files from (and possibly upload files to) the server.
What is vsftpd?
The Very Secure FTP Server (vsFTPd) is the only FTP server software included in the Red Hat Linux distribution , vsFTPd is becoming the FTP server of choice for sites that need to support thousands of concurrent downloads. It was also designed to secure your systems against most common attacks.
Configuration Files
/etc/vsftpd/vsftpd.conf /etc/vsftpd.ftpusers /etc/vsftpd.user_list : Main Configuration File : Contains Users list to allow or deny : Contains Users list to allow or deny
Starting vsftpd service

service vsftpd start chkconfig --level 345 vsftpd on
Client Side Commands

For Connecting to FTP Server
ftp station1.example.com
For Installing Packages from FTP server

rpm -ivh ftp://station1.example.com/pub/RedHat/RPMS/package.rpm
Understanding and Managing HTTP Server [ Apache Server ]
What is Apache Web Server?

The WWW ( World Wide Web ), as it is known today, began as a project of Mr. Tim Berners-Lee at the European Center for Particle Physics (CERN). The original goal was to provide one consistent interface for geographically dispersed researchers and scientists who needed access to information in a variety of formats. From this idea came the concept of using one client (the Web browser) to access data (text, images, sounds, video, and binary files) from several types of servers (HTTP, FTP and SMTP Servers ) The Apache Web Server was originally based on HTTPd, a free server from NCSA (the National Center for Supercomputing Applications)
10
Apache Main Features

The stability and rapid development cycle associated with a large group of cooperative volunteer programmers. Full source code, downloadable at no charge. Ease of configuration using plain-text files. Access-control based on client host name/IP address or user name/password combinations. Support for server-side scripting as well as CGI scripts.
11
Installing and Configuring Apache

Main Configuration File /etc/httpd/conf/httpd.conf Main Service to control HTTP server httpd
12
Hosting Virtual Host

Step 1: Creating Virtual host using configuration file vi /etc/httpd/conf/httpd.conf <VirtualHost 192.168.0.1> ServerName station1.example.com ServerAdmin root@station1.example.com DocumentRoot /var/www/html/station1 DirectoryIndex index1.html </VirtualHost> Step 2: Test HTTP Configuration httpd -t Step 3: Starting HTTP service service httpd restart chkconfig --level 345 httpd on
13
Hosting Multiple Sites

Step 1: Creating Virtual host using configuration file vi /etc/httpd/conf/httpd.conf NameVirtualHost 192.168.0.254 <VirtualHost 192.168.0.1> ServerName station1.example.com ServerAdmin root@station1.example.com DocumentRoot /var/www/html/station1 DirectoryIndex index1.html </VirtualHost> <VirtualHost 192.168.0.1> ServerName station1.example.com ServerAdmin root@station1.example.com ServerAlias www1.example.com DocumentRoot /var/www/html/station1 DirectoryIndex index2.html </VirtualHost>
14
Hosting Virtual Directory

Step 1: Creating Virtual Directory using configuration file vi /etc/httpd/conf/httpd.conf <VirtualHost 192.168.0.1> ServerName station1.example.com ServerAdmin root@station1.example.com DocumentRoot /var/www/html/station1 DirectoryIndex index1.html <Directory "/var/www/html/station1/data"> Options Indexes Order allow,deny Allow from all </Directory> </VirtualHost>
15
Control Through .htaccess

Step 1: Configuring configuration file vi /etc/httpd/conf/httpd.conf <VirtualHost 192.168.0.1> ServerName station1.example.com ServerAdmin root@station1.example.com DocumentRoot /var/www/html/station1 DirectoryIndex index1.html <Directory "/var/www/html/station1/data"> Options Indexes Order allow,deny Allow from all AllowOverride AuthConfig </Directory> </VirtualHost>
16
Control Through .htaccess

Step 2: Creating .htaccess file vi /var/www/html/station1/.htaccess AuthName "restricted site" AuthType basic AuthUserFile /etc/httpd/htpasswd require valid-user Step 3: Adding Users to http access file htpasswd -c /etc/httpd/htpasswd marc
17
Using CGI Scripts

Step 1: Modify httpd.conf file <VirtualHost 192.168.0.254> ServerName server1.example.com ServerAdmin root@server1.example.com DocumentRoot /var/www/html/station1 DirectoryIndex index1.html ScriptAlias /cgi-bin/ /var/www/html/station1/cgi-bin/ </VirtualHost>
18
CGI Script
Step 2: Create Script File vi /var/www/html/station1/cgi-bin #!/bin/bash echo Content-type: text/html echo echo "<pre>" echo My username is: whoami echo echo My id is: id echo "</pre>"
19
CGI Script
Step 3: Assigning permission to CGI script chmod 555 /var/www/html/station1/cgi-bin
20

Understanding and Managing FTP Server
Understanding FTP Server FTP Server Configuration Allowing and Disallowing Users FTP Client Configuration Accessing FTP Server
Understanding and Managing HTTP Server [ Apache Server ]

Understanding Apache Web Server Hosting Web Sites Virtual Directory Access Control CGI Scripts
Welcome!
RH253
Objectives
Day 15
Understanding and Managing Squid Proxy Server Understanding Squid Proxy Server Squid Proxy Server Configuration Allowing and Disallowing Web-Sites Squid Client Configuration Accessing Internet Via Squid Server Understanding and Managing Mail Servers Basic Mail Concepts Understanding Sendmail and Postfix Server Configuring Sendmail Server Configuring Postfix Server Configuring Mail Clients 2
Understanding and Managing Squid Proxy Server
What is Squid Proxy Server?

Squid is a high-performance HTTP and FTP caching proxy server. It is also known as a Web proxy cache. It can make your network connections more efficient.
Main Configuration File and Service

Main Configuration File /etc/squid/squid.conf Main Service squid
Configuring Squid Server

Step 1: Edit Main Configuration File vi /etc/squid/squid.conf Step 2: Test Configuration squid Step 3: Start Service Temporary And Permanent service squid start chkconfig --level 345 squid on
Squid Client Configuration
Understanding and Managing Mail Servers
Basics of Mail Server

The birth of electronic mail (email) occurred in the early 1960s. The first network transfer of an electronic mail message file took place in 1971 when a computer engineer named Ray Tomlinson sent a test message between two machines. Today, email systems based on standardized network protocols have evolved into some of the most widely used services on the Internet.
Email Protocols
Email Protocols are categorized in two types: Mail Transport Protocols The primary purpose is to transfer email between mail servers. Mail Access Protocols used by email client applications to retrieve email from mail servers
10
Mail Transport Protocols

The primary purpose of SMTP (Simple Mail Transfer Protocol ) is to transfer email between mail servers. However, it is critical for email clients as well. To send email, the client sends the message to an outgoing mail server, which in turn contacts the destination mail server for delivery. One important point to make about the SMTP protocol is that it does not require authentication. This allows anyone on the Internet to send email to anyone else or even to large groups of people. It is this characteristic of SMTP that makes junk email or spam possible.
11
Mail Access Protocols

There are two primary protocols used by email client applications to retrieve email from mail servers: the Post Office Protocol (POP) and the Internet Message Access Protocol (IMAP). Unlike SMTP, both of these protocols require connecting clients to authenticate using a username and password.
12
POP
The default POP server under Red Hat Enterprise Linux. When using a POP server, email messages are downloaded by email client applications. By default, most POP email clients are automatically configured to delete the message on the email server after it has been successfully transferred, however this setting usually can be changed. POP is fully compatible with important Internet messaging standards, such as Multipurpose Internet Mail Extensions (MIME), which allow for email attachments. POP works best for users who have one system on which to read email. The most current version of the standard POP protocol is POP3
13
IMAP
The default IMAP server under Red Hat Enterprise Linux . When using an IMAP mail server, email messages remain on the server where users can read or delete them. IMAP also allows client applications to create, rename, or delete mail directories on the server to organize and store email. IMAP is particularly useful for those who access their email using multiple machines. For convenience, IMAP client applications are capable of caching copies of messages locally, so the user can browse previously read messages when not directly connected to the IMAP server. IMAP, like POP, is fully compatible with important Internet messaging standards, such as MIME, which allow for email attachments.
14
Email Program Classifications

In general, all email applications fall into at least one of three classifications Mail Transfer Agent Mail Delivery Agent Mail User Agent
15
Mail Transfer Agent

A Mail Transfer Agent (MTA) transfers email messages between hosts using SMTP. A message may involve several MTAs as it moves to its intended destination. Sendmail and Postfix
16
Mail Delivery Agent

A Mail Delivery Agent (MDA) is invoked by the MTA to file incoming email in the proper user's mailbox. In many cases, the MDA is actually a Local Delivery Agent (LDA), Mail and Procmail
17
Mail User Agent

A Mail User Agent (MUA) is synonymous with an email client application. An MUA is a program that, at the very least, allows a user to read and compose email messages. Many MUAs are capable of retrieving messages via the POP or IMAP protocols, setting up mailboxes to store messages, and sending outbound messages to an MTA. MUAs may be graphical, such as Mozilla Mail, or have a very simple, text-based interface, such as mutt
18
Sendmail
19
What is Sendmail?
Sendmail's core purpose, like other MTAs, is to safely transfer email among hosts, usually using the SMTP protocol. However, Sendmail is highly configurable, allowing control over almost every aspect of how email is handled, including the protocol used. Many system administrators elect to use Sendmail as their MTA due to its power and scalability
20
Sendmail Installation and Configuration

Sendmail's lengthy and detailed configuration file is /etc/mail/sendmail.cf. Avoid editing the sendmail.cf file directly. Instead, to make configuration changes to Sendmail, edit the /etc/mail/sendmail.mc file, back up the original /etc/mail/sendmail.cf, and then use the included m4 macro processor to create a new /etc/mail/sendmail.cf.
21
Main Configuration File

/etc/mail/sendmail.cf /etc/mail/sendmail.mc
22
Configuring Mail Server Sendmail

Step 1: Modify the main configuration file vi /etc/mail/sendmail.mc Comment out the following line by using dnl DAEMON_OPTIONS (`Port=smtp,Addr=127.0.0.1, Name=MTA) dnl DAEMON_OPTIONS (`Port=smtp,Addr=127.0.0.1, Name=MTA) Step 2: Build a new sendmail.cf in the same directory. m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf Step 3: Start sendmail service service sendmail restart chkconfig --level 345 sendmail on
23
Other Configuration Files

access : Specifies which systems can use Sendmail for outbound email virtusertable : Specifies a domain-specific form of aliasing, allowing multiple virtual domains to be hosted on one machine. aliases : A configurable list required by the mail protocol
24
Using Dovecot Configuration File

We can /etc/dovecot.conf configuration file for receiving mails Uncomment following Line from /etc/dovecot.conf file vi /etc/dovecot.conf #protocols = pop3 pop3s imap imaps protocols = pop3 pop3s imap imaps service dovecot restart chkconfig --level 345 dovecot on
25
Configuring Mail Clients
26
What is Postfix?
Postfix Originally developed at IBM by security expert and programmer Wietse Venema, Postfix is a Sendmail-compatible MTA that is designed to be secure, fast, and easy to configure.
27
Main Configuration File

The configuration files for Postfix are human readable and support upward of 250 directives. Unlike Sendmail, no macro processing is required for changes to take effect . /etc/postfix/main.cf
28
Configuring Mail Server Postfix

Step 1: First check which MTA is in use alternatives --display mta Step 2: If Sendmail is running by default, then change it to Postfix alternatives --set mta /usr/sbin/sendmail.postfix
29
Configuring Mail Server Postfix

Step 3: Modify the main configuration file /etc/postfix/main.cf vi /etc/postfix/main.cf Uncomment the mydomain line by removing the hash mark (#), and replace domain.tld with the domain the mail server is servicing, such as example.com. Uncomment the myorigin = $mydomain line. Uncomment the myhostname line, and replace host.domain.tld with the hostname for the machine. Uncomment the mydestination = $myhostname, localhost.$mydomain line. Uncomment the mynetworks line, and replace with a valid network setting for hosts that can connect to the server. Uncomment the inet_interfaces = all line. Restart the postfix service.
30
Configuring Mail Clients
31

Understanding and Managing Squid Proxy Server
Understanding Squid Proxy Server Squid Proxy Server Configuration Allowing and Disallowing Web-Sites Squid Client Configuration Accessing Internet Via Squid Server
Understanding and Managing Mail Servers

Basic Mail Concepts Understanding Sendmail and Postfix Server Configuring Sendmail Server Configuring Postfix Server Configuring Mail Clients
Welcome!
RH253
Objectives
Day 16
Understanding and Managing NIS Server Understanding NIS Server NIS Master Server Configuration NIS Client Configuration Auto Mounting Home Folders Understanding and Managing PAM Authentication Understanding PAM Authentication Understanding PAM Modules and Configurations Applying PAM Modules
Understanding and Managing NIS Server
What is Workgroup?
Logical location of computer are connected to each other, sharing the information from each other, usually use their local database ( user database) to work in network environment.
What is Domain?
Logical location of computer are connected to each other, sharing the information from each other, usually use central database ( user database) from server to work in network environment.
What is NIS?
The NIS ( Network Information Service ) is one popular network service which can be used to manage system and account information on multiple systems from a central server. NIS uses a single master server and optionally one or more slave servers, each running ypserv, to share information with NIS clients running ypbind. NIS servers are typically used to synchronize account information. They can share the contents of /etc/passwd, /etc/shadow and /etc/group files by converting them into NIS maps
What is NIS?
NIS services require at least one NIS master server. This is where the centralized NIS database files, known as maps, are stored. NIS changes require an update to the map on the master server. You can have only one NIS master server per NIS domain. For larger networks, you may also want an NIS slave server. NIS slaves take copies of the NIS maps from the master server. NIS clients can then get their configuration files from either the master server or a slave server. You can have multiple NIS slave servers on a network. NIS clients are systems that use information from an NIS server. NIS clients don't store any information that is contained in the NIS databases; whenever that information is needed, it is retrieved from a server.
Configuring NIS Server

Step 1: Install portmap and ypserv Step 2: Set the NIS Domain Name nisdomainname RHCE.COM vi /etc/sysconfig/network NISDOMAIN=RHCE.COM Step 3: In /var/yp/securenets , specify the networks that may use your server vi /var/yp/securenets 255.255.255.255 127.0.0.1 255.255.255.0 192.168.0.0 Step 4: Start ypserv service ypserv start chkconfig --level 345 ypserv on
Configuring NIS Server

Step 5: Share information using file /var/yp/Makefile vi /var/yp/Makefile all: passwd group hosts netid Step 6: Build the NIS maps from local files /usr/lib/yp/ypinit -m Step 7: Start yppasswdd to allow password updates service yppasswdd start chkconfig --level 345 yppasswdd on
[ Note :- Whenever Make any changes to Domain database run following command ] cd /var/yp make
Configuring NIS Client

Step 1: Must install ypbind and portmap Step 2: Run Following commands to make client system-config-authentication authconfig Step 3: Make sure service ypbind and portmap are running service ypbind restart service portmap restart chkconfig portmap restart chkconfig ypbind restart
10
Automounting /home folders Server SIDE Configuration

Step 1: Modify /etc/exports file vi /etc/exports /home *(rw,sync) Step 2: Start portmap and nfs services service portmap start service nfs start chkconfig --level 345 portmap on chkconfig --level 345 nfs on
11
Automounting /home folders Client SIDE Configuration

Step 1: Modify /etc/auto.master file vi /etc/auto.master /home /etc/auto.home Step 2: Modify /etc/auto.home file you have specified vi /etc/auto.home * -fstype=nfs 192.168.0.1:/home/& Step 3: Start autofs service service autofs restart chkconfig --level 345 autofs on
12
Understanding and Managing PAM Authentication
13
What is PAM?
The Pluggable Authentication Modules (PAM) system to check for authorized users. PAM includes a group of dynamically loadable library modules that govern how individual applications verify their users. You can modify PAM configuration files to suit your needs. The PAM provides a generic way for applications to implement support for authentication and authorization. A PAM-enabled application calls libpam functions to perform all authentication test for it.
14
PAM Operation
PAM works with the help of Modules and Service files to maintain the security. PAM Modules are stored in following directory /lib/security PAM Service files are stored in following directory /etc/pam.d
15
PAM Tests
PAM actually organized tests into four management groups which are checked independently by different libpam library functions.
auth account
: This management group is used by PAM functions which authenticate users. : This management group is used to verify that an account is valid at this time and passwords have not expired. : This management group is used to control password changes. : This management group is called by PAM at the start and at the end of a session.
password session
16
PAM Control Values

PAM uses control values to determine how each test affects groups overall result.
required requisite sufficient optional
: Must pass, keep testing even if fails : as required, except stop testing on fail : if passing so far, return success now if fails, ignore test and keep checking : whether test passes or fails is irrelevant
17
Using PAM to Limiting NIS Users
18
Limiting NIS Users

For Security reasons, some of the users managed by the NIS server should be allowed to use the NIS client, but some should not.
19
Limiting NIS Users

Step 1: On your NIS client Modify /etc/pam.d/system-auth vi /etc/pam.d/system-auth 1. account required pam_unix.so 2. account sufficient pam_succeed_if.so uid < 100 quiet 3. account required pam_localuser.so 4. account sufficient pam_listfile.so item=user sense=allow file=/etc/nisusers onerr=fail 5. account required pam_permit.so
20
Limiting NIS Users

You still have to create /etc/nisusers on your NIS client. Each line in that file should be a non-local user to whom we want to grant access. Step 1: Create / Modify /etc/nisusers file vi /etc/nisusers
nisuser1
21

Understanding NIS Server NIS Master Server Configuration NIS Client Configuration Auto Mounting Home Folders

Understanding PAM Authentication Understanding PAM Modules and Configurations Applying PAM Modules
Welcome!
RH253
Objectives
Day 17
Understanding and Managing System Monitoring Understanding Monitoring Monitoring Techniques Using System Logs and Files Security Concerns and Policy Understanding Security Securing Networks Using Firewall ( IPTables ) Understanding Firewall and IPTables Applying Firewall and Securing Network IP Forwarding and Routing
Understanding and Managing System Monitoring
What is Monitoring?
An important part of maintaining a secure system is keeping track of the activities that take place on the system. If you know what usually happens, such as understanding when users log into your system, you can use log files to spot unusual activity
Monitoring Techniques
Learn to identify files statistics Ensure filesystem integrity Understanding system log configuration Learn Log file analysis Understand Process Monitoring
Using LOG Files

Monitoring Log files will help detect:
Equipment problems such as hard disk crashes or any other devices Users problems such as repeated login failures Security breaches from outside the system
Using syslogs
Red Hat Enterprise Linux 4 comes with several utilities you can use to monitor activity on a system. These utilities can help you identify the culprit if there is a problem. RHEL 4 comes with two logging daemons. The kernel log daemon service, klogd, logs kernel messages and events. The syslog daemon, syslogd, logs all other process activity. You can use the log files that syslogd generates to track activities on your system. If you are managing multiple Red Hat Enterprise Linux systems, you can configure the syslogd daemon on each system to log messages to a central host system. Both syslogd and klogd are configured in /etc/syslog.conf file
syslog.conf file
Location /etc/syslog.conf The format is straightforward. The first entry specifies a semi-colon delimited list of facility.priority declarations. The second filed specifies the log location, which is usually a file. Syntax: facility.priority log_location
Facilities and Priorities:

Facilities are like services and Priorities are like type of log want to generate like info, error and alert etc Examples: Facilities cron mail lpr Priorities info err alert
Syntax of syslog.conf file

Syntax: facility.priority Example: kern.info /var/log/kernel log_location
10
Security Concerns and Policy
11
Understanding Security
A network is only as secure as the most open system in that network. Although no system can be 100 percent secure, you can follow certain basic host measures to enhance the security on any given system and, consequently, your network. When devising security measures, you have to plan for two types of security violations: user accidents and break-ins. Accidents happen because users lack adequate training or are unwilling to follow procedures. If security is too burdensome, productivity may suffer, and your users will try to get around your rules. Password security falls into this category. When a cracker breaks into your system, some crackers may be looking for secrets such as credit card information. Others may just want to bring down your system.
12
Understanding Security
Types of Security

Network ( External ) Local ( Internal ) Physical
13
Hacker versus Cracker

A hacker is someone who programs creatively and usually for the pure enjoyment of it (most programmers who work on Linux are hackers in this sense). The correct term for someone who breaks into computer systems is a cracker. There are many types of crackers, ranging from professional computer criminals to the hobbyist types that break into computers for the thrill. The growth of the cracker problem has kept pace with the growth of the Internet. A new, younger generation of cracker is emerging. These teenage pseudo-crackers do not have all the knowledge and skill of their true cracker counterparts, but they have access to a growing number of cracker tools that automate the breaking of a system's security.
14
Understanding Attack Techniques

Attacks on computing systems take on different forms, depending on the goal and resources of the attacker. Some attackers desire to be disruptive, while others desire to infiltrate your machines and utilize the resources for their own nefarious purposes. Still others are targeting your data for financial gain or blackmail. Here are three major categories of attacks: Denial of Service (DOS) Distributed Denial of Service (DDOS) Intrusion attacks
15
Denial of Service (DOS)

The easiest attacks to perpetrate are Denial of Service attacks. The primary purpose of these attacks is to disrupt the activities of a remote site by overloading it with irrelevant data. DOS attacks can be as simple as sending thousands of page requests per second at a Web site. These types of attacks are easy to perpetrate and easy to protect against. Once you have a handle on where the attack is coming from, a simple phone call to the perpetrator's ISP will get the problem solved.
16
Distributed Denial of Service (DDOS)

More advanced DOS attacks are called Distributed Denial of Service attacks. DDOS attacks are much harder to perpetrate and nearly impossible to stop. In this form of attack, an attacker takes control of hundreds or even thousands of weakly secured Internet connected computers. The attacker then directs them in unison to send a stream of irrelevant data to a single Internet host. The result is that the power of one attacker is magnified thousands of times. Instead of an attack coming from one direction, as is the case in a normal DOS, it comes from thousands of directions at once. The best defense against DDOS attack is to contact your ISP to see if it can filter traffic at its border routers.
17
Intrusion attacks
To remotely use the resources of a target machine, attackers must first look for an opening to exploit. In the absence of inside information such as passwords or encryption keys, they must scan the target machine to see what services are offered. Perhaps one of the services is weakly secured and the attacker can use some known exploit to finagle his way in.
18
Diagnostic Utilities
Port Scanners Show what services are available on a system nmap Packet Sniffers Stores and analyzes all network traffic tcpdump ethereal
19
Securing Networks Using Firewall ( IPTables )
20
What is Firewall?
Information security is commonly thought of as a process and not a product. However, standard security implementations usually employ some form of dedicated mechanism to control access privileges and restrict network resources to users who are authorized, identifiable, and traceable. Red Hat Enterprise Linux includes several powerful tools to assist administrators and security engineers with network-level access control issues
21
What is Firewall?
Firewalls are one of the core components of a network security implementation. Several vendors market firewall solutions catering to all levels of the marketplace: from home users protecting one PC to data center solutions safeguarding vital enterprise information. Firewalls can be standalone hardware solutions, such as firewall appliances by Cisco, Nokia, and Sonicwall. There are also proprietary software firewall solutions developed for home and business markets by vendors such as Checkpoint, McAfee, and Symantec. Apart from the differences between hardware and software firewalls, there are also differences in the way firewalls function that separate one solution from another
22
What is Firewall?
three common types of firewalls and how they function: NAT Packet Filtering Proxy
23
NAT
Network Address Translation (NAT) places private IP subnetworks behind one or a small pool of public IP addresses, masquerading all requests to one source rather than several.
24
Packet Filtering
A packet filtering firewall reads each data packet that passes within and outside of a LAN. It can read and process packets by header information and filters the packet based on sets of programmable rules implemented by the firewall administrator. The Linux kernel has built-in packet filtering functionality through the Netfilter kernel subsystem.
25
Proxy
Proxy firewalls filter all requests of a certain protocol or type from LAN clients to a proxy machine, which then makes those requests to the Internet on behalf of the local client. A proxy machine acts as a buffer between malicious remote users and the internal network client machines.
26
Netfilter and iptables

The Linux kernel features a powerful networking subsystem called Netfilter. The Netfilter subsystem provides stateful or stateless packet filtering as well as NAT and IP masquerading services. Netfilter also has the ability to mangle IP header information for advanced routing and connection state management. Netfilter is controlled through the iptables utility.
27
Firewall Policies
Firewall sits between your internal network and the outsides network Filters information on a packet by packet basis Info in packets : Source address, types of data, destination address
28
Linux Firewall commands

Ipfwadm for linux kernel 2.0 Ipchains for linux kerkel 2.0 IPTables for linux kernel 2.4 and now for 2.6 also
29
IPTables
IPTables is really and front-ent ( user-space) tool to manage Netfilter (integrated within the Linux Kernel) IPTables functions primarily at OSI Layers 3 ( Network (IP)) & 4 (Transport (TCP,UDP)) Layer 3 focuses on Source Address & Destination Address IP Addresses are based on 32-bit ranges ( 4 billions address ) Layer 4 focuses on Protocols:Ports TCP:80, UDP:69 TCP/UDP ports use a 16-bit range ( 0- 65535 ) IPTables can manage ICMP ICMP uses types : echo-request, echo-reply
30
IPTables Command
Iptables t table (Action / Direction ) ( Packet Pattern ) j ( fate ) Tables : filter ( default ) , nat , mangle Actions : -A append, -D delete, -L list, -F flush Direction : - INPUT, OUTPUT, FORWARD Packet Pattern: -s Source IP-Address d Destination IP-Address Fate: DROP, ACCEPT, REJECT
31
IPTables Commands
Examples : iptables -A INPUT -s 192.168.1.0/24 -j REJECT iptables -A INPUT -s 192.168.0.20 -p icmp -j DROP iptables -A INPUT -m mac --mac-source 12:34:56:89:90:ab -j ACCEPT iptables -A OUTPUT -d www.yahoo.com -j REJECT
32

Understanding NIS Server NIS Master Server Configuration NIS Client Configuration Auto Mounting Home Folders

Understanding PAM Authentication Understanding PAM Modules and Configurations Applying PAM Modules
Welcome!
RH253
Objectives
Day 18
Understanding and Managing NAT Firewall IP-Routing ( Router Configuration ) NAT Firewall Understanding and Managing TCP Wrappers Understanding hosts.allow and hosts.deny Appling Security using TCP Wrappers Understanding and Managing xinetd daemon Understanding xinetd daemon Appling Security using xinetd daemon Securing Computer using SSH communications Understanding SSH Sending and Receiving Public Keys
Enabling Routing
Step 1: Assign following IP-Address information on each computer
IP-ADDRESS SUBNET MASK
= 10.1.1.1 = 255.0.0.0
IP-ADDRESS SUBNET MASK
= 192.168.0.1 = 255.255.255.0
ROUTER
Internal station2
= 10.1.1.2 = 255.0.0.0 = 10.1.1.1 IP-ADDRESS SUBNET MASK DEFAULT G/W = 192.168.0.2 = 255.255.255.0 = 192.168.0.1
External
station1
IP-ADDRESS SUBNET MASK DEFAULT G/W
Enabling Routing
Step 1: Assign following IP-Address information on each computer Step 2: Enable IP-Forwarding vi /etc/sysctl.conf net.ipv4.ip_forward = 0 to net.ipv4.ip_forward = 1 sysctl -p
Understanding and Managing NAT Firewall
NAT Firewall?
Network Address Translation (NAT) places private IP subnetworks behind one or a small pool of public IP addresses, masquerading all requests to one source rather than several
Types of NAT Firewall

POSTROUTING [ SNAT ] PREROUTING [ DNAT ]
POSTROUTING [ SNAT ]
Source NAT Translates the source address of outbound packets, and the destination address of return packets Example:
iptables -t nat -A POSTROUTING s 10.1.1.2 p tcp --dport 80 j SNAT to-source 192.168.0.1
PREROUTING [ DNAT ]
Destination NAT Translates the destination address of Inbound packets, and the source address of return packets Example:
iptables -t nat -A PREROUTING d 192.168.0.1 p tcp - -dport 80 j DNAT to-dest 10.1.1.2
10
Understanding and Managing TCP Wrappers
11
What is TCP Wrappers ?

An important part of maintaining another level of security computer, with TCP Wrappers; you can also restrict access to your system by remote hosts by using list of hosts are kept in the /etc/hosts.allow and /etc/hosts.deny files.
12
Configuration Files
When a client connects to a tcp wrapped service, the access control list /etc/hosts.all and /etc/hosts.deny are examined. The server will then either choose to accept or drop the connection, depending on the control list configuration. Policies can be specified for individual services and are usually configured in terms of the clients IP-Address. Both files have same basic syntax to allow or deny clients list
Service List : Client List
13
Configuration Files
Three stages of access checking Is access explicitly permitted? Otherwise, is access is explicitly denied? Otherwise, by default, permit access! Configuration stored in two files Permissions in /etc/hosts.allow Denials in /etc/hosts.deny
14
Configuration Files
Examples: sshd: .example.com sshd: ALL EXCEPT .cracker.org sshd: ALL EXCEPT .cracker.org EXCEPT trusted.cracker.org ALL EXCEPT sshd: ALL ALL EXCEPT sshd: ALL EXCEPT .cracker.org ALL EXCEPT sshd: ALL EXCEPT .cracker.org EXCEPT trusted.cracker.org
15
Understanding and Managing xinetd daemon
16
What is xinetd daemon?

The xinetd (which stands for Extended Internet Services Daemon) program can start a number of these server daemons simultaneously. The xinetd program listens for connection requests for all of the active servers with scripts in the /etc/xinetd.d directory. There's a generic configuration file for xinetd services, /etc/xinetd.conf. The scripts in the /etc/xinetd.d directory also function as service specific configuration files.
17
Generic xinetd Configuration

Each file in the /etc/xinetd.d directory specifies a particular service you want to allow xinetd to manage. By default, scripts in this directory are disabled. xinetd provides its own set of access control functions

hosts based time based
18
Sample configuration
service telnet
{ disable flags socket_type wait user only_from no_access access_times server log_on_failure } = = = = = = = = = += yes REUSE stream no root 192.168.0.24/24 192.168.0.1 08:00-16:00 /usr/sbin/in.telnetd USERID
19
Understanding and Managing SSH
20
What is SSH?
The Secure Shell and Secure Copy programs, ssh and scp, are replacements for the rsh, telnet, and rcp programs. They encrypt communication between different computers. The secure daemon, sshd, listens for all inbound traffic on port 22. The SSH configuration files are located in the /etc/ssh directory. Both relies on PKI ( Public Key Infrastructure ) for data encryption methods.
21
Basic Encrypted Communication

Basic encryption in computer networking normally requires a private key and a public key. You keep the private key and send the public key to others. When they want to send data to you through SSH, their messages are encrypted with the public key. Your computer can descramble the message with the private key. Encryption keys are based on random numbers. The numbers are so large (typically 512 bits or more), the chance that someone will break into your system, at least with a PC, is quite small in the foreseeable future. Private and public encryption keys are based on a matched set of these random numbers.
22
Private Keys
Your private key (essentially a file with your special number) must be secure. When you enable an application, it can attach the key to your messages. Anything you send-say, from your e-mail account-can then be digitally signed and encrypted. The public key is added to the end as part of your signature. Only the recipient will be able to decrypt the message.
23
Public Keys
Your public key value is just that, publicly available. A central authority such as Verisign or Globalsign and other companies as well provides public access to public keys they have created. If they generate a private key for you, they'll keep a secure copy on their system. You can just attach your public key to the e-mail, or the end users can publicly retrieve it from the Web site associated with the central authority.
24
Using SSH
Step 1: Create key pair ssh-keygen -t rsa/dsa Step 2: Send Public Key to Client scp id_rsa.pub root@station1.example.com: Step 3: On second computer transfer copied file into ~/.ssh/authorized_keys file cp id_rsa.pub .ssh/authorized_keys
25

Understanding and Managing NAT Firewall
IP-Routing ( Router Configuration ) NAT Firewall
Understanding and Managing TCP Wrappers

Understanding hosts.allow and hosts.deny Appling Security using TCP Wrappers
Understanding and Managing xinetd daemon

Understanding xinetd daemon Appling Security using xinetd daemon
Securing Computer using SSH communications

Understanding SSH Sending and Receiving Public Keys
Thank You !!!

Rhce Slides

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Rhce Slides

Diunggah oleh

Hak Cipta:

Format Tersedia

Welcome!

Where did it come from?

Open Source Software

How do you get it?

Introduction to Red Hat Enterprise Linux [ RHEL 4.0 ]

Red Hat Enterprise Linux

RHEL Product family

The Fedora Project

Installation of Red Hat Enterprise Linux

Conventions for Naming the Disks and Partitions

IDE Hard Disk SCSI Hard Disk

Primary Master Primary Slave Secondary Master Secondary Slave

/dev/hda /dev/hdb /dev/hdc /dev/hdd

Primary partition /dev/hda1

Primary master IDE hard disk (/dev/hda)

Primary partition /dev/hda1

Primary master IDE hard disk (/dev/hda)

The File System Hierarchy

The Top Level Directories

Basic File System Types

Ext3 file system

Starting from Linux 7.3, ext3 is the default file system

What is Boot loader ?

What is SWAP Partition ?

Sample Partition Structure

Steps to install RHEL

Enter Your username here Enter Your password here

The command prompt

Using CLI and GUI shells

What is "the shell"?

Some Simple Commands

Redirecting Input and Output

What have we learnt ?

Using Linux File editing tool

Basic File editing vi editor

Advanced Uses of the editor

Advanced Reading and Saving

Users and Groups Management

What is User Account ?

The root user

User Information Commands

User and Group ID Numbers

Methods of Implementing Permissions

Permissions- Symbolic Method

Applying Permission with Symbolic Method

Permissions- Numeric Method

Applying Permission with Numeric Method

Understanding File System

Partition and File System

Mounting the media

Using Archive files tar command

Standard Linux compression utility Up to 75% compression for text files

Using GUI shells ( GNOME & KDE)

Simple view of GNOME Desktop

Simple view of KDE Desktop

What have we learnt ?

Using GUI shells ( GNOME & KDE)

Methods of Implementing Permissions

Permissions- Symbolic Method

Applying Permission with Symbolic Method

Permissions- Numeric Method

Applying Permission with Numeric Method

Understanding File System

Partition and File System