RH033
Red Hat Linux Essentials
Objectives
Day 1
Introduction to Linux Introduction to Red Hat Enterprise Linux [ RHEL 4.0 ] Installation of Red Hat Linux Basic Fundamentals of Red Hat Linux Using CLI and GUI shells
Using GNOME & KDE desktop shells Using Virtual Consoles Managing files and directories Using Vim Editor
Introduction to Linux
What is Linux ?
A fully-networked 32/64-Bit Unix-like Operating System Unix Tools Like sed, awk, and grep (explained later) Compilers Like C, C++, Fortran, Smalltalk, Ada Network Tools Like telnet, ftp, ping, traceroute Multi-user, Multitasking, Multiprocessor Has the X Windows GUI Coexists with other Operating Systems Runs on multiple platforms Includes the Source Code
Distribution Concept Free Distributions Fedora Core Debian and Ubuntu Gentoo Slackware Many, many more Commercial Distributions Red Hat Enterprise Suse Yellow Dog
Why is it significant?
Growing popularity Powerful Runs on multiple hardware platforms Users like its speed and stability No requirement for latest hardware Its free Freedom 0: The freedom to run the program, as you wish Freedom 1: The freedom to study the source code and change it to do what you wish Freedom 2: The freedom to copy and redistribute the program when you wish Freedom 3: The freedom to distribute modified versions, when you wish
10
11
12
13
14
15
Types of Installations
Fresh Installation ( New ) Upgradation
Methods of Installations
Attended Unattended
Modes of Installations
GUI Based ( Graphical Installation ) CLI Based ( Text Based Installation )
16
Sources of Installation
CD-ROM Hard Disk Network NFS Server FTP Server HTTP Server
17
= /dev/hd = /dev/sd
18
/dev/xxyN
= = = =
The y is replaced by a letter representing each disk. For example, a would be the first disk and b the second
19
/dev/xxyN
The N is replaced by a number for each partition on a drive. For example, 1 would be the first partition and 2 the second
Extended partition(/dev/hda2) /dev/hda5 1st logical partition /dev/hda6 2nd logical partition
20
Extended partition(/dev/hda2) /dev/hda5 1st logical partition /dev/hda6 2nd logical partition
/dev/hda1 is the device file for the first primary partition on the first EIDE disk /dev/hdb5 is the first logical partition on the second EIDE disk
21
Mount Point
The Linux operating system is a filing system Whenever you want to attach another filing system to Linux, you must tell Linux where to see the contents of the file system you are attaching. This is called the mount point. The mount point for the floppy drive file system is /media/floppy The mount point for the CD-ROM file system is /media/cdrom
22
23
24
25
Features of Ext2
The Ext2 file system has many other advanced features including provision for filenames up to 255 characters long Ext2 also reserves disk space on the partition for the superuser. This means that if a disk develops a problem, the superuser can still access that disk and rectify it
26
Require check for consistency (e2fsck) when system is not properly shut down Ext => ext2 =>ext3 Support 256 char filenames, 4 Tera byte max filesize Others MS-Dos, FAT32, NTFS, ISO9660 Provide stronger data integrity in event of unclean shutdown Check for consistency is needed only on rare hardware failure Higher throughput, as it is optimizes hard drive head motion Provide easy transition from ext2 to ext3 other common filesystem are MS-DOS (FAT32, NTFS, ISO9660)
27
28
You may install the boot loader in one of two places: The master boot record (MBR) This is the recommended place to install a boot loader, unless the MBR already starts another operating system loader, such as System Commander. The MBR is a special area on your hard drive that is automatically loaded by your computer's BIOS, and is the earliest point at which the boot loader can take control of the boot process. If you install it in the MBR, when your machine boots, GRUB presents a boot prompt. You can then boot Red Hat Enterprise Linux or any other operating system that you have configured the boot loader to boot. The first sector of your boot partition This is recommended if you are already using another boot loader on your system. In this case, your other boot loader takes control first. You can then configure that boot loader to start GRUB, which then boots Red Hat Enterprise Linux.
29
30
Size of SWAP ?
At least 256 MB Twice the amount of RAM on your machine Swap should equal 2x physical RAM for up to 2 GB of physical RAM, and then 1x physical RAM for any amount above 2 GB, but never less than 32 MB. SWAP can also used after the installation Red Hat Enterprise Linux supports up to 32 swap files
31
32
33
Basic Fundamentals
34
Local Logins
Text-mode login at virtual console Graphical login
Station1: Password:
35
36
Virtual Consoles
Multiple non-GUI logins are possible through the use of virtual consoles There are by default 6 available virtual consoles Available through CTRL+ALT+F[1-6] ( here F is for Function Key ) If X is running, it is available as CTRL+ALT+F7
37
38
39
40
41
> command > file >> command > file < command < file 2> command 2> file 2>> command 2>> file
directs the standard output of command to file Appends the standard output of command to file command receives its input from file Error messages from command are directed to file Error messages from command are appended to file
42
Welcome!
RH033
Red Hat Linux Essentials
Objectives
Day 2
File Editing using vi editor Advanced usage of vi editor Users and Groups Management Understanding Permissions Linux File system Inodes Links Mounting Media Archives Compression Using GUI shells ( GNOME & KDE)
2
Commands
G = go to last line in file 1G = go to first line in file H = go to first line on screen M = go to middle line on screen L = go to last line on screen z<Enter> = make current line first line on screen z= make current line last line on screen !!date = Inserts the current date and time in to file !}sort = Sorts the data of your file !}fmt -66 = formats the data of your file in to 66 column width Ex mode : Search and Replace command :%s/big/small :%s/big/small/g
What is Group ?
Is a collection of users which make easy for administrators to perform the task of administration level when they need to apply permissions and restrictions with same level to many of the users, then such permission and restrictions can be applied to related group.
10
11
Creating Users
useradd options user - Creates a new user. -c Assigns full name to user. -d Uses to define home folders location. -s Uses to define user's shell. (Use /sbin/nologin for users you wish to restrict from having shell access). -g Add user to group ( Primary Group ) -G Add user to group ( Secondary Group ) usermod options user - Modifies user account Same options as useradd. userdel options user - Deletes user account. -r : Remove user's home directory. passwd user - Changes the password of the specified user. If no user is specified, will change the password of the current user.
12
Creating Groups
groupadd group - Creates a group. groupmod options group - Modifies a group. -n : Rename group groupdel group - Deletes the specified group.
13
Configuration Files
/etc/passwd /etc/shadow /etc/group /etc/gshadow = = = = file contains user database file contains user password database file contains group database file contains group password database
14
15
16
Understanding Permissions
17
What is Permission ?
Specifies what rights are you granting to users to access the resources are available in the computer, so that important resources such as files are protected from unauthorized users.
18
19
r w x -
Permission to read a file or list a directorys contents Permission to write to a file or create and remove files from a directory Permission to execute a program or change into a directory and do a long listing of the directory no permission ( in place of the r, w, or x )
20
chmod u+w,go-w somefile file name ( Grants write access to owner but denies it to group and other. ) chmod u=rw somefile file name ( Sets read and write permission to owner, with execute turned off, regardless of the current permission ) chmod +r somefile file name ( Make the file world-readable ) [ Note : +, - and = are operators to add, remove or overwrite the permission ]
21
4 2 1 0
Permission to read a file or list a directorys contents Permission to write to a file or create and remove files from a directory Permission to execute a program or change into a directory and do a long listing of the directory no permission ( in place of the 4, 2, or 1 )
22
chmod 664 somefile file name ( Grants Read and Write access to owner and group but read only it to and other. ) chmod 600 somefile file name ( Sets read and write permission to owner, with execute turned off, with others and group have no permissions ) chmod 444 somefile file name ( Make the file world-readable )
23
24
Permissions
r w x r x r x Owner has read Owner has write Owner has execute Group has read Group does not have write Group has execute Others have read Others do not have write Others have execute
25
26
27
Inodes
An inode table contains a list of all files in an ext2 or ext3 file system Directories have inode numbers associated with files. inodes contain information about the file or directory, including: Owner, group, permissions, size, location on disk, file type (file or directory) One inode is associated with each file. The system uses inodes as the definition of a file. The ls -il command displays the inode number: 80977 drwxr-x--- 1 user user 4096 Mar 19 11:23
28
Links
A link is a file that points to another file. ln creates a link from the original file to a new file in your directory. Most programs will access the link as if it was the file. This is similar to a shortcut in Windows. This allows for aliasing (when two or more names can exist for the same object) Easy way to point to a really long absolute pathname or filename
29
Using Links
Two types of links can be created Symbolic ( Soft ) Hard ln -s main soft ( This will create an soft link of file main ) ln main hard ( This will create an hard link of file main )
30
Commands to unmount media umount /media/floppy = umount /media/cdrom = umount /media/Device ID = Unmounts floppy drive to your computer Unmounts cdrom drive to your computer Unmounts usb disk to your computer
31
Archive Files
Archiving places many files into one target file Easier to back up, store, and transfer tar Standard Linux archiving command
32
33
File Compression
Results in smaller file size Text files can be compressed over 75% tar archives are often compressed
34
Compression Utilities
gzip, gunzip
bzip2, bunzip2
Newer Linux compression utility Generally achieves better compression than gzip
35
Using Compression
gzip somefile ( To create compressed file ) gunzip somefile ( To uncompress a compressed file ) bzip2 somefile ( To create compressed file ) bunzip2 somefile ( To uncompress a compressed file ) Note: - We can use z for gzip and j for bzip2 type of compression with tar
36
37
38
39
Welcome!
RH033
Red Hat Linux Essentials
Objectives
Day 4
Understanding Permissions Linux File system Inodes Links Mounting Media Archives Compression Introduction to string processing String Processing with Regular Expressions Finding and Processing Files Investigating and Managing Processes
2
Understanding Permissions
What is Permission ?
Specifies what rights are you granting to users to access the resources are available in the computer, so that important resources such as files are protected from unauthorized users.
r w x -
Permission to read a file or list a directorys contents Permission to write to a file or create and remove files from a directory Permission to execute a program or change into a directory and do a long listing of the directory no permission ( in place of the r, w, or x )
chmod u+w,go-w somefile file name ( Grants write access to owner but denies it to group and other. ) chmod u=rw somefile file name ( Sets read and write permission to owner, with execute turned off, regardless of the current permission ) chmod +r somefile file name ( Make the file world-readable ) [ Note : +, - and = are operators to add, remove or overwrite the permission ]
4 2 1 0
Permission to read a file or list a directorys contents Permission to write to a file or create and remove files from a directory Permission to execute a program or change into a directory and do a long listing of the directory no permission ( in place of the 4, 2, or 1 )
chmod 664 somefile file name ( Grants Read and Write access to owner and group but read only it to and other. ) chmod 600 somefile file name ( Sets read and write permission to owner, with execute turned off, with others and group have no permissions ) chmod 444 somefile file name ( Make the file world-readable )
10
Permissions
r w x r x r x Owner has read Owner has write Owner has execute Group has read Group does not have write Group has execute Others have read Others do not have write Others have execute
11
12
13
Inodes
An inode table contains a list of all files in an ext2 or ext3 file system Directories have inode numbers associated with files. inodes contain information about the file or directory, including: Owner, group, permissions, size, location on disk, file type (file or directory) One inode is associated with each file. The system uses inodes as the definition of a file. The ls -il command displays the inode number: 80977 drwxr-x--- 1 user user 4096 Mar 19 11:23
14
Links
A link is a file that points to another file. ln creates a link from the original file to a new file in your directory. Most programs will access the link as if it was the file. This is similar to a shortcut in Windows. This allows for aliasing (when two or more names can exist for the same object) Easy way to point to a really long absolute pathname or filename
15
Using Links
Two types of links can be created Symbolic ( Soft ) Hard ln -s main soft ( This will create an soft link of file main ) ln main hard ( This will create an hard link of file main )
16
Commands to unmount media umount /media/floppy = umount /media/cdrom = umount /media/Device ID = Unmounts floppy drive to your computer Unmounts cdrom drive to your computer Unmounts usb disk to your computer
17
Archive Files
Archiving places many files into one target file Easier to back up, store, and transfer tar Standard Linux archiving command
18
19
File Compression
Results in smaller file size Text files can be compressed over 75% tar archives are often compressed
20
Compression Utilities
gzip, gunzip
bzip2, bunzip2
Newer Linux compression utility Generally achieves better compression than gzip
21
Using Compression
gzip somefile ( To create compressed file ) gunzip somefile ( To uncompress a compressed file ) bzip2 somefile ( To create compressed file ) bunzip2 somefile ( To uncompress a compressed file ) Note: - We can use z for gzip and j for bzip2 type of compression with tar
22
23
24
25
aspell, expand
aspell To check spelling in file aspell somefile expand Expand tabs into spaces expand tabfile.txt > result.txt
26
27
28
29
30
31
What is a Process?
A process in an executing program with several components and properties. A process is a shell command or a program in execution. When you log in, a process is created. This process is executing the shell When you execute a shell command, a new process is created. When the command terminates, the new process dies. A single user can have many processes executing at the same time
32
ps
The command ps is used to determine the status of active processes. The command returns the process id (PID) number and other information such as the amount of CPU time the process has used (TIME) and the command which invoked the process (CMD). Options may be combined.
33
Top
The command top is used to show a real-time view of Linux tasks top can be used to display the CPU/memory usage of each task top
34
Terminate Processes
kill is used to terminate processes or to send signal to processes. Examples: kill PID Terminate the process with the process id (PID).
35
Welcome!
RH033
Red Hat Linux Essentials
Objectives
Day 5
GNOME and KDE Desktop Shells Linux File system Inodes Links Mounting Media Archives Compression Introduction to string processing String Processing with Regular Expressions Finding and Processing Files Investigating and Managing Processes
2
What is Permission ?
Specifies what rights are you granting to users to access the resources are available in the computer, so that important resources such as files are protected from unauthorized users.
r w x -
Permission to read a file or list a directorys contents Permission to write to a file or create and remove files from a directory Permission to execute a program or change into a directory and do a long listing of the directory no permission ( in place of the r, w, or x )
chmod u+w,go-w somefile file name ( Grants write access to owner but denies it to group and other. ) chmod u=rw somefile file name ( Sets read and write permission to owner, with execute turned off, regardless of the current permission ) chmod +r somefile file name ( Make the file world-readable ) [ Note : +, - and = are operators to add, remove or overwrite the permission ]
4 2 1 0
Permission to read a file or list a directorys contents Permission to write to a file or create and remove files from a directory Permission to execute a program or change into a directory and do a long listing of the directory no permission ( in place of the 4, 2, or 1 )
10
chmod 664 somefile file name ( Grants Read and Write access to owner and group but read only it to and other. ) chmod 600 somefile file name ( Sets read and write permission to owner, with execute turned off, with others and group have no permissions ) chmod 444 somefile file name ( Make the file world-readable )
11
12
Permissions
r w x r x r x Owner has read Owner has write Owner has execute Group has read Group does not have write Group has execute Others have read Others do not have write Others have execute
13
Umask
umask is a value which is subtracted from default to determine new file/ directory permissions Default permission for files is 666 Default permission for directories is 777 Default Permission Umask = Effective Permission Non-Privileged Users umask is 002 roots umask is 022 Example : 666 002 = 664 666 244 = 422 777 222 = 555 777 027 = 750
14
15
16
Inodes
An inode table contains a list of all files in an ext2 or ext3 file system Directories have inode numbers associated with files. inodes contain information about the file or directory, including: Owner, group, permissions, size, location on disk, file type (file or directory) One inode is associated with each file. The system uses inodes as the definition of a file. The ls -il command displays the inode number: 80977 drwxr-x--- 1 user user 4096 Mar 19 11:23
17
Links
A link is a file that points to another file. ln creates a link from the original file to a new file in your directory. Most programs will access the link as if it was the file. This is similar to a shortcut in Windows. This allows for aliasing (when two or more names can exist for the same object) Easy way to point to a really long absolute pathname or filename
18
Using Links
Two types of links can be created Symbolic ( Soft ) Hard ln -s main soft ( This will create an soft link of file main ) ln main hard ( This will create an hard link of file main )
19
Commands to unmount media umount /media/floppy = umount /media/cdrom = umount /media/Device ID = Unmounts floppy drive to your computer Unmounts cdrom drive to your computer Unmounts usb disk to your computer
20
Archive Files
Archiving places many files into one target file Easier to back up, store, and transfer tar Standard Linux archiving command
21
22
File Compression
Results in smaller file size Text files can be compressed over 75% tar archives are often compressed
23
Compression Utilities
gzip, gunzip
bzip2, bunzip2
Newer Linux compression utility Generally achieves better compression than gzip
24
Using Compression
gzip somefile ( To create compressed file ) gunzip somefile ( To uncompress a compressed file ) bzip2 somefile ( To create compressed file ) bunzip2 somefile ( To uncompress a compressed file ) Note: - We can use z for gzip and j for bzip2 type of compression with tar
25
26
27
28
aspell, expand
aspell To check spelling in file aspell somefile expand Expand tabs into spaces expand tabfile.txt > result.txt
29
30
31
32
33
34
What is a Process?
A process in an executing program with several components and properties. A process is a shell command or a program in execution. When you log in, a process is created. This process is executing the shell When you execute a shell command, a new process is created. When the command terminates, the new process dies. A single user can have many processes executing at the same time
35
ps command
The command ps is used to determine the status of active processes. The command returns the process id (PID) number and other information such as the amount of CPU time the process has used (TIME) and the command which invoked the process (CMD). Options may be combined.
36
top command
The command top is used to show a real-time view of Linux tasks top can be used to display the CPU/memory usage of each task top
37
Terminate Processes
kill is used to terminate processes or to send signal to processes. Examples: kill PID Terminate the process with the process id (PID).
38
Introduction to string processing String Processing with Regular Expressions Finding and Processing Files Investigating and Managing Processes
Welcome!
RH033
Red Hat Linux Essentials
Objectives
Day 5
GNOME and KDE Desktop Shells Using Network Clients Firefox and Elinks wget, gaim, gFTP, Evolution ssh, mutt, scp Introduction to bash scripting Writing Programs using bash scripting Introduction to Book -2 and EXAM Scheme
Firefox
Fast Lightweight, feature-rich web broswer Tabbed browsing Popup Blocking Support for many popular plugins Download manager Bookmark
Elinks
Best linux text-based web client ( web browser ) Full support for frames and SSL [ https websites ] Download manager Bookmark
wget
Retrieves files via HTTP and FTP Non-interactive- useful in shell scripts Can follow links and traverse directory trees on the remote server Example wget http://www.download.com/songsplayer/mplayer.exe
Gaim
Multi-protocol Instant messaging client Supports AIM, MSN, YAHOO, ICQ, Jabber, Gadu-Gadu, SILC, GroupWise Messenger, IRC and Zephyr networks Plugins can be used to add functionality
10
gFTP
Applications/Internet/gFTP Graphical FTP Client Allows Drag-and-Drop Transfers Optional secure transfer via ssh ( sftp )
11
Evolution
Default Email Client software Can maintain multiple accounts and once
mutt
Text based Email client Supports POP, IMAP and Local mail boxes
12
13
14
15
16
Exit Status
Every command returns an exit status. The exit status will be a number in the range of 0 to 255 and it indicates whether or not the command ran successfully. 0 for success, 1 to 255 for failure Exit status of most recently executed command is kept in the $? Variable just like return values from shell functions Example: echo $?
17
18
Sample Program 1
# Simple Program for users input echo -n "Enter Your Name :" read a echo -n "Enter Your Age :" read b echo "Hello Dear $a your age is $b Years"
19
Sample Program 2
# Addition of A and B number echo -n "Enter First number :" read a echo -n "Enter Second number :" read b c=`expr $a + $b` echo "Result is" $c
20
Sample Program 3
# Multiply A and B echo -n "Enter First number :" read a echo -n "Enter Second number :" read b c=`expr $a \* $b` echo "Result is" $c
21
Sample Program 4
# Divides A from B echo -n "Enter First number :" read a echo -n "Enter Second number :" read b c=`expr $a / $b` echo "Result is" $c
22
Sample Program 5
# Subtract B from A echo -n "Enter First number :" read a echo -n "Enter Second number :" read b c=`expr $a - $b` echo "Result is" $c
23
Sample Program 6
# To Check Bigger number between two numbers echo -n "Enter First number :" read a echo -n "Enter Second number :" read b if [ $a -gt $b ]; then echo "A is BIG" elif [ $a -eq $b ]; then echo "Both are equal" else echo "B is BIG" fi
24
Sample Program 7
# To show table of number given by user i=1 echo -n "Enter any number : " read n while [ $i -le 10 ] do echo "$n * $i = `expr $i \* $n`" i=`expr $i + 1` done
25
Sample Program 8
#Checks to see hosts 192.168.0.1 to 192.168.0.10 are alive for n in {1..10}; do host=192.168.0.$n ping -c2 $host &> /dev/null if [ $? = 0 ]; then # print host names 30 char wide and left justified printf "%-30s is alive\n" $host else printf "%-30s is NOT alive\n" $host fi done
26
27
Under Red Hat Enterprise Linux 4, the certification exam consists of two parts conducted in a single day. The exam is performance-based, meaning that candidates must perform tasks on a live system, rather than answering questions about how one might perform those tasks.
28
29
Details of Sections
SECTION I
Divided into two phases Phase 1 and Phase 2 Phase 1 contains 8 Questions including 5 Compulsory questions Time duration to complete Phase 1 is 1:00 hours Minimum marks required to pass 50 % for RHCT Minimum marks required to pass 80 % for RHCE If Phase 1 completes before given time then the remaining time will be added to phase 2 Phase 2 contains 2 Optional Questions Time duration to complete Phase 2 is 1:30 hours
30
Details of Sections
SECTION II
Divided into three phases Phase 1, Phase 2 and Phase 3 Phase 1 contains 8 to 10 Questions [ RHCT Level ] By completing this section successfully you becomes RHCT Minimum marks required to pass 70 % Phase 2 contains 8 to 10 Questions [ RHCE Level ] By completing this section successfully you becomes RHCE Minimum marks required to pass 70 %
Note :- To get pass RHCE exam you are required to pass RHCT Phase 3 contains 3 Optional Questions Time duration to complete total section II is 3:00 hours
31
32
Welcome!
RH133
Red Hat Enterprise Linux System Administration
Objectives
Day 6
Installation of RHEL 4.0 NFS based FTP based HTTP based System Initialization and Services Understanding Boot Sequence Understanding GRUB Boot Loader Understanding Run Levels Understanding and Managing Services
Boot Machine from Bootable Disk [ Use Disk 1 or Boot.iso Disk ] boot: linux askmethod [ From Disk 1 ] boot: linux text askmethod [ From Disk 1 ] boot: Only Press Enter Key [ From Boot.iso Disk ] boot: linux text [ From Boot.iso Disk ] Language and Key-Board Selection Choose the appropriate installation method NFS image Obtain IP-Address from Server Obtain Hostname from Server Type the Server Name : server1.example.com Type the folder Path : /var/ftp/pub Then Follow the remaining installation instructions
Boot Machine from Bootable Disk [ Use Disk 1 or Boot.iso Disk ] boot: linux askmethod [ From Disk 1 ] boot: linux text askmethod [ From Disk 1 ] boot: Only Press Enter Key [ From Boot.iso Disk ] boot: linux text [ From Boot.iso Disk ] Language and Key-Board Selection Choose the appropriate installation method FTP Obtain IP-Address from Server Obtain Hostname from Server Type the Server Name : server1.example.com Type the folder Path : /pub Then Follow the remaining installation instructions
Boot Machine from Bootable Disk [ Use Disk 1 or Boot.iso Disk ] boot: linux askmethod [ From Disk 1 ] boot: linux text askmethod [ From Disk 1 ] boot: Only Press Enter Key [ From Boot.iso Disk ] boot: linux text [ From Boot.iso Disk ] Language and Key-Board Selection Choose the appropriate installation method HTTP Obtain IP-Address from Server Obtain Hostname from Server Type the Server Name : server1.example.com Type the folder Path : /install Then Follow the remaining installation instructions
Partition Scheme
Try to install RHEL with following partition scheme with minimum installation. /boot 100 MB / 1024 MB /usr 2048 MB /var 2048 MB /home 512 MB Swap which will be 1.5 to 2.0 to your systems ram
Multiboot Systems
Red Hat Enterprise Linux and the GRUB boot loader can coexist with other operating systems, including the following: Windows /NT/2000/XP/2003 DOS, Windows 3.x/9x/ME Two major issues arise when implementing multi boot systems: Partitioning and the boot process
10
11
12
13
14
15
Run Levels
Run Levels are different modes to run linux with different configuration. Init defines 0 to 6 run levels Defines in file [ /etc/inittab ] Following chard details the run levels that linux defines by default: Runlevel Effect 0 Halt 1,s,emergency Single user modes ( Only root user can be logged on. Used to perform Maintenance ) 2 Multi-user, without NFS networking 3 Full multi-user mode. ( Includes networking ) 4 User definable, but duplicate of run level 3 5 X11 ( Includes networking ) 6 Reboot Note :- If there is no run level defined then system will attempt to boot to run level 9 which is undefined.
16
Daemon Process
A daemon process is a program that is run in the background, providing some system service Two types of daemons Standalone ( Controlled by init or by a startup script /etc/rc.d ) Transient : ( Controlled by the Super-daemon xinetd )
17
Controlling Services
Utilities to control default system services
system-config-services : graphical utility that requires an X interface to control services. Services can be added, deleted or reordered in run level 3 through 5 with this utility ntsysv : is a console-based interactive utility that allows you to control what services run when entering a given run level. It configures the current run level by default by using the - -level option you can configure other run levels chkconfig : scripts can be managed at each run level with the on and off chkconfig options. service : command is used to start or stop a standalone service immediately, we also can use other options start, stop, restart and reload
18
System Initialization and Services Understanding Boot Sequence Understanding GRUB Boot Loader Understanding Run Levels
Understanding and Managing Services
Welcome!
RH133
Red Hat Enterprise Linux System Administration
Objectives
Day 7
Network Configuration IP Address Configuration Using Network Clients Filesystem Management Disk Partitioning Managing Partitions [ Mounting and Unmounting ] Virtual Memory using SWAP file and Partition Kernel Services and Configuration /proc folder kudzu
2
Network Configuration
IP Addressing
Is a 32bit Logical Address which make computer to communicate to each others using TCP/IP protocol. Defined in different classes From A to E Class A = Class B = Class C = 1 to 126
We can assign IP Address to computer by using two methods 1. 2. Static [ Manually ] Dynamic [ Using DHCP Server ]
ifup / ifdown
Used to activating and deactivating a network interface ifdown eth0 ifup eth0
mii-tool
Tool allows a system administrator to view, monitor, log and change the negotiated speed of Ethernet network cards mii-tool v = to view the current status of network interface card mii-tool v --force 100baseTx-FD eth0 To change the negotiated speed of Ethernet network card
Text-based network configuration tool Only writes config files. Does not activate device or changes. Use ifup/ifdown to active changes or restart the network service Used by kudzu when new network card found at boot time
system-config-network
GNOME-based network configuration tool Can be launched by a non-privileged user, but requires authentication as root.
Filesystem Management
10
11
What is Kernel?
The kernel is the heart of the whole operating system. It manages communication with hardware, decides which processes to run, and provides each process with an isolated, virtual address space in which to run. The kernel is what your boot loader, GRUB , loads into memory. The kernel loads device driver modules.
12
13
Types of kernel
Monolithic Modular
14
15
16
kudzu
The kudzu utility maintains a database of detected and configured hardware, found at /etc/sysconfig/hwconf As a part of the boot process, kudzu compares the currently detected hardware to the stored database If new hardware is detected , or previously existing hardware is removed, kudzu will attempt to automatically reconfigure the system or steer the administrator to the appropriate interactive configuration utility
17
Welcome!
RH133
Red Hat Enterprise Linux System Administration
Objectives
Day 8
Logical Volume Manager Using LVM Formatting and Mounting LVM Resizing LVM Understanding RAID Creating RAID Volumes Managing RAID Volumes Disk Quota Management Appling Quota Grace Period
What is LVM?
The Logical Volume Manager (LVM) enables you to resize your partitions without having to modify the partition tables on your hard disk. This is most useful when you find yourself running out of space on a filesystem and want to expand into a new disk partition versus migrating all or a part of the filesystem to a new disk.
LVM Terms
Physical Volume: A physical volume (PV) is another name for a regular physical disk partition that is used or will be used by LVM.
Volume Group: Any number of physical volumes (PVs) on different disk drives can be added together into a volume group (VG).
Logical Volumes: Volume groups must then be subdivided into logical volumes. Each logical volume can be individually formatted as if it were a regular Linux partition. A logical volume is, therefore, like a virtual partition on your virtual disk drive.
PV1
PV2
PV1
PV2
VG ( Volume Group )
LV
CREATING LVM
Step-1 Create two Partitions of 500 MB each using FDISK and set type as LINUX LVM Step-2 Create Physical Volumes pvcreate /dev/hda8 /dev/hda9 Step-3 Create Volume Group vgcreate VG1 /dev/hda8 /dev/hda9 Step-4 Change Volume Group to ACTIVE vgchange -a y VG1 Step-5 Create Logical Volume lvcreate -L +600M -n LV1 VG1 Step-6 Format the Logical Volume mkfs.ext3 /dev/VG1/LV1 Step-7 Mount in /etc/fstab /dev/VG1/LV1 /mnt/data ext3 defaults 00 Step-8 Activate the new volume mount -a
10
Understanding RAID
11
What is RAID ?
A Redundant Array of Independent Disks (RAID) is a series of disks that can save your data even if there is a catastrophic failure on one of the disks. While some versions of RAID make complete copies of your data, others use the so-called parity bit to allow your computer to rebuild the data on lost disks
12
RAID Levels
RAID 0
This level of RAID makes it faster to read and write to the hard drives. However, RAID 0 provides no data redundancy. It requires at least two hard disks. Reads and writes to the hard disks are done in parallel, in other words, to two or more hard disks simultaneously. All hard drives in a RAID 0 array are filled equally. But since RAID 0 does not provide data redundancy, a failure of any one of the drives will result in total data loss. RAID 0 is also known as 'striping without parity.'
13
RAID Levels
RAID 1
This level of RAID mirrors information to two or more other disks. In other words, the same set of information is written to two different hard disks. If one disk is damaged or removed, you still have all of the data on the other hard disk. The disadvantage of RAID 1 is that data has to be written twice, which can reduce performance. And it is expensive. To support RAID 1, you need an additional hard disk for every hard disk worth of data. RAID 1 is also known as disk mirroring
14
RAID Levels
RAID 5
Distributes, or 'stripes,' parity information evenly across all the disks. If one disk fails, the data can be reconstructed from the parity data on the remaining disks. RAID does not stop; all data is still available even after a single disk failure. RAID level 5 is the preferred choice in most cases: the performance is good, data integrity is ensured, and only one disk's worth of space is lost to parity data. RAID 5 is also known as disk striping with parity. This set of RAID requires at least 3 Disks.
15
RAID 0 Level
RAID 1 Level
RAID 5 Level
16
17
18
19
20
00
21
Quota Commands
quota repquota edquota t : : : Run by user to check quota status Run by the root user to check the quota status for every user Assigns the grace period
22
Understanding RAID
Welcome!
RH133
Red Hat Enterprise Linux System Administration
Objectives
Day 9
Package Management Installing and Removing RPM packages Querying RPM Packages ADR ( Automatic Dependency Resolution ) Kickstart Configuration Creating Kickstart File Using Kickstart File User Management PAP and SUDO Special Permissions Login Shells
2
Package Management
What is Package?
In the generic sense, an RPM package is a container of files. It includes the group of files associated with a specific program or application, which normally includes binary installation scripts, as well as configuration and documentation files. It also includes instructions on how and where these files should be installed and uninstalled.
What is RPM?
The RPM Package Manager greatly simplifies the distribution, installation, upgradation. And removal of software on RHEL systems. Software to be installed using rpm is distributed through rpm package files, which are essentially compressed archives of files and associated dependency information. Package files are named using the following format:
name-version-release.architecture.rpm
: : : :
-i -U -F -e
RPM Queries
rpm rpm rpm rpm rpm rpm -q -qa -qi -ql -qip -qlp : : : : : : To queries any installed package To queries all installed packages To show general information To show list of package files installed To show general information of uninstalled package To show list of packages of uninstalled package
Kickstart Configuration
What is kickstart?
Kickstart is a component of the installer that automates installed Kickstart supports all installation methods The installer reads information from an files rather than prompting for it to user Kickstart files can be made available via floppy, network servers like nfs, ftp, http.
10
11
User Management
12
Creating Users
useradd options user - Creates a new user. -c Assigns full name to user. -d Uses to define home folders location. -s Uses to define user's shell. (Use /sbin/nologin for users you wish to restrict from having shell access). -g Add user to group ( Primary Group ) -G Add user to group ( Secondary Group ) usermod options user - Modifies user account Same options as useradd. userdel options user - Deletes user account. -r : Remove user's home directory. passwd user - Changes the password of the specified user. If no user is specified, will change the password of the current user.
13
Creating Groups
groupadd group - Creates a group. groupmod options group - Modifies a group. -n : Rename group groupdel group - Deletes the specified group.
14
Configuration Files
/etc/passwd /etc/shadow /etc/group /etc/gshadow = = = = file contains user database file contains user password database file contains group database file contains group password database
15
16
SUDO
The sudo command allows users listed in /etc/sudoers to run administrative commands. Main configuration file vi /etc/sudoers Commands can be executed by using sudo command Example: sudo cat /etc/shadow
17
Special Permissions
Special permissions : a forth permission set SUID for an executable SGID for an executable SGID for a directory Sticky bit for a directory
18
SGID
19
20
Login Shells
Login shells are first shells started when a user log in Shells launched from a login shell typically are not login shells
21
22
Welcome!
RH133
Red Hat Enterprise Linux System Administration
Objectives
Day 10
Printing and Administration Tools Understanding Printer Installing and Managing Printer Server and Client Using Scheduling [ cron ] System Logging X Windows System Understanding Server and Client Managing X Server Using Remote Desktop Configuration Utilities
Understanding Printer
Printer TERMS
Printer Print Device Print Driver Print Server Print Client Network Printer Local Printer Print Queue Print Job
Installing and Managing Printer Server and Client CUPS Configuration Files
/etc/cups/cupsd.conf cupsd server configuration file /etc/cups/printers.conf Print queue configuration file
Printing Commands
system-config-printer : Utility to install and manage print devices lpr : command to send print jobs to print device lpq : command to view print queues lprm : command to remove print jobs lpadmin : command line tool for printer administration
cron
Used to schedule recurring events Use crontab to edit, install and view job schedules Command Examples Crontab OPTIONS -l list crontab -r removes crontab -e edits crontab
10
11
12
System Logging
13
klogd
:The kernel log daemon service logs kernel messages and events
syslogd :The syslog daemon logs all other process activity. You can use the log files that syslogd generates to track activities on your system
14
Log Files
/var/log/dmesg /var/log/messages /var/log/maillog /var/log/secure : Kernel log messages : Standard system error messages : Mail System messages : Security, authentication, and xinetd messages
15
X Windows System
16
What is X Windows
The X Windows System is the foundation of the Linux graphical user interface (GUI). The X Windows System is maintained by X Consortium at http://www.X.org The X Window System is designed as a flexible and powerful client/server-based system
17
18
19
Configuration Utilities
system-config-display mouseconfig switchdesk
20
X Windows System
Welcome!
RH133
Red Hat Enterprise Linux System Administration
Objectives
Day 11
Troubleshooting Understanding Troubleshooting Troubleshooting Procedures Common Troubleshooting Problems and Solutions X Windows Problems Booting Problems User Management Problems Basic Network Related Problems Using Rescue Environment From CD-ROM NFS, FTP, HTTP Servers Using Run Level 1 Using Syslogs to Solve Problems
2
Understanding Troubleshooting
What is Troubleshooting?
Troubleshooting help you to diagnose and solve technical problems that are occurring with your computer.
The science comes from the concepts of hypothesis testing, experimentation, comparison and reproducing results. The science always to focus on likely causes The art of troubleshooting comes from realization that operating system, services and applications do not always work as we hope or anticipate, or even as their creators hops or anticipate. The art permits us consider the off-the wall and unlikely as possibilities
Golden Rules
Two troubleshooting golden rules:
Always start from very basic step first Avoid missing underlying cause Justify why a certain solution is successful
Troubleshooting Categories
Two categories of problems:
Hardware-related Software-related
Troubleshooting Procedures
Unable to load Desktop Monitor Resolution Mouse Problem Hangs While loading Desktop system-config-display Is xfs is running
[ Try to start service permanently using chkconfig ]
Solutions
Is gpm is running
[ Try to start service permanently using chkconfig ]
Is /home or /tmp is full Is user reached a hard quota limit Is hostname resolved properly
10
Booting Problems
Problems
1. 2.
3.
4.
5.
No bootloader splash screen or prompt appears Kernel does not load at all, or loads partially before a panic occurs Kernel loads completely, but panics or fails when it tries to mount filesystem and run /sbin/init Kernel loads completely, and /etc/rc.d/rc.sysinit is started and interrupted Run Level errors
11
Booting Problems
Solutions Problem 1
GRUB is misconfigured Boot Sector is corrupt Bad BIOS settings Corrupt kernel Incorrect Parameters passed to the kernel by the bootloader Bootloader is misconfigured /sbin/init is corrupted or /etc/inittab is misconfigured Root filesystem is damaged and unmountable
Problem 2
Problem 3
12
Booting Problems
Solutions Problem 4
/bin/bash is missing or corrupted /etc/fstab may have an error Error in RAID or QUOTA specifications /etc/inittab is misconfigured Service-specific error Misconfigured X or related services in run level 5
Problem 5
13
Unable to Login Forgot password User is using nologin shell User account is locked User account is expired User is having no password Change users password [ using runlevel 1 if roots password ]
Solutions
14
Unable to ping to other network Unable to resolve host name Network Interface is not up Unable to display IP-Address Use netconfig command Enter valid entries for DNS server Enter valid entries for DHCP server [ If required ] Enter valid entries for Default Gateway Try to UP Ethernet Interface using ifup command
Solutions
15
16
17
Steps
CD-ROM Boot from first RHEL installation CD Type linux rescue at boot prompt NFS, FTP and HTTP Server Boot from first RHEL installation CD Type linux rescue askmethod at boot prompt [ Note : - use only linux rescue with using BOOT.ISO disk ]
18
19
20
21
Welcome!
RH253
Red Hat Network Services and Security Administration
Objectives
Day 12
Understanding and Managing DNS Server Understanding DNS Server Configuration Creating Zones Creating Zone Resource Records Client Configuration Testing DNS Understanding and Managing DHCP Server Understanding DHCP Server Server Configuration Creating Leases and Reservation Client Configuration Using DHCP Server to obtain IP-Address 2
What is DNS?
DNS is the Domain Name System, which maintains a database that can help your computer translate domain names such as www.redhat.com to IP addresses such as 216.148.218.197 and also translates IP address to domain names as well. DNS Allows machines to be logically grouped by name domains DNS is based on the named daemon, which is built on the BIND (Berkeley Internet Name Domain) package developed through the Internet Software Consortium Red Hat Enterprise Linux 4 includes BIND version 9
ZONE
What is Zone?
A zone is a part of the DNS database administered by a single name server. Forward lookup Reverse lookup [ Maps Host name to IP-Address ] [ Maps IP-Address to Host name ]
Types of Zones
10
zone example.com IN { type master; file example.com.zone; example.com.zone }; zone 0.168.192.in-addr.arpa IN { type master; file 192.168.0.zone; 192.168.0.zone };
11
12
13
Other Configuration
Comment out following line from /etc/sysconfig/named file #ROOTDIR=/var/named/chroot Now start named service and also make it start permanent service named start chkconfig --level 345 named on
14
15
16
17
18
Testing Configuration
dig station1.example.com nslookup station1.example.com dig -x 192.168.0.1 nslookup 192.168.0.1
19
20
21
22
23
dhcpd
on
24
25
Welcome!
RH253
Red Hat Network Services and Security Administration
Objectives
Day 13
Understanding and Managing NFS Server Understanding NFS NFS Server Configuration Creating Shares NFS Client Configuration Mounting NFS Shares Understanding and Managing SAMBA Server Understanding SAMBA Server SAMBA Server Configuration Creating Shares SAMBA Client Configuration Accessing SAMBA Shares 2
What is NFS?
A Network File System (NFS) allows remote hosts to mount file systems over a network and interact with those file systems as though they are mounted locally. This enables system administrators to consolidate resources onto centralized servers on the network. The Network File System (NFS) is the standard for sharing files on a directory with Linux and Unix computers. It was originally developed by Sun Microsystems in the mid-1980s. You can create shared NFS directories directly by editing the /etc/exports configuration file, or you can create them with Red Hat's NFS Configuration tool.
NFS Services
portmap nfs rpc.mountd : Map calls made from other machines : Translates NFS requests in requests on the local system : Mounts and Unmounts filessystems
0 0
NFS Commands
showmount -e :shows the available shares exportfs -v :Displays a list of shares files and options on a server exportfs -a :Exports all shares listed in /etc/exports ,or given name exportfs -u :Unexports all shares listed in /etc/exports ,or given name exportfs -r :Refresh the servers list after modifying /etc/exports
10
11
What is SAMBA?
Samba is a software package that comes with RHEL 4.0 that lets you share file systems and printers on a network with computers that use the Session Message Block (SMB) protocol. SMB is the protocol that is delivered with Windows operating systems for sharing files and printers You can do four basic things with Samba:
Share a Linux directory tree with Windows and Linux/Unix computers Share a Windows directory with Linux/Unix computers Share a Linux printer with Windows and Linux/Unix computers Share a Windows printer with Linux/Unix computers
12
SAMBA Services
smbd nmbd : Main File and Printer Sharing Service : Act as WINS Server
13
14
15
16
17
smbfs
defaults,credentials=/etc/cred.txt 0 0
18
Welcome!
RH253
Red Hat Network Services and Security Administration
Objectives
Day 14
Understanding and Managing FTP Server Understanding FTP Server FTP Server Configuration Allowing and Disallowing Users FTP Client Configuration Accessing FTP Server Understanding and Managing HTTP Server [ Apache Server ] Understanding Apache Web Server Hosting Web Sites Virtual Directory Access Control CGI Scripts 2
What is FTP?
FTP, the File Transfer Protocol, is one of the original network applications developed with the TCP/IP protocol suite. It follows the standard model for network services, as FTP requires a client and a server , the first implementations of FTP date back to 1971. FTP set out to solve the need to publish documents and software so that people could get them easily from other computer systems. On the FTP server, files were organized in a directory structure; users could connect to the server over the network ,and download files from (and possibly upload files to) the server.
What is vsftpd?
The Very Secure FTP Server (vsFTPd) is the only FTP server software included in the Red Hat Linux distribution , vsFTPd is becoming the FTP server of choice for sites that need to support thousands of concurrent downloads. It was also designed to secure your systems against most common attacks.
Configuration Files
/etc/vsftpd/vsftpd.conf /etc/vsftpd.ftpusers /etc/vsftpd.user_list : Main Configuration File : Contains Users list to allow or deny : Contains Users list to allow or deny
10
11
12
13
14
15
16
17
18
CGI Script
Step 2: Create Script File vi /var/www/html/station1/cgi-bin #!/bin/bash echo Content-type: text/html echo echo "<pre>" echo My username is: whoami echo echo My id is: id echo "</pre>"
19
CGI Script
Step 3: Assigning permission to CGI script chmod 555 /var/www/html/station1/cgi-bin
20
Welcome!
RH253
Red Hat Network Services and Security Administration
Objectives
Day 15
Understanding and Managing Squid Proxy Server Understanding Squid Proxy Server Squid Proxy Server Configuration Allowing and Disallowing Web-Sites Squid Client Configuration Accessing Internet Via Squid Server Understanding and Managing Mail Servers Basic Mail Concepts Understanding Sendmail and Postfix Server Configuring Sendmail Server Configuring Postfix Server Configuring Mail Clients 2
Email Protocols
Email Protocols are categorized in two types: Mail Transport Protocols The primary purpose is to transfer email between mail servers. Mail Access Protocols used by email client applications to retrieve email from mail servers
10
11
12
POP
The default POP server under Red Hat Enterprise Linux. When using a POP server, email messages are downloaded by email client applications. By default, most POP email clients are automatically configured to delete the message on the email server after it has been successfully transferred, however this setting usually can be changed. POP is fully compatible with important Internet messaging standards, such as Multipurpose Internet Mail Extensions (MIME), which allow for email attachments. POP works best for users who have one system on which to read email. The most current version of the standard POP protocol is POP3
13
IMAP
The default IMAP server under Red Hat Enterprise Linux . When using an IMAP mail server, email messages remain on the server where users can read or delete them. IMAP also allows client applications to create, rename, or delete mail directories on the server to organize and store email. IMAP is particularly useful for those who access their email using multiple machines. For convenience, IMAP client applications are capable of caching copies of messages locally, so the user can browse previously read messages when not directly connected to the IMAP server. IMAP, like POP, is fully compatible with important Internet messaging standards, such as MIME, which allow for email attachments.
14
15
16
17
18
Sendmail
19
What is Sendmail?
Sendmail's core purpose, like other MTAs, is to safely transfer email among hosts, usually using the SMTP protocol. However, Sendmail is highly configurable, allowing control over almost every aspect of how email is handled, including the protocol used. Many system administrators elect to use Sendmail as their MTA due to its power and scalability
20
21
22
23
24
25
26
What is Postfix?
Postfix Originally developed at IBM by security expert and programmer Wietse Venema, Postfix is a Sendmail-compatible MTA that is designed to be secure, fast, and easy to configure.
27
28
29
30
31
Welcome!
RH253
Red Hat Network Services and Security Administration
Objectives
Day 16
Understanding and Managing NIS Server Understanding NIS Server NIS Master Server Configuration NIS Client Configuration Auto Mounting Home Folders Understanding and Managing PAM Authentication Understanding PAM Authentication Understanding PAM Modules and Configurations Applying PAM Modules
What is Workgroup?
Logical location of computer are connected to each other, sharing the information from each other, usually use their local database ( user database) to work in network environment.
What is Domain?
Logical location of computer are connected to each other, sharing the information from each other, usually use central database ( user database) from server to work in network environment.
What is NIS?
The NIS ( Network Information Service ) is one popular network service which can be used to manage system and account information on multiple systems from a central server. NIS uses a single master server and optionally one or more slave servers, each running ypserv, to share information with NIS clients running ypbind. NIS servers are typically used to synchronize account information. They can share the contents of /etc/passwd, /etc/shadow and /etc/group files by converting them into NIS maps
What is NIS?
NIS services require at least one NIS master server. This is where the centralized NIS database files, known as maps, are stored. NIS changes require an update to the map on the master server. You can have only one NIS master server per NIS domain. For larger networks, you may also want an NIS slave server. NIS slaves take copies of the NIS maps from the master server. NIS clients can then get their configuration files from either the master server or a slave server. You can have multiple NIS slave servers on a network. NIS clients are systems that use information from an NIS server. NIS clients don't store any information that is contained in the NIS databases; whenever that information is needed, it is retrieved from a server.
[ Note :- Whenever Make any changes to Domain database run following command ] cd /var/yp make
10
11
12
13
What is PAM?
The Pluggable Authentication Modules (PAM) system to check for authorized users. PAM includes a group of dynamically loadable library modules that govern how individual applications verify their users. You can modify PAM configuration files to suit your needs. The PAM provides a generic way for applications to implement support for authentication and authorization. A PAM-enabled application calls libpam functions to perform all authentication test for it.
14
PAM Operation
PAM works with the help of Modules and Service files to maintain the security. PAM Modules are stored in following directory /lib/security PAM Service files are stored in following directory /etc/pam.d
15
PAM Tests
PAM actually organized tests into four management groups which are checked independently by different libpam library functions.
auth account
: This management group is used by PAM functions which authenticate users. : This management group is used to verify that an account is valid at this time and passwords have not expired. : This management group is used to control password changes. : This management group is called by PAM at the start and at the end of a session.
password session
16
: Must pass, keep testing even if fails : as required, except stop testing on fail : if passing so far, return success now if fails, ignore test and keep checking : whether test passes or fails is irrelevant
17
18
19
20
nisuser1
21
Welcome!
RH253
Red Hat Network Services and Security Administration
Objectives
Day 17
Understanding and Managing System Monitoring Understanding Monitoring Monitoring Techniques Using System Logs and Files Security Concerns and Policy Understanding Security Securing Networks Using Firewall ( IPTables ) Understanding Firewall and IPTables Applying Firewall and Securing Network IP Forwarding and Routing
What is Monitoring?
An important part of maintaining a secure system is keeping track of the activities that take place on the system. If you know what usually happens, such as understanding when users log into your system, you can use log files to spot unusual activity
Monitoring Techniques
Learn to identify files statistics Ensure filesystem integrity Understanding system log configuration Learn Log file analysis Understand Process Monitoring
Equipment problems such as hard disk crashes or any other devices Users problems such as repeated login failures Security breaches from outside the system
Using syslogs
Red Hat Enterprise Linux 4 comes with several utilities you can use to monitor activity on a system. These utilities can help you identify the culprit if there is a problem. RHEL 4 comes with two logging daemons. The kernel log daemon service, klogd, logs kernel messages and events. The syslog daemon, syslogd, logs all other process activity. You can use the log files that syslogd generates to track activities on your system. If you are managing multiple Red Hat Enterprise Linux systems, you can configure the syslogd daemon on each system to log messages to a central host system. Both syslogd and klogd are configured in /etc/syslog.conf file
syslog.conf file
Location /etc/syslog.conf The format is straightforward. The first entry specifies a semi-colon delimited list of facility.priority declarations. The second filed specifies the log location, which is usually a file. Syntax: facility.priority log_location
10
11
Understanding Security
A network is only as secure as the most open system in that network. Although no system can be 100 percent secure, you can follow certain basic host measures to enhance the security on any given system and, consequently, your network. When devising security measures, you have to plan for two types of security violations: user accidents and break-ins. Accidents happen because users lack adequate training or are unwilling to follow procedures. If security is too burdensome, productivity may suffer, and your users will try to get around your rules. Password security falls into this category. When a cracker breaks into your system, some crackers may be looking for secrets such as credit card information. Others may just want to bring down your system.
12
Understanding Security
Types of Security
13
14
15
16
17
Intrusion attacks
To remotely use the resources of a target machine, attackers must first look for an opening to exploit. In the absence of inside information such as passwords or encryption keys, they must scan the target machine to see what services are offered. Perhaps one of the services is weakly secured and the attacker can use some known exploit to finagle his way in.
18
Diagnostic Utilities
Port Scanners Show what services are available on a system nmap Packet Sniffers Stores and analyzes all network traffic tcpdump ethereal
19
20
What is Firewall?
Information security is commonly thought of as a process and not a product. However, standard security implementations usually employ some form of dedicated mechanism to control access privileges and restrict network resources to users who are authorized, identifiable, and traceable. Red Hat Enterprise Linux includes several powerful tools to assist administrators and security engineers with network-level access control issues
21
What is Firewall?
Firewalls are one of the core components of a network security implementation. Several vendors market firewall solutions catering to all levels of the marketplace: from home users protecting one PC to data center solutions safeguarding vital enterprise information. Firewalls can be standalone hardware solutions, such as firewall appliances by Cisco, Nokia, and Sonicwall. There are also proprietary software firewall solutions developed for home and business markets by vendors such as Checkpoint, McAfee, and Symantec. Apart from the differences between hardware and software firewalls, there are also differences in the way firewalls function that separate one solution from another
22
What is Firewall?
three common types of firewalls and how they function: NAT Packet Filtering Proxy
23
NAT
Network Address Translation (NAT) places private IP subnetworks behind one or a small pool of public IP addresses, masquerading all requests to one source rather than several.
24
Packet Filtering
A packet filtering firewall reads each data packet that passes within and outside of a LAN. It can read and process packets by header information and filters the packet based on sets of programmable rules implemented by the firewall administrator. The Linux kernel has built-in packet filtering functionality through the Netfilter kernel subsystem.
25
Proxy
Proxy firewalls filter all requests of a certain protocol or type from LAN clients to a proxy machine, which then makes those requests to the Internet on behalf of the local client. A proxy machine acts as a buffer between malicious remote users and the internal network client machines.
26
27
Firewall Policies
Firewall sits between your internal network and the outsides network Filters information on a packet by packet basis Info in packets : Source address, types of data, destination address
28
29
IPTables
IPTables is really and front-ent ( user-space) tool to manage Netfilter (integrated within the Linux Kernel) IPTables functions primarily at OSI Layers 3 ( Network (IP)) & 4 (Transport (TCP,UDP)) Layer 3 focuses on Source Address & Destination Address IP Addresses are based on 32-bit ranges ( 4 billions address ) Layer 4 focuses on Protocols:Ports TCP:80, UDP:69 TCP/UDP ports use a 16-bit range ( 0- 65535 ) IPTables can manage ICMP ICMP uses types : echo-request, echo-reply
30
IPTables Command
Iptables t table (Action / Direction ) ( Packet Pattern ) j ( fate ) Tables : filter ( default ) , nat , mangle Actions : -A append, -D delete, -L list, -F flush Direction : - INPUT, OUTPUT, FORWARD Packet Pattern: -s Source IP-Address d Destination IP-Address Fate: DROP, ACCEPT, REJECT
31
IPTables Commands
Examples : iptables -A INPUT -s 192.168.1.0/24 -j REJECT iptables -A INPUT -s 192.168.0.20 -p icmp -j DROP iptables -A INPUT -m mac --mac-source 12:34:56:89:90:ab -j ACCEPT iptables -A OUTPUT -d www.yahoo.com -j REJECT
32
Welcome!
RH253
Red Hat Network Services and Security Administration
Objectives
Day 18
Understanding and Managing NAT Firewall IP-Routing ( Router Configuration ) NAT Firewall Understanding and Managing TCP Wrappers Understanding hosts.allow and hosts.deny Appling Security using TCP Wrappers Understanding and Managing xinetd daemon Understanding xinetd daemon Appling Security using xinetd daemon Securing Computer using SSH communications Understanding SSH Sending and Receiving Public Keys
Enabling Routing
Step 1: Assign following IP-Address information on each computer
= 10.1.1.1 = 255.0.0.0
= 192.168.0.1 = 255.255.255.0
ROUTER
Internal station2
= 10.1.1.2 = 255.0.0.0 = 10.1.1.1 IP-ADDRESS SUBNET MASK DEFAULT G/W = 192.168.0.2 = 255.255.255.0 = 192.168.0.1
External
station1
IP-ADDRESS SUBNET MASK DEFAULT G/W
Enabling Routing
Step 1: Assign following IP-Address information on each computer Step 2: Enable IP-Forwarding vi /etc/sysctl.conf net.ipv4.ip_forward = 0 to net.ipv4.ip_forward = 1 sysctl -p
NAT Firewall?
Network Address Translation (NAT) places private IP subnetworks behind one or a small pool of public IP addresses, masquerading all requests to one source rather than several
POSTROUTING [ SNAT ]
Source NAT Translates the source address of outbound packets, and the destination address of return packets Example:
PREROUTING [ DNAT ]
Destination NAT Translates the destination address of Inbound packets, and the source address of return packets Example:
10
11
12
Configuration Files
When a client connects to a tcp wrapped service, the access control list /etc/hosts.all and /etc/hosts.deny are examined. The server will then either choose to accept or drop the connection, depending on the control list configuration. Policies can be specified for individual services and are usually configured in terms of the clients IP-Address. Both files have same basic syntax to allow or deny clients list
13
Configuration Files
Three stages of access checking Is access explicitly permitted? Otherwise, is access is explicitly denied? Otherwise, by default, permit access! Configuration stored in two files Permissions in /etc/hosts.allow Denials in /etc/hosts.deny
14
Configuration Files
Examples: sshd: .example.com sshd: ALL EXCEPT .cracker.org sshd: ALL EXCEPT .cracker.org EXCEPT trusted.cracker.org ALL EXCEPT sshd: ALL ALL EXCEPT sshd: ALL EXCEPT .cracker.org ALL EXCEPT sshd: ALL EXCEPT .cracker.org EXCEPT trusted.cracker.org
15
16
17
18
Sample configuration
service telnet
{ disable flags socket_type wait user only_from no_access access_times server log_on_failure } = = = = = = = = = += yes REUSE stream no root 192.168.0.24/24 192.168.0.1 08:00-16:00 /usr/sbin/in.telnetd USERID
19
20
What is SSH?
The Secure Shell and Secure Copy programs, ssh and scp, are replacements for the rsh, telnet, and rcp programs. They encrypt communication between different computers. The secure daemon, sshd, listens for all inbound traffic on port 22. The SSH configuration files are located in the /etc/ssh directory. Both relies on PKI ( Public Key Infrastructure ) for data encryption methods.
21
22
Private Keys
Your private key (essentially a file with your special number) must be secure. When you enable an application, it can attach the key to your messages. Anything you send-say, from your e-mail account-can then be digitally signed and encrypted. The public key is added to the end as part of your signature. Only the recipient will be able to decrypt the message.
23
Public Keys
Your public key value is just that, publicly available. A central authority such as Verisign or Globalsign and other companies as well provides public access to public keys they have created. If they generate a private key for you, they'll keep a secure copy on their system. You can just attach your public key to the e-mail, or the end users can publicly retrieve it from the Web site associated with the central authority.
24
Using SSH
Step 1: Create key pair ssh-keygen -t rsa/dsa Step 2: Send Public Key to Client scp id_rsa.pub root@station1.example.com: Step 3: On second computer transfer copied file into ~/.ssh/authorized_keys file cp id_rsa.pub .ssh/authorized_keys
25