Anda di halaman 1dari 8

INDEX

1. Installation of LINUX on multiboot environment 2. User management, file management and file system security 3. Web server, virtual hosting and redirection of website 4. DNS server configuration 5. Firewall, SNAT and DNAT 6. Backup and version control 7. SSH, NFS and Vsftpd. 8. MYSQL DATABASE

1.Linux installation
1. Insert cd and boot from cd 2. Press enter when asked 3. Press skip 4. Press next, choose English and den enter key 5. Choose create custome layout from the combobox 6. Create a new partition from the table 1 choose new->mount point->/->file system type ext3->size of 10000(10gb) 2 choose new->file system ->swap of not more than 2Xsize of RAM 7. Cress next when prompted choose install grub in /dev/sda 8. If there is any other OS already on your machine then it ll be displayed in the list below s choose them as well and if you wish to give boot loader a passwd then check in the checkbox. 9. Dont do any thing if you dont have ip configuration with you choose default. 10. Choose region and then give root passwd prefereable redhat 11.Customize later

2.User management
1.

Create user using useradd user_name <-> to add user using user account. passwd user_name <-> to give password groupadd coll <-> add group useradd u_name g coll <->add user to group coll

Create user without using useradd command edit /etc/passwd just add this line bill::502:502:bill:/home/bill:/bin/bash edit /etc/group just add this line bill::502: edit /etc/shadow just add this line bill::15279:0:99999:7::: just copy paste second last line in that file mkdir /home/bill cp R /etc/skel/* /etc/skel/.* /home/bill chown R bill.bill /home/bill 3. Backup of files a. TAR method i. #tar options <destination> <source> ii. #tar cvf backup.tar /home/bill/documents iii. #gzip backup.tar <-> to zip the file iv. #tar xvfz backup.tar.gz <->to xtract files v. One command to directly make tar.gz file #tar cvfz backup.tar.gz /home/bill/documents b. ISO method i. To make an iso of data #mkisofs -J L -r T -o backup.iso /home/bill/documents #file backup.iso <-> this gives description of the iso file like iso 9660 standard etc. ii. #mkdir /mnt/cdiso iii. Mount the iso file in /mnt/cdiso folde #mount o loop backup.iso /mnt/cdiso iv. Cd or iso is mounted only in read only mode so if you try checking out the file permissions then it would show rrr
2.

4.

File management and security

#chmod 777 /home/bill/x.c Each 7 represents user level, group level,others

execute = 001 in binary = 1 in octal write = 010 in binary = 2 in octal read = 100 in binary = 4 in octal So where does the 7 come from? 7 in binary = 111 in decimal = read, write, execute So you get: read read read read write execute = 111 = 1 + 2 + 4 = 7 write no execute = 110 = 4 + 2 = 6 no write execute = 101 = 4 + 1 = 5 no write no execute = 100 = 4

no no no no

read read read read

write execute = 011 = 2 + 1 = 3 write no execute = 010 = 2 no write execute = 001 = 1 no write no execute = 000 = 0

#touch filename <-> to create a file #mkdir dir_name <->to create a directory Others search on net or refer any book

5.

Network configuration and LAN card installation


a. b. c. d.

In order to use internet we need Ip address Subnet mask DNS server address Gateway address
i. To set ip address to our machine 1. #ifconfig eth0 172.16.40.150 netmask 255.255.255.0 up 2. Now one question that y hav we used netmask of C class ip and ip of

class B the reason is we are connected to spce and spce uses class C network configuration and spit uses class B they both share same router
ii. To add gateway address 1. #route add default gateway 172.16.40.1 2. Ip of gateway or in our case the switch that connects spit network to

main server room in spce.


iii. To add DNS server 1. Edit /etc/resolv.conf file to edit the dns info 2. #nano /etc/reslv.conf 3. Append this to the file

nameserver 172.16.10.2
iv. To view routing table

#route -n

6.

FTP, web server, SSH, TELNET, NFS, DNS,MYSQL server


To install any software from .rpm then there is a command called rpm #rpm qa | grep nano <->to search in system whether nano is installed in the system or not #rpm e nano <-> to remove software from the system #rpm i nano.rpm <->to install a software the file name given nano.rpm may not be the same on your as well #yum install nano <->yumis the utility to install software from the repo of redhat similar to apt-get install nano kind in ubuntu #yum upgrade nano #yum remove nano #chkconfig service_name on/off <-> to make any service on or of on boot time [NOTE : all file names of .rpm are just for reference they might not be the same as orginal]

a.

FTP
#rpm ivh vsftpd.rpm Edit file in /etc/vsftpd/vsftpd.conf Just make anonymous yes by removing comment from that line . 3. Start the service a. #service vsftpd start 4. To add users with user and passwd a. Edit file in /etc/vsftpd/vsftpd.conf b. Comment allow anonymos user line c. Now create a user group i. #groupadd sharing_gp ii. #mkdir /home/sharing_folder iii. #chmod 750 /home/sharing_folder iv. #chown R root:sharing_gp /home/sharing_folder v. Adding people to shared directory over ftp vi. #useradd g sharing_gp d /home/sharing_folder user_1 vii. #useradd g sharing_gp d /home/sharing_folder user_2 viii. #useradd g sharing_gp d /home/sharing_folder user_3 ix. #passwd user_1 x. #passwd user_2 xi. #passwd user_3 xii. Restart the service xiii. #service vsftpd restart
1. 2.

b.

Web server
i. #rpm ivh httpd.rpm ii. If by any chance you cant install it by .rpm file due to dependencies then use

#yum install httpd Its through the network i.e from the redhats repositories so it automatically solves all dependencies. iii. Modify /etc/httpd/conf/httpd.conf file to make changes in the configuration of the web server iv. To modify document root make changes in that line v. Virtual hosting Virtual hosting is something like hosting multiple sites on the same web server so for having multiple hosting we require multiple ip addresses So now we try to configure our web server to multiple virtual hosts. This concept is very important and those who have hosting sites on web would actually now know how their sites are hosted on those huge enterprise servers. 1. Give an ip to nic, by default your nic is eth0 now you want your NIC to get more ip or give many ip to same NIC for that use #ifconfig eth0:0 10.0.2.200 netmask 255.255.255.0 up 2. After that edit /etc/httpd/conf/httpd.conf file go to last over there find virtual host tag just add or uncomment it

<VirtualHost 10.0.2.200:80> ServerAdmin webmaster@moiz.com DocumentRoot /var/www/html ServerName moiz.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </VirtualHost> 3. After this just add a line in /etc/hosts file #nano /etc/hosts 10.0.2.200 moiz.com 4. restart the deamon #service httpd restart vi. Virtual hosting for multiple sites 1. Same procedure #ifconfig eth0:0 10.0.2.201 netmask 255.255.255.0 up #ifconfig eth0:1 10.0.2.202 netmask 255.255.255.0 up 2. <VirtualHost 10.0.2.200:80> ServerAdmin webmaster@ziom.com DocumentRoot /var/www/html/site1 ServerName moiz.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </VirtualHost> 3. <VirtualHost 10.0.2.201:80> ServerAdmin webmaster@moiz.com DocumentRoot /var/www/html/site2 ServerName moiz.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </VirtualHost> 4. #nano /etc/hosts 1. ziom.com 2. moiz.com now restart the server again and test it by typing moiz.com in browser you get files from site2 and ziom.com you get from site1.
c.

NFS
i. ii. iii. iv. v. vi. vii. viii. ix.

Install nfs server we need nfs and portmap rpm files Check all files #rpm qa | grep nfs <-> if below files are found then install nfs-util,nfs,nfs-libs #rpm ivh nfs #rpm ivh nfs-utils #rpm ivh nfs-libs #rpm qa | grep portmap <->if not found then install #rpm ivh portmap After installing all required softwares now make changes in the configuration files x. Edit /etc/exports file

Add these lines to it /home/bill/nfs_share *(ro) /home/bill/nfs_private_share

172.16.40.*(rw)

FORMAT for adding is as follows : <content directory><tab space><users><(<access rigths>)> xi. Restart the service by 1. #service nfs restart 2. #service portmap restart 3. To check the information abt shares use a. #rpcinfo p localhost b. #exportsfs avr xii. On client side 1. #mkdir /mnt/nfs_folder_mount 2. #mount t nfs 172.16.40.200:/home/bill/nfs_share /mnt/nfs_folder_mount change the permission on the nfs_share folder to 660
d.

SSH
i. Install the ssh server (ip of server is 172.16.40.200) 1. Go to the folder containing the rpm files 2. #rpm ivh opensshd.rpm 3. Configure the file /etc/ssh/sshd_config its already configured 4. Start the server a. #service sshd restart ii. On client side test ssh server using following 1. #ssh 172.16.40.200 <-> ip of the ssh server 2. On prompt enter username and passwd to get access to the server

e.

Telnet
i. Install the telnet server (ip of server is 172.16.40.200) 1. Go to the folder containing the rpm files 2. #rpm ivh telnet.rpm 3. Start the server a. #service telnet restart ii. On client side test ssh server using following 1. #telnet 172.16.40.200 <-> ip of thetelnet server 2. On prompt enter username and passwd to get access to the server

f.

DNS
To install dns server wwe require bind software and service name is named SERVER SIDE: i. Check if bind is already installed or not #rpm qa | grep bind If not installed then install it #rpm ivh bind.rpm ii. Edit configuration files in /var/named/chroot/etc (in redhat ) and /etc/named/conf (in fedora) There are 4 files a. /var/named/chroot/etc/named.conf -> main dns configuration file that list and name of all zone files to be used. b. /var/named/chroot/var/named/named.ca -> list all 13 root authoritive servers like .com/.in/.org/.net etc

/var/named/chroot/etc/rndc.key -> file used in named authentication. d. /var/named/chroot/var/named/spit.ac.in.forward -> forward zone file. e. /var/named/chroot/var/named/spit.ac.in.reverse ->reverse zone file. f. These file must be provided by the college ll talk to mam about it or else you can refer to it from that book of sir. iii. Restart the server 1. #service named restart
c.

g.

CLIENT SIDE: Just edit the ip of the dns server in /etc/resolv.conf nameserver 172.16.10.2

MYSQL SERVER
i. ii. iii. iv. v. vi. vii. viii. ix. x.

xi. xii. xiii. xiv. xv. xvi. xvii. xviii. 7.

Check or query the system #rpm qa | grep mysql-* To install mysql server install all mysql packages #rpm ivh mysql.rpm -> all packages the name of rpm is not correct in this so whatever you find in the list install those. Start the server #service mysqld start Configuration file is in /etc/my.cnf Location of all databases will be in /var/lib/mysql/ Which can be changed by editing location in /etc/my.cnf file To set mysql admins password we use(first time ) #mysqladmin -u root password myprecious -> myprecious is my passwd. To login into the mysql database using terminal #mysql u root p Then enter the password and you get a prompt mysql> mysql>create database test; -> to create a database mysql>show databases; -> to show database mysql>use test ; ->to make test as current database to be used . mysql> mysqldump u root p opt all-databases > /home/bill/mysql_backup

FIREWALL
a.

Firewall commands(NOTE : before trying out any command I recommend to flush all previous rules) i. Install iptables #rpm ivh iptables.rpm ii. Flush all rules #iptables -F iii. View list of rules #iptables L iv. To disallow all the incoming packets #iptables -A INPUT -j REJECT v. Request timed out #iptables -A INPUT -j DROP

vi. Accept only ping reject everything else

#iptables -A INPUT -p icmp -j ACCEPT #iptables -A INPUT -j DROP vii. To allow only a particular user to access to website at port 80 #iptables -A -s 172.16.40.112 -p TCP -dport 80 -j ACCEPT #iptables -A INPUT -j DROP viii. To disallow only a particular user to access to website at port 80 #iptables -A -s! 172.16.40.112 -p TCP -dport 80 -j ACCEPT #iptables -A INPUT -j DROP ix. Ping request and response to avoid ping of death attack 1. #iptables A OUTPUT -p icmp - -icmp-type echo-request -j ACCEPT <-> Allow pinging from my machine 2. #iptables -A INPUT -p icmp - -icmp-type echo-reply -j ACCEPT <->accept replies to my pings 3. #iptables -A INPUT -p icmp -j DROP <-> drop all incoming ping request

b.

SNAT
i. Format :

#iptables t filter A INPUT -J DROP


ii. #iptables -t nat -A POSTROUTING -s 172.16.0.0/16 -j MASQUERADE iii. #iptables -t nat -A POSTROUTING -s 172.16.0.0/16 -j SNAT - -to

202.1.1.1
c.

DNAT
i. #iptables -t nat -A POSTROUTING -d 202.1.1.2 -j DNAT - -to

172.16.40.2