Wednesday, 23 September 2015

1. Redhat Linux : RHCE 6

1. Redhat Linux : RHCE 6


UNIX Developed in 1973 by Dennis Ritchie and Kennth Welsh

Features of Unix:

1. Multi taskiing
2. Multi user capability
3. Security (System level-Users & pwds, File level- rwx)
4. Portability(HW independent)
5. Help
6. Open source code

UNIX Flavours:

UNIX  - UNIX    - UFS (Unix Filesystem)
SunSolaris  - Sun Micro Systems -> Oracle - ZFS (Zeta Filesystem)
IBM   - IBM AIX   - JFS (Journalized FS)
HPUX  - HP Unix   - HPFS (High Performance FS)
Redhat   - RHEL    - ext2, ext3, ext4 Filesystems

Redhat Linux:

Linux flavours:
1. Fedora 
2. Debian 
3. Ubuntu 
4. CentOS 
5. MacOS

Certifications: 
 
RHCSA  - 2.5 Hrs 210 outof 300 for pass
RHCE  - 2 Hrs 210 outof 300 for pass


     Intoduction to Linux
     
Basic Commands:

pwd    : present working directory
hostname
whoami
who am i
tty(terminal type)
who
uname -a
cd
echo $0    : display the current shell
csh
bash
cat /etc/shells
cp /etc/passwd /tmp/passwd
grep --color root /tmp/passwd : highlights 'root'
grep ^root /tmp/passwd  : line starts with root
grep /bin/bash$ /tmp/passwd : line end with /bin/bash
grep -v /bin/bash$ /tmp/passwd : line which doesnot end with /bin/bash
grep -c /bin/bash$ /tmp/passwd : count the lines ending with /bin/bash
grep -n /bin/bash$ /tmp/passwd : give the line number
cut -c 1-4 filename  : cut first 4 characters from each line
cut -d: -f1,2,3 filename : cut the first three fields of the content
tr    : translates lower case to upper or viceversa
head    : display first n lines
tail    : display last n lines
more    : open a page without up/down arrows
less    : open a page with up/down arrows
find    : find files or folders
sort -u filename  : sort in alphabetical order
sort      
find . -atime +1  : find by time
find . -name *.*  : find by name
find . -size +1024c  
who | tee lsout   : tee outputs to file and screen

grep -v ^$   : to display all lines except blank lines
touch test{1..100}  : to create test1 - test100 files

* 64 GUI terminals are possible in Linux 6.4
* GUI terminals are called pts(psuedo terminals)
* CLI terminals from F1 to F6 are called tty


     Installation:
     
Stand alone - CD/DVD
Newtwork - Using network(Image from a storage server)

ks.cfg - kickstart configuration used for automate installation in many servers from storage server.
(Solaris it is called jumpstart)

Stand ALone: 
 
Partitions:
 
  /  - root (min 8 GB)
  /boot - boot files (min 100mb)
  swap - virtual memory(doubl the ram upto a limit)


* NTP - Network Type Protocol. Used for time synchronization. 3 NTPs all over the world.
* PXE - should be enabled for network installation
* SCSI, CATA, PATA, SATA, IDE(Intergrated Device Envt)
 IDE  - hda, hdb(hd)
 SCSI, SATA, ATA - sda, sdb(sd)
* bootloader will be installed in /boot
* pre-installation and post installation (before and after removing installation media)
* kdump is used for kernel recovery and is sored in /boot

     Linux System Structure:
     

1. Hardware
2. Kernel
3. Shell
4. Users

  Types of shells:

  sh shell - bourne shell
  bash shell - bourne again shell(Default shell in Linux)
  ksh shell 
  csh shell
  tcsh shell
  nologin shell
  zsh shell 

 Features of bash shell:

  tab completion
  # for root
  $ normal user

 Kernel Functions include:

  Job scheduling
  Process management
  Memory management
  Network Managemnt


GNOME - GNU Object Model Envt

* Kernal is the hard core of the OS
* 32 and 64 kernels are available
* Shell are of login shell and no-login shell
* /etc/shells : contains shells installed
* echo $0 gives the shell logged in
* you can change from any shell to any other shell
* /etc/profiles stores profile details(aliases can be done here)
* /etc/bashrc for all users and .bashrc for normal users.

Sunday, 23 August 2015

2. Redhat Linux : RHCE 6

2. Redhat Linux : RHCE 6

 
 
Linux Booting Process:


Power on ---> SMPS ---> BIOS ---> Processor ---> POST ---> Peripeherals & MBR (446B of boot info + 64B of partition info + 
2B OS Sign) ---> GRUB(Grand Unified Boot Loader)(GRUB Stage 1, Stage 1.5, Stage 2) ---> /etc/grub.conf ---> /etc/inittab --->
/etc/inittab ---> /etc/rc.d ---> /etc/rc.d/rc5.d ---> /etc/rc.d/rc.local ---> Login Shell 


POST:
----
* Power On Self Test is the process where the processor check itself.
* After that two process occurs, including MBR and Peripherals check

MBR :
---
* Master Boot record = 512 Bytes
* MBR contains information about booting, partitions and OS signature

GRUB :
----
* GRUB stage 2 hits the /etc/grub.conf file which stores the kernel information.

/etc/grub.conf :
--------------
* default=0 is the default kernel number to load.
* timeout=5 is the timeout to select the kernel in Secs.
* vmlinuz is the kernel image

/etc/inittab :
------------
* Initialization process.
* It selects the runlevel type, id=5:init.default
  Run level types:
   0 Shutdown
   1 Single user(root)
   2 Multi user without NFS
   3 Multi user with NFS
   4 Not assigned
   5 GUI
   6 Reboot

Booting without root password:
-----------------------------
* Boot in single user mode(rescue mode) and change the password(ESC + e + e + 1 + b)
 Interrupt kernel by pressing 'Esc' while booting
 Then goto edit mode by pressing 'e'
 If it is grub password protected type 'p' for giving password
 Then select the kernel and press 'e'
 Then type 1 to goto runlevel 1, that is single usermode.
 Then type 'b' for booting

* Type 'grub-md5-crypt' to encrypt /etc/grub.conf
* Goto /etc/grub.conf
 under hidden menu type 'password --<password given by last command>'

/bin  : normal user executable commands
/sbin : root user
/etc : system config files
/home : default home directory, user datas
/usr : unix system resource files(man pages)
/lib : library files
/dev : device config files(hw related infos) 
/tmp : temporary files(upto 10 days)
/media : removable medias
/proc : kernel related info, command line etc
/opt : third party packages info
/boot : booting info
/var : variable messages

Links :
-----
Softlink
 create a shorcut
 diff inode value
 no memory waste
 once deleted affect other links also but once any link is deleted it wont affect source
 for files only
 ln -s filename linkname
 it wll be listed as l type file
Hardlink
 create a copy of the file
 same inode value
 higher memory utilization
 if any one deleted would not affect the other
 can be used for files and directories
 ln filename linkname
 it wll be listed as - type file

Permissions :
-----------

default for directory : 755 
default for files  : 644

Initial permissions for files   : rw-rw-rw-
umask value is subtracted to get deault value : 6 6 6 - 0 2 2 = 6 4 4 rw-r--r--

Initial permissions for directories  : rwxrwxrwx
umask value is subtracted to get deault value : 7 7 7 - 0 2 2 = 7 5 5 rwxr-xr-x

user -u
group -g
others -o
all -a
read -r,4
write -w,2
execute -x,1
add +
remove -
chmod : to change the basic permissions of files and directories
chown : to change the file ownership
chgrp : to change the group ownership

suid(setv user id) is used for commands  : give 4 for anyone can access the command
guid(group user id) is used for directories : 2 give group members to access newly added childs of the directory
stickybit is used to remove delete permissions : 1 give others all permissions but they cannot delete it

ACL:
---
* Access Control List

setfacl -m u:username:rwx filename  : to give permission to a particular user only
setfacl -m g:usergroup:rwx filename  : to give permission to a particular group only  
getfacl filename    : to get file access control list
setfacl -x u:username filename   : to remove permission given to a particular user only
setfacl -x g:usergroup:rwx filename  : to remove permission given to a particular group only

x - remove
m - modify
u - user
g - group

User administration:
-------------------
Super user uid=0   gid=0
System user uid=1-499 gid=1-499
Normal user uid=500-60000 gid=500-60000

Super User:
 admin
 /root
 /bin/bash
System User:
 system apps
 no home directory
 nologin
 /sbin/nologin
Normal User:
 normal users
 /home/user_name
 /bin/bash

* /etc/passwd stores the user related informations
/etc/passwd conatins 7 fields:
 login ID
 Password place holder
 UID
 GID
 comments
 home directory
 login shell

* /etc/shadoe file stores password related info
/etc/passwd contains 9 fields:
 Login ID
 encrypted password
       ----------------------------------password ageing field
 Last password change
 min
 max
 warning
 Inactive
 Expire
       -----------------------------------
 Reserved field

* useradd -u uid -d /home -c comment -s /bin/bash username
* usermod to modify
* userdel -rf to delete
* groupadd group_name
* gpasswd -a username groupname   : add a user to group
* gpasswd -d username groupname   : delete
* groupdel groupname    : delete group
* /etc/group stores the group related info
* passwd -l username    : to lock the password for any user(!! in /etc/shadow will show locked status)
* passwd -u username    : to unlock the passwd
* chage -l username    : to list user related info
* chage -m min_days -M max_days -W warn_days -I Inactiv_days username
* useradd -g ibm swe    : to create user with primary group ibm
* useradd -G ibm swe    : to create user with secondary group ibm

* sudo  : super user do
* sudo commands are stored in /etc/sudoers

/*
Commands for the day:
--------------------
* chmod
* chown
* chgrp
* setfacl -m u:username:rwx filename
* setfacl -m g:usergroup:rwx filename  
* getfacl filename
* setfacl -x u:username filename
* setfacl -x g:usergroup:rwx filename
* useradd -u uid -d /home -c comment -s /bin/bash username
* usermod to modify
* userdel -rf to delete
* groupadd group_name
* gpasswd -a username groupname
* gpasswd -d username groupname
* groupdel groupname
* passwd -l username
* passwd -u username
* chage -l username
* chage -m min_days -M max_days -W warn_days -I Inactiv_days username
* useradd -g ibm swe    
* useradd -G ibm swe    
*/

2. Redhat Linux : RHCE 6

2. Redhat Linux : RHCE 6

 
 
Linux Booting Process:


Power on ---> SMPS ---> BIOS ---> Processor ---> POST ---> Peripeherals & MBR (446B of boot info + 64B of partition info + 
2B OS Sign) ---> GRUB(Grand Unified Boot Loader)(GRUB Stage 1, Stage 1.5, Stage 2) ---> /etc/grub.conf ---> /etc/inittab --->
/etc/inittab ---> /etc/rc.d ---> /etc/rc.d/rc5.d ---> /etc/rc.d/rc.local ---> Login Shell 


POST:
----
* Power On Self Test is the process where the processor check itself.
* After that two process occurs, including MBR and Peripherals check

MBR :
---
* Master Boot record = 512 Bytes
* MBR contains information about booting, partitions and OS signature

GRUB :
----
* GRUB stage 2 hits the /etc/grub.conf file which stores the kernel information.

/etc/grub.conf :
--------------
* default=0 is the default kernel number to load.
* timeout=5 is the timeout to select the kernel in Secs.
* vmlinuz is the kernel image

/etc/inittab :
------------
* Initialization process.
* It selects the runlevel type, id=5:init.default
  Run level types:
   0 Shutdown
   1 Single user(root)
   2 Multi user without NFS
   3 Multi user with NFS
   4 Not assigned
   5 GUI
   6 Reboot

Booting without root password:
-----------------------------
* Boot in single user mode(rescue mode) and change the password(ESC + e + e + 1 + b)
 Interrupt kernel by pressing 'Esc' while booting
 Then goto edit mode by pressing 'e'
 If it is grub password protected type 'p' for giving password
 Then select the kernel and press 'e'
 Then type 1 to goto runlevel 1, that is single usermode.
 Then type 'b' for booting

* Type 'grub-md5-crypt' to encrypt /etc/grub.conf
* Goto /etc/grub.conf
 under hidden menu type 'password --<password given by last command>'

/bin  : normal user executable commands
/sbin : root user
/etc : system config files
/home : default home directory, user datas
/usr : unix system resource files(man pages)
/lib : library files
/dev : device config files(hw related infos) 
/tmp : temporary files(upto 10 days)
/media : removable medias
/proc : kernel related info, command line etc
/opt : third party packages info
/boot : booting info
/var : variable messages

Links :
-----
Softlink
 create a shorcut
 diff inode value
 no memory waste
 once deleted affect other links also but once any link is deleted it wont affect source
 for files only
 ln -s filename linkname
 it wll be listed as l type file
Hardlink
 create a copy of the file
 same inode value
 higher memory utilization
 if any one deleted would not affect the other
 can be used for files and directories
 ln filename linkname
 it wll be listed as - type file

Permissions :
-----------

default for directory : 755 
default for files  : 644

Initial permissions for files   : rw-rw-rw-
umask value is subtracted to get deault value : 6 6 6 - 0 2 2 = 6 4 4 rw-r--r--

Initial permissions for directories  : rwxrwxrwx
umask value is subtracted to get deault value : 7 7 7 - 0 2 2 = 7 5 5 rwxr-xr-x

user -u
group -g
others -o
all -a
read -r,4
write -w,2
execute -x,1
add +
remove -
chmod : to change the basic permissions of files and directories
chown : to change the file ownership
chgrp : to change the group ownership

suid(setv user id) is used for commands  : give 4 for anyone can access the command
guid(group user id) is used for directories : 2 give group members to access newly added childs of the directory
stickybit is used to remove delete permissions : 1 give others all permissions but they cannot delete it

ACL:
---
* Access Control List

setfacl -m u:username:rwx filename  : to give permission to a particular user only
setfacl -m g:usergroup:rwx filename  : to give permission to a particular group only  
getfacl filename    : to get file access control list
setfacl -x u:username filename   : to remove permission given to a particular user only
setfacl -x g:usergroup:rwx filename  : to remove permission given to a particular group only

x - remove
m - modify
u - user
g - group

User administration:
-------------------
Super user uid=0   gid=0
System user uid=1-499 gid=1-499
Normal user uid=500-60000 gid=500-60000

Super User:
 admin
 /root
 /bin/bash
System User:
 system apps
 no home directory
 nologin
 /sbin/nologin
Normal User:
 normal users
 /home/user_name
 /bin/bash

* /etc/passwd stores the user related informations
/etc/passwd conatins 7 fields:
 login ID
 Password place holder
 UID
 GID
 comments
 home directory
 login shell

* /etc/shadoe file stores password related info
/etc/passwd contains 9 fields:
 Login ID
 encrypted password
       ----------------------------------password ageing field
 Last password change
 min
 max
 warning
 Inactive
 Expire
       -----------------------------------
 Reserved field

* useradd -u uid -d /home -c comment -s /bin/bash username
* usermod to modify
* userdel -rf to delete
* groupadd group_name
* gpasswd -a username groupname   : add a user to group
* gpasswd -d username groupname   : delete
* groupdel groupname    : delete group
* /etc/group stores the group related info
* passwd -l username    : to lock the password for any user(!! in /etc/shadow will show locked status)
* passwd -u username    : to unlock the passwd
* chage -l username    : to list user related info
* chage -m min_days -M max_days -W warn_days -I Inactiv_days username
* useradd -g ibm swe    : to create user with primary group ibm
* useradd -G ibm swe    : to create user with secondary group ibm

* sudo  : super user do
* sudo commands are stored in /etc/sudoers

/*
Commands for the day:
--------------------
* chmod
* chown
* chgrp
* setfacl -m u:username:rwx filename
* setfacl -m g:usergroup:rwx filename  
* getfacl filename
* setfacl -x u:username filename
* setfacl -x g:usergroup:rwx filename
* useradd -u uid -d /home -c comment -s /bin/bash username
* usermod to modify
* userdel -rf to delete
* groupadd group_name
* gpasswd -a username groupname
* gpasswd -d username groupname
* groupdel groupname
* passwd -l username
* passwd -u username
* chage -l username
* chage -m min_days -M max_days -W warn_days -I Inactiv_days username
* useradd -g ibm swe    
* useradd -G ibm swe    
*/

Thursday, 23 July 2015

3. Redhat Linux : RHCE 6

3. Redhat Linux : RHCE 6

 
 
Giving sudo privilage to users:
------------------------------
1. edit /etc/sudoers using 'visudo -f /etc/sudoers' command
 Line 21 : User_Alias GROUP_NAME = User_name1, User_name2, ...
 Line 37 : Cmnd_Alias CMD = /usr/sbin/command, ...
 Line 38 : GROUP_NAME ALL = CMD
* By doing this, the users in the group will get the previlage to do the specified commands.

2. edit /etc/sudoers using 'visudo -f /etc/sudoers' command
 add '%groupname ALL=(ALL) ALL'
* This will give complete root permission for all the group members.

Filesystem:
----------
* ext4 is used rhel6
* IDE will be listed as /dev/hda
* Other devoces like sata, ata, scsi will be listed as /dev/sda
* FS types:
 Disk based : ext4, NTFS
 Pseuodo based : swap
 Network based : NFS

* IBM PC Rule:
 Only 4 primary partitions are possible in any harddsiks.
 So first 3 will be as primary and next will be made extended for more number of partitions.
 Extended partitons can be from sda5-sda15
 These are called as logical partitions

* Partition IDs:
 Swap  : 82
 Extended : 83
 LVM  : 8e

* fields in /etc/fstab:
 /dev/sdb5(device) mountpoint(/mnt)  filesystem_type(ext4)  user_permissions(defaults)  dump(0,1)  fsck(0,1)
* update these for permenant mounting

eg:- Delete swap area and resize it

1. fdisk /dev/sda
 p
 d
  'n'
 w
 n
  default starting cylinder
  +3G
 w
2. fdisk /dev/sdx
 t
  'n'
 82
 w
3. mkswap /dev/sdx
4. vim /etc/fstab
 add : /dev/sdax               swap                    swap    defaults        0 0

5. partprobe /dev/sdx
6. reboot

Encrypting the harddisk with LUKS:
---------------------------------
* Linux Unified Key Setup is to setup password security for harddisk drives.
* edit in /etc/crypttab
 name /dev/sdx
* edit in /etc/fstab(not sure, trainer not explained)
* cryptsetup luksOpen dev/sdx name
* cryptsetup luksClose name

# /* MAKE THE PARTITION IN LINUX LVM FORMAT */

      Logical Volume Manager
      ----------------------

* flexible storage
* hard disks form physical volumes which forms Volume groups which can create logical volumes
* max no of PVs possible is 256 to form a VG
* max no of LVs from a VG is 256

1. Creating a Physical Volume:
-----------------------------
* create some free partitons, say /dev/sdax, /dev/sday
* make the partition types as Linux LVM(8e)
 fdisk /dev/sdx
 select the partition
 type 't'
 type '8e'
 Do it for all PV partitions
* pvcreate /dev/sdax /dev/sday ....

2. Creating a Volume group:
--------------------------
* vgcreate vg_name /dev/sdax /dev/sday ....
* vgdisplay vg_name
* vgcreate -s 8 vg_name /dev/sdx /*Create a VG with PE=8M(Physical Extend or Physical Partition)*/

3. Extending a VG:
-----------------
* pvcreate /dev/sdax /*Create a new Linux LVM partition(PV) to add to vg*/
* vgextend vg_name /dev/sdax

4. Creating a Logical Volume:
----------------------------
* lvcreate -n lv_name -l 20 vg_name
* lvdisplay /dev/vg_name/lv_name
* mkfs.ext4 /dev/vg_name/lv_name
* mount /dev/vg_name/lv_name /mount_point

5. Extending an LV:
------------------
* lvextend -L +100M /dev/vg_name/lv_name
* lvextend -l +5 /dev/vg_name/lv_name
* resize2fs -p /dev/vg_name/lv_name

6. Reducing an LV:
------------------
* umount /mount_point
* e2fsck -f /dev/vg_name/lv_name
* resize2fs -p /dev/vg_name/lv_name 'n'M
* lvreduce -l -10 /dev/vg_name/lv_name

7. Reducing a VG:
----------------
* vgreduce vg_name /dev/sdax /*Remove a PV from VG*/

8. Removing LV:
--------------
* lvremove /dev/vg_name/lv_name

9. Removing VG:
--------------
* vgremove vg_name

10. Removing PV:
---------------
* pvremove /dev/sdx /dev/sdy /dev/sdz

11. To list PV, VG and LV:
-------------------------
* pvs
* vgs
* lvs


/*
Commands for the day:
--------------------

* free -m   : to see the free spaces in swap
* mkswap /dev/sdax : to create swap
* swapon /dev/sdax : mount swap temporarily
* swapoff /dev/sdax : unmount swap
* fdisk /dev/sda : to edit partitons
* partprobe /dev/sda : command for re-reading the partition table
* lvremove /dev/VG1/LV1 
* df -hT
* vgremove VG1
* pvremove /dev/sda7 /dev/sda8 /dev/sda9
* pvs
* vgs
* lvs
*/

Friday, 26 June 2015

4. Redhat Linux : RHCE 6

4. Redhat Linux : RHCE 6

 
Packages Installation 
 
RPM (Redhat Packet Management)
------------------------------
* do not resolve dependencies
* installation package should be in the pwd

YUM (Yellowdog Update Management)
---------------------------------
* resolve dependencies itself
* install from the network
* configure yum:
 Install vsftp and createrepo
 Copy packages to /var/ftp/pub/anyname(if you want to access from other clients)
 Run createrepo command 'createrepo /var/ftp/pub/anyname'
 Create /etc/yum.repos.d/packages.repo and include:
  [server]
  name=packages.repo
  baseurl=ftp://192.168.x.x/pub/anyname
  enabled=1
  gpgcheck=0
 Restart vsftp using 'service vsftp restart'

vsftpd:
------
* very secure ftp
* used to network install using yum
      Job Scheduling
      --------------
3 Types:
-------
* cron  : periodically
* anacron : different periods
* at  : one time

fields in crontab:
-----------------
  minutes  hours days of month month Days of week 
eg: */1  * *  * *  echo "Hello" > /dev/pts/4
eg: 06  15 26  * *  sh script.sh > /root/cron_out

* all the users can schedule the crone and at jobs by default
* to deny permission for any user add user in /etc/cron.deny
* to deny permission for any user add user in /etc/at.deny

Updating Kernel:
---------------
* rpm -ivh kernel.rpm
* vim /etc/grub.conf and edit as
 default=1
* yum update

/*
Commands for the day:
--------------------

* rpm -ivh packageName.version.release.arch.rpm  : installs the package
* rpm -q package      : queries the package
* rpm -qd package     : document of the package
* rpm -e package     : removes the package
* yum install package     : to install packages
* yum remove package     : removes the package
* yum info package     : gives info about the package
* yum update      : update the system
* crontab -e      : add cron jobs
* crontab -e -u username    : add cron jobs for any user
* crontab -l      : list all cron jobs
* crontab -r      : remove cron jobs
* at now      : schedule at current time
* at 23:59      : schedule at user defined time
* at -l       : list all scheduled jobs
* at -r       : remove all scheduled 'at' jobs
* createrepo /var/ftp/pub/anyname   : create local installation repository
* service vsftp restart     : restart vsftp service
*

Tuesday, 26 May 2015

5. Redhat Linux : RHCE 6


5. Redhat Linux : RHCE 6

 
 
 
Networking
      
Clases in Network
-----------------
* Class A : 1-126  netmask:255.0.0.0
* Class B : 128-191 netmask:255.255.0.0
* Class C : 192-223 netmask:255.255.255.0
* Class D : 224-239 netmask:no netmask
* Class E : 240-254 netmask:no netmask
* loopback address : 127.0.0.0
* broadcast address : 255.255.255.255

Hostname
--------
* change permenanlty in /etc/sysconfig/network
* /etc/sysconfig/network-scripts/ifcfg-eth0 stores ifconfig details of eth0
* /etc/sysconfig/network-scripts/ifcfg-eth1 stores ifconfig details of eth1
* /etc/resolve.conf stores DNS details 
* /etc/services stores port infos
* /etc/rc5 stores apps to be started at shell startup and ending

      Network Services
      ----------------
NFS (Network File Sharing Service)
----------------------------------
* used for UNIX to UNIX file sharing(NFS V3)
* port used by NFS is 2049
* package for NFS is nfs-utils
* daemon(process that runs continoeusly in the background) is nfs
* /etc/exports stores the files to be shared
 /store(directory to share) domain.com(rw,sync)
 /store(directory to share) desktop1.domain.com(rw,sync)
 /store(directory to share) ip (rw,sync)
 /store(directory to share) 192.168.0.1/24(rw,sync)
 /store(directory to share) 192.168.0.1-12(rw,sync)
* well-known ports : connection oriented(tcp)
* short service ports : udp
* ping command sends ICMP packets
 Steps to do:
 -----------
 1. Go to server and edit /etc/exports file:
  /directory_to_share client_ip(rw,sync)
  service nfs restart
 2. Go to client and see 'showmount -e server_ip'
  create a directory and mount it
  mount -t nfs server_ip:/directory_shared /new_directory@client

Auto File System:
----------------
* used for Unix to unix file sharing
* files need to be shared should be placed any where
* give the location in /etc/auto.misc
* enable the changes update in /etc/auto.master

CIFS (Samba)
------------
* used for UNIX to Windows file sharing and NFS V4

vsftpd:
------
* used for UNIX to UNIX file sharing
* Very secure file transfer protocol
* port 21
* config file /etc/vsftpd/vsftpd.conf
* place sharing files in /var/ftp/pub

httpd:
-----
* used for UNIX to UNIX file sharing
* port 443 for https

ssh:
---
* Secure shell uses port 22 and RSA algorithm for encryption
* open-ssh package
* to get documents sshd
* /etc/ssh/ssh_config is the config file:
 DenyUsers user1,user2
 AllowUsers user1,user2
* scp(secure copy)
 scp source destination
 scp /root/file root@192.168.x.x:/file
 scp root@192.168.x.x:/file  /root/file 
* ssh without password:
 ssh-keygen at client side produce public keys and private keys at /.ssh
 copy public key to server using 'ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.x.x'
 /etc/ssh/sshd_config edit for permitrootlogin=yes and login without password enabled

telnet:
------


/*
Commands for the day:
--------------------
* ethtool eth0      : checks the physical connectivity of network
* ifconfig etho ipaddress    : set static ip 
* ifup eth0      : eth0 enable
* ifdown eth0      : eth0 disable 
* ping ipaddress     : ping status
* ping 0       : loopback ping
* chkconfig nfs      : used for enabling at start level
* chkconfig nfs on     : used for enabling at start level in the present run level
* chkconfig --level 34 nfs off    : used for disabling at levels 3 and 4
* chkconfig --level 34 nfs on    : used for enabling at levels 3 and 4
* chkconfig --list nfs     : used for listing all levels
* service nfs restart     : restart nfs
* showmount -e server_ip    : shows the nfs files shared by server
* mkdir directory
* mount -t nfs server_ip:/store directory  : to mount the nfs shared files in the client
* system-config-network     : GUI tool to configure networking(permenant)
* service autofs reload     : restart autofs
* scp source destination    : secure copy
*

Sunday, 26 April 2015

6. Redhat Linux : RHCE 6

6. Redhat Linux : RHCE 6



Apache
------

* local host send webaddres to DNS which returns IP and local host search in network for it which then returns some 
acknowledgement to the IP wich is send to DNS by the host again returns into the local host
* httpd is used for this
* port 80
* config file: /etc/httpd/conf/httpd.conf
* Document: /var/www/html
* Index directory : index.html
* service httpd start
* chkconfig httpd on

Steps to do for website:
-----------------------
 1. Goto /etc/httpd/conf/httpd.conf
  go to line 1000 and copy
   <VirtualHost nooh:80>
       ServerAdmin root@nooh
       DocumentRoot /var/www/html
       ServerName nooh
       ErrorLog logs/nooh-error_log
       CustomLog logs/nooh-access_log common
   </VirtualHost>
 2. Create html page on /var/www/html/index.html
 3. go to /etc/hosts
  ip_address hostname
 4. go to /etc/resolv.conf
  search hostname
 5. check for errors 'httpd -t'
 6. service httpd restart

Steps to do for extended website:
--------------------------------
 1. Goto /etc/httpd/conf/httpd.conf
  go to line 1000 and copy
   <VirtualHost nooh:80>
       ServerAdmin root@nooh
       DocumentRoot /var/www/html/extended/
       ServerName nooh
       ErrorLog logs/nooh-error_log
       CustomLog logs/nooh-access_log common
   </VirtualHost>

 2. Create html page on /var/www/html/extended/index.html
 3. go to /etc/hosts
  ip_address hostname
 4. go to /etc/resolv.conf
  search hostname
 5. check for errors 'httpd -t'
 6. service httpd restart

Steps to do for virtual website:
--------------------------------
 1. Goto /etc/httpd/conf/httpd.conf
  go to line 990 and copy
   NameVirtualHost ip_addres:80
  go to line 1000 and copy
   <VirtualHost ibm.com:80>
       ServerAdmin root@ibm.com
       DocumentRoot /var/www/virtual
       ServerName ibm.com
       ErrorLog logs/ibm.com-error_log
       CustomLog logs/ibm.com-access_log common
   </VirtualHost>

 2. Create html page on /var/www/virtual/index.html
 3. go to /etc/hosts
  ip_address hostname
 4. go to /etc/resolv.conf
  search hostname
 5. check for errors 'httpd -t'
 6. service httpd restart

      Samba
      -----

* config file: /etc/samba/smb.conf
* context: samba_share_t

Steps to do to setup share folder:
---------------------------------
 1. goto line 297 /etc/samba/smb.conf
         [ibm]
          comment = Public Stuff
         path = /samba_share
         public = yes
         Browseable = yes
         Valid users = Natasha
         writable = yes

 2. ls -Zd /common/
 3. chcon -t samba_share_t /common/
 4. getsebool -a | grep samba
 5. setsebool -P samba_create_home_dirs=1
 6. setsebool -P samba_enable_home_dirs=1
 7. setsebool -P samba_export_all_ro=1
 8. setsebool -P samba_export_all_rw=1
 9. setsebool -P use_samba_home_dirs=1
 10. service smb restart
 11. chkconfig smb on
     At client end:
 1. smbclient -L //server_ip
 2. smbclient //server_ip/public_name (if it is public for all)
 3. smbclient //server_ip/public_name -U username

Steps to enable a particular user alone:
---------------------------------------
 1. goto /etc/samba/smb.conf
  
 2. smbpasswd -a Username
 3. service smb restart

      Mail Server
      -----------

* Sender to MTA(Mail Transfer Agent) to n/w to MDA(Mail Delivery Agent) to Reciever
* port : 25
* config file : /etc/config/main.cf
* package : postfix
* service postfix start
* service postfix status
* chkconfig postfix on
* for mail forwarding edit /etc/postfix/virtual

      SELinux
      -------
* Security Enhanced Linux
* security + logs - enforcing mode
* no security + logs - permissive mode
* no security + no logs - disabled mode
* to switch from enforcing to permissive and viceversa set 'setenforce 0'(permissive) and 'setenforce 1'(enforcing)
* to disable goto /etc/sysconfig/selinux and edit
* getenforce to get the status
* setsebool to set booleans
* getsebool to get the status of booleans
* /var/log/audit/audit.log stores the logs on these
* context are also called as label

Steps to do:in /etc/postfix/main.cf
 1. line no 75
  myhostname host_name
 2. mydomain = domainname
 3. uncomment 98,99,112,113,114
 4. comment 115
 service postfix restart

/*to do in rescue mode
 3 
mount -o -rw vmount /
*/

/*
Commands for the day:
--------------------
* httpd -t
* chcon -t samba_share_t /common/
* getsebool -a | grep samba
* setsebool -P samba_create_home_dirs=1
* smbclient -L //server_ip
* smbclient //server_ip/public_name (if it is public for all)
* smbpasswd -a Username
* service postfix start
* service postfix status
* getenforce to get the status
* setsebool to set booleans
* getsebool to get the status of booleans
*/

Tuesday, 31 March 2015

7. Redhat Linux : RHCE 6

7. Redhat Linux : RHCE 6


Firewall
      
* iptables used to configure firewall settings
* iptables -t filter/NAT -I INPUT/OUTUT -s/-d Source_IP/Destination_IP -P tcp/udo/icmp --dport Destn_Port_No -j accept/reject/drop
* /etc/sysconfig/iptables
* 6535 ports are there in server
* /etc/services lists all the port infos

DHCP
* port 68
* range giving for dynamic IPs are called leases
* can be used for IPV4 and IPV6(dhcpd,dhcpd6)

Steps to do at server:
---------------------
1. yum install dhcp -y
2. cp /usr/share/doc/dhcp-4.1.1/dhcp.conf.sample /etc/dhcp/dhcpd.conf
3. vim /etc/dhcp/dhcpd.conf
 line 32 give 'subnet server_ip netmask netmask{ range start_IP End_IP}'
 comment all other lines except line 8,9,22, and 32
4. service NetworkManager restart
5. service network restart
6. route -n
7. route add default gw server_ip

Steps to do at client:
---------------------
1. service NetworkManager restart
2. service network restart
3. route add default gw 192.168.3.1

/*
Commands for the day:
--------------------
* iptables -t filter -I INPUT -s 192.168.2.0/24 -p tcp --dport 22 -j REJECT
* iptables -t filter -I INPUT -s 192.168.2.0/24 -p icmp -j REJECT
* service iptables save
* nslookup ip
* dig ip
* ps  : process status
* ps a  : process status
* ps u  : process status
* ps x  : process status
* top  : task manager
 pid
 user
 priority(depends on NI, inversily proportional)
 Nice value
 Virtualization Image
 residence value(RAM)
 Shared value(between swap and ram)
 Status
* renice -19 PID  : to re allocate nice value(+19 to -19)
* vmstat   : virtual memory statistics (eg. vmstat 2 5 :- 2 processes 5 programs)
* cat /proc/cpuinfo
* cat /proc/meminfo
* cat /proc/cmdline
* iostat
* sar   : system activity report
* ifconfig eth0:0

*/

Tuesday, 3 February 2015

8. Redhat Linux : RHCE 6

8. Redhat Linux : RHCE 6



Log files:
* variable messages are stored in /var file
* three types of logs:
 system logs ( /var/log/messages )
 secure logs ( /var/log/secure )
 kernel logs ( /var/log/dmesg )

* rsyslogd generates the logs in RHEL 6
* syslogd + klogd in RHEL 5
* 546 is the port for logs
* config file is /etc/rsyslog.conf
 2 fields:
  selector
  action
* NTP (Network time protocol) is used to maintain network time
* logrotate is used to reuse the same server in particular period after backup
* /etc/logrotate.conf
* /etc/hosts is called cache DNS
* Primary DNS:
* Secondary DNS: 
 to support primary, so it is called failover.
 also be used in load balancing
* Teritiary DNS:
 can be used as cache
* Domain server gives the local mounting(eg: gmail)
* LDAP : Light weight access protocol
* NIS(Network Information Storage) : Active directory for linux

ISCSI
* scsi-target-utils is the package
* tgtd is the service
* /etc/tgt/target.conf
Steps to do at server:
 1. fdisk /dev/sda
 2. partprobe /dev/sda
 3. pvcreate /dev/sdxy
 4. vgcreate vg1 /dev/sdxy
 5. lvcreate -n lv1 -L 460M vg1
 6. yum install scsi-target -y
 7. vim /etc/tgt/targets.conf
 8. service tgtd restart
 9. chkconfig iptables on

Steps to do at client:
 1. yum install scsi-target -y
 2. iscsiadm -m discovery -t st -p server_ip
 3. iscsiadm -m node -T iqn.2015-04.com.exapmle:server1.target1 -l
 4. fdisk -l
 5. iscsiadm -m node -T iqn.2015-16.com.example:server.target1 -u
 6. mount

TCP Wrappers
* /etc/hosts.allow stores the users to deny
 VSFTPD:server1.exapmle.com
* /etc/hosts.deny
 
Disk Quota
* to give some space reserved for users
* 2 limits:
 soft limits(if it cross the limit, say 1 GB, it will display warning and allow to create more files)
 hard limits(if it cross the limit, say 1 GB, it will not display warning and do not allow to create more files)
* edquota to edit quota
* repquota for listing quotas
/*
Commands for the day:
--------------------
* edquota username
*/

Saturday, 31 January 2015

9. Sample Test

9. Sample Test

 
Note : Please go through the parent posts 1-8 to know about this test. 
 

Q1. Create users Natasha, Harry and Sarah. Natasha and Harry should be member of secondary group admin and Sarah should not be the member. Sarah should have no interactive shell and password of all users are wakennym.

Q2. Create /common/adm. Group owner should be admin. Only admin group should have read write execute permission. Natasha and Harry should connect to /common/adm. Any file under /common/adm should have group admin.

Q3. Copy /etc/fstab to /var/tmp/fstab. Owner and group should be root. Natasha should be allowed to read and write and no one should be allowed to execute. And all others should be able to read the files. Harry should not be allowed to read or write.

Q4. Create the partition having 500 MB size and mount it in /mnt/backup.

Q5. Resize lvm from 100 MB to 300 MB

Q6. Configure swap of 700 MB

================================================================================
ANSWERS
Ans 1:  
    groupadd admin
    useradd -G admin Natasha
    passwd Natasha
    useradd -G admin Harry
    passwd Harry
    useradd -s /sbin/nologin Sarah

Ans 2:
mkdir -p /common/adm chgrp -R admin /common chmod -R 2070 /common

Ans 3:
cp -rvf /etc/fstab /var/tmp/fstab setfacl -m u:Natasha:rw /var/tmp/fstab setfacl -m u:Harry:000 /var/tmp/fstab setfacl -m u:Sarah:r /var/tmp/fstab
Ans 4: fdisk /dev/sda n 7 default +500M w mkfs -t ext4 /dev/sda7 mkdir /mnt/backup mount /dev/sda7 /mnt/backup
Ans 5: fdisk /dev/sda n 8 default +500M t 8 8e w pvcreate /dev/sda8 vgcreate VG1 /dev/sda8 lvcreate -n LV1 -l 25 VG1 mkfs.ext4 /dev/sda8 lvextend -L +200M /dev/VG1/LV1 resize2fs -p /dev/VG1/LV1
Ans 6: fdisk /dev/sda n 9 default +700M t 9 82 w mkswap /dev/sda9 swapon /dev/sda9

For any help;
noohppnoohpp@gmail.com