Linux Training Volume1

amandeepibm@yahoo.
com
Training Manual EduCARMA
11
1. OVERVIEW OF THE LINUX OPERATING SYSTEM 11
1.1. What is an Operating System? 11
1.1.1. Features of OS 12
1.2. Introduction to Linux Operating System 14
1.2.1. History of Linux 14
1.2.2. Linux kernel and distributions. 14
1.2.3. Open Source Nature of Linux 16
1.3. Structure of Linux OS and the linux kernel 16
1.3.1. Overview of the Linux OS and Kernel Structure 16
1.3.2. Modular kernel 19
2. BASICS OF LINUX 19
2.1. The Linux Shell 19
2.1.1. Types of linux shell 20
2.2. File System / Directory Structure 20
2.2.1. FileSystem Hierarchy Standard 20
2.3. Elementary Linux Commands 23
2.3.1. User/Group Management 23
2.3.2. Some basic linux commands 27
2.4. The X Window System 31
2.4.1. Running X 31
2.4.1.1). Starting X 32
2.4.1.2). Stopping X 33
2.4.2. Running a Program in X 33
2.4.3. Command Line Options to X Client 34
2.4.3.1). Specifying Window Size and Location 34
2.4.3.2). Specifying Window Colors 34

2.4.3.3). Running a Shell in X 35
3. FILE MANIPULATION AND MANAGEMENT 35
3.1. Files and Directories 35
3.1.1. Naming Files and Directories 35
3.1.2. Making an Empty File/Directory 36
3.1.3. Changing Directories 36
3.2. File Permissions 36
3.2.1. Concept of File Permissions and Ownership 36
3.2.2. Interpreting file permissions 37
3.2.3. File Permission Dependencies 38
3.2.3.1). User file-creation mode mask 39
3.2.4. Changing permissions 40
3.2.5. Understanding File Permissions Beyond "rwx" 41
3.2.5.1). 's' bit or 'Set User ID'/ SUID and 'Set Group ID' / SGID 41
3.2.5.2). 't' bit or 'Sticky' bit : 42
3.2.5.3). The Other Mysterious Letters - "d", "l", "b", "c", "p" 43
3.2.5.4). Setting SUID, SGID, sticky bit on a single file 43
3.3. Managing file links 43
3.3.1. Hard links 43
3.3.2. Symbolic Links 45
3.4. File ownership and Attributes 45
3.4.1. Determining the Ownership of a File 45
3.4.2. Changing the Ownership of a File 46
3.4.3. Determing the advanced attributes of a file 46
3.4.4. Changing advanced Attributes of a File 47
3.5. Finding Files 47
3.5.1. Finding All Files That Match a Pattern 47
3.5.2. Finding Files in a Directory Tree 48

3.5.2.1). Finding Files in a Directory Tree by Name 48
3.5.2.2). Finding Files in a Directory Tree by Size 48
3.5.2.3). Finding Files in a Directory Tree by Modification Time 49
3.5.2.4). Finding Files in a Directory Tree by Owner 50
3.5.2.5) Running Commands on the Files You Find 50
3.5.3. Finding Files in Directory Listings 50
3.5.3.1). Finding the Largest Files in a Directory 50
3.5.3.2). Finding the Smallest Files in a Directory 51
3.5.3.3). Finding the Smallest Directories 51
3.5.3.4). Finding the Largest Directories 51
3.5.3.5). Finding the Number of Files in a Listing 51
3.5.4. Finding Where a Command Is Located 52
3.6. Managing Files 52
3.6.1. Determining File Type and Format 52
3.6.2. Changing File Modification Time 53
3.6.3. Splitting a File into Smaller Ones 53
3.6.4. Comparing Files 54
3.6.4.1). Determining Whether Two Files Differ using 'cmp' 54
3.6.4.2). Finding the Differences between Files using 'diff' 54
3.6.4.3). Patching a File with a Difference Report 55
3.6.5. File Compression/Decompression 55
3.6.5.1). Compression/Decompression Tools 56
3.6.5.2). Archiving Files at the Shell Prompt 57
4. TEXT MANAGEMENT AND EDITORS 59
4.1. The 'vi' editor 59
4.1.1. Starting "vi" 60
4.1.2. Inserting text. 60
4.1.3. Deleting text 60
4.1.4. Changing text 61

4.1.5. Commands for moving the cursor 61
4.1.6. Saving files and quitting vi 61
4.1.7. Editing another file 62
4.1.8. Running shell commands 62
4.2. The Emacs Editor 63
4.2.1. Getting Acquainted with Emacs 63
4.2.1.1). Basic Emacs Editing Keys 63
4.3. The pico editor 65
4.4. The editor â€œjoeâ€ 66
4.5. Text Manipulation 66
4.5.1. Searching for Text 67
4.5.2. Matching Text Patterns using Regular Expressions 67
4.5.2.1). MetaCharacters and their meaning 68
4.5.2.2). Matching Lines Ending with Certain Text 69
4.5.2.3). Matching Lines of a Certain Length 69
4.5.2.4). Matching Lines That Contain Any of Some Regexps 70
4.5.2.5). Matching Lines That Contain All of Some Regexps 70
4.5.2.6). Matching Lines That Don't Contain a Regexp 70
4.5.2.7). Matching Lines That Only Contain Certain Characters 71
4.5.2.8). Using a List of Regexps to Match From 71
4.5.3. Searching More than Plain Text Files 71
4.5.4. Matching Lines in Web Pages 71
4.5.5. Searching and Replacing Text 72
5. MORE ABOUT SHELL & COMMAND LINE INTERFACE 72
5.1. Passing Special Characters to Commands 72
5.2. Letting the Shell Complete What You Type 72
5.3. Repeating the Last Command You Typed 73
5.4. Running a List of Commands 73

5.5. Redirecting Input and Output 73
5.5.1. Redirecting Input to a File 74
5.5.2. Redirecting Output to a File 74
5.5.3. Redirecting Error Messages to a File 74
5.5.4. Redirecting Output to Another Command's Input 75
6. BASICS OF LINUX SYSTEM ADMINISTRATION 75
6.1. Disks, Partitions and File Systems 75
6.1.1. Character and Block devices 75
6.1.2. Partitions/MBR 76
6.1.2.1). Why Partition Hard Drive(s) 76
6.1.2.2). Master Boot Record or MBR 77
6.1.2.3). Partitioning Scheme 78
6.1.2.4). Partition types 79
6.1.2.5). Partitioning a hard disk 80
6.1.2.6). Various Mount Points 80
6.1.2.7). Device files and partitions 83
6.1.3. FileSystems 83
6.1.3.1). Some of the Linux Filesystems 84
6.1.4. Software RAID 85
6.1.4.1). Advantages of using RAID 86
6.1.4.2). Hardware and Software RAID 86
6.1.4.3). Different Types of Raid Implementations 86
6.1.5. Logical Volume Manager (LVM) 91
6.2.RedHat Installation and Hardware Configuration 92
6.2.1. Preparing for Installation 92
6.2.1.1). Installation Disk Space Requirements 92
6.2.1.2). Installation Methods 93
6.2.1.3). Choosing the Installation Class 94
6.2.1.4). Hardware/System Information Required 95

6.2.2. RedHat Installation Procedure 96
6.2.2.1). Initial Installation Steps 97
6.2.3. Disk Partitioning Setup 98
6.2.3.1). Automatic Partitioning 98
6.2.3.2). Manual Partitioning Using Disk Druid 98
6.2.3.3). Recommended Partitioning Scheme 100
6.2.3.4). Adding Partitions 100
6.2.4. Boot Loader Configuration 101
6.2.4.1). Advanced Boot Loader Configuration 102
6.2.5. Network Configuration 103
6.2.6. Firewall Configuration 103
6.2.7. Language Support Selection 103
6.2.8. Time Zone Configuration 104
6.2.9. Set Root Password 104
6.2.10. Authentication Configuration 104
6.2.11. Package Group Selection 105
6.2.12. Boot Diskette Creation 105
6.2.13. Hardware Configuration 105
6.2.14. Installation Complete 106
6.3. System Administration Commands 106
6.3.1. Process Management 106
6.3.1.1). Process task_struct data structure 107
6.3.1.2). ps 111
6.3.1.3). top 112
6.3.1.4). pstree 114
6.3.1.5). kill 115
6.3.1.6). killall 116
6.3.1.7). fuser 116

6.3.1.8). pidof 116
6.3.1.9). skill 117
6.3.1.10). Background Process - & 117
6.3.1.11). nice 117
6.3.1.12). snice 118
6.3.1.13). /proc/$PID directory 118
6.3.2. System Startup and Shutdown 119
6.3.2.1). The Boot Process 119
6.3.2.2). The Init Program 120
6.3.2.3). Runlevels 122
6.3.2.4). System Processes 124
6.3.2.5). The Linux Login Process 126
6.3.2.6). Single â€“ User Mode 126
6.3.2.7). Shutting Down 127
6.3.3. Memory Management and Performance Monitoring 128
6.3.3.1). Virtual Memory / Swap Space 128
6.3.3.2). Swapping In and Swapping Out 129
6.3.3.3). Commands which show the current memory usage 129
6.3.3.4). Creating a swap space 129
6.3.3.5). Using a Swap Space 130
6.3.3.6). Disk Buffering/ Buffer cache 131
6.3.3.7). Direct Memory Access or DMA 132
6.3.3.8). Resource Monitoring Tools 133
6.3.4. Disk Management Tools 136
6.3.4.1). Listing a Disk's Free Space 136
6.3.4.2). Listing a File's Disk Usage 136
6.3.4.3). Partitioning a Hard Drive 137
6.3.5. File System Management 139
6.3.5.1). Creating a filesystem 139

6.3.5.2). Mounting/Unmounting File Systems, fstab & mtab 139
6.3.5.3). Checking File System Integrity 143
6.3.6. Disk Quota Management 144
6.3.6.1). Configuring and Implementing Disk Quotas on Partitions 145
6.3.6.2). Managing Disk Quotas 148
6.3.7. RAID Setup 149
6.3.7.1). Linear Raid Setup 150
6.3.7.2). RAID-0 Setup 151
6.3.7.3). RAID-1 Setup 152
6.3.7.4). RAID-5 Setup 153
7. NETWORKING AND NETWORK SERVICES 153
7.1. Networking Overview 153
7.1.1. OSI Reference Model 153
7.1.2. TCP/IP Networks 155
7.1.2.1). Layers in the TCP/IP Protocol Architecture 156
7.1.3. LAN Network 156
7.1.3.1). Area Networks 156
7.1.3.2). LAN Basics 157
7.1.3.3). LAN Protocols and the OSI Reference Model 158
7.1.3.4). LAN Media-Access Methods 159
7.1.3.5). LAN Transmission Methods 161
7.1.3.6). LAN Topologies 161
7.1.3.7). LAN Devices 163
7.1.4. WAN Basics 166
7.1.4.1). WAN Networks 167
7.1.4.2). WAN Virtual Circuits 169
7.1.4.3). WAN Devices 170
7.1.4.4). Other Area Networks 172

7.1.5. Ethernet and Networking Hardware 172
7.1.5.1). Ethernet Network Medium 173
7.1.5.2). Ethernet Network Interface 175
7.1.6. Internet Protocol or IP Address 175
7.1.6.1). IP Address Notation and Classes of Networks 176
7.1.7. Transmission Control Protocol 177
7.1.8. User Datagram Protocol 178
7.1.9. Connection Ports 178
7.1.10. Address Resolution 178
7.1.11. IP Routing 178
7.1.11.1). Subnetworks 179
7.1.11.2). Gateways 180
7.1.11.3). Routing Table 180
7.2. Linux Network Administration 181
7.2.1. Network Configuration Files 181
7.2.2. Network Administration Commands 182
7.2.2.1). IP Address Assignment 182
7.2.2.2). Setting up Routing 184
7.2.2.3). Network Monitoring/ Analysis Tools 186
7.2.2.4) Changing the System Hostname 188
7.2.2.5). Networking terms 189
7.2.3. Packet Filtering Using Iptables 190
7.2.3.1). Network Address Translation (NAT) 190
7.2.3.2). Packet filtering tables 190
7.2.3.3). Built â€“In Chains for the different tables 191
7.2.3.4). Types of Targets 191
7.2.3.5). The Iptables Commandline 192
7.3. Network Information Service (NIS) 198
7.3.1. NIS Maps 198

7.3.2. NIS Domain 198
7.3.2.1). NIS Topologies used 198
7.3.3. NIS Server Installation and Configuration 199
7.3.3.1). Installing the NIS Server utility 199
7.3.3.2). Setting up the NIS domain name 200
7.3.3.3). Configuring and starting the deamon ypserv 200
7.3.3.4). Initializing the NIS Maps 202
7.3.3.5). Starting the NIS Password Deamon 202
7.3.3.6). Starting the Server Transfer deamon 203
7.3.3.7). Modifying the startup process to start NIS at Boot 203
7.3.4). Installing and Configuring the NIS Client 203
7.3.4.1). Installing the ypbind utility 203
7.3.4.3). Configure and start the NIS client deamon 204
7.3.4.4). Test the Client daemon 204
7.3.4.5). Configuring the NIS Client startup files 205
7.3.4.6). NIS Configuration Files/Commands 205
7.3.5. More about NIS 208
7.4. Network File Systems (NFS) 209
7.4.1. Main Configuration Files 209
7.4.1.1). /etc/exports file 209
7.4.1.2). /etc/hosts.allow and /etc/hosts.deny 210
7.4.2. NFS Server Setup 212
7.4.2.1). Pre-requisites 212
7.4.2.2). The NFS Daemons and starting them 213
7.4.2.3). Verifying that NFS is running 214
7.4.2.4). Making changes to /etc/exports later on 215
7.4.3. Setting up an NFS Client 215
7.4.3.1). Mounting remote directories 215

7.4.3.2). Getting NFS File Systems to Be Mounted at Boot Time 216
7.4.3.3). Options for Mounting 216
7.4.4. Using Automount services (Autofs) 217
7.4.4.1). Autofs Setup 217
7.4.4.2). Starting and Stopping Autofs 218
7.5. TCP Wrappers and Xinetd Services 219
7.5.1. TCP Wrappers 219
7.5.1.1). Advantages of TCP Wrappers 220
7.5.1.2). TCP Wrappers Configuration Files 220
7.5.2. Xinetd 222
7.5.2.1). /etc/xinetd.conf 223
7.5.2.2). The /etc/xinetd.d/ Directory 224
7.5.2.3). Access Control Options 225
7.5.2.4). Logging Options 227
7.5.2.5). Binding and Redirection Options 227
8. SHELL SCRIPTING 229
8.1. Shell Scripting Basics 229
8.1.1. Variables in Shell 230
8.1.1.1). Defining User-defined variables 231
8.1.1.2). Rules for naming variables 232
8.1.1.3). The â€œechoâ€ command 232
8.1.2. Shell arithmetic 232
8.1.3. Understanding Quotes inside the Shell 233
8.1.4. Finding the Exit Status of a Command Execution 234
8.1.5. Reading input from the Standard Input 235
8.1.6. Command Line Arguments 235
8.1.7. Structured Language Constructs 236
8.1.7.1). Decision Making 236
8.1.7.2). Flow Control 237

8.1.7.3). Loop Constructs 240
8.1.7.4). Debugging a Shell script 243
8.2. Advanced Shell Scripting 244
8.2.1. /dev/null 244
8.2.2. Conditional Execution using && and || 244
8.2.3. I/O Redirection and file descriptors 245
8.2.4. Essential Utilities 245
8.2.4.1). cut 245
8.2.4.2). paste 247
8.2.4.3). join 247
8.2.4.4). tr 248
8.2.4.5). uniq 249
8.2.5. Awk Utility 249
8.2.5.1). Understanding Awk Basic Examples 249
8.2.5.2). Doing arithmetic and user defined variables with awk 251
8.2.6. The sed Utility 253
8.2.6.1). Sample sed Commands/Scripts 254
9. INSTALLING LINUX SOFTWARE/KERNEL 256
9.1. RPM Installations 256
9.1.1. Getting the RPM source 256
9.1.2. Manually installing rpms 257
9.1.3. RPM Installation Errors 257
9.1.4. Installing Source Rpms 258
9.1.5. Listing Installed RPMs 259
9.1.6. Listing Files Associated with RPMs 259
9.1.6.1). Listing Files for Already Installed RPMs 260
9.1.6.2). Listing Files in RPM Files 260
9.1.6.3). Listing the RPM to Which a File Belongs 261

9.1.7. Uninstalling Rpms 261
9.2. Software Installations from Source using Tarballs 261
9.2.1. The GCC Compiler 261
9.2.2. Steps for installing from Tarball 262
9.3. Linux Kernel Recompilation 263
9.3.1. Linux kernel â€“ A Modular Kernel 263
9.3.2. Recompiling the kernel 264
9.3.2.1) PreRequisites 264
9.3.2.2) Checking the current kernel and Redhat version 265
9.3.2.3). Kernel Recompilation Steps 265
9.3.3. Command Line Tools for Kernel level administration 269
9.3.3.1). Kernel Modules Management 269
9.4 . More About Lilo and Grub 270
9.4.1. Grub (Grand Unified Boot loader) 270
9.4.1.1). Stages in Grub Loading 271
9.4.1.2). Direct Loading and Chain Loading Booting Methods 271
9.4.1.3). Naming Conventions and Partitions used by Grub 272
9.4.1.4). Installing and Booting Grub 274
9.4.1.5). GRUB Interfaces 275
9.4.1.6). GRUB Commands 276
9.4.1.7). GRUB Menu Configuration File 278
9.4.1.8). Changing Runlevels at Boot Time 280
9.4.2. LILO or Linux Loader 280
9.4.2.1). LILO Booting stages 281
9.4.2.2) Lilo Configuration File 281
9.4.2.3). Installing lilo 283
9.4.2.4). Changing Runlevel at Boot Time 283
10. LINUX SERVICES 284
10.1. Open SSH Server 284

10.1.1. Configuring an OpenSSH server 284
10.1.2. Configuring an OpenSSH Client 284
10.1.2.1). Using the SSH command 285
10.1.2.2). Using the scp Command 286
10.1.2.3). Using the sftp Command 287
10.1.2.4). Generating Key Pairs 287
10.2. Berkeley Internet Name Domain (BIND) Server 289
10.2.1. Nameserver Zones 289
10.2.2. Types of Nameservers 290
10.2.3. BIND as a Nameserver 290
10.2.3.1). Configuration Files 290
10.3. File Transfer Program or FTP 291
10.3.1. FTP server/client 292
10.3.2. FTP Commandline Interface 292
10.3.2.1) Anonymous FTP 294
10.3.2.2) Common FTP Commands 294
10.4. Service Manager : chkconfig ,ntsysv , xinetd 295
10.4.1. ChkConfig 295
10.4.1.1). Chkconfig commandline Usage 296
10.4.2. Ntsysv 297
10.4.3. Xinetd Services 297
10.5. Telnet Program 298
10.6. Dynamic Host Configuration Protocol (DHCP) 298
10.6.1. Advantages of DHCP 299
10.6.2. DHCP server/Client 299
10.6.2.1). DHCP server configuration file 299
10.6.2.2). DHCP communication between server-client 299
10.6.2.3). DHCP Client configuration 301

10.7. Linux Samba Server 301
10.7.1. Samba configuration file 301
10.7.1. Samba password file for Clients 302
10.8. Linux Proxy Server â€“ Squid 302
10.8.1. Squid Package and Config File 303
10.8.2. Stopping , Starting and Restarting Squid 303
10.8.3. Configuring squid Clients 303
11. SECURING LINUX SYSTEMS 303
11.1. Physical Security 304
11.2. Local Security 304
11.2.1. Checking for Unlocked Accounts 304
11.2.2. Checking for Unused Accounts 305
11.3. Files and File system Security 305
11.3.1. Default Umask 305
11.3.2. SUID/SGID Files 306
11.3.3. World-Writable Files 306
11.3.4. Setting File System Limits 307
11.3.5. Unowned Files 307
11.3.6. Protecting Binaries like Compilers 307
11.3.7. Integrity Checking 308
11.3.8. Trojan Horses, Backdoors and Rootkits 308
11.3.8.1). Nmap tool 309
11.4. Password Security and Encryption 311
11.4.1. Encryption Methods 311
11.4.1.1). DES (Data Encryption Standard) 311
11.4.1.2). PGP and Public-Key Cryptography 311
11.4.2. Authentication Methods 312
11.4.2.1). PAM - Pluggable Authentication Modules 312
11.4.2.2). Cryptographic IP Encapsulation (CIPE) 312

11.4.2.3). Kerberos 313
11.4.3. Enforcing Stronger Passwords 313
11.4.4. Locking User Accounts After Many Login Failures 314
11.4.5. Restricting Direct Login for System/Shared Accounts 315
11.4.6. Password Cracking/Brute Force Attack 316
11.4.6.1). How the brute force attack works? 316
11.4.6.2). Signs of a brute force attempt 317
11.4.6.3). Tools to stop and prevent brute force hack attempts 317
11.5. Network Security 318
11.5.1. Network Intruders and Attacks 318
11.5.1.1). Packet Sniffers 318
11.5.1.2). Denial Of Service (DOS) Attacks 318
11.5.1.3). Attacks via IP Spoofing 322
11.5.2. TCP Wrappers and xinetd 324
11.5.2.1). Controlling DOS Attacks Via Xinetd 325
11.5.3. SATAN, ISS, and Other Network Scanners 326
11.5.3.1). Detecting Port Scans 327
11.5.4. Securing SSH 327
11.5.5. Securing NFS 328
11.5.5.1). Restricting Incoming NFS Requests 329
11.5.6. Kernel Tunable Security Parameters 330
11.5.6.1). Enable TCP SYN Cookie Protection 331
11.5.6.2). Disable IP Source Routing 331
11.5.6.3). Disable ICMP Redirect Acceptance 331
11.5.6.4). Enable IP Spoofing Protection 331
11.5.6.5). Enable Ignoring to ICMP Requests 332
11.5.6.6). Enable Ignoring Broadcasts Request 332
11.5.6.7). Enable Bad Error Message Protection 332

11.5.6.8).Enable Logging of Spoofed/Source Routed/Redirect Packets 332
1. OVERVIEW OF THE LINUX OPERATING SYSTEM
1.1. What is an Operating System?
In simple terms, an operating system is a manager. It manages all the available

resources on a computer. These resources can be the hard disk, a printer, or the
monitor screen. Even memory is a resource that needs to be managed. Within an
operating system are the management functions that determine who gets to read
data from the hard disk, what file is going to be printed next, what characters
appear on the screen, and how much memory a certain program gets.
For example, if you own a car, you don't really need to know the details of the
internal combustion engine to understand that this is what makes the car move
forward. You don't need to know the principles of hydraulics to understand what
isn't happening when pressing the brake pedal has no effect.
An operating system is like that. You can work productively for years without
even knowing what operating system you're running on, let alone how it works.
Sometimes things go wrong. In many companies, you are given a number to call
when problems arise, you report what happened, and it is dealt with.
By having a working knowledge of the principles of an operating system you are

in a better position to understand not only the problems that can arise, but
also what steps are necessary to find a solution. There is also the attitude
that you have a better relationship with things you understand. Like in a car,
if you see steam pouring out from under the hood, you know that you need to add
water. This also applies to the operating system.
Linux is an operating system like many others, such as DOS, Macintosh etc. In
this section, I am going to discuss what goes into an operating system, what it
does, how it does it, and how you, the user, are affected by all this.
1.1.1. Features of OS
1.
Multitasking
An Operating system that is capable of allowing multiple software processes to
be run at the same time. It can do so by actually switching back and forth
between each tasks extremely fast. This is the concept of multitasking. That is,
the computer is working on multiple tasks "at the same time."
2.
Multi-users
A multi-user Operating System allows for multiple users to use the same computer
at the same time and/or different times. That is, the operating system needs to
keep track of whose program, or task, is currently writing its file to the
printer or which program needs to read a certain spot on the hard disk, etc.
This is the concept of multi-users, as multiple users have access to the same
resources.
3.
Multi Processing
A Multi Processing Operating System is one which is capable of supporting and

utilizing more than one computer processor. Multiprocessing systems are much
more complicated than single-process systems because the operating system must
allocate resources to competing processes in a reasonable manner. Therefore, if
a computer has multiple CPUs, it can do multiprocessing.
4.
Process Management
One basic concept of an operating system is the process. A process is more than
just a program. Especially in a multi-user, multi-tasking operating system such
as UNIX, there is much more to consider. Each program has a set of data that it
uses to do what it needs. Often, this data is not part of the program. For
example, if you are using a text editor, the file you are editing is not part of
the program on disk, but is part of the process in memory. If someone else were
to be using the same editor, both of you would be using the same program.
However, each of you would have a different process in memory.
Child/Parent Process : When you log onto a Linux system, you usually get
access to a command line interpreter, or shell. This takes your input and runs
programs for you. If you were to start up an editor, your file would be loaded
and you could edit your file. The interesting thing is that the shell has not
gone away. It is still in memory. The editor is simply another process that
belongs to you. Because it was started by the shell, the editor is considered a
"child" process of the shell. The shell is the parent process of the editor. (A
process has only one parent, but may have many children.)
*
Daemons : In addition to user processes, such as shells, text editors, and

databases, there are system processes running. These are processes that were
started by the system. Several of these deal with managing memory and scheduling
turns on the CPU. Others deal with delivering mail, printing, and other tasks
that we take for granted. In principle, both of these kinds of processes are
identical. However, system processes can run at much higher priorities and
therefore run more often than user processes. Typically a system process of this
kind is referred to as a daemon process or background process because they run
behind the scenes (i.e. in the background) without user intervention. It is also
possible for a user to put one of his or her processes in the background.
In short, the OS keeps track of all the processes running on the system and also
manages multitasking and multiprocessing.
5.
Memory Management
On UNIX, when you run a program (like any of the shell commands you have been
using), the actual computer instructions are read from a file on disk from one
of the bin/ directories and placed in RAM. The program is then executed in
memory and becomes a process. When the process has finished running, it is
removed from memory.
The CPU assists the operating system in managing users and processes. This shows
how multiple processes might look in memory:
You can see that many processes could be sharing the same portion of the memory.
We'll look into this topic in more detail at a later stage.
1.2. Introduction to Linux Operating System
1.2.1. History of Linux
Linux is a freely distributable version of UNIX.
UNIX was born at the end of the 1960's and began as a one-man project
designed by Ken Thompson of Bell Labs and had grown to become the most widely
used operating system.
*
Linus Torvalds, who was then a student at the University of Helsinki in

Finland, developed Linux in 1991. It was released for free on the Internet.
He was inspired by MINIX which was written from scratch by Andrew S.

Tanenbaum, a US-born Dutch professor who wanted to teach his students the inner
workings of a real operating system. It was designed to run on the Intel 8086
microprocessors that had flooded the world market. As an operating system, MINIX
was not a superb one. But it had the advantage that the source code was
available and served as a source of inspiration for Torvolds.
1.2.2. Linux kernel and distributions.
Linux kernel is the core of the Linux OS and is called the â€œChief of
Operationsâ€ . Although Linux is technically only the kernel, it is commonly
considered to be all of the associated programs and utilities. Combined with the
kernel, the utilities and often some applications comprise a commercial
distribution.
A distro comprises a prepackaged kernel, system utilities, GUI interfaces and

application programs and its the kernel which puts the linux into all the
distributions.
Some of the popular Linux distros are RedHat, Mandrake, Suse ,Debian etc.
RedHat
RedHat Linux is considered by many to be the best distribution for beginners. It

is designed for those who simply want to get Linux working on their system with
a minimum amount of effort.
Mandrake
Mandrake is a good choice for someone is who is just starting Linux and wants
all the new hardware support. The best thing about Mandrake is that its still
RedHat compatible, so support is as plentiful as RedHat support from the Linux
Community.
Debian
Debian is for those who would like to learn the inner workings of Linux, yet
demand more friendly features than are provided with distros like Slackware.
Prior knowledge of Unix and Linux is recommended before trying this
distribution.
Slackware
Slackware is one of the oldest distributions of Linux. It lacks many 'user-

friendly' features that can be taken for granted with many other distros.
SuSE
Originally begun as a German Linux distribution, SuSE has become increasingly

popular in the US and is the number one Linux distibution in Europe. It is
considered one of the most complete distros available, with many software
packages available for almost any application. SuSE is a great distro for
beginners, on par with Red Hat.
Corel
Corel is a distribution aimed at new users, offering an attractive graphical

interface and quick setup. Installing new applications not included with the
distribution is troublesome, however.
LinuxPPC
LinuxPPC is a powerful and easy-to-use port of Linux to the PowerPC platform.
FreeBSD
FreeBSD is a "Linux-like" free Unix operating system based on the BSD source
code. Its main focus is for servers, but it can also function as a workstation
OS, supporting most Linux applications. The extensive "Ports Collection" makes
installation of software simple and relatively painless, but hardware support
tends to lag behind Linux.
Fedora and RedHat Enterprise Linux
Fedora and RedHat Enterprise Linux are two descendants of Red Hat Linux .
The Fedora Project is one of the sources for new technologies and enhancements
that may be incorporated into Red Hat Enterprise Linux in the future. The goal
of the Fedora Project is to work with the Linux community to build a complete,
general purpose operating system exclusively from open source software.
RedHat Enterprise Linux is based on subscription which comes with a charge and
has both Server as well as Client Solutions.
1.2.3. Open Source Nature of Linux
Linux is developed under the GNU General Public License which means the source
code for Linux is freely available to everyone.The GNU project by Richard
Stallman was a software movement to provide free and quality software.The first
organized effort to produce open source software was the Free Software
Foundation (FSF), founded by Richard M. Stallman (known as RMS) in 1985
The FSF developed this concept into the GNU Public License (GPL), a software
distribution license that stipulates (in a nutshell):
Software released under the GPL shall be freely distributable

*
The software shall be distributed along with its source code

*
Anyone is free to modify the source code and change the program, as long
as the resulting program is also freely distributable and modifiable.
Around half of the open source software available today is made available under
the terms of the GPL.
1.3. Structure of Linux OS and the linux kernel

1.3.1. Overview of the Linux OS and Kernel Structure
The Linux operating system is composed of four major subsystems as shown in the
diagram below:
User Applications -- the set of applications in use on a particular Linux

system will be different depending on what the computer system is used for, but
typical examples include a text editor and a web-browser.
*
O/S Services -- these are services that are typically considered part of
the operating system (a windowing system, command shell, etc.); also, the
programming interface to the kernel (compiler tool and library) is included in
this subsystem.
*
Linux Kernel -- this is the main area of interest which abstracts and
mediates access to the hardware resources, including the CPU.
*
Hardware Controllers -- this subsystem is comprised of all the possible

physical devices in a Linux installation; for example, the CPU, memory hardware,
hard disks, and network hardware are all members of this subsystem.
The Linux kernel presents a virtual machine interface to user processes. The
kernel actually runs several processes concurrently, and is responsible for
mediating access to hardware resources so that each process has fair access to
processor memory while inter-process security is maintained.
The Linux kernel is composed of five main subsystems:
1.
The Process Scheduler (SCHED) : is responsible for controlling process

access to the CPU. The scheduler enforces a policy that ensures that processes
will have fair access to the CPU, while ensuring that necessary hardware actions
are performed by the kernel on time.
2.
The Memory Manager (MM) : permits multiple process to securely share the
machine's main memory system. In addition, the memory manager supports virtual
memory that allows Linux to support processes that use more memory than is
available in the system. Unused memory is swapped out to persistent storage
using the file system then swapped back in when it is needed. It also handles
requests for run-time memory allocation.
3.
The Virtual File System (VFS): abstracts the details of the variety of
hardware devices by presenting a common file interface to all devices. In
addition, the VFS supports several file system formats that are compatible with
other operating systems.
4.
The Network Interface (NET): provides access to several networking

standards and a variety of network hardware.
5.
The Inter-Process Communication (IPC) : subsystem supports several

mechanisms for process-to-process communication on a single Linux system.
Processes communicate with each other and with the kernel to coordinate their
activities.
A visual representation of the structure of the linux kernel is given below.
*
dd
This diagram emphasizes that the most central subsystem is the process
scheduler: all other subsystems depend on the process scheduler since all
subsystems need to suspend and resume processes. Usually a subsystem will
suspend a process that is waiting for a hardware operation to complete, and
resume the process when the operation is finished.
The other dependencies are somewhat less obvious, but equally important:
The process-scheduler subsystem uses the memory manager to adjust the

hardware memory map for a specific process when that process is resumed.
The inter-process communication subsystem depends on the memory manager to

support a shared-memory communication mechanism. This mechanism allows two
processes to access an area of common memory in addition to their usual private
memory.
The virtual file system uses the network interface to support a network
file system (NFS), and also uses the memory manager to provide a ramdisk device.
The memory manager uses the virtual file system to support swapping; this
is the only reason that the memory manager depends on the process scheduler.
When a process accesses memory that is currently swapped out, the memory manager
makes a request to the file system to fetch the memory from persistent storage,
and suspends the process.
On top of these five components comes the System Call Interface that hides the
hardware layer for the user applications. We'll be dealing with these topics in
more detail later.
1.3.2. Modular kernel
One of the greatest advantage of Linux Kernel is it's modular structure.

Most of the Linux kernel is built as a collection of source modules.
The required modules are compiled together while the kernel is being
built. But that's not all. The Linux kernel has the ability to load and unload
the modules according to the requirement on the fly without the requirement of
system shutdowns. That is the reason why the Linux kernel is a Dynamic Kernel.
This is also the reason why Linux can run on such a wide variety of
hardware platforms. A developer has only to port the machine specific modules to
support new hardware.
2. BASICS OF LINUX
2.1. The Linux Shell
Linux is a multitasking, multiuser operating system, which means that many

people can run many different applications on one computer at the same time.
Before you can use a newly installed Linux system, you must set up a user
account for yourself. It's usually not a good idea to use the root account for
normal use; you should reserve the root account for running privileged commands
and for maintaining the system.
2.1.1. Types of linux shell
Shell is a linux commandline interface and there are different types of shell in
Linux. Each shell has its own pro's and con's, but each shell can perform the
same basic tasks. The main difference between them is the prompt, and how they
interpret commands.
bash : Bourne Again Shell , developed by Free Software Foundation
sh : Bourne Shell , named after its creator Steve Bourne
csh : C Shell , came as part of Unix implementation
ksh : Korn Shell named after David Korn.

All the shells above come as a standard part of any Linux distro. The most
common shell used by default on Linux systems is bash. In bash, the default
prompt for a user is a $ sign. Unless you are logged in as root in which case it
the # sign.
When you enter a command, the shell does several things.
First, it checks the command to see if it is internal to the shell. (That

is, a command which the shell knows how to execute itself. There are a number of
these commands, and we'll go into them later.)
The shell also checks to see if the command is an alias, or substitute

name, for another command.
If neither of these conditions apply, the shell looks for a program, on

disk, having the specified name. If successful, the shell runs the program,
sending the arguments specified on the command line.
2.2. File System / Directory Structure
2.2.1. FileSystem Hierarchy Standard
In Linux (and Unix), everything is a file. Rather, everything is mapped by

the system on to a file. Thus, a hard-disk partition is one file, a detected
hardware device is a file, a semaphore for IPC is still another.
*
Linux file-system structure is like a tree with the root Directory denoted
as '/'. The entire system resides under this root directory. Everything starts
from the root directory, represented by '/', and then expands into sub-
directories. Where DOS/Windows had various partitions and then directories under
those partitions, Linux places all the partitions under the root directory by
'mounting' them under specific directories.
*
The official way files are organized in Linux is called the "Filesystem
Hierarchy Standard" (FHS).
The following directories, or symbolic links to directories, are required in /.

1.
. bin ---------- Essential command binaries
/bin contains commands that may be used by both the system administrator and by
users, but which are required when no other filesystems are mounted (e.g. in
single user mode). It may also contain commands which are used indirectly by
scripts.
There must be no subdirectories in /bin.

*
It should not be mounted separately.
2. boot ------- Static files of the boot loader
This directory contains everything required for the boot process except
configuration files not needed at boot time and the map installer. Thus /boot
stores data that is used before the kernel begins executing user-mode programs.
This may include saved master boot sectors and sector map files.
The operating system kernel must be located in /boot.

*
Its usually mounted as a separate partition on the hard-disk.
3.
dev -------- Device files
This is a very interesting directory that highlights one important

characteristic of the Linux filesystem - everything is a file or a directory.
Look through this directory and you should see hda1, hda2 etc which represent
the various partitions on the first master drive of the system. /dev/cdrom and
/dev/fd0 represent your CDROM drive and your floppy drive. This may seem strange
but it will make sense if you compare the characteristics of files to that of
your hardware. Both can be read from and written to. Take /dev/dsp, for
instance. This file represents your speaker device. So any data written to this
file will be re-directed to your speaker. Try 'cat /etc/lilo.conf > /dev/dsp'
and you should hear some sound on the speaker.
It should not be mounted separately.

2. etc -------- Host-specific system configuration
The /etc hierarchy contains configuration files. A "configuration file" is a

local file used to control the operation of a program; it must be static and
cannot be an executable binary.
No binaries may be located under /etc.
3. home --------- User home directories (optional)
Linux is a multi-user environment so each user is also assigned a specific

directory which is accessible only to them and the system administrator. These
are the user home directories, which can be found under /home/username
4. lib -------- Essential shared libraries and kernel modules
This contains all the shared libraries that are required by system programs.
Windows equivalent to a shared library would be a DLL file.These libraries are
needed to boot the system and run the commands in the root filesystem, ie. by
binaries in /bin and /sbin.
5. media ------- Mount point for removeable media (Optional)
This directory contains subdirectories which are used as mount points for
removeable media such as floppy disks, cdroms and zip disks.
6.
mnt -------- Mount point for mounting a filesystem temporarily
This is a generic mount point under which you mount your filesystems or devices.
Mounting is the process by which you make a filesystem available to the system.
After mounting your files will be accessible under the mount-point. This
directory usually contains mount points or sub-directories where you mount your
floppy and your CD. You can also create additional mount-points here if you
want.
7. opt --------- Add-on application software packages
/opt is reserved for the installation of add-on application software packages. A

package to be installed in /opt must locate its static files in a separate
/opt/<package> directory tree, where <package> is a name that describes the
software package
8.
sbin ---------- Essential system binaries

This directory contains all the binaries that are essential to the working of
the system. These include system administration as well as maintenance and
hardware configuration programs. Find lilo, fdisk, init, ifconfig etc here.
These are the essential programs that are required by all the users. Another
directory that contains system binaries is /usr/sbin. This directory contains
other binaries of use to the system administrator. This is where you will find
the network daemons for your system along with other binaries that only the
system administrator has access to.
9.
srv ----------- Data for services provided by this system (Optional)
/srv contains site-specific data which is served by this system.
10. tmp ---------- Temporary files
This directory contains mostly files that are required temporarily. Many
programs us this to create lock files and for temporary storage of data.
11. usr ----------- Secondary hierarchy
/usr is the second major section of the filesystem. It needs to be safe from
being overwritten when the system software is updated.
Locally installed software must be placed within /usr/local rather than

/usr unless it is being installed to replace or upgrade software in /usr.
*
X and its supporting libraries can be found here. User programs like
telnet, ftp,apache etc are also placed here.
*
/usr/doc contains useful system documentation. /usr/src/linux contains the

source code for the Linux kernel.
12.
var ---------- Variable data
/var contains variable data files. This includes spool directories and files,
administrative and logging data, and transient and temporary files. Some
portions of /var are not shareable between different systems. For instance,
/var/log, /var/lock, and /var/run. This directory contains spooling data like
mail and also the output from the printer daemon.
The system logs are also kept here in /var/log/messages.

*
You will also find the database for BIND in /var/named and for NIS
in /var/yp.
12.
proc --------- Memory resident file system
The Proc psuedo file system is a real time, memory resident file system that
tracks the processes running on your machine and the state of your system. The
most striking factor about the /proc file system is the fact that the file
system doesn't exist on any particular media. The /proc File System is a pseudo
file system residing in the virtual memory and maintains highly dynamic data on
the state of your operating system.
Most of the information in the /proc file system is updated to match the current
state of the operating system. The contents of the /proc file system can be read
by anyone who has the requisite permissions.
Have you ever wondered where exactly the information dished out to you by
the "ps" and the "top" process comes from? The information for these processes
come from the /proc file system which is updated on the fly as changes take
place in the processes.
More info on FHS:
Reference link : http://www.pathname.com/fhs/pub/fhs-2.3.html

2.3. Elementary Linux Commands
2.3.1. User/Group Management
Before you can use a newly installed Linux system, you must set up a user
account for yourself. It's usually not a good idea to use the root account for
normal use; you should reserve the root account for running privileged commands
and for maintaining the system.
Users can be either people, meaning accounts tied to physical users, or

accounts which exist for specific applications to use such as the apache user.
Groups are logical expressions of organization, tying users together for a

common purpose. Users within the same group can read, write, or execute files
owned by the group.
*
Each user and group have a unique numerical identification number called a
userid (UID) and a groupid (GID) respectively.
On Linux servers, user and group ids lower than 100 are reserved for
priveleged system users on the linux machine.
The following command line tools can be used to manage users and groups:
1.
Creating a User
In order to create an account for yourself, log in as root and use the useradd
or adduser command.
$ useradd carma
When a user carma is added, there is an entry created inside the

configuration file /etc/passwd corresponding to that user as below.
carma:x:504:509::/home/carma:/bin/bash
The number 504 is the user id for the user â€˜carmaâ€™ on the linux
machine and 509 the group id of the group to which the user carma belongs.
2.
Setting password for the user
You can set the password for a user using the command "passwd". The same command
stands good for changing a user password as well.
$ passwd carma
In multiuser environments it is very important to use shadow passwords

(provided by the shadow-utils package).
*
Doing so enhances the security of system authentication files.
For this reason, the Red Hat Linux installation program enables shadow
passwords by default. And hence, the passwords set for a linux user is stored
inside the file â€˜/etc/shadowâ€™ in encrypted form.
3.
Logging In
At login time, you'll see the a prompt resembling the following on your screen:
Here, enter your username, and press the Return key.
Now, enter your password. It won't be echoed to the screen when you login, so
type carefully. If you mistype your password, you'll see the message that the
login is incorrect and you'll have to try again. Once you have correctly entered
the username and password, you are officially logged into the system
3.
Logging out
At the shell prompt, use the command "exit" to logout of the shell or by using
<Ctrl-d>.
$ exit
3.
Deleting a User
A linux user can be deleted by using the commandline â€˜userdelâ€™.This command

will delete the files from the users home directory, the entry for this user
from /etc/passwd, /etc/group ,/etc/shadow.
$ userdel <user>
3.
Modifying a User
The usermod command modifies the system account files to reflect the changes
that are specified, like Home dir, password, etc. on the command line. Some
example usages for the usermod command is given below:
Create the new home directory for carma in /home2 & move old dir contents
to this directory.
$ usermod -d /home2/carma carma
Set carma's initial group as carma12.
$ usermod -g carma12 carma
Set the new passwd for carma to â€ñewpassâ€™.
$ usermod â€“p newpass carma
Set Bash as the default login shell for carma.
$ usermod -s /bin/bash carma
Lock a user's password. This puts a â€œ!â€ in front of the encrypted

password for that user inside /etc/shadow file, effectively disabling the
password.
$ usermod â€“L carma
Unlock a userâ€™s password. Itâ€™ll remove the lock( !) from the password
field for that user in /etc/shadow.
$ usermod â€“U carma
3.
Creating User Groups

The group for a user can be created using the "groupadd" command.
$ groupadd nobody
When a group is added, the group info gets stored inside the file
/etc/group, and the entry for the group nobody is as shown below.
nobody:x:99:
In the entry below, 99 is the groupid of the group â€ñobodyâ€™.
3.
Deleting User Groups
The group for a user can be deleted by using the â€œgroupdelâ€ command.
Deleting a group removes the group info from the /etc/group file.
$ groupdel nobody
9. Modifying User Group
A user group can be modified using the â€˜groupmodâ€™ command. The groupmod
command modifies the system account files to reflect the changes that are
specified on the command line for a group. The two options available with this
are
Change the group id of a group .Note that the gid specified should be
unique.
$ groupmod â€“g <gid> <group-name>
eg: $ groupmod â€“g 520 carma
Change the groupname for an existing group.For eg: to change the group
name carma to carma1, use the commandline below.
$ groupmod â€“n carma1 carma

10.
Setting Group Password and manipulating Usersâ€™ Groups
The password for a group can be set or changed using the â€˜gpasswdâ€™ command.
The group password for the user carma can be set using the commandline below.
$ gpasswd carma
The password for the group â€˜carmaâ€™ will be set inside the file
/etc/gshadow.In normal cases, there is no group password set for any of the
groups on a linux machine.
This command can also be used to delete or add users belonging to a

specific group.The commandline below will add carma to the group â€ñobodyâ€™
$ gpasswd â€“a <user> <group>
$ gpasswd â€“a carma nobody
Similarly, the commandline below will delete the user carma from the group
nobody
$ gpasswd â€“d <user> <group>
$ gpasswd â€“d carma nobody
10.
Finding out a Userâ€™s Group
The â€˜groupsâ€™ command can be used to print the group to which a user belongs
to.
$ groups carma
2.3.2. Some basic linux commands
1) ls : The "ls" (list) command lists the contents of the current directory.
When used from a terminal, it generally uses colours to differentiate between
directories, images, executable files etc. And the prompt reappears at the end.
Try out the following variations of the ls command, to see different forms of
output:
$ ls -l
Produces a "long format" directory listing. For each file or directory, it also
shows the owner, group, size, date modified and permissions
$ ls -a
Lists all the files in the directory, including hidden ones. In Linux, files
that start with a period (.) are usually not shown.
$ ls -R
Lists the contents of each subdirectory, their subdirectories etc (recursive).
With the "ls" command, if you donâ€™t specify any parameter, it will list the
contents of the current directory. However, you could instead give it a
parameter specifying what to list. For example if you type in "ls /usr", it will
list the contents of the "/usr" directory
2.
man : Almost every command in Linux has online help available from the
command
line, through the "man" (manual) command. Type in "man ls". The resulting page
will describe the command, then describe every option, then give further details
about the program, the author, and so on.
$ man ls
3.
info : Another source of online help is the "info" command. Some Linux
commands may supply both "man" and "info" documentation. As a general rule,
"info" documentation is more verbose and descriptive, like a user guide, while
"man" documentation is more like a reference manual, giving lists of options and
parameters, and the meaning of each.
$ info ls
The method for moving around in "info" is quite similar to "man" - you can also
use the arrows and PgUp/PgDn to move, and Q to quit.
4.
â€“help : Most (but not all) programs have a --help option which displays
a very short description of its main options and parameters.
$ ls â€“help
5.
date : Displays the current date and time or changes the system date and
time to the specified value.
$ date
To set the date and time to â€œSun Oct 6 16:55:16â€ , use the syntax
$ date â€“set='Sun Oct 6 16:55:16 EDT 2002'
5.
cal : The 'cal' command displays a simple calendar and if no arguments are
specified , the current month is displayed.
$ cal
$ cal -y
7.
who : The who command displays info about the users currently logged unto
the system and displays the following information : login name, terminal line,
login time, remote hostname or X display.
$ who
$ who -m , who -u , who -H
8.
who am i : Displaying info about yourself.
This command displays your login name, terminal name , date and time of login.
$ who am i
9.
tty : Knowing your terminal
The tty(teletype) command displays the name of the terminal you are working on.
$ tty
10.
cd : cd is the command for moving around in the directory structure ,

which is short for ``change directory''.
$ cd /home/carma
Using cd with no argument will return you to your own home

directory.
*
To move back up to the next higher (or parent) directory, use the
command "cd .."
11.
pwd : The pwd command displays the absolute pathname of the present
working directory.
$ pwd
12.
mkdir : Creates a directory under the current working directory or in the

path specified.
$ mkdir /root/sample
13.
rmdir : Removes the specified directory and the directory to be removed

should not be under the current working directory.Note that rmdir deletes a
directory, but only if the directory is empty
$ rmdir /root/sample
14.
cp : The cp command copies the files listed on the command line to the
file or directory given as the last argument. Notice that we use â€œ.'' to refer
to the current directory.
$ cp /etc/shells .
$ cp /home/carma/test /root/test
15.
mv: The mv command moves files, rather than copying them. Note that it
actually renames the file or folder.
$ mv /home/carma/test /home/carma/testfolder
16.
rm : The rm command is used to a delete a file and stands for "remove".
$ rm file1 file2
To delete files recursively and forcefully from a directory , you can use
$ rm -rf /home/carma/testfolder
17.
more : The more command is used for viewing the contents of files one
screenful at a time. While using more, press Space to display the next page of
text, and b to display the previous page. There are other commands available in
more as well, these are just the basics. Pressing q will quit more.
$ more /etc/services
18.
file : Displays the file-type by examining its contents, with a very high
degree of accuracy. The type of file like ASCII etc.
$ file filename
19.
locate : Locate file-or-directory-name searches for a file or directory in

the entire hard disk and displays all the places itâ€™s found. You can also
specify a partial name or a section of the entire path.
$ locate cron
20.
cat : cat reads data from all of the files specified by the command line,
and sends this data directly to stdout. Therefore, using the command you can
view the contents of a text file from the command line, without having to invoke
an editor. Cat is short for "concatenate" and you can use it with the -n option,
which prints the file contents with numbered output lines.
$ cat /root/test
$ cat -50 /var/log/messages
21.
touch : â€˜touch filenameâ€™ change the date/time stamp of the file to the
current time.Or it will create an empty file if the file does not exist.
$ touch /home/carma/testfile
You can change the stamp to any date using touch.
$ touch -t 200501311759.30 (year 2005 January day 31 time 17:59:30).
There are three date/time values associated with every file on an ext2
filesystem:
- the time of last access to the file (atime)
- the time of last modification to the file (mtime)
- the time of last change to the file's inode (ctime).
Touch will change the first two of the value specified, and the last one always
to the current system time.
21.
tail : The tail command may be used to view the end of a file and you can
specify the number of lines you want to view. If no number is specified, it will
output the last 10 lines by default.
$ tail /var/log/messages
$ tail -100 /var/log/messages
$ tail -f /var/log/messages ( The "-f" option indicates "Don't quit at the end
of file; "follow" file as it grows and end when the user presses Ctrl-c").
23.
head : head prints the beginning of a text file to standard putput.
$ head /var/log/messages â€“ Prints the first 10 lines of /var/log/messages.
$ head -100 /var/log/messages - Prints first 100 lines instead of first 10.
24.
last : Using last you can find out who has recently used the system, which
terminals they used, and when they logged in and out.
$ last
To find out when a particular user last logged in to the system, give his
username as an argument
$ last carma
NOTE: The last tool gets its data from the system file `/var/log/wtmp'; the last
line of output tells how far this file goes back. Sometimes, the output will go
back for several weeks or more.
24.
chsh : chsh command is used to change a usersâ€™ login shell. chsh will
accept the full pathname of any executable file on the system. However, it will
issue a warning if the shell is not listed in the /etc/shells file. A sample
chsh session is given below which changes the shell for the user carma to
/bin/bash.
$ chsh carma
Changing shell for carma.
New shell [/usr/local/cpanel/bin/noshell]: /bin/bash
Shell changed.
24.
lynx : lynx is a text based browser for accessing the web pages on the
internet from the linux command line interface. The general syntax for accessing
the yahoo website using lynx is given below.
$ lynx http://www.yahoo.com
24.
w : An extension of the who command that displays details of all users

currently on the server. This is a very important system admin tool to track who
is on the server and what processes they are running.
The default setting for the w command is to show the long list of process
details. You can also run the command w -s to review a shorter process listing,
which is helpful when you have a lot of users on the server.
$ w
$ w -s
24.
wget : Wget is a free utility for non-interactive download of files from
the Web. It supports HTTP, HTTPS, and FTP protocols, as well as retrieval
through HTTP proxies.
$ wget http://mirrors.ccs.neu.edu/Apache/httpd/httpd-2.0.54.tar.gz
24.
su : Set User command is used to change the effective user id and group id
to that of another USER. It thereby allows one user to temporarily become
another user. If no USER is given, the default is `root', the super-user.
If USER has a password, `su' prompts for the password unless run by a user with
effective user id of zero (the super-user)
$ su OR $ su root ( To change to the root user )
$ su carma
2.4. The X Window System
The X Window System, commonly called "X," is a graphical windowing

interface that comes with all popular Linux distributions.
X is available for many Unix-based operating systems; the version of X

that runs on Linux systems with x86-based CPUs is called "XFree86." The current
version of X is 11, Revision 6 -- or "X11R6."
All the command-line tools and most of the applications that you can run
in the console can run in X; also available are numerous applications written
specifically for X.
2.4.1. Running X
When you start X, you should see a mouse pointer appear on the screen as a
large, black "X." If your X is configured to start any tools or applications,
they should each start and appear in individual windows.
*
In X, each program or application in X runs in its own window. Each window
has a decorative border on all four sides, called the window border; L-shaped
corners, called frames; a top window bar, called the title bar, which displays
the name of the window; and several title bar buttons on the left and right
sides of the title bar .
The entire visible work area, including the root window and any other
windows, is called the desktop. The box in the lower right-hand corner, called
the pager, allows you to move about a large desktop.
A window manager controls the way windows look and are displayed -- the
window dressing, as it were -- and can provide some additional menu or program
management capabilities. There are many different window managers to choose
from, with a variety of features and capabilities.
Window managers typically allow you to customize the colors and borders
that are used to display a window, as well as the type and location of buttons
that appear on the window.
And recently, desktop environments have become popular. These are a

collection of applications that run on top of the window manager (and X), with
the purpose of giving your X session a standardized "look and feel"; these
suites normally come with a few basic tools such as clocks and file managers.
The two popular ones are GNOME and KDE, and they generate a lot of press
these days because of their graphical nature.
2.4.1.1). Starting X
There are two ways to start X. Some systems run the X Display Manager, xdm, when
the system boots, at which point a graphical xdm login screen appears; you can
use this to log in directly to an X session. On systems not running xdm, the
virtual console reserved for X will be blank until you start X by running the
startx command.
To start X from a virtual console, type:

$ startx
To run startx and redirect its output to a log file, type:
$ startx >$HOME/startx.log 2>&1 [RET]
Both of these examples start X on the seventh virtual console, regardless

of which console you are at when you run the command -- your console switches to
X automatically.
You can always switch to another console during your X session (using Alt-
Ctrl-F1, Alt-Ctrl-F2 etc upto Alt-Ctrl-F6). The second example writes any error
messages or output of startx to a file called `startx.log' in your home
directory.
On some systems, X starts with 8-bit color depth by default. Use startx
with the special `-bpp' option to specify the color depth. Follow the option
with a number indicating the color depth to use, and precede the option with two
hyphen characters (`--'), which tells startx to pass the options which follow it
to the X server itself.
To start X from a virtual console, and specify 16-bit color depth, type:
$ startx -- -bpp 16 [RET]
2.4.1.2). Stopping X
To end an X session, you normally choose an exit X option from a menu in

your window manager.
If you started your X session with startx, these commands will return you
to a shell prompt in the virtual console where the command was typed. If, on the
other hand, you started your X session by logging in to xdm on the seventh
virtual console, you will be logged out of the X session and the xdm login
screen will appear; you can then switch to another virtual console or log in to
X again.
To exit X immediately and terminate all X processes, press the [CTRL]-

[ALT]-[BKSP] combination. You'll lose any unsaved application data, but this is
useful when you cannot exit your X session normally -- in the case of a system
freeze or other problem.
2.4.2. Running a Program in X
Programs running in an X session are called X clients. (The X Window

System itself is called the X server).
To run a program in X, you start it as an X client -- either by selecting

it from a menu, or by typing the command to run in an xterm shell window (see
Running a Shell in X).
To run an X client from the start menu, click the left mouse button to
select the client's name from the submenus.
You can also start a client by running it from a shell window -- useful
for starting a client that isn't on the menu, or for when you want to specify
options or arguments. When you run an X client from a shell window, it opens in
its own window; run the client in the background to free the shell prompt in the
shell window.
To run a digital clock from a shell window or the opera web browser , type
$ xclock -digital &
$ opera &
2.4.3. Command Line Options to X Client
2.4.3.1). Specifying Window Size and Location
Specify a window's size and location by giving its window geometry with
the `geometry' option. Four fields control the width and height of the windows,
and the window's distance ("offset") from the edge of the screen. It is
specified in the form:
-geometry WIDTHxHEIGHT+XOFF+YOFF
To start a small xclock, 48 pixels wide and 48 pixels high, type:
$ xclock -geometry 48x48
To start an xclock with a width of 48 pixels and the default height, type:
$ xclock -geometry 48
To start an xclock with a height of 48 pixels and the default width, type:
$ xclock -geometry x48
You can give positive or negative numbers for the XOFF and YOFF fields.
Positive XOFF values specify a position from the left of the screen; negative
values specify a position from the right. If YOFF is positive, it specifies a
position from the top of the screen; if negative, it specifies a position from
the bottom of the screen. When giving these offsets, you must specify values for
both XOFF and YOFF.
To start an xclock with a width of 120 pixels, a height of 100 pixels, an

x offset of 250 pixels from the right side of the screen, and a y offset of 25
pixels from the top of the screen, type:
$ xclock -geometry 120x100-250+25
2.4.3.2). Specifying Window Colors

The window colors available in your X session depend on your display hardware
and the X server that is running. The xcolors tool will show all colors
available on your X server and the names used to specify them.
To list the available colors, type:
$ xcolors [RET]
Press [Q] to exit xcolors.
To specify a color to use for the window background, window border, and
text or graphics in the window itself, give the color name as an argument to the
appropriate option: `-bg' for background color, `-bd' for window border color,
and `-fg' for foreground color.
To start an xclock with a light blue window background, type:
$ xclock -bg lightblue [RET]
2.4.3.3). Running a Shell in X
Use xterm to run a shell in a window. You can run commands in an xterm
window just as you would in a virtual console; a shell in an xterm acts the same
as a shell in a virtual console.
Unlike a shell in a console, you can cut and paste text from an xterm to
another X client (see Selecting Text).
To scroll through text that has scrolled past the top of the screen, type
[Shift]-[PgUp]. The number of lines you can scroll back to depends on the value
of the scrollback buffer, specified with the `-sl' option; its default value is
64.
*
NOTE: xterm is probably the most popular terminal emulator X client, but
it is not the only one; others to choose from include wterm and rxvt, all with
their own special features -- try them all to find one you like.
3. FILE MANIPULATION AND MANAGEMENT

3.1. Files and Directories
3.1.1. Naming Files and Directories
File names can consist of upper and lowercase letters, numbers, periods
(`.'), hyphens (`-'), and underscores (`_').File names are also case sensitive.
Directory names follow the same conventions as used with files.
*
Linux does not force you to use file extensions, but it is convenient and
useful to give files proper extensions, since they will help you to identify
file types at a glance.
*
Some commonly used file extensions are .html, .jpg, .xml, .php , .cgi ,
.pl , .gz
3.1.2. Making an Empty File/Directory
You can create an empty file using the touch command. If a file does not
exist, it creates it.
$ touch newfile
You can use mkdir to make a new directory giving the path name of the new
directory as an argument.
$ mkdir /home/carma/public_html/test123
You can make a directory tree using mkdir with the '-p' option.
$ mkdir -p work/support/security
This makes a `security' subdirectory in the directory called `support', which in
turn is in a directory called `work' in the current directory; if the `support'
or the `work' directories do not already exist, they are made as well.
3.1.3. Changing Directories
You can change directories using the cd command.
$ cd /home/carma
Using just "cd" will take you to your home directory.
$ cd
Use "cd -" to return to the directory you were last in,
$ cd -
Every directory has two special files whose names consist of one and two
periods. `..' refers to the parent of the current working directory, and `.'
refers to the current working directory itself. If the current working directory
is `/home/carma', you can use `.' to specify `/home/carma' and `..' to specify
`/home'. Furthermore, you can specify the `/home/test' directory as ../test.
3.2. File Permissions

3.2.1. Concept of File Permissions and Ownership
Because there is typically more than one user on a Linux system, Linux provides
a mechanism known as file permissions, which protect user files from tampering
by other users. This mechanism lets files and directories be â€œowned'' by a
particular user. For example, because the user Carma created the files in his
home directory, Carma owns those files and has access to them.
Sharing files between Groups : Linux also lets files be shared between
users and groups of users. If Carma desired, he could cut off access to his
files so that no other user could access them. However, on most systems the
default is to allow other users to read your files but not modify or delete them
in any way.
*
Every file is owned by a particular user. However, files are also owned by
a particular group, which is a defined group of users of the system.
Every user is placed into at least one group when that user's account is
created. However, the system administrator may grant the user access to more
than one group.
User Groups: Groups are usually defined by the type of users who access
the machine. For example, on a university Linux system users may be placed into
the groups student, staff, faculty or guest. There are also a few system-defined
groups (like wheel and admin) which are used by the system itself to control
access to resources--very rarely do actual users belong to these system groups.
Each member of a group can work with the group's files and make new files that
belong to the group. The system administrator can add new groups and give users
membership to the different groups.
File permissions fall into three main divisions: read, write, and execute.
These permissions may be granted to three classes of users: (1) the owner of the
file, (2) the group to which the file belongs, and (3) to all users, regardless
of group.
Read permission lets a user read the contents of the file, or in the case
of directories, list the contents of the directory (using ls).
Write permission lets the user write to and modify the file. For
directories, write permission lets the user create new files or delete files
within that directory.
Finally, execute permission lets the user run the file as a program or
shell script (if the file is a program or shell script). For directories, having
execute permission lets the user cd into the directory in question.
3.2.2. Interpreting file permissions

Using the ls command with the -l option displays a ``long'' listing of the file,
including file permissions.
$ ls -l testfile
-rw-r--r-- 1 carma users 505 Mar 13 19:05 testfile
The first field in the listing represents the file permissions. The third field
is the owner of the file (carma ) and the fourth field is the group to which the
file belongs (users). Obviously, the last field is the name of the file
(testfile). We'll cover the other fields later.
This file is owned by carma, and belongs to the group users. The string -
rw-r--r-- lists, in order, the permissions granted to the file's owner, the
file's group, and everybody else.
The first character of the permissions string (``-'') represents the type
of file. A â€œ-'' means that this is a regular file (as opposed to a directory
which is denoted by d or device driver).
The next three characters (``rw-'') represent the permissions granted to

the file's owner, carma. The ``r'' stands for ``read'' and the ``w'' stands for
``write''. Thus, carma has read and write permission to the file testfile.
The next three characters, (â€œr--''), represent the group's permissions

on the file. The group that owns this file is users. Because only an ``r''
appears here, any user who belongs to the group users may read this file.
The last three characters, also (â€œr--''), represent the permissions

granted to every other user on the system (other than the owner of the file and
those in the group users). Again, because only an ``r'' is present, other users
may read the file, but not write to it or execute it.
Here are some other examples of permissions:

3.2.3. File Permission Dependencies
The permissions granted to a file also depend on the permissions of the

directory in which the file is located. For example, even if a file is set to -
rwxrwxrwx, other users cannot access the file unless they have read and execute
access to the directory in which the file is located.
For example, if Carma wanted to restrict access to all of his files, he

could set the permissions to his home directory /home/carma to -rwx------. In
this way, no other user has access to his directory, and all files and
directories within it. Carma doesn't need to worry about the individual
permissions on each of his files.
In short, to access a file at all, you must have execute access to all
directories along the file's pathname, and read (or execute) access to the file
itself.
Default permissions : The default set of permissions given to files is -

rw-râ€”râ€”which depends on the umask of that directory as discussed in the
section below. And ,the usual set of permissions given to directories is drwxr-
xr-x, which lets other users look through your directories, but not create or
delete files within them.
3.2.3.1). User file-creation mode mask
The umask (UNIX shorthand for "user file-creation mode mask") is a four-
digit octal number that UNIX uses to determine the file permission for newly
created files.
*
The umask specifies the permissions you do not want given by default to
newly created files and directories.
*
Depending on the umask value of a directory, the permissions of a file or

directory created under it can vary.
*
How umask is used to set and determine the default file creation
permissions on the system is explained below.
o
Default permissions are: 777 - Executable files , 666 - Text file.
o
The permission for the creation of new executable files is

calculated by subtracting the umask value from the default permission value for
the file type being created.
o
An example for a text file is shown below with a umask value of 022:
666 Default Permission for text file
-022 Minus the umask value
----
644 Allowed Permissions
Similary for a directory, the default permission will be 755 as

calculated below:
777 â€“ 022 (Umask value) = 755
The commandline to set the umask on a directory is:
$ umask 022
The most common umask setting is 022. The /etc/profile script is where the
umask command is usually set for all users.
3.2.4. Changing permissions
The command chmod is used to set the permissions on a file. Only the owner of a
file or the root user may change the permissions on that file.
The syntax of chmod is
chmod {a,u,g,o}{+,i}{r,w,x} filenames
Briefly, you first specify one or more of all, user, group, or other. Then you
specify whether you are adding rights (+) or taking them away (-). Finally, you
specify one or more of read, write, and execute.
Some sample commands are given below:
There is another way in which you can specify the file permissions. The
permission bits r,w and x are assigned a number.
r = 4 ,w = 2 , x = 1
Now you can use numbers, which are the sum of the various permission bits.
E.g - rwx will be 4+3+1 = 7. rx becomes 4+1 = 5. The chmod command now becomes
$chmod xyz filename
where x,y and z are numbers representing the permissions of user, group and
others respectively. Each number is the sum of the permissions to be set and are
calculated as given above.
$ chmod 644 testfile
6 = 4 + 2 = rw , 4 = r ,4 = r
3.2.5. Understanding File Permissions Beyond "rwx"
3.2.5.1). 's' bit or 'Set User ID'/ SUID and 'Set Group ID' / SGID
'Set User ID'/ SUID bit
a) How to recognise it : If we change the permissions of a file to 4777 and list

it back (in long format) the permissions will be shown as "-rwsrwxrwx". We can
now see that the SUID bit for this file has been set by the presence of the "s".
That's fine , but now we can't tell if the user execute bit is set, can we? Well
actually, the case gives it away. A lower case "s" means that the execute bit is
set, an upper case "S" means that it is clear. If we change the permissions of
our file to 4677 the permissions will be shown as
"-rwSrwxrwx".
b) What is it for?
The SUID bit only comes into play if the file has execute permission. When such
a file is executed, the resulting process takes on the effective user ID of the
owner of that file .
For example, say we have a program file owned by user "carma" with permissions
"rwsrwxrwx". This file can be run by any user, however, the resulting process
will have all the same access capabilities as carma. If it so chooses, it can
read all the files that carma can read, it can write to all the files that carma
can write to, and it can execute all the files that carma can execute.
c) How to set it ?
$ chmod 4nnn <filename>
Or
$ chmod u+s <filename>
d) Some points worth remembering.
1) Only make a file a root owned SUID if it absolutely has to be.
2.
Keep up-to-date with the security fixes.
"Set Group ID" or SGID bit
a) How to recognise it : A file with permissions set to 2777 will be displayed

as "-rwxrwsrwx". As before, a lower case "s" signifies that the group execute
bit is set.
b) What is it for?
On executable files, SGID has similar function as SUID, but as you might expect,
the resulting process takes on the effective group ID of that of the file. When
applied to directories, SGID takes on a special meaning. Any files created in
such a directory will take on the same group ID as that of the directory,
regardless of the group ID of the user creating the file.
For example, let's say we have a directory with permissions "drwxrwsrwx" owned
by the group "rockers" and a user belonging to the group "carma" (we are talking
about the user's main group ID here) comes along and creates a file in this
directory. The resulting file will have a group ID of "rockers", not "carma" as
would be the case in a normal directory. On non-executable files and non-
directories, the SGID bit has no effect.
c) How to Set it?
It can be set as follows:
chmod 2nnn <filename>
ie chmod 2755 /root/testdir

or
chmod g+s <filename>

3.2.5.2). 't' bit or 'Sticky' bit :
a) How to recognise it : A file with permissions set to 1777 will be displayed

as "-rwxrwsrwt". A lower case "t" signifies that the other execute bit is set.
b) What is it for?
On Linux systems, the sticky bit only has an effect when applied to directories.
A directory with this bit set will allow users to be able to rename or remove
only those files which they own within that directory (other directory
permissions permitting). It is usually found on tmp directories and prevents
users from tampering with one another's files.
c) How to set it ?
The sticky bit can be set as follows:
chmod 1nnn <filename>
ie chmod 1755 /root/testfile.html
or
chmod +t <filename>
3.2.5.3). The Other Mysterious Letters - "d", "l", "b", "c", "p"
You may have come across these little fellows in your travel through your file
system. Here is just a brief explanation on each of them.
d - Example "drwxrwxrwx". You probably haven't managed to get this far

without knowing that this is a directory. I mention it here for completeness.
l - Example "lrwxrwxrwx". This is a symbolic link. A symbolic link is a

file that links to another file and can be used as an alternative way of
accessing that file. The permissions on a symbolic link are irrelevant as it is
the permissions on the target file that count.
b and c - Examples "brwxrwxrwx" and "crwxrwxrwx". These are found on

special files called device files, located in the /dev directory (although there
is nothing to stop them from being created elsewhere). "b" refers to block
devices (such as hard drives), "c" refers to character devices (such as
printers).
p - Example "pwrxrwxrwx". This is a special type of file called a "pipe".

It allows two processes to pass data - one places data into the pipe, the other
takes it out. This type of named pipe file is not often used.
3.2.5.4). Setting SUID, SGID, sticky bit on a single file
As with read, write, execute permissions, it is possible to mix and match SUID,
SGID and sticky bit settings when using the octal style parameter to chmod. An
extreme example would be:
$ chmod 7777 myfile
but there you have it, that's a file with all bits set .
# ls -la myfile
-rwsrwsrwt 1 root root 0 Feb 26 16:39 myfile
3.3. Managing file links
Links let you give a single file more than one name. Files are actually
identified by the system by their inode number, which is just the unique file
system identifier for the file. A directory is actually a listing of inode
numbers with their corresponding filenames. Each filename in a directory is a
link to a particular inode.
3.3.1. Hard links
The ln command is used to create multiple links for one file. For example, let's
say that you have a file called foo in a directory. Using ls -i, you can look at
the inode number for this file.
$ ls -i foo
639098 foo
foo has an inode number of 639098 in the file system.

*
You can create another link to foo, named foolink as follows:
$ ln foo foolink
With ls -i, you check the inodes for these two files and you will see that
they have the same inode.
$ ls -i foolink
639098 foolink
Now, specifying either foo or foolink will access the same file. If you make
changes to foo, those changes appear in foolink as well. For all purposes, foo
and foolink are the same file.
These links are known as hard links because they create a direct link to
an inode. Note that you can hard-link files only when they're on the same file
system; symbolic links (explained) don't have this restriction.
When you delete a file with rm, you are actually only deleting one link to
a file. If you use the command
$ rm foo
then only the link named foo is deleted, foolink will still exist. A file is
only truly deleted on the system when it has no links to it. Usually, files have
only one link, so using the rm command deletes the file. However, if a file has
multiple links to it, using rm will delete only a single link; in order to
delete the file, you must delete all links to the file.
The command ls -l displays the number of links to a file . The second

column in the listing, ``2'', specifies the number of links to the file.
$ ls -l foo foolink
-rw-rw-r-- 2 carma carma 0 Feb 26 13:11 foo
-rw-rw-r-- 2 carma carma 0 Feb 26 13:11 foolink
*
If you do 'ls -lad' on a directory and even if a directory is empty, it
will show that there are 2 links present inside it. This is because every
directory contains at least two hard links: â€œ.'' (a link pointing to itself),
and â€œ..'' (a link pointing to the parent directory). The root directory (/)
â€œ..'' link just points back to /. (In other words, the parent of the root
directory is the root directory itself.)
$ ls -lad testfile/
drwxrwxr-x 2 carma carma 4096 Feb 26 13:22 testfile/

3.3.2. Symbolic Links
Symbolic links, or symlinks, are another type of link, which are different from
hard links. A symbolic link lets you give a file another name, but doesn't link
the file by inode.
The command ln -s creates a symbolic link to a file
$ ln -s foo foolink
This will create a symbolic link named foolink that points to the file foo.
$ ls -i foo foolink
639098 foo 639098 foolink
You can see that the two files have the same inodes indeed.
Using ls -l, we see that the file foolink is a symlink pointing to foo.
$ ls -l foo foolink
-rw-rw-r-- 1 carma carma 0 Feb 26 13:11 foo
lrwxrwxrwx 1 carma carma 3 Feb 26 14:54 foolink -> foo
The file permissions on a symbolic link are not used (they always appear
as rwxrwxrwx). Instead, the permissions on the symbolic link are determined by
the permissions on the target of the symbolic link (in our example, the file
foo).
*
Functionally, hard links and symbolic links are similar, but there are
differences. For one thing, you can create a symbolic link to a file that
doesn't exist; the same is not true for hard links. Symbolic links are processed
by the kernel differently than are hard links, which is just a technical
difference but sometimes an important one. Symbolic links are helpful because
they identify the file they point to; with hard links, there is no easy way to
determine which files are linked to the same inode.
3.4. File ownership and Attributes
Every file belongs to both a user and a group -- usually to the user who created
it and to the group the user was working in at the time (which is almost always
the user's login group). File ownership determines the type of access users have
to particular files.
3.4.1. Determining the Ownership of a File
Use ls with the `-l' option to list the owner and group name for a file. The
name of the user who owns the file appears in the third column of the output,
and the name of the group that owns the file appears in the fourth column as we
had already discussed in our previous sections.
$ ls -l
3.4.2. Changing the Ownership of a File
To change the ownership of the file, use the chown command.
$ chown root testfile
To change the group ownership of file `testfile' to root , use
$ chgrp root testfile
Using the `-R' option, you can recursively change the ownership of
directories and all of their contents inside it.
$ chown -R root testdir
$ chgrp -R root testdir
$ chown -R root.root testdir

3.4.3. Determing the advanced attributes of a file
lsattr lists the advanced file attributes on a second extended filesystem. On an
ext2 file system, it is possible to use ext2 attributes to protect things. Some
of the attributes are given below.
â€ãppend-only' or 'a' attribute: A file with this attribute may be

appended to, but may not be deleted, and the existing contents of the file may
not be overwritten. If a directory has this attribute, any files or directories
within it may be modified as normal, but no files may be deleted.
ìmmutable' or 'i' attribute : This attribute can only be set or cleared

by root. A file or directory with this attribute may not be modified, deleted,
renamed, or (hard) linked.
'undeletable' or 'u' attribute : If a file with that attribute is deleted,

instead of actually being reused, it is merely moved to a `safe location' for
deletion at a later date.
Please go through "man chattr" for finding out more about the attributes that
can be set.
# lsattr test.html
----ia------- test.html
You can see that the file test.html has the immutable and append-only attribute
set on it.
3.4.4. Changing advanced Attributes of a File
The attributes set on a file can be manipulated using the 'chattr' command.
Please note that you need to be the root user to change the attribute on a file.
'a' attribute or append-only attribute can be set using
$chattr +a /root/testfile
or can be removed using
$ chattr -a /root/testfile
*
'i' or immutable attribute can be set using
$chattr +i /root/testfile
or can be removed using
$ chattr -i /root/testfile
'chattr -R' recursively changes attributes of directories and their

contents. Symbolic links encountered during recursive directory traversals are
ignored.
$ chattr -R +ia /root/testdir --ïƒ sets i and a attributes on the directory

/root/testdir and all contents inside it.
3.5. Finding Files
Sometimes you will need to find files on the system that match a given criteria,
such as name and file size. This section will show you how to find a file when
you know only part of the file name, and how to find a file whose name matches a
given pattern. You will also learn how to list files and directories by their
size and to find the location of commands.
3.5.1. Finding All Files That Match a Pattern
The simplest way to find files is with the locate command. locate outputs
a list of all files on the system that match the pattern, giving their full path
name.
For example, all files with the text àudio' somewhere in their full path name,
or all files ending with `ron'.
To find all the files on the system that have the text àudio' anywhere in
their name, type:
$ locate audio
To find all the files on the system whose file names end with the text
`ron', type:
$ locate *ron
*
To find all hidden "dotfiles" on the system, type:
$ locate /.
NOTE: locate searches are not case sensitive.
3.5.2. Finding Files in a Directory Tree
The 'find' command can be used to find specific files in a particular directory
tree, specifying the name of the directory tree to search, the criteria to
match, and -- optionally -- the action to perform on the found files.
You can specify a number of search criteria, and format the output in various
ways; the following sections include recipes for the most commonly used find
commands, as well as a list of find's most popular options.
3.5.2.1). Finding Files in a Directory Tree by Name
Use find to find files in a directory tree by name. Give the name of the
directory tree to search through, and use the `-name' option followed by the
name you want to find.
To list all files on the system whose file name is `top', type:
$ find / -name top
This command will search all directories on the system to which you have access;
if you don't have execute permission for a directory, find will report that
permission is denied to search the directory.
The `-name' option is case sensitive; use the similar `-iname' option to
find name regardless of case.
$ find / -iname top
To list all files in your home directory tree that end in `.php',
regardless of case, type:
$ find ~ -iname '*.php'

*
To list all files in the `/usr/share' directory tree with the text `lib'
somewhere in their name, type:
$ find /usr/share -name '*lib*'
Use `-regex' in place of `-name' to search for files whose names match a
regular expression, or a pattern describing a set of strings. To list all files
in the current directory tree whose names have either the string `net' or `comm'
anywhere in their file names, type:
$ find ./ -regex '.*$net\|comm$.*'
3.5.2.2). Finding Files in a Directory Tree by Size
To find files of a certain size, use the `-size' option, following it with the
file size to match. The file size takes one of three forms:
when preceded with a plus sign (`+'), it matches all files greater than
the given size;
*
when preceded with a hyphen or minus sign (`-'), it matches all files less
than the given size;
*
with neither prefix, it matches all files whose size is exactly as

specified. (The default unit is 512-byte blocks; follow the size with `k' to
denote kilobytes or `b' to denote bytes.)
Examples :
To list all files in the `/usr/local' directory tree that are greater than
10,000 kilobytes in size, type:
$ find /usr/local -size +10000k
*
To list all files in your home directory tree less than 300 bytes in size,
type:
$ find ~ -size -300b
To list all files on the system whose size is exactly 42 512-byte blocks,
type:
$ find / -size 42
Use the `-empty' option to find empty files -- files whose size is 0
bytes. This is useful for finding files that you might not need, and can remove.
To find all empty files in your home directory tree, type:
$ find ~ -empty
3.5.2.3). Finding Files in a Directory Tree by Modification Time
To find files last modified during a specified time, use find with the `-mtime'
or `-mmin' options; the argument you give with `-mtime' specifies the number of
24-hour periods, and with `-mmin' it specifies the number of minutes.
To list the files in the `/usr/local' directory tree that were modified
exactly 24 hours ago, type:
$ find /usr/local -mtime 1
To list the files in the `/usr' directory tree that were modified exactly
five minutes ago, type:
$ find /usr -mmin 5
To list the files in the `/usr/local' directory tree that were modified
within the past 24 hours, type:
$ find /usr/local -mtime -1
To find files in the `/etc' directory tree that are newer than the file
`/etc/motd', type:
$ find /etc -newer /etc/motd
3.5.2.4). Finding Files in a Directory Tree by Owner
To find files owned by a particular user, give the username to search for as an
argument to the `-user' option.
To list all files in the `/usr/local/fonts' directory tree owned by the

user carma, type:
$ find /usr/local/fonts -user carma
The `-group' option is similar, but it matches group ownership instead of

user ownership. To list all files in the `/dev' directory tree owned by the
audio group, type:
$ find /dev -group audio
3.5.2.5) Running Commands on the Files You Find
You can also use find to execute a command you specify on each found file, by
giving the command as an argument to the `-exec' option. If you use the string
â€œ{}'' in the command, this string is replaced with the file name of the
current found file when the command executes. Mark the end of the command with
the string `';''.
To find all files in the `~/html/' directory tree with an `.html'

extension, and output lines from these files that contain the string òrganic',
type:
$ find ~/html/ -name '*.html' -exec grep organic '{}' ';'

3.5.3. Finding Files in Directory Listings
3.5.3.1). Finding the Largest Files in a Directory
To find the largest files in a given directory, use ls to list its contents with
the `-S' option, which sorts files in descending order by their size (normally,
ls outputs files sorted alphabetically). Include the `-l' option to output the
size and other file attributes.
To list the files in the current directory, with their attributes, sorted with
the largest files first, type:
$ ls -lS
3.5.3.2). Finding the Smallest Files in a Directory
To list the contents of a directory with the smallest files first, use ls with
both the `-S' and `-r' options, which reverses the sorting order of the listing.
To list the files in the current directory and their attributes, sorted from
smallest to largest, type:
$ ls -lSr
3.5.3.3). Finding the Smallest Directories
To output a list of directories sorted by their size -- the size of all the
files they contain -- use du and sort. The du tool outputs directories in
ascending order with the smallest first; the `-S' option puts the size in
kilobytes of each directory in the first column of output.
Give the directory tree you want to output as an option, and pipe the output to
sort with the `-n' option, which sorts its input numerically.
To output a list of the subdirectories of the current directory tree, sorted in

ascending order by size, type:
$ du -S . | sort -n
3.5.3.4). Finding the Largest Directories
Use the `-r' option with sort to reverse the listing and output the largest
directories first.
To output a list of the subdirectories in the current directory tree, sorted in
descending order by size, type:
$ du -S . | sort -nr
3.5.3.5). Finding the Number of Files in a Listing
To find the number of files in a directory, use ls and pipe the output to `wc -
l', which outputs the number of lines in its input .
To output the number of files in the current directory, type:
$ ls | wc -l
3.5.4. Finding Where a Command Is Located
Use 'which' to find the full path name of a tool or application from its base
file name.
To find out whether perl is installed on your system, and, if so, where it
resides, type:
$ which perl
/usr/bin/perl
In this example, which output `/usr/bin/perl', indicates that the perl binary is
installed in the `/usr/bin' directory.
This is also useful for determining "which" binary would execute, should
you type the name, since some systems may have different binaries of the same
file name located in different directories. In that case, you can use which to
find which one would execute.
3.6. Managing Files
3.6.1. Determining File Type and Format

When we speak of a file's type, we are referring to the kind of data it
contains, which may include text, executable commands, or some other data; this
data is organized in a particular way in the file, and this organization is
called its format. For example, an image file might contain data in the JPEG
image format, or a text file might contain unformatted text in the English
language .
The file tool analyzes files and indicates their type and -- if known -- the
format of the data they contain. Supply the name of a file as an argument to
file and it outputs the name of the file, followed by a description of its
format and type.
$ file Kids.tar.gz
Kids.tar.gz: gzip compressed data, was "Kids.tar", from Unix
$ file gaim-1.1.1-0.src.rpm
gaim-1.1.1-0.src.rpm: RPM v3 src i386 gaim-1.1.1-0
$ file testfile
testfile: empty
$ file xmas.gif
xmas.gif: GIF image data, version 87a, 445 x 329
3.6.2. Changing File Modification Time
Use to change a file's timestamp without modifying its contents. Give the name
of the file to be changed as an argument. The default action is to change the
timestamp to the current time.
To change the timestamp of file `services' to the current date and time,
type:
$ touch services
To change the timestamp of file `services' to `17 May 1999 14:16', type:
$ touch -d '17 May 1999 14:16' services

*
To change the timestamp of file `services' to `14 May', type:
$ touch -d '14 May' services
To change the timestamp of file `services' to `14:16', type:
$ touch -d '14:16' services
NOTE: When only the date is given, the time is set to `0:00'; when no year is
given, the current year is used.
3.6.3. Splitting a File into Smaller Ones
It's sometimes necessary to split one file into a number of smaller ones. The
split tool copies a file, chopping up the copy into separate files of a
specified size. It takes as optional arguments the name of the input file (using
standard input if none is given) and the file name prefix to use when writing
the output files (using `x' if none is given). The output files' names will
consist of the file prefix followed by a group of letters: àa', àb', àc', and
so on -- the default output file names would be `xaa', `xab', and so on.
To split 'flash_player_linux.tar.gz' into separate files of 200K each,

whose names begin with `flash.tar', type:
$ split -b200k flash_player_linux.tar.gz flash.tar.gz
$ ls -la
total 1960
-rw-r--r-- 1 root root 204800 Feb 28 13:17 flash.tar.gzaa
-rw-r--r-- 1 root root 204800 Feb 28 13:17 flash.tar.gzab
-rw-r--r-- 1 root root 204800 Feb 28 13:17 flash.tar.gzac
-rw-r--r-- 1 root root 204800 Feb 28 13:17 flash.tar.gzad
-rw-r--r-- 1 root root 168252 Feb 28 13:17 flash.tar.gzae
-rw-rw-r-- 1 root root 987452 Dec 27 07:14 flash_player_linux.tar.gz

3.6.4. Comparing Files
There are a number of tools for comparing the contents of files in different
ways; these recipes show how to use some of them.
3.6.4.1). Determining Whether Two Files Differ using 'cmp'
Use cmp to determine whether or not two text files differ. It takes the names of
two files as arguments, and if the files contain the same data, cmp outputs
nothing. If, however, the files differ, cmp outputs the byte position and line
number in the files where the first difference occurs.
$ cmp testfile samplefile
testfile samplefile differ: byte 2, line 1
3.6.4.2). Finding the Differences between Files using 'diff'
Use 'diff' to compare two files and output a difference report containing
the text that differs between two files.To compare two files and output a
difference report, give their names as arguments to diff.
Eg:
$ diff testfile samplefile
1,2c1
< this is a test file
<
---
> testing !!!!!!!!!!!!!
To better see the difference between two files, use sdiff instead of diff;
instead of giving a difference report, it outputs the files in two columns, side
by side, separated by spaces. Lines that differ in the files are separated by
`|'; lines that appear only in the first file end with a `<', and lines that
appear only in the second file are preceded with a `>'.
$ sdiff testfile samplefile
3.6.4.3). Patching a File with a Difference Report
To apply the differences in a difference report to the original file compared in

the report, use patch. It takes as arguments the name of the file to be patched
and the name of the difference report file (or "patchfile"). It then applies the
changes specified in the patchfile to the original file. This is especially
useful for distributing different versions of a file -- small patchfiles may be
sent across networks easier than large source files.
To update the original file `manuscript.new' with the patchfile

`manuscript.diff', type:
$ patch manuscript.new manuscript.diff
To update an entire directory with a patch file, use the syntax below
$ patch -p1 < ../grsecurity.patch
The â€“p option specifies how much of preceding pathname to strip. A num
of 0 strips everything, leaving just the filename. 1 strips the leading /. Each
higher number after that strips another directory from the left.
For Ex: if you have a patchfile with a header as such:
+++ new/modules/kernel Tue Dec 19 20:05:41 2000
Using a -p0 will expect, from your current working directory, to find a
subdirectory called "new", then "modules" below that, then the "kernel" file
below that.
*
Using a -p1 will strip off the 1st level from the path and will expect to
find (from your current working directory) a directory called "modules", then a
file called "kernel". Patch will ignore the "new" directory mentioned in the
header of the patchfile.
Using a -p2 will strip of the first two levels from the path. Patch will
expect to find "kernel" in the current working directory. Patch will ignore the
"new" and "modules" directories mentioned in the header of the patchfile.
3.6.5. File Compression/Decompression
File compression is useful for storing or transferring large files. When you
compress a file, you shrink it and save disk space. File compression uses an
algorithm to change the data in the file; to use the data in a compressed file,
you must first uncompress it to restore the original data (and original file
size).
3.6.5.1). Compression/Decompression Tools
In Red Hat Linux you can compress files with the compression tools gzip, bzip2,
or zip.
The bzip2 compression tool is recommended because it provides the most

compression and is found on most UNIX-like operating systems.
The gzip compression tool can also be found on most UNIX-like operating
systems.
If you need to transfer files between Linux and other operating system
such as MS Windows, you should use zip because it is more compatible with the
compression utilities on Windows.
Compression Tool
File Extension
Uncompression Tool
gzip
.gz
gunzip
bzip2
.bz2
bunzip2
zip
.zip
unzip
By convention, files compressed with gzip are given the extension .gz,
files compressed with bzip2 are given the extension .bz2, and files compressed
with zip are given the extension .zip.
Files compressed with gzip are uncompressed with gunzip, files compressed
with bzip2 are uncompressed with bunzip2, and files compressed with zip are
uncompressed with unzip.
Bzip2 and Bunzip2
To use bzip2 to compress a file, type the following command at a shell prompt:
$ bzip2 filename
The file will be compressed and saved as filename.bz2.To expand the compressed
file, type the following command:
$ bunzip2 filename.bz2
The filename.bz2 is deleted and replaced with filename.You can use bzip2 to
compress multiple files and directories at the same time by listing them with a
space between each one:
$ bzip2 filename.bz2 file1 file2 file3 /usr/local/share
The above command compresses file1, file2, file3, and the contents of the
/usr/local/share directory (assuming this directory exists) and places them in a
file named filename.bz2.
Gzip and Gunzip
To use gzip to compress a file, type:
$ gzip filename
The file will be compressed and saved as filename.gz.
To expand the compressed file, type the command:
$ gunzip filename.gz
The filename.gz is deleted and replaced with filename.
To compress multiple files and directories at the same time by listing

them with a space between each one:
$ gzip -r filename.gz file1 file2 file3 /usr/local/share
The above command compresses file1, file2, file3, and the contents of the
/usr/local/share directory (assuming this directory exists) and places them in a
file named filename.gz.
Zip and Unzip
To compress a file with zip, type the following command:
$ zip -r filename.zip filesdir
filename.zip represents the file you are creating and filesdir represents the
directory you want to put in the new zip file. The -r option specifies that you
want to include all files contained in the filesdir directory recursively.
To extract the contents of a zip file, type the following command:
$ unzip filename.zip
You can use zip to compress multiple files and directories at the same
time by listing them with a space between each one:
$ zip -r filename.zip file1 file2 file3 /usr/local/share
3.6.5.2). Archiving Files at the Shell Prompt
A tar file is a collection of several files and/or directories in one file. This
is a good way to create backups and archives.
Some of the options used with the tar command are:
-c
Create a new archive
-f
When used with the -c option, use the filename specified for the creation of
the tar file; when used with the -x option, unarchive the specified file.
-t
show the list of files in the tar file.

-v
show the progress of the files being archived
-x
extract files from an archive.
-z
compress the tar file with gzip.
-j
â€” compress the tar file with bzip2.
To create a tar file, type:
$ tar -cvf filename.tar directory/file
You can tar multiple files and directories at the same time by listing
them with a space between each one:
$ tar -cvf filename.tar /home/carma/public_html /home/carma/www
The above command places all the files in the public_html and the www
subdirectories of /home/carma in a new file called filename.tar in the current
directory.
To list the contents of a tar file, type:
$ tar -tvf filename.tar
*
To extract the contents of a tar file, type:
$ tar -xvf filename.tar
This command does not remove the tar file, but it places copies of its
unarchived contents in the current working directory, preserving any directory
structure that the archive file used. For example, if the tarfile contains a
file called file.txt within a directory called foo/, then extracting the archive
file will result in the creation of the directory foo/ in your current working
directory with the file file.txt inside of it.
Remember, the tar command does not compress the files by default. To
create a tarred and bzipped compressed file, use the -j option:
$ tar -cjvf filename.tbz file
You can also expand and unarchive a bzip tar file in one command:
$ tar -xjvf filename.tbz
To create a tarred and gzipped compressed file, use the -z option:
$ tar -czvf filename.tgz file
tar files compressed with gzip are conventionally given the extension .tgz or it
can have tar.gz. This command creates the archive file filename.tar and then
compresses it as the file filename.tgz. (The file filename.tar is not saved.) If
you uncompress the filename.tgz file with the gunzip command, the filename.tgz
file is removed and replaced with filename.tar.
You can expand a gzip tar file( .tgz or .tar.gz) in one command:
$ tar -xzvf filename.tgz

4. TEXT MANAGEMENT AND EDITORS
There are a lot of text editors to choose from on Linux systems,but the majority
of editors fit in one of the two families of editor: Emacs and Vi. Most users
prefer one or the other.
Some of the others available are pico, joe, vim, wily, xemacs etc.
4.1. The 'vi' editor
v i-- the "visual editor" is guaranteed to be present on any UNIX or Linux

system .
While using vi, at any one time you are in one of three modes of operation.
Command mode : This mode lets you use commands to edit files or change to
other modes. For example, typing ``x'' while in command mode deletes the
character underneath the cursor. The arrow keys move the cursor around the file
you're editing. Generally, the commands used in command mode are one or two
characters long.
Insert mode : You actually insert or edit text within insert mode. When
using vi, you'll probably spend most of your time in this mode. You start insert
mode by using a command such as `ì'' (for `ìnsert'') from command mode. While
in insert mode, you can insert text into the document at the current cursor
location. To end insert mode and return to command mode, press Esc.
Last line mode/Ex : is a special mode used to give certain extended

commands to vi. While typing these commands, they appear on the last line of the
screen (hence the name).
For example, when you type ``:'' in command mode, you jump into last line mode
and can use commands like ``wq'' (to write the file and quit vi), or ``q!'' (to
quit vi without saving changes). Last line mode is generally used for vi
commands that are longer than one character. In last line mode, you enter a
single-line command and press Enter to execute it.
4.1.1. Starting "vi"
The syntax for vi is "vi filename " where filename is the name of the file to
edit.
$ vi test
To edit the file test, you should see something like

T
he column of ``~'' characters indicates you are at the end of the file.
4.1.2. Inserting text.
The vi program when it starts is always in command mode.
Insert text into the file by pressing i, which places the editor into
insert mode, and begin typing.
Type as many lines as you want (pressing Enter after each). You may
correct mistakes with the Backspace key.
To end insert mode and return to command mode, press Esc.
There are several ways to insert text other than the 'i' command. The 'a'
command inserts text beginning after the current cursor position, instead of at
the current cursor position.
To begin inserting text at the next line, use the o command.
4.1.3. Deleting text
From command mode, the x command deletes the character under the cursor.
You can delete entire lines using the command dd (that is, press d twice
in a row). If the cursor is on the second line and you type dd, the second line
will be deleted.
*
To delete the word that the cursor is on, use the dw command. Place the
cursor on a word , and type dw to delete it.
4.1.4. Changing text
You can replace sections of text using the R command. Place the cursor on
the first letter of a word "party'', press R, and type the word â€œhungry'' and
the word party will be replaced by hungry.
Using R to edit text is like the i and a commands, but R overwrites,

rather than inserts, text.
The r command replaces the single character under the cursor. For example,
move the cursor to the beginning of the word ``Now'', and press r followed by C,
you'll see "Cow" instead.
The â€œ~'' command changes the case of the letter under the cursor from
upper- to lower-case, and back.
4.1.5. Commands for moving the cursor
The 0 command (that's the zero key) moves the cursor to the beginning of
the current line.
The $ command moves it to the end of the line.
When editing large files, you'll want to move forward or backward through
the file a screenful at a time. Pressing Ctrl-F moves the cursor one screenful
forward, and Ctrl-B moves it a screenful back.
*
To move the cursor to the end of the file, press G. You can also move to
an arbitrary line; for example, typing the command 10G would move the cursor to
line 10 in the file. To move to the beginning of the file, use 1G.
4.1.6. Saving files and quitting vi
To quit vi without making changes to the file, use the command :q!. When
you press the ``:'', the cursor changed to the last line or Exec mode and moves
to the last line on the screen.
The command :wq saves the file and then exits vi.
The command ZZ (from command mode, without the ``:'') is equivalent to

:wq.
Remember that you must press Enter after a command is entered in last line
mode.
To save the file without quitting vi, use :w.
4.1.7. Editing another file
To edit another file, use the :e command. For example, to stop editing
test and edit the file foo instead, use the command
:e foo
If you use :e without saving the file first, you'll get an error message
which means that vi doesn't want to edit another file until you save the first
one.
*
If you use the :r command, you can include the contents of another file in
the current file. For example, the command
:r foo.txt
inserts the contents of the file foo.txt in the text at the location of the
cursor.
4.1.8. Running shell commands
You can also run shell commands within vi. The :r! command works like :r,
but rather than read a file, it inserts the output of the given command into the
buffer at the current cursor location.
For example, if you use the command
:r! ls -l
You can also ``shell out'' of vi, in other words, run a command from within vi,
and return to the editor when you're done.
For example, if you use the command
:! ls -F
the ls -F command will be executed and the results displayed on the screen, but
not inserted into the file you're editing.
If you use the command
:shell
vi starts an instance of the shell, letting you temporarily put vi â€œon hold''
while you execute other commands. Just log out of the shell (using the exit
command) to return to vi.
4.2. The Emacs Editor
To call Emacs a text editor does not do it justice -- it's a large application
capable of performing many functions, including reading email.
*
GNU Emacs is the Emacs released under the auspices of Richard Stallman,
who wrote the original Emacs predecessor in the 1970s. Emacs (formerly Lucid
Emacs) offers essentially the same features GNU Emacs does, but also contains
its own features for use with the X Window System.
4.2.1. Getting Acquainted with Emacs
Start Emacs in the usual way, either by choosing it from the menu supplied by
your window manager in X, or by typing its name (in lowercase letters) at a
shell prompt.
To start GNU Emacs at a shell prompt, type:
$ emacs
A file or other text open in Emacs is held in its own area called a
buffer. By default, the current buffer appears in the large area underneath the
menu bar. To write text in the buffer, just type it. The place in the buffer
where the cursor is at is called point, and is referenced by many Emacs
commands.
The horizontal bar near the bottom of the Emacs window and directly
underneath the current buffer is called the mode line; it gives information
about the current buffer, including its name, what percentage of the buffer fits
on the screen, what line point is on, and whether or not the buffer is saved to
a file.
The mode line also lists the modes active in the buffer. Emacs modes are
general states that control the way Emacs behaves -- for example, when Overwrite
mode is set, text you type overwrites the text at point; in Insert mode (the
default), text you type is inserted at point. Usually, either Fundamental mode
(the default) or Text mode will be listed.
4.2.1.1). Basic Emacs Editing Keys
The following table lists basic editing keys and describes their function. Where
two common keystrokes are available for a function, both are given. Note that C
stands for the Ctrl key and M for the Escape key
KEYS
DESCRIPTION
[ ] or Ctrl-p
Move point up to the previous line.
[â†“] or Ctrl-n
Move point down to the next line.
[â† ] or Ctrl-b
Move point back through the buffer one character to the left.
[â†’] or Ctrl-f
Move point forward through the buffer one character to the right.
[PgUp] or Ctrl-v
Move point forward through the buffer one screenful.
[PgDn] or M-v
Move point backward through the buffer one screenful.
[BKSP] or C-h
Delete character to the left of point.
[DEL] or C-d
Delete character to the right of point.
[INS]
Toggles between Insert mode and Overwrite mode.
Ctrl-[SPC]
Set mark (see Cutting Text).
Ctrl-_
Undo the last action (control-underscore).
Ctrl-a
Move point to the beginning of the current line.
Ctrl-e
Move point to the end of the current line.
Ctrl-h i
Start Info.
Ctrl-h F
Open a copy of the Emacs FAQ in a new buffer.
Ctrl-g
Cancel the current command.
Ctrl-h a function [Enter]

List all Emacs commands related to function.
Ctrl-h k key
Describe key.
Ctrl-h t
Start the Emacs tutorial.
Ctrl-k
Kill text from point to end of line.
Ctrl-u number
Repeat the next command or keystroke you type number times.
Ctrl-w
Kill text from mark to point.
Ctrl-x Ctrl-c
Save all buffers open in Emacs, and then exit the program.
C-x C-f file
Open file in a new buffer for editing. To create a new file that does not yet
exist, just specify the file name you want to give it. To browse through your
files, type [TAB] instead of a file name.
C-left-click
Display a menu of all open buffers, sorted by major mode (works in X only).
[SHIFT]-left-click
Display a font selection menu (works in X
Only)
You can run any Emacs function by typing M-x followed by the function name
and pressing [RET].
To run the find-file function, type:
M-x find-file
This command runs the find-file function, which prompts for the name of a file
and opens a copy of the file in a new buffer.
Type C-g in Emacs to quit a function or command; if you make a mistake

when typing a command, this is useful to cancel and abort the keyboard input. To
exit the program -- just type C-x C-c.
Emacs can have more than one buffer open at once. To switch between
buffers, type C-x C-b. Then, give the name of the buffer to switch to, followed
by [RET]; alternatively, type [RET] without a buffer name to switch to the last
buffer you had visited. (Viewing a buffer in Emacs is called visiting the
buffer.)
To switch to a buffer called `filemacs, type:
C-x C-b filemacs
A special buffer called `*scratch*' is for notes and things you don't want
to save; it always exists in Emacs.
To switch to the `*scratch*' buffer, type:

C-x C-b *scratch* [RET]
Incidentally, C-h is the Emacs help key; all help-related commands begin
with this key. For example, to read the Emacs FAQ, type C-h F, and to run the
Info documentation browser (which contains The GNU Emacs Manual), type C-h i.
4.3. The pico editor
One of the simplest text editors available for UNIX is PICO. It is PINE's
default editor, so if you use PINE to read and compose e-mail, you are probably
familiar with pico. pico is an easy editor to use, but it lacks a lot of
features .
Again, ^ stands for the <ctrl> key in the following commands:
To start PICO, type pico (all lowercase letters).
$ pico
To edit a pre-existing file filename, or to create a new file with that

name, type
$ pico filename
To exit, type ^X. PICO will ask you whether you want to save your work if
it is unsaved.
To save your work without quitting, type Ô.
To display the location of the cursor, type ^C.
*
To cut a line (or lines) of text, move your cursor to the lines you want
to cut, and press ^K. To paste the last block of text you cut, press Û.
To search for text, press ^W. (There is no search-and-replace in PICO.)
To get help, look at the bottom of the screen, or press ^G.
4.4. The editor â€œjoeâ€
joe is a text screen editor.To create or modify file foo, type
$ joe foo
Once you are in the editor, you can type in text and use special control-
character sequences to perform other editing tasks. To find out what the
control-character sequences are, read the man page or type Ctrl-K H for help in
the editor.
Once you have typed Ctrl-K H, a menu of help topics appears on the bottom
line. Use the arrow keys to select the topic and then press the spacebar or
ENTER to have help on that topic appear on the screen.
The help window will appear in the top half of the screen, and the editing
window will be in the lower half of the screen. You can enter and edit text
while viewing the help screen. Use the Ctrl-K H command again to dismiss the
help window.
4.5. Text Manipulation
4.5.1. Searching for Text
The primary command used for searching through text is the command called grep.
It outputs lines of its input that contain a given string or pattern.The various
options that can be used with grep are listed below.
*
To output lines in the file â€˜catalog' containing the word 'audio'.
$ grep audio catalog
To output lines in the file â€˜catalog' containing the word `Compact Disc'
$ grep 'Compact Disc' catalog
To output lines in the file `catalog' containing the string `compact disc'
regardless of the case of its letters
$ grep -i 'compact disc' catalog
One thing to keep in mind is that grep only matches patterns that appear on a
single line, so in the preceding example, if one line in `catalog' ends with the
word `compact' and the next begins with `disc', grep will not match either line.
You can specify more than one file to search. When you specify multiple
files, each match that grep outputs is preceded by the name of the file it's in.
To output lines in all of the files in the current directory containing the word
â€˜cd', type:
$ grep cd *
To output lines in all of the `.txt' files in the `~/doc' directory

containing the word `CD', suppressing the listing of file names in the output,
type:
$ grep -h CD ~/doc/*.txt
Use the `-r' option to search a given directory recursively, searching all
subdirectories it contains.To output lines containing the word `CD' in all of
the `.txt' files in the `~/doc' directory and in all of its subdirectories,
type:
$ grep -r CD ~/doc/*.txt
4.5.2. Matching Text Patterns using Regular Expressions

In addition to word and phrase searches, you can use grep to search for complex
text patterns called regular expressions. A regular expression -- or "regexp"---
is a text string of special characters that specifies a set of patterns to
match.
There are a number of reserved characters called metacharacters that don't

represent themselves in a regular expression, but have a special meaning that is
used to build complex patterns. These metacharacters are as follows: ., *, [, ],
^, $, and \.
To specify one of these literal characters in a regular expression, precede the

character with a `\'.
To output lines in the file `catalog' that contain a `$' character, type:
$ grep '\$' catalog
To output lines in the file `catalog' that contain the string `$1.99',
type:
$ grep '\$1\.99' catalog
To output lines in the file `catalog' that contain a `\' character, type:
$ grep '\\' catalog
4.5.2.1). MetaCharacters and their meaning
The following table describes the special meanings of the metacharacters and
gives examples of their usage.
META CHARACTER
MEANING
.
Matches any one character, with the exception of the newline character. For
example, . matches à', `1', `?', `.' (a literal period character), and so
forth.
Matches the preceding regexp zero or more times. For example, matches `-', `--',
`---', `--------', and so forth
[ ]
Encloses a character set, and matches any member of the set.
For example, [abc] matches either à', `b', or `c'. In addition, the hyphen (`-
') and caret (`^') characters have special meanings when used inside brackets:
The hyphen specifies a range of characters, ordered according to their ASCII

value .For example, [0-9] is synonymous with [0123456789]; [A-Za-z] matches one
uppercase or lowercase letter. To include a literal `-' in a list, specify it as
the last character in a list:so [0-9-] matches either a single digit character
or a `-'
As the first character of a list, the caret means that any character except
those in the list should be matched.
For example, [â] matches any character except à', and [^0-9] matches any
character except a numeric digit.
Matches the beginning of the line. So â matches à' only when it is the first
character on a line.
Matches the end of the line. So a$ matches à' only when it is the last
character on a line.
\
Use \ before a metacharacter when you want to specify that its a literal
character. So \$ matches a dollar sign character (`$'), and
\\ matches a single backslash character (`\').
\< \>
Matches the beginning (\<) or end (\>) of a word. For example, \<the matches on
"the" in the string "for the wise" but does not match "the" in "otherwise".
NOTE: this metacharacter is not supported by all applications.
Or two conditions together. For example (him|her) matches the line "it belongs
to him" and matches the line "it belongs to her" but does not match the line "it
belongs to them." NOTE: this metacharacter is not supported by all applications.
Matches one or more occurences of the character or regular expression

immediately preceding. For example, the regular expression 9+ matches 9, 99,
999. NOTE: this metacharacter is not supported by all applications.
Matches 0 or 1 occurence of the character or regular expression immediately

preceding.NOTE: this metacharacter is not supported by all applications.
\{i\}
Match a specific number of instances or instances within a range of the

preceding character. For example, the expression A[0-9]\{3\} will match "A"
followed by exactly 3 digits. That is, it will match A123 but not A1234.
\{i,j\}
Match a specific number of instances or instances within a range of the

preceding character. The expression [0-9]\{4,6\} any sequence of 4, 5, or 6
digits. NOTE: this metacharacter is not supported by all applications.
4.5.2.2). Matching Lines Ending with Certain Text
Use `$' as the last character of quoted text to match that text only at the end
of a line.
*
To output lines in the file `file1' ending with an exclamation point,

type:
$ grep '!$' file1
4.5.2.3). Matching Lines of a Certain Length
To match lines of a particular length, use that number of `.' characters

between `^' and `$'---for example, to match all lines that are two characters
(or columns) wide, use `^..$' as the regexp to search for.To output all lines in
`/usr/dict/words' that are exactly two characters wide, type:
$ grep '^..$' /usr/dict/words
To output all lines in `/usr/dict/words' that are exactly seventeen

characters wide, type:
$ grep '^.\{17\}$' /usr/dict/words
To output all lines in `/usr/dict/words' that are twenty-five or more

characters wide, type:
$ grep '^.\{25,\}$' /usr/dict/words
4.5.2.4). Matching Lines That Contain Any of Some Regexps
To output all lines in `playlist' that contain either the patterns `the
sea' or `cake', type:
$ grep 'the sea\|cake' playlist
4.5.2.5). Matching Lines That Contain All of Some Regexps

To output lines that match all of a number of regexps, use grep to output lines
containing the first regexp you want to match, and pipe the output to a grep
with the second regexp as an argument. Continue adding pipes to grep searches
for all the regexps you want to search for.
To output all lines in `playlist' that contain both patterns `the sea' and
`cake', regardless of case, type
$ grep -i 'the sea' playlist | grep -i cake
4.5.2.6). Matching Lines That Don't Contain a Regexp
To output all lines in a text that don't contain a given pattern, use grep with
the `-v' option -- this option reverts the sense of matching, selecting all non-
matching lines.
To output all lines in `/usr/dict/words' that are not three characters

wide, type:
$ grep -v '^...$'
To output all lines in àccess_log' that do not contain the string `http',
type:
$ grep -v http access_log
4.5.2.7). Matching Lines That Only Contain Certain Characters
To output lines in `/usr/dict/words' that only contain vowels, type:
$ grep -i '^[aeiou]*$' /usr/dict/words
*
The `-i' option matches characters regardless of case; so, in this
example, all vowel characters are matched regardless of case.
4.5.2.8). Using a List of Regexps to Match From
To output all lines in `/usr/dict/words' containing any of the words

listed in the file `forbidden-words', type:
$ grep -f forbidden-words /usr/dict/words
To output all lines in `/usr/dict/words' that do not contain any of the

words listed in `forbidden-words', regardless of case, type:
$ grep -v -i -f forbidden-words /usr/dict/words
4.5.3. Searching More than Plain Text Files
Use zgrep to search through text in files that are compressed. These files
usually have a `.gz' file name extension, and can't be searched or otherwise
read by other tools without uncompressing the file first.
To search through the compressed file `README.gz' for the text `Linux',
type:
$ zgrep Linux README.gz
4.5.4. Matching Lines in Web Pages
You can grep a Web page or other URL by giving the URL to lynx with the `-dump'
option, and piping the output to grep.
To search the contents of the URL http://example.com/ for lines containing

the text èdu' or `carma', type:
lynx -dump http://example.com/ | grep 'edu\|carma'
4.5.5. Searching and Replacing Text
A quick way to search and replace some text in a file is to use the
following one-line perl command:
$ perl -pi -e "s/oldstring/newstring/g;" file1
In this example, oldstring is the string to search, newstring is the

string to replace it with, and file1 is the name of the file or files to work
on. You can use this for more than one file.
To replace the string `helpless' with the string `helpful' in all files in
the current directory, type:
$ perl -pi -e "s/helpless/helpful/g;" *
5. MORE ABOUT SHELL & COMMAND LINE INTERFACE
5.1. Passing Special Characters to Commands
Some characters are reserved and have special meaning to the shell on their own.
Before you can pass one of these characters to a command, you must quote it by
enclosing the entire argument in single quotes ' '.
When the argument you want to pass has one or more single quote characters
in it, enclose it in double quotes,
$ grep "Please Don't Stop!" filename
5.2. Letting the Shell Complete What You Type

Completion is where bash does its best to finish your typing. To use it, press
[TAB] on the input line and the shell will complete the word to the left of the
cursor to the best of its ability.
For example, suppose you want to specify, as an argument to the ls command, the
`/usr/lib/emacs/20.4/, instead of typing out the whole directory name, you can
type [TAB] to complete it for you
$ ls /usr/lib/e[TAB]
5.3. Repeating the Last Command You Typed
Type the upward arrow key to put the last command you typed back on the
input line. You can then type ENTER to run the command again, or you can edit
the command first.
To put the last command you entered containing the string `grep' back on
the input line, type:
$ Ctrl-r
(reverse-i-search)`': grep
To put the third-to-the-last command you entered containing the string

grep back on the input line, type:
$ C-r
(reverse-i-search)`': grep
C-r C-r
When a command is displayed on the input line, type [RET] to run it. You
can also edit the command line as usual.
5.4. Running a List of Commands
To run more than one command on the input line, type each command in the order
you want them to run, separating each command from the next with a semicolon
(`;').
*
To clear the screen and then log out of the system, type:
$ clear; logout
5.5. Redirecting Input and Output
The standard output is where the shell streams the text output of commands
-- the screen on your terminal, by default.
The standard input, typically the keyboard, is where you input data for
commands. When a command reads the standard input, it usually keeps reading text
until you type C-d on a new line by itself.
When a command runs and exits with an error, the error message is usually
output to your screen, but as a separate stream called the standard error.
You redirect these streams -- to a file, or even another command -- with

redirection. The following sections describe the shell redirection operators
that you can use to redirect standard input and output.
5.5.1. Redirecting Input to a File
To redirect standard input to a file, use the `<' operator. To do so, follow a
command with < and the name of the file it should take input from.
apropos searches a set of database files containing short descriptions of system

commands for keywords and displays the result on the standard output.
For example, instead of giving a list of words as arguments to apropos you can
redirect standard input to a file containing a list of keywords to use.
To redirect standard input for apropos to file `keywords', type:
$ apropos < keywords

5.5.2. Redirecting Output to a File
Use the `>' operator to redirect standard output to a file. To use it, follow a
command with > and the name of the file the output should be written to.
To redirect standard output of the command â€˜ls â€“laâ€™ to the file

â€˜filelist', type:
$ ls â€“la > filelist
To append the standard output of â€˜ls â€“laâ€™ to an existing file

`commands', type:
$ ls -la >> commands
5.5.3. Redirecting Error Messages to a File
To redirect the standard error stream to a file, use the `>' operator preceded
by a `2'. Follow a command with 2> and the name of the file the error stream
should be written to.
To redirect the standard error of â€˜ls â€“laâ€™ to the file

`command.error', type:
$ ls â€“la 2> command.error
As with the standard output, use the `>>' operator instead of `>' to
append the standard error to the contents of an existing file. To append the
standard error of apropos shells to an existing file `command.error', type:
$ ls â€“la 2>> command.error
To redirect both standard output and standard error to the same file, use
`&>' instead.
To redirect the standard output and the standard error of ls â€“la to the file
`commands', type:
$ apropos shells &> commands
5.5.4. Redirecting Output to Another Command's Input
Piping is when you connect the standard output of one command to the standard
input of another. You do this by specifying the two commands in order, separated
by a vertical bar character, `|' (sometimes called a "pipe"). Commands built in
this fashion are called pipelines.
To pipe the output of â€˜cat readme.txtâ€™ to less,
$ cat readme.txt | less
To pipe the output of the ls command to the grep command you can use
$ ls -la | grep html

6. BASICS OF LINUX SYSTEM ADMINISTRATION
6.1. Disks, Partitions and File Systems
The basic tasks in administering disks are:
1.
Formatting your disk. This does various things to prepare it for use, such
as checking for bad sectors. (Formatting is nowadays not necessary for most hard
disks.)
2.
Partition a hard disk, if you want to use it for several activities that
aren't supposed to interfere with one another. One reason for partitioning is to
store different operating systems on the same disk. Another reason is to keep
user files separate from system files, which simplifies back-ups and helps
protect the system files from corruption.
3.
Make a filesystem (of a suitable type) on each disk or partition. The disk
means nothing to Linux until you make a filesystem; then files can be created
and accessed on it.
4.
Mount different filesystems to form a single tree structure, either

automatically, or manually as needed. (Manually mounted filesystems usually need
to be unmounted manually as well.)
6.1.1. Character and Block devices
Linux recognizes two different kinds of device:
random-access block devices (such as disks)

*
character devices (such as tapes and serial lines), some of which may be
serial, and some random-access.
Each supported device is represented in the filesystem as a device file. When

you read or write a device file, the data comes from or goes to the device it
represents. For example, to send a file to the printer, one could just say
$ cat filename > /dev/lp1
and the contents of the file are printed.
Note that usually all device files exist even though the device itself
might be not be installed. So just because you have a file /dev/sda, it doesn't
mean that you really do have an SCSI hard disk.
Each hard disk is represented by a separate device file. There can

(usually) be only two or four IDE hard disks. These are known as /dev/hda,
/dev/hdb, /dev/hdc, and /dev/hdd, respectively.
SCSI hard disks are known as /dev/sda, /dev/sdb, and so on.
6.1.2. Partitions/MBR
*
A hard disk can be divided into several partitions. Each partition
functions as if it were a separate hard disk.
6.1.2.1). Why Partition Hard Drive(s)
While it is true that Linux will operate just fine on a disk with only one large
partition defined, there are several advantages to partitioning your disk for at
least the four main file systems (root, usr, home, and swap). These include:
1.
Reduce time required for fsck : First, it may reduce the time required to
perform file system checks (both upon bootup and when doing a manual fsck),
because these checks can be done in parallel. Also, file system checks are a lot
easier to do on a system with multiple partitions. For example, if I knew my
/home partition had problems, I could simply unmount it, perform a file system
check, and then remount the repaired file system
2.
Mount partitions as read-only : Second, with multiple partitions, you can,

if you wish, mount one or more of your partitions as read-only. For example, if
you decide that everything in /usr will not be touched even by root, you can
mount the /usr partition as read-only.
3.
Protecting your file systems: Finally, the most important benefit that
partitioning provides is protection of your file systems. If something should
happen to a file system (either through user error or system failure), on a
partitioned system you would probably only lose files on a single file system.
On a non-partitioned system, you would probably lose them on all file systems.
4.
Multiple OS Support : Finally, since Linux allows you to set up other

operating system(s) (such as Windows 95/98/NT), and then dual- (or triple-, ...)
boot your system, you might wish to set up additional partitions to take
advantage of this. Typically, you would want to set up at least one separate
partition for each operating system. Linux includes a decent boot loader which
allows you to specify which operating system you want to boot at power on.
6.1.2.2). Master Boot Record or MBR
The information about how a hard disk has been partitioned is stored in its
first sector (that is, the first sector of the first track of the first disk
surface).
*
The first sector of the primary hard drive is the master boot record (MBR)
of the disk; this is the sector that the BIOS reads in and starts when the
machine is first booted.
The master boot record is only 512 bytes in size and contains a small
program that reads the partition table, checks which partition is active (that
is, marked bootable), and reads the first sector of that partition, the
partition's boot sector (the MBR is also a boot sector, but it has a special
status and therefore a special name).
This boot sector contains another small program that reads the first part
of the operating system stored on that partition (assuming it is bootable), and
then start it.
The booting process will be dealt with in more detail later on.
6.1.2.3). Partitioning Scheme
The partitioning scheme is not built into the hardware, or even into the
BIOS.
It is only a convention that many operating systems follow. Not all

operating systems follow it, but they are the exceptions and an operating system
that doesn't support partitions cannot co-exist on the same disk with any other
operating system.
You can see the partitions on a machine using the fdisk command as below.
$ fdisk â€“l
Disk /dev/hda: 15 heads, 56 sectors, 690 cylinders
Units = cylinders of 855 * 512 bytes

Device Boot Begin Start End Blocks Id System
/dev/hda1 * 1 1 24 1023 83 Linux native
/dev/hda2 25 25 48 10260 83 Linux native
/dev/hda3 49 49 408 153900 83 Linux native
/dev/hda4 409 409 690 163305 5 Extended
/dev/hda5 409 409 644 143611+ 83 Linux native
/dev/hda6 645 645 690 19636+ 83 Linux native
Extended and logical partitions
The original partitioning scheme for PC hard disks allowed only four partitions.
This quickly turned out to be too little in real life, partly because some
people want more than four operating systems (Linux, MS-DOS, FreeBSD, NetBSD, or
Windows/NT, to name a few), but primarily because sometimes it is a good idea to
have several partitions for one operating system.
To overcome this design problem, extended partitions were invented. This trick
allows partitioning a primary partition into sub-partitions.
The primary partition thus subdivided is the extended partition;
The sub-partitions of an extended partition are logical partitions. They

behave like primary partitions, but are created differently. There is no speed
difference between them.
The partition structure of a hard disk might look like that in Figure below. The
disk is divided into three primary partitions, the second of which is divided
into two logical partitions. Part of the disk is not partitioned at all. The
disk as a whole and each primary partition has a boot sector.
A sample hard disk partitioning.
6.1.2.4). Partition types

*
The partition tables (the one in the MBR, and the ones for extended
partitions) contain one byte per partition that identifies the type of that
partition. This attempts to identify the operating system that uses the
partition, or what it is used for.
The purpose is to make it possible to avoid having two operating systems

accidentally using the same partition.
There is no standardization agency to specify what each byte value means, but
some commonly accepted ones are included in the table below.
Empty
40
Venice 80286
94
Amoeba BBT
DOS 12-bit FAT
51
Novell?
a5
BSD/386
2
Xenix root
52
Microport
b6
BSDI fs
Xenix usr
63
GNU HURD
b8
BSDI swap
DOS 16-bit FAT<32M
64
Novell
e1
DOS access
Extended
65
PC/IX
f2
DOS
DOS 16-bit >=32M
80
Old MINIX
OS/2 HPFS
81
Linux/MINIX
AIX
82
Linux swap
9
AIX bootable
83
Linux native
6.1.2.5). Partitioning a hard disk
There are many programs for creating and removing partitions.The most commonly
used one is â€˜fdiskâ€™.
Some points to keep in mind are:
When using IDE disks, the boot partition (the partition with the bootable
kernel image files) must be completely within the first 1024 cylinders. This is
because the disk is used via the BIOS during boot (before the system goes into
protected mode), and BIOS can't handle more than 1024 cylinders. Therefore, make
sure your boot partition is completely within the first 1024 cylinders
Each partition should have an even number of sectors, since the Linux
filesystems use a 1 kilobyte block size, i.e., two sectors. An odd number of
sectors will result in the last sector being unused. This won't result in any
problems, but it is ugly, and some versions of fdisk will warn about it.
Changing a partition's size usually requires first backing up everything

you want to save from that partition ,deleting the partition, creating new
partition, then restoring everything to the new partition
6.1.2.6). Various Mount Points
Here is a description of the various mount points and file system information,
which may give you a better idea of how to best define your partition sizes for
your own needs:
1.
/ (root) - used to store things like temporary files, the Linux kernel and
boot image, important binary files (things that are needed before Linux can
mount the /usr partition), and more importantly log files, spool areas for print
jobs and outgoing e-mail, and user's incoming e-mail. It is also used for
temporary space when performing certain operations, such as building RPM
packages from source RPM files
2.
/usr/ - should be the largest partition, because most of the binary files
required by Linux, as well as any locally installed software, web pages , some
locally-installed software log files, etc. are stored here. The partition type
should be left as the default of 83 (Linux native).
3.
/home/ - typically if you aren't providing shell accounts to your users,

you don't need to make this partition very big. The exception is if you are
providing user home pages (such web pages), in which case you might benefit from
making this partition larger. Again, the partition type should be left as the
default of 83 (Linux native).
4.
swap - Linux provides something called "virtual memory" to make a larger

amount of memory available than the physical RAM installed in your system. The
swap partition is used with main RAM by Linux to accomplish this. As a rule of
thumb, your swap partition should be at least double the amount of physical RAM
installed in your system.If you have more than one physical hard drive in your
system, you can create multiple swap partitions. The partition type needs to be
changed to 82 (Linux swap).
5.
/var/ (optional) - You may wish to consider splitting up your / root

partition a bit further. The /var directory is used for a great deal of runtime
storage, including mail spools (both ingoing and outgoing), print jobs, process
locks, etc. Having this directory mounted under / (root) may be a bit dangerous
because a large amount of incoming e-mail (for example), may suddenly fill up
the partition. Since bad things can when the / (root) partition fills up, having
/var on its own partition may avoid such problems. The partition type should be
left as the default of 83 (Linux native).
6.
/boot/ (optional) - In some circumstances (such as a system set up in a

software RAID configuration) it may be necessary to have a separate partition
from which to boot the Linux system. This partition would allow booting and then
loading of whatever drivers are required to read the other file systems. The
size of this partition can be as small as a couple of Mb (approx 10 Mb) The
partition type should be left as the default of 83 (Linux native).
7.
/backup (optional) - If you have any extra space lying around, perhaps you
would benefit from a partition for a directory called, for example, /backup. The
partition type can be left as the default of 83 (Linux native).
Example : Settings up partitions
To give you an example of how one might set up partitions, you can verify below.
Device Boot Start End Blocks Id System
/dev/hda1 * 1 254 1024096+ 6 16-bit >=32M DOS
/dev/hda2 255 682 2128896 5 Extended
/dev/hda3 255 331 310432+ 83 Linux native
/dev/hda8 650 682 133024+ 82 Linux swap
The first partition, /dev/hda1, is a DOS-formatted file system used to

store the alternative operating system (Windows 95). This gives 1 Gb of space
for that operating system.
The second partition, /dev/hda2, is a physical partition (called

"extended") that encompasses the remaining space on the drive.
The third through fifth partitions, /dev/hda3, /dev/hda5, and /dev/hda6,

are all e2fs-formatted file systems used for the / (root), /usr, and the /home
partitions, respectively.
*
Finally, the sixth partition, /dev/hda8, is used for the swap partition.
For yet another example, this time is a box with two hard drives (sole boot,
Linux only), you can choose the following partitioning scheme:
/dev/sda1 * 1 1 2046 4 DOS 16-bit <32M
/dev/sda2 2 168 346859 83 Linux native
/dev/sda3 169 231 130851 82 Linux swap
/dev/sda4 232 1009 1615906 5 Extended
/dev/sdb1 1 509 2114355 83 Linux native
/dev/sdb2 510 1019 2118540 83 Linux native
The first partition, /dev/sda1, is a DOS-formatted file system used to

store the LILO boot loader. The Alpha platform has a slightly different method
of booting than an Intel system does, therefore Linux stores its boot
information in a FAT partition. This partition only needs to be as large as the
smallest possible partition allowed -- in this case, 2Mb.
The second partition, /dev/sda2, is an e2fs-formatted file system used for

the / (root) partition.
The third partition, /dev/sda3, is used for the swap partition.
The fourth partition, /dev/sda4, is an "extended" partition (see previous

example for details).
The fifth and sixth partitions, /dev/sda5, and /dev/sda6, are e2fs-
formatted file systems used for the /home and /usr partitions, respectively.
*
The seventh partition, /dev/sdb1, is an e2fs-formatted file system used

for the /archive partition.
The eighth and final partition, /dev/sdb2, is an e2fs-formatted file

system used for the /archive2 partition.
After you finish setting up your partition information, you'll need to write the
new partition to disk. After this, the Red Hat installation program reloads the
partition table into memory, so you can continue on to the next step of the
installation process.
6.1.2.7). Device files and partitions
Each partition and extended partition has its own device file.
The naming convention for these files is that a partition's number is

appended after the name of the whole disk, with the convention that 1-4 are
primary partitions (regardless of how many primary partitions there are).
Number greater than 5 are logical partitions (regardless of within which

primary partition they reside).
For example, /dev/hda1 is the first primary partition on the first IDE
hard disk, and /dev/sdb6 is the third extended partition on the second SCSI hard
disk.
6.1.3. FileSystems
What are filesystems?
A filesystem is the methods and data structures that an operating system uses to
keep track of files on a disk or partition; that is, the way the files are
organized on the disk.
*
The difference between a disk or partition and the filesystem it contains
is important. A few programs (including, reasonably enough, programs that create
filesystems) operate directly on the raw sectors of a disk or partition; if
there is an existing file system there, it will be destroyed or seriously
corrupted.
Most programs operate on a filesystem, and therefore won't work on a

partition that doesn't contain one (or that contains one of the wrong type).
Making a file system : Before a partition or disk can be used as a

filesystem, it needs to be initialized, and the bookkeeping data structures need
to be written to the disk. This process is called making a filesystem.
Some terms related to file system
Some of the common terms which you come across related to file systems are
superblock, inode, data block, directory block, and indirection block.
The superblock contains information about the filesystem as a whole, such

as its size, access rights and time of the last modification. (the exact
information here depends on the filesystem).
An inode contains all information about a file, except its name. The name
is stored in the directory, together with the number of the inode.
A directory entry consists of a filename and the number of the inode which
represents the file.
The inode contains the numbers of several data blocks, which are used to
store the data in the file.
*
There is space only for a few data block numbers in the inode, however,
and if more are needed, more space for pointers to the data blocks is allocated
dynamically. These dynamically allocated blocks are indirect blocks; the name
indicates that in order to find the data block, one has to find its number in
the indirect block first.
6.1.3.1). Some of the Linux Filesystems
Linux supports several types of filesystems. Some of the important ones are.
1.
ext3 : ext3 filesystem has all the features of the ext2 filesystem. The
difference is, journaling has been added. This improves performance and recovery
time in case of a system crash. This has become more popular than ext2.
2.
ext2 : The most featureful of the native Linux filesystems. It is designed

to be easily upwards compatible, so that new versions of the filesystem code do
not require re-making the existing filesystems.
3.
ext : An older version of ext2 that wasn't upwards compatible. It is

hardly ever used in new installations any more, and most people have converted
to ext2.
4.
vfat : This is an extension of the FAT filesystem known as FAT32. It

supports larger disk sizes than FAT. Most MS Windows disks are vfat.
5.
nfs : A networked filesystem that allows sharing a filesystem between many

computers to allow easy access to the files from all of them.
6.
physical volume (LVM) â€” Creating one or more physical volume (LVM)
partitions allows you to create an LVM logical volume
7.
software RAID â€” Creating two or more software RAID partitions allows you
to create a RAID device.
8.
swap â€” Swap partitions are used to support virtual memory. In other
words, data is written to a swap partition when there is not enough RAM to store
the data your system is processing.
9.
smbfs : A networks filesystem which allows sharing of a filesystem with an

MS Windows computer. It is compatible with the Windows file sharing protocols.
Journaled File System
A filesystem that uses journaling is also called a journaled filesystem. A

journaled filesystem maintains a log, or journal, of what has happened on a
filesystem.
In the event of a system crash, a journaled filesystem is designed to use

the filesystem's logs to recreate unsaved and lost data. This makes data loss
much less likely and is likely become a standard feature in Linux filesystems.
Currently, ext3 is the most popular filesystem, because it is a journaled

filesystem
6.1.4. Software RAID
RAID stands for Redundant Array of Independent Disks. The basic idea behind RAID
is to combine multiple small, inexpensive disk drives into an array to
accomplish performance or redundancy goals not attainable with one large and
expensive drive. This array of drives will appear to the computer as a single
logical storage unit or drive.
RAID is a method in which information is spread across several disks,

using techniques such as disk striping (RAID Level 0), disk mirroring (RAID
level 1), and disk striping with parity (RAID Level 5) to achieve redundancy,
lower latency and/or increase bandwidth for reading or writing to disks, and
maximize the ability to recover from hard disk crashes.
The underlying concept of RAID is that data may be distributed across each
drive in the array in a consistent manner.
To do this, the data must first be broken into consistently-sized chunks

(often 32K or 64K in size, although different sizes can be used). Each chunk is
then written to a hard drive in RAID according to the RAID level used.
*
When the data is to be read, the process is reversed, giving the illusion
that multiple drives are actually one large drive.
6.1.4.1). Advantages of using RAID
Primary reasons to use RAID include:
Enhanced speed
*
Increased storage capacity using a single virtual disk

*
Lessened impact of a disk failure
6.1.4.2). Hardware and Software RAID
There are two possible RAID approaches: Hardware RAID and Software RAID.
Hardware RAID
The hardware-based system manages the RAID subsystem independently from

the host and presents to the host only a single disk per RAID array.
*
An example of a Hardware RAID device would be one that connects to a SCSI

controller and presents the RAID arrays as a single SCSI drive.
*
An external RAID system moves all RAID handling "intelligence" into a

controller located in the external disk subsystem. The whole subsystem is
connected to the host via a normal SCSI controller and appears to the host as a
single or multiple disk.
Software RAID
Software RAID implements the various RAID levels in the kernel disk (block
device) code.
*
It offers the cheapest possible solution, as expensive disk controller
cards or hot-swap chassis (A hot-swap chassis allows you to remove a hard drive
without having to power-down your system) are not required.
*
Software RAID also works with cheaper IDE disks as well as SCSI disks.
With today's fast CPUs, Software RAID performance can excel against Hardware
RAID.
*
The MD driver in the Linux kernel is an example of a RAID solution that is

completely hardware independent. The Linux MD driver supports currently RAID
levels 0/1/4/5 + linear mode.
*
The performance of a software-based array is dependent on the server CPU

performance and load.
6.1.4.3). Different Types of Raid Implementations
The current RAID drivers in Linux supports the following levels of Software RAID
implementations.
Level 0
RAID level 0, often called "striping," is a performance-oriented striped

data mapping technique.
This means the data being written to the array is broken down into strips
and written across the member disks of the array, allowing high I/O performance
at low inherent cost but provides no redundancy.
The storage capacity of a level 0 array is equal to the total capacity of

the member disks in a Hardware RAID or the total capacity of member partitions
in a Software RAID.
There is no redundancy in this level and if you remove a drive from a

RAID-0 set, the RAID device will not just miss one consecutive block of data, it
will be filled with small holes all over the device. e2fsck or other filesystem
recovery tools will probably not be able to recover much from such a device.
Level 1
RAID level 1, or "mirroring," has been used longer than any other form of
RAID.
Level 1 provides redundancy by writing identical data to each member disk

of the array, leaving a "mirrored" copy on each disk.
Mirroring remains popular due to its simplicity and high level of data
availability.
This is the first mode which actually has redundancy.
RAID-1 can be used on two or more disks with zero or more spare-disks.
This mode maintains an exact mirror of the information on one disk on the other
disk(s). Of Course, the disks must be of equal size.
If one disk is larger than another, your RAID device will be the size of
the smallest disk.
Level 1 provides very good data reliability and improves performance for
read-intensive applications but at a relatively high cost.
The storage capacity of the level 1 array is equal to the capacity of one
of the mirrored hard disks in a Hardware RAID or one of the mirrored partitions
in a Software RAID.
Level 4
*
Level 4 uses parity concentrated on a single disk drive to protect data.
It can be used on three or more disks. Instead of completely mirroring the

information, it keeps parity information on one drive, and writes data to the
other disks in a RAID-0 like way.
If one drive fails, the parity information can be used to reconstruct all
data. If two drives fail, all data is lost.
The reason this level is not more frequently used, is because the parity
information is kept on one drive. This information must be updated every time
one of the other disks are written to. Thus, the parity disk will become a
bottleneck, if it is not a lot faster than the other disks.
Although RAID level 4 is an option in some RAID partitioning schemes, it

is not an option allowed in Red Hat Linux RAID installations.
Level 5
This is the most common type of RAID. It can be used on three or more
disks, with zero or more spare-disks.
The big difference between RAID-5 and -4 is, that the parity information
is distributed evenly among the participating drives, avoiding the bottleneck
problem in RAID-4.
The only performance bottleneck is the parity calculation process. With

modern CPUs and Software RAID, that usually is not a very big problem.
*
The storage capacity of Hardware RAID level 5 is equal to the capacity of
member disks, minus the capacity of one member disk.
If one of the disks fail, all data are still intact, thanks to the parity
information. If spare disks are available, reconstruction will begin immediately
after the device failure. If two disks fail simultaneously, all data are lost.
RAID-5 can survive one disk failure, but not two or more.
Linear RAID
Linear RAID is a simple grouping of drives to create a larger virtual

drive.
The disks are "appended" to each other, so writing linearly to the RAID
device will fill up disk 0 first, then disk 1 and so on. The disks does not have
to be of the same size. In fact, size doesn't matter at all here.
There is no redundancy in this level. If one disk crashes you will most
probably lose all your data. You can however be lucky to recover some data,
since the filesystem will just be missing one large consecutive chunk of data.
The capacity is the total of all member disks.
6.1.5. Logical Volume Manager (LVM)
LVM is a method of allocating hard drive space into logical volumes that can be
easily resized instead of partitions.
With LVM, the hard drive or set of hard drives is allocated to one or more
logical volumes.
*
Since a physical volume can not span over more than one drive, if you want
the logical volume group to span over more than one drive, you must create one
or more logical volumes per drive.
*
The physical volumes are combined into logical volume groups, with the
exception of the /boot partition. The /boot partition can not be on a logical
volume group because the boot loader can not read it.
*
If you want to have the root / partition on a logical volume, you will
need to create a separate /boot partition which is not a part of a volume group.
The logical volume group is divided into logical volumes, which are
assigned mount points such as /home and / and file system types such as ext3.
*
When "partitions" reach their full capacity, free space from the logical
volume group can be added to the logical volume to increase the size of the
partition.
*
When a new hard drive is added to the system, it can be added to the
logical volume group, and the logical volumes that are the partitions can be
expanded.
On the other hand, if a system is partitioned with the ext3 file system,
the hard drive is divided into partitions of defined sizes. If a partition
becomes full, it is not easy to expand the size of the partition.
*
LVM support must be compiled into the kernel. The default kernel for Red
Hat Linux 9 is compiled with LVM support
6.2.RedHat Installation and Hardware Configuration
Red Hat Linux 9 should be compatible with most hardware in systems that were
factory built within the last two years.
Before you start the installation process, one of the following conditions must
be met:
Your computer must have enough disk space for the installation of Red Hat
Linux.
*
You must have one or more partitions that may be deleted, thereby freeing
up enough disk space to install Red Hat Linux.
6.2.1. Preparing for Installation

6.2.1.1). Installation Disk Space Requirements
Personal Desktop
A personal desktop installation, including a graphical desktop environment,

requires at least 1.6GB of free space. Choosing both the GNOME and KDE desktop
environments requires at least 1.8GB of free disk space.
Workstation
A workstation installation, including a graphical desktop environment and

software development tools, requires at least 2.1GB of free space. Choosing both
the GNOME and KDE desktop environments requires at least 2.2GB of free disk
space.
Server
A server installation requires 850MB for a minimal installation without X (the

graphical environment), at least 1.5GB of free space if all package groups other
than X are installed, and at least 5.0GB to install all packages including the
GNOME and KDE desktop environments.
Custom
A Custom installation requires 465MB for a minimal installation and at least

5.0GB of free space if every package is selected.
6.2.1.2). Installation Methods
The following installation methods are available:
CD-ROM
If you have a CD-ROM drive and the Red Hat Linux CD-ROMs, you can use this
method. You will need a boot diskette or a bootable CD-ROM.
*
Hard Drive
If you have copied the Red Hat Linux ISO images to a local hard drive, you can
use this method. You will need a boot diskette. Hard drive installations require
the use of the ISO (or CD-ROM) images. An ISO image is a file containing an
exact copy of a CD-ROM disk image
NFS Image
If you are installing from an NFS server using ISO images or a mirror image of
Red Hat Linux, you can use this method. You will need a network driver diskette.
FTP
If you are installing directly from an FTP server, use this method. You will
need a network driver diskette.
HTTP
If you are installing directly from an HTTP (Web) server, use this method. You
will need a network driver diskette.
6.2.1.3). Choosing the Installation Class
1.
Personal Desktop Installations
Minimum Requirements
Personal Desktop: 1.6GB

*
Personal Desktop choosing both GNOME and KDE: 1.8GB

*
With all package groups (for example, Office/Productivity is a group of

packages) : 5.0GB minimum.
What a Personal Desktop Installation Will Do:

If you choose automatic partitioning, a personal desktop installation will
create the following partitions:
The size of the swap partition is determined by the amount of RAM in your
system and the amount of space available on your hard drive. For example, if you
have 128MB of RAM then the swap partition created can be 128MB â€“ 256MB (twice
your RAM), depending on how much disk space is available.
A 100MB partition mounted as /boot in which the Linux kernel and related
files reside.
A root partition mounted as / in which all other files are stored (the
exact size of this partition is dependent on your available disk space).
2.
Workstation Installations
Minimum Requirements :
Workstation: 2.1GB
*
Workstation choosing both GNOME and KDE: 2.2GB

*
With all package groups : 5 GB or more
What a Workstation Installation Will Do
If you choose automatic partitioning, a workstation installation will create the

partitions in the same way as for the personal desktop.
Server Installations
Minimum Requirements :
*
Server (minimum, no graphical interface): 850MB

*
Server (choosing everything, no graphical interface): 1.5GB

*
Server (choosing everything, including a graphical interface): 5.0GB

*
With all software packages: 5GB and more
What a Server Installation Will Do
If you choose automatic partitioning, a server installation will create the

partitions in the same way as for the workstation.
Custom Installations
The custom installation allows you the most flexibility during your
installation. During a custom installation, you have complete control over the
packages that are installed on your system.
Recommended Minimum Requirements:
Custom (minimum): 465MB

*
Custom (choosing everything): 5.0GB
What a Custom Installation Will Do:
As you might guess from the name, a custom installation puts the emphasis on
flexibility. You have complete control over which packages will be installed on
your system.
If you choose automatic partitioning, a custom installation will create the

partitions in the same format as we have discussed above.
Upgrading Your System

Upgrading Red Hat Linux 6.2 (or greater) will not delete any existing data. The
installation program updates the modular kernel and all currently installed
software packages.
6.2.1.4). Hardware/System Information Required
The hardware or system info that you are required to know to make your Red Hat
Linux installation go more smoothly are given below though most of them will be
automatically detected by the installation software.
Hard drive(s): type, label, size; ex: IDE hda=1.2 GB
Partitions: map of partitions and mount points; ex: /dev/hda1=/home,

/dev/hda2=/ (fill this in once you know where they will reside)
memory: amount of RAM installed on your system; ex: 64 MB, 128 M
CD-ROM: interface type; ex: SCSI, IDE (ATAPI)
SCSI adapter: if present, make and model number; ex: BusLogic SCSI Adapter
network card: if present, make and model number; ex: Tulip, 3COM 3C590
*
mouse: type, protocol, and number of buttons; ex: generic 3 button PS/2
mouse, MouseMan 2 button serial mouse
monitor: make, model, and manufacturer specifications; ex: Optiquest Q53,

ViewSonic G663
video card: make, model number and size of VRAM; ex: Creative Labs
Graphics Blaster 3D, 8MB
*
sound card: make, chipset and model number; ex: S3 SonicVibes, Sound
Blaster 32/64 AWE
6.2.2. RedHat Installation Procedure
To start the installation, you must first boot the installation program. You can
boot the installation program using the bootable CD-ROM. Your BIOS settings may
need to be changed to allow you to boot from the diskette or CD-ROM.
After a short delay, a screen containing the boot: prompt should
appear. The screen contains information on a variety of boot options. Each boot
option also has one or more help screens associated with it. To access a help
screen, press the appropriate function key as listed in the line at the bottom
of the screen.
Normally, you only need to press [Enter] to boot. Watch the boot messages to see
if the Linux kernel detects your hardware. If your hardware is properly
detected, please continue to the next section. If it does not properly detect
your hardware, you may need to restart the installation in expert mode.
If you do not wish to perform a graphical installation, you can start a

text mode installation using the following boot command:
boot: linux text
If the installation program does not properly detect your hardware, you
may need to restart the installation in expert mode. Enter expert mode using the
following boot command:
boot: linux noprobe
For text mode installations in expert mode, use:
boot: linux text noprobe

Expert mode disables most hardware probing, and gives you the option of entering
options for the drivers loaded during the installation. The initial boot
messages will not contain any references to SCSI or network cards. This is
normal; these devices are supported by modules that are loaded during the
installation process.
6.2.2.1). Initial Installation Steps
1.
Put your linux installation CD-ROM into the drive and boot from the
CD.
2.
Language Selection : Using your mouse, select the language you would
prefer to use for the installation. (English). Once you select the appropriate
language, click Next to continue.
3.
Keyboard Configuration : Using your mouse, select the correct layout

type (for example, U.S. English) for the keyboard you would prefer to use for
the installation and as the system default. Once you have made your selection,
click Next to continue.
4.
Mouse Configuration : Choose the correct mouse type for your system.
If you cannot find an exact match, choose a mouse type that you are sure is
compatible with your system. The Emulate 3 buttons checkbox allows you to use a
two-button mouse as if it had three buttons. In general, the graphical interface
(the X Window System) is easier to use with a three-button mouse. If you select
this checkbox, you can emulate a third, "middle" button by pressing both mouse
buttons simultaneously.
5.
Choosing to Upgrade or Install : To perform a new installation of

Red Hat Linux on your system, select Perform a new Red Hat Linux installation
and click Next.
6.
Installation Type : Choose the type of installation you would like

to perform .Red Hat Linux allows you to choose the installation type that best
fits your needs. Your options are Personal Desktop, Workstation, Server, Custom,
and Upgrade.
6.2.3. Disk Partitioning Setup
On this screen, you can choose to perform automatic partitioning, or manual

partitioning using Disk Druid.
Automatic partitioning allows you to perform an installation without

having to partition your drive(s) yourself. If you do not feel comfortable with
partitioning your system, it is recommended that you do not choose to partition
manually and instead let the installation program partition for you.
*
To partition manually, choose the Disk Druid partitioning tool.
6.2.3.1). Automatic Partitioning
Automatic partitioning allows you to have some control concerning what data is
removed (if any) from your system. Your options are:
Remove all Linux partitions on this system â€” select this option to
remove only Linux partitions (partitions created from a previous Linux
installation). This will not remove other partitions you may have on your hard
drive(s) (such as VFAT or FAT32 partitions).
*
Remove all partitions on this system â€” select this option to remove all
partitions on your hard drive(s) (this includes partitions created by other
operating systems such as Windows 9x/NT/2000/ME/XP or NTFS partitions).
*
Keep all partitions and use existing free space â€” select this option to
retain your current data and partitions, assuming you have enough free space
available on your hard drive(s).
6.2.3.2). Manual Partitioning Using Disk Druid
The partitioning tool used by the installation program is Disk Druid. Above the
display, you will see the drive name (such as /dev/hda), the geom (which shows
the hard disk's geometry and consists of three numbers representing the number
of cylinders, heads, and sectors as reported by the hard disk), and the model of
the hard drive as detected by the installation program.
Disk Druid's Buttons
New: Used to request a new partition. When selected, a dialog box appears
containing fields (such as mount point and size) that must be filled in.
*
Edit: Used to modify attributes of the partition currently selected in the
Partitions section. Selecting Edit opens a dialog box. Some or all of the fields
can be edited, depending on whether the partition information has already been
written to disk.
*
You can also edit free space as represented in the graphical display to
create a new partition within that space. Either highlight the free space and
then select the Edit button, or double-click on the free space to edit it.
*
Delete: Used to remove the partition currently highlighted in the Current

Disk Partitions section. You will be asked to confirm the deletion of any
partition.
*
Reset: Used to restore Disk Druid to its original state. All changes made
will be lost if you Reset the partitions.
*
RAID: Used to provide redundancy to any or all disk partitions. It should

only be used if you have experience using RAID. To read more about RAID, refer
to the Red Hat Linux Customization Guide. To make a RAID device, you must first
create software RAID partitions. Once you have created two or more software RAID
partitions, select RAID to join the software RAID partitions into a RAID device.
*
LVM: Allows you to create an LVM logical volume. The role of LVM (Logical
Volume Manager) is to present a simple logical view of underlying physical
storage space, such as a hard drive(s). LVM manages individual physical disks
â€” or to be more precise, the individual partitions present on them. To create
an LVM logical volume, you must first create partitions of type physical volume
(LVM). Once you have created one or more physical volume (LVM) partitions,
select LVM to create an LVM logical volume.
Partition Fields
Above the partition hierarchy are labels which present information about the
partitions you are creating. The labels are defined as follows:
Device: This field displays the partition's device name.

*
Mount Point/RAID/Volume: A mount point is the location within the

directory hierarchy at which a volume exists; the volume is "mounted" at this
location. This field indicates where the partition will be mounted. If a
partition exists, but is not set, then you need to define its mount point.
Double-click on the partition or click the Edit button.
*
Type: This field shows the partition's type (for example, ext2, ext3, or
vfat).
*
Format: This field shows if the partition being created will be formatted.
*
Size (MB): This field shows the partition's size (in MB).
*
Start: This field shows the cylinder on your hard drive where the
partition begins.
*
End: This field shows the cylinder on your hard drive where the partition
ends.
6.2.3.3). Recommended Partitioning Scheme
Unless you have a reason for doing otherwise, you can use the following
partitioning scheme
A swap partition (at least 32MB) â€” swap partitions are used to support
virtual memory. In other words, data is written to a swap partition when there
is not enough RAM to store the data your system is processing. The size of your
swap partition should be equal to twice your computer's RAM, or 32MB, whichever
amount is larger.
A /boot partition (100MB) â€” the partition mounted on /boot contains the
operating system kernel (which allows your system to boot Red Hat Linux), along
with files used during the bootstrap process. For most users, a 100MB boot
partition is sufficient.
6.2.3.4). Adding Partitions
The following fields need to be taken care off while creating new partitions.
Mount Point: Enter the partition's mount point. For example, if this
partition should be the root partition, enter /; enter /boot for the /boot
partition, and so on. You can also use the pull-down menu to choose the correct
mount point for your partition.
*
File System Type(ext2 or ext3 or swap) : Using the pull-down menu, select
the appropriate file system type for this partition.
Allowable Drives: This field contains a list of the hard disks installed
on your system. If a hard disk's box is highlighted, then a desired partition
can be created on that hard disk.
Size (Megs): Enter the size (in megabytes) of the partition. Note, this
field starts with 100 MB; unless changed, only a 100 MB partition will be
created.
Additional Size Options: Choose whether to keep this partition at a fixed

size, to allow it to "grow" (fill up the available hard drive space) to a
certain point, or to allow it to grow to fill any remaining hard drive space
available.
If you choose Fill all space up to (MB), you must give size constraints in
the field to the right of this option. This allows you to keep a certain amount
of space free on your hard drive for future use.
Force to be a primary partition: Select whether the partition you are

creating should be one of the first four partitions on the hard drive. If
unselected, the partition created will be a logical partition
Check for bad blocks: Checking for bad blocks can help prevent data loss
by locating the bad blocks on a drive and making a list of them to prevent using
them in the future.
Selecting Check for bad blocks may dramatically increase your total
installation time
Ok: Select Ok once you are satisfied with the settings and wish to create
the partition.
*
Cancel: Select Cancel if you do not want to create the partition.
6.2.4. Boot Loader Configuration
A boot loader is the first software program that runs when a computer
starts.
It is responsible for loading and transferring control to the operating

system kernel software. The kernel, in turn, initializes the rest of the
operating system.
The installation program provides two boot loaders for you to choose from, GRUB
and LILO.
GRUB (Grand Unified Bootloader), which is installed by default, is a very

powerful boot loader. GRUB can load a variety of free operating systems, as well
as proprietary operating systems with chain-loading (the mechanism for loading
unsupported operating systems, such as DOS or Windows, by loading another boot
loader).
LILO (Linux Loader) is a versatile boot loader for Linux. It does not
depend on a specific file system, can boot Linux kernel images from floppy
diskettes and hard disks, and can even boot other operating systems.
If you do not want to install GRUB as your boot loader, click Change boot
loader. You can then choose to install LILO or choose not to install a boot
loader at all.
If you already have a boot loader that can boot Linux and do not want to
overwrite your current boot loader, or if you plan to boot the system using boot
diskettes, choose â€œDo not install a boot loaderâ€ by clicking on the Change
boot loader button.
*
Boot loader Label : Every bootable partition is listed, including

partitions used by other operating systems. The partition holding the system's
root file system will have a Label of Red Hat Linux (for GRUB) or linux (for
LILO). If you would like to add or change the boot label for other partitions
that have been detected by the installation program, click once on the partition
to select it. Once selected, you can change the boot label by clicking the Edit
button.
Default Boot Partition : Select Default beside the preferred boot

partition to choose your default bootable OS. You will not be able to move
forward in the installation unless you choose a default boot image.
Boot Loader Password : If you choose to use a boot loader password to

enhance your system security, be sure to select the checkbox labeled Use a boot
loader password. Once selected, enter a password and confirm it.
6.2.4.1). Advanced Boot Loader Configuration
Now that you have chosen which boot loader to install, you can also determine
where you want the boot loader to be installed. You may install the boot loader
in one of two places:
The master boot record (MBR)
This is the recommended place to install a boot loader. The MBR is a

special area on your hard drive that is automatically loaded by your computer's
BIOS, and is the earliest point at which the boot loader can take control of the
boot process.
If you install it in the MBR, when your machine boots, GRUB (or
LILO) will present a boot prompt. You can then boot Red Hat Linux or any other
operating system that you have configured the boot loader to boot.
The first sector of your boot partition

*
This is recommended if you are already using another boot loader on your
system. In this case, your other boot loader will take control first.
You can then configure that boot loader to start GRUB (or LILO), which
will then boot Red Hat Linux.
If your system will use only Red Hat Linux, you should choose the MBR. For
systems with Windows 95/98, you should also install the boot loader to the MBR
so that it can boot both operating systems.
The Force LBA32 (not normally required) option allows you to exceed the
1024 cylinder limit for the /boot partition. If you have a system which supports
the LBA32 extension for booting operating systems above the 1024 cylinder limit,
and you want to place your /boot partition above cylinder 1024, you should
select this option.
If you wish to add default options to the boot command, enter them into
the Kernel parameters field. Any options you enter will be passed to the Linux
kernel every time it boots.
6.2.5. Network Configuration
The installation program will automatically detect any network devices you have
and display them in the Network Devices list.
Once you have selected a network device, click Edit. From the Edit
Interface pop-up screen, you can choose to configure the IP address and Netmask
of the device and you can choose to activate the device at boot time. If you
select Activate on boot, your network interface will be started when you boot.
If you have a hostname (fully qualified domain name) for the network
device, you can choose to have DHCP (Dynamic Host Configuration Protocol)
automatically detect it or you can manually enter the hostname in the field
provided.
Finally, if you entered the IP and Netmask information manually, you may
also enter the Gateway address and the Primary, Secondary, and Tertiary DNS
addresses.
6.2.6. Firewall Configuration
Red Hat Linux offers firewall protection for enhanced system security. A
firewall exists between your computer and the network, and determines which
resources on your computer remote users on the network can access. A properly
configured firewall can greatly increase the security of your system.
You can choose the appropriate security level for your system as high .
medium or no firewall.
Trusted Devices : Selecting any of the Trusted Devices allows access to

your system for all traffic from that device; it is excluded from the firewall
rules.
Allow Incoming : Enabling these options allow the specified services to

pass through the firewall. Note, during a workstation installation, the majority
of these services are not installed on the system.
Other ports : You can allow access to ports which are not listed here, by
listing them in the Other ports field. Use the following format: port:protocol.
For example, if you want to allow IMAP access through your firewall, you can
specify imap:tcp.
6.2.7. Language Support Selection
You must select a language to use as the default language. The default language
will be used on the system once the installation is complete.
6.2.8. Time Zone Configuration

You can set your time zone by selecting your computer's physical location.
6.2.9. Set Root Password
Setting up a root account and password is one of the most important steps during
your installation. The installation program will prompt you to set a root
password for your system. You must enter a root password. The installation
program will not let you proceed to the next section without entering a root
password.
6.2.10. Authentication Configuration
You may skip this section if you will not be setting up network passwords.
Enable MD5 passwords â€” allows a long password to be used (up to 256
characters), instead of the standard eight characters or less.
Enable shadow passwords â€” provides a secure method for retaining

passwords. The passwords are stored in /etc/shadow, which can only be read by
root.
*
Enable NIS â€” allows you to run a group of computers in the same Network
Information Service domain with a common password and group file. You can choose
from the following options:
NIS Domain â€” allows you to specify the domain or group of computers your
system belongs to.
Use broadcast to find NIS server â€” allows you to broadcast a message to
your local area network to find an available NIS server.
NIS Server â€” causes your computer to use a specific NIS server, rather
than broadcasting a message to the local area network asking for any available
server to host your system.
*
Note : If you have selected a medium or high firewall to be setup during
this installation, network authentication methods (NIS and LDAP) will not work.
Enable LDAP â€” tells your computer to use LDAP for some or all
authentication. LDAP consolidates certain types of information within your
organization.
Enable Kerberos â€” Kerberos is a secure system for providing network

authentication services
Enable SMB Authentication â€” Sets up PAM to use an SMB server to

authenticate users. You must supply two pieces of information here:
o
SMB Server â€” Indicates which SMB server your workstation will
connect to for authentication.
o
SMB Workgroup â€” Indicates which workgroup the configured SMB

servers are in.
6.2.11. Package Group Selection
Unless you choose a custom installation, the installation program will

automatically choose most packages for you.
To select packages individually, check â€œCustomize the set of packages to

be installedâ€ checkbox.
You can select package groups like Desktop ( X, GNOME, KDE), Editors (
emacs, joe), Open Office, applications like Apache, mysql, ftp etc.
You can choose to view the individual packages in Tree View or Flat View.
Tree View allows you to see the packages grouped by application type. Flat View
allows you to see all of the packages in an alphabetical listing on the right of
the screen.
*
Unresolved Dependencies : If any package requires another package which

you have not selected to install, the program presents a list of these
unresolved dependencies and gives you the opportunity to resolve them. Under the
list of missing packages, you can enable the option to Install packages to
satisfy dependencies
You should now see a screen preparing you for the installation of Red Hat
Linux and the installation will continue to install the packages selected.
6.2.12. Boot Diskette Creation
To create a boot diskette, insert a blank, formatted diskette into your diskette
drive and click Next. f you do not want to create a boot diskette, make sure to
select the appropriate option before you click Next.
6.2.13. Hardware Configuration
The installation program will now present a list of video cards for you to
choose from. If you decided to install the X Window System packages, you now
have the opportunity to configure an X server for your system.
You can also select Skip X Configuration if you would rather configure X
after the installation or not at all.
X Configuration â€” Monitor and Customization
The installation program will present you with a list of monitors to

select from. From this list, you can either use the monitor that is
automatically detected for you, or choose another monitor.
Choose the correct color depth and resolution for your X configuration.
Also choose the login type as graphical or text. Personal desktop and
workstation installations will automatically boot into a graphical environment.
6.2.14. Installation Complete

Congratulations! Your Red Hat Linux 9 installation is now complete! The
installation program will prompt you to prepare your system for reboot. Remember
to remove any installation media (diskette in the diskette drive or CD in the
CD-ROM drive) if they are not ejected automatically upon reboot.
The first time you start your Red Hat Linux machine, you will be presented with
the Setup Agent, which guides you through the Red Hat Linux configuration. Using
this tool, you can set your system time and date, install software, register
your machine with Red Hat Network, and more. The Setup Agent lets you configure
your environment at the beginning, so that you can get started using your Red
Hat Linux system quickly.
6.3. System Administration Commands

6.3.1. Process Management
Linux is a multiprocessing operating system. Each process is a separate

task with its own rights and responsibilities. If one process crashes it will
not cause another process in the system to crash.
Each individual process runs in its own virtual address space and is not
capable of interacting with another process except through secure, kernel-
managed mechanisms.
During the lifetime of a process it will use many system resources. It

will use the CPUs in the system to run its instructions and the system's
physical memory to hold it and its data.
Linux must keep track of the process itself and of the system resources
that it has so that it can manage it and the other processes in the system
fairly.
The most precious resource in the system is the CPU, usually there is only
one. Linux is a multiprocessing operating system, its objective is to have a
process running on each CPU in the system at all times, to maximize CPU
utilization.
*
Multiprocessing is a simple idea; a process is executed until it must
wait, usually for some system resource; when it has this resource, it may run
again. In a uniprocessing system, for example DOS, the CPU would simply sit idle
and the waiting time would be wasted. In a multiprocessing system many processes
are kept in memory at the same time.
Whenever a process has to wait the operating system takes the CPU away
from that process and gives it to another, more deserving process. It is the
scheduler which chooses which is the most appropriate process to run next and
Linux uses a number of scheduling strategies to ensure fairness.
As well as the normal type of process, Linux supports real time processes.
These processes have to react very quickly to external events (hence the term
"real time") and they are treated differently from normal user processes by the
scheduler.
6.3.1.1). Process task_struct data structure
Each process is represented by a task_struct data structure (task and

process are terms that Linux uses interchangeably). The task vector is an array
of pointers to every task_struct data structure in the system.
This means that the maximum number of processes in the system is limited
by the size of the task vector; by default it has 512 entries.
As processes are created, a new task_struct is allocated from system

memory and added into the task vector. To make it easy to find, the current,
running, process is pointed to by the current pointer.
Although the task_struct data structure is quite large and complex, but
its fields can be divided into a number of functional areas:
1. Process States
As a process executes, it changes state according to its circumstances. Linux
processes have the following states:
1.
Runnable( process state code : R) : The process is either running

(it is the current process in the system) or it is ready to run (it is waiting
to be assigned to one of the system's CPUs).
2.
Waiting/Sleeping (process state code : D/S) : The process is waiting

for an event or for a resource. Linux differentiates between two types of
waiting process; interruptible and uninterruptible.
Interruptible waiting processes can be interrupted by signals(S).

*
Uninterruptible waiting processes are waiting directly on hardware

conditions and cannot be interrupted under any circumstances(D).
3.
Stopped (T): The process has been stopped, usually by receiving a

signal. A process that is being debugged can be in a stopped state.
4.
Zombie/Defunct(Z) : This is a halted process which, for some reason,

still has a task_struct data structure in the task vector. It is what it sounds
like, a dead process.
2. Scheduling Information
The scheduler needs this information in order to fairly decide which process in
the system most deserves to run.
Processes are always making system calls and so may often need to wait.
Even so, if a process executes until it waits then it still might use a
disproportionate amount of CPU time and so Linux uses pre-emptive scheduling.
In this scheme, each process is allowed to run for a small amount of time,
200ms, and, when this time has expired another process is selected to run and
the original process is made to wait for a little while until it can run again.
This small amount of time is known as a time-slice.
It is the scheduler which must select the most deserving process to run
out of all of the runnable processes in the system.
Linux uses a reasonably simple priority based scheduling algorithm to

choose between the current processes in the system.
When it has chosen a new process to run it saves the state of the current
process, the processor specific registers and other context being saved in the
processes task_struct data structure.
For the scheduler to fairly allocate CPU time between the runnable
processes in the system it keeps information in the task_struct for each
process.
priority : This is the priority that the scheduler will give to this
process. It is also the amount of time (in jiffies ) that this process will run
for when it is allowed to run. You can alter the priority of a process using
system calls and the renice command.
In an SMP (Symmetric Multi-Processing) linux system,the kernel is capable

of evenly balancing work between the many CPUs in the system. Nowhere is this
balancing of work more apparent than in the scheduler.
In an SMP system each processes task_struct contains the number of the

processor that it is currently running on (processor ) and its processor number
of the last processor that it ran on (last_processor ). There is no reason why a
process should not run on a different CPU each time it is selected to run but
Linux can restrict a process to one or more processors in the system using the
processor_mask.
3. Identifiers
*
Every process in the system has a process identifier.
Each process also has User and group identifiers, these are used to
control this processes access to the files and devices in the system.
4. Inter-Process Communication
Linux supports IPC mechanisms of signals, pipes and semaphores and also
the System V IPC mechanisms of shared memory, semaphores and message queues.
Signals are one of the oldest inter-process communication methods and are
used to signal asynchronous events to one or more processes. A signal could be
generated by a keyboard interrupt or an error condition such as the process
attempting to access a non-existent location in its virtual memory. Signals are
also used by the shells to signal job control commands to their child processes.
Refer url below for more details on InterProcess Communication methods.

http://www.science.unitn.it/~fiorella/guidelinux/tlk/node52.html
5. Links
In a Linux system no process is independent of any other process. Every

process in the system, except the initial process has a parent process.
You can see the family relationship between the running processes in a
Linux system using the pstree command:
init(1)-+-crond(98)
|-emacs(387)
|-gpm(146)
|-inetd(110)
|-kerneld(18)
|-kflushd(2)
|-klogd(87)
|-kswapd(3)
|-login(160)---bash(192)---emacs(225)
|-lpd(121)
|-mingetty(161)
|-mingetty(162)
|-mingetty(163)
|-mingetty(164)
|-login(403)---bash(404)---pstree(594)
|-sendmail(134)
|-syslogd(78)
`-update(166)
6. Times and Timers
The kernel keeps track of a processes creation time as well as the CPU
time that it consumes during its lifetime.
Each clock tick, the kernel updates the amount of time in jiffies that the
current process has spent in system and in user mode.
Linux also supports process specific interval timers, processes can use
system calls to set up timers to send signals to themselves when the timers
expire. These timers can be single-shot or periodic timers.
7. File system
*
Processes can open and close files as they wish and the processes
task_struct contains pointers to descriptors for each open file as well as
pointers to two VFS inodes.
Each VFS inode uniquely describes a file or directory within a file system
and also provides a uniform interface to the underlying file systems .
The first is to the root of the process (its home directory) and the
second is to its current or pwd directory. These two VFS inodes have their count
fields incremented to show that one or more processes are referencing them.
This is why you cannot delete the directory that a process has as its pwd
directory set to, or for that matter one of its sub-directories.
8. Virtual memory
Most processes have some virtual memory (kernel threads and daemons do
not) and the Linux kernel must track how that virtual memory is mapped onto the
system's physical memory.
9. Processor Specific Context and Context Switching
A process could be thought of as the sum total of the system's current

state.
Whenever a process is running it is using the processor's registers,

stacks and so on. This is the processes context and, when a process is
suspended, all of that CPU specific context must be saved in the task_struct for
the process. When a process is restarted by the scheduler its context is
restored from here.
*
Context switching is the series of procedures to switch the control of CPU
from current process to a certain process. While the context switching, the
operating system saves the context of current process and restores the context
of the next process which is decided by the scheduler as per the info stored in
the tast_struct for that process.
Process monitoring is an important function of a Linux system administrator. To

that end, ps and top are two of the most useful commands.
6.3.1.2). ps
The ps command provides a snapshot of the currently running processes. The

simplest form of ps is :
$ ps
PID TTY TIME CMD
3884 pts/1 00:00:00 bash
3955 pts/2 00:00:00 more
3956 pts/5 00:00:05 sqlplus
The PID is the identification number for the process.

*
TTY is the terminal console to which the process belongs.

*
The TIME column is the total CPU time used by the process.
*
The CMD column lists the command line being executed.
$ ps -ef | grep oracle
UID PID PPID C STIME TTY TIME CMD
oracle 1633 1 0 13:58 ? 00:00:00 ora_pmon_ora1
oracle 1635 1 0 13:58 ? 00:00:00 ora_dbw0_ora1
oracle 1637 1 0 13:58 ? 00:00:01 ora_lgwr_ora1
oracle 1639 1 0 13:58 ? 00:00:02 ora_ckpt_ora1
oracle 1641 1 0 13:58 ? 00:00:02 ora_smon_ora1

*
Although uid usually refers to a numeric identification, the username is

specified under the first column, labeled UID.
*
PPID is the identification number for the parent process. For the Oracle
processes, this is 1- which is the id of the init process, the parent process of
all processes, because Oracle is set up on this system to be started as a part
of the login process.
*
The column labeled C is a factor used by the CPU to compute execution

priority.
*
STIME refers to the start time of the process.

*
The question marks indicate that these processes don't belong to any TTY
because they were started by the system.
Here is another example of the ps command with some different options. Notice
that many of the columns are the same as they were when ps was executed with -
ef:
$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
carma 4024 0.0 0.2 2240 1116 pts/1 S 20:59 0:00 su carma
carma 4025 0.0 0.3 2856 1668 pts/1 S 20:59 0:00 bash
carma 4051 0.0 0.2 2488 1504 pts/1 R 21:01 0:00 ps aux
carma 4052 0.0 0.1 1636 600 pts/1 S 21:01 0:00 grep carma
The above ps option gives the username under which the process is running.
It also gives the current status (STAT) of the process.
*
Regular users can see all system processes, but they can only kill
processes that they own.
To see if a particular process is running or not, you can use
$ ps â€“aux |grep mysql

6.3.1.3). top
Ps only gives you a snapshot of the current processes. For an ongoing look at
the most active processes, use top.
Top provides process information in real time. It also has an interactive

state that allows users to enter commands, such as n followed by a number such
as 5 or 10. The result will be to instruct top to display the 5 or 10 most
active processes. Top runs until you press "q" to quit top.
*
It can sort the tasks by CPU usage, memory usage and runtime.
$ top â€“c ------- will display the processes sorted by the order of their cpu
usage.
Here is a partial display of top:
$ top â€“c
15:10:31 up 2 days, 2:34, 5 users, load average: 0.00, 0.03, 0.15
Tasks: 78 total, 2 running, 76 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.7% us, 0.3% sy, 0.0% ni, 99.0% id, 0.0% wa, 0.0% hi, 0.0% si
Mem: 248980k total, 244496k used, 4484k free, 2196k buffers
Swap: 522072k total, 216056k used, 306016k free, 61872k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2014 root 15 0 226m 26m 143m S 0.3 11.0 176:49.13 X
5030 root 15 0 190m 78m 35m S 0.3 32.5 25:19.13 mozilla-bin
9499 carma 16 0 2612 904 1620 R 0.3 0.4 0:00.02 top
1 root 16 0 2096 336 1316 S 0.0 0.1 0:04.86 init
2 root 34 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
3 root 5 -10 0 0 0 S 0.0 0.0 0:00.23 events/0

4 root 5 -10 0 0 0 S 0.0 0.0 0:00.00 kblockd/0
6 root 5 -10 0 0 0 S 0.0 0.0 0:00.01 khelper
5 root 15 0 0 0 0 S 0.0 0.0 0:00.00 khubd
7 root 15 0 0 0 0 S 0.0 0.0 0:00.08 pdflush
8 root 15 0 0 0 0 S 0.0 0.0 0:00.16 pdflush
10 root 14 -10 0 0 0 S 0.0 0.0 0:00.00 aio/0
9 root 15 0 0 0 0 S 0.0 0.0 0:01.77 kswapd
The display is updated every 5 seconds by default, but you can change that
with the d command-line option.
Field Descriptions
"uptime" : The first line displays the time the system has been up, and
the three load averages for the system.
*
The load averages are the average number of process ready to run during
the last 1, 5 and 15 minutes. This line is just like the output of uptime
command.
*
Tasks are the total number of processes running at the time of the last
update. This is also broken down into the number of tasks which are running,
sleeping, stopped, or undead. The processes and states display may be toggled by
the â€˜tâ€™ interactive command.
*
Cpu(s) : "CPU states" shows the percentage of CPU time in user mode,
system mode, niced tasks, iowait and idle. (Niced tasks are only those whose
nice value is positive.) Time spent in niced tasks will also be counted in
system and user time, so the total will be more than 100.
*
Mem: Statistics on memory usage, including total available memory, free

memory, used memory, shared memory, and memory used for buffers. The display of
memory information may be toggled by the m interactive command.
*
Swap : Statistics on swap space, including total swap space, available

swap space, and used swap space. This and Mem are just like the output of free
command.
*
PID : The process ID of each task.

*
PPID: The parent process ID each task.
*
UID : The user ID of the task's owner.

*
USER : The user name of the task's owner.

*
PRI: The priority of the task.

*
NI : The nice value of the task which decides the prioirity of the task
with the scheduler. Negative nice values are higher priority.
*
%CPU : The task's share of the CPU time since the last screen update,
expressed as a percentage of total CPU time per processor.
*
%MEM : The task's share of the physical memory.

*
COMMAND : The task's command name, which will be truncated if it is too

long to be displayed on one line. Tasks in memory will have a full command line,
but swapped-out tasks will only have the name of the program in parentheses (for
example, "(getty)â€ )
6.3.1.4). pstree
pstree displays a tree of processes. The tree is rooted at either pid or init if
pid is omitted. If a user name is specified, all process trees rooted at
processes owned by that user are shown.
pstree visually merges identical branches by putting them in square

brackets and prefixing them with the repetition count, e.g.
init-+-getty
|-getty
|-getty
`-getty
becomes init---4*[getty]
$ pstree
*
Some of the options you can use with it are â€“n ( Sort processes by PID),
-p (show PIDs) etc.
6.3.1.5). kill
The command kill sends the specified signal to the specified process or process
group.
If no signal is specified, the TERM signal is sent. The TERM signal will
kill processes which do not catch this signal.
*
For other processes, it may be necessary to use the KILL (9) signal, since
this signal cannot be caught.
$ kill [ -s signal] PID
$ kill -9 PID
-s signal : Specify the signal to send. The signal may be given as a

signal name or number.
*
You can get a list of all the system's signals using the kill -l command
$ kill -l
1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL
5) SIGTRAP 6) SIGABRT 7) SIGBUS 8) SIGFPE
9) SIGKILL 10) SIGUSR1 11) SIGSEGV 12) SIGUSR2
13) SIGPIPE 14) SIGALRM 15) SIGTERM 17) SIGCHLD
18) SIGCONT 19) SIGSTOP 20) SIGTSTP 21) SIGTTIN
22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ
26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO
30) SIGPWR 31) SIGSYS 33) SIGRTMIN 34) SIGRTMIN+1
35) SIGRTMIN+2 36) SIGRTMIN+3 37) SIGRTMIN+4 38) SIGRTMIN+5
47) SIGRTMIN+14 48) SIGRTMIN+15 49) SIGRTMAX-15 50) SIGRTMAX-14
51) SIGRTMAX-13 52) SIGRTMAX-12 53) SIGRTMAX-11 54) SIGRTMAX-10

63) SIGRTMAX-1
Pid can be process id or process name. But use the process id itself with
the -9 option.
*
$ kill 0 : will stop all process except your shell
6.3.1.6). killall
kill processes by name . killall sends a signal to all processes running any of
the specified commands. If no signal name is specified, SIGTERM is sent.
A killall process never kills itself (but may kill other killall
processes).
*
$ killall â€“l :will also list all known signal names.

*
Eg â€˜$killall mysqlâ€™ will kill all mysql processes.
6.3.1.7). fuser
fuser displays the PIDs of processes using the specified files or file systems.
In the default display mode, each file name is followed by a letter denoting the
type of access.
$ fuser -a /var/log/messages
Will output the PID that is accessing the file at present. By default, only
files that are accessed by at least one process are shown.
The â€˜kâ€™ option can be used to kill processes accessing a file system.
$ fuser -km /home
In the default display mode, each file name is followed by a letter

denoting the type of access:
$ fuser â€“m /var/log/messages
c : current directory.
e : executable being run.
f : open file. f is omitted in default display mode.
r : root directory.
m: map'ed file or shared library

6.3.1.8). pidof
This command find the process ID of a running program.
$ pidof httpd
Will list all the process ids under which Apache runs.
6.3.1.9). skill
Skill is similar to kill. The default signal for skill is TERM. Use -l or -L to
list available signals. Particularly useful signals include HUP, INT, KILL,
STOP, CONT, and 0. Alternate signals may be specified in three ways:
-9 -SIGKILL -KILL.
$ kill [signal to send] [options] process selection criteria

*
PROCESS SELECTION OPTIONS : Selection criteria can be: terminal, user,

pid, command. The options below may be used to ensure correct interpretation.
-t The next argument is a terminal (tty or pty).
-u The next argument is a username.
-p The next argument is a process ID number.
-c The next argument is a command name.
$ skill -KILL pts/* ========= Kill users on PTY devices
$ skill -STOP user1 user2 ======== Stop 2 users
6.3.1.10). Background Process - &
& at the end of the command makes it run in the background.

$ opera &
6.3.1.11). nice
Nice command invokes a command with an altered scheduling priority.

*
The general syntax is
$ nice [-increment | -n increment ] command [argument ... ]
Increment Range goes from -20 (highest priority) to 19 (lowest).

*
Command is the name of a command that is to be invoked. If no command or

arguments are given, `nice' prints the current scheduling priority, which is
inherited.
*
Argument is any string to be supplied as an argument when invoking a

command.
The commandline below runs the pico command on myfile.txt with an increment of
+13. ie the priority or niceness value of the pico command is reduced by 13.
$ nice +13 pico myfile.txt

6.3.1.12). snice
The snice command is similar to the nice command but the default priority
for snice is +4. (snice +4 ...)
*
Priority numbers range from +20 (slowest) to -20 (fastest). Negative

priority numbers are restricted to administrative users.
$ snice netscape crack +7 ----- Slow down netscape and crack
$ snice -17 root bash ----- Give priority to root's shell

6.3.1.13). /proc/$PID directory
/proc is a pseudo-filesystem which is used as an interface to kernel data

structures.
*
There is a numerical subdirectory for each running process under /proc;

the subdirectory is named by the process ID. For example, if the subdirectory is
14534, the directory is /proc/14534.
*
Some of the pseudo-files and directories containted inside the /proc/$PID
directory is detailed below:
o
cmdline : This holds the complete command line for the

process,unless the whole process has been swapped out, or unless the process is
a zombie. In either of these later cases there is nothing in this file: i.e. a
read on this file will return 0 characters.
o
cwd : This is a link to the current working directory of the

process. To find out the cwd of process 20, instance, you can do this,
$ cd /proc/20/cwd; /bin/pwd
environ : This file contains the environment for the process. The
entries are separated by null characters, and there may be a null character at
the end. Thus, to print out the environment of process 1, you could do:
$ cat /proc/1/environ
exe : exe is a symbolic link containing the actual path name of the
executed command.
o
fd : This is a subdirectory containing one entry for each file which

the process has open, named by its file descriptor, and which is a symbolic link
to the actual. Thus, 0 is standard input, 1 standard output, 2 standard error,
etc.
o
stat : Status information about the process. This is used by ps and

top.
6.3.2. System Startup and Shutdown

6.3.2.1). The Boot Process
1. The Bootstrap Process â€“ First Stage (BIOS)
The PC boot process is started on powerup. The processor will start

execution of code contained in the Basic Input and Output System (BIOS). The
BIOS is a program stored in Read Only Memory (ROM) and is the lowest level
interfae between the computer and peripherals.
*
BIOS then does the Power On Self Test, or POST routine runs to find
certain hardware and to test that the hardware is working at a basic level. It
compares the hardware settings in the CMOS (Complementary Metal Oxide
Semiconductor) to what is physically on the system. It then initialize the
hardware devices.
*
Once the POST is completed, the hardware jumps to a specific, predefined

location in RAM. The instructions located here are relatively simple and
basically tell the hardware to go look for a boot device. Depending on how your
CMOS is configured, the hardware first checks your floppy and then your hard
disk.
*
When a boot device is found (let's assume that it's a hard disk), the
hardware is told to go to the 0th (first) sector (cylinder 0, head 0, sector 0),
then load and execute the instructions there. This is the master boot record, or
MBR .
*
The BIOS will first load the MBR into memory which is only 512 bytes in
size and points to the boot loader (LILO: Linux boot loader) or GRUB.
*
Once the BIOS finds and loads the boot loader program into memory, it
yields control of the boot process to it.
1.
The Boot Loader â€“ Stage 2
LILO or GRUB allows the root user to set up the boot process as menu-
driven or command-line, and permits the user to choose from amongst several boot
options.
*
It also allows for a default boot option after a configurable timeout, and
current versions are designed to allow booting from broken Level 1 (mirrored)
RAID arrays.
It has the ability to create a highly configurable, "GUI-fied" boot menu,

or a simple, text-only, command-line prompt.
Depending on the kernel boot option chosen or set as default, lilo or grub
will load that kernel .
2.
Kernel Loading â€“ Stage 3
When the kernel is loaded, it immediately initializes and configures the

computer's memory and configures the various hardware attached to the system,
including all processors, I/O subsystems, and storage devices.
It then looks for the compressed initrd image in a predetermined location

in memory, decompresses it, mounts it, and loads all necessary drivers.
Next, it initializes virtual devices related to the file system, such as

LVM or software RAID before unmounting the initrd disk image and freeing up all
the memory the disk image once occupied.
The kernel then creates a root device, mounts the root partition read-
only, and frees any unused memory.
At this point, the kernel is loaded into memory and operational.
4. Final Stage - Init
The first thing the kernel does after completing the boot process is to
execute init program.
*
The /sbin/init program (also called init) coordinates the rest of the boot
process and configures the environment for the user.
*
Init is the root/parent of all processes executing on Linux which becomes
process number 1.
*
When the init command starts, it becomes the parent or grandparent of all
of the processes that start up automatically on a Red Hat Linux system.
*
Based on the appropriate run-level in the /etc/inittab file , scripts are

executed to start various processes to run the system and make it functional.
6.3.2.2). The Init Program
As seen in the previous section, the kernel will start a program called
init or /sbin/init
*
The init process is the last step in the boot procedure and identified by
process id "1".
*
The init command then runs the /etc/inittab script.

*
The first thing init runs out of the inittab is the script
/etc/rc.d/rc.sysinit , which sets the environment path, starts swap, checks the
file systems, and takes care of everything the system needs to have done at
system initialization.
*
Next, init looks through /etc/inittab for the line with initdefault in the
third field. The initdefault entry tells the system what run-level to enter
initially.
id:5:initdefault: ( 5 is the default runlevel)
Depending on the run level, the init program starts all of the background
processes by using scripts from the appropriate rc directory for the runlevel.
o
The rc directories are numbered to correspond to the runlevel they

represent.
o
For instance, /etc/rc.d/rc5.d/ is the directory for runlevel 5.

o
The scripts are found in the directory /etc/rc.d/rc#.d/ where the
symbol # represents the run level.
# ls /etc/rc.d/rc5.d/
./ K70aep1000 S12syslog S80antirelayd S95cpanel
../ K70bcm5820 S17keytable S80chkservd S97rhnsd
K05saslauthd K74nscd S20random S80exim S98portsentry
K20nfs S05kudzu S25netfs S85httpd S99local@
K24irda S08iptables S28autofs S85postgresql S99nagios
K25squid S09isdn S40proftpd S90crond
K35winbind S10network S55sshd S90mysql
K45named S11filelimits S56rawdevices S95anacron
K50tux S11ipaliases S56xinetd S95bandmin
Scripts beginning with S denote startup scripts while scripts beginning

with K denote shutdown (kill) scripts.
*
Numbers follow these letters to denote the order of execution. (lowest to

highest)
*
Adding a script to the /etc/rc.d/rc#.d/ directory with either an S or K

prefix, adds the script to the boot or shutdown process
Hence these scripts are executed to start all the system services
which starts at S for run level 5 in the example above.
*
One of the last things the init program executes is the /etc/rc.d/rc.local
file. This file is useful for system customization.
*
Ading commands to this script is an easy way to perform necessary tasks

like starting special services or initialize devices without writing complex
initialization scripts in the /etc/rc.d/init.d/ directory and creating symbolic
links.
*
Init typically will start multiple instances of "getty" which waits for
console logins which spawn one's user shell process.
*
Upon system shutdown init controls the sequence and processes for
shutdown. The init process is never shut down. It is a user process and not a
kernel system process although it does run as root.
The order in which the init program executes the initialization scripts is
below:
1.
/etc/inittab
2.
/etc/rc.d/rc.sysinit
3.
Scripts under /etc/rc.d/rc3.d/ - Note: we are running runlevel

3 here.
4.
/etc/rc.d/rc.local
6.3.2.3). Runlevels
Linux utilizes what is called "runlevels". A runlevel is a software

configuration of the system that allows only a selected group of processes to
exist.
Init can run the system in one of eight runlevels. These runlevels are 0-6
and S or s. The system runs in only one of these runlevels at a time. Typically
these runlevels are used for different purposes.
*
Runlevels 0, 1, and 6 are reserved. For Redhat Linux version 6 and above ,
the runlevels are:
Runlevels
State
Shutdown
1
Single User Mode
Multi user with no network services activated
Default text start. Full multi user .No GUI
Reserved for local use. With X-windows and multi user
XDM X-windows with network support. Full multi-user
Reboot
S or s
Single User/Maintenance mode
The inittab file
The "/etc/inittab" file tells init which runlevel to start the system at and
describes the processes to be run at each runlevel.
An entry in the inittab file has the following format:
id:runlevels:action:process
id - A unique sequence of 1-4 characters which identifies an entry in

inittab.
*
runlevels - Lists the runlevels for which the specified action should be
taken. This field may contain multiple characters for different runlevels
allowing a particular process to run at multiple runlevels. For example, 123
specifies that the process should be started in runlevels 1, 2, and 3.
*
process - Specifies the process to be executed

*
action - Describes which action should be taken. Some of the actions are
listed below :
o
respawn - The process will be restarted whenever it terminates.

o
wait - The process will be started once when the specified runlevel
is entered and init will wait for its termination.
o
boot - The process will be executed during system boot. The

runlevels field is ignored.
o
off - This does nothing.

o
initdefault - Specifies the runlevel which should be entered after

system boot. If none exists, init will ask for a runlevel on the console. The
process field is ignored.
o
sysinit - The process will be executed during system boot. It will

be executed before any boot or bootwait entries. The runlevels field is ignored.
o
powerwait - The process will be executed when init receives the

SIGPWR signal. Init will wait for the process to finish before continuing.
o
powerfail - Same as powerwait but init does not wait for the process
to complete.
o
ctrlaltdel - This process is executed when init receives the SIGINT

signal. This means someone on the system console has pressed the "CTRL-ALT-DEL"
key combination.
6.3.2.4). System Processes
The top 6 system processes with PIDs 1-6 are given below.
System Processes:
Process ID
Description
Init Process
kflushd(bdflush) : Started by update - does a more imperfect sync more

frequently
kupdate : Does a sync every 30 seconds
kpiod
kswapd
mdrecoveryd
Processes 2, 3, 4, 5 and 6 are kernel daemons. The kernel daemons are

started after init, so they get process numbers like normal processes do. But
their code and data lives in the kernel's part of the memory.
So what are these kernel daemons for?
Kflushd and Kupdate

o
Input and output is done via buffers in memory. This allows things
to run faster and the data in the buffer are written to disk in larger more
efficient chunks.
o
The daemons kflushd and kupdate handle this work.

o
kupdate runs periodically (5 seconds) to check whether there are any

dirty buffers. If there are, it gets kflushd to flush them to disk.
*
Kswap and Kpiod

o
System memory can be better managed by shifting unused parts of

running programs out to the swap partition(s) of the hard disk.
o
Moving this data in and out of memory as needed is done by kpiod and
kswapd.
o
Every second or so, kswapd wakes up to check out the memory

situation, and if something on the disk is needed in memory, or there is not
enough free memory, kpiod is called in.
Mdrecoveryd
mdrecoveryd is part of the Multiple Devices package used for software RAID
and combining multiple disks into one virtual disk Basically it is part of the
kernel.
*
It can be removed from the kernel by deselecting it (CONFIG_BLK_DEV_MD)

and recompiling the kernel.
Some of the other system services are discussed below:
System Service
Description
anacron
Run jobs which were scheduled for execution while computer was turned off.
Catch up with system duties.
arpwatch
Keeps track of IP address to MAC address pairings
autofs
automounts file systems on demand.
crond
Job scheduler for periodic tasks.
gpm
Allows console terminal cut and paste. (Non X-window consoles)
https
Apache web server
iptables
Firewall rules interface to kernel.
keytable
Loads selected keyboard map as set in /etc/sysconfig/keyboard
kudzu
New hardware probe/detection during system boot.
lpd
Network printer services
mysqld
Database services
named
name services (Bind)

network
Active network services during system boot.
nfs
Network file system
syslog
System log file facility
ypbind
NIS file sharing/authentication infrastructure service.
ypserv
NIS file sharing/authentication infrastructure service
xfs
X-Windows font server
6.3.2.5). The Linux Login Process
After the system boots, at serial terminals or virtual terminals, the user will
see a login prompt similar to:
machinename login:
This prompt is being generated by a program, usually getty or mingetty,

which is regenerated by the init process every time a user ends a session on the
console.
*
The getty program will call login, and login, if successful will call the
users shell. The steps of the process are:
o
The init process spawns the getty process.

o
The getty process invokes the login process when the user enters
their name and passes the user name to login.
o
The login process prompts the user for a password, checks it, then
if there is success, the user's shell is started. On failure the program
displays an error message, ends and then init will respawn getty.
o
The user will run their session and eventually logout. On logout,
the shell program exits and we return to step 1.
o
Note: This process is what happens for runlevel 3, but runlevel 5

uses some different programs to perform similar functions. These X programs are
called X clients.
6.3.2.6). Single â€“ User Mode
If your system password is not working, you can use the single user mode
to reset the root password.
*
If your system boots, but does not allow you to log in when it has
completed booting, try single-user mode.
In single-user mode, you computer boots to runlevel 1. Your local filesystems

will be mounted, but your network will not be activated. You will have a usable
system maintenance shell.
Booting to single-user mode in Grub
If you are using GRUB, use the following steps to boot into single-user
mode:
o
If you have a GRUB password configured, type p and enter the

password.
o
Select Red Hat Linux with the version of the kernel that you wish to
boot and type â€˜eâ€™ for edit. You will be presented with a list of items in
the configuration file for the title you just selected.
o
Select the line that starts with kernel and type â€˜eâ€™ to edit the
line.
o
Go to the end of the line and type single as a separate word (press
the [Spacebar] and then type single). Press [Enter] to exit edit mode.
o
Back at the GRUB screen, type â€˜bâ€™ to boot into single user mode.
Booting to single-user mode in Lilo
If you are using LILO, specify one of these options at the LILO boot
prompt (if you are using the graphical LILO, you must press [Ctrl]-[x] to exit
the graphical screen and go to the boot: prompt):
boot: linux single

*
boot: linux emergency
In emergency mode, you are booted into the most minimal environment possible.
The root filesystem will be mounted read-only and almost nothing will be set up.
The main advantage of emergency mode over linux single is that your init files
are not loaded. If init is corrupted or not working, you can still mount
filesystems to recover data that could be lost during a re-installation.
6.3.2.7). Shutting Down
To shut down Red Hat Linux, issue the shutdown command.
The format of the command is
$ shutdown time warning-message
The time argument is the time to shut down the system (in the format hh:mm:ss),
and warning-message is a message displayed on all user's terminals before
shutdown.
Alternately, you can specify the time as â€œnow'', to shut down immediately. The
-r option may be given to shutdown to reboot the system after shutting down.
/sbin/shutdown -h now
/sbin/shutdown -r now
You must run shutdown as root. After shutting everything down, the -h
option will halt the machine, and the -r option will reboot.
*
Although the reboot and halt commands are now able to invoke shutdown if
run while the system is in runlevels 1-5, it is a bad habit to get into, as not
all Linux-like operating systems have this feature.
$ reboot
$ halt
To shut down and reboot the system at 8:00 pm, use the command
$ shutdown â€“r 20:00
6.3.3. Memory Management and Performance Monitoring
6.3.3.1). Virtual Memory / Swap Space
Linux supports virtual memory, that is, using a disk as an extension of

RAM so that the effective size of usable memory grows correspondingly.
*
The kernel will write the contents of a currently unused block of memory
to the hard disk so that the memory can be used for another purpose. When the
original contents are needed again, they are read back into memory.
*
This is all made completely transparent to the user; programs running

under Linux only see the larger amount of memory available and don't notice that
parts of them reside on the disk from time to time. The part of the hard disk
that is used as virtual memory is called the swap space.
*
For this purpose, the swap partition is created on the hard disk.
*
You can see the swap space as well as the current memory available and
usage using the command â€˜freeâ€™
$ free
6.3.3.2). Swapping In and Swapping Out
Memory Page : One basic concept in the Linux implementation of virtual

memory is the concept of a page. A page is a 4Kb area of memory and is the basic
unit of memory with which both the kernel and the CPU deal. Although both can
access individual bytes (or even bits), the amount of memory that is managed is
usually in pages.
When physical memory becomes scarce the Linux memory management subsystem
must attempt to free physical pages. This task falls to the kernel swap daemon
(kswapd).
*
The kernel swap daemon is a special type of process, a kernel thread.

Kernel threads are processes that have no virtual memory, instead they run in
kernel mode in the physical address space.
*
Swapping in is the process in which a page in the virtual memory is

brought back into the physical memory by the kwapd daemon.
*
Swapping out is the process where a page is swapped out of physical memory
into the system's swap files thereby freeing the physical memory on the system.
6.3.3.3). Commands which show the current memory usage
free
$ free
$ free -m
*
top
$ top
Print the output of /proc/meminfo
$ cat /proc/meminfo ( detailed output)
6.3.3.4). Creating a swap space
Criteria for a Swap file
A swap file is an ordinary file; it is in no way special to the kernel.

*
The only thing that matters to the kernel is that it has no holes, and
that it is prepared for use with mkswap. It must reside on a local disk,
however; it can't reside in a filesystem that has been mounted over NFS due to
implementation reasons.
*
The bit about holes is important. The swap file reserves the disk space so
that the kernel can quickly swap out a page without having to go through all the
things that are necessary when allocating a disk sector to a file. The kernel
merely uses any sectors that have already been allocated to the file. Because a
hole in a file means that there are no disk sectors allocated (for that place in
the file), it is not good for the kernel to try to use them.
*
One good way to create the swap file without holes is through the
following command â€˜ddâ€™:
$ dd if=/dev/zero of=/extra-swap bs=1024 count=1024
bs is for bytes and count is for blocks.

o
dd is for converting and copying a file.

o
of is to write to file instead of writing to standard output

o
if is to read from file instead of from standard input
o
extra-swap is the name of the swap file and the size of is given
after the count=.
Swap Partition
A swap can be created just like any other partition but it has to be of type 82
(Linux swap).
Setting up Swap Space
After you have created a swap file or a swap partition, you need to write
a signature to its beginning; this contains some administrative information and
is used by the kernel. The command to do this is mkswap, used like this:
$ mkswap /extra-swap 1024
Setting up swapspace, size = 1044480 bytes
6.3.3.5). Using a Swap Space
Note that the swap space which is setup is still not in use yet: it exists, but
the kernel does not use it to provide virtual memory.
An initialized swap space is taken into use with â€˜swaponâ€™. This

command tells the kernel that the swap space can be used. The path to the swap
space is given as the argument, so to start swapping on a temporary swap file
one might use the following command.
$ swapon /extra-swap
Swap spaces can be used automatically by listing them in the /etc/fstab

file.
*
The startup scripts will run the command swapon -a, which will start
swapping on all the swap spaces listed in /etc/fstab. Therefore, the swapon
command is usually used only when extra swap is needed.
$ swapon â€“a
You can get the swap info using free, â€˜cat /proc/meminfoâ€™ or top.
*
A swap space can be removed from use with swapoff.

*
All the swap spaces that are used automatically with swapon -a can be
removed from use with swapoff -a; it looks at the file /etc/fstab to find what
to remove.
6.3.3.6). Disk Buffering/ Buffer cache
Why Disk Buffering?
Reading from a disk is very slow compared to accessing (real) memory. In

addition, it is common to read the same part of a disk several times during
relatively short periods of time.
*
For example, one might first read an e-mail message, then read the letter
into an editor when replying to it, then make the mail program read it again
when copying it to a folder. Or, consider how often the command ls might be run
on a system with many users.
*
By reading the information from disk only once and then keeping it in
memory until no longer needed, one can speed up all but the first read. This is
called disk buffering, and the memory used for the purpose is called the buffer
cache.
*
Because of this, you should never turn off the power without using a
proper shutdown procedure.
*
The cache does not actually buffer files, but blocks, which are the
smallest units of disk I/O (under Linux, they are usually 1 kB).
*
The sync command flushes the buffer, i.e., forces all unwritten data to be
written to disk.
$ sync
Linux Daemon bdflush
Linux has an additional daemon, bdflush, which does a more imperfect sync
more frequently to avoid the sudden freeze due to heavy disk I/O that sync
sometimes causes.
*
Under Linux, bdflush is started by /sbin/update. There is usually no

reason to worry about it, but if bdflush happens to die for some reason, the
kernel will warn about this, and you should start it by hand (/sbin/update).
6.3.3.7). Direct Memory Access or DMA
Direct memory access or DMA is the generic term used to refer to a

transfer protocol where a peripheral device transfers information directly to or
from memory, without the system processor being required to perform the
transaction.
*
Enabling DMA has high permformance benefits on the system processor.

*
Today DMA is the only feasible way to transfer data from the hard drive to
memory as most of todays operating systems use multitasking and can better use
the CPU for other tasks.
*
To enable dma, edit /etc/sysconfig/harddisks and uncomment USE_DMA=1.

Setting this option will enable DMA on your hard disk.
*
Another option to enable DMA is using the commandline hdparm
$ hdparm -d1 /dev/hda -------- to enable dma
$ hdparm â€“d0 /dev/hda --------- to disable dma
To check if DMA is enabled, use the commandline below and it will say
whether dma is set to on or off.
$ hdparm /dev/hda
*
hdparm is used to get and set harddrive parameters such as DMA modes, xfer
settings and various other settings that can help improve the speed of your hard
disks and cdroms.
*
hdparm provides a command line interface to various hard disk ioctls

supported by the stock Linux ATA/IDE device driver subsystem. These settings are
not enabled by default so you will probably want to enable them.
*
To get more info about your hda hard drive, use the option
$ hdparm â€“i /dev/hda
A good reference url :
http://www.yolinux.com/TUTORIALS/LinuxTutorialOptimization.html
6.3.3.8). Resource Monitoring Tools
1.
free
The free command displays system memory utilization. Here is an example of its
output:
$ free
total used free shared buffers cached
Mem: 255508 240268 15240 0 7592 86188
-/+ buffers/cache: 146488 109020
Swap: 530136 26268 503868
To get a continuous ouput of the free command , you may use
$ watch -n 1 -d free
The â€“n option will control the delay between updates and â€˜-dâ€™ will
highlight any changes between updates.
2.
top
While free displays only memory-related information, the top command does a
little bit of everything. CPU utilization, process statistics, memory
utilization â€” top does it all.
$ top
$ top â€“c
3.
vmstat
Using this resource monitor, it is possible to get an overview of process,

memory, swap, I/O, system, and CPU activity in one line of numbers:
$ vmstat
procs memory swap io system cpu
r b w swpd free buff cache si so bi bo in cs us sy id
1 0 0 0 524684 155252 338068 0 0 1 6 111 114 10 3 87
The process-related fields are:
r â€” The number of runnable processes waiting for access to the CPU
*
b â€” The number of processes in an uninterruptible sleep state

*
w â€” The number of processes swapped out, but runnable.
The memory-related fields are:
swpd â€” The amount of virtual memory used

*
free â€” The amount of free memory

*
buff â€” The amount of memory used for buffers

*
cache â€” The amount of memory used as page cache.

The swap-related fields are:
si â€” The amount of memory swapped in from disk

*
so â€” The amount of memory swapped out to disk
The I/O-related fields are:
bi â€” Blocks sent to a block device

*
boâ€” Blocks received from a block device
The system-related fields are:
in â€” The number of interrupts per second

*
cs â€” The number of context switches per second
The CPU-related fields are:
us â€” The percentage of the time the CPU ran user-level code
*
sy â€” The percentage of the time the CPU ran system-level code
*
id â€” The percentage of the time the CPU was idle
4. ulimit
Ulimit control the resources available to a process started by the shell,

on systems that allow such control by the kernel.
*
To improve performance, we can safely set the limit of processes for the
super-user root to be unlimited.
*
All processes which will be started from the shell (bash in many cases),
will have the same resource limits.
*
The command "ulimit -a" reports the current limits set for the various
parameters.
$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) 4
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 7168
virtual memory (kbytes, -v) unlimited
The options available with ulimit are given below:
-a All current limits are reported.
-c The maximum size of core files created.
-d The maximum size of a process's data segment.
-f The maximum size of files created by the shell.
-H Change and report the hard limit associated with a resource.
-l The maximum size that may be locked into memory.
-m The maximum resident set size.

-n The maximum number of open file descriptors.
-p The pipe buffer size.
-s The maximum stack size.
-S Change and report the soft limit associated with a resource.
-t The maximum amount of cpu time in seconds.
-u The maximum number of processes available to a single user.
-v The maximum amount of virtual memory available to the
process
To increase the ulimit value for the maximum no of open file descriptors
on the system to 2048 for the root account, use the commandline below from the
root shell.
$ ulimit â€“n 2048
To increase the maximum no of processes available to the root user to

unlimited , use the commandline below
$ ulimit â€“u unlimited

6.3.4. Disk Management Tools
6.3.4.1). Listing a Disk's Free Space
To see how much free space is left on a disk, use df. Without any options,
df outputs a list of all mounted filesystems.
*
Six columns are output, displaying information about each disk: the name
of its device file in `/dev'; the number of 1024-byte blocks the system uses;
the number of blocks in use; the number of blocks available; the percent of the
device used; and the name of the directory tree the device is mounted on.
$ df
Filesystem 1024-blocks Used Available Capacity Mounted on
/dev/hda1 195167 43405 141684 23% /
/dev/hda2 2783807 688916 1950949 26% /usr
/dev/hdb1 2039559 1675652 258472 87% /home/carma

*
The â€˜-hâ€™ option will display in human readable format .eg: size in Kb,
Mb etc.
$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda2 37G 12G 23G 34% /
/dev/hda1 99M 18M 77M 19% /boot
/usr/tmpDSK 243M 4.1M 226M 2% /tmp
6.3.4.2). Listing a File's Disk Usage
Use du to list the amount of space on disk used by files. To specify a

particular file name or directory tree, give it as an argument. With no
arguments, du works on the current directory.
$ du
$ du â€“h /usr
$ du â€“h â€“max-depth=1 : will print the total disk space used by sub-
directories to just one level down the directory structure.
$ du â€“sh : Calculates the total file space usage for a given directory
6.3.4.3). Partitioning a Hard Drive
â€˜fdiskâ€™ is the partition table manipulator for Linux and is a menu driven
program for creation and manipulation of partition tables. It even understands
DOS type partition tables.
Creating Partitions using â€˜fdiskâ€™
You may use fdisk to partition /dev/hdb using the steps given below:
$ fdisk /dev/hdb
Command (m for help): m (Enter the letter "m" to get list of commands)
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
Command (m for help): n (To add a new partition )
Command action
e extended
p primary partition (1-4)
Partition number (1-4): 1
First cylinder (1-2654, default 1): 1
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-2654, default 2654):
Using default value 2654

Command (m for help): p
Disk /dev/hdb: 240 heads, 63 sectors, 2654 cylinders
Units = cylinders of 15120 * 512 bytes
/dev/hdb1 1 2654 20064208+ 5 Extended
Command (m for help): w (Write and save partition table)
Other options with fdisk
List the current partition table
$ fdisk â€“l
Delete a partition.Give fdisk and then choose the â€˜dâ€™ option.
$ fdisk /dev/hda and d and give the partition no: to be deleted.
$ sfdisk and cfdisk commands also do the same task as fdisk.
6.3.5. File System Management

6.3.5.1). Creating a filesystem
The mkfs is used to create a Linux filesystem on a device. The exit code
returned by mkfs is 0 on success and 1 on failure.It can also be used for
checking bad blocks before building the file system.
$ mkfs -t ext3 /dev/<drive>
There are also some related commands that can be used with mkfs.
Examples of mkfs commands are:
FileSystem Command
EXT2 FS mkfs.ext2 , mke2fs
EXT3 FS mkfs.ext3
Minix FS mkfs.minix
DOS (FAT) FS mkfs.msdos , mkdosfs
Virtual FAT FS mkfs.vfat
XFS mkfs.xfs
mkfs.ext2 , mke2fs will make an ext2 type file system.
$ mkfs.ext2 /dev/hda1
$ mkfs -t ext3 /dev/hda1

6.3.5.2). Mounting/Unmounting File Systems, fstab & mtab
Viewing the currently mounted file systems
The command â€˜mountâ€™ displays all mounted devices, their mountpoint,

filesystem, and access.
$ mount
cat /proc/mounts will show all mounted filesystems currently in use.
$ cat /proc/mounts
cat /proc/filesystems will display all filesystems currently in use.
$ cat /proc/filesystems
Mounting File Systems

*
On Linux systems, disks are used by mounting them to a directory, which

makes the contents of the the disk available at that given directory mount
point.
*
Disks can be mounted on any directory on the system, but any divisions
between disks are transparent -- so a system which has, aside from the root
filesystem disk mounted on `/', separate physical partitions for the `/home',
`/usr', and `/usr/local' directory trees will look and feel no different from
the system that only has one physical partition.
*
The mount command is used to mount a file system on a partition. The

syntax for it is given below.
$ mount -t ext3 /dev/hdb1 /home2
You need to make sure that you have first created the mount point. For eg: in
our above example when you are mounting /home2 on /dev/hdb1, you have to first
create the directory /home2.
To mount a cdrom or floppy, you may use the syntax below.
$ mount /mnt/cdrom
$ mount /mnt/floppy
$ mount â€“a : command causes all file systems mentioned in /etc/fstab to be

mounted as indicated, except for those whose line contains the noauto keyword
The fstab and mtab files
fstab is a configuration file that contains information of all the

partitions and storage devices in your computer. The file is located under /etc,
so the full path to this file is /etc/fstab.
*
/etc/fstab contains information of where your partitions and storage

devices should be mounted and how.This file is used by the boot process to mount
the file systems on your linux machine.
*
So, you can usually fix your mounting problems by editing your fstab file.
/etc/fstab is just a plain text file, so you can open and edit it with any text
editor you're familiar with.
Overview of the file
A sample /etc/fstab file is given below:
/dev/hda2 / ext2 defaults 1 1
/dev/hdb1 /home ext2 defaults 1 2
/dev/fd0 /media/floppy auto rw,noauto,user,sync 0 0
proc /proc proc defaults 0 0
/dev/hda1 swap swap pri=42 0 0
You can note that every line (or row) contains the information of one
device or partition
*
The 1st and 2nd columns give the device and its default mount point.
*
The line â€˜/dev/hda2 / ext2 defaults 1 1â€™ mean that /dev/hda2 will be
mounted to /.
*
The third column in /etc/fstab specifies the filesystem type of the device
or partition. Like Ext3, ReiserFS is a journaled filesystem, but it's much more
advanced than Ext3. Many Linux distros (including SuSE) have started using
ReiserFS as their default filesystem for Linux partitions.
*
The option "auto" simply means that the filesystem type is detected
automatically.
*
The fourth column in fstab lists all the mount options for the device or
partition.
o
auto and noauto : With the auto option, the device will be mounted
automatically . auto is the default option. If you don't want the device to be
mounted automatically, use the noauto option in /etc/fstab. With noauto, the
device can be mounted only explicitly.
o
user and nouser : The user option allows normal users to mount the
device, whereas nouser lets only the root to mount the device. nouser is the
default.
o
exec and noexec: exec lets you execute binaries that are on that
partition, whereas noexec doesn't let you do that.exec is the default option,
which is a good thing.
o
ro : Mount the filesystem read-only.

o
rw : Mount the filesystem read-write

o
sync and async : How the input and output to the filesystem should
be done. sync means it's done synchronously. However, if you have the async
option in /etc/fstab, input and output is done asynchronously. async is the
default.
o
noquota : Do not set user quotas on this partition.

o
nosuid : Do not set SUID/SGID access on this partition.

o
nodev : Do not set character or special devices access on this

partition.
o
defaults : Uses the default options that are rw, suid, dev, exec,
auto, nouser, and async.
The 5th column in /etc/fstab is the dump option. Dump checks it and uses
the number to decide if a filesystem should be backed up. If it's zero, dump
will ignore that filesystem. If you take a look at the example fstab, you'll
notice that the 5th column is zero in most cases.
*
The 6th column is a fsck option. fsck looks at the number in the 6th
column to determine in which order the filesystems should be checked. If it's
zero, fsck won't check the filesystem.
The /etc/mtab file
The mtab file tracks mounted filesystems and therefore its contents change from
time to time .
A Sample /etc/mtab file is given below.
$ cat /etc/mtab
/dev/hda3 / ext3 rw 0 0
none /proc proc rw 0 0
none /dev/pts devpts rw,gid=5,mode=620 0 0
/dev/hda2 /boot ext3 rw 0 0
none /dev/shm tmpfs rw 0 0
/dev/hda6 /windows vfat rw 0 0
/dev/hdc1 /backup ext3 rw 0 0
Unmounting file systems
The umount command detaches the file system(s) mentioned from the file system
hierarchy. A file system can be specified by giving the directory where it has
been mounted.
To unmount the floppy that is mounted on `/floppy', type:
$ umount /floppy
To unmount the disc in the CD-ROM drive mounted on `/cdrom', type:
$ umount /cdrom
To unmount /home2 mounted on /dev/hdb1 , you may give
$ umount /home2 or
$ umount /dev/hdb1
6.3.5.3). Checking File System Integrity
A filesystem's correctness and validity can be checked using the fsck command.
It can be instructed to repair any minor problems it finds, and to alert the
user if there any unrepairable problems.
*
Most systems are setup to run fsck automatically at boot time, so that any
errors are detected (and hopefully corrected) before the system is used.
*
The automatic checking only works for the filesystems that are mounted
automatically at boot time.
*
fsck must only be run on unmounted filesystems, never on mounted

filesystems. This is because it accesses the raw disk, and can therefore modify
the filesystem without the operating system realizing it.
Running fsck
To run fsck on /dev/hda1 , use the command line below.
$ fsck /dev/hda1
$ fsck -t type device
Eg: $ fsck -t ext2 /dev/hda3
To check a Linux second extended file system as well as ext3, you may use
fsck.e2fs or e2fsck.
$ e2fsck -t ext2 /dev/hda3
$ e2fsck â€“f â€“t ext2 /dev/hda3 : Force checking even if the filesystem seems
clean.
To automatically repair the file system without asking any options, give
$ e2fsck â€“p /dev/hda1
E2fsck with the â€“c option will run the badblocks program to find any
blocks which are bad on the filesystem, and then marks them as bad by adding
them to the bad block inode.
$ e2fsck â€“c /dev/hda1
Other File System Check Commands

*
badblocks : is used to check a filesystem for bad blocks. You can call it
to scan for bad blocks and write a log of bad sectors by using the -o output-
file option. When called from e2fsck by using the -c option, the bad blocks that
are found will automatically be marked bad
$ badblocks /dev/hda1 1440 > bad-blocks
The â€˜-lâ€™ option is used to add the block numbers listed in the file
specified by filename to the list of bad blocks. The format of this file is the
same as the one generated by the badblocks program.
$ fsck -t ext2 -l bad-blocks /dev/hda1
tune2fs : is used to â€œtuneâ€ a filesystem. This is mostly used to set

filesystem check options, such as the maximum mount count and the time between
filesystem checks. The mount count is used to 'stagger' the mount counts of the
different filesystems, which ensures that at reboot not all filesystems will be
checked at the same time.
$ tune2fs â€“l /dev/hda1 : will list the contents of the filesystem super block
dumpe2fs : prints the super block and blocks group information for the
filesystem present on device.
$ dumpe2fs /dev/hda1
stat : display information about the file or file system status like the
inode no, blocks, type of file etc.
$ stat /root/testfile
6.3.6. Disk Quota Management
In addition to monitoring the disk space used on a system, disk space can
be restricted by implementing disk quotas so that the system administrator is
alerted before a user consumes too much disk space or a partition becomes full.
*
Disk quotas can be configured for individual users as well as user groups.
In addition, quotas can be set not just to control the number of disk
blocks consumed but to control the number of inodes. Because inodes are used to
contain file-related information, this allows control over the number of files
that can be created.
The quota RPM must be installed to implement disk quotas.The default Linux
Kernel which comes with Redhat and Fedora Core comes with quota support compiled
in.
6.3.6.1). Configuring and Implementing Disk Quotas on Partitions
To implement disk quotas, use the following steps:
1.
Enable quotas per file system by modifying /etc/fstab

2.
Remount the file system(s)

3.
Create the quota files and generate the disk usage table
4.
Assign quotas
1. Enabling Quotas
Add the usrquota and/or grpquota options to the file systems that require
quotas inside the /etc/fstab file.
*
In the /etc/fstab entries below, only the /home file system has user and
group quotas enabled.
LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2

none /dev/pts devpts gid=5,mode=620 0 0
LABEL=/home /home ext3 defaults,usrquota,grpquota 1 2
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/hda2 swap swap defaults 0 0
2. Remounting the File Systems
After adding the userquota and grpquota options, remount each file system
whose fstab entry has been modified.
$ umount /home
$ mount â€“a
If the file system is not in use by any process, use the umount command
followed by the mount to remount the file system.
*
If the file system is currently in use, the easiest method for remounting
the file system is to reboot the system.
3. Creating Quota Files
After each quota-enabled file system is remounted, the system is now

capable of working with disk quotas.
*
However, the file system itself is not yet ready to support quotas. The
next step is to run the quotacheck command.
*
The quotacheck command examines quota-enabled file systems and builds a

table of the current disk usage per file system.
*
The table is then used to update the operating system's copy of disk
usage. In addition, the file system's disk quota files are updated.
*
To create the quota files (aquota.user and aquota.group) on the file

system, use the -c option of the quotacheck command.
*
For example, if user and group quotas are enabled for the /home partition,
create the quota files in the /home directory:
$ quotacheck -cug /home
a â€” Check all quota-enabled, locally-mounted file systems in

/etc/mtab.
o
c â€“- Create Quota files for each file system with quotas enabled.
o
u -- Check user disk quota

o
g -- Check group disk quota information

o
If neither the -u or -g options are specified, only the user quota

file is created. If only -g is specified, only the group quota file is created.
After the files are created, run the following command to generate the
table of current disk usage per file system with quotas enabled:
$ quotacheck â€“avug
v -- Display verbose status information as the quota check proceeds

*
After quotacheck has finished running, the quota files corresponding to

the enabled quotas (user or group) are populated with data for each quota-
enabled file system such as /home.
4. Assigning Quotas per User
The last step is assigning the disk quotas with the edquota command. To
configure the quota for a user, as root in a shell prompt, execute the command:
$ edquota username
For example, if a quota is enabled in /etc/fstab for the /home partition

(/dev/hda3) and the command edquota testuser is executed, the following is shown
in the editor configured as the default for the system:
Disk quotas for user testuser (uid 501):
Filesystem blocks soft hard inodes soft hard

/dev/hda3 440436 0 0 37418 0 0
The first column is the name of the file system that has a quota enabled
for it.
*
The second column shows how many blocks the user is currently using.
*
The next two columns are used to set soft and hard block limits for the
user on the file system.
*
The inodes column shows how many inodes the user is currently using.
*
The last two columns are used to set the soft and hard inode limits for
the user on the file system.
*
A hard limit is the absolute maximum amount of disk space that a user or
group can use. Once this limit is reached, no further disk space can be used.
*
The soft limit defines the maximum amount of disk space that can be used.
However, unlike the hard limit, the soft limit can be exceeded for a certain
amount of time. That time is known as the grace period. The grace period can be
expressed in seconds, minutes, hours, days, weeks, or months.
*
To verify or view the quota for the user which has been set, use the
command:
$ quota testuser
5. Assigning Quotas per Group
Quotas can also be assigned on a per-group basis.

*
For example, to set a group quota for the devel group, use the command
(the group must exist prior to setting the group quota):
$ edquota -g devel
6. Assigning Quotas per File System
*
To assign quotas based on each file system enabled for quotas, use the
command:
$ edquota â€“t
Like the other edquota commands, this one opens the current quotas for the
file system in the text editor: The block grace period or inode grace period can
be changed here.
Grace period before enforcing soft limits for users:
Time units may be: days, hours, minutes, or seconds
Filesystem Block grace period Inode grace period
/dev/hda3 7days 7days
6.3.6.2). Managing Disk Quotas
1. Reporting on Disk Quotas
Creating a disk usage report entails running the repquota utility.
For example, the command repquota /home produces this output:
$ repquota /home
*** Report for user quotas on device /dev/hda3
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
root -- 36 0 0 4 0 0
tfox -- 540 0 0 125 0 0
testuser -- 440400 500000 550000 37418 0 0

*
To view the disk usage report for all quota-enabled file systems, use the
command:
$ repquota â€“a
2. Enabling and Disabling Quotas
It is possible to disable quotas without setting them to be 0. To turn all

user and group quotas off, use the following command:
$ quotaoff
To enable user and group quotas for all file systems:
$ quotaon
To enable quotas for a specific file system, such as /home:
$ quotaon -vug /home
6.3.7. RAID Setup
This is what you need for any of the RAID levels:
Kernel support for RAID

*
The â€œraidtoolsâ€ package
Some of the terms to be familiar with to understand the Raid configuration file
/etc/raidtab is given below:
1. Chunk Size
*
You can never write completely parallel to a set of disks. If you have two
disks and wanted to write a byte, you would have to write four bits on each
disk, actually, every second bit would go to disk 0 and the others to disk 1.
Hardware just doesn't support that.
*
Instead, we choose some chunk-size, which we define as the smallest

"atomic" mass of data that can be written to the devices.
*
A write of 16 kB with a chunk size of 4 kB, will cause the first and the
third 4 kB chunks to be written to the first disk, and the second and fourth
chunks to be written to the second disk, in the RAID-0 case with two disks.
*
Chunk sizes must be specified for all RAID levels, including linear mode.
However, the chunk-size does not make any difference for linear mode.
*
The argument to the chunk-size option in /etc/raidtab specifies the chunk

size in kilobytes. So "4" means "4 kB".
2. Persistent Superblock
When an array is initialized with the persistent-superblock option in the

/etc/raidtab file, a special superblock is written in the beginning of all disks
participating in the array.
*
This allows the kernel to read the configuration of RAID devices directly
from the disks involved, instead of reading from some configuration file that
may not be available at all times.
*
This is essential if you want to boot from a raid.

*
The persistent superblock is mandatory if you want auto-detection of your

RAID devices upon system boot.
6.3.7.1). Linear Raid Setup
1. Create two or more partitions which are not necessarily the same size, which
you want to append to each other.
2. Setup the raid configuration file : Set up the /etc/raidtab file to describe
your setup and for two disks - /dev/hda6 and /dev/hdb5, it can look like this.
raiddev /dev/md0
raid-level linear
nr-raid-disks 2
chunk-size 32
persistent-superblock 1
device /dev/hda6
raid-disk 0
device /dev/hdb5
raid-disk 1
To add another device to the RAID, increment the nr-raid-disks parameter

and add another set of device and raid-disk parameter.
*
The persistent-superblock option has to be switched on (set to 1) to

enable the system to auto-detect the raid device after a reboot.
*
The chunk-size option is meaningless for a linear RAID configuration so

this can have any value.
3.
Initialize the Raid device : Now create the raid device using the
commandline below . This will initialize your array, write the persistent
superblocks, and start the array.
$ mkraid /dev/md0
4.
To check the status of the new raid device , output the file /proc/mdstat.
You should see that the array is running.
$ cat /proc/mdstat
Personalities : [linear]
read_ahead 1024 sectors

md0 : active linear hdb7[1] hda7[0]
47664640 blocks 32k rounding
unused devices: <none>
5.
Create a filesystem : A RAID device does not rely on having a particular

type of filesystem. To create an ext3 filesystem on the new RAID device use the
mkfs command:
$ mkfs â€“t ext3 /dev/md0
6.
Mount the RAID partition : Mount the RAID device as follows:
$ mount â€“t ext3 /raid /dev/md0
7.
Add a new entry to /etc/fstab for the RAID device as follows so that it
automatically gets mounted on reboot :
/dev/md0 /raid ext3 defaults 1 2
8.
When you have your RAID device running, you can always stop it or re-start
it using the comandlines below
$ raidstop /dev/md0
or
$ raidstart /dev/md0
6.3.7.2). RAID-0 Setup
1.
Create two devices of approximately same size, so that you can combine
their storage capacity and also combine their performance by accessing them in
parallel.
2.
Setup the Raid Configuration file - Set up the /etc/raidtab file to

describe the configuration. An example raidtab looks like below:
raiddev /dev/md0
raid-level 0
nr-raid-disks 2
chunk-size 4
device /dev/hda6
raid-disk 0
device /dev/hdb5
raid-disk 1
RAID-0 has no redundancy, so when a disk dies, the array goes with it.
Repeat steps 3 through 7 to initialize the raid device and mount it.
1.
Create two devices of approximately same size, so that they can be mirrors
of each other.
2.

describe the configuration. An example raidtab looks like below:
raiddev /dev/md0
raid-level 1
nr-raid-disks 2
nr-spare-disks 0
device /dev/hda6
raid-disk 0
device /dev/hdb5
raid-disk 1
*
If you have more devices, which you want to keep as stand-by spare-disks,
that will automatically become a part of the mirror if one of the active devices
break.Remember to set the nr-spare-disks entry correspondingly.
*
If you have spare disks, you can add them to the end of the device
specification like
device /dev/hdc5
spare-disk 0
3. Now we're all set to start initializing the RAID. Repeat steps 3 through 7 to
initialize the raid device and mount it.
1.
Create two or more devices of approximately same size, so that they can be
combined into a larger device, but still maintain a degree of redundancy for
data safety. Eventually you have a number of devices to use as spare-disks, that
will not take part in the array before another device fails.
2.

describe the Raid â€“ 5 configuration. An example raidtab looks like below:
raiddev /dev/md0
raid-level 5
nr-raid-disks 4
nr-spare-disks 0
parity-algorithm left-symmetric
chunk-size 32
device /dev/hda3
raid-disk 0
device /dev/hdb1
raid-disk 1
device /dev/hdc1
raid-disk 2
device /dev/hdd1
raid-disk 3
3.
Now we're all set to start initializing the RAID. Repeat steps 3 through 7
to initialize the raid device and mount it.
7. NETWORKING AND NETWORK SERVICES

7.1. Networking Overview
7.1.1. OSI Reference Model
The OSI Reference model defines seven layers that describe how applications
running upon network-aware devices may communicate with each other. The model is
generic and applies to all network types, not just TCP/ IP, and all media types,
not just Ethernet. OSI was a working group within the ISO and thereby OSI model
is sometimes referred to as ISO Model by some folks.
OSI is a seven layer model where traditionally, layer diagrams are drawn with
Layer 1 at the bottom and Layer 7 at the top.
Layer 1 of the 7 layer Model is the Physical Layer and defines the physical and
electrical characteristics of the network.
The NIC cards in your PC and the interfaces on your routers all run at
this level since, eventually, they have to pass strings of ones and zeros down
the wire.
Layer 2 is known as the Data Link Layer. It defines the access strategy for
sharing the physical medium, including data link and media access issues.
Protocols such as PPP, SLIP and HDLC live here.
*
Devices which depend on this level includes bridges and switches, which
learn which segment's devices are on by learning the MAC addresses of devices
attached to various ports.
*
This is how bridges are eventually able to segment off a large network,
only forwarding packets between ports if two devices on separate segments need
to communicate.
*
Switches quickly learn a topology map of the network, and can thus switch
packets between communicating devices very quickly. It is for this reason that
migrating a device between different switch ports can cause the device to lose
network connectivity for a while, until the switch, or bridge, re-ARPs.
Layer 3 is the Network Layer, providing a means for communicating open systems
to establish, maintain and terminate network connections. The IP protocol lives
at this layer, and so do some routing protocols.
All the routers in your network are operating at this layer
Layer 4 is the Transport Layer, and is where TCP lives. The standard says that
"The Transport Layer relieves the Session Layer [Layer 5] of the burden of
ensuring data reliability and integrity".
It is for this reason that people are becoming very excited about the new
Layer 4 switching technology. Before these devices became available, only
software operated at this layer.
*
Hopefully, you will now also understand why TCP/ IP is uttered in one
breath. TCP over IP, since Layer 4 is above (over) Layer 3.
*
It is at this layer that, should a packet fail to arrive (perhaps due to

misrouting, or because it was dropped by a busy router), it will be
retransmitted, when the sending party fails to receive an acknowledgement from
the device with which it is communicating.
*
The more powerful routing protocols also operate here. OSPF and BGP, for
example, are implemented as protocols directly over IP.
Layer 5 is the Session Layer. It provides for two communicating presentation

entities to exchange data with each other.
*
The Session Layer is very important in the E-commerce field since, once a
user starts buying items and filling their "shopping basket" on a Web server, it
is very important that they are not load-balanced across different servers in a
server pool.
*
This is why, clever as Layer 4 switching is, these devices still operate
software to look further up the layer model. They are required to understand
when a session is taking place, and not to interfere with it.
Layer 6 is the Presentation Layer. This is where application data is either

packed or unpacked, ready for use by the running application.
Protocol conversions, encryption/ decryption and graphics expansion all

takes place here.
Layer 7 is the Application Layer. This is where you find your end-user and end-
application protocols, such as telnet, ftp, and mail (pop3 and smtp).
7.1.2. TCP/IP Networks
TCP/ IP stands for Transmission Control Protocol/ Internet Protocol.

*
TCP/IP traces its origin to a research project funded by the United States
DARPA (Defense Advanced Research Projects Agency) in 1969. This was an
experimental network, the ARPANET, which was converted into an operational one
in 1975, after it had proven to be a success.
*
When ARPANET finally grew into the Internet, the use of TCP/IP had spread
to networks beyond the Internet itself.
*
In 1983, the new protocol suite TCP/IP was adopted as a standard, and all
hosts on the network were required to use it.
*
TCP/IP is the protocol used in remote logins, NFS etc.

*
Because TCP/IP is so widely supported, it is ideal for uniting different

hardware and software, even if you don't communicate over the Internet.
*
A globally unique addressing scheme allows any TCP/IP device to address

any other device in the entire network, even if the network is as large as the
world-wide Internet.
*
TCP/IP attempts to create a heterogeneous network with open protocols that
are independent of operating system and architectural difference.
7.1.2.1). Layers in the TCP/IP Protocol Architecture
For more info about the protocol architecture, refer to the url below:
http://www.citap.com/documents/tcp-ip/tcpip012.htm
7.1.3. LAN Network

7.1.3.1). Area Networks
For historical reasons, the industry refers to nearly every type of network as
an "area network." The most commonly-discussed categories of computer networks
include the following â€“
Local Area Network (LAN)

*
Wide Area Network (WAN)

*
Metropolitan Area Network (MAN)

*
Storage Area Network (SAN)

*
System Area Network (SAN)

*
Server Area Network (SAN)

*
Small Area Network (SAN)

*
Personal Area Network (PAN)

*
Desk Area Network (DAN)

*
Controller Area Network (CAN)

*
Cluster Area Network (CAN)
The concept of "area" made good sense at this time, because a key distinction
between a LAN and a WAN involves the physical distance that the network spans. A
third category, the MAN, also fit into this scheme as it too is centered on a
distance-based concept.
As technology improved, new types of networks appeared on the scene. These, too,
became known as various types of "area networks" for consistency's sake,
although distance no longer proved a useful differentiator.
7.1.3.2). LAN Basics
A LAN connects network devices over a relatively short distance. A

networked office building, school, or home usually contains a single LAN, though
sometimes one building will contain a few small LANs, and occasionally a LAN
will span a group of nearby buildings.
*
In IP networking, one can conceive of a LAN as a single IP subnet (though

this is not necessarily true in practice).
*
Besides operating in a limited space, LANs include several other

distinctive features. LANs are typically owned, controlled, and managed by a
single person or organization.
*
They also use certain specific connectivity technologies, primarily

Ethernet and Token Ring.
Three most commonly used LAN Implementations Are :
7.1.3.3). LAN Protocols and the OSI Reference Model
LAN protocols function at the lowest two layers of the OSI reference
model, between the physical layer and the data link layer.
*
Figure below illustrates how several popular LAN protocols map to the OSI
reference model.
7.1.3.4). LAN Media-Access Methods
Media contention occurs when two or more network devices have data to send
at the same time.
*
Because multiple devices cannot talk on the network simultaneously, some

type of method must be used to allow one device access to the network media at a
time. This is done in two main ways: carrier sense multiple access collision
detect (CSMA/CD) and token passing.
Carrier Sense Multiple Access/Collision Detection (CSMA/CD) N/w
In networks using CSMA/CD technology such as Ethernet, network devices

contend for the network media.
*
When a device has data to send, it first listens to see if any other
device is currently using the network. If not, it starts sending its data.
*
After finishing its transmission, it listens again to see if a collision

occurred.
*
A collision occurs when two devices send data simultaneously. When a

collision happens, each device waits a random length of time before resending
its data. In most cases, a collision will not occur again between the two
devices then.
*
Because of this type of network contention, the busier a network becomes,

the more collisions occur. This is why performance of Ethernet degrades rapidly
as the number of devices on a single network increases.
*
For CSMA/CD networks, switches segment the network into multiple collision
domains. This reduces the number of devices per network segment that must
contend for the media.
*
By creating smaller collision domains, the performance of a network can be

increased significantly without requiring addressing changes.
Token Passing N/W
In token-passing networks such as Token Ring and FDDI, a special network

frame called a token is passed around the network from device to device.
*
When a device has data to send, it must wait until it has the token and
then sends its data.
*
When the data transmission is complete, the token is released so that

other devices may use the network media.
*
The main advantage of token-passing networks is that they are

deterministic. In other words, it is easy to calculate the maximum time that
will pass before a device has the opportunity to send data.
*
This explains the popularity of token-passing networks in some real-time

environments such as factories, where machinery must be capable of communicating
at a determinable interval.
Full Duplex and Half Duplex
Normally CSMA/CD networks are half-duplex, meaning that while a device

sends information, it cannot receive at the time. While that device is talking,
it is incapable of also listening for other traffic.
*
This is much like a walkie-talkie. When one person wants to talk, he

presses the transmit button and begins speaking. While he is talking, no one
else on the same frequency can talk.
*
When the sending person is finished, he releases the transmit button and
the frequency is available to others.
When switches are introduced, full-duplex operation is possible. Full-

duplex works much like a telephoneâ€”you can listen as well as talk at the same
time.
*
When a network device is attached directly to the port of a network

switch, the two devices may be capable of operating in full-duplex mode.
However, full-duplex operation does increase the throughput of most

applications because the network media is no longer shared. Two devices on a
full-duplex connection can send data as soon as it is ready.
Token-passing networks such as Token Ring can also benefit from network
switches. In large networks, the delay between turns to transmit may be
significant because the token is passed around a larger network.
7.1.3.5). LAN Transmission Methods
LAN data transmissions fall into three classifications: unicast,

multicast, and broadcast.
*
In each type of transmission, a single packet is sent to one or more

nodes.
*
In a unicast transmission, a single packet is sent from the source to a

destination on a network. First, the source node addresses the packet by using
the address of the destination node. The package is then sent onto the network,
and finally, the network passes the packet to its destination.
*
A multicast transmission consists of a single data packet that is copied

and sent to a specific subset of nodes on the network. First, the source node
addresses the packet by using a multicast address. The packet is then sent into
the network, which makes copies of the packet and sends a copy to each node that
is part of the multicast address.
*
A broadcast transmission consists of a single data packet that is copied

and sent to all nodes on the network. In these types of transmissions, the
source node addresses the packet by using the broadcast address. The packet is
then sent on to the network, which makes copies of the packet and sends a copy
to every node on the network.
7.1.3.6). LAN Topologies
LAN topologies define the manner in which network devices are organized.
*
Four common LAN topologies exist: bus, ring, star, and tree.
*
These topologies are logical architectures, but the actual devices need
not be physically organized in these configurations.
*
Logical bus and ring topologies, for example, are commonly organized
physically as a star.
*
A bus topology is a linear LAN architecture in which transmissions from

network stations propagate the length of the medium and are received by all
other stations.
o
Of the three most widely used LAN implementations, Ethernet/IEEE

802.3 networksâ€”including 100BaseTâ€”implement a bus topology, which is
illustrated.
A ring topology is a LAN architecture that consists of a series of devices

connected to one another by unidirectional transmission links to form a single
closed loop.
o
Both Token Ring/IEEE 802.5 and FDDI networks implement a ring

topology. Figure depicts a logical ring topology.
A star topology is a LAN architecture in which the endpoints on a network

are connected to a common central hub, or switch, by dedicated links. Logical
bus and ring topologies are often implemented physically in a star topology. A
star topology which is illustrated in figure.
A tree topology is a LAN architecture that is identical to the bus

topology, except that branches with multiple nodes are possible in this case.
Figure illustrates a logical tree topology.
7.1.3.7). LAN Devices
Devices commonly used in LANs include repeaters, hubs, LAN extenders,

bridges, LAN switches, and routers.
Repeater
A repeater is a physical layer device used to interconnect the media

segments of an extended network.
*
A repeater essentially enables a series of cable segments to be treated as

a single cable.
*
Repeaters receive signals from one network segment and amplify, retime,
and retransmit those signals to another network segment.
*
These actions prevent signal deterioration caused by long cable lengths

and large numbers of connected devices.
*
Repeaters are incapable of performing complex filtering and other traffic

processing.
*
In addition, all electrical signals, including electrical disturbances and

other errors, are repeated and amplified. The total number of repeaters and
network segments that can be connected is limited due to timing and other
issues. Figure 2-6 illustrates a repeater connecting two network segments.
Hub
A hub is a physical layer device that connects multiple user stations,

each via a dedicated cable. A typical hub is a multi-port repeater.
*
Electrical interconnections are established inside the hub.

*
Hubs are used to create a physical star network while maintaining the
logical bus or ring configuration of the LAN. In some respects, a hub functions
as a multiport repeater.
*
Hubs and repeaters work at the first layer of the OSI model, also known as
the Physical layer.
Bridges
Bridges are introduced as devices which connect LANs at the MAC layer.
*
The purpose of bridges is to allow hosts attached to different LANs to

communicate as if they were located on the same LAN.
*
In contrast to repeaters/hubs , that act at the physical layer and allow

all traffic to cross LAN segments, bridges are more intelligent and limit the
traffic to the section of the network on which it is relevant.
*
Brides posses work at the second layer of the OSI model, known as the
data-link layer.
*
Since a bridge examines the packet to record the sender and lookup the
recipient, there is overhead in sending a packet through a bridge.
Switches
This is a device with multiple ports which forwards packets from one port
to another. A switch is essentially a multi-port bridge.
*
The behavior of a switch is exactly the same as a bridge, record sender

port, look up the recipient, and forward based on the recipientâ€™s port.
*
The difference is that most switches implement these functions in hardware

using a dedicated processor. This makes them much faster than traditional
software based bridges.
Router
*
The basic function of the router is to route the traffic from one network
to another network efficiently. It provide intelligent redundancy and security
required to select the optimum path. Usually routers are used for connecting
remote networks.
*
A router works at the next layer, layer 3 (Network) of the OSI model.
*
The router uses network addresses (IP Addresses) to determine how to

forward a packet.
*
Routers also offer more advanced filtering options, along with features
designed to improve redundancy.
LAN Extender
A LAN extender is a remote-access multilayer switch that connects to a

host router.
*
LAN extenders forward traffic from all the standard network layer
protocols and filter traffic based on the MAC address or network layer protocol
type.
*
LAN extenders scale well because the host router filters out unwanted
broadcasts and multicasts. However, LAN extenders are not capable of segmenting
traffic or creating security firewalls.
*
Figure illustrates multiple LAN extenders connected to the host router

through a WAN.
7.1.4. WAN Basics
As the term implies, a wide-area network spans a large physical distance.

A WAN like the Internet spans most of the world!
*
A WAN is a geographically-dispered collection of LANs.

*
A network device called a router connects LANs to a WAN. In IP networking,

the router maintains both a LAN address and a WAN address.
*
WANs differ from LANs in several important ways.

*
Like the Internet, most WANs are not owned by any one organization but
rather exist under collective or distributed ownership and management.
*
WANs use technology like ATM, Frame Relay and X.25 for connectivity.
*
WAN technologies generally function at the lower three layers of the OSI
reference model: the physical layer, the data link layer, and the network layer.
7.1.4.1). WAN Networks
Point-to-Point Links
A point-to-point link provides a single, pre-established WAN

communications path from the customer premises through a carrier network, such
as a telephone company, to a remote network.
*
Point-to-point lines are usually leased from a carrier and thus are often
called leased lines.
*
For a point-to-point line, the carrier allocates pairs of wire and

facility hardware to your line only. These circuits are generally priced based
on bandwidth required and distance between the two connected points.
*
Point-to-point links are generally more expensive than shared services

such as Frame Relay.
Circuit Switching
Switched circuits allow data connections that can be initiated when needed
and terminated when communication is complete.
*
This works much like a normal telephone line works for voice
communication.
*
Integrated Services Digital Network (ISDN) is a good example of circuit

switching.
*
When a router has data for a remote site, the switched circuit is
initiated with the circuit number of the remote network. In the case of ISDN
circuits, the device actually places a call to the telephone number of the
remote ISDN circuit. When the two networks are connected and authenticated, they
can transfer data. When the data transmission is complete, the call can be
terminated.
*
A Circuit-Switched WAN Undergoes a Process Similar to That Used for a

Telephone Call as can be seen below:
Packet Switching
Packet switching is a WAN technology in which users share common carrier

resources.
*
Because this allows the carrier to make more efficient use of its
infrastructure, the cost to the customer is generally much better than with
point-to-point lines.
*
In a packet switching setup, networks have connections into the carrier's

network, and many customers share the carrier's network.
*
The carrier can then create virtual circuits between customers' sites by
which packets of data are delivered from one to the other through the network.
The section of the carrier's network that is shared is often referred to as a
cloud.
*
Some examples of packet-switching networks include Asynchronous Transfer

Mode (ATM), Frame Relay, Switched Multimegabit Data Services (SMDS), and X.25.
*
Figure hows an example packet-switched circuit. The virtual connections

between customer sites are often referred to as a virtual circuit.
Packet Switching Transfers Packets Across a Carrier Network

7.1.4.2). WAN Virtual Circuits
A virtual circuit is a logical circuit created within a shared network

between two network devices.
*
Two types of virtual circuits exist: switched virtual circuits (SVCs) and
permanent virtual circuits (PVCs).
Switched Virtual Circuits
SVCs are virtual circuits that are dynamically established on demand and
terminated when transmission is complete.
*
Communication over an SVC consists of three phases: circuit establishment,

data transfer, and circuit termination.
*
The establishment phase involves creating the virtual circuit between the
source and destination devices.
*
Data transfer involves transmitting data between the devices over the
virtual circuit.
*
The circuit termination phase involves tearing down the virtual circuit
between the source and destination devices.
*
SVCs are used in situations in which data transmission between devices is

sporadic.
Permanent Virtual Circuits
PVC is a permanently established virtual circuit that consists of one

mode: data transfer.
*
PVCs are used in situations in which data transfer between devices is

constant.
*
PVCs decrease the bandwidth use associated with the establishment and
termination of virtual circuits, but they increase costs due to constant virtual
circuit availability.
*
PVCs are generally configured by the service provider when an order is

placed for service.
Internet Service Providers
Home networkers with cable modem or DSL service already have encountered
LANs and WANs in practice, though they may not have noticed.
*
A cable/DSL router join the home LAN to the WAN link maintained by one's
ISP.
*
The ISP provides a WAN IP address used by the router, and all of the
computers on the home network use private LAN addresses.
*
On a home network, like many LANs, all computers can communicate directly
with each other, but they must go through a central gateway location to reach
devices outside of their local area.
7.1.4.3). WAN Devices
WANs use numerous types of devices that are specific to WAN environments.
*
WAN switches, access servers, modems, CSU/DSUs, and ISDN terminal adapters
are discussed in the following sections.
*
Other devices found in WAN environments that are used in WAN

implementations include routers, ATM switches, and multiplexers.
Access Server
An access server acts as a concentration point for dial-in and dial-out

connections. Figure illustrates an access server concentrating dial-out
connections into a WAN.
CSU/DSU
A channel service unit/digital service unit (CSU/DSU) is a digital-

interface device used to connect a router to a digital circuit like a T1.
*
The CSU/DSU also provides signal timing for communication between these
devices.
*
Figure below illustrates the placement of the CSU/DSU in a WAN

implementation.
ISDN Terminal Adapter
An ISDN terminal adapter is a device used to connect ISDN Basic Rate

Interface (BRI) connections to other interfaces, such as EIA/TIA-232 on a
router.
*
A terminal adapter is essentially an ISDN modem, although it is called a

terminal adapter because it does not actually convert analog to digital signals.
*
Figure below illustrates the placement of the terminal adapter in an ISDN

environment.
WAN Switch
A WAN switch is a multiport internetworking device used in carrier

networks.
*
These devices typically switch such traffic as Frame Relay, X.25, and
SMDS, and operate at the data link layer of the OSI reference model.
*
Figure below illustrates two routers at remote ends of a WAN that are
connected by WAN switches.
Modem
A modem is a device that interprets digital and analog signals, enabling

data to be transmitted over voice-grade telephone lines.
*
At the source, digital signals are converted to a form suitable for

transmission over analog communication facilities.
*
At the destination, these analog signals are returned to their digital

form.
*
Figure below shows a simple modem-to-modem connection through a WAN.
7.1.4.4). Other Area Networks
After LANs and WANs, one will most commonly encounter the following three
network designs:
A Metropolitan Area Network connects an area larger than a LAN but smaller
than a WAN, such as a city, with dedicated or high-performance hardware.
*
A Storage Area Network connects servers to data storage devices through a

technology like Fibre Channel.
*
A System Area Network connects high-performance computers with high-speed

connections in a cluster configuration.
7.1.5. Ethernet and Networking Hardware
Ethernet is a frame-based computer networking technology for local area networks

(LANs).
It defines wiring and signaling for the physical layer, and frame formats
and protocols for the media access control (MAC)/data link layer of the OSI
model.
*
The most commonly installed Ethernet systems are called 10BASE-T and
provide transmission speeds up to 10 Mbps.
*
Ethernet is mostly standardized as IEEE's 802.3. It has become the most

widespread LAN technology in use
Ethernet follows a simple set of rules that govern its basic operation.
*
To better understand these rules, it is important to understand the basics

of Ethernet terminology.
o
Medium - Ethernet devices attach to a common medium that provides a

path along which the electronic signals will travel. Historically, this medium
has been coaxial copper cable, but today it is more commonly a twisted pair or
fiber optic cabling.
o
Segment - We refer to a single shared medium as an Ethernet segment.

o
Node - Devices that attach to that segment are stations or nodes.

o
Frame - The nodes communicate in short messages called frames, which

are variably sized chunks of information.
One interesting thing about Ethernet addressing is the implementation of a

broadcast address. A frame with a destination address equal to the broadcast
address is intended for every node on the network, and every node will both
receive and process this type of frame.
7.1.5.1). Ethernet Network Medium
A Network Medium is the type of cabling used in a network.

*
There are many types of cables used in networks today, although only a few
are commonly used.
*
The type of cabling can have an influence on the speed of the network.
1. Twisted-pair Cable
*
A Twisted-pair cable has a pair of wires twisted around each other to

reduce the interference.
*
There can be two, four, or even more sets of twisted pairs in a network
cable.
*
Twisted-pair cables are usually attached to the network devices with a

jack that looks like a telephone modular jack, but a little wider, supporting up
to eight wires.
*
There are two types of Twisted-Pair cable in use:

o
A Unshielded Twisted-Pair (UTP) cable is one of the most commonly

used network media because it is cheap and easy to work with.
o
A Shielded Twisted-Pair (STP) cable has the same basic construction

as its unshielded cousin, but the entire cable is wrapped in a layer of
insulation for protection from interference.
2. Coaxial Cable
A Coaxial cable is designed with two conductors, one in the centre

surrounded by a layer of insulation, and the second a mesh or foil conductor
surrounding the insulation.
*
Outside the mesh is a layer of outer insulation. Because of its reduced

electrical impedance, coaxial is capable of faster transmission than twisted-
pair cable.
*
Coax is also broadband, supporting several network channels on the same

cable.
*
There are two types of coaxial cable in use:

o
Thick coax is a heavy cable that is used as a network backbone for

the bus network. This cable is formally known as Ethernet PVC coax, but is
usually called 10BASE5. Because thick coax is so heavy and stiff, it is
difficult to work with and is quit expensive.
o
Thin coax is the most common type used in Ethernet networks. It goes
by several names, including Thin Ethernet, 10BASE2, and cheapernet. Thin coax is
the same as your television cable. Thin coax is quite flexible and has a low
impedance, so it is capable of fast throughput rates. It is not difficult to lay
out, as it is quite flexible, and it is easy to construct cables with the proper
connectors, usually BNC connectors, at each end. Thin coax is broadband,
although most local area networks use only a single channel of the cable.
3. Fibre-optic Cable
A Fibre-optic cable called FDDI (Fiber Distributed Data Interface) is

becoming popular for very high-speed networks (500 Mbits). It is very expensive
but capable of supporting many channels at tremendous speed.
o
Fibre-optic cable is almost never used in local area networks,

although some large corporations do use it to connect many LANâ€™s together into
a wide area network.
o
The supporting hardware to handle fibre-optic backbones is quite

expensive and specialised.
o
It consists of a single cable with hosts being attached to it

through connectors, taps or transceiver.
7.1.5.2). Ethernet Network Interface
To hide the diversity of equipment that may be used in a networking

environment, TCP/IP defines an abstract interface through which the hardware is
accessed called the Ethernet interface or network interface.
*
This interface offers a set of operations which is the same for all types
of hardware and basically deals with sending and receiving packets.
*
For each peripheral device you want to use for networking, a corresponding
interface has to be present in the kernel.
*
For example, Ethernet interfaces are called eth0 and eth1 and these
interface names are used for configuration purposes when you want to name a
particular physical device to the kernel.
7.1.6. Internet Protocol or IP Address
To extend your network beyond the Ethernet, regardless of the hardware you
run or the sub-units its made up of, you have the Internet Protocol which
facilitates this. The current version of Internet Protocol that is in use is IP
Version 4 ("IPv4") which is now nearly twenty years old..
*
Hence we have a dedicated host, a so-called gateway, which handles

incoming and outgoing packets by copying them between any two Ethernets and the
fiber optics cable.
*
This scheme of directing data to a remote host is called routing, and

packets are often referred to as datagrams in this context. To facilitate
things, datagram exchange is governed by a single protocol that is independent
of the hardware used: IP, or Internet Protocol.
*
The main benefit of IP is that it turns physically dissimilar networks

into one apparently homogeneous network. This is called internetworking, and the
resulting ``meta-network'' is called an internet.
*
IP also requires a hardware-independent addressing scheme. This is

achieved by assigning each host a unique 32-bit number according to the current
version of Internet Protocol ipv4, called the IP-address. An IP-address is
usually written as four 8-bit numbers called octets, separated by dots. This
format is also called dotted quad notation.
*
To be usable for TCP/IP networking, an interface must be assigned an IP-

address which serves as its identification when communicating with the rest of
the world.
7.1.6.1). IP Address Notation and Classes of Networks
IP-addresses are split into a network number, which is contained in the

leading octets, and a host number, which is the remainder.
*
When applying to the NIC for IP-addresses, you are not assigned an address
for each single host you plan to use. Instead, you are given a network number,
and are allowed to assign all valid IP-addresses within this range to hosts on
your network according to your preferences.
*
Depending on the size of the network, the host part may need to be smaller
or larger. To accommodate different needs, there are several classes of
networks, defining different splits of IP-addresses.
Class A
*
Class A comprises networks 1.0.0.0 through 127.0.0.0. The network number
is contained in the first octet. This provides for a 24 bit host part, allowing
roughly 1.6 million hosts.
Class B
Class B contains networks 128.0.0.0 through 191.255.0.0; the network

number is in the first two octets. This allows for 16320 nets with 65024 hosts
each.
Class C
Class C networks range from 192.0.0.0 through 223.255.255.0, with the

network number being contained in the first three octets. This allows for nearly
2 million networks with up to 254 hosts.
Classes D, E, and F
Addresses fall into the range of 224.0.0.0 through 254.0.0.0 are either
experimental, or are reserved for future use and don't specify any network.
For example, if the IP address of a host is 149.76.12.4, it refers to host 12.4

on the class-B network 149.76.0.0.
You may have noticed that in the above list not all possible values were
allowed for each octet in the host part.
*
This is because host numbers with octets all 0 or all 255 are reserved for
special purposes.
*
An address where all host part bits are zero refers to the network, and
one where all bits of the host part are 1 is called a broadcast address. This
refers to all hosts on the specified network simultaneously.
*
Thus, 149.76.255.255 is not a valid host address, but refers to all hosts
on network 149.76.0.0.
Reserved Network Addresses
There are also two network addresses that are reserved, 0.0.0.0 and
127.0.0.0. The first is called the default route, the latter the loopback
address.
*
Network 127.0.0.0: is reserved for IP traffic local to your host. Usually,

address 127.0.0.1 will be assigned to a special interface on your host, the so-
called loopback interface, which acts like a closed circuit. Any IP packet
handed to it from TCP or UDP will be returned to them as if it had just arrived
from some network. This allows you to develop and test networking software
without ever using a ``real'' network. Another useful application is when you
want to use networking software on a standalone host.
7.1.7. Transmission Control Protocol
TCP, or Transmission Control Protocol builds a reliable service on top of

IP. The essential property of TCP is that it uses IP to give you the illusion of
a simple connection between the two processes on your host and the remote
machine, so that you don't have to care about how and along which route your
data actually travels.
*
A TCP connection works essentially like a two-way pipe that both processes
may write to and read from.
*
TCP identifies the end points of such a connection by the IP-addresses of

the two hosts involved, and the number of a so-called port on each host. Ports
may be viewed as attachment points for network connections.
7.1.8. User Datagram Protocol
TCP isn't the only user protocol in TCP/IP networking. Although its suitable for
more applications, the overhead involved is quite high.Hence, many applications
use a sibling protocol of TCP called UDP, or User Datagram Protocol.
*
UDP also allows an application to contact a service on a certain port on
the remote machine, but it doesn't establish a connection for this. Instead, you
may use it to send single packets to the destination service.
7.1.9. Connection Ports
Ports may be viewed as attachment points for network connections. If an

application wants to offer a certain service, it attaches itself to a port and
waits for clients to connect to this port (this is also called listening on the
port).
*
A client that wants to use this service allocates a port on its local
host, and connects to the server's port on the remote host.
*
It is worth noting that although both TCP and UDP connections rely on
ports, these numbers do not conflict. This means that TCP port 513, for example,
is different from UDP port 513. In fact, these ports can serve as access points
for two different services.
*
Some of the common ports you come across are port 80( used by httpd), 21(
used by ftp), 22 ( used by sshd) etc.
7.1.10. Address Resolution
Address Resolution refers to mapping IP-addresses onto Ethernet addresses. This

is the Address Resolution Protocol, or ARP.
When ARP wants to find out the Ethernet address corresponding to a given
IP-address, it uses a feature of Ethernet known as â€œbroadcasting'' , where a
datagram is addressed to all stations on the network simultaneously.
*
The broadcast datagram sent by ARP contains a query for the IP-address.
Each receiving host compares this to its own IP-address, and if it matches,
returns an ARP reply to the inquiring host. The inquiring host can now extract
the sender's Ethernet address from the reply.
7.1.11. IP Routing
When you write a letter to someone, you usually put a complete address on
the envelope, specifying the country, state, zip code, etc. After you put it
into the letter box, the postal service will deliver it to its destination: it
will be sent to the country indicated, whose national service will dispatch it
to the proper state and region, etc. The advantage of this hierarchical scheme
is rather obvious.
*
IP-networks are structured in a similar way. The whole Internet consists

of a number of proper networks, called autonomous systems.
*
Each such system performs any routing between its member hosts internally,
so that the task of delivering a datagram is reduced to finding a path to the
destination host's network.
7.1.11.1). Subnetworks
Ip addresses can be split into a host and network part. By default, the
destination network is derived from the network part of the IP-address. Thus,
hosts with identical IP-network numbers should be found within the same network.
*
IP allows you to subdivide an IP-network into several subnets or sub-

networks.
*
It is worth noting that sub-netting (as the technique of generating

subnets is called) is only an internal division of the network. Subnets are
generated by the network owner (or the administrators) to reflect existing
boundaries, be they physical (between two Ethernets)or administrative (between
two departments). However, this structure affects only the network's internal
behavior, and is completely invisible to the outside world.
How sub-netting is done?
In sub-netting, the network part is extended to include some bits from the host
part. The number of bits that are interpreted as the subnet number is given by
the so-called subnet mask, or netmask. This is a 32-bit number, too, which
specifies the bit mask for the network part of the IP-address.
For example:
A sample network has a class-B network number of 149.76.0.0, and its netmask is
therefore 255.255.0.0.
Internally, this network consists of several smaller networks, such as the

LANs of various departments. So the range of IP-addresses is broken up into 254
subnets, 149.76.1.0 through 149.76.254.0.
*
For example, the Department1 has been assigned 149.76.12.0. The
Department2 is given a network by its own right, and is given 149.76.1.0.
*
These subnets share the same IP-network number, while the third octet is
used to distinguish between them. Thus they will use a subnet mask of
255.255.255.0.
7.1.11.2). Gateways
A gateway is a host that is connected to two or more physical networks

simultaneously and is configured to switch packets between them.
*
A gateway is assigned one IP-address per network it is on. These

addresses--- along with the corresponding netmask--- are tied to the interface
the subnet is accessed through. Thus, the mapping of interfaces and addresses
could look like this:
+-------+-------------+----------------+
|iface | address | netmask |
+-------+-------------+----------------+
+-------+-------------+----------------+
|eth0 | 149.76.4.1 | 255.255.255.0 |
|fddi0 | 149.76.1.4 | 255.255.255.0 |
|lo | 127.0.0.1 | 255.0.0.0 |
+-------+-------------+----------------+
+-------+-------------+----------------+
The last entry describes the loopback interface lo.

*
Hosts that are on two subnets at the same time are shown with both
addresses.
7.1.11.3). Routing Table
The routing table is used while delivering datagrams to IP address on a remote

server which is maintained by the kernel.
The routing information IP uses for this is basically a table linking

networks to gateways that reach them.
*
A catch-all entry (the default route) must generally be supplied, too;

this is the gateway associated with network 0.0.0.0. All packets to an unknown
network are sent through the default route.
*
For larger networks, they are built and adjusted at run-time by routing
daemons; these run on central hosts of the network and exchange routing
information to compute `òptimal'' routes between the member networks.
*
Depending on the size of the network, different routing protocols will be

used. The most prominent one is RIP, the Routing Information Protocol, which is
implemented by the BSD routed daemon.
*
Dynamic routing based on RIP chooses the best route to some destination
host or network based on the number of â€œhops'', that is, the gateways a
datagram has to pass before reaching it. The shorter a route is, the better RIP
rates it.
7.2. Linux Network Administration

7.2.1. Network Configuration Files
1. Resolver configuration file -- /etc/resolv.conf
This file specifies the IP addresses of DNS servers and the search domain.
Unless configured to do otherwise, the network initialization scripts populate
this file.
search name-of-domain.com - Name of your domain or ISP's domain if using their

name server
nameserver XXX.XXX.XXX.XXX - IP address of primary name server
nameserver XXX.XXX.XXX.XXX - IP address of secondary name server
*
This configures Linux so that it knows which DNS server will be resolving
domain names into IP addresses. If using a static IP address, ask the ISP or
check another machine on your network.
2. /etc/hosts - Locally resolve node/host names to IP addresses.
The main purpose of this file is to resolve hostnames that cannot be resolved
any other way. It can also be used to resolve hostnames on small networks with
no DNS server.
Regardless of the type of network the computer is on, this file should
contain a line specifying the IP address of the loopback device (127.0.0.1) as
localhost.localdomain
127.0.0.1 localhost.localdomain localhost
XXX.XXX.XXX.XXX hostname hostname1
192.168.0.2 srv1.carmatec.com
Note when adding hosts to this file, place the fully qualified name first.
3. /etc/sysconfig/network : Red Hat network configuration file used by the

system during the boot process. Specifies routing and host information for all
network interfaces.
The following values may be used inside :
NETWORKING=<value>, where <value> is one of the following boolean values:
yes â€” Networking should be configured.
no â€” Networking should not be configured.
HOSTNAME=<value>, where <value> should be the Fully Qualified Domain Name

(FQDN), such as hostname.example.com, but can be whatever hostname is necessary.
*
GATEWAY=<value>, where <value> is the IP address of the network's gateway.

*
GATEWAYDEV=<value>, where <value> is the gateway device, such as eth0.

*
NISDOMAIN=<value>, where <value> is the NIS domain name.
4. /etc/nsswitch.conf - System Databases and Name Service Switch configuration

file . The /etc/nsswitch.conf file is used to configure which services are to be
used to determine information such as hostnames, password files, and group
files.
hosts: files dns nisplus nis
This example tells Linux to first resolve a host name by looking at the
local hosts file(/etc/hosts), then if the name is not found look to your DNS
server as defined by /etc/resolv.conf and if not found there look up to your NIS
server.
5. /etc/sysconfig/network-scripts/ifcfg-<interface-name>
For each network interface on a Red Hat Linux system, there is a corresponding
interface configuration script. Each of these files provide information specific
to a particular network interface.
/etc/sysconfig/network-scripts/ifcfg-eth0 is the interface config script

for eth0 interface
*
Configuration settings for your first ethernet port (0). Your second port
is eth1.
7.2.2. Network Administration Commands

7.2.2.1). IP Address Assignment
The command ifconfig if used for this purpose. This command is used to configure
network interfaces, or to display their current configuration. In addition to
activating and deactivating interfaces with the up and down settings, this
command is necessary for setting an interface's address information.
Determining your IP address Assignment
*
You can determine the IP address of a linux machine and which device its
assigned to using the ifconfig command.
$ ifconfig
Setting up the main IP
An IP interface, for example, needs to be told both its own address and
the network mask and broadcast address of its subnet.
*
To configure the IP 192.168.10.12 on the interface eth0, you can use:
$ ifconfig eth0 192.168.10.12 netmask 255.255.255.0 broadcast 192.168.10.255

up
255.255.255.0 is the subnet mask.

*
After this, to make the changes permanent so that this IP is activated

after every system reboot, a file has to be created called
/etc/sysconfig/network-scripts/ifcfg-eth0 which will have contents like below
for a static IP address configuration.
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.10.255
IPADDR=192.168.10.12
NETMASK=255.255.255.0
NETWORK=192.168.10.0
ONBOOT=yes
You can also use the commandline above to change the main IP address of a
machine.
Adding more IP addresses to a machine
Using ifconfig, you can add more Ips to a machine using the commandline
below
$ ifconfig eth0:0 192.168.10.13 netmask 255.255.255.0 broadcast

192.168.10.255 up
In this case, the file that needs to be created is /etc/sysconfig/network-

scripts/ifcfg-eth0:0 so that this IP is activated after system boot up. A sample
file is given below.
DEVICE=eth0:0
BOOTPROTO=static
BROADCAST=192.168.10.255
IPADDR=192.168.10.13
NETMASK=255.255.255.0
NETWORK=192.168.10.0
ONBOOT=yes
If you are giving another IP, the file will be ifcfg-eth0:1 and the
command line will be :
$ ifconfig eth0:1 192.168.10.14 netmask 255.255.255.0 broadcast

192.168.10.255 up
Note : After making these changes, you need to restart the network daemon
using
$ /etc/rc.d/init.d/network restart
*
The command â€˜usernetctlâ€™ can be used to activate or de-activate a

network interface.
$ usernetctl eth0 up
$ usernetctl eth0:1 up
$ usernetctl eth0 down

7.2.2.2). Setting up Routing
Routing
A routing table is a simple set of rules that tells what will be done with
network packets.
The destination address of every outgoing packet is checked against every

line of the routing table maintained by the kernel; if a matching line is found
then the packet is sent out through the interface listed on that line of the
table; if no match is found the system returns the error â€œUnreachable host.''
*
The route command is the tool used to display or modify the routing table.
*
If you type "route" or â€œroute â€“nâ€ for a machine having the IP

192.168.2.2 for eth0 , the routing table below will be displayed:
$ route
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.2 * 255.255.255.255 UH 0 0 0 eth0
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.0.2 0.0.0.0 UG 0 0 0 eth0
The last line which has the Genmask 0.0.0.0 is the default route and the
default gateway is set to 192.168.0.2. All packets to an unknown network are
sent through the default route.
*
The routing table looks like a set of instructions, very similar to a case
statement which has a "default" at its end and can be described as below for the
above routing table setup.
if (address=me) then send to me;
elseif (address=my network) then send to my network;
elseif (address=my local) then send to my local interface;
else send to my gateway 192.168.0.2;
Iface : Interface to which packets for this route will be sent.
Setting Up Routing
The default gateway can be set using the route command using the command
line below
$ route add -net default gw 192.168.2.0 dev eth0 ( for a network)
OR
$ route add default gw 192.168.2.0 eth0 (for a machine )
To setup routing for more than 2 network interfaces, ie if you have both
eth0 as well as eth1, you may use the command lines below .
$ route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.2 dev eth0
$ route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3 dev eth1
Note that in the above example the network 192.168.2.0 uses the gateway
192.168.0.2 and 192.168.1.0 is configured to use the gateway 192.168.0.3
The flags above mean the following:
U - Route is up
H -Only a single host can be reached through the route. For example, this is the
case for the loopback entry 127.0.0.1.
G - Use gateway
Deleting a Route
A route can be removed from a network using the command line below
$ route del -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.2 eth0
For a standalone machine, it can be removed as
$ route del default gw 192.168.2.0 eth0

7.2.2.3). Network Monitoring/ Analysis Tools
1. Netstat :
Displays information about the systems currently active network

connections, including port connections, routing tables, and more.
*
To display the routing table, use the option
$ netstat â€“nr , netstat â€“r
n will show numerical addresses instead of symbolic hostnames
To get the list of programs or services listening on all the open ports on
the system along with their process id or program name, use the option
$ netstat â€“lpn
To display all connected sockets and the foreign Ips from which the
connection is coming from, use
$ netstat â€“an
Using the â€“a flag by itself will display all sockets from all families.
*
To see all connections from outside to httpd port 80, you may use
$ netstat â€“an | grep 80
To display the statistics for the network interfaces currently configured
$ netstat â€“i
2. Traceroute:
Used to determine the network route from your computer to some other
computer on your network or the internet.It can be used with the hostname or the
IP address.
$ traceroute 216.239.39.99
OR
$ traceroute google.com
Traceroute will list the series of hosts/gateways through which your

packets travel on their way to a given destination.
3. Ping
The IP protocol includes control messages called ICMP (Internet Control

Message Protocol) packets.
*
One type of ICMP packet is called an â€œecho request'' , and the IP rules
require its recipient to send back an â€œ echo replyâ€ .
*
These are incredibly useful because you can determine

o
whether the remote host is up and talking to the network,

o
the time required for a packet to make a round-trip to the host,

o
By sending a few dozen echo requests, what fraction of the packets
sent between the hosts get lost somewhere along the way.
The ping command sends echo requests to the host you specify on the
command line, and lists the responses received in their round trip time.
*
When you terminate ping (probably by hitting control-C) it summarizes the

results, giving the average round trip time and the percent packet loss.
*
This command is used constantly to determine whether there is a problem

with the network connection between two hosts.
*
The ping command can be called with the hostname or the IP address
$ ping google.com
$ ping 216.239.39.99
4. arp
The ARP (Address Resolution Protocol) table normally uses an automatic

mechanism to find what physical addresses go with which IP addresses. The arp
command displays this table, and can be used to modify it, though this necessity
is rare.
*
The commandline to display the arptable and a sample output is given

below.
$ arp -a
IP address HW type HW address
172.16.1.3 10Mbps Ethernet 00:00:C0:5A:42:C1
172.16.1.2 10Mbps Ethernet 00:00:C0:90:B3:42
172.16.2.4 10Mbps Ethernet 00:00:C0:04:69:AA
The arp -s command can be used to change the IP address of a device. The
syntax is:
$ arp -s ip_address ethernet_address

$ arp -s 220.0.0.182 00-40-af-36-0c-38
The column HW address is the Ethernet, or MAC, address. A typical Ethernet

address (also known as MAC address - Media Access Control) looks like this: aa-
bb-cc-dd-ee-ff where aa-bb-cc equals a number unique to the manufacturer and dd-
ee-ff equals a serial number.
5. tcpdump
Tcpdump is a command-line tool for monitoring network traffic.

*
Tcpdump can capture and display the packet headers on a particular network
interface or on all interfaces. Tcpdump can display all of the packet headers,
or just the ones that match particular criteria.
$ tcpdump
To print all packets arriving at or departing from the host educarma.com
$ tcpdump host educarma.com

7.2.2.4) Changing the System Hostname
Use the command hostname. Hostname is the program that is used to either
set or display the current host, domain or node name of the system. These names
are used by many of the networking programs to identify the machine.
$ hostname
To change the hostname, use any of the options below
$ echo â€œhostnameâ€ > /proc/sys/kernel/hostname
$ sysctl â€“w kernel.hostname=educarma.com
Sysctl is used to change kernel parameters at runtime. The parameters

available are those listed under /proc/sys/
*
To make the change in hostname permanent, the new hostname has to be added
to the file /etc/sysconfig/network using the entry below.
HOSTNAME=<new hostname>
7.2.2.5). Networking terms
ARP - Address resolution protocol. Used to translate hardware addresses

(ethernet ports) and IP addresses and vice versa. Uses broadcast messages for
resolution.
BOOTP - A protocol used to allow client computers to get their IP address from a
BOOTP server. DHCP supercedes, though does not replace this protocol.
DHCP - Dynamic Host Configuration Protocol, allows clients to get their IP

addresses from a DHCP server. This system "leases" IP addresses to clients for
limited periods of time. If the client has not used their IP address within the
lease time, the IP address is free for re-assignment.
ICMP - Internet Control Message Protocol. Part of the IP layer. Communicates

error messages and other messages that require attention.
IGMP - Internet Group Management Protocol. Protocol used to manage multicasting

through routers.
IP - Three kinds of IP addresses are unicast, broadcast and multicast.
MBONE - Used to refer to a network that supports multicasting.
NIS - Network information service, is a name service created by Sun

Microsystems.
NFS - Network file sharing, allows two Unix style computers to mount and access
part or all of a file system on a remote computer.
OSPF - Open Shortest Path First dynamic routing protocol intended as a

replacement for RIP.
PPP - Point to point protocol is a serial protocol commonly used to connect

using a modem to the internet
RARP - Reverse ARP, used for clients to determine their IP addresses.
RIP - Routing Information Protocol, used by almost all TCP/IP implementation to

perform dynamic routing.
RPC - Remote procedure call is a set of function calls used by a client program
to call functions in a remote server program.
SLIP - Serial line internet protocol
SMTP - Simple mail transport protocol, commonly uset as the mail message
transport protocol.
SNMP - Simple network management protocol.
UDP - User Datagram Protocol, a transport layer protocol
UUCP - Unix to Unix copy is a protocol that allows Unix computers to exchange
files.
7.2.3. Packet Filtering Using Iptables
*
Iptable is a tool for packet filtering â€“ the process of controlling

network packets as they enter, move through and exit the network stack within
the kernel.
*
Pre 2.4 kernels relied on ipchains. It is part of the kernelspace

netfilter project.
*
Using Linux and iptables / ipchains one can configure a gateway which will
allow all computers on a private network to connect to the internet via the
gateway and one external IP address, using a technology called "Network Address
Translation" (NAT) or masquerading.
*
Iptables/ipchains can also be configured so that the Linux computer acts

as a firewall, providing protection to the internal network.
7.2.3.1). Network Address Translation (NAT)
An individual on a computer on the private network may point their web

browser to a site on the internet. This request is recognized to be beyond the
local network so it is routed to the Linux gateway using the private network
address.
*
The request for the web page is sent to the web site using the external
internet IP address of the gateway.
*
The request is returned to the gateway which then translates the IP

address to computer on the private network which made the request. This is often
called IP masquerading.
*
The software interface which enables one to configure the kernel for
masquerading is iptables (Linux kernel 2.4) or ipchains (Linux kernel 2.2)
7.2.3.2). Packet filtering tables
The Linux kernel has the built-in ability to filter packets, allowing some of
them into the system while stopping others. The 2.4 kernel's netfilter has three
built-in tables or rules lists.
1.
Filter - The default table for handling network packets.

2.
Nat - Used to alter packets that create a new connection.Used for
Network Address Translation.
3.
Mangle - Used for specific types of packet alteration.
Each of these tables in turn has a group of built-in chains which

correspond to the actions performed on the packet by the netfilter. The built-in
chains of different tables are as shown below.
7.2.3.3). Built â€“In Chains for the different tables
Chains available in Filter table
INPUT â€” Applies to network packets that are targeted for the host.
OUTPUT â€” Applies to locally-generated network packets.
FORWARD â€” Applies to network packets routed through the host.
Chains available in NAT table
PREROUTING â€” Alters network packets when they arrive.
OUTPUT â€” Alters locally-generated network packets before they are sent out.
POSTROUTING â€” Alters network packets before they are sent out.
Chains available in Mangle table
INPUT â€” Alters network packets targeted for the host.
OUTPUT â€” Alters locally-generated network packets before they are sent out.
FORWARD â€” Alters network packets routed through the host.
PREROUTING â€” Alters incoming network packets before they are routed.
POSTROUTING â€” Alters network packets before they are sent out.
Every packet sent or received by a linux machine is subject to at least

one table. Once the incoming packet is found matching to a rule in the chain a
target, or action is performed on them.
7.2.3.4). Types of Targets
Target is the action or policy to be taken with the corresponding packet.
The types of targets which are available are :
ACCEPT - The packet skips the rest of the rule checks and is allowed to
continue to its destination
*
REJECT - If a rule specifies the optional REJECT target, the packet is

dropped, but an error packet is sent to the packet's originator.
*
DROP - Packet is refused access to the system and nothing is sent back to
the host that sent the packet
*
QUEUE â€“ The packet is passed to the user space where it can be
manipulated by the user programs.
*
RETURN - Handled by default targets

*
MARK - Used for error response.

*
MASQUERADE - Used with nat table and DHCP.

*
LOG - Log to file and specify error message.
Every chain has a default policy to ACCEPT, DROP, REJECT, or QUEUE. If none of
the rules in the chain apply to the packet, then the packet is dealt with in
accordance with the default policy.
7.2.3.5). The Iptables Commandline
Rules that allow packets to be filtered by the kernel are put in place by
running the iptables command
Command structure of Iptables
$ iptables [-t <table-name>] <command> <chain-name> <parameter-1> <option-1>

<parameter-n> <option-n>
*
<table name> - lets the user to select the table ie Filter, NAT or Mangle.
*
<command> - Commands tell iptables to perform a specific action on the

chosen table like Append, Check, Delete, Rename or Flush the table.
Commonly used Iptable commands
-A : Appends the iptables rule to the end of the specified chain. This is
the command used to simply add a rule when rule order in the chain does not
matter.
*
-C : Checks a particular rule before adding it to the user-specified

chain. This command can help you construct complicated iptables rules by
prompting you for additional parameters and options.
*
-D : Deletes a rule in a particular chain by number (such as 5 for the

fifth rule in a chain). You can also type the entire rule, and iptables will
delete the rule in the chain that matches it.
*
-E : Renames a user-defined chain. This does not affect the structure of

the table.
*
-F : Flushes the selected chain, which effectively deletes every rule in

the the chain. If no chain is specified, this command flushes every rule from
every chain.
*
-h : Provides a list of command structures, as well as a quick summary of

command parameters and options.
*
-I : Inserts a rule in a chain at a point specified by a user-defined

integer value. If no number is specified, iptables will place the command at the
top of the chain.
*
-L : Lists all of the rules in the chain specified after the command. To
list all rules in all chains in the default filter table, do not specify a chain
or table. Otherwise, the following syntax should be used to list the rules in a
specific chain in a particular table:
$ iptables -L <chain-name> -t <table-name>
$ iptables â€“L
*
-N : Creates a new chain with a user-specified name.
*
-P : Sets the default policy for a particular chain, so that when packets
traverse an entire chain without matching a rule, they will be sent on to a
particular target, such as ACCEPT or DROP.
*
-R : Replaces a rule in a particular chain. The rule's number must be

specified after the chain's name. The first rule in a chain corresponds to rule
number one.
*
-X : Deletes a user-specified chain. Deleting a built-in chain for any

table is not allowed.
*
-Z : Zeros the byte and packet counters in all chains for a particular
table.
<chain-name> - A name for the table which could be user defined.
<parameter-n> - Once certain iptables commands are specified, including those

used to add, append, delete, insert, or replace rules within a particular chain,
parameters are required to construct a packet filtering rule.
For example,
-c command resets the counters for a particular rule. This parameter

accepts the PKTS and BYTES options to specify what counter to reset.
*
-d : Sets the destination hostname, IP address, or network of a packet

that will match the rule.
When matching a network, the following IP address/netmask formats are supported:
N.N.N.N/M.M.M.M â€” Where N.N.N.N is the IP address range and

M.M.M.M is the netmask.
o
N.N.N.N/M â€” Where N.N.N.N is the IP address range and M is the

netmask.
o
-f â€” Applies this rule only to fragmented packets.

o
By using the ! option after this parameter, only unfragmented

packets will be matched.
*
-i : Sets the incoming network interface, such as eth0 or ppp0. With

iptables, this optional parameter may only be used with the INPUT and FORWARD
chains when used with the filter table and the PREROUTING chain with the nat and
mangle tables.
This parameter also supports the following special options:
! â€” Tells this parameter not to match, meaning that any specified
interfaces are specifically excluded from this rule.For eg: -i ! eth0, would
match all incoming interfaces, except eth0.
o
+ â€” A wildcard character used to match all interfaces which match

a particular string. For example, the parameter -i eth+ would apply this rule to
any Ethernet interfaces but exclude any other interfaces, such as ppp0.
o
If the -i parameter is used but no interface is specified, then

every interface is affected by the rule.
-j : Tells iptables to jump to a particular target when a packet matches a

particular rule. Valid targets to be used after the -j option include the
standard options, ACCEPT, DROP, QUEUE, and RETURN, as well as extended options
that are available through modules loaded by default with the Red Hat Linux
iptables RPM package, such as LOG, MARK, and REJECT, among others.
You may also direct a packet matching this rule to a user-defined chain outside
of the current chain so that other rules can be applied to the packet.
If no target is specified, the packet moves past the rule with no action taken.
However, the counter for this rule is still increased by one, as the packet
matched the specified rule.
-o : Sets the outgoing network interface for a rule and may only be used
with OUTPUT and FORWARD chains in the filter table, and the POSTROUTING chain in
the nat and mangle tables. This parameter's options are the same as those of the
incoming network interface parameter (-i).
*
-p : Sets the IP protocol for the rule, which can be either icmp, tcp,
udp, or all, to match every supported protocol. In addition, any protocols
listed in /etc/protocols may also be used. If this option is omitted when
creating a rule, the all option is the default.
*
-s : Sets the source for a particular packet using the same syntax as the
destination (-d) parameter. We could also invert the match with an !. If we
were, in other words, to use a match in the form of --source ! 192.168.0.0/24,
we would match all packets with a source address not coming from within the
192.168.0.x range.
Match Options
Different network protocols provide specialized matching options which may

be set in specific ways to match a particular packet using that protocol.
*
The protocol must first be specified in the iptables command, by using -p

tcp <protocol-name> (where <protocol-name> is the target protocol), to make the
options for that protocol available.
*
TCP Protocol â€“ TCP Protocol is specified using the option â€“p tcp and
the match options available for tcp is as shown below,
*
--dport : Sets the destination port for the packet. Use either a network
service name (such as www or smtp), port number, or range of port numbers to
configure this option. The --destination-port match option is synonymous with --
dport.
o
To specify a specific range of port numbers, separate the two

numbers with a colon (:), such as -p tcp --dport 3000:3200. The largest
acceptable valid range is 0:65535.
o
Use an exclamation point character (!) after the --dport option to

tell iptables to match all packets which do not use that network service or
port, such as -p tcp --dport ! 80.
--sport : Sets the source port of the packet using the same options as --
dport. The --source-port match option is synonymous with --sport.
*
--syn : Applies to all TCP packets designed to initiate communication,

commonly called SYN packets. Any packets that carry a data payload are not
touched. Placing an exclamation point character (!) as a flag after the --syn
option causes all non-SYN packets to be matched.
Eg : iptables -p tcp ! --syn
--tcp-flags â€” Allows TCP packets with specific bits, or flags, set to be
matched with a rule. The --tcp-flags match option accepts two parameters. The
first parameter is the mask, which sets the flags to be examined in the packet.
The second parameter refers to the flag that must be set in order to match.
The possible flags are: ACK , FIN , PSH, RST, SYN, URG , ALL, NONE
For example, an iptables rule which contains -p tcp --tcp-flags

ACK,FIN,SYN SYN will only match TCP packets that have the SYN flag set and the
ACK and FIN flags unset.
o
Using the exclamation point character (!) after --tcp-flags reverses

the effect of the match option.
o
For eg: iptables -p tcp --tcp-flags ! SYN,FIN,ACK
--tcp-option â€” Attempts to match with TCP-specific options that can be

set within a particular packet. This match option can also be reversed with the
exclamation point character (!). A TCP Option is a specific part of the header.
Target Options
Once a packet has matched a particular rule, the rule can direct the
packet to a number of different targets that decide its fate and, possibly, take
additional actions.
*
Each chain has a default target, which is used if none of the rules on
that chain match a packet or if none of the rules which match the packet specify
a target.
The following are the standard targets:
<user-defined-chain> : Replace <user-defined-chain> with the name of a

user-defined chain within the table. This target passes the packet to the target
chain.
*
ACCEPT â€” Allows the packet to successfully move on to its destination or

another chain.
*
DROP â€” Drops the packet without responding to the requester. The system
that sent the packet is not notified of the failure.
*
QUEUE â€” The packet is queued for handling by a user-space application.
*
RETURN â€” Stops checking the packet against rules in the current chain.
If the packet with a RETURN target matches a rule in a chain called from another
chain, the packet is returned to the first chain to resume rule checking where
it left off. If the RETURN rule is used on a built-in chain and the packet
cannot move up to its previous chain, the default target for the current chain
decides what action to take.
Rules created with the iptables command are stored in memory. If the system is
restarted after setting up iptables rules, they will be lost. In order for
netfilter rules to persist through system reboot, they need to be saved. To do
this, log in as root and type:
$ /sbin/service iptables save
The next time the system boots, the iptables init script will reapply the
rules saved in /etc/sysconfig/iptables by using the /sbin/iptables-restore
command.
*
The rules in the iptables can be seen by using
$ iptables â€“L
To flush all the rules in filter or nat tables, use
$ iptables --flush
$ iptables --table nat â€“flush
To stop/start/restart iptables
$ /etc/rc.d/init.d/iptables stop/start/restart
To delete all chains that are not in default filter and nat table.
$ iptables --delete-chain
$ iptables --table nat --delete-chain

*
To deny all connections from a specific host
$ iptables -I INPUT -s XXX.XXX.XXX.XXX -j DROP
For Debugging and Logging add the lines below to iptables and you can see
the messages in /var/log/messages.
$ iptables -A INPUT -j LOG --log-prefix "INPUT_DROP: "
$ iptables -A OUTPUT -j LOG --log-prefix "OUTPUT_DROP: "
To disallow access to port 80 from the IP address 212.160.2.4, you can use
$ iptables â€“A INPUT â€“p tcp â€“dp 80 â€“s 212.160.2.4 â€“j DROP
Here you are adding a rule to the INPUT chain which is dropping all packets to
port 80 on your machine from the IP address 212.160.2.4
To disallow access to the smtp server from the network 212.160.2.0, you
can use
$ iptables â€“A INPUT â€“p tcp â€“dp 25 â€“s 212.160.2.0/24 â€“j DROP
To disallow access to the smtp server from the network 212.160.0.0, you
can use
$ iptables â€“A INPUT â€“p tcp â€“dp 25 â€“s 212.160.0.0/16 â€“j DROP
The -d 0.0.0.0/0 refers to all or any destination address of packet.
*
To view the rules along with the rule numbers so that its easier to delete
a rule from the chain
$ iptables â€“L â€“line-numbers
To delete rule no 2 from the INPUT chain from the default filter table
$ iptables â€“D INPUT 1
To setup routing so that all packets from the network 192.168.10.0/24 is

altered to be routed from the public IP 202.15.20.198, use the commandline below
to add a rule to the POSTROUTING table
$ iptables â€“t NAT â€“A POSTROUTING â€“s 192.168.10.0/24 â€“j SNAT â€“to-source
202.15.20.198
SNAT or SOURCE NAT : stores internal IP in the NAT table and route to and
fro traffic to correct IP on the internal network.
7.3. Network Information Service (NIS)
The Network Information Service (NIS) provides a simple network lookup service
consisting of databases and processes. It was formerly known as Sun Yellow Pages
(YP).
Its purpose is to provide information, that has to be known throughout the

network, to all machines on the network. Information likely to be distributed by
NIS are:
Login names/passwords/home directories (/etc/passwd)

*
Group information (/etc/group)

*
Host names and IP numbers (/etc/hosts)

For example, if your password entry is recorded in the NIS password database,
you will be able to login on all machines on the net which have the NIS client
programs running.
7.3.1. NIS Maps
NIS client programs query the NIS servers for data which is stored in its
databases, which are known as maps.
NIS maps are stored in DBM format which is a binary format based on simple
ASCII files.
ASCII to DBM conversion can be done by using the makedbm command.
7.3.2. NIS Domain
An NIS domain refers to a group of systems in a network or subnet which use the
same NIS Map.
7.3.2.1). NIS Topologies used
1.
A single domain with a master server and one or more clients.
2.
A single domain with one master server, one or more slave NIS servers and
one or more clients.
3.
Multiple domains with its own master server, no slave servers and one or
more clients.
4.
Multiple domains with its own master server, its own slave servers and one
or more clients.
7.3.3. NIS Server Installation and Configuration
7.3.3.1). Installing the NIS Server utility
There are two NIS packages and the portmap server that needs to be
installed for the NIS server to work on a machine.
o
ypserv
o
yp-tools
o
portmap (if not already installed).
The NIS utilities â€“ ypserv and yp-tools can be found at,
Site Directory File Name
ftp.kernel.org /pub/linux/utils/net/NIS ypserv-2.9.tar.gz
ftp.kernel.org /pub/linux/utils/net/NIS yp-tools-2.9.tar.gz
Compile the NIS softwares ( ypserv and yp-tools) to generate the ypserv
and makedbm. Makedbm program converts the ascii format database files into dbm
format.
NIS server configuration involves the following steps,
1.
Setting up the NIS domain name.
2.
Configuring and starting the NIS server deamon ypserv

3.
Initializing the NIS Maps
4.
Starting the NIS password deamon
5.
Starting the NIS transfer deamon ( If you are using slave servers)
6.
Modifying the startup process to start the NIS deamon when the system
reboots.
7.3.3.2). Setting up the NIS domain name
To set up the NIS domain name, give the entry below at the shell prompt.
$ nisdomainname <domainname>
eg: $ nisdomainname carmatrain.com
Next reissue the nisdomainname command to confirm that the nis domain is
set. This is a temporary arrangement. To make this permanent, add the entry
NISDOMAIN=nisdomainname in the /etc/sysconfig/network file.
7.3.3.3). Configuring and starting the deamon ypserv
With the NIS domain name set you can start the NIS server deamon. The key
configuration files are,
1.
/var/yp/securenets
It contains the netmasks and the network number pairs that defines the list of
hosts permitted to access the NIS server.
255.255.255.0 192.168.0.0
2.
/etc/ypserv.conf ( Configuration for the primary NIS server deamon

and the NIS transfer deamon ypxfrd). It contains runtime configuration options
called option line, for ypserv, and host access information, called access
rules.
Default values in /etc/ypserv.conf is sufficient for most of the NIS server

configurations.
dns: no
*:shadow.byname:port:yes
*:passwd.adjunct.byname:port:yes
Entries in the file appear one per line. Each line is made up of colon
separated fields defining an option line or an access rule with the format,
Option:[yes/no]
Options can be either dns or xfr_check_port.
dns controls whether or not the NIS server performs a dns lookup for hosts
not listed in the host maps. The default is no.
xfr_check_port controls whether the ypserv runs on a port numbered less

than 1023, a so called privileged port. The default is yes.
Access rules have a slightly complicated format.

Host:map:security:mangle[:field]
Host â€“ the ip address to match. Wild cards are also allowed.
Map â€“ the name of a map to match for . l* for all the maps.
Security â€“ The type of security to use. Can be one of none, port, deny
or des.
none enables always access to hosts. Mangle the passwd field if so

configured, default is not.
o
Port enables access if the connection is coming from a privileged

port (<1024) . If mangle is set to yes, access is enabled, but the password
field is mangled. If mangle is set to no, access is denied.
o
Deny denies the matching host access to this map.

o
Des requires des authentication.
Mangle â€“ possible values are "yes" or "no". If "yes", the field entry
will be mangled. Mangling means that the field is replaced by 'x' if the port
check reveals the request originated from an unpriviliged port. If set to no,
field is not mangled if the requesting port is unprivileged.
Field â€“ the field number is the map to mangle. The default value if the
field is not specified is 2, which corresponds to the password field in
/etc/group, /etc/shadow, and /etc/passwd.
Access rules are tried in order, and all rules are evaluated. If no rule
matches a connecting host, access to the corresponding map is enabled.
*
For NIS to work, port mapper should be running. Port map translates the
RPC port numbers and program numbers to TCP/IP port numbers.
You can check the status of port map by running the command,
$ /sbin/service portmap status
Which should show an output like,
Portmap (pid 559) running â€¦.
If its not running you can start the same by issuing the command
$ /sbin/service portmap start
Once the portmap is started you can start the NIS server by issuing the command,
$ /sbin/service ypserv start
Once the ypserv daemon is started, the command
$ rpcinfo -u localhost ypserv
should given an output like below
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting
7.3.3.4). Initializing the NIS Maps
Now you need to generate the password database using ypinit, which would
generate the complete set of NIS maps and places them in the directory /var/yp
named by the nisdomain.
To generate the NIS database issue the command,

$ /usr/lib/yp/ypinit â€“m
The â€“m option is used to indicate that its creating maps for the master
server.
If you are using a slave server for redundancy then, make sure that ypwhich -m
works from each of them. This means, that your slave must be also configured as
NIS clients.
To create a slave server using the databases from the master server named
masterhost, use
/usr/lib/yp/ypinit -s masterhost
7.3.3.5). Starting the NIS Password Deamon
When new users are added or deleted the NIS clients and slaves should be
notified of this change. The deamon that handles this change is yppasswdd.
Yppasswdd handles password changes and updating other NIS information that
depends on user passwords.
This daemon runs only on the NIS master server.
To start this,
$ /sbin/service yppasswdd start
It runs only on the NIS master server.

7.3.3.6). Starting the Server Transfer deamon
Ypxfrd is used to speed up the transfer of large maps from the NIS master to the
slave servers.
$ /sbin/service ypxfrd start
7.3.3.7). Modifying the startup process to start NIS at Boot
*
Firstly, to permanently save the NIS domain name, add the line below to
/etc/sysconfig/network.
NISDOMAIN=carmatec.com
Run the GUI tool â€œserviceconfâ€ which is the RedHat service

configuration tool to configure the NIS daemons to start at boot time. After
starting serviceconf, goto Main Menu -->System Settings ïƒ Server Settings
ïƒ Server Settings ïƒ Services. Enable the checkbox for ypserv and yppasswdd
services.
7.3.4). Installing and Configuring the NIS Client
7.3.4.1). Installing the ypbind utility
The NIS client requires the ypbind package to be installed on it as well as the
portmapper server running.
The ypbind daemon binds NIS clients to an NIS domain. Ypbind must be
running on any machine running NIS client programs.
The ypbind software is also available from

http://ftp.kernel.org/pub/linux/utils/net/NIS/
Compile and install the software as per the instructions inside.
Install the portmapper package also if its not already installed on the
server.
After this, the NIS client needs to be configured , the steps for which
are given below:
1.
Set up the NIS domain name.
2.
Configure and start the NIS client deamon.

3.
Test the client deamon.

4.
Configure the client startup files to use NIS.

5.
Reboot the client.
7.3.4.2). Setting up the NIS domain name
Add the entry in the /etc/sysconfig/network file as NISDOMAIN=<nisdomainname>
For example, To set the NIS domain as carmatec.com, you may give
NISDOMAIN=carmatec.com
7.3.4.3). Configure and start the NIS client deamon
The NIS client deamon ypbind uses the configuration file /etc/yp.conf that
specifies which NIS serversâ€™ clients should use and how to locate them.
ypserver <nisserverip>
Valid entries are
domain NISDOMAIN server HOSTNAME : Use server HOSTNAME for the

domain NISDOMAIN.
domain NISDOMAIN broadcast : Use broadcast on the local net

for domain NISDOMAIN.
ypserver HOSTNAME : Use server HOSTNAME for the local domain.

The IP-address of server must be listed in /etc/hosts.
*
A sample entry can be
ypserver 192.168.0.2
OR
domain educarma.com server 192.168.0.2
The same thing above can also be done using a GUI tool called authconfig.
Now start the NIS client by issuing the command,
$ /sbin/service ypbind start

7.3.4.4). Test the Client daemon
The commandline below using rpcinfo will let you confirm that ypbind was
able to register its service with the portmapper.
$ rpcinfo â€“u 192.168.0.2 ypbind
The commandline below can be used to check if the portmapper is running
$ rpcinfo â€“p 192.168.0.2
Now edit /etc/host.conf file to use NIS for password lookup, ie change the
order to the entry below
order hosts,nis,bind
The configuration above means that the nameservice lookups will first
query /etc/hosts, then NIS and then user BIND, the nameserver.
*
Lastly, edit the /etc/nssswitch.conf and add the entries shown below if
not already present.
passwd: files nis
shadow: files nis
group: files nis
hosts: files nis
7.3.4.5). Configuring the NIS Client startup files
After configuring the NIS server, you need to make sure that the client
daemon ypbind starts and stops when the system starts and stops.
*
This can be done by checking the daemon â€˜ypbindâ€™ in the Service

Configuration Tool which can opened using the command â€œserviceconfâ€
$ serviceconf
Save the changes after checking ypbind and NIS Client services will be up
and running after a system reboot.
*
Reboot the server to make sure the NIS Client daemon starts.
7.3.4.6). NIS Configuration Files/Commands
NIS File/Command
Description/Usage
ypwhich
Displays the name of the master NIS server
$ ypwhich
ypcat
Prints the entries in an NIS database
$ ypcat â€“x (To check options)
$ ypcat passwd ( To see entries from the map â€œpasswd.bynameâ€ )
yppasswd
Changes user passwords and info on the NIS server
$ yppasswd carma
yppoll
Displays the server and version no of an NIS map
$ yppoll -h 192.168.0.2 passwd.byname
ypmatch
Prints the value of one or more entries in an NIS map
/etc/yp.conf
Configures the NIS client bindings
/etc/nsswitch.conf
Configures the system name database lookup
/etc/host.conf
Configures host name resolution
7.3.5. More about NIS
Within a network which has NIS setup, there must be at least one machine
acting as a NIS server.
*
You can have multiple NIS servers, each serving different NIS "domains" -
or you can have co operating NIS servers, where one is the master NIS server,
and all the other are so-called slave NIS servers (for a certain NIS "domain",
that is!) - Or you can have a mix of them.
To have the NIS work you need to run the program portmap which is
available at /sbin/portmap.
Portmap is a program which converts RPC port numbers to TCP/IP port

numbers. To make RPC calls you need to have Portmap running, which is a pre
requisite for the NIS clients and servers to work as they rely on RPC method of
communication.
When an RPC server is started, it will tell portmap what port number it is
listening to, and what RPC program numbers it is prepared to serve.
When a client wishes to make an RPC call to a given program number, it

will first contact portmap on the server machine to determine the port number
where RPC packets should be sent.
7.4. Network File Systems (NFS)
The Network File System (NFS) was developed to allow machines to mount a disk
partition on a remote machine as if it were on a local hard drive.
This allows for fast, seamless sharing of files across a network.
There are three main configuration files you will need to edit to set up
an NFS server:
1.
/etc/exports
2.
/etc/hosts.allow
3.
/etc/hosts.deny
7.4.1. Main Configuration Files

7.4.1.1). /etc/exports file
/etc/exports file contains a list of entries, each entry indicates a volume that
is shared and how its shared.
An entry in /etc/exports will typically look like this:
directory machine1(option11,option12) machine2(option21,option22)]
where
directory
the directory that you want to share. It may be an entire volume though it need
not be. If you share a directory, then all directories under it within the same
file system will be shared as well.
machine1 and machine2
client machines that will have access to the directory. The machines may be
listed by their DNS address or their IP address (e.g., machine.company.com or
192.168.0.8). Using IP addresses is more reliable and more secure.
optionxx
The option listing for each machine will describe what kind of access that
machine will have. Important options are:
ro: The directory is shared read only; the client machine will not be able
to write to it. This is the default.
rw: The client machine will have read and write access to the directory.
*
no_root_squash: By default, any file request made by user root on the

client machine is treated as if it is made by user nobody on the server.
Exactly which UID the request is mapped to depends on the UID of user
"nobody" on the server, not the client.
*
If no_root_squash is selected, then root on the client machine will have
the same level of access to the files on the system as root on the server.
*
This can have serious security implications, although it may be necessary

if you want to perform any administrative work on the client machine that
involves the exported directories. You should not specify this option without a
good reason.
no_subtree_check: If only part of a volume is exported, a routine called

subtree checking verifies that a file that is requested from the client is in
the appropriate part of the volume. If the entire volume is exported, disabling
this check will speed up transfers.
sync: By default, all but the most recent version (version 1.11) of the
exportfs command will use async behavior, telling a client machine that a file
write is complete - that is, it has been written to stable storage - when NFS
has finished handing the write over to the file system. This behavior may cause
data corruption if the server reboots, and the sync option prevents this.
Eg entry:
/var/tmp 192.168.0.3(async,w)
7.4.1.2). /etc/hosts.allow and /etc/hosts.deny
These two files specify which computers on the network can use services on your
machine. Each line of the file contains a single entry listing a service and a
set of machines. When the server gets a request from a machine, it does the
following:
It first checks /etc/hosts.allow to see if the machine matches a

description listed in there. If it does, then the machine is allowed access.
*
If the machine does not match an entry in hosts.allow, the server then
checks hosts.deny to see if the client matches a listing in there. If it does
then the machine is denied access.
*
If the client matches no listings in either file, then it is allowed

access.
Configuring /etc/hosts.allow and /etc/hosts.deny for NFS security
In addition to controlling access to services handled by inetd (such as

telnet and FTP), this file can also control access to NFS by restricting
connections to the daemons that provide NFS services. Restrictions are done on a
per-service basis.
The first daemon to restrict access to is the portmapper. This daemon

essentially just tells requesting clients how to find all the NFS services on
the system.
Restricting access to the portmapper is the best defense against someone

breaking into your system through NFS because completely unauthorized clients
won't know where to find the NFS daemons.
However, there are two things to watch out for. First, restricting
portmapper isn't enough if the intruder already knows for some reason how to
find those daemons. And second, if you are running NIS, restricting portmapper
will also restrict requests to NIS. In general it is a good idea with NFS (as
with most internet services) to explicitly deny access to IP addresses that you
don't need to allow access to.
The first step in doing this is to add the followng entry to

/etc/hosts.deny:
portmap:ALL
If you have a newer version of nfs-utils, add entries for each of the NFS
daemons in hosts.deny:
lockd:ALL
mountd:ALL
rquotad:ALL
statd:ALL
Some sys admins choose to put the entry ALL:ALL in the file
/etc/hosts.deny, which causes any service that looks at these files to deny
access to all hosts unless it is explicitly allowed.
*
Next, we need to add an entry to hosts.allow to give any hosts access that
we want to have access. (If we just leave the above lines in hosts.deny then
nobody will have access to NFS.) Entries in hosts.allow follow the format
service: host [or network/netmask] , host [or network/netmask]
Here, host is IP address of a potential client; it may be possible in some

versions to use the DNS name of the host, but it is strongly discouraged.
Suppose we have the setup above and we just want to allow access to
192.168.0.1 and 192.168.0.2, respectively. We could add the following entry to
/etc/hosts.allow:
portmap: 192.168.0.1 , 192.168.0.2
For recent nfs-utils versions, we would also add the following (again,
these entries are harmless even if they are not supported):
lockd: 192.168.0.1 , 192.168.0.2
rquotad: 192.168.0.1 , 192.168.0.2
mountd: 192.168.0.1 , 192.168.0.2
statd: 192.168.0.1 , 192.168.0.2
If you intend to run NFS on a large number of machines in a local network,

/etc/hosts.allow also allows for network/netmask style entries in the same
manner as /etc/exports above.
7.4.2. NFS Server Setup

7.4.2.1). Pre-requisites
The NFS server should now be configured and firstly, you will need to have the
appropriate packages installed. This consists mainly a kernel which supports NFS
and the nfs-utils package.
NFS depends on the portmapper daemon, either called portmap or

rpc.portmap. It will need to be started using
$ /sbin/service portmap start
*
Most recent Linux distributions start this daemon in the boot scripts, but
it is worth making sure that it is running before you begin working with NFS
using
$ /sbin/service portmap status
7.4.2.2). The NFS Daemons and starting them
Providing NFS services requires the service of six daemons.
1.
portmap : Enables NFS clients to discover the NFS services available on a

given NFS server.
2.
nfsd : Provides all NFS services except file locking and quota management.
3.
lockd : Starts the kernels NFS lock manager

4.
statd : Implements NFS lock recovery when an NFS server system crashes
5.
rquotad : Handles user file quotas on exported volumes to NFS clients.

6.
mountd : Processes NFS client mount requests
The daemons are all part of the nfs-utils package, and may be either in
the /sbin directory or the /usr/sbin directory.
*
If your distribution does not include them in the startup scripts, then ,
you should add them and configure it to start in the following order:
1.
portmap
2.
nfsd
3.
mountd
4.
statd
5.
rquotad ( if necessary)
lockd is started by nfsd on an as-needed basis so there is no need to

invoke it manually.
*
The nfs-utils package has a sample startup script for RedHat and the
script will take care of starting all the NFS server daemons for you except the
portmapper.
$ /etc/rc.d/init.d/nfs start/stop/status/restart
Hence if you need to restart nfs manually, the order to do so is
$ /etc/rc.d/init.d/portmap start
$ /etc/rc.d/init.d/nfs start
$ /etc/rc.d/init.d/nfslock start
7.4.2.3). Verifying that NFS is running
To do this, query the portmapper with the command rpcinfo -p to find out what
services it is providing. You should get something like this:
$ rpcinfo â€“p portmapper
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100011 1 udp 749 rquotad
100005 1 udp 759 mountd
100005 1 tcp 761 mountd
100005 2 udp 764 mountd
100005 2 tcp 766 mountd
100005 3 udp 769 mountd

100005 3 tcp 771 mountd
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
300019 1 tcp 830 amd
300019 1 udp 831 amd
100024 1 udp 944 status
100024 1 tcp 946 status
100021 1 udp 1042 nlockmgr
100021 1 tcp 1629 nlockmgr
.name for lockd) versions 1, 3, and 4. There are also different service
listings depending on whether NFS is travelling over TCP or UDP.
*
If you do not at least see a line that says portmapper, a line that says
nfs, and a line that says mountd then you will need to backtrack and try again
to start up the server.
*
If you do see these services listed, then you should be ready to set up
NFS clients to access files from your server.
7.4.2.4). Making changes to /etc/exports later on
If you come back and change your /etc/exports file, the changes you make
may not take effect immediately.
*
You should therefore run the command exportfs -ra to force nfsd to re-read
the /etc/exports file. If you can't find the exportfs command, then you can
kill nfsd and restart it.
*
Exportfs command will also let you manipulate the list of available
exports or list the currently exported file systems
$ exportfs â€“v // List currently exported file systems
$ exportfs â€“v â€“u 192.168.0.4:/home //Remove an exported file system
7.4.3. Setting up an NFS Client
7.4.3.1). Mounting remote directories
Firstly, the kernel on the client machine needs to be compiled with NFS
support.
*
The portmapper should be running on the client machine machine, and to use
NFS file locking, you also need statd and lockd running on both the client and
the server.
*
With portmap, lockd, and statd running, you should now be able to mount
the remote directory from your server just the way you mount a local hard drive,
with the mount command.
*
Suppose our NFS server is called master.carma.com,and we want to mount the

/home directory on slave.carma.com, use the command line below for mounting on
slave.carma.com.
$ mount â€“t nfs master.carma.com:/home /home1 OR
$ mount -t nfs 192.168.0.2:/home /home1 â€“o â€“rw,soft
And the directory /home on master will appear as the directory /home1 on
slave.carma.com. Note that this assumes we have created the directory /home1 as
an empty mount point beforehand on slave.carma.com
*
You can get rid of the file system mounted via nfs using just like you
would for a local file system.
$ umount /home1
7.4.3.2). Getting NFS File Systems to Be Mounted at Boot Time
NFS file systems can be added to your /etc/fstab file the same way local
file systems can, so that they mount when your system starts up.
*
The only difference is that the file system type will be set to nfs and
the dump and fsck order (the last two entries) will have to be set to zero. So
for our example above, the entry in /etc/fstab would look like:
device mountpoint fs-type options dump fsckorder
master.carma.com:/home /home1 nfs rw 0 0
7.4.3.3). Options for Mounting
Soft vs. Hard Mounting
There are some options which govern the way the NFS client handles a server
crash or network outage. One of the cool things about NFS is that it can handle
this gracefully if you set up the clients right. There are two distinct failure
modes:
soft
If a file request fails, the NFS client will report an error to the process on
the client machine requesting the file access.
hard
The program accessing a file on a NFS mounted file system will hang when the
server crashes. The process cannot be interrupted or killed (except by a "sure
kill") unless you also specify intr. When the NFS server is back online the
program will continue undisturbed from where it was. We recommend using
hard,intr on all NFS mounted file systems.
Picking up from previous example, the fstab entry would now look like:
device mountpoint fs-type options dump fsckord
...
master.carma.com:/home /home1 nfs rw,hard,intr 0 0
...
Setting Block Size to Optimize Transfer Speeds
The rsize and wsize mount options specify the size of the chunks of data
that the client and server pass back and forth to each other.
*
rsize=n will set the NFS read buffer size to n bytes ( default is 4096)
*
wsize=n will set the NFS write buffer size to n bytes ( â€œ )
*
While mounting manually, the mount options can be specified as below
$ mount â€“t nfs 192.168.0.2:/home /home1 â€“o rsize=8292, wsize=8192,

hard,intr,nolock
intr will allow signals such as Ctrl-C to interrupt a failed NFS file
operation if the file system is mounted with the hard option and hence its used
with the hard option.
*
nolock disables NFS locking and stops the statd and lockd daemons and lock
will enable it.
7.4.4. Using Automount services (Autofs)
The easiest way for client systems to mount NFS exports is to use autofs,
which automatically mounts file systems not already mounted when the file system
is first accessed.
*
Autofs uses the automated daemon to mount and unmount file systems that
automount has been configured to control.
*
The automount daemons automatically mounts filesystems and unmounts them

after a period of inactivity thereby saving a lot of resources.
*
For autofs to work, you need the kernel support for autofs and the autofs
package installed on the system.
7.4.4.1). Autofs Setup
Autofs uses a set of map files to control automounting and a master map
file which is called /etc/auto.master which assosciates mount points with
secondary map files that control the file systems mounted under the
corresponding mount points.
*
For example, consider the following /etc/auto.master config file:

/home /etc/auto.home
/var /etc/auto.var â€“timeout 600
This file assosciates the secondary map file /etc/auto.home with the mount
point /home and the map file /etc/auto.var with the /var mount point.
*
Thus, auto.home defines filesystems mounted under /home and auto.var

defines file systems mounted under /var.
*
Hence each file in the master map file has 3 fields : mountpoint, full
path to secondary map file and options that control the behaviour of the
automount daemon which is optional.
*
Here , --timeout=600 means after every 600 secs/10 mins of inactivity, the
/var mount point will be unmounted automatically.
The Secondary Map Files
The secondary map file has the general syntax below:
localdir [-options] remotefs
localdir refers to the directory beneath the mount point where the NFS
mount will be mounted.
*
remotefs is the host and pathname of the NFS mount

*
options can be anything like rw,ro,soft,hard,intr,rsize,wsize etc
Consider a sample auto.home file which is used to mount /home from the host
192.168.0.2
carma -rw,hard,intr 192.168.0.2:/home/carma
If /home/carma exist on the local system, itâ€™ll be temporarily replaced

by the contents of the NFS mount.
If the entire /home directory needs to be mounted from the NFS server, it can be
done using some wild card characters as below.
* -rw,hard,intr 192.168.0.2:/home/&
The above line states that any directory a user tries to access
under the local /home directory (due to the asterisk character) should result in
an NFS mount on the 192.168.0.2 system within its exported /home filesystem.
7.4.4.2). Starting and Stopping Autofs
The Autofs service can be started by the root user using
$ /sbin/service autofs start
To check the status of autofs, use the option
$ /sbin/service autofs status
After changing a map file, the configuration can be reloaded using
$ /sbin/service autofs reload

7.5. TCP Wrappers and Xinetd Services
TCP wrappers provide access control to a variety of services. Most modern

network services, such as SSH, Telnet, and FTP, make use of TCP wrappers, which
stands guard between an incoming request and the requested service.
The benefits offered by TCP wrappers are enhanced when used in conjunction with
xinetd, a super service that provides
additional access
*
logging
*
binding
*
redirection, and
*
resource utilization control.
7.5.1. TCP Wrappers
The TCP wrappers package (tcp_wrappers) is installed by default under Red

Hat Linux and provides host-based access control to network services.
The most important component within the package is the /usr/lib/libwrap.a

library. In general terms, a TCP wrapped service is one that has been compiled
against the libwrap.a library.
When a connection attempt is made to a TCP wrapped service, the service

first references the hosts access files (/etc/hosts.allow and /etc/hosts.deny)
to determine whether or not the client host is allowed to connect.
It then uses the syslog daemon (syslogd) to write the name of the
requesting host and the requested service to /var/log/messages.
If a client host is allowed to connect, TCP wrappers release control of

the connection to the requested service and do not interfere further with
communication between the client host and the server.
In addition to access control and logging, TCP wrappers can activate

commands to interact with the client before denying or releasing control of the
connection to the requested network service.
*
Because TCP wrappers are a valuable addition to any server administrator's
arsenal of security tools, most network services within Red Hat Linux are linked
against the libwrap.a library.
Some such applications include /usr/sbin/sshd, /usr/sbin/sendmail, and

/usr/sbin/xinetd.
7.5.1.1). Advantages of TCP Wrappers
TCP wrappers provide the following advantages over other network service control
techniques:
1.
Transparency to both the client host and the wrapped network

service. Both the connecting client and the wrapped network service are unaware
that TCP wrappers are in use. Legitimate users are logged and connected to the
requested service while connections from banned clients fail.
2.
Centralized management of multiple protocols. â€” TCP wrappers

operate separately from the network services they protect, allowing many server
applications to share a common set of configuration files for simpler
management.
7.5.1.2). TCP Wrappers Configuration Files
To determine if a client machine is allowed to connect to a service, TCP

wrappers reference the following two files, which are commonly referred to as
hosts access files:
1. /etc/hosts.allow
2. /etc/hosts.deny
When a client request is received by a TCP wrapped service, it takes the

following basic steps:
The service references /etc/hosts.allow. â€” The TCP wrapped service

sequentially parses the /etc/hosts.allow file and applies the first rule
specified for that service. If it finds a matching rule, it allows the
connection. If not, it moves on to step 2.
The service references /etc/hosts.deny. â€” The TCP wrapped service

sequentially parses the /etc/hosts.deny file. If it finds a matching rule is
denies the connection. If not, access to the service is granted.
The following are important points to consider when using TCP wrappers to
protect network services:
Because access rules in hosts.allow are applied first, they take

precedence over rules specified in hosts.deny.
Therefore, if access to a service is allowed in hosts.allow, a rule

denying access to that same service in hosts.deny is ignored.
Since the rules in each file are read from the top down and the first
matching rule for a given service is the only one applied, the order of the
rules is extremely important.
If no rules for the service are found in either file, or if neither file
exists, access to the service is granted.
TCP wrapped services do not cache the rules from the hosts access files,
so any changes to hosts.allow or hosts.deny take effect immediately without
restarting network services.
Formatting Access Rules
The format for both /etc/hosts.allow and /etc/hosts.deny are identical.
*
Any blank lines or lines that start with a hash mark (#) are ignored, and
each rule must be on its own line.
Each rule uses the following basic format to control access to network
services:
<daemon list>: <client list> [: <option>: <option>: ...]
A sample rule is given below which intsructs TCP wrappers to watch for
connections to the FTP daemon (vsftpd) from any host in the example.com domain.
If this rule appears in hosts.allow, the connection will be accepted. If

this rule appears in hosts.deny, the connection will be rejected.
vsftpd : .example.com
Placing a period at the beginning of a hostname, matches all hosts sharing

the listed components of the name.
The next sample hosts access rule is more complex and uses two option
fields:
sshd : .example.com \
: spawn /bin/echo `/bin/date` access denied>>/var/log/sshd.log \
: deny
*
This sample rule states that if a connection to the SSH daemon (sshd) is
attempted from a host in the example.com domain, execute the echo command (which
will log the attempt to a special file), and deny the connection.
Because the optional deny directive is used, this line will deny access
even if it appears in the hosts.allow file.
Note that in this example that each option field is preceded by the
backslash (\). Use of the backslash prevents failure of the rule due to length.
Placing a period at the end of an IP address matches all hosts sharing the
initial numeric groups of an IP address. The following example would apply to
any host within the 192.168.x.x network:
ALL â€” Matches everything. It can be used for both the daemon list and
the client list.
ALL : 192.168.
OR
ALL : 192.168.0.0/255.255.254.0
The following two rules allow SSH connections from client-1.example.com,

but deny connections from client-2.example.com:
sshd : client-1.example.com : allow
sshd : client-2.example.com : deny
7.5.2. Xinetd
*
The xinetd daemon is a TCP wrapped super service which controls access to
a subset of popular network services including FTP, IMAP, and Telnet.
It also provides service-specific configuration options for access

control, enhanced logging, binding, redirection, and resource utilization
control.
When a client host attempts to connect to a network service controlled by

xinetd, the super service receives the request and checks for any TCP wrappers
access control rules.
If access is allowed, xinetd verifies if the connection is allowed under

its own access rules for that service and that the service is not consuming more
than its alloted amount of resources or in breach of any defined rules.
It then starts an instance of the requested service and passes control of

the connection to it. Once the connection is established, xinetd does not
interfere further with communication between the client host and the server.
The configuration files for xinetd are as follows:
1.
/etc/xinetd.conf â€” The global xinetd configuration file.
2.
/etc/xinetd.d/ directory â€” The directory containing all

service-specific files.
7.5.2.1). /etc/xinetd.conf
The /etc/xinetd.conf contains general configuration settings which effect

every service under xinetd's control.
*
It is read once when the xinetd service is started, so in order for

configuration changes to take effect, the administrator must restart the xinetd
service. Below is a sample /etc/xinetd.conf file:
defaults
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
includedir /etc/xinetd.d
These lines control various aspects of xinetd as below:
instances â€” Sets the maximum number of requests xinetd can handle at
once.
log_type â€” Configures xinetd to use the authpriv log facility, which
writes log entries to the /var/log/secure file. Adding a directive such as FILE
/var/log/xinetdlog here would create a custom log file called xinetdlog in the
/var/log/ directory.
log_on_success â€” Configures xinetd to log if the connection is

successful. By default, the remote host's IP address and the process ID of
server processing the request are recorded.
log_on_failure â€” Configures xinetd to log if there is a connection

failure or if the connection is not allowed.
*
cps â€” Configures xinetd to allow no more than 25 connections per second
to any given service. If this limit is reached, the service is retired for 30
seconds.
includedir /etc/xinetd.d/ â€” Includes options declared in the service-

specific configuration files located in the /etc/xinetd.d/ directory.
7.5.2.2). The /etc/xinetd.d/ Directory
The files in the /etc/xinetd.d/ directory contains the configuration files

for each service managed by xinetd and the names of the files correlate to the
service.
As with xinetd.conf, this file is read only when the xinetd service is
started. In order for any changes to take effect, the administrator must restart
the xinetd service.
The format of files in the /etc/xinetd.d/ directory use the same

conventions as /etc/xinetd.conf.
The primary reason the configuration for each service is stored in

separate file is to make customization easier and less likely to effect other
services.
To get an idea of how these files are structured, consider the

/etc/xinetd.d/telnet file for the telnet service:
service telnet
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
These lines control various aspects of the telnet service:
service â€” Defines the service name, usually to match a service listed in
the /etc/services file.
flags â€” Sets any of a number of attributes for the connection. REUSE
instructs xinetd to reuse the socket for a Telnet connection.
socket_type â€” Sets the network socket type to stream.
wait â€” Defines whether the service is single-threaded (yes) or multi-

threaded (no).
user â€” Defines what user ID the process will run under.
server â€” Defines the binary executable to be launched.
log_on_failure â€” Defines logging parameters for log_on_failure in

addition to those already defined in xinetd.conf.
*
disable â€” Defines whether or not the service is active.
7.5.2.3). Access Control Options
Users of xinetd services can choose to use the TCP wrappers hosts access
rules, provide access control via the xinetd configuration files, or a mixture
of both.
The xinetd hosts access control differs from the method used by TCP
wrappers. While TCP wrappers places all of the access configuration within two
files, /etc/hosts.allow and /etc/hosts.deny, each service's file in
/etc/xinetd.d can contain its own access control rules.
The following hosts access options are supported by xinetd:
only_from â€” Allows only the specified hosts to use the service.
no_access â€” Blocks listed hosts from using the service.
access_times â€” Specifies the time range when a particular service

may be used. The time range must be stated in 24-hour format notation, HH:MM-
HH:MM.
The only_from and no_access options can use a list of IP addresses or host
names, or can specify an entire network.
Like TCP wrappers, combining xinetd access control with the enhanced
logging configuration can enhance security by blocking requests from banned
hosts while verbosely record each connection attempt.
*
For example, the following /etc/xinetd.d/telnet file can be used to block

telnet access from a particular network group and restrict the overall time
range that even allowed users can log in:
service telnet
disable = no
flags = REUSE
wait = no
user = root
no_access = 10.0.1.0/24
log_on_success += PID HOST EXIT
access_times = 09:45-16:15
In this example, when client system from the 10.0.1.0/24 network, such as
10.0.1.2, tries accessing the Telnet service, it will receive a message stating
the following message:
Connection closed by foreign host.
In addition, their login attempt is logged in /var/log/secure as follows:
May 15 17:38:49 boo xinetd[16252]: START: telnet pid=16256 from=10.0.1.2
May 15 17:38:49 boo xinetd[16256]: FAIL: telnet address from=10.0.1.2

May 15 17:38:49 boo xinetd[16252]: EXIT: telnet status=0 pid=16256
When using TCP wrappers in conjunction with xinetd access controls, it is

important to understand the relationship between the two access control
mechanisms.
The following is the order of operations followed by xinetd when client

requests a connection:
1.
The xinetd daemon accesses the TCP wrappers hosts access

rules through a libwrap.a library call. If a deny rule matches the client host,
the connection is dropped. If an allow rule matches the client host, the
connection is passed on to xinetd.
2.
The xinetd daemon checks its own access control rules

both for the xinetd service and the requested service. If a deny rule matches
the client host the connection is dropped. Otherwise, xinetd starts an instance
of the requested service and passes control of the connection to it.
7.5.2.4). Logging Options
The following logging options are available for both /etc/xinetd.conf and the
service-specific configuration files in the /etc/xinetd.d/ directory.
Below is a list of some of the more commonly used logging options:
ATTEMPT â€” Logs the fact that a failed attempt was made (log_on_failure).
DURATION â€” Logs the length of time the service is used by a remote
system (log_on_success).
*
EXIT â€” Logs the exit status or termination signal of the service
(log_on_success).
HOST â€” Logs the remote host's IP address (log_on_failure and

log_on_success).
PID â€” Logs the process ID of the server receiving the request
(log_on_success).
RECORD â€” Records information about the remote system in the case the
service cannot be started. Only particular services, such as login and finger,
may use this option (log_on_failure).
USERID â€” Logs the remote user using the method defined in RFC 1413 for
all multi-threaded stream services (log_on_failure and log_on_success).
7.5.2.5). Binding and Redirection Options
The service configuration files for xinetd support binding the service to
an IP address and redirecting incoming requests for that service to another IP
address, hostname, or port.
Binding is controlled with the bind option in the service-specific

configuration files and links the service to one IP address on the system.
Once configured, the bind option only allows requests for the proper IP
address to access the service. This way different services can be bound to
different network interfaces based on need.
This is particularly useful for systems with multiple network adapters or

with multiple IP addresses configured. On such a system, insecure services, like
Telnet, can be configured to listen only on the interface connected to a private
network and not to the interface connected with the Internet.
The redirect option accepts an IP address or hostname followed by a port

number.
It configures the service to redirect any requests for this service to the
specified host and port number.
This feature can be used to
point to another port number on the same system.

o
redirect the request to different IP address on the same machine.

o
shift the request to a totally different system and port number, or

any combination of these options.
o
In this way, a user connecting to certain service on a system may be

rerouted to another system with no disruption.
The xinetd daemon is able to accomplish this redirection by spawning a

process that stays alive for the duration of the connection between the
requesting client machine and the host actually providing the service,
transferring data between the two systems.
But the advantages of the bind and redirect options are most clearly
evident when they are used together. By binding a service to a particular IP
address on a system and then redirecting requests for this service to a second
machine that only the first machine can see, an internal system can be used to
provide services for a totally different network.
*
For example, consider a system that is used as a firewall with this
setting for its Telnet service:
service telnet
wait = no
log_on_success += DURATION USERID
bind = 123.123.123.123
redirect = 10.0.1.13 21 23
The bind and redirect options in this file ensures that the Telnet service
on the machine is bound to the external IP address (123.123.123.123), the one
facing the Internet.
In addition, any requests for Telnet service sent to 123.123.123.123 are

redirected via a second network adapter to an internal IP address (10.0.1.13)
that only the firewall and internal systems can access.
The firewall then send the communication between the two systems, and the
connecting system thinks it is connected to 123.123.123.123 when it is actually
connected to a different machine.
This feature is particularly useful for users with broadband connections

and only one fixed IP address.
*
When using Network Address Translation (NAT), the systems behind the
gateway machine, which are using internal-only IP addresses, are not available
from outside the gateway system.
However, when certain services controlled by xinetd are configured with

the bind and redirect options, the gateway machine can act as a type of proxy
between outside systems and a particular internal machine configured to provide
the service.
In addition, the various xinetd access control and logging options are
also available for additional protection, such as limiting the number of
simultaneous connections for the redirected service.
8. SHELL SCRIPTING
A shell script is a series of commands written in plain text files. Somes of its
uses are:
Shell script can take input from user or file and output them on screen.
*
Useful to create your own commands.

*
Save lots of time.

*
To automate some task of day today life.For eg: To be set inside the cron
daemon.
*
System Administration part can be also automated using shell scripts.
8.1. Shell Scripting Basics
The shell that is normally used is the Bash Shell .

*
After writing shell script , set execute permission for your script as
follows
$ chmod +x your-script-name
$ chmod 755 your-script-name
Execute your script using any of the options below:
$ bash your-script-name
$ sh your-script-name
$ ./your-script-name
Use any editor like vi to write shell script.

*
For shell script file try to give file extension such as .sh, which can be
easily identified by you as a shell script.
*
A sample script is given below which will print user information about who
is currently logged in , current date & time etc.
$ vi userinfo
# Script to print user information like who is currently logged in , current

date & time
clear
echo "Hello $USER"
echo "Today is \c ";date
echo "Number of user login : \c" ; who | wc -l
echo "Calendar"
cal
exit 0
8.1.1. Variables in Shell

In Linux (Shell) , there are two types of variables:
1.
System variables - Created and maintained by Linux itself. This type of

variable is defined in CAPITAL LETTERS.
2.
User defined variables (UDV) - Created and maintained by user. This type
of variable is defined in lower case letters.
Some of the important System variables and their meanings are given below:
System Variable Meaning
BASH=/bin/bash Your shell name
BASH_VERSION=1.14.7 Your shell version name
COLUMNS=80 No. of columns for your screen
HOME=/home/carma Your home directory
LINES=25 No. of rows for your screen.
LOGNAME=root LOGNAME contains the username you logged in with.
OSTYPE=Linux The Os type
PATH=/usr/bin:/sbin:/bin:/usr/sbin Your path settings
PWD=/home/carma The current working directory
SHELL=/bin/bash Your shell name
USERNAME=carma User who is currently logged in to this machine.
The above settings can be printed using the echo command
$ echo $USERNAME
echo will echo the string(s) specified to the standard output

*
$ is used to specify the shell variable.

8.1.1.1). Defining User-defined variables
To define UDV , use following syntax:
$ variable name=value
'value' is assigned to given 'variable name'
Example:
To assign variable no having value â€˜10#â€™
$ no=10#
To define variable called 'vehicle' having value Bus
$ vehicle=Bus
To define variable called n having value 10
$ n=10
To print contents of variable 'vehicle' type
$ echo $vehicle
To print contents of variable n
$ echo $n
8.1.1.2). Rules for naming variables
1.
Variable name must begin with Alphanumeric character or underscore

character (_) , followed by one or more alphanumeric character. For eg : HOME,
System_Version.
2.
Don't put spaces on either side of the equal sign when assigning value to
variable. Eg : $ no=10 is fine. But there will be problems for any of the
following variable declaration:
$ no =10
$ no= 10
$ no = 10
3.
Variables are case-sensitive, just like filename in Linux.

4.
You can define NULL variable as follows (NULL variable is a variable which
has no value at the time of definition) For e.g:
$ vech=
$ vech=""
5. Do not use ?,* etc, inside your variable names.

8.1.1.3). The â€œechoâ€ command
Use echo command to display text or value of a variable.

*
Some of the options which can be used with echo are given below.
o
â€˜-nâ€™ : Do not output the trailing new line.

o
â€˜-eâ€™ : Enable interpretation of the following backslash escape

characters in the strings:
\b backspace \c suppress trailing new line
\n new line \r carriage return
\t horizontal tab \\ backslash
Eg: $ echo -e "An apple a day keeps away \t\tdoctor\n"
8.1.2. Shell arithmetic

*
Use to perform arithmetic operations.

*
Syntax: $ expr op1 math-operator op2

*
Examples:
$ expr 1 + 3 : Addition
$ expr 2 â€“ 1 : Subtraction
$ expr 10 / 2 : Division
$ expr 20 % 3 : Remainder
$ expr 10 \* 3 : Multiplication
$ echo èxpr 6 + 3` : echo the results of an arithmetic expression
Note:
expr 20 %3 â€“ Remainder. Read as 20 mod 3 and remainder is 2.

*
expr 10 \* 3 - Multiplication use \* and not * since its wild card.

*
For the last statement note the following points

o
Firstly, before expr keyword we used ` (back quote) sign and not the
(single quote i.e. ') sign.
o
Back quote is generally found on the key under tilde (~) on PC

keyboard OR above TAB key.
o
Second, expr also ends with ` i.e. back quote.

o
Here expr 6 + 3 is evaluated to 9, and echo command prints 9 as sum

o
If you give echo â€œexpr 6 + 3â€ or echo â€˜expr 6 + 3â€™ , itâ€™ll

print expr 6 + 3
o
A sample script which performs an arithmetic expression is given
below
$ vi arith.sh
#!/bin/sh
# Perform some arithmetic
x=24
y=4
Result=èxpr $x \* $y`
echo "$x times $y is $Result"
8.1.3. Understanding Quotes inside the Shell
Quotes
Name
Meaning
â€œ
Double Quotes
"Double Quotes" - Anything enclosed in double quotes removes meaning of those

characters (except \, ` and $).
â€˜
Single Quotes
'Single quotes' â€“ Anything enclosed in single quotes remains unchanged.
Back Quote
To execute command
Eg: Some examples to understand the meaning of the quotes and their output is
given below.
$ echo "Today is `date`"
Today is Thu Mar 10 15:13:49 IST 2005
$ echo "$USERNAME"
root
$ echo '$USERNAME'
$ USERNAME
8.1.4. Finding the Exit Status of a Command Execution
By default in Linux if a particular command/shell script is executed, it will

return two type of values which is used to see whether the command or shell
script executed is successful or not.
If return value is zero (0), command is successful.

*
If return value is nonzero, command is not successful or some sort of

error is there executing command/shell script.
*
This value is know as Exit Status.And to determine this exit Status you
can use $? which is a special variable of shell.
*
For e.g: This example assumes that unknownfile doest not exist on your
hard drive
$ rm unknownfile
It will show error as follows
rm: cannot remove ùnknownfile': No such file or directory
and after that if you give command
$ echo $?
it will print nonzero value to indicate error. Now give command
$ ls
$ echo $?
It will print 0 to indicate that the command is successful.

8.1.5. Reading input from the Standard Input
The read statement is used to get input (data from user) from the standard
input and store the data in a variable.
*
Hereâ€™s a sample script which does this.
$ vi sayhello.sh
#Script to read your name from key-board
echo "Your first name please:"
read fname
echo "Hello $fname, Lets be friend!"
Run it as follows:
$ chmod 755 sayhello.sh
$ ./sayhello.sh
8.1.6. Command Line Arguments
When you run the command $ ls file file1 file2 , ls is the command and
file, file1, file2 are command line arguments passed to it
*
Hence the command above has 3 command line arguments.

*
$# holds number of arguments specified on command line. And $* or $@ refer

to all arguments passed to script.
o
$* expands to a single variable containing all the command line

parameters separated by spaces.
o
$@ expands to a list of separate words, each containing one of the
command line parameters .
o
$# is the number of parameters, excluding $0

*
Hence $1, $2, $3 refers to file, file1 and file2

*
If you are running a shell script using the commandline below
$ myshell.sh file1 dir1
The shell script name myshell.sh is referred to as $0, file1 is $1 and

dir1 $2
*
These command line arguments to shell script are known as "positional

parameters".
8.1.7. Structured Language Constructs

8.1.7.1). Decision Making
Any type of comparison in Linux Shell gives only two answers, one is YES and
other is NO.
In Linux Shell Value Meaning Example
Zero Value (0) Yes/True 0
NON-ZERO Value No/False -1, 32, 55 anything but not zero
test command or [ expr ] is used to see if an expression is true, and if

it is true it returns zero(0), otherwise returns nonzero for false.
*
Syntax: test expression OR [ expression ]

*
For Mathematical comparisons, use following operator in Shell Script
Mathematical Operator in Shell Script

Meaning
Normal Arithmetical/ Mathematical Statements
But in Shell
For test statement with if command
For [ expr ] statement with if command
-eq
Equal to
5==6
if test 5 -eq 6
if [ 5 -eq 6 ]
-ne
Not equal to
5!=6
if test 5 -ne 6
if [ 5 -ne 6 ]
-lt
Less than
5<6
if test 5 -lt 6
if [ 5 -lt 6 ]
-le
Less than or equal to
5<=6
if test 5 -le 6
if [ 5 -le 6 ]
-gt
Greater than
5>6
if test 5 -gt 6
if [ 5 -gt 6 ]
-ge
Greater than or equal to
5>=6
if test 5 -ge 6
if [ 5 â€“ge 6 ]
For string Comparisons use:
Operator
Returns True if
string1 = string2
string1 is equal to string2

string1 != string2
string1 is NOT equal to string2
string1
string1 is NOT NULL or not defined
-n string1
string1 is NOT NULL and does exist
-z string1
string1 is NULL and does exist(has length 0)
Shell also tests for files and directory types :
Operator
Returns True if
-s file
File exists and is a non empty file
-f file
File exists and is a normal file and not a directory
-d dir
File exists and is a directory
-w file
File is writeable.Youâ€™ve write permission on the file.
-r file
File is readable.
-x file
File is executable
Logical Operators which are used to combine two or more conditions at a

time:
Operator
Meaning
! expression
Logical NOT
expression1 -a expression2
Logical AND
expression1 -o expression2
Logical OR
8.1.7.2). Flow Control
if...else...fi
Syntax:
if condition
then
condition is zero (true - 0)
execute all commands up to else statement
else
if condition is not true then
execute all commands up to fi
fi
Example:
if test $1 -gt 0
then
echo "$1 number is positive"
else
echo "$1 number is negative"
fi
Nested if-else-fi
Syntax:
if condition
then
if condition
then
.....
..
do this
else
....
..
do this
fi
else
...
.....
do this
fi
Multilevel if-then-else
Syntax:
if condition
then
condition is zero (true - 0)
execute all commands up to elif statement
elif condition1
then
condition1 is zero (true - 0)
elif condition2
then
condition2 is zero (true - 0)
else
None of the above condtion,condtion1,condtion2 are true(i.e.
all of the above are nonzero or false)
execute all commands up to fi
fi
Example:
#!/bin/sh
# Script to test if..elif...else
if [ $1 -gt 0 ]; then
echo "$1 is positive"
elif [ $1 -lt 0 ]
then
echo "$1 is negative"
elif [ $1 -eq 0 ]
then
echo "$1 is zero"
else
echo "Opps! $1 is not number, give number"
fi
8.1.7.3). Loop Constructs
FOR Loop
Syntax:
for { variable name } in { list }
do
execute one for each item in the list until the list is
not finished (And repeat all statements between do and done)
done
Example:
Before trying to understand above syntax, try the following script:
$ cat testfor
for i in 1 2 3 4 5
do
echo "Welcome $i times"

done
The for loop first creates i variable and assigns a number to i from the
list of numbers from 1 to 5, The shell will then execute echo statement for each
assignment of i. (This is usually known as iteration)
*
This process will continue until all the items in the list are finished,
and because of this it will repeat 5 echo statements.
Nesting of For Loop
To understand the nesting of for loop see the following shell script.
$ vi nestedfor.sh
for (( i = 1; i <= 5; i++ )) ### Outer for loop ###
do
for (( j = 1 ; j <= 5; j++ )) ### Inner for loop ###
do
echo -n "$i "
done
echo "" #### print the new line ###
done
Run the above script as follows:
$ chmod +x nestedfor.sh
$ ./nestedfor.sh
1 1 1 1 1
2 2 2 2 2
3 3 3 3 3
4 4 4 4 4
5 5 5 5 5
Here, for each value of i the inner loop is cycled through 5 times, with
the varible j taking values from 1 to 5
*
The inner for loop terminates when the value of j exceeds 5, and the outer
loop terminates when the value of i exceeds 5.
The while Loop
Syntax:
while [ condition ]
do
command1
command2
command3
..
....
done
Loop is executed as long as given condition is true.

*
The example below shows a shell script to sum the integers between 1 and
100:
#!/bin/bash
# Simple script to demonstrate while and arithmetic

count=0
sum=0
while [ $count -lt 101 ] ; do
sum=$(( $sum + $count ))
count=$(( $count + 1 ))
done
echo "Sum = $sum"
The Case Statement
The case statement is a good alternative to Multilevel if-then-else-fi

statement. It enable you to match several values against one variable. Its
easier to read and write.
Syntax:
case $variable-name in
pattern1) command
...
..
command;;
pattern2) command
...
..
command;;
patternN) command
...
..
command;;
*) command
...
..
command;;
esac
The $variable-name is compared against the patterns until a match is

found. The shell then executes all the statements up to the two semicolons that
are next to each other. The default is *) and is executed if no match is found.
For e.g. write script as follows:
Example Syntax:
rental=$1
case $rental in
"car") echo "For $rental Rs.20 per k/m";;
"van") echo "For $rental Rs.10 per k/m";;
"jeep") echo "For $rental Rs.5 per k/m";;
"bicycle") echo "For $rental 20 paisa per k/m";;
*) echo "Sorry, I cannot get a $rental for you";;
8.1.7.4). Debugging a Shell script
Use the â€˜-xâ€™ or â€˜-vâ€™ option to show debug results

*
x shows the exact values of variables (or statements are shown on screen
with values).
*
Use -v option to debug complex shell script.
$ sh â€“x sample.sh
$ sh â€“v sample.sh
8.2. Advanced Shell Scripting

8.2.1. /dev/null
*
/dev/null - Is used to send unwanted output of a program

*
This is a special Linux file which is used to send any unwanted output
from program/command.
Syntax:
command > /dev/null
Example:
$ ls > /dev/null
Output of the above command is not shown on screen but its send to this special
file.
$ cat /dev/null > /var/log/messages
This will empty the /var/log/messages file.
8.2.2. Conditional Execution using && and ||
The control operators used for conditional execution are && (read as AND)
and || (read as OR). The syntax for AND list is as follows.
Syntax for AND:
command1 && command2
command2 is executed if, and only if, command1 returns an exit status of
zero.
Syntax for OR:
command1 || command2
command2 is executed if and only if command1 returns a non-zero exit

status.
You can use a combination of both as follows

Syntax:
command1 && command2 if exist status is zero || command3 if exit status is non-
zero
if command1 is executed successfully then shell will run command2 and if

command1 is not successful then command3 is executed.
Example:
$ rm myf && echo "File is removed successfully" || echo "File is not removed"
8.2.3. I/O Redirection and file descriptors
Standard File
File Descriptors number
Use
Example
Stdin
as Standard input
Keyboard
Stdout
as Standard output
Screen
Stderr
2
as Standard error
Screen
Eg: $ echo "There is an Error" 1>&2
The 1>&2 at the end of echo statement, directs the standard output
(stdout) to standard error (stderr) device.
8.2.4. Essential Utilities

8.2.4.1). cut
Cut is used for selecting portions of a file.

*
Syntax: cut -f{field number or byte mumber} {file-name}

*
$ cut â€“f2 testfile ---- For printing the contents of second column
*
$ cut -f2,3 testfile ----For printing the contents of second and 3rd
column
*
For example :
$ cat testfile
Sr.No Name
11 Vivek
12 Renuka
13 Prakash
14 Ashish
15 Rani
$ cut â€“f2 testfile
Vivek
Renuka
Prakash
Ashish
Rani
$ cut â€“b2,3 test file -----will print the 2nd and 3rd byte
*
$ cut -b1,2-10 testfile ----- will print the 1st byte, and 2nd to 10th
byte.
$ cut -b1,2 testfile
Sr
11
12
13
14
15
$ cut -b10-30 test
Name
Vivek
Renuka
Prakash
Ashish
Rani
The number can be specified in the various formats below:

*
N Nth byte, character or field, counted from 1

*
N- from Nth byte, character or field, to end of line

*
N-M from Nth to Mth (included) byte, character or field

*
-M from first to Mth (included) byte, character or field
8.2.4.2). paste
Paste utility is useful to put textual information together located in

various files.
*
Syntax: paste {file1} {file2}

*
Example:
$cat /file1
Vivek
Renuka
Prakash
Ashish
Rani
$cat /file2
67
55
96
36
67
$ paste /file1 /file2
Vivek 67
Renuka 55
Prakash 96
Ashish 36
Rani 67
It will therefore read the contents of the file line by line and
concatenate the first line, second line etc till the nth line of both the files.
8.2.4.3). join
join utility joins, lines from separate files.

*
Syntax: join {file1} {file2}

*
$ join file1 file2
$ cat /file1
Sr.No Name
11 Vivek
12 Renuka
13 Prakash
14 Ashish
15 Rani
$ cat /file2
Sr.No Mark
11 67
12 55
13 96
14 36
15 67
$ join /file1 /file2
11 Vivek 67
12 Renuka 55
13 Prakash 96
14 Ashish 36
15 Rani 67
join will only work, if there is common field in both file and if values
are identical to each other.
8.2.4.4). tr
tr translate range of characters (i.e. small a to z) into other (i.e. to

Capital A to Z) ranges.
*
General Syntax: tr {pattern-1} {pattern-2}

*
$ tr "[a-z]" "[A-Z]"
*
After executing command above type text in lower case and itâ€™ll be
converted to upper case. CTRL + C will terminate
8.2.4.5). uniq
Uniq is used to remove duplicate lines from a file

*
Syntax: uniq {file-name}

*
The uniq utility compares only adjacent lines, duplicate lines must be
next to each other in the file
*
Otherwise you can sort the file and pass it to uniq
Eg: $ sort file1 | uniq

8.2.5. Awk Utility
Awk utility is a powerful data manipulation/scripting programming language.
General Syntax of awk : awk -f {awk program file} filename

*
awk reads the input from given file (or from stdin also) one line at a
time, then each line in the file is compared with the pattern specified.
*
If pattern is matching for any line , then given action is taken. Pattern
can be regular expressions.
8.2.5.1). Understanding Awk Basic Examples
The examples weâ€™ll be seeing below is based on the text file â€˜testfile1â€™ ,
the contents of which is listed below:
SrNo Product Qty Unit Price
1 Pen 5 20.00
2 Rubber 10 2.00
3 Pencil 3 3.50
4 Clock 2 45.50
Now give the following commandline
$ awk '{ print $1 â€œ.â€ $2 "--> Rs." $3 * $4 }' testfile1
SrNo.Product--> Rs.0
1.Pen--> Rs.100
2.Pencil--> Rs.20
3.Rubber--> Rs.10.5
4.Clock--> Rs.91
The print command is used to print contents of variables or text enclosed

in " text ".
*
Here $1, $2, $3, $4 are all special variables containing values of fields
or columns.Therefore $1 is the value of the first field for each of the lines in
the file.
*
Finally we are directly doing the calculation using $3 * $4 i.e.

multiplication of third and fourth field in the text file.
*
Note that "--> Rs." is a string which is printed as it is.
$ awk '{ print $2 }â€™ testfile1
Product
Pen
Pencil
Rubber
Clock
$ awk '{ print $0 }' testfile2
SrNo Product Qty Unit Price
1 Pen 5 20.00
2 Pencil 10 2.00
3 Rubber 3 3.50
4 Clock 2 45.50
$0 is a special variable for awk , which refers to an entire record or the

entire line.
*
The â€˜-fâ€™ option instructs awk, to read its command from a given awk
file.
*
Awk also uses some predefined variables like NR and NF which means Number
of the input Record, Number of Fields in input record respectively.
*
An example which uses both these options is given below:
First, create an awk file below called def_var with the contents below.
$ cat def_var
print "Printing Rec. #" NR "(" $0 "),And # of fields for this record is " NF
Then, run it as follows and the result is printed below.
$awk -f def_var testfile1
$awk -f def_var testfile1
Printing Rec. #1(1 Pen 5 20.00),And # of fields for this record is 4
Printing Rec. #2(2 Pencil 10 2.00),And # of fields for this record is 4
Printing Rec. #3(3 Rubber 3 3.50),And # of fields for this record is 4
Printing Rec. #4(4 Clock 2 45.50),And # of fields for this record is 4
Some of the other Awk predefined variables are :
Awk Variable
Meaning
FILENAME
Name of current input file
RS
Input record separator character (Default is new line)
OFS
Output field separator string (Blank is default)
ORS
Output record separator string (Default is new line)
NF
Number of fields/columns in the input record
NR
Number of the input record (1 for 1st Record, 2 for 2nd record etc)
OFMT
Output format of number
FS , F
Field separator character (Blank & tab is default)
8.2.5.2). Doing arithmetic and user defined variables with awk
You can easily do arithmetic with awk as follows
$ vi math
print $1 " + " $2 " = " $1 + $2
print $1 " - " $2 " = " $1 - $2
print $1 " / " $2 " = " $1 / $2
print $1 " x " $2 " = " $1 * $2
print $1 " mod " $2 " = " $1 % $2
}
$ awk -f math
20 3
20 + 3 = 23
20 - 3 = 17
20 / 3 = 6.66667
20 x 3 = 60
20 mod 3 = 2
(Press CTRL + D to terminate)
You can also define your own variable in awk program, as follows:
$ cat math1
no1 = $1
no2 = $2
ans = $1 + $2
print no1 " + " no2 " = " ans
Run the program as follows
$ awk -f math1
1 5
1 + 5 = 6
8.2.6. The sed Utility
SED is a stream editor.

*
A stream editor is used to perform basic text transformations on an input

stream (a file or input from a pipeline).
*
SED works by making only one pass over the input(s), and is consequently
more efficient.
*
But it is SED's ability to filter text in a pipeline which particularly

distinguishes it from other types of editors.
*
General Syntax of sed
$ sed -option 'general expression' [data-file]
$ sed -option sed-script-file [data-file]
Sed means start the sed command.
The option that can be specified are given below:
Option
Meaning
Example
-e
Read the sed command from command line
$ sed -e 'sed-commands' data-file-name
-f
Read the sed command from sed script file
$sed -f sed-script-file data-file-name
-n
Suppress the output of sed command. When -n is used you must use p command of
print flag.
$ sed -n '/^\*..$/p' demofile2

*
The most basic and commonly used operators in the sed toolkit are printing
(to stdout), deletion, and substitution. Their specifications are listed below.
Operator
Name
Implication
[address-range]/p
print
Print [specified address range]
[address-range]/d
delete
Delete[specified address range]
s/pattern1/pattern2/
substitute
Substitute pattern2 for first instance of pattern1 in a line
[address-range]/s/pattern1/pattern2/
substitute
Substitute pattern2 for first instance of pattern1 in a line, over address-range
[address-range]/y/pattern1/pattern2/
transform
replace any character in pattern1 with the corresponding character in pattern2,
over address-range (equivalent of tr)
global
Operate on every pattern match within each matched line of input
Examples of sed operators:
Notation
Meaning
8d
Delete 8th line of input.
/^$/d
Delete all blank lines.
1,/^$/d
Delete from beginning of input up to, and including first blank line.
/Jones/p
Print only lines containing "Jones" (with -n option).
s/Windows/Linux/
Substitute "Linux" for first instance of "Windows" found in each input line.
s/BSOD/stability/g
Substitute "stability" for every instance of "BSOD" found in each input line.
s/ *$//
Delete all spaces at the end of every line.
s/00*/0/g
Compress all consecutive sequences of zeroes into a single zero.
/GUI/d
Delete all lines containing "GUI".
s/GUI//g
Delete all instances of "GUI", leaving the remainder of each line intact.
8.2.6.1). Sample sed Commands/Scripts
You can redirect the output of sed command to file as follows
$ sed 's/Linux/UNIX/' file1 > file.out
Deleting blank lines from file. Using sed you can delete all blank lines
from file
*
as follow
$ sed '/^$/d' demofile1
The following sed command takes input from who command and sed checks
whether a particular user is logged in or not. Here -n option to sed command,
will suppress the output of sed command; and /carma/ is the pattern that we are
looking for, so finally if the pattern is found its printed using p command of
sed.
$ who | sed -n '/carma/p'
Sample Script1
To remove all blank lines and convert multiple spaces into single space, use the
sed script â€˜sedscriptâ€™ below.
$ cat sedscript
/^$/d
s/ */ /g
And run it on a demofile as below
$ sed â€“f sedscript demofile
/^$/d : Will find all blank lines and delete is using d command.
*
s/ */ /g : Find two or more than two blank space and replace it with
single blank space
Sample Script2
The command below will search for every instance of 1001 from the demofile
$ sed -n '/10\{2\}1/p' demofile2
{n,\} : At least n occurrences will be matched. So /10\{2\} will look for

1 followed by 2 occurences of zero.
*
So /10\{2,\} : will look for atleast 2 occurences of zero,

*
{n,\m} : Matches any number of occurrence between n and m.
Therefore, the command below
$ sed -n '/10\{2,4\}1/p' demofile2
Will match "1001", "10001", "100001" but not "101" or "10000000". As

0\{2,4\} will match 2 to 4 occurences of Zero.
Sample Script3
The command below will match only lines which have only 3 astericks *
$ sed -n '/^\*\*\*$/p' demofile2
\* will search for * and \*\*\* will match 3 *â€™s and because its
^\*\*\*$, itâ€™ll only match lines which have only three astericks.
*
/p will print the program or results

*
Same thing can be done using the commandline below also
$ sed -n '/^\*\{3\}$/p' demofile2

9. INSTALLING LINUX SOFTWARE/KERNEL
9.1. RPM Installations
RPM is a widely used tool for delivering software for Linux. Users can
easily install an RPM-packaged product.
*
RPM (Red Hat Package Manager) is the most common software package manager
used for Linux distributions. Because it allows you to distribute software
already compiled, a user can install the software with a single command.
9.1.1. Getting the RPM source
There are three commonly used sources for RPMâ€™s.
1.
Your Redhat/Fedora Installation CD( But they may not be updated to the
latest version).
2.
Download it from redhat.com site using the browser or ftp program. RedHat
site will have only their approved software on their sites. A good general
purpose source for additional software can also be found at the url
www.rpmfind.net.
3.
The command wget can be used for downloading via the http or ftp protocol
.The command line that can be used is:
$ wget http://redhat.com/download/pub/fedora/linux/core/i386/RPMS/ openssh-
3.6.1p2-34.i386.rpm
OR
$ wget ftp://ftp.redhat.com/download/pub/fedora/linux/core/i386/RPMS/ openssh-

3.6.1p2-34.i386.rpm
4.
Using yum if it is installed. On Fedora systems, its installed by default.
9.1.2. Manually installing rpms
Download the RPMs (which usually have a file extension ending with .rpm)
using any of the methods above into a temporary directory, such as /opt.
*
The next step is to issue the rpm -ivh or â€“Uvh command to install the
package.
o
The â€“i qualifier is to install an RPM package

o
The -U qualifier is used for updating an RPM to the latest version

o
The -h qualifier gives a list of hash # characters during the

installation and
o
The -v qualifier prints verbose status messages while the command is

being executed.
Here is an example of a typical RPM installation command to install the

MySQL server package:
$ rpm -ivh mysql-server-3.23.58-9.i386.rpm
Preparing... ####################### [100%]
1:mysql-server ####################### [100%]

9.1.3. RPM Installation Errors
Sometimes the installation of RPM software doesn't go according to plan

and you need to take corrective actions. This section shows you how to recover
from some of the most common errors you'll encounter.
*
Failed Dependencies : Sometimes RPM installations will fail giving

â€œFailed dependencies errorsâ€ which actually mean that a prerequisite RPM
needs to be installed.
*
For example, in the example below, rpm installation of the MySQL database
server application fails because the mysql client RPM, on which it depends,
needs to be installed beforehand.
$ rpm -ivh mysql-server-3.23.58-9.i386.rpm
error: Failed dependencies:
libmysqlclient.so.10 is needed by mysql-server-3.23.58-9
To get around this problem you can run the rpm command with the --nodeps
option to disable dependency checks
$ rpm â€“ivh â€“nodeps mysql-server-3.23.58-9.i386.rpm
Preparing... ####################### [100%]
1:mysql ####################### [100%]
You may also use an option called --force, to forcefully do the rpm
installation leaving out the dependency checks.
$ rpm â€“ivh â€“nodeps â€“force mysql-server-3.23.58-9.i386.rpm
Rpm packaged files contains certain digests and signatures which ensure
the integrity and origin of the package. Digital signatures cannot be verified
without a public encryption key and this can be imported using the command line
below
$ rpm --import /usr/share/rhn/RPM-GPG-KEY

9.1.4. Installing Source Rpms
Sometimes the packages you want to install need to be compiled in order to match
your kernel version. This requires you to use source RPM files:
Download the source RPMs which usually have a file extension ending with
(.src.rpm).
*
Run the following commands as root. Compiling and installing source RPMs
can be done simply with the rpmbuild command.
*
rpmbuild is used to build both binary and source software packages.

*
Packages come in two varieties: binary packages, used to encapsulate

software to be installed, and source packages, containing the source code and
recipe necessary to produce binary packages.
$ rpmbuild --rebuild filename.src.rpm
Here is an example in which we install the tac_plus package.
$ rpmbuild --rebuild tac_plus-4.0.3-2.src.rpm
Installing tac_plus-4.0.3-2.src.rpm
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.61594
+ umask 022
+ cd /usr/src/redhat/BUILD
+ rm -rf tac_plus-4.0.3
+ /usr/bin/gzip -dc /usr/src/redhat/SOURCES/tac_plus-4.0.3.tgz
+ tar -xvvf -
...
...
+ umask 022
+ rm -rf tac_plus-4.0.3
+ exit 0
The compiled RPM file can now be found in one of the architecture
subdirectories under /usr/src/redhat/RPMS directory.
*
For example, if you compiled an i386 architecture version of the RPM it

will be placed in the i386 subdirectory (/usr/src/redhat/RPMS/i386).
*
You will then have to install the compiled RPMs found in their respective
subdirectories as you normally would.
9.1.5. Listing Installed RPMs
The rpm -qa command will list all the packages installed on your system.
$ rpm â€“qa
You could use rpm -q package-name command to find an installed package if

you know the package name.
$ rpm â€“q openssh
If you are not sure of the package name, the command line that can be used
is
$ rpm â€“qa |grep ssh

9.1.6. Listing Files Associated with RPMs
Sometimes you'll find yourself installing software that terminates with an

error requesting the presence of a particular file. In many cases the
installation program doesn't state the RPM package in which the file can be
found. It is therefore important to be able to determine the origin of certain
files, by listing the contents for RPMs in which you suspect the files might
reside.
9.1.6.1). Listing Files for Already Installed RPMs

*
You can use the -ql qualifier to list all the files associated with an
installed RPM.
*
In this example we test to make sure that the openssh package is installed
using the -q qualifier.
$ rpm -q openssh
And then we use the -ql qualifier to get the file listing.
# rpm -ql openssh
/etc/ssh
/etc/ssh/moduli
/usr/bin/ssh-keygen
/usr/libexec/openssh
/usr/libexec/openssh/ssh-keysign
/usr/share/doc/openssh-3.5p1
/usr/share/doc/openssh-3.5p1/CREDITS
/usr/share/doc/openssh-3.5p1/ChangeLog
/usr/share/doc/openssh-3.5p1/INSTALL
/usr/share/doc/openssh-3.5p1/LICENCE
/usr/share/doc/openssh-3.5p1/OVERVIEW
/usr/share/doc/openssh-3.5p1/README
/usr/share/man/man8/ssh-keysign.8.gz
9.1.6.2). Listing Files in RPM Files
Suppose you have downloaded an rpm and you want to see all the files inside the
RPM archive, you can do this using the -qpl qualifier as below:
$ rpm -qpl dhcp-3.0pl1-23.i386.rpm

9.1.6.3). Listing the RPM to Which a File Belongs
You might need to know the RPM that was used to install a particular file.
This is useful when you have a suspicion about the function of a file but are
not entirely sure.
*
For example, the MySQL RPM uses the /etc/my.cnf file as its configuration
file, not a file named /etc/mysql.conf as you'd normally expect. So you may
check the rpm to which this particular files belongs using the command line
below.
$ rpm -qf /etc/my.cnf
mysql-3.23.58-9
Note that this will work only if the rpm package you are querying is
already installed on the machine.
9.1.7. Uninstalling Rpms
The rpm -e command will erase an installed package. The package name given
must match that listed in the rpm -qa command because the version of the package
is important.
*
Example :
$ rpm -e package-name
$ rpm â€“e mysql-3.23.58-9

9.2. Software Installations from Source using Tarballs
The tar file installation process usually requires you first to uncompress
and extract the contents of the archive in a local subdirectory, which
frequently has the same name as the tar file.
*
The subdirectory will usually contain a file called README or INSTALL,

which outlines all the customized steps to install the software.
9.2.1. The GCC Compiler
The gcc C and C++ compiler is used to compile software on your system,
most importantly the kernel. So in case they are not present you need to install
them or upgrade then.
*
The newest version of gcc is found on the Linux FTP sites. On

sunsite.unc.edu, it is found in the directory /pub/Linux/GCC (along with the
libraries) eg: ftp://sunsite.unc.edu/pub/Linux/GCC. There should be a release
file for the gcc distribution detailing what files you need to download and how
to install them.
9.2.2. Steps for installing from Tarball
1.
Download the tarball using wget to /opt or some temporary directory. For
example,
$ wget http://prdownloads.sourceforge.net/gaim/gaim-1.1.3.tar.gz
2.
The tarball format will be generally .tgz or tar.gz or sometimes .tbzip or

tar.bz. The tar.gz file has to be uncompressed and unarchived using the command
line below.
$ tar â€“xvzf gaim-1.1.3.tar.gz
This would create a directory called gaim-1.1.3 within the current

directory and unzip all the files within that new directory.
1.
Once this is complete the installation instructions will ask you to

execute the 3 basic commands : configure, make & make install. First goto the
gaim-1.1.3. directory to run the above commands.
$ cd gaim-1.1.3
$ ./configure
*
The above command makes the shell run the script named 'configure'
which exists in the current directory. The configure checks for lots of
dependencies on your system.
*
If any of the major requirements are missing on your system, the

configure script would exit and you cannot proceed with the installation, until
you get those required things.
*
The main job of the configure script is to create a ' Makefile ' .
Depending on the results of the tests (checks) that the configure script
performed ,it would write down the various steps that need to be taken (while
compiling the software) in the file named Makefile.
4.
â€˜makeâ€™ is actually a utility which exists on almost all Unix systems

and it requires a file named Makefile in the same directory in which you run
make. The make utility compiles all your program code and creates the
executables. It sets the sequence for the events using â€˜labelsâ€™ so that your
program does not complain about missing dependencies.Hence step to do is
â€˜makeâ€™ under the directory game-1.1.3
$ make
5.
One of the labels present in the Makefile happens to be named 'install'

and when you run â€˜makeâ€™ with install as the parameter, the make utility
searches for a label named install within the Makefile, and executes only that
section of the Makefile.
The install section happens to be only a part where the executables and other
required files created during the last step (i.e. make) are copied into the
required final directories on your machine.( eg: /bin, /usr/bin or /usr/sbin)
.Similarly all the other files are also copied to the standard directories in
Linux
$ make install
9.3. Linux Kernel Recompilation
Linux is a shining example of the power of the Open Source movement as a

positive force of change in the software industry.
The Linux kernel, the core of any Linux distribution, is constantly

evolving to incorporate new technologies and improve performance, scalability,
support, and usability.
*
Many of these enhancements are related to adding support for additional

architectures, processors, buses, interfaces, and devices.
*
In addition to new features, each new stable Linux kernel version provides
many improvements that standardize its internal interfaces, extend the
performance and size of supported devices, and simplify adding support for new
devices and subsystems to the kernel.
*
The kernel is the heart of the Linux operating system, managing all system
threads, processes, resources, and resource allocation.
*
Unlike most other operating systems, Linux enables users to reconfigure

the kernel, which is usually done to reduce its size, add or deactivate support
for specific devices or subsystems, or both.
9.3.1. Linux kernel â€“ A Modular Kernel
Modules are pieces of code that can be loaded and unloaded into the kernel
upon demand. They extend the functionality of the kernel without the need to
reboot the system.
*
For example, one type of kernel module is the device driver, which allows
the kernel to access hardware connected to the system.
*
Without modules, we would have to build monolithic kernels and add new
functionality directly into the kernel image. Besides having larger kernels,
this has the disadvantage of requiring us to rebuild and reboot the kernel every
time we want new functionality.
*
You can see the modules that are already loaded into the kernel using the
lsmod command which gets its information by reading the file /proc/modules.
$ lsmod
9.3.2. Recompiling the kernel
9.3.2.1) PreRequisites
You need to have the latest version of GCC installed before going ahead
with the recompile.
*
You need to have enough disk space in the partition which has the
/usr/src/ directory.
*
Also for 2.6 kernel versions and above , it would be required to install
the modutils and mod-init-tools package using the steps below:
To install modutils using an rpm installation
Download the latest version of modutils rpm from
http://www.kernel.org/pub/linux/kernel/people/rusty/modules/
To compile this source rpm â€“ follow the steps below
rpmbuild --rebuild modutils-2.4.22.src.rpm
cd /usr/src/redhat/RPMS/i386
rpm â€“ivh modutils-2.4.22.rpm
To install modutils using an rpm installation
$ wget http://www.kernel.org/pub/linux/kernel/people/rusty/modules/module-
init-tools-3.0.tar.gz
$ tar -zxvf module-init-tools-3.0.tar.gz
$ cd module-init-tools-3.0/
$ ./configure --prefix=""
$ make
$ make install
$ ./generate-modprobe.conf /etc/modprobe.conf
9.3.2.2) Checking the current kernel and Redhat version
The current running version of the kernel can be checked using the command
â€œuname â€“aâ€
$ uname â€“a
Linux educarma.com 2.4.20-8 #1 Thu Mar 13 17:18:24 EST 2003 i686 athlon i386
GNU/Linux
*
The example above shows that the system is running the kernel version
2.4.20-8
*
The running version of Redhat can be checked using the command line below
$ cat /etc/redhat-release
9.3.2.3). Kernel Recompilation Steps
1.
Download the latest source from

ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-2.6.10.tar.gz
2.
Download the above source to the folder /usr/src.

3.
Uncompress the above source using the commandline below and goto that
folder.
$ tar â€“xzvf linux-2.6.10.tar.gz
$ cd /usr/src/linux-2.6.10
4.
Do the step below to build the source tree. And â€œmake mrproper" deletes
your old .config file if you are rebuilding the kernel.
$ make mrproper
5.
Configuration : Use one of the following tools to create the .config file.
This gives you the chance to choose what goes into the kernel. You can choose
support for many of the latest capabilities, device drivers, and can tune the
kernel for particular uses. Pick one of the following and type the command line
from the directory /usr/src/linux-2.6.10:
*
$ make config (Bash shell script) OR

*
$make menuconfig (uses text window curses) OR

*
$make xconfig - recommended due to online help feature and intuitive
interface. Save configuration to file: .config OR
*
$ make oldconfig Build a configuration file based on defaults found

in current .config file.
On using menuconfig, menuconfig note the symbols below
<*> = Compile into kernel

*
(y) as a Built-in module

*
<M> = Compile as a module (m)
6.
Compile : Make sure the compiling is done from the directory

/usr/src/linux-2.6.10. The steps to be followed are listed below
$ make dep ( make or build the dependencies for your chosen configuration,
deprecated for 2.6.10 kernel version and above).
*
Do a â€˜make distcleanâ€™ to clean up junk from old compiles ( in case the

same kernel is being compiled again).
$ make distclean
Or
$ make clean
The next step is to create the new kernel and then move it to
/boot/vmlinuz. bzImage is a very compressed kernel image.
$ make bzImage
8. Compile the kernel modules
$ make modules ====== To compile the kernel modules
$ make modules_install ===== Generates the file

/lib/modules/2.6.10/modules.dep.
9. Install : Follow the steps below to install the new kernel.
$ ln â€“s /usr/src/linux-2.6.10 /usr/src/linux
$ make install
Make install actually does the steps below, so please make sure that its
taken care off.
$ mv /usr/src/linux/arch/i386/boot/bzImage /boot/vmlinuz-2.6.10
$ ln -s /boot/vmlinuz-2.6.10 /boot/vmlinuz
$ mv /usr/src/linux-2.6.0/System.map /boot/System.map
$ ln â€“s /boot/System.map /boot/System.map-2.6.10
System.map file : The kernel has symbols, just like the programs you
write. The difference is, of course, that the kernel is a very complicated piece
of coding and has many, many global symbols. The kernel doesn't use symbol
names. It's much happier knowing a variable or function name by the variable or
function's address. The kernel is mainly written in C, so the compiler/linker
allows us to use symbol names when we code and allows the kernel to use
addresses when it runs.
There are situations, however, where we need to know the address of a

symbol (or the symbol for an address). This is done by a symbol table. symbol
table is a listing of all symbols along with their address.
Every time you compile a new kernel, the addresses of various symbol names
are bound to change. System.map is an actual file on your filesystem. When you
compile a new kernel, your old System.map has wrong symbol information. A new
System.map is generated with each kernel compile and you need to replace the old
copy with your new copy.
10. Make the initrd image
Execute the following command which creates the initrd image file used to let
the system boot.
*
For modular kernel, during booting this image loads hardware drivers which
are not built into the kernel.
*
The purpose of the initial RAM disk is to allow a modular kernel to have
access to modules that it might need to boot from before the kernel has access
to the device where the modules normally reside.
*
It uses an empty directory called /initrd and if this directory is found

missing, the kernel will give a â€œkernel panicâ€ and fail to boot.
$ mkinitrd /boot/initrd-2.6.10.img linux-2.6.10
The second argument is the name of the sub-directory of the modules under the
directory /lib/modules/
11.
Configure the boot loader lilo : Lilo must point to the new kernel. Edit
/etc/lilo.conf and add a new image statement to point to the new kernel. Keep
the old as backup in case you need to boot using that.
A sample lilo.conf file
Sample lilo.conf:
boot=/dev/hda
map=/boot/map - Locations on hard drive where the kernel can be found for
boot
install=/boot/boot.b
prompt
timeout=50
linear - Specific to SCSI configurations
default=linux
image=/boot/vmlinuz-2.4.3 - Old kernel
label=linux - Label/Name to be displayed by Lilo boot manager

initrd=/boot/initrd-2.4-3.img
read-only
root=/dev/hda1
image=/boot/vmlinuz-2.6.10 --- New kernel
label=linux-2.6.10 ---- Label for the new kernel
initrd=/boot/initrd-2.6.10.img
read-only
root=/dev/hda1
11.
Install lilo : Run /sbin/lilo -v to configure the master boot record with
data from lilo.conf
$ /sbin/lilo â€“v
The kernel recompilation is through and you are now ready to boot the machine on
the new kernel. If you do not want to change the default boot image and boot the
kernel on the new image only in the next boot, call lilo using
$ lilo â€“R linux-2.6.10
13. Reboot the machine using the command line below.
$ reboot
9.3.3. Command Line Tools for Kernel level administration
9.3.3.1). Kernel Modules Management
Modules are used to reduce the amount of memory used to hold the kernel.
*
There is a slight penalty for the time taken to load and unload the
module.
*
If the code is required for general operation of the kernel or is needed

often or required by the boot process, it is best to compile it into the kernel
and it should NOT be compiled as a module.
Commands :
The kernel will use the modprobe utility (/sbin/modprobe) to determine if

the module is compatible with the kernel.
*
The program used is specified by a proc file:
$ cat /proc/sys/kernel/modprobe
Modules are loaded by init scripts which call insmod/rmmod to load/unload

modules. List of modules are held in /etc/modules.conf.
Command
Description
lsmod
List loaded modules
insmod
Inserts a module into the active kernel
$ insmod usb-uhci
rmmod
Remove a loaded module. Just specify the module name. No ".o" or path
necessary.
$ rmmod usb-uhci
modprobe
High level handling of loadable modules. Loads module and dependancies.
depmod
Creates dependencies file for a module (used by modprobe)
modinfo
Display information about a kernel module
Other useful commands:
List Processor type:
$ cat /proc/cpuinfo
List devices:
$ cat /proc/devices
List pci devices
$ lspci
List usb devices
$ lsusb
List IO ports (device address used by drivers):
$ cat /proc/ioports
List DMA channels:
$ cat /proc/dma
View interrupts used by the system:

$ cat /proc/interrupts
Display boot messages:
$ dmesg
Display sound driver status:
$ cat /dev/sndstat
9.4 . More About Lilo and Grub
9.4.1. Grub (Grand Unified Boot loader)
Briefly, a boot loader is the first software program that runs when a
computer starts. It is responsible for loading and transferring control to an
operating system kernel software.
*
Grub can load a wide variety of operating systems and other proprietary
operating systems like windows using chain loading.
*
Chain loading is a method by which another boot loader is loaded to boot

the unsupported operating system.
Some of the advantages of Grub are
1.
Recognize multiple executable formats

2.
Support non-Multiboot kernels

3.
Load multiple modules

4.
Load a configuration file

5.
Provide a menu interface

6.
Have a flexible command-line interface

7.
Support multiple filesystem types

8.
Support automatic decompression

9.
Access data on any installed device

10.
Be independent of drive geometry translations

11.
Detect all installed RAM

12.
Support Logical Block Address mode

13.
Support network booting via ftp

14.
Support remote terminals ( serial )
9.4.1.1). Stages in Grub Loading
GRUB loads itself into memory in the following stages:
The Stage 1 or primary boot loader is read into memory by the BIOS from
the MBR. The primary boot loader exists on less than 512 bytes of disk space
within the MBR and is capable of loading either the Stage 1.5 or Stage 2 boot
loader.
*
The Stage 1.5 boot loader is read into memory by the Stage 1 boot loader,
if necessary. Some hardware requires an intermediate step to get to the Stage 2
boot loader. This is sometimes true when the /boot partition is above the 1024
cylinder head of the hard drive or when using LBA mode. The Stage 1.5 boot
loader is found either on the /boot partition or on a small part of the MBR and
the /boot partition.
*
The Stage 2 or secondary boot loader is read into memory. The secondary
boot loader displays the GRUB menu and command environment. This interface
allows you to select which operating system or Linux kernel to boot, pass
arguments to the kernel, or look at system parameters, such as available RAM.
*
The secondary boot loader reads the operating system or kernel and initrd
into memory. Once GRUB determines which operating system to start, it loads it
into memory and transfers control of the machine to that operating system.
9.4.1.2). Direct Loading and Chain Loading Booting Methods

*
The boot method used to boot Red Hat Linux is called the direct loading
method because the boot loader loads the operating system directly. There is no
intermediary between the boot loader and the kernel.
The boot process used by other operating systems may differ. For example,
Microsoft's DOS and Windows operating systems, as well as various other
proprietary operating systems, are loaded using a chain loading boot method.
*
Under this method, the MBR points to the first sector of the partition
holding the operating system. There it finds the files necessary to actually
boot that operating system.
*
GRUB supports both direct and chain-loading boot methods, allowing it to

boot almost any operating system.
9.4.1.3). Naming Conventions and Partitions used by Grub
GRUB uses the following rules when naming devices and partitions:
It does not matter if system hard drives are IDE or SCSI. All hard drives
start with hd. Floppy disks start with fd.
*
To specify an entire device without respect to its partitions, leave off

the comma and the partition number. This is important when telling GRUB to
configure the MBR for a particular disk. For example, (hd0) specifies the MBR on
the first device and (hd3) specifies the MBR on the fourth device.
File Names and Blocklists
When typing commands to GRUB involving a file, such as a menu list to use
when allowing the booting of multiple operating systems, it is necessary to
include the file immediately after specifying the device and partition.
*
Most of the time, you will be specifying files by their path on that
partition plus the file's name. This is rather straightforward. An example is
(hd0,0)/grub/grub.conf.
*
It is also possible to specify files to GRUB that do not actually appear

in the file system, such as a chain loader that appears in the first few blocks
of a partition.
*
To specify these files, you must provide a blocklist, which tells GRUB,
block by block, where the file is located in the partition, since a file can be
comprised of several different sets of blocks, there is a specific way to write
blocklists.
*
Each file's section location is described by an offset number of blocks

and then a number of blocks from that offset point, and the sections are put
together in a comma-delimited order.
The following is a sample blocklist:
0+50,100+25,200+1
This blocklist tells GRUB to use a file that starts at the first block on the
partition and uses blocks 0 through 49, 99 through 124, and 199.
Knowing how to write blocklists is useful when using GRUB to load

operating systems that use chain loading, such as Microsoft Windows.
*
It is possible to leave off the offset number of blocks if starting at

block 0. As an example, the chain loading file in the first partition of the
first hard drive would have the following name:
(hd0,0)+1
You can also use the chainloader command with a similar blocklist
designation at the GRUB command line after setting the correct device and
partition as root:
chainloader +1
GRUB's Root File System
The GRUB root file system is the root partition for a particular device.
GRUB uses this information to mount the device and load files from it.
*
With Red Hat Linux, once GRUB has loaded its root partition (which equates
to the /boot partition and contains the Linux kernel), the kernel command can be
executed with the location of the kernel file as an option.
Naming convention used by grub to identify devices
First of all grub requires the device names to be enclosed with ( and ).
For example,
*
GRUB uses its own unique partition numbering scheme; it starts from 0.
*
hd0,0 means the first partition of the first drive, or hda1. Both SCSI and
IDE drives are represented by hd. GRUB numbers sequentially, from zero:
hda1 hd0,0 First partition of the first drive
hda2 hd0,1 Second partition of the first drive
hda3 hd0,2 Third partition of the first drive
hda4 hd0,3 Fourth partition of the first drive
But that's not all. Remember, the standard Linux partition table is like
this:
1-4 primary partitions
5-up extended partitions
In GRUB, it's like this:
0-3 primary partitions
4-up extended partitions
To specify a file on the first partition of the first drive, use the
command as, (hd0,0)/vmlinuz. This specifies the file named vmlinuz.
9.4.1.4). Installing and Booting Grub
How to install Grub
First install the grub system and utilities from the tar ball or the
package available for your system. On redhat linux it is, grub-0.94-5.
*
Install the boot loader. This could be done using the grub binary named as
grub-install.
$ grub-install /dev/hda OR
$ grub-install /dev/hd0
This will install grub on the MBR of the first hard disk.
*
If you have a separate boot partition then grub should be installed as,
$ grub-install --root-directory=/boot /dev/hda
How to boot operating systems
GRUB has two distinct boot methods.
One of the two is to load an operating system directly, and

*
the other is to chain-load another boot loader which then will load an
actual operating system.
*
However, the latter is sometimes required, since GRUB doesn't support all
the existing operating systems natively.
GRUB image files
GRUB consists of several images: two essential stages, optional stages called
Stage 1.5.
*
Stage1 Image
This is an essential image used for booting up GRUB. Usually, this is embedded
in an MBR or the boot sector of a partition.
Because a PC boot sector is 512 bytes, the size of this image is

exactly 512 bytes.
o
All stage1 must do is to load Stage 2 or Stage 1.5 from a local

disk.
o
Because of the size restriction, stage1 encodes the location of

Stage 2 (or Stage 1.5) in a block list format, so it never understand any
filesystem structure.
*
Stage2 Image
This is the core image of GRUB. It does everything but booting up itself.
9.4.1.5). GRUB Interfaces
GRUB features three interfaces, which provide different levels of functionality.

Each of these interfaces allows users to boot operating systems, and move
between interfaces within the GRUB environment.
1. Menu Interface
If GRUB was automatically configured by the Red Hat Linux installation

program, this is the interface shown by default.
*
A menu of operating systems or kernels preconfigured with their own boot

commands are displayed as a list, ordered by name.
*
Use the arrow keys to select an option other than the default selection
and press the [Enter] key to boot it. Alternatively, a timeout period is set, so
that GRUB will start loading the default option.
*
From the menu interface, press the [e] key to enter the entry editor
interface or the [c] key to load a command line interface.
2. Menu Entry Editor Interface
To access the menu entry editor, press the [e] key from the boot loader
menu interface.
*
The GRUB commands for that entry are displayed here, and users may alter
these command lines before booting the operating system by adding a command line
such as below.
*
[o] inserts the new line after the current line and [O] before it, editing
one ([e]), or deleting one ([d]).
*
After all changes are made, hit the [b] key to execute the commands and
boot the operating system.
*
The [Esc] key discards any changes and reloads the standard menu
interface.
*
The [c] key will load the command line interface.

*
This method can be used to boot linux in â€œsingle userâ€ mode.
3. Command Line Interface
The command line is the most basic GRUB interface, but it is also the one
that grants the most control.
*
The command line makes it possible to type any relevant GRUB commands
followed by the [Enter] key to execute them.
*
This interface features some advanced shell-like features, including [Tab]

key completion, based on context, and [Ctrl] key combinations when typing
commands, such as [Ctrl]-[a] to move to the beginning of a line, and [Ctrl]-[e]
to move to the end of a line.
*
In addition, the arrow, [Home], [End], and [Delete] keys work as they do
in the bash shell.
*
The grub commandline can be accessed from a normal bash shell on linux
systems where grub is installed using the command â€œgrubâ€
$ grub
Order of Interface Use
When the GRUB environment loads the second stage boot loader, it looks for
its configuration file.
*
When found, it uses the configuration file to build the menu list and
displays the boot menu interface.
*
If the configuration file cannot be found, or if the configuration file is

unreadable, GRUB will load the command line interface to allow users to manually
type the commands necessary to boot an operating system.
*
If the configuration file is not valid, GRUB will print out the error and
ask for input. This can be very helpful, because users will then be able to see
precisely where the problem occurred and fix it in the file.
*
Pressing any key will reload the menu interface, where it is then possible
to edit the menu option and correct the problem based on the error reported by
GRUB. If the correction fails, the error is reported and GRUB will begin again.
9.4.1.6). GRUB Commands
GRUB allows a number of useful commands in its command line interface.

*
Some of the commands accept options after their name; these options should
be separated from the command and other options on that line by space
characters.
The following is a list of useful commands:
boot â€” Boots the operating system or chain loader that has been
previously specified and loaded.
*
chainloader <file-name> â€” Loads the specified file as a chain loader. To

grab the file at the first sector of the specified partition, use +1 as the
file's name. +1' indicates that GRUB should read one sector from the start of
the partition
*
displaymem â€” Displays the current use of memory, based on information

from the BIOS. This is useful to determine how much RAM a system has prior to
booting it.
initrd <file-name> â€” Enables users to specify an initial RAM disk to use
when booting. An initrd is necessary when the kernel needs certain modules in
order to boot properly, such as when the root partition is formated with the
ext3 file system.
install <stage-1> <install-disk> <stage-2> p <config-file> â€” Installs

GRUB to the system MBR. When using the install command the user must specify the
following:
o
<stage-1> â€” Signifies a device, partition, and file where the

first boot loader image can be found, such as (hd0,0)/grub/stage1.
o
<install-disk> â€” Specifies the disk where the stage 1 boot loader
should be installed, such as (hd0).
o
<stage-2> â€” Passes to the stage 1 boot loader the location of

where the stage 2 boot loader is located, such as (hd0,0)/grub/stage2.
o
p <config-file> â€” This option tells the install command to look

for the menu configuration file specified by <config-file>. An example of a
valid path to the configuration file is (hd0,0)/grub/grub.conf.
Eg: install /grub/stage1 (hd0) /grub/stage2 p /grub/grub.conf
kernel <kernel-file-name> <option-1> <option-N> â€” Specifies the kernel

file to load from GRUB's root file system when using direct loading to boot the
operating system. Options can follow the kernel command and will be passed to
the kernel when it is loaded.
For Red Hat Linux, an example kernel command looks like the following:
kernel /vmlinuz root=/dev/hda1
Example to load a Linux kernel from grub command line:
grub> kernel (hd0,1)/boot/vmlinuz root=/dev/hda2
grub> boot
This line specifies that the vmlinuz file is loaded from GRUB's root file
system, such as (hd0,0).
*
An option is also passed to the kernel specifying that when loading the
root file system for the Linux kernel, it should be on hda5, the fifth partition
on the first IDE hard drive. Multiple options may be placed after this option,
if needed.
*
root <device-and-partition> â€” Configures GRUB's root partition to be a

specific device and partition, such as (hd0,0), and mounts the partition so that
files can be read.
*
rootnoverify <device-and-partition> â€” Performs the same functions as the

root command but does not mount the partition.
9.4.1.7). GRUB Menu Configuration File
The configuration file (/boot/grub/grub.conf), which is used to create the

list of operating systems to boot in GRUB's menu interface, essentially allows
the user to select a pre-set group of commands to execute.
Special Configuration File Commands
The following commands can only be used in the GRUB menu configuration file:
color <normal-color> <selected-color> â€” Allows specific colors to be

used in the menu, where two colors are configured as the foreground and
background. Use simple color names, such as red/black.
*
default <title-name> â€” The default entry title name that will be loaded
if the menu interface times out.
*
fallback <title-name> â€” If used, the entry title name to try if first
attempt fails.
*
hiddenmenu â€” If used, prevents the GRUB menu interface from being
displayed, loading the default entry when the timeout period expires. The user
can see the standard GRUB menu by pressing the key.
*
password <password> â€” If used, prevents a user who does not know the
password from editing the entries for this menu option.
*
timeout â€” If used, sets the interval, in seconds, before GRUB loads the
entry designated by the default command.
*
splashimage â€” Specifies the location of the splash screen image to be

used when GRUB boots.
*
title â€” Sets a title to be used with a particular group of commands used
to load an operating system.
*
The hash mark (#) character can be used at the beginning of a line to
place comments in the menu configuration file.
Configuration File Structure
The GRUB menu interface configuration file is /boot/grub/grub.conf.

*
The commands to set the global preferences for the menu interface are
placed at the top of the file, followed by the different entries for each of the
operating systems or kernels listed in the menu.
*
The following is a very basic GRUB menu configuration file designed to

boot either Red Hat Linux and Microsoft Windows 2000:
default=0
fallback=1
timeout=10
splashimage=(hd0,0)/grub/splash.xpm.gz
# section to load linux
title Red Hat Linux (2.4.20)
root (hd0,0)
kernel /vmlinuz-2.4.20 ro root=/dev/hda2
initrd /initrd-2.4.20.img
# section to load Windows 2000
title windows
rootnoverify (hd0,0)
chainloader +1
This file tells GRUB to build a menu with Red Hat Linux as the default
operating system and sets it to autoboot after 10 seconds.
*
Two sections are given, one for each operating system entry, with commands
specific to the system disk partition table.
*
Note that the default is specified as a number. This refers to the first
title line GRUB comes across.
*
If you want windows to be the default, change the default=0 to default=1.

*
chainloader +1 boots the windows partition from the first sector of the
first hard drive.
9.4.1.8). Changing Runlevels at Boot Time
If you are using GRUB as your boot loader, follow these steps:
In the graphical GRUB boot loader screen, select the Red Hat Linux boot
label and press [e] to edit it.
*
Arrow down to the kernel line and press [e] to edit it.
*
At the prompt, type the number of the runlevel you wish to boot into (1
through 5), or the word single and press [Enter].
*
You will be returned to the GRUB screen with the kernel information. Press
the [b] key to boot the system.
9.4.2. LILO or Linux Loader
LILO stands for Linux Loader.

*
The Linux Loader or LILO is one of the most popular methods of booting
into Linux.It is the Linux boot manager that is either written to the Master
Boot Record of your hard drive or to the first sector of your hard drive.
*
It also allows you to choose which operating system to load if you have
multiple operating systems on your machine. It also allows you to boot different
Linux kernel versions if you want.
*
Because of this, its a very flexible boot loader.
LILO vs. GRUB
In general, LILO works similarly to GRUB except for three major differences:
1.
It has no interactive command interface and only allows one command

with arguments.
2.
It stores information about the location of the kernel or other

operating system it is to load on the MBR.
3.
It cannot read ext2 partitions.
*
The last two points mean that if you change LILO's configuration file or
install a new kernel, you must rewrite the Stage 1 LILO boot loader to the MBR
by issuing the /sbin/lilo -v command.
*
This is more risky than GRUB's method, because a misconfigured MBR leaves
the system unbootable. With GRUB, if the configuration file is erroneously
configured, it will simply default to its command line interface.
9.4.2.1). LILO Booting stages
LILO loads itself into memory almost identically to GRUB, except it is

only a two stage loader.
1.
The Stage 1 or primary boot loader is read

into memory by the BIOS from the MBR. The primary boot loader exists on less
than 512 bytes of disk space within the MBR. The only thing it does is load the
Stage 2 boot loader and pass to it disk geometry information.
2.
The Stage 2 or secondary boot loader is read

into memory. The secondary boot loader displays the Red Hat Linux initial
screen. This screen allows you to select which operating system or Linux kernel
to boot.
3.
The Stage 2 boot loader reads the operating

system or kernel and initrd into memory. Once LILO determines which operating
system to start, it loads it into memory and hands control of the machine to
that operating system.
9.4.2.2) Lilo Configuration File
Default Configuration : During the installation of Linux, you are given

the option to install LILO as your boot manager. If you choose to install it,
the LILO configuration file is usually in the /etc/lilo.conf (the default for
RedHat).
A typical configuration file will look like the following:
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
message=/boot/message
lba32
default=linux
append="hdc=ide-scsi"
image=/boot/vmlinuz-2.2.5-15
label=linux
root=/dev/hda3
initrd=/boot/initrd-2.2.5-15.img
read-only
other=/dev/hda1
label=dos
The following is a more detailed look at the lines of this file:
boot= /dev/hda â€” Instructs LILO to be installed on the first hard disk
of the first IDE controller.
*
map=/boot/map â€” Locates the map file. In normal use, this should not be
modified.
*
install=/boot/boot.b â€” Instructs LILO to install the specified file as

the new boot sector. In normal use, this should not be altered. If the install
line is missing, LILO assumes a default of /boot/boot.b as the file to be used.
*
prompt â€” Instructs LILO to show you whatever is referenced in the

message line. While it is not recommended that you remove the prompt line, if
you do remove it, you can still access a prompt by holding down the [Shift] key
while your machine starts to boot.
*
timeout=50 â€” Sets the amount of time that LILO waits for user input
before proceeding with booting the default line entry. This is measured in
tenths of a second, with 50 as the default.
*
message=/boot/message â€” Refers to the screen that LILO displays to let

you select the operating system or kernel to boot.
*
lba32 â€” Describes the hard disk geometry to LILO. Another common entry
here is linear. You should not change this line unless you are very aware of
what you are doing. Otherwise, you could put your system in an unbootable state.
*
default=linux â€” Refers to the default operating system for LILO to boot
as seen in the options listed below this line. The name linux refers to the
label line below in each of the boot options.
*
image=/boot/vmlinuz-2.2.5-15â€” Specifies which Linux kernel to boot with

this particular boot option.
*
label=linux â€” Names the operating system option in the LILO screen. In
this case, it is also the name referred to by the default line.
*
initrd=/boot/initrd-2.2.5-15.img â€” Refers to the initial ram disk image

that is used at boot time to initialize and start the devices that makes booting
the kernel possible. The initial ram disk is a collection of machine-specific
drivers necessary to operate a SCSI card, hard drive, or any other device needed
to load the kernel. You should never try to share initial ram disks between
machines.
*
read-only â€” Specifies that the root partition (refer to the root line
below) is read-only and cannot be altered during the boot process.
*
root=/dev/hda3 â€” Specifies which disk partition to use as the root

partition.
*
other=/dev/hda1 â€” Specifies the partition containing DOS.

*
append="hdc=ide-scsi" allows you to pass parameters to the kernel at boot

without any intervention from you. This can be a global setting or a per-image
setting. Just enter the parameters that are to be passed to the kernel within
double-quotes. The advantage is that you don't have to pass the parameters to
Linux at every boot. Here using the append statement, you can tell Linux to use
the ide-scsi module for /dev/hdc.
9.4.2.3). Installing lilo
*
After editing the configuration file to include additional operating
systems or additional kernels, the lilo command must be run for your changes to
take effect.
$ /sbin/lilo OR
$ lilo
To add multiple kernel images, they can be appended to the /etc/lilo.conf

file
*
To get a more verbose description of the labels thta have been added by
lilo, use the option
$ lilo â€“v
To instruct lilo to use a specific kernel only on the next reboot without
changing the default in the /etc/lilo.conf file, use the option
$ lilo â€“R <labelname>
9.4.2.4). Changing Runlevel at Boot Time
If you use LILO as your boot loader, access the boot: prompt by typing
[Ctrl]-[X]. Then type:
linux <number>
Eg: linux single
linux 5
Replace number with either the number of the runlevel you wish to boot
into (1 through 5), or the word single to boot into single user mode.
10. LINUX SERVICES

10.1. Open SSH Server
The openssh is a free, open source implementation of the SSH (Secure shell)
protocols.
*
It replaces telnet, ftp, rlogin, rsh, and rcp with secure, encrypted
network connectivity tools.
*
OpenSSH supports versions 1.3, 1.5, and 2 of the SSH protocol. Since
OpenSSH version 2.9, the default protocol is version 2, which uses RSA keys as
the default.
*
Another reason to use OpenSSH is that it automatically forwards the

DISPLAY variable to the client machine. In other words, if you are running the X
Window System on your local machine, and you log in to a remote machine using
the ssh command, when you execute a program on the remote machine that requires
X, it will be displayed on your local machine.
*
This is convenient if you prefer graphical system administration tools but

do not always have physical access to your server.
10.1.1. Configuring an OpenSSH server
To run an OpenSSH server you require two packages,
openssh-server package
openssh package
You can use â€˜rpm â€“qaâ€™ to see the version of openssh-server and
openssh package installed on the server
$ rpm â€“qa openssh
$ rpm â€“qa openssh-server
The configuration file used by ssh is /etc/ssh/sshd_config.

*
The port on which sshd listens to by default is port 22

*
To start the service use the command
$ /sbin/service sshd start
*
To stop the server use the command
$ /sbin/service sshd stop
10.1.2. Configuring an OpenSSH Client
ssh (SSH client) is a program for logging into a remote machine and for
executing commands on a remote machine.
*
It is intended to replace rlogin and rsh, and provide secure encrypted

communications between two untrusted hosts over an insecure network.
*
The packages required for an OpenSSH client are

o
openssh-clients
o
openssh
10.1.2.1). Using the SSH command
Logging in to a remote machine with ssh is similar to using telnet.

*
To log in to a remote machine named penguin.example.net, type the

following command at a shell prompt:
$ ssh [-l login_name] hostname OR user@hostname [command]
If you donâ€™t use â€“l command the login name will be the username
initiating the connection. ie If you are logged in as x then the username will
be x unless specified by the â€“l <username> option.
*
Use the option â€“p to specify a port at the remote machine if sshd is not
running at the standard port 22.
*
To disable X11 forwarding use the option â€“x.
$ ssh penguin.example.net
*
The first time you ssh to a remote machine, you will see a message similar
to the following.
##########################
The authenticity of host 'penguin.example.net' can't be established.
DSA key fingerprint is 94:68:3a:3a:bc:f3:9a:9b:01:5d:b3:07:38:e2:11:0c.
Are you sure you want to continue connecting (yes/no)?
Type yes to continue. This will add the server to your list of known hosts
as seen in the following message:
Warning: Permanently added 'penguin.example.net' (DSA) to the list of known

hosts.
##########################
Next, you'll see a prompt asking for your password for the remote machine.
After entering your password, you will be at a shell prompt for the remote
machine.
*
If you use ssh without any command line options, the username that you are
logged in as on the local client machine is passed to the remote machine.
*
The ssh command can be used to execute a command on the remote machine
without logging in to a shell prompt.
*
For example, if you want to execute the command â€˜ls /usr/share/docâ€™ on

the remote machine penguin.example.net, type the following command at a shell
prompt:
$ ssh penguin.example.net ls /usr/share/doc
After you enter the correct password, the contents of /usr/share/doc will be
displayed, and you will return to your shell prompt.
10.1.2.2). Using the scp Command
*
The scp command can be used to transfer files between machines over a
secure, encrypted connection. It is similar to rcp.
*
The general syntax to transfer a local file to a remote system is
$ scp localfile username@tohostname:/newfilename.
The localfile specifies the source, and the group

username@tohostname:/newfilename specifies the destination.
*
To transfer the local file /root/testfile to your account on

penguin.educarma.com, type the following at a shell prompt (replace username
with your username):
$ scp /root/testfile username@penguin.educarma.com:/home/username
This will transfer the local file /root/testfile to

/home/username/testfile on penguin.educarma.com.
*
The general syntax to transfer a remote file to the local system is
$ scp username@tohostname:/remotefile /newlocalfile
The remotefile specifies the path of the file on the remote machine, and
newlocalfile specifies the destination.
*
Multiple files can be specified as the source files. For example, to

transfer the contents of the directory /downloads to an existing directory
called uploads on the remote machine penguin.educarma.com, type the following at
a shell prompt:
$ scp /downloads/* username@penguin.educarma.com:/uploads/

10.1.2.3). Using the sftp Command
The sftp utility can be used to open a secure, interactive FTP session.
*
It is similar to ftp except that it uses a sec+ure, encrypted connection.
*
The general syntax is sftp username@hostname.com.

*
Once authenticated, you can use a set of commands similar to using FTP.
*
The sftp utility is only available in OpenSSH version 2.5.0p1 and higher.
10.1.2.4). Generating Key Pairs
If you do not want to enter your password every time you use ssh, scp, or
sftp to connect to a remote machine, you can generate an authorization key pair.
*
Keys must be generated for each user. To generate keys for a user, follow
the following steps as the user who wants to connect to remote machines.
*
If you complete the following steps as root, only root will be able to use
the keys.
Generating a DSA Key Pair for Version 2
Use the following steps to generate a DSA key pair for version 2 of the SSH
Protocol.
To generate a DSA key pair to work with version 2 of the protocol, type
the following command at a shell prompt:
$ ssh-keygen -t dsa
Accept the default file location of ~/.ssh/id_dsa. Enter a passphrase

different from your account password and confirm it by entering it again.
*
The public key is written to ~/.ssh/id_dsa.pub. The private key is written
to ~/.ssh/id_dsa. It is important never to give anyone the private key.
*
Change the permissions of your .ssh directory using the command
$ chmod 755 ~/.ssh
Copy the contents of ~/.ssh/id_dsa.pub to ~/.ssh/authorized_keys on the

machine to which you want to connect.
*
If the file ~/.ssh/authorized_keys does not exist, you can copy the file
~/.ssh/id_dsa.pub to the file ~/.ssh/authorized_keys on the other machine
Generating an RSA Key Pair for Version 2
Use the following steps to generate a RSA key pair for version 2 of the SSH
protocol. This is the default starting with OpenSSH 2.9.
To generate a RSA key pair to work with version 2 of the protocol, type
the following command at a shell prompt:
$ ssh-keygen -t rsa
Accept the default file location of ~/.ssh/id_rsa. Enter a passphrase

different from your account password and confirm it by entering it again.
*
The public key is written to ~/.ssh/id_rsa.pub. The private key is written

to ~/.ssh/id_rsa. Never distribute your private key to anyone.
*
Change the permissions of your .ssh directory using the command
$ chmod 755 ~/.ssh
Copy the contents of ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys on the

machine to which you want to connect. If the file ~/.ssh/authorized_keys does
not exist, you can copy the file ~/.ssh/id_rsa.pub to the file
~/.ssh/authorized_keys on the other machine.
Generating an RSA Key Pair for Version 1.3 and 1.5
Use the following steps to generate an RSA key pair, which is used by version 1
of the SSH Protocol. If you are only connecting between Red Hat Linux 7.3
systems, you do not need an RSA version 1.3 or RSA version 1.5 key pair.
To generate an RSA (for version 1.3 and 1.5 protocol) key pair, type the
following command at a shell prompt:
$ ssh-keygen -t rsa1
Accept the default file location (~/.ssh/identity). Enter a passphrase

different from your account password. Confirm the passphrase by entering it
again.
*
The public key is written to ~/.ssh/identity.pub. The private key is

written to ~/.ssh/identity. Do not give anyone the private key.
*
Change the permissions of your .ssh directory and your key with the
commands below:
$ chmod 755 ~/.ssh
$ chmod 644 ~/.ssh/identity.pub
Copy the contents of ~/.ssh/identity.pub to the file

~/.ssh/authorized_keys on the machine to which you wish to connect.
*
If the file ~/.ssh/authorized_keys does not exist, you can copy the file
~/.ssh/identity.pub to the file ~/.ssh/authorized_keys on the remote machine.
10.2. Berkeley Internet Name Domain (BIND) Server
In modern networks users identify other computers by their name.

*
The most effective way to achieve this is by means of DNS ( Domain Name
Service) or Nameserver, which resolves hostnames on the network to numerical
addresses and vice versa.
*
DNS is usually implemented using centralized nameservers, which are

authoritative to some machines, which belongs to the network the Nameserver is
implemented and forward the queries to other DNS servers for other domains.
*
When a client host requests information from a nameserver, it usually

connects to port 53.
*
The nameserver then attempts to resolve the FQDN based on its resolver
library, which may contain authoritative information about the host requested or
cached data from an earlier query.
*
If the nameserver does not already have the answer in its resolver
library, it queries other nameservers, called root nameservers, to determine
which nameservers are authoritative for the FQDN in question.
*
Then, with that information, it queries the authoritative nameservers to

determine the IP address of the requested host. If performing a reverse lookup,
the same procedure is used, except the query is made with an unknown IP address
rather than a name.
10.2.1. Nameserver Zones
On the Internet, the FQDN ( Fully Qualified Domain name) of a host can be
broken down into different sections.
*
These sections are organized into a hierarchy much like a tree, with a
main trunk, primary branches, secondary branches, and so forth.
*
Consider the following FQDN: bob.sales.example.com

*
When looking at how a FQDN is resolved to find the IP address that relates
to a particular system, read the name from right to left, with each level of the
hierarchy divided by periods (.).
*
In this example, com defines the top level domain for this FQDN. The name
â€˜exampleâ€™ is a subdomain under com, while sales is a sub-domain under
example. The name furthest to the left, bob, identifies a specific machine.
*
Except for the hostname, each section is a called a zone, which defines a
specific namespace.
*
A namespace controls the naming of the sub-domains to its left. While this
example only contains two sub-domains, a FQDN must contain at least one sub-
domain but may include many more, depending upon how the namespace is organized.
*
Zones are defined on authoritative nameservers through the use of zone

files, which describe the namespace of that zone, the mail servers to be used
for a particular domain or sub-domain, and more.
*
Zone files are stored on primary nameservers (also called master

nameservers), which are truly authoritative and where changes are made to the
zone files, and secondary nameservers (also called slave nameservers), which
receive their zone files from the primary nameservers.
*
Any nameserver can be a primary and secondary nameserver for different

zones at the same time, and they may also be considered authoritative for
multiple zones. It all depends on how the nameserver is configured.
10.2.2. Types of Nameservers
master -- Stores original and authoritative zone records for a certain

namespace, answering questions from other nameservers searching for answers
concerning that namespace.
*
slave -- Answers queries from other nameservers concerning namespaces for

which it is considered an authority. However, slave nameservers get their
namespace information from master nameservers.
*
caching only -- Offers name to IP resolution services but is not

authoritative for any zones. Answers for all resolutions are cached in memory
for a fixed period of time, which is specified by the retrieved zone record.
*
forwarding -- Forwards requests to a specific list of nameservers for name

resolution. If none of the specified nameservers can perform the resolution, the
resolution fails
10.2.3. BIND as a Nameserver
Bind performs name resolution services through the /usr/sbin/named deamon.

*
Bind also includes an administration utility called /usr/sbin/rndc.
10.2.3.1). Configuration Files
/etc/named.conf : The named.conf file is a collection of statements using nested

options surrounded by opening and closing ellipse characters, { }.
/var/named directory: The named working directory which stores zone, statistics,
and cache files.
A typical named.conf file is organized similar to the following example:
<statement-1> ["<statement-1-name>"] [<statement-1-class>] {
<option-1>;
<option-2>;
<option-N>;
};
<statement-2> ["<statement-2-name>"] [<statement-2-class>] {
<option-1>;
<option-2>;
<option-N>;
};
Named and Bind will be discussed in more detail in later sections.

10.3. File Transfer Program or FTP
FTP - Internet file transfer program.

*
The FTP utility program is commonly used for copying files to and from
other computers
*
Command usage, $ ftp [-pinegvd] [hostname]
p â€“ passive mode transfer
i - turnoff interactive mode
n â€“ restrains ftp from attempting an auto login
e â€“ disables command editing and history support
g â€“ disables file name globbing
v â€“ shows all responses from the remote server
d â€“ enables debugging

10.3.1. FTP server/client
The FTP server program can be proftpd, pureftpd, vsftpd which will be
dealt in more detail later.
*
The FTP server runs on port 21 on the server and uses the tcp protocol
*
The FTP client server could be 3rd party softwares like wsftpd, smartftp,
or the simple ftp user interface on a linux machine.
10.3.2. FTP Commandline Interface
To connect your local machine to the remote machine, type
$ ftp [options] machinename/IP_Address
where machinename is the full hostname of the remote machine, or its IP address
In order to login to ftp on a remote machine, you require an ftp login

username and password on the remote machine. When you enter your own loginname
and password for the remote machine, it returns the prompt below which means you
are connected to the ftp server on the remote machine
ftp>
*
Once you are logged in, ftp permits you access to your own home directory
on the remote machine.
*
You should be able to move around in your own directory and to copy files
to and from your local machine using the FTP interface commands given on the
next page.
FTP Active and Passive Mode
FTP transfers using the FTP Protocol involve two TCP connections. The first
control connection goes from the FTP client to port 21 on the FTP server. This
connection is used for logon and to send commands and responses between the
endpoints. Data transfers (including the output of â€œlsâ€ and â€œdirâ€
commands)requires a second data connection. The data connection is dependent on
the mode that the client is operating in:
Active Mode
In active mode FTP the client connects from a random unprivileged port (N >
1024) to the FTP server's command port, port 21. Then, the client starts
listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The
server will then connect back to the client's specified data port from its local
data port, which is port 20 for transferring data.
FTP Active Mode Data Transfer
Passive Mode
Passive mode is named after the command PASV used by the client to tell the
server it is in passive mode.
In passive mode FTP the client initiates both connections to the server, solving
the problem of firewalls filtering the incoming data port connection to the
client from the server. When opening an FTP connection, the client opens two
random unprivileged ports locally (N > 1024 and N+1). The first port contacts
the server on port 21, but instead of then issuing a PORT command and allowing
the server to connect back to its data port, the client will issue the PASV
command. The result of this is that the server then opens a random unprivileged
port (P > 1024) and sends the PORT P command back to the client. The client then
initiates the connection from port N+1 to port P on the server to transfer data.
FTP Passive Mode Data Transfer
10.3.2.1) Anonymous FTP
*
At times you may wish to copy files from a remote machine on which you do
not have a loginname. This can be done using anonymous FTP.
*
When the remote machine asks for your loginname, you should type in the
word anonymous. Instead of a password, you should enter your own electronic mail
address. This allows the remote site to keep records of the anonymous FTP
requests.
*
Once you have been logged in, you are in the anonymous directory for the
remote machine. This usually contains a number of public files and directories.
Again you should be able to move around in these directories.
*
However, you are only able to copy the files from the remote machine to
your own local machine; you are not able to write on the remote machine or to
delete any files there.
10.3.2.2) Common FTP Commands
FTP Command
Meaning
to request help or information about the FTP
ascii
to set the mode of file transfer to ASCII (this is the default and transmits
seven bits per character)
binary
to set the mode of file transfer to binary(the binary mode transmits all eight
bits per byte and thus provides less chance of a transmission error and must be
used to transmit files other than ASCII files)
bye
to exit the FTP environment (same as quit)
close
to terminate a connection with another computer

cd
to change directory on the remote machine
delete
to delete (remove) a file in the current remote directory (same as rm in UNIX)
get
to copy one file from the remote machine to the local machine.
> get ABC DEF --- copies file ABC in the current remote directory to a file
named DEF in your current local directory.
help
to request a list of all available FTP commands
lcd
to change directory on your local machine (same as UNIX cd)
ls
to list the names of the files in the current remote directory
mget
to copy multiple files from the remote machine to the local machine; mget * ----
copies all the files in the current remote directory to your current local
directory, using the same filenames.
mput
to copy multiple files from the local machine to the remote machine;you are
prompted for a y/n answer before transferring each file
mkdir
to make a new directory within the current remote
put
to copy one file from the local machine to the remote machine
pwd
to find out the pathname of the current directory on the remote machine
quit
to exit the FTP environment (same as bye)
rmdir
remove (delete) a directory in the current remote directory
open
to open a connection with another computer
ftp> open carma.com

10.4. Service Manager : chkconfig ,ntsysv , xinetd
10.4.1. ChkConfig
Chkconfig updates and queries runlevel information for system services.

*
chkconfig provides a simple command-line tool for maintaining the

/etc/rc[0-6].d directory hierarchy by relieving system administrators of the
task of directly manipulating the numerous symbolic links in those directories.
*
Chkconfig has five distinct functions:
1.
Adding new services for management

2.
Removing services from management

3.
Listing the current startup information for services

4.
Changing the startup information for services, and

5.
Checking the startup state of a particular service.
*
When chkconfig is executed without any options, it displays usage
information. If only a service name is given, it checks to see if the service is
configured to be started in the current runlevel.
*
If it is, chkconfig returns true; otherwise it returns false.The --level

option may be used to have chkconfig query an alternative runlevel rather than
the current one.
*
If one of on, off, or reset is specified after the service name, chkconfig
changes the startup information for the specified service.
*
The on and off flags cause the service to be started or stopped,

respectively, in the runlevels being changed.
*
The reset flag resets the startup information for the service to whatever
is specified in the init script in question.
*
By default, the on and off options affect only runlevels 2, 3, 4, and 5,

while reset affects all of the runlevels. The --level option may be used to
specify which runlevels are affected.
*
Chkconfig requires the chkconfig rpm installed on the server.To see the
version of rpm installed, use
$ rpm â€“qa chkconfig
10.4.1.1). Chkconfig commandline Usage
Note that for every service, each runlevel has either a start script or a
stop script. When switching runlevels, init will not re-start an already-started
service, and will not re-stop a service that is not running.
*
Command usage
$ chkconfig --list [name]
$ chkconfig --add name
$ chkconfig --del name
$ chkconfig [--level levels] name <on|off|reset>
$ chkconfig [--level levels] name

name is the name of the service to be configured
Examples:
$ chkconfig â€“list nfs
$ chkconfig â€“add nfs
$ chkconfig -level 1235 nfs on
$ chkconfig â€“del nfs

10.4.2. Ntsysv
Ntsysv provides a simple interface for setting which system services are
started or stopped in various runlevels (instead of directly manipulating the
numerous symbolic links in /etc/rc.d).It again uses chkconfig for its
configuration.
$ ntsysv
By default it configures the current run level. To configure other

runlevels, you can use the option below which will set the services for
runlevels 2,3,5.
$ ntsysv â€“level 235

10.4.3. Xinetd Services
To control access to network services, you can use xinetd, a secure

replacement for inetd.
*
The xinetd daemon conserves system resources, provides access control and
logging, and can be used to start special-purpose servers.
*
xinetd can be used to

o
provide access only to particular hosts.

o
deny access to particular hosts.

o
provide access to a service at certain times.

o
limit the rate of incoming connections .
o
limit the load created by connections, etc.

*
xinetd runs constantly and listens on all of the ports for the services it
manages. When a connection request arrives for one of its managed services,
xinetd starts up the appropriate server for that service.
*
The configuration file for xinetd is /etc/xinetd.conf, but you'll notice

upon inspection of the file that it just contains a few defaults and an
instruction to include the /etc/xinetd.d directory.
*
To enable or disable a xinetd service, edit its configuration file in the

/etc/xinetd.d directory.
*
If the disable attribute is set to yes, the service is disabled.

*
If the disable attribute is set to no, the service is enabled.

*
If you edit any of the xinetd configuration files or change its enabled
status using ntsysv or chkconfig, you must restart xinetd with the command
service xinetd restart before the changes will take effect.
$ /etc/rc.d/init.d/xinetd stop/start/restart
More about xinetd is discussed in a later section on Security -> TCP

wrappers and Xinetd.
10.5. Telnet Program
Telnet is a program that allows users to log into your server and get a
command prompt just as if they were logged into the console.
*
Telnet is installed and enabled by default on RedHat Linux.

*
One of the disadvantages of Telnet is that the data is sent as clear text.
This means that it is possible for someone to use a network analyzer to peek
into your data packets and see your username and password.
*
Telnet is configured via xinetd. The configuration file is at
/etc/xinetd.d/telnet file. Once the changes are made you need to restart the
xinetd deamon.
$ /etc/rc.d/init.d/xinetd restart
You could telnet to a machine by using the telnet client program as,
$ telnet <hostname/ipaddress> <port number>
There are a lot more options which are available to the telnet command
which could be viewed at man telnet from a shell.
10.6. Dynamic Host Configuration Protocol (DHCP)
Dynamic Host Configuration Protocol (DHCP) is a network protocol for

automatically assigning TCP/IP information to client machines.
Each DHCP client connects to the centrally-located DHCP server which

returns that client's network configuration including IP address, gateway, and
DNS servers.
10.6.1. Advantages of DHCP
DHCP is useful for fast delivery of client network configuration.

*
When configuring the client system, the administrator can choose DHCP and
not have to enter an IP address, netmask, gateway, or DNS servers. The client
retrieves this information from the DHCP server.
*
DHCP is also useful if an administrator wants to change the IP addresses

of a large number of systems. Instead of reconfiguring all the systems, he can
just edit one DHCP configuration file on the server for the new set of IP
address.
*
If the DNS servers for an organization changes, the changes are made on
the DHCP server, not on the DHCP clients. Once the network is restarted on the
clients (or the clients are rebooted), the changes will take effect.
10.6.2. DHCP server/Client
For DHCP server, download and install the dhcp rpm package.
10.6.2.1). DHCP server configuration file
The first step in configuring a DHCP server is to create the configuration

file that stores the network information for the clients
*
The configuration file that it uses is /etc/dhcpd.conf.

*
It allows you to define â€œpoolsâ€ of TCP/ IP addresses, which are then

allocated to client PCs by the server.
10.6.2.2). DHCP communication between server-client
The conversation between the DHCP client (the computer requesting an IP

address) and the DHCP server (the computer responsible for assigning IP
addresses) follows a specific pattern.
First, the client sends out a broadcast message asking DHCP servers
to reply with an offer of an IP address. This is a DHCP Discover message. The
DHCP standard allows multiple servers to reply with an offer. The Discover
message can contain suggestions to the servers for an IP address and other IP
parameters. Note that this is only a suggestion.
The second step in the process is for DHCP servers to respond to the
Discover message with an Offer message. The Offer message contains, among other
things, the IP address and the domain name server address the DHCP server is
offering. It also contains a lease period.
The lease period is an important part of the assignment process. the DHCP server
â€œleasesâ€ you an IP address for a specific period of time. Once the lease
expires, the IP address becomes available for others to use. If you are a
permanent network user, your computer periodically renews its lease.
During the third step in the DHCP negotiation process, the client
sends a DHCP Request message back to the DHCP server requesting a specific IP
address. The request also includes something called the server identifier
(usually the IP address of the DHCP server) as a check to confirm that the
request is being made of the correct DHCP server. (More than one DHCP server can
offer an address to the client.)
o
In the fourth and final step, the DHCP server sends a DHCP ACK
message, acknowledging the IP address assignment.
The figure below illustrates the complete process
The DHCP process uses a protocol called BOOTP. This protocol was based
upon Reverse Address Resolution Protocol (RARP), which was one of the first
attempts to allocate network addresses dynamically. BOOTP (DHCP) rides upon User
Datagram Protocol (UDP). As a result, delivery of DHCP messages is not
guaranteed.
There are two ways that a DHCP address can be put back into the pool. One
way is for the lease to expire. The other way is for the client to send a
Release message to the DHCP server
Messages targeted at the DHCP server are sent as broadcast messages with
the special address of 255.255.255.255. Any messages with this destination
address are intended to be â€œreadâ€ by all network devices. More than one DHCP
server could respond to a DHCP Discover message, so these messages should be
sent to everyone. Once the DHCP ACK message has been sent, the client may begin
using the assigned IP address.
10.6.2.3). DHCP Client configuration
To configure the DHCP client manually, you need to modify the

/etc/sysconfig/network file as below to enable networking.
NETWORKING=yes
The /etc/sysconfig/network-scripts/ifcfg-eth0 file should contain the

following lines:
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
10.7. Linux Samba Server
Samba is a strong network service for file and printer sharing that works on the
majority of operating systems available today.
The packages that samba uses is samba-version.tar.gz
Samba Homepage: http://us1.samba.org/samba/samba.html
Samba FTP Site: 63.238.153.11
You need to download: samba-2.0.7.tar.gz or samba-version.tar.gz
The tar file needs to be uncompressed and the samba package configured and
compiled.
10.7.1. Samba configuration file
The configuration file that samba uses is /etc/smb.conf.

*
In this file, you can specify which directory you want to access from
Windows machines, which IP addresses are authorized, and so on.
*
The first few lines of the file under the [global] line contain global
configuration directives, which are common to all shares, unless they are over-
ridden on a per-share basis, followed by share sections.
Reference url for smb.conf file :

http://www.faqs.org/docs/securing/chap29sec284.html
10.7.1. Samba password file for Clients
The /etc/smbpasswd file is the Samba encrypted password file. It contains

the username; Unix UID and SMB hashed passwords of the allowed users to your
Samba server, as well as account flag information and the time the password was
last changed.
*
It's important to create this password file and include all allowed users
to it before your clients try to connect to your Samba server. Without this
step, no one will be able to connect to your Samba server.
*
To create a Samba account you must first have a valid Linux account for
them, so create in your /etc/passwd file all the users you want to connect to
your Samba server first before generating the smbpasswd file of Samba.
*
To add a new users to your /etc/passwd file, use the following commands:
$ useradd smbclient
$ passwd smbclient
Once you have added all Samba clients in your /etc/passwd file on the
Linux server, you now need to generate the smbpasswd file from the /etc/passwd
file.
Reference url : http://www.faqs.org/docs/securing/chap29sec286.html

10.8. Linux Proxy Server â€“ Squid
The utility squid is an internet proxy server that can be used within a
network to distribute an internet connection to all the computers within the
network.
*
Because it is a proxy, it has the capabilities to log all user actions
such as the URLs visited.
10.8.1. Squid Package and Config File
Squid uses the rpm squid or the squid package can be installed from source
tarball.
*
Squid uses the config file /etc/squid/squid.conf. Access through the proxy
can be given by individual IP addresses or by a subnet of IP addresses.
*
In squid.conf search for the default access control lists(acl) and add the
following lines below them:
acl mynetwork src 192.168.1.0/255.255.255.0 (for subnet)
or
acl mynetwork src 192.168.1.0/24 ( for subnet)
acl mynetwork src 192.168.1.10/255.255.255.0 (for individual IP)
Then add the access control list named "mynetwork" to the http_access list
with the following line:
# http_access allow mynetwork
The default port for the proxy is 3128. Uncomment the following line and
replace 3128 with the desired port :
http_port 3128
10.8.2. Stopping , Starting and Restarting Squid
Starting squid
$ /etc/rc.d/init.d/squid start
Restarting squid
$ /etc/rc.d/init.d/squid restart
Stopping squid
$ /etc/rc.d/init.d/squid stop
10.8.3. Configuring squid Clients
To configure any application including a web browser to use squid, modify

the proxy setting with the IP address of the squid server and the port number
(default 3128).
11. SECURING LINUX SYSTEMS
Linux was built from the ground up with security in mind. However, this security
will amount to nothing if some basic security measures are not adopted.
"Security is not an option, but a way of life". This is the mantra given by Kurt
Seifried, the author of the famed 'Linux Administrators Security Guide' which
holds true for all linux systems.
This section will discuss various means with which you can secure the assets you
have worked hard for: your local machine, your data, your users, your network.
11.1. Physical Security
Physical security should be of the utmost concern. Linux production

servers should be in locked datacenters where only people with passed security
checks have access.
Since we assume that all Linux production systems are physically secured,
we will not cover the configuration of a boot loader password. This could
actually pose a problem for rebooting servers remotely.
11.2. Local Security
Here we discuss the security of the system against attacks from local
users.
*
Getting access to a local user account is one of the first things that
system intruders attempt while on their way to exploiting the root account.
With lax local security, they can then "upgrade" their normal user access
to root access using a variety of bugs and poorly setup local services.
If you make sure your local security is tight, then the intruder will have
another hurdle to jump.
11.2.1. Checking for Unlocked Accounts
It is important that all system and vendor accounts that are not used for
logins are locked. Since no one is using them, they provide the ideal attack
vehicle.
To get a list of unlocked accounts on your system, you can check for
accounts that do NOT have an encrypted password string starting with "!" or "*"
in the /etc/shadow file.
If you lock an account using passwd -l, it will put a '!!' in front of the
encrypted password, effectively disabling the password. If you lock an account
using usermod -L, it will put a '!' in front of the encrypted password.
Many system and shared accounts are usually locked by default by having a
'*' or '!!' in the password field which renders the encrypted password into an
invalid string.
Hence, to get a list of all unlocked (encryptable) accounts, run:
$ egrep -v '.*:\*|:!' /etc/shadow | awk -F: '{print $1}'
*
Also make sure all accounts have a 'x' in the password field in
/etc/passwd. The following command lists all accounts that do not have a 'x' in
the password field:
$ grep -v ':x:' /etc/passwd
A 'x' in the password field means that the password has been shadowed,
i.e. the encrypted password has to be looked up in the /etc/shadow file.
If the password field in /etc/passwd is empty, then the system will not
lookup the shadow file and it will not prompt the user for a password at the
login prompt.
11.2.2. Checking for Unused Accounts
All system or vendor accounts that are not being used by users,
applications, by the system or by daemons should be removed from the system. You
can use the following command to find out if there are any files owned by a
specific account:
$ find / -path /proc -prune -o -user <account> -ls
The -prune option in this example is used to skip the /proc filesystem.
If you are sure that an account can be deleted, you can remove the account
using the following command:
$ userdel -r <account>
Without the "-r" option userdel will not delete the user's home directory
and mail spool (/var/spool/mail/<user>). Note that many system accounts have no
home directory.
11.3. Files and File system Security

11.3.1. Default Umask
The umask (user file-creation mode mask) command is a shell built-in

command which determines the default file permissions for newly created files.
This can be overwritten by system calls but many programs and utilities make use
of umask.
Configure your users' file-creation umask to be as restrictive as

possible.
By default, Red Hat sets umask to 022 or 002 which is fine.
If the name of the user account and the group account is the same and the
UID is 100 or larger, then umask is set to 002, otherwise it's set to 022.
11.3.2. SUID/SGID Files
There should never be a reason for users' home directories to allow

SUID/SGID programs to be run from there.
Use the nosuid option in /etc/fstab for partitions that are writable by
others than root.
You may also wish to use nodev and noexec on /tmp partitions, as well as
/var/tmp, thus prohibiting execution of programs, and creation of character or
block devices, which should never be necessary anyway.
SUID and SGID files on your system are a potential security risk, and
should be monitored closely. Because these programs grant special privileges to
the user who is executing them, it is necessary to ensure that insecure programs
are not installed.
A favorite trick of crackers is to exploit SUID-root programs, then leave

a SUID program as a back door to get in the next time, even if the original hole
is plugged.
Find all SUID/SGID programs on your system, and keep track of what they
are, so you are aware of any changes which could indicate a potential intruder.
Use the following command to find all SUID/SGID files on your system:
$ find / -path /proc -prune -o -type f -perm +6000 -ls
11.3.3. World-Writable Files
World-writable files are a security risk since it allows anyone to modify

them. Additionally, world-writable directories allow anyone to add or delete
files.
To locate world-writable files and directories, you can use the following
command:
$ find / -path /proc -prune -o -perm -2 ! -type l -ls
The "! -type l" parameter skips all symbolic links since symbolic links
are always world-writable. However, this is not a problem as long as the target
of the link is not world-writable, which is checked by the above find command.
World-Writable directories with sticky bit such as the /tmp directory do

not allow anyone to delete or modify files in this directory.
The sticky bit makes files stick to the user who created it and it
prevents other users from deleting and renaming the files. Therefore, depending
on the purpose of the directory , world-writable directories with sticky are
usually not an issue. An example is the /tmp directory.
11.3.4. Setting File System Limits
Set file system limits instead of allowing unlimited as is the default.

You can control the per-user limits using the resource-limits PAM module and
/etc/pam.d/limits.conf. For example, limits for group users might look like
this:
@users hard core 0
@users hard nproc 50
@users hard rss 5000
This says to prohibit the creation of core files, restrict the number of
processes to 50, and restrict memory usage per user to 5M.
11.3.5. Unowned Files
Unowned files may also be an indication an intruder has accessed your

system.
You can locate files on your system that have no owner, or belong to no
group with the command:
$ find / -path /proc -prune -o -nouser -o -nogroup

11.3.6. Protecting Binaries like Compilers
The immutable bit can be used to prevent accidentally deleting or

overwriting a file that must be protected like some of the system binaries.
*
It also prevents someone from creating a hard link to the file.For
example, setting the gcc compiler to immutable is a good idea
$ chattr +ia /usr/bin/gcc

11.3.7. Integrity Checking
Another very good way to detect local (and also network) attacks on your
system is to run an integrity checker like Tripwire or ChkRootkit.
These integrety checkers run a number of checksums on all your important

binaries and config files and compares them against a database of former, known-
good values as a reference. Thus, any changes in the files will be flagged.
It's a good idea to run it as part of your normal security administration

duties to see if anything has changed as a part of the cron job as below.
# set mailto
MAILTO=admin@server.com
# run Tripwire
15 05 * * * root /usr/local/adm/tcheck/tripwire
OR
# set mailto
MAILTO=admin@server.com
# run Tripwire
15 05 * * * sh /root/chkrootkit-3.2/chkrootkit
You can find the freely available unsusported version of Tripwire at

http://www.tripwire.org, free of charge.
*
And the latest version of chkrootkit is available for download from
http://www.chkrootkit.org/download/
11.3.8. Trojan Horses, Backdoors and Rootkits
Trojan Horses are malicious, security-breaking programs that is disguised

as something benign. The idea is that a cracker distributes a program or binary
that sounds great, and encourages other people to download it and run it as
root. Then the program can compromise their system.
The crackers who thereby gain access to the system can create backdoors
which will later allow them to re-enter the system.
Furthermore, they may also use Trojan root kits to hide the Trojan horse
such as a â€œtrojanedâ€ /bin/ps to hide their daemons.
Usually on a trojan horse infected machine, intruders often replace the

important system binaries such as ps, fuser, netstat , lsmod, find, cp, move,
kill etc with Trojan horse equivalents, so do not use these tools on the machine
you are investigating unless you have verified that they havenâ€™t been altered
or replaced.
To find out if a system is infected by a trojan or backdoor rootkits, it

may be necessary to check currently running daemons to see whether a Trojan
horse has infected them.
For example, the syslogd process could have been compromised and, instead
of the valid daemon running on UDP port 514, there could be a Trojan daemon on
that port.
Therefore, all binaries or running daemons may need to be checked for

validity. This could become a time-consuming task that may not be worth the time
or money.
*
This task could be made easier by using open source third-party tools
which can detect a Trojan horse or to supplement the toolkit of well-known
binaries.
One such tool is called chkrootkit (http://www.chkrootkit.org), which can

detect a rootkit that has been installed as part of the Trojan horse.
Chkrootkit looks for known â€œsignaturesâ€ in trojaned system binaries.

It can detect rootkits such as the Ramen Worm, the T0rn rootkit, or the
Ambientâ€™s Rootkit for Linux, just to name a few. It can also detect
promiscuous interfaces.
Back Orifice and NetBus are two popular trojans that affect linux
machines.
An interesting reference url on trojan horses is :

http://www.samag.com/documents/s=7467/sam0208e/0208e.htm
11.3.8.1). Nmap tool
Nmap is a Network exploration tool and security scanner.
Nmap is designed to allow system administrators and curious individuals to

scan large networks to determine which hosts are up and what services they are
offering.
Depending on options used, nmap may also report the following

characteristics of the remote host: OS in use, TCP sequencability, usernames
running the programs which have bound to each port, the DNS name, whether the
host is a smurf address, and a few others.
*
For example, consider the instance where a machine is infected by a trojan

horse, and we need to check if the trojan is listening to any port on the
machine ( usually a backdoor to re-enter the machine later).
The following options can be used with the nmap commandline to scan for
all open tcp and udp ports on the machine.
$ /toolkit/nmap -sU -sS -p 1-65535 localhost
Here is an example of the results:
Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on localhost.localdomain (127.0.0.1):
(The 131048 ports scanned but not shown below are in state: closed)
Port State Service
Unable to find nmap-services! Resorting to /etc/services
25/tcp open smtp
53/tcp open domain
53/udp open domain
80/tcp open http
110/tcp open pop3
111/tcp open sunrpc
111/udp open sunrpc
137/udp open netbios-ns
138/udp open netbios-dgm
139/tcp open netbios-ssn
143/tcp open imap
389/tcp open ldap
443/tcp open https
515/tcp open printer

617/tcp open unknown
10000/udp open unknown
35737/udp open unknown
Nmap automatically tries to map port numbers with service names in

/etc/services, but it returns the unknown if it doesnâ€™t find anything.
If, after checking your nmap results, you donâ€™t recall anything on your
machine that should be listening on tcp port 19635, you can find out by using
the fuser command.
To determine which process is running on this port number, run the

following:
$ fuser â€“vn tcp 19635
$ /toolkit/fuser -vn tcp 19635
USER PID ACCESS COMMAND
19635/tcp root 32444 f.... http
This indicates that there is a process named â€œhttpâ€ running with PID
32444 and listening on port 19635. This http process is not the Apache Web
server. If we missed this before, we would now know that the Trojan horse
disguised itself by blending in with the multiple valid httpd processes running
on the machine.
11.4. Password Security and Encryption
*
One of the most important security features used today are passwords. It
is important for both you and all your users to have secure, unguessable
passwords.
Most of the more recent Linux distributions include passwd programs that
do not allow you to set a easily guessable password. Make sure your passwd
program is up to date and has these features.
11.4.1. Encryption Methods

11.4.1.1). DES (Data Encryption Standard)
Most Unix/Linux primarily use a one-way encryption algorithm, called DES

(Data Encryption Standard) to encrypt your passwords.
This encrypted password is then stored in (typically) /etc/passwd or (less

commonly) in /etc/shadow.
When you attempt to login, the password you type in is encrypted again and
compared with the entry in the file that stores your passwords.
If they match, it must be the same password, and you are allowed access.
Although DES is a two-way encryption algorithm (you can code and then decode a
message, given the right keys), the variant that most Unixes use is one-way.
This means that it should not be possible to reverse the encryption to get
the password from the contents of /etc/passwd (or /etc/shadow).
11.4.1.2). PGP and Public-Key Cryptography
Public-key cryptography, such as that used for PGP, uses one key for
encryption, and one key for decryption.
*
To alleviate the need to securely transmit the encryption key, public-key

encryption uses two separate keys: a public key and a private key.
Each person's public key is available by anyone to do the encryption,

while at the same time each person keeps his or her private key to decrypt
messages encrypted with the correct public key.
PGP (Pretty Good Privacy) is well-supported on Linux. GnuPG is a complete

and free replacement for PGP and is in compliance with OpenPGP.
11.4.2. Authentication Methods
11.4.2.1). PAM - Pluggable Authentication Modules
PAM is an authentication scheme that allows you to change your

authentication methods and requirements on the fly, and encapsulate all local
authentication methods without recompiling any of your binaries.
Some of the features that can be done with PAM are:
Use encryption other than DES for your passwords. (Making them
harder to brute-force decode)
Set resource limits on all your users so they can't perform denial-
of-service attacks (number of processes, amount of memory, etc)
Enable shadow passwords on the fly .
o
Allow specific users to login only at specific times from specific
places
11.4.2.2). Cryptographic IP Encapsulation (CIPE)
The primary goal of this software is to provide a facility for secure

(against eavesdropping, including traffic analysis, and faked message injection)
subnetwork interconnection across an insecure packet network such as the
Internet.
CIPE encrypts the data at the network level. Packets traveling between
hosts on the network are encrypted.
The encryption engine is placed near the driver which sends and receives
packets.
This is unlike SSH, which encrypts the data by connection, at the socket
level. A logical connection between programs running on different hosts is
encrypted.
CIPE can be used in tunnelling, in order to create a Virtual Private

Network. Low-level encryption has the advantage that it can be made to work
transparently between the two networks connected in the VPN, without any change
to application software.
11.4.2.3). Kerberos
Kerberos is an authentication system developed by the Athena Project at

MIT.
When a user logs in, Kerberos authenticates that user (using a password),
and provides the user with a way to prove her identity to other servers and
hosts scattered around the network.
*
This authentication is then used by programs such as rlogin to allow the

user to login to other hosts without a password (in place of the .rhosts file).
Kerberos and the other programs that come with it, prevent users from
"spoofing" the system into believing they are someone else.
11.4.3. Enforcing Stronger Passwords
It is important to restrict people from using simple passwords that can be

cracked too easily. However, if the passwords being enforced are too strong,
people start writing them down. Strong passwords that are written down are not
much safer than weak passwords.
The pam_cracklib module checks the password against dictionary words and
other constraints.
The following example shows how to enforce the following password rules:
- Minimum length of password must be 8
- Minimum number of lower case letters must be 1
- Minimum number of upper case letters must be 1
- Minimum number of digits must be 1
- Minimum number of other characters must be 1
pam_cracklib.so
minlen=8
Minimum length of password is 8
pam_cracklib.so
lcredit=-1
Minimum number of lower case letters is 1
pam_cracklib.so
ucredit=-1
Minimum number of upper case letters is 1
pam_cracklib.so
dcredit=-1
Minimum number of digits is 1
pam_cracklib.so
ocredit=-1
Minimum number of other characters is 1
To setup these password restrictions, edit the /etc/pam.d/system-auth file

and add/change the following pam_cracklib arguments highlighted in blue:
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so

account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=8

lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5

shadow
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
Now verify that the new password restrictions work for new passwords.
NOTE : The /etc/pam.d/system-auth PAM configuration file is auto-generated

and contains records which dictate a generic authentication scheme and using the
authconfig command will revert some of these changes that you made.
11.4.4. Locking User Accounts After Many Login Failures
The following example will show how to lock only individual user accounts
after too many failed su or login attempts.
Add the following two lines highlighted in blue to the /etc/pam.d/system-

auth file as shown below:
auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so

account required /lib/security/$ISA/pam_tally.so per_user deny=5
no_magic_root reset
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5

shadow
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
The first added line counts failed login and failed su attempts for each
user. The default location for attempted accesses is recorded in
/var/log/faillog.
The second added line specifies to lock accounts automatically after 5

failed login or su attempts (deny=5). The counter will be reset to 0 (reset) on
successful entry if deny=n was not exceeded.
11.4.5. Restricting Direct Login for System/Shared Accounts
All users should do a direct login using their own account and then switch to
the system or shared account. Its always better to restrict direct login as root
or other system or shared accounts.
In this example we will discuss how to restrict direct logins for system or
shared account :
- SSH (/etc/pam.d/sshd)
- Console Login (/etc/pam.d/login)
- or for all logins (/etc/pam.d/system-auth)
For restricting direct SSH Logins add the pam_access module to

/etc/pam.d/sshd as follows:
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required /lib/security/pam_access.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
For Console Logins add the pam_access module to /etc/pam.d/login as

follows:
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required /lib/security/pam_access.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_selinux.so close
session required pam_stack.so service=system-auth
session optional pam_console.so
session required pam_selinux.so multiple open
For all logins, add the following line to the /etc/security/access.conf

configuration file:
-:ALL EXCEPT users :ALL
*
The /etc/security/access.conf configuration file is read by the pam_access
module. This entry specifies that no users are accepted except users that are in
the "users" group.
Since the pam_access module has been configured for "Authorization"

(account) in the above PAM configuration files, it denies direct logins for all
accounts except the ones that are in the "users" group.
To disallow non-local logins to privileged accounts (group wheel), add the

following entry to /etc/security/access.conf
-:wheel:ALL EXCEPT LOCAL server.hostname
11.4.6. Password Cracking/Brute Force Attack
Password cracking programs work on a simple idea: they try every word in
the dictionary, and then variations on those words, encrypting each one and
checking it against your encrypted password. If they get a match they know what
your password is.
A brute force attack consists of trying every possible code, combination,

or password until you find the right one.
11.4.6.1). How the brute force attack works?
1.
Manual login attempts, they will try to type in a few usernames and
passwords
2.
Dictionary based attacks, automated scripts and programs will try

guessing thousands of usernames and passwords from a dictionary file, sometimes
a file for usernames and another file for passwords.
3.
Generated logins, a cracking program will generate random usernames
set by the user. They could generate numbers only, a combination of numbers and
letters or other combinations.
11.4.6.2). Signs of a brute force attempt
You can easily spot a brute force attempt by checking your servers log
file - /var/log/messages.
You will see a series of failed login attempts for the service theyâ€™re
trying to break into.
A sample failed login is shown below:
Check for failed login attemps such as:
Apr 11 19:02:10 fox proftpd[6950]: yourserver (usersip[usersip]) - USER

theusername (Login failed): Incorrect password.
11.4.6.3). Tools to stop and prevent brute force hack attempts
Never enable demo or guest accounts as they will be the first way an
attacker will get access into your system and further exploit it.
Never have more than one user in the root group.
Install the APF Firewall and Brute Force Detection(BFD) Software which is
a modular shell script for parsing applicable logs and checking for
authentication failures.
*
If it finds that your authentication failed the set amount of times for an
application, it will ban your IP address using APF firewall.
APF is a firewall that works using iptables but has some nice features
added and makes it easy to use, including Anti-Dos protection.
The two of these make an excellent, automated brute force prevention

package.
BFD checks your logs every few minutes for multiple failed logins
attempts, based on a set of rules, if the person fails to login X amount of
times the IP is automatically banned at the firewall, preventing further attacks
on your system.
11.5. Network Security
Network security is becoming more and more important as people spend more
and more time connected. Compromising network security is often much easier than
compromising physical or local security, and is much more common.
11.5.1. Network Intruders and Attacks

11.5.1.1). Packet Sniffers
One of the most common ways intruders gain access to more systems on the
network is by employing a packet sniffer on an already compromised host.
This "sniffer" just listens on the Ethernet port for things like passwd
and login and su in the packet stream and then logs the traffic after that.
This way, attackers gain passwords for systems they are not even
attempting to break into. Clear-text passwords are very vulnerable to this
attack.
*
Example: Host A has been compromised. Attacker installs a sniffer. Sniffer

picks up admin logging into Host B from Host C. It gets the admins personal
password as they login to B.
Then, the admin does a su to fix a problem. They now have the root
password for Host B. Later the admin lets someone telnet from his account to
Host Z on another site. Now the attacker has a password/login on Host Z.
Using ssh or other encrypted password methods thwarts this attack. Things
like APOP for POP accounts also prevents this attack. (Normal POP logins are
very vulnerable to this, as is anything that sends clear-text passwords over the
network.)
The safest method to counteract this problem is by transmitting data over

a secure network such as ssh in which case data is transmitted in an encypted
format.
11.5.1.2). Denial Of Service (DOS) Attacks
Denial-of-service" attack is characterized by an explicit attempt by

attackers to prevent legitimate users of a service from using that service.
Examples include :
attempts to "flood" a network, thereby preventing legitimate network

traffic .
o
attempts to disrupt connections between two machines, thereby

preventing access to a service .
o
attempts to prevent a particular individual from accessing a

service.
o
attempts to disrupt service to a specific system or person.
Illegitimate use of resources may also result in denial of service. For

example, an intruder may use your anonymous ftp area as a place to store illegal
copies of commercial software, consuming disk space and generating network
traffic.
Impact of DOS Attacks
Denial-of-service attacks can essentially disable your computer or your

network. Depending on the nature of your enterprise, this can effectively
disable your organization.
Some denial-of-service attacks can be executed with limited resources

against a large, sophisticated site. This type of attack is sometimes called an
"asymmetric attack."
Modes Of Attack
Denial-of-service attacks come in a variety of forms and aim at a variety of

services. There are three basic types of attack:
1. Consumption of scarce, limited, or non-renewable resources.
2.
Destruction or alteration of configuration information.
3.
Physical destruction or alteration of network components
The Denial of Service Attack comes in the first category and it can affect the
resources on the server and crash the server in the following situations
discussed below.
1. Consumption of Scarce Resources

*
Denial-of-service attacks are most frequently executed against network

connectivity. The goal is to prevent hosts or networks from communicating on the
network. An example of this type of attack is the "SYN flood" attack.
In this type of attack, the attacker begins the process of establishing a

connection to the victim machine, but does it in such a way as to prevent the
ultimate completion of the connection.
In the meantime, the victim machine has reserved one of a limited number
of data structures required to complete the impending connection. The result is
that legitimate connections are denied while the victim machine is waiting to
complete bogus "half-open" connections.
You should note that this type of attack does not depend on the attacker
being able to consume your network bandwidth. In this case, the intruder is
consuming kernel data structures involved in establishing a network connection.
The implication is that an intruder can execute this attack from a dial-up
connection against a machine on a very fast network. (This is a good example of
an asymmetric attack.)
2. Using Your Own Resources Against You
An intruder can also use your own resources against you in unexpected
ways.
An example is an attack in which the intruder uses forged UDP packets to

connect to the echo service on one machine to the chargen service on another
machine.
*
The result is that the two services consume all available network
bandwidth between them. Thus, the network connectivity for all machines on the
same networks as either of the targeted machines may be affected.
3. Bandwidth Consumption
An intruder may also be able to consume all the available bandwidth on

your network by generating a large number of packets directed to your network.
Typically, these packets are ICMP ECHO packets, but in principle they may
be anything.
Further, the intruder need not be operating from a single machine; he may
be able to coordinate or co-opt several machines on different networks to
achieve the same effect making it difficult to block the IP address.
4. Consumption of Other Resources
In addition to network bandwidth, intruders may be able to consume other

resources that your systems need in order to operate.
For example, in many systems, a limited number of data structures are

available to hold process information (process identifiers, process table
entries, process slots, etc.).
An intruder may be able to consume these data structures by writing a

simple program or script that does nothing but repeatedly create copies of
itself.
Many modern operating systems have quota facilities to protect against

this problem, but not all do.
*
An intruder may also attempt to consume disk space in other ways,
including generating excessive numbers of bogus mail messages to domains on the
server called â€œemail bombing spammingâ€ .
In general, anything that allows data to be written to disk can be used to

execute a denial-of-service attack if there are no bounds on the amount of data
that can be written.
Also, many sites have schemes in place to "lockout" an account after a

certain number of failed login attempts. A typical set up locks out an account
after 3 or 5 failed login attempts.
An intruder may be able to use this scheme to prevent legitimate users

from logging in. In some cases, even the privileged accounts, such as root or
administrator, may be subject to this type of attack.
If your systems are experiencing frequent crashes with no apparent cause, it

could be the result of these type of DOS attacks.
Some of the more popular and recent DOS attacks are listed below.
SYN Flooding - SYN flooding is a network denial of service attack. It

takes advantage of a "loophole" in the way TCP connections are created.Its a
common form of DOS attack to the Apache webserver. The newer Linux kernels
(2.0.30 and up) have several configurable options to prevent SYN flood attacks
from denying people access to your machine or services.
Pentium "F00F" Bug - It was recently discovered that a series of assembly

codes sent to a genuine Intel Pentium processor would reboot the machine. This
affects every machine with a Pentium processor (not clones, not Pentium Pro or
PII), no matter what operating system it's running. Linux kernels 2.0.32 and up
contain a work around for this bug, preventing it from locking your machine.
Ping Flooding - Ping flooding is a simple brute-force denial of service

attack. The attacker sends a "flood" of ICMP packets to your machine. If they
are doing this from a host with better bandwidth than yours, your machine will
be unable to send anything on the network.
A variation on this attack, called "smurfing", sends ICMP packets to a

host with your machine's return IP, allowing them to flood you less detectably.
You can find more information about the "smurf" attack at
http://www.quadrunner.com/~chuegen/smurf.txt
If you are ever under a ping flood attack, use a tool like tcpdump to
determine where the packets are coming from (or appear to be coming from), then
contact your provider with this information. Ping floods can most easily be
stopped at the router level or by using a firewall.
Ping o' Death - The Ping o' Death attack sends ICMP ECHO REQUEST packets
that are too large to fit in the kernel data structures intended to store them.
Because sending a single, large (65,510 bytes) "ping" packet to many systems
will cause them to hang or even crash, this problem was quickly dubbed the "Ping
o' Death." This one has long been fixed, and is no longer anything to worry
about.
Teardrop / New Tear - One of the most recent exploits involves a bug
present in the IP fragmentation code on Linux and Windows platforms. It is fixed
in kernel version 2.0.33, and does not require selecting any kernel compile-time
options to utilize the fix. Linux is apparently not vulnerable to the "newtear"
exploit.
11.5.1.3). Attacks via IP Spoofing
A spoofing attack involves forging one's source address. It is the act of

using one machine to impersonate another. For example,
Let your IP Address be: 203.45.98.01 (REAL)
Let the IP Address of the Victim computer be: 202.14.12.1 (VICTIM)
Let the IP Address of the system you want data to be sent from: 173.23.45.89
(FAKE)
*
Normally sitting on the computer whose IP is REAL, the datagrams you send
to VICTIM will appear to have come from REAL. Now consider a situation in which
you want to send data packets to VICTIM and make him believe that they came from
a computer whose IP is FAKE i.e.173.23.45.89. This is when you perform IP
Spoofing.
Most of the applications and tools in UNIX rely on the source IP address
authentication. Many developers have used the host based access controls to
secure their networks.
Source IP address is a unique identifier but not a reliable one. It can

easily be spoofed using some IP spoofing tools as below.
Mendax for Linux : Mendax is an easy-to-use tool for TCP sequence

number prediction and rshd spoofing.
Ipspoof : ipspoof is a TCP and IP spoofing utility.
Hunt : hunt is a sniffer which also offers many spoofing functions.
Dsniff :dsniff is a collection of tools for network auditing and

penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and
webspy passively monitor a network for interesting data (passwords, e-mail,
files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of
network traffic.
IP Spoofing thus, can be said to be the process by which you change or

rather spoof your IP Address, so as to fool the target system into believing
that your identity is not the one, which is actually yours, but make it believe
that you actually are the computer having the spoofed address.
IP Spoofed Attack is a Blind Attack
*
What we mean by a blind attack is that, we do not get any messages or any
feedback regarding our progress.
When an attacker is trying to perform IP Spoofing, then, there is no

mechanism which tells him, whether he has been successful or not, if yes then by
what extent or if no then what when wrong.
Taking the assumptions made earlier, we can explain this problem in the
following manner:
The main problem with IP Spoofing is that even if you (REAL) are able to
send a spoofed datagram to the remote host (VICTIM), making it believe that the
datagram came from FAKE, then the remote host (VICTIM) will reply to the spoofed
IP Address (FAKE) and not your real IP Address (REAL), thus, as a result, REAL
does not get any feedback whatsoever, regarding his progress.
The following is the explanation of the blind nature of IP Spoofing, using

the concept of the three-way handshake, which has to take place, each time a
TCP/IP connection is established.
If REAL wants to establish a TCP/IP connection with VICTIM, without

spoofing of any IP Address, then typically the three way handshake would take
place as follows:
1. REAL sends a SYN packet to VICTIM.
2. VICTIM sends back a SYN/ACK packet to REAL.
3. REAL acknowledges this by replying with a SYN packet.
However, if REAL wants to spoof his IP Address and make it appear to be

FAKE, then the following will take place:
1.
REAL sends a SYN packet to VICTIM, but this time with the
source address being FAKE.
2.
VICTIM sends back a SYN/ACK packet to FAKE. There is no way

that REAL can determine when and if VICTIM has actually replied with a SYN/ACK
addressed to FAKE. This is the blind part and REAL just has to let some time
pass (once it has sent a SYN packet to VICTIM) and assume that by then VICTIM
must have sent a SYN/ACK to FAKE.
3.
After some time has passed, REAL then has to send a SYN packet
to VICTIM acknowledging that FAKE has received the SYN/ACK packet. (Assuming
that it indeed has.)
Measures to prevent IP Spoofed Attacks:
Avoid using the source address authentication. Implement cryptographic

authentication systemwide.
Configure your network to reject packets from the InterNet that claim to
originate from a local address. This is most commonly done with a router or
using a firewall like APF or Bastille.
If you allow outside connections from trusted hosts, enable encryption

sessions at the router.
Spoofed attacks are very dangerous and difficult to detect. They are
becoming more and more popular now.
The only way to prevent these attacks are to implement security measures
like encrypted authentication to secure your network.
11.5.2. TCP Wrappers and xinetd
*
Controlling access to network services is one of the most important
security tasks facing a server administrator.
Fortunately, under Red Hat Linux there are a number of tools which do just
that. For instance, an iptables-based firewall filters out unwelcome network
packets within the kernel's network stack.
For network services that utilize it, TCP wrappers add an additional layer
of protection by defining which hosts are allowed or not allowed to connect to
"wrapped" network services.
One such wrapped network service is the xinetd super server. This service
is called a super server because it controls connections to a subset of network
services and further refines access control.
Figure below is a basic illustration of how these tools work together to

protect network services.
11.5.2.1). Controlling DOS Attacks Via Xinetd
The xinetd daemon can add a basic level of protection from a Denial of Service
(DoS) attacks.
Below is a list of directives which can be used in /etc/xinetd.conf that aid in

limiting the effectiveness of such attacks:
per_source â€” Defines the maximum number of instances for a service per
source IP address. It accepts only integers as an argument and can be used in
both xinetd.conf and in the service-specific configuration files in the
xinetd.d/ directory.
cps â€” Defines the maximum number of connections per second. This
directive takes two integer arguments separated by white space. The first is the
maximum number of connections allowed to the service per second. The second is
the number of seconds xinetd must wait before re-enabling the service. It
accepts only integers as an argument and can be used in both xinetd.conf and in
the service-specific configuration files in the xinetd.d/ directory.
max_load â€” Defines the CPU usage threshold for a service. It accepts a
floating point number argument.
11.5.3. SATAN, ISS, and Other Network Scanners
There are a number of different software packages out there that do port
and service-based scanning of machines or networks.
SATAN, ISS, SAINT, and Nessus are some of the more well-known ones. This
software connects to the target machine (or all the target machines on a
network) on all the ports they can, and try to determine what service is running
there.
Based on this information, you can tell if the machine is vulnerable to a

specific exploit on that server.
SATAN (Security Administrator's Tool for Analyzing Networks) is a port

scanner with a web interface. It can be configured to do light, medium, or
strong checks on a machine or a network of machines. It's a good idea to get
SATAN and scan your machine or network, and fix the problems it finds. Make sure
you get the copy of SATAN from metalab or a reputable FTP or web site
ISS (Internet Security Scanner) is another port-based scanner. It is

faster than Satan, and thus might be better for large networks. However, SATAN
tends to provide more information.
SAINT is a updated version of SATAN. It is web-based and has many more up-
to-date tests than SATAN. You can find out more about it at:
http://www.wwdsi.com/~saint
*
Nessus is a free security scanner. It has a GTK graphical interface for

ease of use. It is also designed with a very nice plug in setup for new port-
scanning tests.
For more information, take a look at: http://www.nessus.org
11.5.3.1). Detecting Port Scans
There are some tools designed to alert you to probes by SATAN and ISS and
other scanning software on your server in case an intruder is trying to exploit
your machine.
However, if you liberally use tcp_wrappers, and look over your log files
/var/log/messages regularly, you should be able to notice such probes.
Even on the lowest setting, SATAN still leaves traces in the logs on a
stock Red Hat system.
There are also "stealth" port scanners. A packet with the TCP ACK bit set
(as is done with established connections) will likely get through a packet-
filtering firewall. The returned RST packet from a port that _had no established
session_ can be taken as proof of life on that port. The TCP wrappers will not
detect this.
11.5.4. Securing SSH
Many network services like telnet, rlogin, and rsh are vulnerable to
eavesdropping which is one of several reasons why SSH should be used instead.
Red Hat's default configuration for SSH meets the security requirements
for most environments. However, a few security tweaking that can be done are as
follows:
*
/etc/ssh/sshd_config: It is advisable to disable direct root login at the
SSH layer as well by setting the parameter below in the ssh configuration file
mentioned.
PermitRootLogin no
You may also disable TCP forwarding and sftp if you don't use it:
AllowTcpForwarding no
#Subsystem sftp /usr/lib/misc/sftp-server
Since SSH protocol version 1 is not as secure as Protocol 2, you may want
to limit the protocol to version 2 only by setting the following parameter:
Protocol 2
After changing any parameter, make sure to restart sshd:
$ /etc/rc.d/init.d/sshd restart
11.5.5. Securing NFS
NFS (Network File System) allows servers to share files over a network. But like
all network services using NFS involves risk.
Here are some basic rules:
NFS should not be enabled if not needed.

*
If you must use NFS, use TCP wrapper to restrict remote access.
Make sure you export to only those machines that you really need to.
Use fully qualified domain names to diminish spoofing attempts
Export only directories you need to export.
Export read-only wherever possible.
Use NFS over TCP.
If you don't have shared directories to export, ensure that the NFS
service is NOT enabled and running:
$ service nfs status
rpc.mountd is stopped
nfsd is stopped
rpc.rquotad is stopped
$ chkconfig --list nfs
nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
You probably don't need the portmap service as well which is used by NFS
(the portmap daemon registers rpc-based services for services like NFS, NIS,
etc.):
$ service portmap status
portmap is stopped
$ chkconfig --list portmap
portmap 0:off 1:off 2:off 3:off 4:off 5:off 6:off
11.5.5.1). Restricting Incoming NFS Requests
A recommended security-strategy is to block all incoming requests by

default, but allow specific hosts or networks to connect.
The portmap program and some of the NFS programs include a built-in TCP
wrapper. To verify if a program includes a TCP wrapper, you can run the
following commands:
$ strings /sbin/portmap | egrep "hosts.deny|hosts.allow|libwrap"
hosts_allow_table
hosts_deny_table
/etc/hosts.allow
/etc/hosts.deny
$ strings /usr/sbin/rpc.rquotad | egrep "hosts.deny|hosts.allow|libwrap"
libwrap.so.0
$ ldd /usr/sbin/rpc.rquotad | grep libwrap
libwrap.so.0 => /usr/lib/libwrap.so.0 (0x00874000)
If hosts.deny and hosts.allow are displayed, or if libwrap is displayed,

then the program includes a built-in TCP wrapper. If none of these strings are
displayed, then adding the program name to /etc/hosts.deny and /etc/hosts.allow
will have no effect.
*
To block all incoming requests by default, add the following line to

/etc/hosts.deny if you have not done so yet:
ALL: ALL
Verify from a remote server that portmapper does not list any registered
RPC programs:
$ rpcinfo -p <server>
No remote programs registered.
To allow NFS requests from e.g. servers server1, server2, server3 and from
the .subnet.example.com network, the configuration in /etc/hosts.allow would
look like as follows:
portmap: rac1pub rac2pub rac3pub .subnet.example.com
rpc.mountd: rac1pub rac2pub rac3pub .subnet.example.com
rpc.rquotad: rac1pub rac2pub rac3pub .subnet.example.com
For portmapper you can now test access from trusted servers or networks
using the rpcinfo command:
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper

100011 1 tcp 610 rquotad
100011 2 tcp 610 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100005 1 udp 623 mountd
100005 1 tcp 626 mountd
100005 2 udp 623 mountd
100005 2 tcp 626 mountd
100005 3 udp 623 mountd
100005 3 tcp 626 mountd
If you run it from an "untrusted" server or network, you should get the
following output:
No remote programs registered.
11.5.6. Kernel Tunable Security Parameters
The following section discusses tunable kernel parameters that you can use to
secure your Linux server against attacks.
For each tunable kernel parameters we will discuss the entry that needs to
be added to the /etc/sysctl.conf configuration file to make the change permanent
after reboots.
To activate the configured kernel parameters immediately at runtime, use:

$ sysctl -p
11.5.6.1). Enable TCP SYN Cookie Protection
A "SYN Attack" is a denial of service attack that consumes all the

resources on a machine. Any server that is connected to a network is potentially
subject to this attack.
To enable TCP SYN Cookie Protection, edit the /etc/sysctl.conf file and
add the following line:
net.ipv4.tcp_syncookies = 1
11.5.6.2). Disable IP Source Routing
Source Routing is used to specify a path or route through the network from
source to destination. This feature can be used by network people for diagnosing
problems.
However, if an intruder was able to send a source routed packet into the
network, then he could intercept the replies and your server might not know that
it's not communicating with a trusted server.
To enable Source Route Verification, edit the /etc/sysctl.conf file and

net.ipv4.conf.all.accept_source_route = 0
11.5.6.3). Disable ICMP Redirect Acceptance
ICMP redirects are used by routers to tell the server that there is better
path to other networks than the one chosen by the server.
*
However, an intruder could potentially use ICMP redirect packets to alter

the hosts's routing table by causing traffic to use a path you didn't intend.
To disable ICMP Redirect Acceptance, edit the /etc/sysctl.conf file and

net.ipv4.conf.all.accept_redirects = 0
11.5.6.4). Enable IP Spoofing Protection
IP spoofing is a technique where an intruder sends out packets which claim

to be from another host by manipulating the source address.
IP spoofing is very often used for denial of service attacks.
To enable IP Spoofing Protection, turn on Source Address Verification.

Edit the /etc/sysctl.conf file and add the following line:
net.ipv4.conf.all.rp_filter = 1
11.5.6.5). Enable Ignoring to ICMP Requests
If you want or need Linux to ignore ping requests, edit the

/etc/sysctl.conf file and add the following line:
net.ipv4.icmp_echo_ignore_all = 1
This may not be possible in many environments.
11.5.6.6). Enable Ignoring Broadcasts Request

*
If you want or need Linux to ignore broadcast requests, edit the

net.ipv4.icmp_echo_ignore_broadcasts = 1
11.5.6.7). Enable Bad Error Message Protection
To alert you about bad error messages in the network, edit the
net.ipv4.icmp_ignore_bogus_error_responses = 1
11.5.6.8).Enable Logging of Spoofed/Source Routed/Redirect Packets
To turn on logging for Spoofed Packets, Source Routed Packets, and

Redirect Packets, edit the /etc/sysctl.conf file and add the following line:
net.ipv4.conf.all.log_martians = 1
References for Kernel Tunable Parameters
http://www.linuxsecurity.com/content/view/111337/65/
http://www.linuxexposed.com/internal.php?op=modload&name=News&file=article&sid=5
50
332
CopyRight @ 2005 EduCARMA

Linux Training Volume1

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Linux Training Volume1

Încărcat de

Drepturi de autor:

Formate disponibile

amandeepibm@yahoo.

Training Manual EduCARMA

1. OVERVIEW OF THE LINUX OPERATING SYSTEM 11

1.1. What is an Operating System? 11

1.2. Introduction to Linux Operating System 14

1.2.1. History of Linux 14

1.2.2. Linux kernel and distributions. 14

1.2.3. Open Source Nature of Linux 16

1.3. Structure of Linux OS and the linux kernel 16

1.3.1. Overview of the Linux OS and Kernel Structure 16

1.3.2. Modular kernel 19

2.1. The Linux Shell 19

2.1.1. Types of linux shell 20

2.2. File System / Directory Structure 20

2.2.1. FileSystem Hierarchy Standard 20

2.3. Elementary Linux Commands 23

2.3.1. User/Group Management 23

2.3.2. Some basic linux commands 27

2.4. The X Window System 31

2.4.2. Running a Program in X 33

2.4.3. Command Line Options to X Client 34

2.4.3.1). Specifying Window Size and Location 34

2.4.3.2). Specifying Window Colors 34

3. FILE MANIPULATION AND MANAGEMENT 35

3.1. Files and Directories 35

3.1.1. Naming Files and Directories 35

3.1.2. Making an Empty File/Directory 36

3.1.3. Changing Directories 36

3.2. File Permissions 36

3.2.1. Concept of File Permissions and Ownership 36

3.2.2. Interpreting file permissions 37

3.2.3. File Permission Dependencies 38

3.2.3.1). User file-creation mode mask 39

3.2.4. Changing permissions 40

3.2.5. Understanding File Permissions Beyond "rwx" 41

3.2.5.2). 't' bit or 'Sticky' bit : 42

3.2.5.4). Setting SUID, SGID, sticky bit on a single file 43

3.3. Managing file links 43

3.3.1. Hard links 43

3.3.2. Symbolic Links 45

3.4. File ownership and Attributes 45

3.4.1. Determining the Ownership of a File 45

3.4.2. Changing the Ownership of a File 46

3.4.3. Determing the advanced attributes of a file 46

3.4.4. Changing advanced Attributes of a File 47

3.5. Finding Files 47

3.5.1. Finding All Files That Match a Pattern 47

3.5.2. Finding Files in a Directory Tree 48

3.5.2.2). Finding Files in a Directory Tree by Size 48

3.5.2.3). Finding Files in a Directory Tree by Modification Time 49

3.5.2.4). Finding Files in a Directory Tree by Owner 50

3.5.2.5) Running Commands on the Files You Find 50

3.5.3. Finding Files in Directory Listings 50

3.5.3.1). Finding the Largest Files in a Directory 50

3.5.3.2). Finding the Smallest Files in a Directory 51

3.5.3.3). Finding the Smallest Directories 51

3.5.3.4). Finding the Largest Directories 51

3.5.3.5). Finding the Number of Files in a Listing 51

3.5.4. Finding Where a Command Is Located 52

3.6. Managing Files 52

3.6.1. Determining File Type and Format 52

3.6.2. Changing File Modification Time 53