Documente Academic
Documente Profesional
Documente Cultură
Session 1
Session 2
Session 3 & 4
Session 6
Session 7
Vi Editor & Its Operations – Copy, Cut, Paste, Delete, Undo, Redo, Search in
forward-Reverse, Set numbers & Others
Mounting & Un mounting of CDROM, USB, Floppy & Windows Partitions
Hostname Setting, IP Address Setting, ifup, ifdown
Session 8
Session 11 & 12
Session 13
User Quota
Job Scheduler – Crontab
Session 14
Process Management
RAID – RAID 0, RAID 1, RAID 5
How to Create RAID during Installation & after Installation
Session 15
Session 16 & 17
Session 21
Session 22
DHCP Server & DHCP Client
(Dynamic Host Configuration Protocol)
NFS Server & NFS Client
(Network File System)
Session 23
Session 25
Session 26
Session 27 & 28
Session 29 & 30
Sendmail Server
IMAP-POP3 Server :- Mutt
IMAP-SSL
Session 31
Session 32
Session 33
IP Forwarding - /etc/sysctl.conf
Firewall – Iptables
Basic About SELINUX
(Security Enhanced Linux)
Session 34
XEN With Virtualization :-
Installation of Packages, Defining Default Boot Loader, Installation of Virtual Operating
System
Session 35
ARCHITECT
RHCA
SECURITY SPECIALIST
RHCSS
ENGINEER
RHCE
TECNICIAN
RHCT
History of Unix
Features of Unix
PLATEFORM INDEPENDENT
OPEN SOURCE BUT NOT FREEWARE
SMALL & SIMPLE PROGRAMME TO USE
ALL HARDWARE DEFINE IN FORM OF FILES
EXECUTION OF MULTIPLE COMMAND IS POSSIBLE BY USING PIPE ( | )
SYMBOL
Distribution of Unix
IBM AIX
HP HP/UX
SUN MICROSYSTEM SUN SOLARIS
History of Linux
PLATFORM INDEPENDENT
OPEN SOURCE & FREEWARE
SMALL & SIMPLE PROGRAMME TO USE
EVERYTHING DEFINE IN FORM OF FILE
WE CAN EXECUTE MULTIPAL COMMAND
Distribution of Linux
REDHAT RHEL
NOVEL SUSE
MANDRAKE MANDRAK
YELLOW DOG YELLOW DOG
OPEN OPEN LINUX
SESSION 2
Linux Architecture
HARDWARE
KERNEL
COMPILERS
COMMANDS & TOOL
APP. S/W
DATABASE PACKAGE
SHELL
USER
LINUX WINDOWS
VIRUS PROOF NO
IP Address : 172.24.0.X
Subnet Mask : 255.255.0.0
Primary Nameserver : 172.24.254.254
Default Gateway : 172.24.254.254
HDD Basic
MBR stand for Master Boot Record. MBR is the zero or first sector of a HDD.
MBR is used to store bootloader & booting files information.
Bootloader is a software that is used to define list of all installed O.S., bootloader
installed into MBR.
Bootloader in Linux
File System is known as indexing. File system is used to define no. of tracks,
sectors, cylinder, heads etc. For defining file system, we format the HDD drive.
Windows Linux
FAT 16 EXT2, EXT3
FAT 32 Swap
NTFS LVM
RAID
VFAT
EXT2 EXT3
JOURLANING FEATURES
DYNAMIC INODES
NTFS FAT32
DISK QUOTA
COMPRESSION &
DECOMPRESSION
ENCRYPTION
SECURE
SESSION 5
Files and directories are organized into a single-rooted inverted tree structure, File
system begins at the root directory, represented by a lone / (forward slash)
character.
• Names are case-sensitive
• Paths are delimited by /
A typical Linux system will run six virtual consoles and one graphical console
Server systems often have only virtual consoles Desktops and workstations
typically have both Switch among virtual consoles by typing: Ctrl-Alt-F[1-6]
Access the graphical console by typing Ctrl-Alt-F7
Types of User
Note :- Here “Station1” is Host Name And “ ~ ” is Home Directory of Root User or a
Simple User
Types of Desktop
SESSION 6
The cd Command
• cd (changes directories)
• To an absolute or relative path:
[root@station1 etc]# cd ..
• To your home directory:
[root@station1 etc]# cd
• To your previous working directory:
[root@station1 etc]# cd –
The df Command
[root@station1 ~]# df –h (Show all mounted Partition information)
The du Command
The ls Command
[root@server1 home]# ls
s2 s1 t1
[root@server1 home]# ll (Details in list form )
total 3
More than one file may be copied at a time if the destination is a directory:
More than one file may be moved at a time if the destination is a directory:
SESSION 7
Vi Editor & Its Operations – Copy, Cut, Paste, Delete, Undo, Redo & Others
Mounting & Un mounting of CDROM, USB, Floppy & Windows Partitions
Hostname Setting, IP Address Setting.
VI Editor
VI Editor is used to create a new file, edit in existing file, cut, copy, paste, insert,
delete, set numbers before the line etc. For creating new file we write down
Vi Editor Modes
Vi Editor
Insert Mode
Execution Mode
What Is Mounting
Mounting means making a foreign filesystem look like part of the main tree.
Before accessing, media must be mounted
Before removing, media must be unmounted
By default, non-root users may only mount certain devices
(cd, dvd, floppy, usb, etc)
Mountpoints are usually under /media
Mounting of CDROM
CD/DVD Reader
mount /media/cdrom
Hostname Setting
Temporary change:
For temp. change we write down following command
#hostname station100.example.com
IP Address settings
SESSION 8
Intro of Runlevels
Types of Runlevels
Runlevel setting
Archiving
Archiving places many files into one target file Easier to back up, store, and
transfer tar - standard Linux archiving command Archives are commonly
compressed Algorithm applied that compresses file Uncompressing restores the
original file tar natively supports compression using gzip and bzip2
Archiving Configuration
For compress some files we have to archive them first by using following
command.
Compressions-Decompressions
First we archive file and directories the use following command for compression
#gzip f1.tar or #bzip2 f1.tar
Result: f1.tar.gz or f1.tar.bz2
For decompression
#gunzip f1.tar.gz or #bunzip2 f1.tar.bz2
Result: f1.tar
SESSION 9
About Inodes, Soft & Hard Links
After installation Partition Creation
• Creation of Ext3 Partitions
• Creation of Vfat Partitions
• Creation of Swap Partitions
Inodes
Directories
cp and inodes
The cp command:
Allocates a free inode number, placing a new entry in the inode table.
Creates a dentry in the directory, associating a name with the inode number
Copies data into the new file.
mv and inodes
If the destination of the mv command is on the same file system as the source,
Creates a new directory entry with the new file name.
Deletes the old directory entry with the old file name.
Has no impact on the inode table (except for a time stamp) or the location of data on the
disk: no data is moved!
If the destination is a different filesystem, mv acts as a copy and remove
rm and inodes
Decrements the link count, thus freeing the inode number to be reused.
Places data blocks on the free list. Removes the directory entry.
Data is not actually removed, but will be overwritten when the data blocks are
used by another file.
Partition Creation
We can create following type of Partition
1. ext3 (Linux data partition)
2. vfat (fat 32 type)
3. swap (virtual memory partition)
For creating partition in Linux we use “fdisk” utility. By the help of this utility we can
done many task’s like partition type change etc.
Before creating partition we have to know what is the basic command of “fdisk”
• #fdisk /dev/hda (step 1 of the par. creation)
#fdisk /dev/hda
:n (new partition)
: press enter (enter the stating cylinder no)
: +100M (enter size of partition)
:w (write & quit)
#partprobe or reboot (for refreshing the table)
Format partition
#mkfs.ext3 /dev/hda10
#mkdir /media/newpartition
#fdisk /dev/hda
:n (new partition)
:press enter (enter the stating cylinder no)
: +100M (enter size of partition)
:t (for change the file system)
Partition no. [1-11]
New id = d (new file system id which know th l)
:w (write & quit)
#partprobe or reboot (refreshing table)
Format partition
#mkfs.vfat /dev/hda11
#mkdir /media/newpartition2
Now open “#vi /etc/fstab” & enter new partition details
/dev/hda10 /media/newpartition2 vfat defaults 0 0
#fdisk /dev/hda
:n (new partition)
: press enter (enter the stating cylinder no)
: +100M (enter size of partition)
:t (for change the file system)
Partition no. [1-11]
New id = 82 (new file system id which know th l)
:w (write & quit)
#partprobe or reboot (refreshing table)
Format partition
#mkswap /dev/hda12
SESSION 10
Package Installation in Text & Graphical Mode ( RPM )
Package Installation Through YUM
In this section we learn how to install,search, update, and erase the packages.
Windows supports .exe files and Redhat support .rpm files In Redhat Linux all packages
extension is .rpm
RPM Management
#cd /media/cdrom/Server
#rpm -ivh package name
#rpm -ivh --force package name
#rpm -ivh --nodeps package name
Updation thro. RPM
YUM
YUM is a new software in RHEL5.0 by this we can install packages and also with
dependencies. We don’t want to remember dependencies name’s.
By the help of this we can remove and update the packages.
We have to create repositories either server site or locally for yum.
We can use ftp and http methods for installing, erasing through yum.
Configuration of YUM
Working of YUM
Now YUM is ready to install, search, update and also for remove the packages.
By the help of following command we can done the described process
User Administration
Note: By above command we can only delete user not his directories if we
want that then we write down following command
#userdel -r user name
Group Administration
In GUI mode we have to write following command for accessing User & Group
Administration
#system-config-user
Permission Bits
In Linux each file & directories has 10 permissions bits. By using “#ll” command
we see that
After 3 bites are for user, by the help of this we can give permission to user that they
access the file or not.
r = Read (4), w = Write (2), x = execute (1)
Permission Bits for group
After 3 bites are for Group, by the help of this we can give permission to Group that they
access the file or not.
r = Read (4), w = Write (2), x = execute (1)
Note: if we give “x” permission to a file then white color change into green.
Description of “rwx” :
r (Read) = If we give “r” to user then user read that file of dir. If we give “r” to
group that means group members read that file or dir. If we give
“r” to others that means other user’s also read that file & dir.
w (Write) = If we give “w” to user then user write that file of dir. If we give “w” to
group that means group members write that file or dir. If we give
“w” to others that means other user’s also write that file & dir.
x (Execute) = If we give “x” to user then user execute that file of dir. If we give
“x” to group that means group members execute that file or dir. If we give “x” to others
that means other user’s also execute that file & dir.
Permission Bits Setting
UMASK
#umask
#umask 002 (this line change umask temp..)
If you want to change permanently then open
#vi /etc/bashrc
Note:In this file we have first simple user umask, Second root user umask.
Normally processes started by a user run under the user and group security
context of that user.
SUID and/or SGID bits set on an executable file cause it to run under the user
and/or group security context of the file's owner and/or group
Used to create a collaborative directory Normally, files created in a directory
belong to the user's the default group When a file is created in a directory with the
SGID bit set, it belongs to the same group as the directory. Normally users with
write permissions to a directory can delete any file in that directory regardless of
that file's permissions or ownership with the sticky bit set on a directory, only the
owner of a file can delete the file
ACL is process by using we can define more then one user & group on a
directories and file, when group & others are not allowed through permission
bit’s.
For using this feature we have to mount /home directories with a partition.
Now we remount /home dir. with ACL option
#mount -o remount,acl /home
ACL Configuration
Create a file or dir and check the permission by the help of following command
#getfacl /home/ram
SESSION 13
User Quota
Job Scheduler – Crontab
User Quota
Job scheduler is used to scheduling a job previously base on minute, hours, date,
month & day of week.
In Linux “ CRONTAB” is used as Job Scheduler.
Crontab Configuration
Crontab Question
Schedule a crontab that display a message hello on login terminal daily 9.30.
#crontab –e
Process Management
RAID – RAID 0, RAID 1, RAID 5
How to Create RAID during Installation & after Installation
Process Management
#gnome-system-monitor
#kpm (k process manager)
RAID
RAID Configuration
Recovering from a software RAID disk failure replace the failed hard drive and
power on reconstruct partitions on the replacement drive
mdadm /dev/md0 -a /dev/sda1
mdadm, /proc/mdstat, and syslog messages
SESSION 15
Snapshots are special Logical Volumes that are an exact copy of an existing
Logical Volume at the time the snapshot is created.
Snapshots are perfect for backups and other operations where a temporary copy
of an existing dataset is needed.
Snapshots only consume space where they are different from the
original Logical Volume.
Snapshots are allocated space at creation but do not use it until changes are made
to the original Logical Volume or the Snapshot.
When data is changed on the original Logical Volume the older data is copied to
the Snapshot.
Snapshots contain only data that has changed on the
original Logical Volume
or the Snapshot since the Snapshot was created.
Mount Snapshot
# mkdir /mnt/databack
# mount /dev/vg0/databack /mnt/databack
Remove Snapshot
# umount /mnt/databackup
# lvremove /dev/vg0/databackup
Back up and restore ext2/3 file systems.Does not work with other file systems.
#dump -0u - f /tmp/data /dev/vg0/databack
#umount /mnt/databack
#lvremove /dev/vg0/databack
#umount /lvm
#mkfs.ext3 /dev/vg0/data
#mount /dev/vg0/data /lvm
#cd /lvm
#restore -rf /dev/data
SESSION 16 & 17
INITTAB
Line 2: si::sysinit:/etc/rc.d/rc.sysini
This file know about where is our system
initialize
Line 3: l0:0:wait:/etc/rc.d/rc 0
Which script run on the booting time
We increase and decrease the terminals. After increment & decrement the GUI
mode automatically change on to higher or lower level of the function key.
Also change that in which run level graphics starts. For this we have to changes
made in the place of the 5.
GRUB.CONF
Line 1: default=0
By this file we can change the default booting operating system
Line 2: timeout=5
Change the time of waiting
Line 3: splashimage=(hd0,6)/grub/splash.xpm.gz
Know the location of the splash image
timeout=5
splashimage=(hd0,6)/grub/splash.xpm.gz
Password =
FSTAB
1 2 3 4 5 6
In the 1st column we have to define HDD Partition no., CD-Rom, Floppy Drive
and other Network Service Information.
We define as a following
/dev/hdc12
Or
LABLE =/ram
In the 2nd column we have to define mounting position where we want that
partition or drive.
We define as a following
/home
In the 3rd column we have to define partition or drive file system.
We define as a following
ext3
vfat
swap
In the 4th column we have to define features of the file system.
We define as a following
defaults -> assign defaults feature
ro -> for read only
rw -> for read and write
usrquota -> for user quota unable
acl -> for access control list
In the 6th column we have to define file system checking order by this we define
that which file system check first.
We define as a following
0 -> never check
1 -> check first on booting time
2 -> 2nd preference on checking
We define up to 7.
Minor Troubleshooting
For solving the question of minor troubleshooting we have to enter in single user
mode by the help of following lines.
At the booting time press “e” on Linux boot loader line Come at second line or
on kernel line again press “e” Go last of the line press “spacebar” then press “s or
1” then enter, Press “b” for booting now system starts in single user mode
without username & password. We can change any file of the system.
Step 6: Check #vi /etc/passwd file if the file is missing then we have to copy
“/etc/passwd-” file and rename it as “/etc/passwd”.
All important files like shadow, group, gshadow etc. have the backup files
Step 7: We have to find “nologin” directory in the “/etc”. If we find this directory then we have
to delete this directory. If we didn’t delete “nologin” directory we can’t use Root user
for login.
If the commands not working then we have to manually enter in the files. The
files are following
#vi /etc/resolve.conf
5. Create a 100 MB partition of ext3 File System & mount permanent under
/mnt/new directory.
To create the partition we have to follow below steps
#fdisk /dev/hda
:n (new partition)
: (enter the stating cylinder no)
: +100M (enter size of partition)
:w (write & quit)
# partprobe or reboot
Format partition
#mkfs.ext3 /dev/hda10
#mkdir /mnt/new
8. Set Userquota Problem. User jane can Successfully run Following Command
dd if=/dev/zero of=/home/jane/somefile bs=1024 count=30
But can not run this command
dd if=/dev/zero of=/home/jane/somefile bs=1024 count=70
Now we login through jane user and create a dir. And check the size of the dir.
Now we check quota status again and find that how many block size increase.
Now we enter soft & hard limit for the jane user by following command
#edquota jane
For example if the size of dir. Is 1kb and 2 block increase and used total used
block is 20 then we define following limit
Soft limit :- 80
Hard limit :- 85
Means when we create 30kb file it takes 60 block and previous block is 20 then
total is 80.
Now 30 kb file created but 70 kb file show writing operation file message which
we want.
Major Troubleshooting
First we have to know what we define in the file and how we define.
LABEL=/1 / ext3 Defaults 11
LABEL=/boot /boot ext3 Defaults 12
Now we have to know what is the common problem occur in this file, normally
they delete underline words which called labels.
when we start our pc it shows “kernel panic error”.
To solve this problem we used “rescue mode”.
Follow the steps for solving this problem
First insert 1 CD of RHEL 5.0 after that write “Linux rescue askmethod”.
Now system start into rescue mode, in rescue mode “/” mounted under
/mnt/sysimage.
Now we change the original position of the root with the following command.
#chroot /mnt/sysimage
If this command successfully run then we can solve all problem by checking
fstab & grub.conf.
If this command doesn't execute we follow these step
Step 1: fdisk -l (show partition info.)
Step 2: e2lable /dev/hdc9 (check label of part.)
Step 3: e2label /dev/hdc9 /boot1
(by using command we can change the label)
Step 4: mkdir /mnt/redhat
Step 5: mount /dev/hdc10 /mnt/redhat
Step 6: open fstab file
#vi /mnt/redhat/etc/fstab
Check the label and correct it after that save it.
Step 7: mount /dev/hdc9 /mnt/redhat/boot
Now we mount boot in new location to solve the grub.conf
#vi /mnt/redhat/boot/grub/grub.conf
Now open the file and edit it.
SESSION 21
RHCE Lab Setup
Telnet Server & Telnet Client
Security of Telnet Server (Th :-Xinetd)
SSH Server (Secure Shell) & SSH Client, SCP, Slogin
RHCE Lab Setup
Switch
IP 172.24.254.254
SM 255.255.0.0
Server1.example.com
IP 172.24.0.1
station1.example.com
IP 172.24.0.2 IP 172.24.0.3
station2.example.com station3.example.com
TELNET
Telnet is used for remote login but only in text mode.
Telnet based on TCP protocol & has port no 23.
Telnet is possible between Linux to Linux, Linux to Windows & windows to
windows.
In Linux, Xinetd daemon should be running properly.
Telnet provides user authentication process, client always use server user for the
authentication.
Working of Telnet
Switch
Forwarding
Request
IP 172.24.0.10
Request for All user define here.
accessing Xinetd running properly.
Authentication
#telnet 172.24.0.10
Login :
Password :
Configuration of Telnet
Step 1: search Telnet package
rpm -qa telnet*
Result: 2 packages should be there.
Step 2: open file #vi /etc/xinetd.d/telnet
in file change “disable = no”
Step 3: #service xinetd restart
Step 4: #chkconfig xinetd on (for run level 2, 3, 5)
Telnet Client side configuration :
Just search package of the Telnet on client side. If your system have the packages then
write down following
#telnet IP address of the server machine
Login : user name of the server side
Password : user password
SSH Server
SSH are stands for secure shell server.
SSH is used for remote login but supports only Linux to Linux.
SSH is based on TCP protocol and use port no. 22.
SSH Server Configuration
Configuration :
Step 1: Search for package
#rpm -qa openss*
result: 2 packages
Step 2: restart the service
#service sshd restart
#chkconfig sshd on
SSH Client Side
Client side :
#ssh IP of the server
#ssh y5@172.24.0.3
Slogin Server/ Client
Slogin also use for remote login like SSH.
For accessing it we have to write following
#slogin 172.24.0.3
# slogin y2@172.24.0.1
SCP stands for secure copy server.
SCP is used to copy files & directory form one m/c to another m/c securely.
Switch
#netconfig
Select DHCP or #dhclient
#service network restart
DHCP Server Configuration
Step 1: Search package
#rpm -qa dhcp*
result: 3 package
Step 2: Go to the specific location
#cd /usr/share/doc/dhcp-3.0.5
#cp dhcpd.conf sample /etc/dhcpd.conf
Step 3: open following file
#vi/etc/dhcpd.conf
Change in this file
subnet 192.168.0.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;
option nis-domain "domain.org";
option domain-name "domain.org";
option domain-name-servers 192.168.1.1;
option time-offset -18000;
#option ntp-servers 192.168.1.1;
#option netbios-name-servers 192.168.1.1;
# option netbios-node-type 2;
range dynamic-bootp 192.168.0.128 192.168.0.254;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
host ns {
next-server marvin.redhat.com;
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 207.175.42.254;
}
}
For Dynamic IP we have to change following lines
subnet 172.24.0.0 netmask 255.255.0.0
option domain-name “example.com";
range dynamic-bootp 172.24.0.30 172.24.0.50
After saving the file we have to write down
#service dhcpd restart
For static IP assign. We have to change the following lines
host ns {
next-server marvin.redhat.com;
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 207.175.42.254;
}
First we have to change ns into system name.
Second we change next-server into stationx.example.com
Switch
without
authenticatio NFS Server
n permission Nfs: nfsd, rpc.rmount,
rpc.rqoutad
Portmap: portmap
mount
process
]
Samba Server Configuration
Step 1: Search package
#rpm -qa samba
result: 3 packages
Step 2: open file “#vi /etc/samba/smb.conf” in this file we find 4 type of section.
1. Global
2. Home
3. Printer
4. Myshared
In “Global” section we have to change following contents
Workgroup = Name of the group
Hostallow = 172.24.
We don’t want to made change’s in “Home” ”Printer” directory.
Now we copy last example of “Myshared” section and paste it in the last of the
file.
In “Myshare” section we have to change following contains.
First we change “samba share name” we define this within a [] brackets. Source
dir. info. No. one can archive from client side.
After that we change the “path” actual dir. Add. Which we want to share with
others.
We have to define ”valid user” by the help of these users we can access the
samba server from client side.
We have to change the “writeable” permission by this client write in that
directory.
After that we change the “createmask” value by this we can assign default umask
value for creation by client.
After that we change “browseable” option we assign that client access shared dir.
Through IE or not.
At last we change “write_list” option by this we can assign that which group or
group members access that directories.
After that we save the file. We have to know that actual dir. Should be on
destination add.
After that create new user & also assign password.
#useradd k1
# passwd k1
Restart service now
#service smb restart
#chkconfig smb on
Now we convert simple user into samba user.
#smbpasswd -a k1
Now enter password.
For check the Samba Server we have following Checking tools:
#testparm
#smbclient -L Samba Server IP
Samba Client
Samba Client (Linux M/C):
For checking share dir we have to write
#smbclient -L Samba Server IP
For accessing the share dir. We have to write
#smbclient //172.24.0.9/redhat -U k1
#mount -t cifs //172.24.0.9/redhat /mnt/ -0 username=k1
Samba Client (Windows M/C):
In windows client m/c click on my network place now right click and click on
search computer.
Enter the samba server IP add. After that enter username and password.
Samba Server / Client
Window Samba Server & Linux Client
Share dir. On windows so its automatically become Samba Server
#smbclient -L 192.24.0.20
#smbclient //172.24.0.20/c -U administrator
#mount -t cifs //172.24.0.20/c /mnt/ -0 username = administrator
#password = redhat
SESSION 25
NIS Server & NIS Client
(Network Information Service)
NTP Server & Client
(Network Time Protocol)
Intro of NIS Server
NIS stands for Network Information Server.
NIS is a centralize user authentication server & centralize user database server.
NIS client login at local M/C but uses server user’s.
NIS is possible between Linux to Linux, Linux to Unix and Unix to Linux.
NIS known as “YP” but “YP” is the tread mark of the yellow pages that’s why it
name change in to NIS.
At server side following demons should be running properly.
ypserv: start and manage NIS & NFS.
yppasswd: NIS user password info. manager
All demons of the NFS Server.
At client side following demons should be running properly.
ypbind: used to attach with NIS & NFS server
autofs: used to auto mount user home dir.
In NIS we define a NIS domain name, only members of NIS domain name can
access server user’s.
Type of NIS server
Master NIS Server
Slave NIS Server
Master NIS server has main database of user.
Slave NIS server has a backup database of Master Server and has a connection
with Master Server.
Switch
NIS Server, ypserv, yppasswdd,
nfsd, rpc.rmountd, rpc.rquotad,
portmap running properly,
172.24.0.10, NISdomain= CCNA
all user’s define here
#setup
[ ] NIS
Nisdomain= CCNA
IP = 172.24.0.10
autofs
NIS Server Configuration
Step 1: Search package
#rpm -qa yp*
result: 3 packages
Step 2: How to set NIS domain name.
Tamp. Setting:
#nisdomainname (for searching)
#nisdomainname CCNA
Permanent setting: open following file
#vi /etc/sysconfig/network
In file NISDOMAIN = CCNA
Now we cerate new user
#useradd h1
#passwd h1
Now we bind user database with NIS domain name.
#cd /var/yp
#vi Makefile
(:set nu: for set number before line)
Change in line no. 109
all : Passwd group
Note: Erase all info. Rather then three words.
After saving the file we write
#make
Now we set current M/C NIS Master Server.
#cd /usr/lib/yp
# ./ypinit -m
After that press “Ctrl+D” then “Y”
#service ypserv restart
#service yppasswdd restart
Now we share /home dir. By NFS server.
#vi /etc/exports
In this file we have to write following
/home 172.24.0.0/255.255.0.0(rw,sync)
#service nfs restart
# service portmap restart
NIS Client
On the Client side we have to write down following command.
#setup
Authentication
Use NIS next
Domain Name
172.24.0.10 ok
Now our M/C become NIS Client & member of NIS domain name, but at client
side a user can’t access it’s home dir. To access home dir we use Autofs Service.
Autofs configuration : Open file
#vi /etc/auto.master
in file add a line
/home /etc/auto.misc
(this file define server details)
After that open other file #vi /etc/auto.misc
Add a line
G1 -fstype = nfs 172.24.0.8:/home/*
After saving the file we have to write down following line.
#service autofs restart
How to check available user on server?
By using following command we know available user name.
#ypcat passwd
#getent passwd
NTP Server
Network Time Protocol :
Workstation hardware clocks tend to drift over time without correction
Many application require accurate timing
Time synchronization makes system logs easier to analyze
NTP counters the drift by manipulating the length of a second
If the system's time is behind the average of the time servers the second is made
shorter so that the system clock races towards the correct time. Thus the time
difference is reduced gently without disturbing other applications.
However if the time differs to greatly, NTP ceases to work. In this case the clock
must be reset manually with ntpdate.
NTP Server Configuration
SESSION 27 & 28
Squid Proxy Server
Allow & Deny Web Sites
VSFTP Server (Very Secure File Transfer Protocol)
Uploading & Downloading Through System or Non System User & Anonymous
User
Intro of Proxy Server
Proxy Server is used for internet connection sharing & provides security.
By Proxy Server we can limit bandwidth for client M/C. allow and deny websites
& can allow & deny nodes to access Proxy Server.
In Linux “squid” software is used as Proxy Server.
Proxy Server uses TCP protocol & Port no. 3128.
At client side we define IP address & port no. of a proxy server in a web browser.
Windows -> IE , Linux -> Links, Mozila
Proxy Server also known as NAT. (Network Address Translator)
By using Proxy Server Private IP add. Translate into Public IP add. And Public
IP add. to Private IP add. this process call NAT.
Proxy Server Working
Public IP (Real IP) Internet conn.
Req. Forward
Switch
yahoo Rediff
hotmail
Private
IP
Switch
#ftp IP of Server
Linux Login:- Windows
Client Pass:- Client
ftp >
TP
SM
MTA Do
Inbox ve
co
Outbox tS
/W
Inbox Sent Mail
Outbox
MUA Sent Mail
MUA
IMAP/POP3 Configuration
Step 1: Search package
#rpm -qa dovecot*
result: 1 package
Step 2: Open file
#vi /etc/dovecot.conf
We have to remove 17 no line comment after that
#service dovecot restart
#chkconfig dovecot on
How to check IMAP/POP3 server.
#telnet 172.24.0.1 143/110
Mail Server Configuration
Step 1: Search package
#rpm -qa sendmail*
result: 4 package
Step 2: Open file
#vi /etc/mail/sendmail.mc
We have to comment line no. 116 with the help of “dnl #”
Now we put all changes into “sendmail.cf” file by using “macro”
#m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
After that
#service sendmail restart
Add a new user
#adduser k1
#passwd k1
For sending mail we have to write following file
#mutt
Mail Server Authentication
How to deny a node or a domain to send a mail on Mail Server.
Open a file #vi /etc/mail/access
172.24.0.2 REJECT
*.example.com RELAY
172.25 REJECT
Connect:10.3 OK
y1@my133t.org REJECT
Mail Forwarding
Mail Forwarding: For Example we want to forward all mails of t1 user to t2 user.
For this we have to open
#vi /etc/aliases
Go to bottom of the file and add one line
t1: t1, t2
After saving the file write down a command
#newaliases
IMAP-SSL Server
IMAP-SSL is stands for Internet Message Access Protocol-Secure Socket Layer.
By using IMAP-SSL a user can access any other user account securely.
For IMAP-SSL we have to create a certificate.
IMAP-SSL Configuration
Go to the following destination add.
#cd /etc/pki/tls/certs
#openssl x509 -subject -noout < dovecot.pem
#rm dovecot.pem
#make dovecot.pem
Define entries according to question.
#vi /etc/dovecot.conf
IMAP-SSL Client
Now made changes in line no. 87 & 88 enter destination add of the certificate and
save the file. After that
#service dovecot restart
On Client Side:
#mutt -f {t1@station1.example.com}
By above command login user can access t1 user mail account.
SESSION 31
Printer Server & Printer Client
Syslog Server
VNC Server
Intro of Printer Server
Printer is a combination of print devices & it’s driver software.
Two type of printer we have.
1. Shared Printer
2. Network Printer
Shared Printer: A printer directly attach with a pc & shared through out network
by that pc is called Shared Printer.
Network Printer : This type of printer directly connected with HUB & Switch
each have a unique IP Add. & Port no.
Printer Server
Printer Client
Checking Tools:
#lpq-> show default printer status
Printing Command:
#lpr kk-> print file name
Remove Job:
#lprm 5-> remove id no. job
Printer Client:
Case 1: If Printer Server Linux & Clients are also Linux
#system-config-printer
Printer Server Configuration
Click on “New Printer”->Printer Name (any)->Forward->select “LPD/LPR Host
or Printer” ->enter Hostname/IP->enter Printer name (Pre.) -> Forward->select
“Makes” of the printer ->Forward->select Model & Recommended Driver
->Forward->Apply
#service cups restart
#chkconfig cups on
Case 2: Linux Printer Server & Client Windows
We share Printer by using Samba Server.
Case 3: when Server is Windows & Client are Linux
#system-config-printer
Shared Server
Click on “New Printer”->Printer Name (any) ->Forward->select “Windows
Printer via SAMBA”->enter IP of Server/printer name ->Forward->select
“Makes” of the printer -> Forward->select Model & Recommended Driver-
>Forward->Apply
#service cups restart
#chkconfig cups on
Network Printer
#system-config-printer
Click on “New Printer”->Printer Name (any)->Forward->select “AppSoceket/HP jet
Direct” ->enter IP of Server/printer name->Forward->select “Makes” of the printer->
Forward->select Model & Recommended Driver->Forward->Apply
#service cups restart
#chkconfig cups on
Printer Client Configuration according to exam
#system-config-printer
Click on “New Printer”->Printer Name (any)->Forward->select “IPP”->enter printer
name-> Forward->select “Generic” of the printer-> Forward->select Model &
Recommended Driver->Forward->Apply
Checking Printer Server
Click on Print Test Page after it Open web browser in add. Bar
http://server3.example.com/Printers
Result
Station3 14k bytes received
#service cups restart
#chkconfig cups on
Log Server
Log files is used to store user authentication information, service related
information, booting related information etc.
Log file define in “/var” directory.
Main Log file of the Linux is “/var/log/message”
#tail -f /var/log/message
#vi /var/log/secure
In above file we know the login time of the user.
All log file details define in “vi/etc/syslog.conf” file
VNC Server
VNC stands for Virtual Name Computing.
By using VNC we can access remote desktop.
How to allow VNC settings.
System->Preference->Remote Desktop
Now check mark on allow other user then ok.
How to access Remote Access M/C.
#vncviewer IP of the Remote Access M/C
SESSION 32
Tcp_Wrappers - /etc/hosts.allow, /etc/hosts.deny
PAM – Pluggable Authentication Module
Ipv6 Configuration, RADVD Server
Note: In TCP Wrappers we have to use one file at a time, we can’t use both files
simultaneously.
PAM
PAM stands for Pluggable Authentication Module.
PAM provides user based security.
Deny all simple user to access a system.
IPV6
IPV6 use 128 bits for addressing.
IP format is following
0000:F8b:0011:06AB:BA00:A80:BCAD:0001
In Linux IPV6 defines by using prefix and MAC add. of LAN Card.
Linux Client fetches prefix from Router Advanced Demon Server
Session 33
IP Forwarding - /etc/sysctl.conf
Firewall – Iptables
Basic About SELINUX
(Security Enhanced Linux)
IP Forwarding
Firewall is a single security point of the network that filters un wanted packets.
By using Firewall we can stop un-authorizes package but can’t stop virus attack.
In Linux we use Iptables software as a firewall.
Iptables is a command line firewall.
Iptables uses Network Layer.
Firewall Working
Packet header information always check with the topmost rule of a Firewall.
If packet information header match with topmost rule then define operation
perform on that packets and further no matching take place.
If the packet header information don’t match with top most rule then packet skip
first rule & match with next rule, until a match is made.
If packet header info don’t match with any given rule then Linux firewall by
default allow the packet.
IPTABLES:
Allow only members of example.com to access IMAP & POP3 Server and deny
member of my133t.org domain.
We have to write following for this type of limitation
#iptable -I INPUT -s ! 172.24.0.0/16 -d 172.24.0.10 -p tcp --dport 143 -j REJECT
#service iptable save
# chkconfig iptable on
Deny pc1 to Ping Telnet Server.
For this we have to write following
#iptable -I INPUT -s 172.24.0.1 -d 172.24.0.10 -p icmp -j REJECT/DROP
Deny pc1 to access Telnet Server.
#iptable -I INPUT -s 172.24.0.1 -d 172.24.0.10 -p tcp --dport 23 -REJECT/DROP
SELINUX
Note: for running the Iptables properly we have to write down following command
after saving the Iptables
#restorecon -R /etc/sysconfig