Академический Документы
Профессиональный Документы
Культура Документы
3. Linux Network
Security (RH253)
Topics
Linux File System
/(Root)
-etc
-bin
-sbin -lib
-root -usr
-home-proc -lost-found
-mnt -media
-var
-dev
-selinux
bin - used to store user commands. /usr/bin /also stores user commands
sbin System Administrator commands /usr/sbin also stores system commands
root home directory of the super user
media mount points for file systems mounted
boot contains kernel and other files used during system startup
lost+found used by fsck to place files whose names cannot be found during file system
repair
lib contains many library files
dev store device files
etc Contains configuration files
var variable files such as log files and directories
proc A virtual file system, that contains system information used by certain programs
tmp a scratch pad for users and programs, /tmp has global read/write access.
home location of user home directories
opt installation directory for third-party package such as Star Office
selinux security enhanced linux
------------------------------------------------------------------------------------------------------------------------------------------------------------------File System Table
# vi /etc/fstab
Column1 - Directory Partition information (/dev/hda9 or LABEL=home)
Column 2 Mount point (/dev/hda6, /data, /misc )
Column 3 File system (ext3, nfs, ext2, swap, smbfs)
Column 4 option
Column 5 dumb directory
Page No 1
12
/dev/sb1
00
/xyz vfat
defaults
:wq!
# service nfs start / restart
------------------------------------------------------------------------------------------------------------------------------------------------------------------CD Writing
i) Nautilus CD Writing or Burning from GUI Mode
Go to X window double click /root explorer,
Copy Files or directory from Source and then click GO option from the menu. Select CD
CREATOR. Then click CDWRITING icon
ii) CD Writing or Burning from Virtual Mode
# mkdir abc
# cd abc (Put all dumbs inside this directory)
# cd..
# mkisofs r o abc.iso abc
# cdrecord v dev=1,0,0 abc.iso
# cdrecord scanbus (Where your cd writer is present)
# man cdrecord (help)
------------------------------------------------------------------------------------------------------------------------------------------------------------------Commands UPDATEDB, SLOCATE, LOCATE
# updatadb (update databse)
# slocate grub.conf (locate the path grub.conf)
# locate httpd.conf (locate path httpd.conf)
------------------------------------------------------------------------------------------------------------------------------------------------------------------linux dump from cd (4 cds) to harddrive
Inser disk 1 from drive and come to super user prompt
# mount /media/cdrom
# cd /media/cdrom
# ls
# cp av RedHat /var/ftp/pub
# cp av images /var/ftp/pub
Page No 2
# umount /media/cdrom
# eject
Inser disk 2 from drive and come to super user prompt
# mount /media/cdrom
# cd /media/cdrom
# ls
# cp av RedHat /var/ftp/pub
# umount /media/cdrom
# eject
Inser disk 3 from drive and come to super user prompt
# mount /media/cdrom
# cd /media/cdrom
# ls
# cp av RedHat /var/ftp/pub
# umount /media/cdrom
# eject
Note : cp -u -update copy only when the SOURCE file is newer than the
destination file or when the
destination file is missing
example : cp avu Redhat /var/ftp/pub
--------------------------------------------------------------------------------------------------------------------------------------------------------------Redhat Installation through Network File Sharing)
NFS (Network File Sharing method for Linux Installation)
From Server
Note: Put all Linux dump cds to the server in the directory path /var/ftp/pub
# vi /etc/exports
/var/ftp/pub
*(ro,sync) (For all the client users access this directory ie [*])
Note: Assume if you want to share the /var/ftp/pub to particular client, the command as
follows:
/var/ftp/pub 192.168.10.2 /255.255.255.0 (rw,sync) (Read /Write access
permission)
:wq!
# exportfs r (read all shared directories)
# exportfs av (append and verbose all shared directories)
# service nfs start / restart
Page No 3
# cd /data3
# ls
NFS Overview
File sharing service.
RPC based service, so it requires Portmap.
Packages:
nfs-utils
Provides:
nfsd - Provides userland portion of NFS service.
lockd - NFS lock manager (kernel module)
rpciod rpc.mountd - Provides mounting services.
rpc.rquotad - Returns quota information.
rpc.statd - Used by lockd to recovery locks after a server crash.
portmap
Provides portmap program. Portmap maps calls made by other hosts to the
correct RPC service. Because portmap is compiled with tcp wrappers
support (libwrap), those that need to access portmap must be given access
via /etc/hosts.allow and/or /etc/hosts.deny.
Ports
The other NFS related services vary in the port numbers they use. Clients
contact portmap to find out the port number the other RPC services use.
Required Services
Listed in startup order:
NFS Server
portmap
nfs
NFS Client
portmap
nfslock
Configuration
/etc/exports
Format:
<directory> <host or network>(options) <host or network>(options) ......
It is critical that there not be any spaces between the host/network and
it's options.
Example:
# Allow all hosts in the somewhere.com domain to mount /var/ftp/pub
read-only
/var/ftp/pub
*.somewhere.com(ro)
172.16.0.0/255.255.0.0(ro)
172.16.1.10(rw,no_root_squash)
# Allow access to /usr/local by everyone, but only as the anonymous user
/usr/local
*(ro,all_squash,anonuid=100,anongid=100)
Restrictions
Root can't mount an nfs share as root unless no_root_squash is used.
Normally when root mounts a share, NFS maps root to the local user
nobody.
You can't export a directory that is a parent or child of another exported
directory within the same file system.
e.g. You can't export both /usr and /usr/local unless /usr/local is a
separate file system.
- Read-only
Page No 6
rw
- Read/Write
sync
anonuid
anongid
/etc/fstab
Example:
server:/usr
/usr
nfs
user,soft,intr,rsize=8192,wsize=8192 0 0
data is retrieved.
intr
unreachable
nolock - Disable file locking in order to work with older NFS servers
rsize
- Sets the number of bytes NFS reads from a share at one time
(default 1024)
wsize
(default 1024)
* Setting rsize and wsize to 8192 greatly increases performance.
-fstype=nfs,intr,soft
192.168.1.20:/var/pub/ftp
If the default autofs setup is used, whenever someone accesses /misc/ftp, the
remote NFS share on 192.168.1.20 will be automatically mounted. The options
Page No 7
specified in the /etc/auto.misc have the same meaning as when they are used
in /etc/fstab.
NFS Utilities
exportfs
Example Usage:
exportfs -r
exportfs -a
Does not require that any local NFS services be running in order to use it.
Example Usage:
showmount -e 192.168.1.67 # Shows available shares on host
192.168.1.67
showmount -a 192.168.1.67 # Shows the clients connected to host
192.168.1.67
# and the shares they have mounted.
rpcinfo
Example Usage:
rpcinfo -p 192.168.1.77 # Display list of RPC services running on
192.168.1.77
Page No 8
(kicksftp This is a
(kickshttp This is a
Language Selection
Mouse Configuration
Page No 9
Keyboard Selection/Configuration
Disk Partitioning
Network Configuration
Firewall Configuration
Package Selection
Packages
mkkickstart - This package provides utilities that will create a kickstart file
based on the current machine's configuration.
Command Section
%package Section
mkkickstart
Use the mkkickstart utility to create a kickstart configuration file based on the
current system's configuration.
ksconfig
Use the GUI tool ksconfig to create a kickstart file.
Kickstart Installation Types
Network
ks.cfg file must be accessible from NFS, FTP, HTTP, or Samba (although
I've only been able to get it to work when the ks.cfg file is on NFS).
Local
Kickstart Installation
Page No 10
Boot with a boot floppy. For a local kickstart installation, the ks.cfg must be located
in the root of the boot disk.
When SYSLINUX installation screen comes up, specify one of the following options:
By default, it is assumed that the ks.cfg file will be on the same server as
the DHCP/BOOTP server. To specify a different server for the ks.cfg file,
specify the following in the /etc/dhcpd.conf file:
filename "/path/to/ks.cfg"
next-server <hostname or IP>
If the path specified in the "filename" clause ends with a "/", then the file
that is looked for is: "/specified/path/<IP>-kickstart" where <IP> is the IP
address of the machine making the request.
Note that the path specified in the "filename" clause must be the full path
to the file and not the relative path from the NFS export. Kickstart will
automatically try to mount the NFS export based on the path's name. In
the above example, it would first try to mount "/path", then if that failed,
"/path/to".
If you don't wish to use DHCP to specify the location of the kickstart file, you can
specify one of the options listed above to point to the location of the ks.cfg file.
To install from NFS, the following directive must be used in the ks.cfg file right after
the "install" directive:
nfs --server <server> --dir <dir>
To install from HTTP or FTP, the following directive must be used in the ks.cfg file
right after the "install" directive:
url --url http://<server>/path
url --url ftp://<server>/path
Page No 11
2. useradd
3. redhat-config-user
groups
# useradd vasanth
# passwd vasanth
new password: xxxxxx
retype password: xxxxxx (at least 6 char)
# useradd u 650 d /home/vasanth m vasanth
# useradd u 700 d /home/prem m prem
# usermod u 700 -o -l vasanth babaji (username modify from vasanth to babaji)
# passwd d vasanth (remove the password)
# userdel r vasanth (remove the vasanth user from /home dir)
Some of the important /etc configuration files modification and processing
# vi /etc/issue (After login to the user to display Terminal screen number, date and
time)
Terminal : \l
Date : \d
Time : \t
Hostname : \n
wq!
Ctrl d (refresh )
# vi /etc/motd (Set the title banner for after login to the user )
-----------------------------xxxxxxxxxxxxxx-------------------------WELCOME TO ELMAQ
-----------------------------xxxxxxxxxxxxxx-----------------------:wq!
# login : user1
passwd : xxxxxx
# login : user2
passwd : xxxxxx
# vi /etc/shadow (users and groups password crypt)
Page No 12
i) Press a key e come down again press e display Label = / (3 type runlevel), press
enter and press b (boot)
ii) Press a key a Label = / (3 type runlevel) and press enter
List the runlevel files (from runlevel 0-6)
# cd /etc/rc.d/rc6.d
# ls
Page No 13
# cd /etc/rc.d/rc5.d
#ls
# cd /etc/rc.d/rc3.d
# ls
List the services
# chkconfig -- list
# chkconfig network off
# chkconfig vsftpd on
# chkconfig xinetd on
# chkconfig xinetd off
# chkconfig smb on
# chkconfig nfs on
# chkconfig ypserv on
K stop
S start
# vi /etc/rc.d/rc.local ( create the shell scripts)
echo Your name $ name
read name
echo Your address $ address
read address
:wq!
# vi /etc/rc.d/rc.sysinit (Modify the welcome to linux title screen)
we can modify Welcome to linux title other wise Welcome to elmaq.edu
:wq!
# vi /etc/redhatrelease (Adding some text information)
WELCOME TO LINUX TEAM
:wq!
Adding new Terminals in run level for command interface
# vi /etc/inittab
copy 6 terminls and paste down
modify the terminal number example (8 tty8, 9- tty9, 10-tty10, 11-tty11 etc.,)
:wq!
Page No 14
# init q
ctrl +d
Press the Function keys F8, F9, F10, F11 otherwise ctrl left cursor and right cursor.
View different terminals
Adding new Terminals in Graphical Mode
Come to command user mode
# startx --
:1
# startx --
:2
# startx --
:3
# startx --
:4
# switchdesk gnome
# startx
----------------------------------------------------------------------------------------------------------------------------------------------------------------RPM (Redhat Package Manager)
Note : Before going to install the package, first come into Linux package directory then
apply the rpm -ivh command.
# rpm qa|grep samba (package query for samba)
# rpm qa|grep telnet (package query for telnet)
# rpm ivh telnet-server(press tab key take full name of telnet package)
(install telnet package)
# rpm ivh sendmail (press TAB key take full name of sendmail package)
(install telnet package)
# rpm ivh redhat-config-samba aid (press TAB key take full name of samba
package) (install telnet package)
# rpm e sendmail (remove sendmail package from linux)
# rpm e telnet (remove telnet package from linux)
# rpm ql kernel/less (list the kernel oriented files)
# rpm ql samba/less (list the samba oriented files)
# rpm qf /etc/inittab (Which file required for inittab command)
# rpm qf /etc/fstab (Which file required for fstab command)
# rpm qf /etc/issue (Which file required for issue command)
# rpm U kernel (press TAB key take full name of kernel) (Upgrade the kernel
package)
---------------------------------------------------------------------------------------------------------------------------------------------------------------Network Configuration and connectivity
# redhat-config-network (Configure the Network Card )
Go to GUI Mode Click System tools Network New Ethernet connection static ip
address 192.168.10.50/255.255.255.0
# netconfig
# ifconfig (display ip address)
# ifconfig eth0:192.168.0.23 up (ip address specify and up)
# ping 192.168.10.1 (Check the network connectivity)
Page No 16
# arp a (Display Mac addresses for an added entry of the network machines)
# ifdown eth0 (disable the LAN card configuration)
# ifconfig
# ifup eth0 (enable the LAN card configuration)
# ifconfig
# service network restart /start
# ifup eth0 192.168.10.50 up
# service network restart
----------------------------------------------------------------------------------------------------------------------------------------------------------------IP aliashing
Define: More than one ip address we can create in single network card.
etho this is real lan card for physical ip address
eth0:1 ---- virtual ip address
eth0:2 ---- virtual ip address
eth0:3 ---- virtual ip address
# netconfig d eth0:1 (specify the ip 192.168.10.4)
# netconfig d eth0:2 (specify the ip 192.168.10.5)
# netconfig d eth0:3 (specify the ip 192.168.10.6)
list the network card scripts
# ls /etc/sysconfig/network-scripts/
# cd /etc/sysconfig/network-scripts
# ls
# rm ifcfg-eth0:1 (Remove the virtual lan)
# ifdown eth0:2 (disable the virtual configuration)
# ifconfig
# ifup eth0:2 (enable the virtual configuration)
# ifconfig
----------------------------------------------------------------------------------------------------------------------------------------------------------------Job Scheduling
Note : using cron and at command
Crontab
minutes of hour / hours of day / day of month / month of year
*
31 * * * * touch file1.txt
32 * * * * mkdir elmaq
35 * * * * echo hello >> /dev/tty2
:wq!
Service crond restart
# date
# ls
Go to terminal 2 (tty2) alt+F2 and check it u-received message as hello.
Using crontab for user login
$ date
$ crontab e
40 * * * * cat > bin.txt
42 * * * * echo HAI >> dev/tty4
:wq!
Service crond restart
$ date
$ ls
# crontab e
30 17 * * * * /sbin/ifdown eth0
30 9 * * * * /sbin/ifup eth0
00 20 * * * * /sbin/init 0
# crontab e
42 * * * * echo HAI >> dev/tty4
:wq!
service crond restart
$ date
$ ls
view the cron information
# cd /etc
# vi cron
# vi crontab
Denied the crontab permission for particular user
# vi /etc/crond.deny
user2 (crontab not access within user2)
Page No 18
:wq!
login : user1
$ at now+1 min (Do not permit)
login : root
# at now+1 min (Do not permit)
# vi /etc/at.allow (Permit the at command)
user2
prem
:wq!
# atq (list the job with at )
# atrm 5 (remove a job from 5)
------------------------------------------------------------------------------------------------------------------------------------------------------------------User Creation for Manual Method
# vi /etc/passwd
benq : :502:502:/home/benq:/bin/bash (benq is a user name, 502 is a user id, shell :
borne shell (bsh) )
#vi /etc/group
benq:x:502
# mkdir /home/benq
#chown R benq.benq. /home/benq
# cd /home
login : benq (user login not good prompt)
# cp av /etc/skel/. /home/benq
# useradd D (view the user details)
login : benq (user login good prompt but without password)
# pwconv
# vi /etc/shadow
#pwunconv
#vi /etc/shadow
Page No 20
#vi /etc/passwd
#pwconv
#passwd benq
new password : xxxxxx
retype password : xxxxxx
------------------------------------------------------------------------------------------------------------------------------------------------------------------FTP (File Tranfer Protocol)
Define: Get and Put the files to and from remote machine
# service vsftpd start /restart (Very secure FTP)
#
username : vasanth
password : xxxxxx
Group of files mget & mput
ftp > mget * (group of files received from the user vasanth)
ftp > mput * (group of files place to the user vasanth)
ftp > ls (list the files in your machine)
ftp > !ls (list the files from specified user)
ftp > bye (Exit)
Single file get & put
ftp > get vasanth.txt
ftp > get prem.txt
ftp > put vk.txt
ftp > vijay.bak
FTP scripts file
# vi /etc/vsftpd
# vi /etc/vsftpd/vsftpd.conf
ftpd Welcome to Elmaq FTP
:wq!
# vi /etc/vsftpd.user_list (denay the ftp users login)
root
Page No 21
vasanth
# vi /etc/vsftpd.ftpusers (denay the ftp users login)
root
vasanth
GFTP (Graphical FTP)
Note : go to X window click Internet More Internet Application gFTP
HOST : 192.168.0.20
Pass : xxxxxx
FTP
Now connecting and transfer the files from source to destination, destination to source
and vise versa.
LFTP
# lftp 192.168.0.20
# lftp 192.168.0.20 > ls
< pub >
# cd pub
# mget * (only getting the files from remote machine, no files are putting)
#lftp vasanth@192.168.0.30
password : xxxxx
vasanth@station1$ mget * (getting the files from remote user vasanth)
----------------------------------------------------------------------------------------------------------------------------------------------------------------Samba Configuration
Def: Share the folders from Linux to windows and windows to Linux
Sharing the folders from Linux to windows
# service smb start /restart /status
# mkdir /data (we take example samba sharing folder /data)
# cd /data
# cat > mn.txt
# cat > bm.txt
# useradd sambatest (samba user name)
# smbpasswd a sambatest (set the sambapassword for the user name sambatest)
# vi /etc/smb.conf (samba configuration file)
Global settings
Workgroup = LINUXSRV work group name
Page No 22
Hosts allow 192.168.0.70 . 127 (allow the samba for particular host machine)
Shared definitions (go to the last line Copy (esc 8 yy 8 lines yanked & Paste)
[My share]
***************
***************
***************
[elmaq]
path = /home/vasanth
public =yes
writable =yes
valid user = user2 (particular user only access )
:wq!
# testparm (View the information about what folders we are sharing)
# service smb restart
# smbclient L localhost
Go to windows and login to the samba username=sambatest and give the
password :xxxxxx
Double click Network neighborhood view /elmaq (domainname) linux folder
(/home/vasanth)
(Click Network Servers options in X window and view the shared folders)
sambaclient and sambamount from linux to linux machine
# smbclient //localhost/elmaq (domai name)/-U username=user2 (smbuser)
# smbmount //192.168.10.2/elmaq o username =user3 (smbuser)
Sharing folders from windows to Linux
Note: From windows machine sharing the drive C: or some folders (example /dumb)
then go to Linux machine.
# smbmount //192.168.0.10 /dump /test o username=administrator
192.168.0.10 (windows machine ip)
/dump (soruce folder from windows)
/test (destination folder to linux)
administrator windows user name
# cd/test
# ls
(or)
# mount t smbfs o username=administrator //192.168.0.100/dump /test
Page No 23
Assign permanently samba and nfs mounting from fstab (linux to linux and windows
machine)
# vi /etc/fstab
192.168.0.15:/share
/opt nfs
defaults
//192.168.0.15 /sad
/tmp smbfs
defaults, username=vasanth,
passwd=xxxxxx 0 0
192.168.0.17:/var/ftp/pub /dump
nfs
defaults
00
:wq!
#service nfs restart
#service smb restart
# service netfs restart
------------------------------------------------------------------------------------------------------------------------------------------------------------------GRUB and LILO Boot Loader
Grub to lilo
# lilo
Lilo to Grub
# grubinstall /dev/hda
# vi /boot/grub/grub.conf
# root (hd0,0) (comment this line)
# kernel /vmlinuz-2-4-21-40 EL ro root = LABEL=/ (comment this line)
# initrd /initrd 2.4.21.4 EL.img (comment this line)
# boot (comment this line)
:wq!
After restart the linux system the command prompt appear
grub > root (hd0,0)
grub > cat (hd0,0)/grub/grub.conf
grub > kernel /vmlinuz-2-4-21-40 EL ro root = LABEL=/ 3
grub > initrd /initrd 2.4.21.4 EL.img
grub > boot
Page No 24
Method 2:
# grubmd5-crypt >> /boot/grub/grub.conf
new passward : xxxxxx
retype password :xxxxxx
#vi /boot/grub/grub.conf
Remove the password at bottom of the line
set the password to LILO
# rpm qa|grep lilo
# vi /etc/lilo.conf
-------------------------------password : xxxxxx
---------------------------------:wq!
Restart the system
We dont know grub password but want remove it from grub.conf
Insert the Linux disk1 in to the cdrom drive then boot. The command prompt appears
boot: linux rescue
Page No 25
# chroot /mnt/sysimage
# vi /etc/grub.conf
Remove the password line
:wq!
# exit
# exit
------------------------------------------------------------------------------------------------------------------------------------------------------------------Services
# netsysv (what services should be automatically started)
# system-config-services Display the all services in X window.
------------------------------------------------------------------------------------------------------------------------------------------------------------------Permissions
U user
4 read
r - read
G group
2 write
w- write
O others
1- execute
x-execute
Create 3 users
useradd class1
passwd d class1
useradd class2
passwd d class2
useradd class3
passwd d class3
Create a group
groupadd elmaq
vi /etc/group
check the groupname - elmaq groupid
elmaq:x:710 class1,class2 (users membership)
vi /etc/passwd
class1:x:690:690 - > 690 change the group id to 710
class1:x:690:710 (here userid 690(class1) and 710(elmaq) is called group id)
class2:x:691:710 (here userid 691(class2) and 710(elmaq) is called group id)
class3:x:692:692 (here userid 692(class3) and 692(class3) is called group id)
above statements the class1 and class2 had membership from elmaq group
Go to root login. Create one common folder for accessing group permission
# mkdir /home/angels (here angles is a common folder for accessing the group
membership users)
# chown nobody.elmaq /home/angles (Set the group ownership of elmaq group)
#chmod 2770 /home/angles (set the group id and permissions for user=rwx
group=rwx and other=none)
Go to other Terminals
Login class1
$ cd /home/angles (permissions accept)
Login class2
$ cd /home/angles (permissions accept)
Login class3
$ cd /home/angles (permissions denied) because this user not membership from
elmaq group
Page No 27
------------------------------------------------------------------------------------------------------------------------------------------------------------------STRICKY BIT
This is special file permission for Directories. For access this directory only the user
ownership and super user.
Others cant access.
Logon to a user (for example student)
Login student
# ls ld /tmp
# cd /tmp
# mkdir stricky
# ls ld stricky
# chmod 1770 stricky (1 stricky bit ) (or) chmod 1755 stricky
(or)
# chmod o+t stricky
# ls ld stricky
------------------------------------------------------------------------------------------------------------------------------------------------------------------UMASK
Login from root
root # umask
0022
666 ( - )
File Permission
vasanth $: umask
0002
666 (-)File Permission
Change umask
root # umask 044
666 (-)File Permission
044 = 622 (rw w w)
# cat > mk.txt
Page No 28
/data
/ext3defaults
:wq!
#service nfs restart (It is automatically mounted every time starts the Linux
machine /dev/hda4 to /data)
DELETE A PARTITION
Note : (Before delete a partition , first umount the partition files systems)
# fdisk /dev/hda
# command (m) help : d
# partition (1-9) : 9 (deletion partition)
# command(m) : w (writing table)
# partprobe
TCP Wrappers
*Security
*Ssh Connect to remote machine securerly
*telnet It is an insecure way of connecting to a remote machine because the
username and password are transmitted in clear text
# vi /etc/hosts.deny
sshd:ALL (Disable the service (Secure Shell SSH) for all machines)
sshd:192.168.10.3 (Disable the service (Secure Shell SSH) for particular ip machine)
vsftp : ALL EXCEPT 192.168.0.30
portmap:ALL
icmp:ALL
Page No 30
# vi /etc/hosts.allow
vsftpd:192.168.10.4 (Allow the ftp permission for particular ip machine)
sshd:192.168.10.3 (Allow the ssh permission for particular ip machine )
icmp:192.168.10.5 (Allow the icmp permission for particular ip machine )
ALL EXCEPT vsftpd:ALL
------------------------------------------------------------------------------------------------------------------------------------------------------------------Disable the Telnet Service
Telnet is xinetd based service. There is no such deamon
# cd /ect/xinetd.d
# vi telnet
disable = yes (telnet service is disabled)
:wq:
# service xinetd restart
Telnet service from linux to linux machine
Telent Port 23. It is in secure way of connecting to a remote machine.
From server
# service xinetd start /restart
# telnet 192.168.0.20
login : vasanth
password :xxxxxx
To client
# service xinetd start /restart
# telnet 192.168.0.22
login : prem
password :xxxxxx
$ ls
------------------------------------------------------------------------------------------------------------------------------------------------------------------SSH (Secure shell)
ssh Connect to remote machine securely
From server
# service sshd start /restart
# ssh 192.168.0.20 (or) # ssh vasanth@192.168.0.20
login : vasanth
password :xxxxxx (This machine is Root password for secure login)
# scp file.txt 192.168.0.22:/home/prem (secure copy for file.txt from client machine)
# scp bin.txt 192.168.0.22:/home/prem (secure copy for bin.txt from client machine)
To client
# service sshd start /restart
# ssh 192.168.0.22 (or) # ssh prem@192.168.0.22
login : prem
password :xxxxxx (This machine Root password for secure login)
# scp elmaq.txt 192.168.0.20:/home/vasanth (secure copy for elmaq.txt from server)
# scp letter.txt 192.168.0.20:/home/vasanth (secure copy for letter.txt from server)
# vi /etc/ssh/sshd_config
# vi /etc /known_hosts (list the users login)
#vi /etc/services (show the protocols port value)
# vi /etc/securetty
------------------------------------------------------------------------------------------------------------------------------------------------------------------RESCUE MODE
Trouble shooting
# vi /etc/fstab
# LABEL / (comment 1st line)
:wq!
# vi /etc/shadow
# root ::1 (comment 1st line)
:wq!
# vi /etc/inittab
# id : 0 (default) change the run level 0)
:wq!
Page No 32
# vi /etc/passwd
root:x:0:0:root:/root:/bin/bash this is normal startup
root:x:0:0:root:/root:/bin/bash/nologin root not login
:wq!
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
# ls
tar to unformatted floppies
1. Floppy low-level format
IPTABLES
FIREWALL
# service iptables restart
# iptables L (list the iptables INPUT /OUTPUT /FORWARD)
# iptables A INPUT p tcp j DROP (or) REJECT [A Append, p protocol, j-jump)
- DROP tcp in your machine
# iptables L
# iptables A INPUT p icmp j DROP (or) REJECT [A Append, p protocol, jjump) - DROP icmp in your machine
# ping 192.168.0.20 (This is your machine ip address) do not ping
# iptables F (Refresh the iptables rules)
# ping 192.168.0.20 (This is your machine ip address) ping successfully
# iptables A INPUT p tcp --dport 22 j DROP (or) REJECT [A Append, p
protocol, j-jump,--dport destination port)
Page No 34
Page No 35
-----------------------------------------------------------------------------------------------------------------------------------------------------------------IPTABLES NAT
iptables t nat A POSTROUTING o eth1 j MASQURADE
For enabling the NAT on the eth1, which represents the entire network.
ech0 1 > /proc/sys/net/ipv4/ip_forward
vi /etc/sysctl.conf
Page No 36
net.ipv4.icmp_echo_ignore_all=1
net.ip_forward=1
iptables t nat A PREROUTING i eth0 p tcp --dport 80 j REDIRECT --to
-port 3128
For redirecting the port from 80 to 3128. Before the client access the eth0, the redirect
takes place.
iptables A FORWARD s 192.168.10.0/24 d scs.yahoo.com j DROP
This will DROP all forward connection in 192.168.10.0 network, it will stop all
movements in the server system, it will stop the transaction through scs.yahoo.com.
iptables A FORWARD s 192.168.10.234/32 d scs.yahoo.com j ACCEPT
scs.yahoo.com can access only through 192.168.0.234
-----------------------------------------------------------------------------------------------------------------------------------------------------------------LINUX BOOTING DISK CREATION FROM RHEL 3
1.Insert the RH first cd and mount /mnt/cdrom
2. insert the blank floppy disk and mount /mnt/floppy
3. cd /mnt/cdrom
# cat bootdis..img>/dev/fd0
# dd if=bootdisk.img of=/dev/fd0
In Dos Envirnment the command as
RAWRITE.exe
LINUX BOOTING DISK CREATION FROM RHEL 4
1. Plug the USB Pen drive
2. Service kudzu start
3. vi/etc/fstab
check the file system entry for usb pendrive
/dev/sda1 /media/usbdisk vfst
defaults
Page No 37
6. go to the BIOS setup (change the BOOT device priority first boot USB pen 2nd
boot- harddisk 3rd boot cdrom)
7. boot : (the command prompt appears)
Linux typical mount points
/
/boot /home/usr
/var
/opt
/tmp
-----------------------------------------------------------------------------------------------------------------------------------------------------------------CONTROLLING SERVICES
# redhat-config-services
# ntsysv (list what services start / stop)
# chkconfig list
# service
------------------------------------------------------------------------------------------------------------------------------------------------------------------FLOPPY DISK FORMATTING
Low level format
# fdformat /dev/fd0H1440 (/usr/bin/fdformat)
High level format
# mkfs t vfat /dev/fd0
# mke2fs /dev/hda13 (Formatting to ext2 file system)
#mkfs t ext3 /dev/fd0 (Formatting to ext3 file system)
#mkfs J /dev/hda10 (Formatting to ext3 file system)
------------------------------------------------------------------------------------------------------------------------------------------------------------------REMOVE THE LINUX COMMANDS HISTROY
Command mode
# HISTSIZE=0
# HISTFILESIZE=0
Remove history commands from root permanently
# vi .bash_profile
user specific statements
HISTSIZE=0
HISTFILESIZE=0
export USERNAME BASH_ENV PATH HIST SIZE HISTFILESIZE
Page No 38
::wq!
# export HISTFILESIZE=0
# export HISTSIZE=0
------------------------------------------------------------------------------------------------------------------------------------------------------------------VIRTUAL NETWORK SCRIPTS
# cd /etc/sysconfig/network/network_scripts (all network services display)
# echo 1 > /proc/sys/net/ipv4/icmp_ignore_all (pinging off your machine ip address)
# echo 1 > /proc/sys/net/ipv4/ip_forward (pinging off your machine ip address)
# vi /etc/sysctl.conf (network ipv4_forward information)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
- SERVER SIDE
YP-TOOLS
- SERVER SIDE
- CLIENT
FROM NIS SERVER
# /usr/lib/yp/ypint m
------server host : server1.example.com
press ctrl+d
press y (updating NIS database)
#service yppasswdd restart
Note : Through NFS the NIS server users /home directory can sharing to the NIS client
Note : The root permissions u=rwx g=rx o=rx (ie chmod 755 /root)
vi /etc/exports
/home *(rw,sync)
/root *(rw,sync)
# service nfs restart
# exportfs av
TOCLIENT
system-config-authentication
(or)
authconfig
use NIS information
use MD5 password authentication
use shadow password authendication
click next button
domain : <domain name>
server : <server ip address>
finish
# service ypbind restart
# cd /etc/securetty
# login : (from nis user name)
NIS Trouble Shooting (client side)
ypwhich - return name of NIS server or map master
yptest test NIS configuration
Note : NIS server users /home directory can permanently mount to the NIS client
vi /etc/fstab
192.168.0.254:/home /home
nfs
192.168.0.254:/root
defaults
/root nfs
defaults
0 0
00
Note : logout the existing users & logon to the NIS server users.
------------------------------------------------------------------------------------------------------------------------------------------------------------------Linux commands (Alias)
# alias k=ls l
# alias m= mkdir
# alias r= rm
#alias c=clear
check the filetype
# file < filename>
# file <directory name>
# file.txt
# file vasanth.txt
CAT command
# cat A <filename> show all characters
# cat s <filename> sqeeral
# cat b <filename> number specify each line.
Help Utilities
# man passwd
# passwd --help
# ls --help
# info less
# info passwd
Graphical Editor
# xemacs
# vi
# kwrite
# kmail
# gedit
# ooffice (Word)
# oocalc (Excel)
# oopadmin ( printadmin)
Page No 41
whereis
# whereis update
# whereis grep
# whereis smb.conf
find
# find / -name *.html
# find /var/www/html -type f name *.html exec rm f {} /;
# find / -name mount
# find /home/vasanth name *.txt exec cp {} {}.org \;
# find /home/vasanth name *.txt exec cp {} \txtbackup \; (Search all text
files and copy to \txtbackup folder)
# find /home/vasanth name *.txt exec rm {} \; (Remove all the text files for
specified folder)
# which csh
# which sh
# which rm
# which bsh
Note : which command is used to identify the path /bin & /sbin
Login
# exe login <username>
# exe login kumar
Date & Time change
# date s 2005-04-30
# date s 2005-04-30 18:45
# date + %x date
# date + %X - time
# date +d
# date +c
ls
# ls l (detail information)
# ls a (hidden)
# ls R (subdirectory listing)
# ls li (list the files inode)
Page No 42
SoftLink
# ln s kl kumar
Different inode and different filename
HardLink
# ln kl kumar1
same inode different filename
Checking free space.
# du s h
# df h
# df /opt
# touch /var/lib/dhcp/dhcp.leases
# vi /var/lib/dhcp/dhcp.leases
# ddns (other users access)
# dhclient (dhcp client)
------------------------------------------------------------------------------------------------------------------------------------------------------------------Shell Script Command Execution
# vi sum.sh
echo enter 1 st value:
read num1
echo enter 2 nd value:
read num1
sum = `expr num1+num2
echo Total $sum
:wq!(Save & Exit)
------------------------------------------------------------------------------------------------------------------------------------------------------------------Squid Proxy
1. Set the proxy server, to restrict the particular websites sharing to the client users.
2. To create the partition volume capacity at least 100 MB up to 2 GB. This partition
can be used to configure the squid proxy.
Take the 1000 MB capacity partition (for example /dev/hda9) for squid configuration.
# fdisk -l
#mkdir /squid
# mount /dev/hda9 /squid
# ls /squid
# df h
# vi /etc/fstab
/dev/hda9
/squid
ext3 0 0
Page No 45
/data
ext3 defaults
0 0
Extend LVM (Do not umount the existing LVM file system-for example /data)
/dev/hda13 150MB
swap
swap
defaults 0 0
:wq!
# service nfs restart
# swapon a (active the swap partition)
# swapon s (check the status of the swap partition)
------------------------------------------------------------------------------------------------------------------------------------------------------------------DISK QUOTAS
# vi /etc/fstab
set the quotas for
LABEL=/home
/home
usrquota,grpquota
ext3 defaults
1 1
:wq!
# mount o remount /home
USER QUOTA
# quotacheck cm /
# quotaon /home
# edauota u vasanth (username)
Page No 47
Files systems
blocks soft
hard
inods
soft
0
# login : vasanth
# cat >bim.txt
GROUP QUOTA
# edquota g elmaq (groupname)
Files systems
blocks soft
hard
inods
soft
0
login : test1 (This test1 is grouped from elmaq)
login : test2 (This test2 is grouped from elmaq)
Create any files from the users test1 or test2; do not exceed 100k to 200k.
Because the quotas defined maximum of 200K.
# repquota a (reports the users quota)
# quota vasanth (report for particular user quota)
quotacheck command options
-a = scan all file systems, quota enables /etc/mtab
-v = performs verbose scan
-u = user quota scan
-g = group scan
-m = remove the scanner files
for example the command as follows
quotacheck avugm /home
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
SUDO
vi /etc/sudoers
# User Alias specification
User_Alias USERS=user1, user2
Page No 48
#Cmnd_Alias specifications
Cmnd_Alias
COMMAND
/usr/sbin/useradd,/usr/bin/passwd,/sbin/shutdown h now
#User Privilage specification
root ALL=(ALL) ALL
USERS ALL=ALL, COMMAND
Login user1
User1@server1$ sudo /usr/sbin/useradd kannan
User1@server1$ sudo /usr/sbin/passwd kannan
User1@server1$ sudo /sbin/shutdown h now
------------------------------------------------------------------------------------------------------------------------------------------------------------------PAM (Pluggable Authentication Module)
/etc/pam.d PAM account specifications
/lib/security PAM Accounts Service
/etc/pam.d
1. login account required /lib/security/pam_access.so
2. vsftpd account required /lib/security/pam_ftp.so
3. crond account required /lib/security/pam_deny.so
4. hwbrowser account required /lib/security/pam_deny.so
5. system-config-display account required /lib/security/pam_deny.so
6. system-config-samba account required /lib/security/pam_deny.so
7. system-config-securitylevel account required /lib/security/pam_deny.so
8. system-config-rootpassword account required /lib/security/pam_deny.so
9. sshd account required /lib/security/pam_deny.so
------------------------------------------------------------------------------------------------------------------------------------------------------------------Auto Mounter (cd, floppy & nfs)
/etc/auto.misc
Enable the following options
cd
fstype =iso9660,ro,nosuid,nodev
fstype=nfs,intr,soft
-fstype=auto
from /misc/floppy)
Page No 49
/etc/auto.master
/misc
/etc/auto.misc
--timeout=60
d. localhost
e. just ur domain name (ex: example.com)
Open the file /etc/mail/access
Add the following parameters to the list existing there...
ur mail servers name (ex: server1.example.com)
(i.e) server1.example.com
RELAY
RELAY
RELAY
RELAY
create
an
account
in
the
'evolution'
service
from
server
(server1.example.com)
Tools -> settings
Add new Mail Account ->
FullName : user1
E-mail: user1@server1.exampel.com (click forward)
Receiving Mail : IMAP
Host : server1.example.com (or) u r mail server ip address (Click Forward)
Sending Mail : SMTP
Host : server1.example.com (Click Forward)
Name: user1@server1.example.com
Finish
Go to user1 inbox
Tools -> settings
Add new Mail Account ->
FullName : user2
E-mail: user2@server1.exampel.com (click forward)
Receiving Mail : IMAP
Host : server1.example.com (or) u r mail server ip address (Click Forward)
Sending Mail : SMTP
Page No 51
Page No 52
Finish
Go to user3 inbox
Note: Now u can send and receive the mails from station1 (ie user1) to
station2 (ie user2) and vice versa.
(Send and Receive the Mails from linux server to Windows outlook express)
Go to outlook express
Select tools - > accounts -> Add mail
Display name: user1
E-mail Address : user1@server1.example.com
(click next..)
My incoming mail server is a IMAP
Incoming mail : 192.168.0.254 ( this is linux mail server ip address)
Outgoing Mail (SMTP) server
192.168.0.254 ( this is linux mail server ip address)
(click next..)
Account name : user1 ( this is linux mail server username)
Passwd : xxxxx
(click next..)
finish
go to inbox of (192.168.0.254) u can send and receive the mails from linux
server to outlook express and vice versa
------------------------------------------------------------------------------------------------------------------------------------------------------------------XDMCP
In linux you need to provide font using either X font server (xfs) or hard coded font path
in xf86 config and xf86config -u conf files. If you plan to use xfs font server, modify the
file given below,
Page No 54
port = 177
Page No 55
Server:
[server1.example.com, 192.168.0.254]
/var/named/chroot/etc/
5) vi named.conf
zone "java.com" IN {
type master;
file "java.com.zone";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "java.com.local";
allow-update { none; };
};
6) cd /var/named/chroot/var/named
7) cp localhost.zone java.com.zone
8) cp named.local java.com.local
9) vi java.com.zone
$TTL
@
86400
IN SOA server1.example.com. root.server1.example.com (
42
3H
15M
; expiry
1D )
www
26.
IN A
; refresh
; retry
1W
IN NS
; minimum
server1.example.com
192.168.0.254
vi java.com.local
$TTL
86400
Page No 56
IN
SOA
server1.example.com. root.server1.example.com. (
1997022700 ; Serial
28800
; Refresh
14400
; Retry
3600000
86400 )
IN
254
IN
NS
PTR
; Expire
; Minimum
server1.example.com
www.java..com
(Domain 1 specified)
PTR
www.virtual.com
(Domain 2 specified)
192.168.0.254 www.java.com
192.168.0.254
www.cirtual.com
neat
Device:
Static IP add : 10.0.0.25
Netmask
: 255.0.0.0
DNS:
Primary DNS : 10.0.0.25
DNS Path
: redhat.com/
DNS Client:
1) service named restart
2) neat
Device:
Static IP add : 10.0.0.24
Netmask
: 255.0.0.0
DNS:
Primary DNS : 10.0.0.25
DNS Path
: redhat.com/
3) vi /etc/resolv.conf
search www.java.com
nameserver 192.168.0.254
4) vi /etc/hosts
Page No 57
Two Domains
192.168.0.254
www.java.com
192.168.0.254
www.cirtual.com
1.Create a directory under /var called /website. Put the webpages that you have
already created for your website in this directory. If you don't have a website ready,
create one single html file for testing.
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
#</VirtualHost>
3.Copy these 7 lines by issuing the command 7yy. Paste these 7 lines at the end by
pressing p. Your file will look as here under :#<VirtualHost *>
#
ServerAdmin webmaster@dummy-host.example.com
Page No 58
DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
#</VirtualHost>
#<VirtualHost *>
#
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
#</VirtualHost>
4.Change the last 7 lines to the following :<VirtualHost 192.168.10.99>
DocumentRoot /var/website
</VirtualHost>
5. Save the file and exit.
1.Create a directory under /var called /website to store www.vk.com webpages and a
directory under /var called /newweb to store www.redhat.com webpages. Put the
respective webpages that you have already created for your websites in the
corresponding directories. If you don't have a website ready, create one single html file
for testing in each directory.
ServerAdmin webmaster@dummy-host.example.com
Page No 59
DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
#</VirtualHost>
3.Copy these 7 lines by issuing the command 7yy. Paste these 7 lines at the end by
pressing p. Your file will look as here under :#<VirtualHost *>
#
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
#</VirtualHost>
#<VirtualHost *>
#
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
#</VirtualHost>
4. Repeat Step 3. The end of the file will look like here under :#<VirtualHost *>
#
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
#</VirtualHost>
#<VirtualHost *>
Page No 60
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
#</VirtualHost>
#<VirtualHost *>
#
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
#</VirtualHost>
5.If you want to host multiple domains on the same IP, there is a directive called
NameVirtualHost that you need to configure. You will find this directive to be
commented just above the Virtual Host area. Change it to NameVirtualHost
192.168.10.99 . Once this is done, change the last lines to the following :<VirtualHost 192.168.10.99>
DocumentRoot /var/website
DirectoryIndex index.html
</VirtualHost>
<VirtualHost 192.168.10.99>
DocumentRoot /var/newweb
DirectoryIndex index.html
</VirtualHost>
6. Save the file and exit.
7. Now, at the prompt, issue the command service httpd start
8. Start a web browser and type www.vk.com at the address bar.
9. You will see the index.html which will be the first page of www.vk.com
10. Now type www.redhat.com at the address bar.
11. You will see the ndex.html which will be the first page of www.redhat.com
Page No 61
NOTE : If you do not give the DirectoryIndex directive, you will always get the
index.html of www.vk.com only.
------------------------------------------------------------------------------------------------------------------------------------------------------------------MULTI PLE SITES ON SAME IP ADDESS AND ALSO SHARING THE FOLDERS
THROUGH HTTP
Line No : 1004 NameVirtualHost 192.168.0.254:80
(www.java.com)
VirtualHost 192.168.0.254:80>
ServerAdmin root@server1.example.com
DocumentRoot /var/www/html/java (This folder contains the web index.html)
DirectoryIndex index.html
ServerName www.java.com
ErrorLog logs/dummy-java.com-error_log
CustomLog logs/dummy-java.com-access_log common
<Location javanotes> (This javanotes folder contains /var/www/html/java)
Order allow,deny
Allow from all
</Location>
</VirtualHost>
(www.virtual.com)
<VirtualHost 192.168.0.254:80>
ServerAdmin root@server1.example.com
DocumentRoot /var/www/html/virtual (This folder contains the web index.html)
DirectoryIndex index.html
ServerName www.virtual.com
ErrorLog logs/dummy-virtual.com-error_log
CustomLog logs/dummy-virtual.com-access_log common
</VirtualHost>
service httpd restart
go to FIRE ROX and type the following with address bar
http://www.java.com
Page No 62
------------------------------------------------------------------------------------------------------------------------------------------------------------------Introduction
Alternatives
It is possible for several programs fulfilling the same or similar functions to be installed
on a single system at the same time. For example, many systems have several text
editors installed at once.
This gives choice to the users of a system, allowing each to use a different editor, if
desired, but makes it difficult for a program to make a good choice of editor to invoke if
the user has not specified a particular preference.
In our example, we are going to create a link called editor, which will have a generic
name of myeditor. This link and generic name are going to be associated with 3 text
editors, namely gedit, kwrite and emacs. We will then switch the default editor between
these 3 editors according to user preference. The steps to implement this scenario are
less, but the concept is not that simple to understand.
Implementing Our Alternative
Issue the following commands:Code:
alternatives --install /etc/alternatives/editor myeditor /usr/bin/kwrite 90
alternatives --install /etc/alternatives/editor myeditor /usr/bin/gedit 90
alternatives --install /etc/alternatives/editor myeditor /usr/bin/emacs 90
The first command installs a link editor under /etc/alternatives directory, links it to a
generic name of myeditor, which in turn is linked to the kwrite application with a priority
of 90. The next two commands do the same thing for gedit and emacs.
Now, Issue the following command
Code:
alternatives --config myeditor
Your output will be as follows :Page No 63
code:
There are 3 programs which provide 'myeditor'.
Selection
Command
----------------------------------------------*+ 1
/usr/bin/kwrite
/usr/bin/gedit
/usr/bin/emacs
Command
----------------------------------------------*+ 1
/usr/bin/kwrite
/usr/bin/gedit
/usr/bin/emacs
Page No 64
13. Permanently assign the different label name to the existing file system
14. Change the label name for existing files systems like LABEL=/, LABEL=/home,
LABEL=/var & reboot the
system, analyze the problem and correct it.
15. Using fdisk create a new partition, delete a partition, formatting, mounting, and
permanently assign the
drives from the fstab.
16. Set the Grub Boot loader password & remove the Boot loader password using Linux
boot CD.
17. Trouble shooting X windows System
# vi /etc/X11/xorg.conf
Font path =
:wq!
# startx (problem starting)
# service xfs off (problem starting in X window).
18. Apache trouble shooting
Problem : apache service could not start
# vi /etc/httpd/conf/httpd.conf
listen 0.0.0.80 line no : 151 -> enable this line
:wq! (save & exit)
# Service httpd restart (service could not start)
19. Corrupt the file /bin/bash. And correct it.
20. Corrupt the file /sbin/init. And correct it
21. Damage the Existing Linux swap and make a new swap partition and include the
/etc/fstab
22. chattr + i /etc/passwd, chattr +i /etc/group, chattr +i /etc/shadow (This is read
only files). The users not login.
23. chattr + i /etc/securetty (This is read only files). Virtual console / tty problem
24. Open the file vi /etc/X11/fs/config comment to all FONT PATH options. And restart
the system.
25. Comment the 1ST line from vi/etc/fstab for following
# LABEL=/
ext3 defaults
:wq!
Reboot the system & correct it.
Page No 66
12
26. i) Rename your /etc/inittab configuration file. One possible name is /etc/bak.initttab
ii) /etc/inittab
# id:5:initdefault:
27. For example your system was installed win98 and LINUX. (Problem creating -clear
the linux MBR)
Booting your system through win98 boot disk and apply the command
FDISK /MBR,
Restart the system now LINUX MBR is cleared. Recover the LIUNX MBR.
28. Rename your /etc/rc.d/rc.sysinit configuration file. One possible name is
/etc/rc.d/bak.rc.sysinit
29. Rename your /etc/profile configuration file. One possible name is /etc/bak.profile
30. Rename your /etc/bashrc configuration file. One possible name is /etc/bak.bashrc
31. After typing the following command, check it three times and hit enter but once
dd if= /dev/zero of=/dev/hda bs=446 count=1; reboot
sector)
32. Use the following commands can overwrite the MOUNT command.
# cp /bin/date /bin/mount (reboot the system) correct that problem
33. /etc/shadow
#root:$1$1PlkLa::: (restart the system and correct it)
34. Go to vi /etc/sysconfig/network
Netwroking = yes (change Networking=no)
Hostname = localhost localhostdomain
:wq! (save and exit)
Problem : All Daemons are not functioning or not working
35. Go to vi /etc/selinux/config
SElinux = disabled (change SElinux = enforcing=0 or enforcing=1)
Save, exit and restart the system and correct that problem.
36. Remove all permissions to /tmp for the command as chmod 000 /tmp and restart
the linux system. The X window
problems creating.
Page No 67
37. Remove all permissions to /home for the command as chmod 000 /home and
restart the linux system. The X window
problems creating.
38. You can check it whether /tmp or /home directory is full (ie No Diskspace) or not.
Because if any one is full the Xwindow problem is create it.
Page No 68
MAIL CONFIGURATION
cd /etc/mail
SENDMAIL CONFIGURATION
vi sendmail.mc
dnl # DAEMON-OPTIONS (port=smtp,Addr=127.0.0.1,NAME=MTA dnl -- line no 105
(Comment this line
:wq! (save and exit)
m4 sendmail.mc > sendmail.cf
chkconfig sendmail on
service sendmail restart
IMAP,IMAPs,POP3 and POP3s Incoming Mail Configuration
vi /etc/dovecot.conf
protocols = imap imaps pop3 pop3s
Note :
(If the Examinar asking question IMAP you choose only IMAP)
(If the Examinar asking question IMAPs(IMAP secure) you choose only IMAPs)
:wq! (save and exit)
Page No 69
chkconfig dovecot on
service dovecot restart
go to X window and click Evolution mail and configure the mail for user JOHN in POP3
and SMTP.
Now user john gets the mail.
go to X window and click Evolution mail and configure the mail for user JANE in IMAP
and SMTP.
Now user jane gets the mail.
Send the mail from ROOT to user JOHN using MAIL and MUTT Command
Go to virtual console and apply the following commands :
root@server1# mail -v john@server1.example.com
Subject : HAI this is test mail
.
(dot)
CC :
(Carbon copy)
root@server1# mutt
Press a key m (MAIL)
To: john@server1.example.com
Subject: TESTING MAIL
Press y to sending a Mail
Go to Evolution Mail click Send&Receive options, the user JOHN gets the mail.
Page No 70
-rw,soft,intr
server1.example.com:/rhome/nisuser1
Page No 72
Page No 73
Page No 74
Page No 75