Академический Документы
Профессиональный Документы
Культура Документы
DEGREE COLLEGE OF
SCIENCE & COMMERCE.
T.Y.B.Sc C.S.
Linux Server
Administration
SHRI G.P.M. DEGREE COLLEGE OF
SCIENCE & COMMERCE.
(COMMITTED TO EXCELLENCE IN EDUCATION)
prescribed by the University of Mumbai under my supervision during the academic year 2018-
2019.
1
/ / Practical-4: SSH Server : Password Authentication Configure SSH
Server to manage a server from the remote computer,
SSH Client : (Ubuntu and Windows) ……………… ………………
/ /
Practical-6: Configure DHCP Server, Configure DHCP (Dynamic Host
Configuration Protocol) Server, Configure NFS Server to
share directories on your Network, Configure NFS
Client. (Ubuntu and Windows Client OS) ……………… ………………
2
/ / Practical-7: Configure LDAP Server, Configure LDAP Server in order
to share users' accounts in your local networks, Add
LDAP User Accounts in the Open LDAP Server,
Configure LDAP Client in order to share users'
Accounts in your local networks. Install
php LDAP admin to operate LDAP server via Web
Browser. ……………… ………………
/ / Example-1: Create samba server in Min Ubuntu. (IT Lab) ……………… ………………
/ / Example-2: Share file with your Android device using samba server.
(HOMEWORK) ……………… ………………
3
Theory-1
Single-Host Administration
Theory: The Dynamic Host Configuration Protocol (DHCP) is a network management
protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP
address and other network configuration parameters to each device on a network so they can
communicate with other IP networks. DHCP can be implemented on networks ranging in size
from home networks to large campus networks and regional Internet service
provider networks.
Practical-1
Aim: Install DHCP Server in Ubuntu 16.04
Source Code:
Step 1. Install dhcpd:
Step 2. Edit /etc/default/isc-dhcp-server to specify the interfaces dhcpd should listen to.
$sudo vi /etc/default/isc-dhcp-server
INTERFACES="ens33"
$sudo vi /etc/dhcp/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.20 192.168.1.30;
option routers 192.168.1.1;
option domain-name-servers ns1.example.org, ns2.example.org
option domain-name "example.org";
}
1|Page
Output:
2|Page
Step 5. Client Configuration (Client Machine is Fedora 28 Workstation)
3|Page
Conclusion: The Program successfully run and complied.
4|Page
Practical-1 : Example-1
Aim: Configure the DHCP server by matching the following Conditions:
Subnet and Net mask should be 192.168.0.0 and 255.255.255.0
Gateway Should be 192.168.0.254
DNS Server Should be 192.168.0.254
Domain Name should be example.com
Source Code:
sudo apt-get update
sudo apt-get install isc-dhcp-server
sudo reboot
sudo service isc-dhcp-server restart
ifconfig
5|Page
Output:
6|Page
Conclusion: The Program successfully run and complied.
7|Page
Practical-1 : Example-2
Aim: Install configure squid server with IP address192.168.1.240 with
different access control lists and block www.facebook.com for the
Client with IP address 192.168.1.220.
Source Code:
sudo apt-get update
sudo apt-get install squid squid-common
cd /etc/squid
ls (you should see the squid.conf file)
Output:
8|Page
Conclusion:
Imp. Note: While working on virtual machine, disable default DHCP Server in VMware
or VirtualBox.
9|Page
Practical-2
Aim: Initial settings: Add a User, Network Settings, Change To static IP
address, Disable IPv6 if Not needed.
Source Code:
# IPv4 gateway and primary address. The netmask
# is taken from the PREFIX (where 24 is a
# public IP, 17 is a private IP)
iface eth0 inet static
address 198.51.100.5/24
gateway 198.51.100.1
# Add DNS resolvers for resolvconf. Can mix IPv4 and IPv6.
dns-nameservers 203.0.113.1 2001:db8:0:123::2 203.0.113.3
dns-search members.linode.com
dns-options rotate
# cat /etc/resolv.conf
ping -c 3 google.com
ping6 -c 3 ipv6.google.com
10 | P a g e
Output:
11 | P a g e
Conclusion: The Program successfully run and complied.
12 | P a g e
Practical-2 : Example-1
Aim: Configure a Linux server system to assign IP Addresses dynamically
to the Client system.
Source Code:
nano / etc / network / interfaces
# ...
auto eth0
iface eth0 inet dhcp
13 | P a g e
Practical-2 : Example-2
Aim: Configure Services, display the list of services Which are running,
Stop and turn OFF auto- Start setting for a Service if you don’t need
it, Sudo Settings.
Source Code:
sudo tee /etc/init/mysql.override
sudo rm /etc/init/mysql.override
Output:
14 | P a g e
Practical-3
Source Code:
root@dlp:~#
apt-get -y install ntp
root@dlp:~#
vi /etc/ntp.conf
# line 18: omment out
#
pool 0.ubuntu.pool.ntp.org iburst
#
pool 1.ubuntu.pool.ntp.org iburst
#
pool 2.ubuntu.pool.ntp.org iburst
#
pool 3.ubuntu.pool.ntp.org iburst
#
pool ntp.ubuntu.com
# add servers of your timezone for time synchronization
server ntp1.jst.mfeed.ad.jp iburst
server ntp2.jst.mfeed.ad.jp iburst
server ntp3.jst.mfeed.ad.jp iburst
# line 50: add the network range you allow to receive requests
restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap
root@dlp:~#
systemctl restart ntp
# show status
root@dlp:~#
ntpq -p
root@client:~#
apt-get -y install ntpdate
root@client:~#
ntpdate ntp1.jst.mfeed.ad.jp
15 | P a g e
Output:
16 | P a g e
Conclusion: The Program successfully run and complied.
17 | P a g e
Practical-3 : Example-1
Aim: How to forcefully sync date and time using the NTP Server in
Linux.
Source Code:
# apt-get install ntp
#ntpq –p
#tail –f /var/log/syslog
Output:
18 | P a g e
Conclusion: The Program successfully run and complied.
19 | P a g e
Practical-3 : Example-2
Source Code:
gedit/etc/ntp.conf
Output:
20 | P a g e
Conclusion: The Program successfully run and complied.
21 | P a g e
Practical-4
Source Code:
[1] Password Authentication for Open SSH Server on Ubuntu is enabled by
default, so it's possible to login without changing any settings. Furthermore,
root account is prohibited Password Authentication by default with
"PermitRootLogin prohibit -password", so default set ting is good for use. But
if you prohibit root login all, change like follows.
root@dlp:~#
apt-get -y install openssh-server
root@dlp:~#
vi /etc/ssh/sshd_config
# line 28: change to no
PermitRootLogin
no
root@dlp:~#
systemctl restart ssh
SSH Client : Ubuntu : Ubuntu
Configure SSH Client for Ubuntu.
[4] It's possbile to execute commands on remote Host with adding commands to
ssh command.
# for example, open /etc/passwd on remote host
22 | P a g e
ubuntu@client:~$
ssh ubuntu@dlp.srv.world "cat /etc/passwd"
ubuntu@dlp.srv.world's password:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
...
ubuntu:x:1000:1000:ubuntu,,,:/home/ubuntu:/bin/bash
sshd:x:108:65534::/var/run/sshd:/usr/sbin/nologin
SSH Client : Windows
Configure SSH Client for Windows.
[5] Get a SSH Client for Windows. This example shows to use Putty like follows.
Input your server's IP address and Click 'Open' button.
[6] After authentication on SSH server, it's possible to login remotely with SSH.
Output:
23 | P a g e
Practical-4 : Example-1
Aim: Create a rule that will restrict SSH to allow Only Specific IP
addresses.
Source Code:
Remember that you can check your current iptables ruleset with sudo iptables -
S and sudo iptables -L.
This will save your current iptables rules to the /etc/sysconfig/iptables file.
Service: SSH
If you're using a cloud server, you will probably want to allow incoming SSH connections
(port 22) so you can connect to and manage your server. This section covers how to configure
your firewall with various SSH-related rules.
The second command, which allows the outgoing traffic of established SSH connections, is
only necessary if the OUTPUT policy is not set to ACCEPT.
24 | P a g e
Allow Incoming SSH from Specific IP address or subnet
To allow incoming SSH connections from a specific IP address or subnet, specify the
source. For example, if you want to allow the entire 15.15.15.0/24 subnet, run
these commands:
Output:
25 | P a g e
Practical-4 : Example-2
Source Code:
#!/bin/bash
echo "hello world" //print to screen
The first line called a hashbang or shebang. It tells Unix that this script should be
run through the /bin/bash shell. Second line is just the echostatement, which prints
the words after it to the terminal.
After saving the above file, we need to give it execute permission to make it runnable.
You can set the execute permission as follows
Output:
Hello world
Now we are done with the very basic shell script that prints `Hello world` to the
screen.
26 | P a g e
b. Configuring Booting with GRUB
27 | P a g e
c. Configuring High Availability Clustering
1. On both nodes in the cluster, start the ricci service and set a password for
user ricci.
3. Starting ricci: [ OK ]
4. # passwd ricci
5. New password:
7. On the node that will be hosting the web management interface, start
the luci service. This will provide the link from which to access luci on this node.
28 | P a g e
9. Starting luci: generating https SSL certificates... done
10. [ OK ]
11.
1. To access the High Availability management web interface, point your browser to the
link provided by the luci service and log in using the root account on the node
hosting luci. Logging in to luci displays the luci Homebase page.
2. To create a cluster, click on Manage Clusters from the menu on the left navigation
pane of the Homebase page. This displays the clusters page.
3. From the clusters page, click the Create button. This displays the Create New
Clusterscreen.
Clusters menu
4. On the Create New Cluster screen, enter the parameters for the cluster you are
creating. The Password field will be the ricci password you defined for the
indicated node. For more detailed information about the parameters on this screen
and information about verifying the certificate fingerprint of the ricci server,
see Section 4.4, “Creating a Cluster”.
29 | P a g e
Conclusion: The Program successfully run and complied.
30 | P a g e
Theory-2
Internet Services
Theory: DNS or Domain Name System, as we know is an internet service that is used to
translate the user friendly domain into computer friendly IP addresses. Not only can we
translate domain names to IP addresses, we can also perform reverse translation i.e. from IP
addresses to domain name translations. In this tutorial, we are going to learn to setup a private
DNS server by implementing BIND9 on Ubuntu/Debian system.
Practical-5
Aim: : Install DNS Server BIND, Configure DNS server which resolves
domain name or IP address, Install BIND 9, configure BIND, Limit
Ranges you allow to access if needed.
Source Code:
Installation of Bind 9 on Debian / Ubuntu System:
We need to install ‘bind9 bind9utils bind9-doc dnsutils’ to install BIND 9 & related tools.
Open your terminal & execute the following command,
31 | P a g e
Save the file & exit. Here we have mentioned locations for our forward lookup zone file &
reverse lookup zone files. Next we will create the mentioned forward & reverse zone files.
Firstly create the forward lookup zone file, Sample zone files (db.local) are already there in
‘/etc/bind folder‘, we can use and copy sample zone file
32 | P a g e
Here, we have added information regarding our DNS server & have also added A records for
couple of servers, also added record for a mail server & CNAME record for ftp server. Make
sure you edit this file to suit your network.
Next we will create a reverse lookup zone file at the same location,sample reverse lookup
zone file is present at ‘/etc/bind‘ folder.
33 | P a g e
linuxtechi@bind-server:~$ sudo systemctl restart bind9
Note:- In case OS firewall is running on your bind server then execute the below command to
allow 53 port
Rule added
linuxtechi@bind-server:~$
linuxtechi@bind-server:~$
If there is no syntax error in your bind configuration file, then it should return to shell without
showing any errors.
34 | P a g e
To cross verify the syntax your forward and reverse lookup zone files , use the command
“named-checkzone“, example is shown below:
OK
linuxtechi@bind-server:~$
OK
linuxtechi@bind-server:~$
search linuxtechi.local
nameserver 192.168.0.40
save the file & exit. We now have our client ready with DNS pointing to our server. We will
now use a CLI tool called ‘dig‘ command , which is used to get find out DNS & its related
information. Execute the following command from terminal,
35 | P a g e
This output shows that our DNS is working fine.
Also we can run ‘nslookup‘ command against our DNS server to confirm the output of dig
command.
36 | P a g e
Output:
Note:- While running dig command, if you get ‘command not found’ error than we need to
install ‘dnsutils’ package as dig command is part of ‘dnsutils’ package,
37 | P a g e
Practical-5 : Example-1
Source Code:
a. Installing and configuring NFS server
NFS Installation
Firstly we will install NFS, which is easy & can be installed using following command
Configuration
Now, we will share a directory, lets share our home (/home) directory.
vi /etc/exports
since its an empty file, we will the following lines to the file to share /home folder
Note If we are giving rw (read,write) settings on nfs share, make sure the permissions on the
folder are 777.
38 | P a g e
mountfs -V
& on client side, use following command to see the shared folder
• samba
• samba-common
• samba-winbind
You can install RPM from several sources including YUM repository, dump of RPM, FTP,
etc. In this article I am installing RPM form RHEL 6 disk. Mount RHEL 6 disk in media folder
and change directory to Package folder
39 | P a g e
Samba Daemons
If you have just installed RPM than these service would be stopped.
Make sure the services are running at the next time Linux is booted
During the RHCE 6 exam we will have both firewall (iptables) and SELinux protection.
40 | P a g e
On linuxclient system first try to mount sharedata from smbuser5 and than from smbuser1
We have created a group smbgroup above in this tutorial. Now configure Samba to allow access
only to this group.
On server change the group of sharedata and update the permission to 1770. Open
the smb.conf file
On linux client first try with smbuser5 which is not the member of smbgroup and later try with
smbuser3 which is the member of smbgroup
Now we will share only for user/ users. Now configure Samba toallow only smbuser1 on
sharedata folder.
On server make smbuser1 the owner of /sharedata folder and update the permission. Open the
smb.conf
41 | P a g e
Reload the file
On linuxclient first try with other users and latter try with smbuser1
So far in this article we have configured different level of access for Samba share. For RHCE
6 exam always remember that file permissions, file system mount options, SELinux Booleans,
ACL cannot be overridden by Samba. Its mean that if a directory does not have write
permission and you have Samba setting writeable = yes, it will not allow to write. This is the
reason why we first update the file system permission than we set Samba settings.
During the RHCE 6 exam following 2 commands can be very handy for you.
testparm
testparm command will check smb.conf file for internal errors. If output of this commands
return without any errors, you use the configuration file.
42 | P a g e
smbstatus
1. Download FileZilla Server and run the setup file to start installation.
2. Click I Agree button, make sure Standard type of installation is selected and click Next.
43 | P a g e
3. Click Next to accept the install location.
4. By default FileZilla Server will install as service and started automatically. There is also an
option to install as service but not automatically started or as a normal startup method. You
can also leave the port untouched unless there is another application that is using the same
port.
44 | P a g e
Create User Account In FileZilla Server
7. Although the FTP service is already running, but no one can connect it because you will
first need to create a user account and then assign the folders with proper permissions to the
user. Click on Edit menubar and select Users.
8. At the General page, click the Add button at the center right and enter the name of the user
account. Click OK.
9. Back at the Users window, make sure the enable account option is ticked. It is also
advisable to set a password for the user account by checking the password checkbox and
enter a password.
45 | P a g e
The basic setup of FileZilla Server is done. You can now scroll down and read on how can
another computer connect to your new FTP server. Please feel free to explore other features
in FileZilla Server such as user limit, SSL, speed limit, IP filter, groups, logging, MODE Z,
autoban and etc.
3. Leave all selected options in New Virtual Server window as default and click OK.
5. Enter the username, password and browse the directory that you want the user to have
access to. There is an icon located next to the Browse button that allows you to set the
permission. The default selected permissions are list read and list which is the same as
FileZilla Server.
46 | P a g e
6. Click OK button to create the user and close the User List window.
47 | P a g e
As you can see, the setting up of FTP server using Xlight is so much simpler compared to
FileZilla. You can check out the global options and also the additional settings for the virtual
servers. Do note that some features are disabled in the free version of Xlight after 30 days
usage. The biggest drawback in the free version of Xlight is the 5 online users limitation but
shouldn’t be a problem if you are using it privately on your home network.
48 | P a g e
Output:
49 | P a g e
Practical-5 : Example-2
Aim: Check all the servers are working correctly and these server can be
used to download files and share files.
Source Code:
Working with the Files panel in the FTP View
You can use the FTP view to view files and folders, check whether they are associated with a
Dreamweaver site or not, and perform standard file maintenance operations, such as opening
and moving files. The Files panel also helps you manage and transfer files to and from a
remote server.
After you set up a site in Dreamweaver, you can use the Files panel in the following ways:
• Access sites, a server, and local drives
• View files and folders
• Manage files and folders in the Files panel
• Synchronize files and folders between local and remote servers
Read on to learn how to use the Files panel in the FTP View.
At its simplest, the Files panel displays a list of only the local files in your computer. As you
work more with the Files panel - setting up a site, setting up connections to remote servers,
enabling check in and check out, more options appear in the Files panel.
Here's what the Files panel looks like:
• When no site is defined in Dreamweaver
• When a site is defined but a server is not defined
• When a site is defined, server connections are defined, and check-in and check-out of files is
enabled
For information on defining a site and server, see About Dreamweaver sites.
50 | P a g e
What the Files panel looks like when no site is defined in Dreamweaver
51 | P a g e
Output:
52 | P a g e
Practical-6
Source Code:
$ sudo apt install isc-dhcp-server
INTERFACES="eth0"
$ sudo vi /etc/dhcp/dhcpd.conf
option domain-name "tecmint.lan";
option domain-name-servers ns1.tecmint.lan, ns2.tecmint.lan;
default-lease-time 3600;
max-lease-time 7200;
authoritative;
host fedora-node {
hardware ethernet 00:4g:8h:13:8h:3a;
fixed-address 192.168.10.106;
}
53 | P a g e
$ sudo ufw allow 67/udp
$ sudo ufw reload
$ sudo ufw show
auto eth0
iface eth0 inet dhcp
Save the file and exit. And restart network services like so (or reboot the system):
------------ SystemD ------------
$ sudo systemctl restart networking
Output:
54 | P a g e
Practical-6 : Example-1
Source Code:
DHCP Server - CentOS 7
DHCP Clients - Fedora 25 and Ubuntu 16.04
# yum -y install dhcp
//DHCPDARGS=eth0
# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
# vi /etc/dhcp/dhcpd.conf
Start by setting the following global parameters which will apply to all the subnetworks
//option domain-name "tecmint.lan";
//option domain-name-servers ns1.tecmint.lan, ns2.tecmint.lan;
//default-lease-time 3600;
//max-lease-time 7200;
//authoritative;
host fedora-node {
hardware ethernet 00:4g:8h:13:8h:3a;
fixed-address 192.168.56.110;
}
start the DHCP service for the mean time and enable it to start automatically from the next system
boot
---------- On CentOS/RHEL 7 ----------
# systemctl start dhcpd
# systemctl enable dhcpd
55 | P a g e
---------- On CentOS/RHEL 6 ----------
# service dhcpd start
# chkconfig dhcpd on
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
//DEVICE=eth0
//BOOTPROTO=dhcp
//TYPE=Ethernet
//ONBOOT=yes
Output:
56 | P a g e
Practical-6 : Example-2
Source Code:
Output:
57 | P a g e
Conclusion: The Program successfully run and complied.
58 | P a g e
Practical-7
Source Code:
# Add DNS resolvers for resolvconf. Can mix IPv4 and IPv6.
dns-nameservers 203.0.113.1 2001:db8:0:123::2 203.0.113.3
dns-search members.linode.com
dns-options rotate
Output:
59 | P a g e
Conclusion: The Program successfully run and complied.
60 | P a g e
Practical-7 : Example-1
Aim: Use SSL to communicate with the LDAP server. For SSL to function,
the LDAP server must support SSL.
Source Code:
$ su
# openssl req –new –key
# apt-get install ntp
#service ntp status
#ntpq –p
#tail –f /var/log/syslog
Output:
61 | P a g e
Conclusion: The Program successfully run and complied.
62 | P a g e
Practical-7 : Example-2
Aim: To make a search request to the LDAP server, use the administrator
account for authentication
Source Code:
Output:
63 | P a g e
Theory-3
Intranet Services
Practical-8
Aim: Configure NIS Server in order to share users' accounts in your local
networks, Configure NIS Client to bind NIS Server.
Source Code:
# /usr/lib64/yp/ypinit –m
# etc/init.d/rpcbind status
# /etc/init.d/ypserv start
# etc/init.d/rpcbind restart
# etc/init.d/ypserv restart
root:[password]:0:0::0:0:The super-user:/root:/bin/csh
operator:*:2:5::0:0:System &:/:/sbin/nologin
64 | P a g e
bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin
basie#
Output:
65 | P a g e
Conclusion: The Program successfully run and complied.
66 | P a g e
Practical-8 : Example-1
Source Code:
#hostnamect1 set-hostname nismaster.example.local
# reboot
$ping 192.168.0.10
#vim /etc /hosts
# yum install ypserv rpcbind –y
#ypdomainname eample.local
# vim /etc / sysconfig/network
# vim /var/yp/securenets
# systemct1 start rpcbind ypserv ypxfrd yppasswdd
# systemct1 enable rpcbind ypserv ypxfrd yppasswdd
# /usr/lib64/yp/ypinit –m
Output:
67 | P a g e
Conclusion: The Program successfully run and complied.
68 | P a g e
Practical-8 : Example-2
Source Code:
Output:
69 | P a g e
Conclusion: The Program successfully run and complied.
70 | P a g e
Practical-9
Aim: Install Samba to share folders or files between Windows and Linux.
Source Code:
$Apt-get –y install samba
$Mkdir /home/share
$gedit /etc/samba/smb.conf
71 | P a g e
$Ifconfig
72 | P a g e
$clear
$exit
73 | P a g e
74 | P a g e
#systemctl restart smbd & systemctl status smbd
75 | P a g e
76 | P a g e
#cd /home/share
/home/mkdir#mkdir quick
77 | P a g e
Output:
78 | P a g e
Practical-9 : Example-1
Source Code:
$sudo apt install samba
79 | P a g e
$ sudo mkdir media /storage
Output:
80 | P a g e
Practical-9 : Example-2
Aim: Share file with your Android device using samba server.
Source Code:
Output:
81 | P a g e
82 | P a g e
Conclusion: The Program successfully run and complied.
83 | P a g e