Академический Документы
Профессиональный Документы
Культура Документы
4 [nascent@rhel6-testing Desktop]$ uname -a Linux rhel6-testing 2.6.32-71.el6.x86_64 #1 SMP Wed Sep 1 01:33:01 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux VIM vi filename vi +100 RHCE.txt insert insert(2 times) Esc :wq :wq! :e! yy dd dw yw p gg G set nu x a i d$ 2w 3e 0 BASH commands cat /etc/issue cat /etc/redhat-release cat > filename example: # cat > abc.txt (Ctrl +D) is used to save the file e2fsck mkfs -t ext3 /dev/sda2 mount -t iso9600 /devcdrom /mnt/cdrom mount -t iso9600 -o loop fn.iso /dir pwd ls -lta ls -ll lsusb -v lsusb -vv locate grub.conf locate grub.conf > ab -show OS name -display OS
-open file cursor on line 100 -insert mode -replace mode -escape mode -write changes and quit -write changes and force quit -returns to the last saved version of the file -copy a line -delete a line -cut a word -copy a word -paste -go to beginning -go to end -view lines in a numbered manner -to delete the character under the cursor -to append text(after cursor) -to append text(before cursor) -to delete to the end of the line -to move the cursor two words forward -to move the cursor to the end of the third word forward -to move to the start of the line
-check a Linux ext2/ext3/ext4 file system -to make a partition -mount .iso image on /mnt -mount iso image -print working directory -list long,time-based,hidden -long list -display detailed information about all devices -very detailed information about all devices -find files by name -display file locations and dump o/p in file ab
find / -name grub find / -user nascent > fn find / -name xorg.conf du -h /home/nascent/Desktop/ COMPRESSION gzip -c filename > fn.gz bzip2 -c fn.txt > fn.bz2 tar -zcvf fn.txt.tar.gz fn.txt tar -jcvf fn.txt.tar.bz2 fn.txt tar czvf home.tar.gz /home gzip hai gunzip hai.gz bzip2 hai bunzip2 hai.bz2 tar -cvf hai.tar hai tar -xvf hai.tar grep 'search' fn.txt grep -i 'search' fn.txt grep sshd messages grep -v sshd messages cdrecord -v /tmp/backhome.iso date -s "07/19/2011" date -s "07/19/2011 10:15:00" cal cal 2011 cal 07 2011 history -c bc whoami who which w uname -r mkdir -p {1,2,3}/{apple,ball,cat} head -5 install.log tail -5 install.log more install.log less install.log ln -s ab ac ln ab ac updatedb chkconfig wc # wc /var/log/dmesg 754 5093 37215 /var/log/dmesg (lines|words|size) lpr USER MANAGEMENT cat /etc/passwd cat /etc/default/useradd useradd
-search for files in a directory hierarchy -dumps into file fn -find files -shows the size of the folder Desktop
-make tarball from home directory -create hai.gz(replace original file) -exctract hai.gz(replace original file)
-search for the keyword in the text(case sensitive) -case insensitive -search sshd in file messages -all entries but 'sshd' will be shown -write iso image to cd -change date -change date and time -show calender -show 2011 -show july 2011 -clear history -calculator -print who is logged -show who is logged on -shows the full path of (shell) commands -Show who is logged on and what they are doing -kernel version - make dir apple,ball,cat etc in all dir 1,2,3 -view top 5 lines -view bottom 5 lines -view with scrolling(b & space) -view with scrolling(advanced) - make symbolic links instead of hard links(ab is the original file) - make hard links - update a database for mlocate(locate command) -displays runlevel information for system services -print newline, word, and byte counts for each file
-print files
-all users' info -default config file for useradd -add user
usermod -G grpname usernam -add user to a group usermod -d /kel sibin -change home directory usermod -u 502 -G sales,marketing -s /bin/bash arun usermod -u 502 -G sales,marketing -s /bin/bash arun chmod +x fn.py -change mode execution permission chmod -x fn.py -remove executn permission chmod 664 -no one can execute chmod 775 -everyone can execute chmod 600 -only user and root can execute chmod 2775 chmod 3777 /sales/Downloads -ensure the dir will not lose files from incorrect users chmod 664 dsadsad -default file permissions chmod 1777 asd -only root and owner can delete chmod 2777 asd -set SGID chmod 4777 asd -set SUID chmod o=x aaa -only execute for others for file aaa chmod o+r aaa -add read for others for file aaa chmod o-w aaa -remove write for others for file aaa chmod u+s /usr/sbin/kppp chmod u=r,g=r,o=r aaa -read for user,group and others stat /marketing -display file or file system status chmod 1777 /marketing/ -apply sticky bit(only owner can delete the file) chmod g+s /mass -special group permission for all files created in folder mass) chmod 2755 /mass -" chown user1 /marketing chgrp sales asd PARTITIONING fdisk /dev/sda mkfs -t ext4 /dev/sda6 mount -a (update vi /etc/fstab) mkswap /dev/sda7 swapon /dev/sda7 swapon -s (update vi /etc/fstab) Or dd if=/dev/zero of=/swapfile1G bs=1024 count=1048568 parted -l parted /dev/sda mkpart primary 1 10GB mke2fs -t ext4 -j /dev/sdb1 mkpart primary 11.2 15 set 4 lvm on blkid LVM pvcreate /dev/sda5 /dev/sda6 /dev/sda7 vgcreate nascent /dev/sda5 /dev/sda6 /dev/sda7 lvcreate -L 250M -n ar /dev/nascent lvcreate -L 320M -n as /dev/nascent lvcreate -L 684M -n at /dev/nascent pvs vgdisplay -change ownership of folder /ar to user1 -change group for file asd to group sales
mkfs -t ext4 /dev/nascent/ar mkfs -t ext4 /dev/nascent/as mkfs -t ext4 /dev/nascent/at (update vi /etc/fstab) pvcreate /dev/partition1 /dev/partion2 -create a LVM partiton pvs -report information about physical volumes pvdisplay -display attributes of a physical volume vgcreate grpname /dev/partion1 /dev/partition2 -create a vol group partiton vgdisplay lvcreate -L 100M -n lvm1 /dev/nascent lvscan -display existing lvm members root@rhel6-testing ~]# lvscan ACTIVE '/dev/nascent/aa' [600.00 MiB] inherit ACTIVE '/dev/nascent/as' [320.00 MiB] inherit ACTIVE '/dev/nascent/ad' [320.00 MiB] inherit lvextend -L +20M /dev/nascent/aa -extend the size of a logical volume [root@rhel6-testing ~]# lvextend -L +320 /dev/nascent/aa Extending logical volume aa to 660.00 MiB Logical volume aa successfully resized lvreduce -reduce the size of a logical volume [root@rhel6-testing ~]# lvreduce -L -60 /dev/nascent/aa WARNING: Reducing active logical volume to 600.00 MiB THIS MAY DESTROY YOUR DATA (filesystem etc.) Do you really want to reduce aa? [y/n]: y Reducing logical volume aa to 600.00 MiB Logical volume aa successfully resized lvextend -l 120 /dev/nascent/aa -extend using PE(physicalextends) resize2fs -p /dev/nascent/aa -(p for displaying progress) lvcreate -s snap_name -L 100M /dev/nascent/asd -create snapshot of asd
lvreduce -L 6G /dev/nascent/aa resize2fs /dev/nascent/aa 6G lvresize -L 15GB /dev/nascent/aa resize2fs /dev/nascent/aa 15G lvrename volgrp_name oldname newname lvresize -L 6GB /dev/nascent/aa pvcreate /dev/sdb6 vgrename oldname newname vgextend volgrp_name /dev/sdb6 vgreduce volgrp_name /dev/sdb6 HACK ROOT PASSWORD 1.log in single user mode 2.getenforce 3.setenforce 0 4.passwd FILE PERMISSION FORMAT
[akhil@rhel6-testing ~]$ ls -ltr total 8 -rw-rw-r--. 1 akhil akhil 52 Jul 27 11:17 dsadsad -rw-rw-r--. 1 akhil akhil 0 Jul 27 11:31 asd drwxrwxr-x. 2 akhil akhil 4096 Jul 27 11:35 aaa
- for file d for directory r for read w for write x for execute first 3 for user next 3 for group next 3 for others -rw-rw-r--. 1 nascent nascent 0 Jul 28 11:15 aaa -rw-r--r--. 1 root root 0 Jul 28 11:20 aaa -default settings of a file when a user creates it(664) -default settings of a file when root user creates it(644)
drwxr-xr-x. 2 root root 4096 Jul 28 15:12 aaaa -default settings of a folder when root user creates it(755) drwxrwxr-x. 2 nascent nascent 4096 Jul 28 15:12 aaaa -default settings of a folder when a user creates it(775) FILE S/m CHECK [root@rhel6-testing ~]# fsck /dev/sda1 fsck from util-linux-ng 2.17.2 WARNING: bad format on line 19 of /etc/fstab e2fsck 1.41.12 (17-May-2010) /dev/sda1: clean, 40/51200 files, 36958/204800 blocks RPM PACKAGE MANAGEMENT rpm -ivh flash-plugin-10.3.181.26-release.i386.rpm rpm -ivh --aid <package> rpm -ivh --nodeps <package> rpm -Uvh <package> rpm -Fvh <package> rpm -qa <package> rpm -qa | grep <package> rpm -qi <package> rpm -e <package> rpm -ql <package> rpm -qa rpm -qa | grep grep rpm -qa | grep -i xorg | wc -l rpm -qf <package> rpm -qc <package> rpm -qd <package> rpm -V <package> rpm -qp <package> rpm2cpio x.rpm | cpio --list rpm2cpio x.rpm | cpio -id
-all install dependencies -install package without dependencies -upgrade -repair -query all -query and find -query installed -remove -query locations -query all packages -search for package named 'grep' -returns the no of packages with 'xorg' in their names
############################################################## YUM mkdir /repodir mount /dev/cdrom /mnt cd /mnt/ cp -rf /mnt/packages/* /repodir cp -rf /mnt/Server/repodata/* /repodir createrepo -v /repodir rpm --import RPM-GPG-KEY-redhat-beta rpm --import RPM-GPG-KEY-redhat-release
vi /etc/yum.repos.d/x2.repo [nascent] baseurl=file:///repodir enabled=1 gpgcheck=0 mv packagekit-media.repo packagekit-media.back yum list all yum install <package> yum remove <package> yum info <package> yum search <package> yum reinstall <package> yum erase <package> PROCESS MANAGEMENT ps -A ps -a ps -o state 3985 [S-sleep T-stop R-running Z-zombie] ps -u nascent fuser -v / tail -f /var/log/messages ps -aux | grep htttpd pgrep -l sshd tload grep "lspci" nice nice -n -19 11073 renice -n 19 11073 kill kill -TERM <PID> kill -15 2806 kill -kill 2806 kill -9 2806 killall firefox pkill ping skill, snice skill top -print processes used by user -identify processes using files or sockets or users -(f for follow) display latest status of the file -(a-all u-user x-BSD)fetch information about the process -display process ID and name -graphic representation of system load average -run a program with modified scheduling priority -highest priority assignment -renicing -terminate a process -terminate child processes first and then parent process -" -all process with PID -process in that terminal -print status of process 3985
top - 15:19:27 up 25 min, 8 users, load average: 0.76, 0.69, 0.90 Tasks: 205 total, 1 running, 204 sleeping, 0 stopped, 0 zombie Cpu(s): 1.0%us, 2.9%sy, 0.0%ni, 96.2%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 2061140k total, 1621256k used, 439884k free, 303640k buffers Swap: 0k total, 0k used, 0k free, 899736k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 3403 root 20 0 93664 51m 27m S 12 2.6 1:29.94 Xorg 13871 ubuntu 20 0 151m 18m 11m S 3 0.9 0:01.29 gnome-terminal 3342 ubuntu 20 0 162m 9240 7660 S 1 0.4 0:10.43 pulseaudio 4301 ubuntu 20 0 206m 79m 41m S 1 3.9 1:23.48 vlc 12 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/3 free poweroff ps -A -Display amount of free and used memory in the system
skill -c evince skill -u nascent jobs skill -STOP gedit skill -STOP evince skill -CONT gedit ps -Ao comm,nice lsof chattr +i asd chattr -i asd lsattr JOB SCHEDULING at, batch, atq, atrm at 02:00 08/12/2011 at -l atq at -d 1 at -m BOOT PROCESS 1.BIOS initialisation i)POST(Power On Self Test) ii)Runtime initialisation 2.Boot loader initialisation Main Boot Record Master Boot Record
-kill process evince by command -kill user nascent -display suspended jobs -stop process gedit(not kill) -" -continue process gedit -display commands with niceness value -list open files -change attributes to file asd -remove attributes to file asd -list attributes
-queue, examine or delete jobs for later execution -execute following commands at the specified time
ACL setfacl setfacl -m u:nascent:5: /mnt/x getfacl /root/asd setfacl -x u:nascent:5: /mnt/x man rpm | col -b > rpm.txt last, lastb ^A-beginning of line ^C-force quit ^E-end of line ^L-clear ^U-clear line ^K-clear line after cursor ^T-toggle ^O-equivalent to enter ^D-exit or logout usermount net system-config-authentication authentication services authconfig-gtk -A graphical tool to mount, unmount and format filesystems -Tool for administration of Samba and remote CIFS servers -GUI utility for configuring user identity and system -" -set file access control lists -permission for -display permission info -remove permission -convert man page to txt file -show listing of last logged in users
authconfig-tui -text mode utility chroot /mnt/sysimage -rescue mode with root privileges scp -rv /home/nascent/Documents/Redhat/ root@192.168.1.35:/home -copy file from one PC to another NETWORKING route netstat -rn system-config-network #cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 HWADDR=20:cf:30:55:97:93 NM_CONTROLLED=yes ONBOOT=no IPADDR=192.168.1.225 BOOTPROTO=none NETMASK=255.255.255.0 TYPE=Ethernet GATEWAY=192.168.1.253 DNS1=192.168.1.253 IPV6INIT=no USERCTL=no #cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=localhost.localdomain hostname hostname domainname dnsdomainname nisdomainname ypdomainname ip IPv4 has subnet and NAT IPv6 has no subnet and NAT wget http://example.com/package-0.3.6-1.el6.rf.x86_64.rpm SELinux(Security Enhaced Linux) First name was MAC.developed by NSA.Redhat acquired it and changed name to selinux Three mode: 1)Disabled 2)Permissive 3)Enforcing Kernel has 3 components 1)Firewalls 2)Subprograms 3)Device drivers SELinux Context sestatus ls -Z fn ls -Zd /root/ -SELinux status tool -to view the context of selinux of file -to view the context of selinux of folder -show / manipulate the IP routing table -display Kernel IP routing table -configure IP and DNS
-display and change hostname -show or set the system's host name -show or set the system's NIS/YP domain name -show the system's DNS domain name -show or set system's NIS/YP domain name -show or set the system's NIS/YP domain name -show / manipulate routing, devices, policy routing and tunnels
[root@localhost mplayer-checkout-2011-08-16]# ls -Zd /root/ dr-xr-x---. root root system_u:object_r:admin_home_t:s0 /root/ system_u object_r sytem_r admin_home_t -user field -role field for file/folder -role field for process -type field(specifies the nature of data in the file/process) -change context -import context from file 57 to 97 -restore SELinux contexts -set boolean value(on/off) for services.each service have one/more
chcon -u root fn chcon --reference=file57 file97 restorecon -R /var/www/html setsebool -P virt_use_samba on booleans NFS yum install nfs* service rpcbind restart chkconfig rpcbind on mkdir /nfs cp -rf /media/JAYAN/Redhat/ /nfs/ vim /etc/exports
/nfs 192.168.1.0/255.255.255.0(ro,sync,no_root_squash) exportfs -rv chkconfig nfs on iptables -F service iptables save service nfs restart showmount -e 192.168.1.226 mount 192.168.1.226:/nfs /mnt vi /etc/fstab 192.168.1.226:/nfs OR mkdir /nfs chmod a+w /nfs yum -y install nfs-utils rpcbind chkconfig nfs on chkconfig rpcbind on chkconfig nfslock on vi /etc/sysconfig/nfs RQUOTAD_PORT=875 LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 MOUNTD_PORT=892 STATD_PORT=662 STATD_OUTGOING_PORT=2020 iptables -I INPUT -m multiport -p tcp --dport 111,662,875,892,2049,32803 -j ACCEPT iptables -I INPUT -m multiport -p udp --dport 111,662,875,892,2049,32769 -j ACCEPT service iptables save vi /etc/exports
/mnt
nfs
soft,nfsvers=2 0 0
/nfs 192.168.10.0/255.255.255.0(rw,sync,no_root_squash) setsebool -P nfs_export_all_rw 1 service rpcbind start service nfs start service nfslock start exportfs -a vi /etc/hosts.allow mountd: 192.168.10.0/255.255.255.0 vi /etc/hosts.deny portmap:ALL lockd:ALL mountd:ALL rquotad:ALL statd:ALL nfsstat
FTP default port:20&21 (udp&tcp) # cat /etc/yum.repos.d/test.repo [Nascent] name=test baseurl=ftp://192.168.1.251/repo gpgcheck=0 enabled=1 yum list all vsftp* cp /media/JAYAN/RHCE.txt /var/ftp/ ls /var/ftp/ /etc/logrotate.d/vsftpd /etc/pam.d/vsftpd rpm -qlc vsftpd vim /etc/vsftpd/vsftpd.conf service vsftpd restart chkconfig vsftpd on iptables -F sestatus chkconfig --list /etc/vsftpd/ftpusers /etc/vsftpd/user_list /etc/vsftpd/vsftpd.conf mkdir uploads chmod 755 uploads/ setenforce 0 getsebool -a | grep ftp* [root@nas-test Desktop]# getsebool -a | grep ftp* allow_ftpd_anon_write --> on allow_ftpd_full_access --> on allow_ftpd_use_cifs --> on
allow_ftpd_use_nfs --> on ftp_home_dir --> on ftpd_connect_db --> on httpd_enable_ftp_server --> on ncftool_read_user_content --> off sftpd_anon_write --> off sftpd_enable_homedirs --> off sftpd_full_access --> off sftpd_write_ssh_home --> off tftp_anon_write --> on setsebool -P allow_ftpd_anon_write on setsebool -P ftp_home_dir on SAMBA yum install samba* mkdir /mnt/samba cp -r /media/JAYAN/Redhat/ /mnt/samba/ ls /mnt/samba cp -r /media/JAYAN/Rapunzel/* /mnt/samba/ ls /mnt/samba ls -Zd /mnt/samba/ chcon -Rt samba_share_t /mnt/samba/ ls -Zd /mnt/samba/ vim /etc/samba/smb.conf # A publicly accessible directory, but read only, except for people in # the "staff" group [nascent] comment = Public Stuff path = /mnt/samba public = yes writable = yes printable = no write list = nas anandu useradd anandu passwd anandu smbpasswd -a anandu smbpasswd anandu smbpasswd -a nas On client system smbclient //192.1668.1.225/nascent -U anandu vim /etc/fstab //192.1668.1.225/nascent findsmb smbtree smbclient APACHE yum install httpd* vim /etc/httpd/conf/httpd.conf /mnt cifs username=anandu 00
-list info about machines that respond to SMB name queries on -A text based smb network browser -ftp-like client to access SMB/CIFS resources on servers
ServerAdmin root@localhost ServerName www.example.com:80 DirectoryIndex index.html index.html.var service httpd start chkconfig httpd on vim /etc/httpd/conf/httpd.conf NameVirtualHost *:80 <VirtualHost nascent.com:80> ServerAdmin root@nascent.com DocumentRoot /var/www/html ServerName nascent.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </VirtualHost> vim /etc/hosts 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 192.168.1.226 nascent.com service httpd restart vim /var/www/html/.htaccess AuthName "redhat" AuthType Basic AuthUserFile /etc/httpd/conf/.htpasswd-rhce require user redhat htpasswd -mc /etc/httpd/conf/.htpasswd-rhce redhat vim /etc/httpd/conf/httpd.conf <Directory /> Options FollowSymLinks AllowOverride Authconfig </Directory> AllowOverride Authconfig service httpd restart vim /var/www/html/.htaccess service httpd restart iptables -F service iptables save service httpd restart IPTABLES iptables iptables-restore iptables-save iptables -L netstat -rn netstat -nlt netstat -nltd netstat -nld iptables -t nat iptables -t nat -L
iptables -t nat -L PREROUTING iptables -t filter -L INPUT ifconfig nslookup 192.168.1.200 netstat -g netstat -n netstat -t netstat -nt netstat -tl netstat -tlp netstat -tlpd netstat -a -all netstat -an -all but name resolution is not shown netstat -ntl -name,tcp,listen netstat -ntlp -port :::514 -ipv6 0.0.0:514 -ipv4 netstat -i -interface netstat -u -udp netstat -rn -routing table(same as route) arp -a -BSD style arp -e -linux style iptables -t nat -L iptables -t filter -L vim /etc/sysconfig/iptables ls -Z /etc/sysconfig/iptables iptables -I INPUT -s 192.168.1.226 -j REJECTiptables -I INPUT -s 192.168.1.226 -j ACCEPT iptables -I INPUT -s 192.168.1.226 -j DROP iptables -I INPUT -s 192.168.1.226 -p tcp -dport 22 -j DROP -ssh denied iptables -I INPUT -s 192.168.1.226 -p tcp -dport 3306 -j DROP -mysql denied iptables -R INPUT 2 -p tcp --dport 336 -j DENY iptables -L -v -verbose list SSH ssh 192.168.0.104 ssh -X 192.168.0.104 Config files: /etc/ssh/sshd_config /etc/ssh/ssh_config [root@server5 Desktop]# cat ~/.ssh/authorized_keys2 ssh-dss AAAAB3NzaC1kc3MAAACBALIjBpLgzBZ+3F/676BG3L+Luxd9y7oL6VNXQ2My+X3Plh6A0KoWoTGhd6d nw7F+YTzskEdKtyt5gxiUtq4pajAUO7z90G0QzTALKjTAotFXDe8mRTn4mlJdF+XhO5tSGm48cQPiJ5pnecT3P rH42aQqK/T81TT+3tWc/l8Iql+7AAAAFQCtgBO8570M7d1XbsEbXySW+aaBiQAAAIEAlA4lHd9QnXZCVrX YuCV94UrI29YEgesrzz1cK4reY35q0u+xXktv4fKyaeX1AYbwONuwEXmUZyl6dFEVU6d4gZQUCdgxthvlhXG uKe98ii2mzOTUwdFHEapL4upRb3m75CWbkyiEo6WxEemPJlSP+XROnqC8bDU5AcBUl1YojO8AAACAU4m PpvYYNr9t3O7woozYusQ6fS1quIC1UxMXkDHSDZOYVw/eRbPwasvWOEDsx24Ds3XXEE9xBeshmzARfX/d s6WIespoiihE0f62m1/ievKVPmBoF0/1b560TIUOPN7KHQv8G2XJW4W/U8B/nPLh8YIl6/Iii5kTCWh359xS84I = root@localhost.localdomain [root@server5 Desktop]# cat ~/.ssh/known_hosts 192.168.0.104 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAu3gDgzixvAPACgHv1pWLnCWgyDj1ryvt8jwZMpq2HMbTNvFGvjj fjRAgK5NeelDnBU/2qHb8/Q+WGvmwJZwOQAPKOQM5DE2Wd8Bhtoh9HIzhZeU1DkaDChNnzI4RjA0JnAc6
XRIWC4ma+Mq9mu7FQpFv3/kbsWMRj1KU6pEv2BZC0BfhB42hnR6wtgCOZeIWtx9sgEE9WcX4GJYaMLGf ORQe02ZYF3XA82iYfRbDaB4bQNsNEvpQ+gtMBIDZhN6beuqs8K43DwN+b/fpg5JjBeSSGXIipHiSgxWmHH nHPyylB5kIflrZ2oaDxQWrnURw/ZIdefj7k0H85ewlenFEVQ== cat ~/.ssh/known_hosts system-config-network service network restart ifup br0 ifconfig br0 192.168.0.5 up ssh 192.168.0.5 -p 2222 -port 2222 vim /etc/ssh/sshd_config PermitRootLogin no PasswordAuthentication no PermitRootLogin without-password Banner /etc/issue.net vim known_hosts ssh-keygen ls cat id_rsa cat id_rsa.pub file id_rsa ssh-copy-id root@192.168.0.4 ssh root@192.168.0.4 RSYNC rsync a fast, versatile, remote (and local) file-copying tool rsync /var/a.txt 192.168.0.5:/mnt rsync /z.txt alice@server3.example.com:/home/alice
PING-Packet Internet Gropper PHYSICAL STORAGE tune2fs -l /dev/vda1 tune2fs -j /dev/vda1 tune2fs -L label_name /dev/vda1 e2label /dev/vda1 e2label /dev/vda1 nascent tune2fs -o user_xattr acl /dev/vda1 -list file s/m properties -create journal -create labelname for partition -show partition label -rename label
wget http://instructor/pub/gls/errata.repo -O /etc/yum.repos.d/errata.repo yum update kernel lab-setup-bootbreak-4 lab-grade-bootbreak-4 AUTOFS yum install autofs config files /etc/auto.master /etc/auto.misc /etc/auto.net /etc/auto.smb /etc/autofs_ldap_auth.conf
/etc/sysconfig/autofs vim /etc/auto.server oshu -ro instructor.example.com:/var/nfs/oshu vim /etc/auto.master /special /etc/auto.server service autofs reload chkconfig autofs --list cd /special/oshu CHAGE chage -m 0 -M 90 -W 7 -I 14 student chage -l student chage -d 0 student LDAP system-config-authentication ldap://instructor.example.com Use TLS to encrypt connections http://instructor.example.com/pub/EXAMPLE-CA-CERT Authentication method-LDAP password vim /etc/auto.master /home/guests /etc/auto.guests vim /etc/auto.guests ldapuser1 -rw * -rw service autofs reload -(m-min days,M-max days,W-waning days,I-inactive days) -list current settings -will force a password chaange on next login
instructor:/home/guests/ldapuser1 instructor:/home/guests/$
LUKS(Linux Unified Key System) mkdir /data mount /dev/vda5 /data/ mkswap /dev/vda6 mount -a cryptsetup luksFormat /dev/vda7 cryptsetup luksOpen /dev/vda7 secret mkfs -t ext4 /dev/mapper/secret mkdir /secret mount /dev/mapper/secret /secret/ mount -a swapon /dev/vda6 lab-grade-storage GRUB, the GRand Unified Boot loader LOG cat rsyslog.conf vim rsyslog.conf *.debug /var/log/debug.log service rsyslog restart
logger -p debug Testing debug tail /var/log/debug.log cat /var/log/debug.log Logger command-to send a message to rsyslogd with debug priority and verify the message was logged to the new log file. Enable BOOT password vim /boot/grub/grub.conf password --md5 >encrypted password> /etc/inittab /etc/init /etc/init/rcS.conf
TROUBLESHOOTING mount -o remount,rw / vim /etc/fstab SUDOERS visudo or vim /etc/sudoers User_Alias NAS = x1 NAS ALL=/sbin/fdisk NAS ALL= NOPASSWD:/sbin/fdisk (without password) LDAP authconfig GNUPG gpg --gen-key gpg --list-keys gpg --export -a 8D365A22 > test.key gpg import
ADVANCED NETWORKING nmap -sU -p 5353 serverX.example.com nmap -sU serverX.example.com nmap sU nmap sT nmap sP netstat -a netstat -l netstat -n netstat -ntl netstat -ntlp :::514 0.0.0:514 netstat -i netstat -u netstat -rn tcpdump -i eth0 -scan port 5353 -scan all open ports -udp scan -tcp scan -port scan -all -listening(active) -display number not name resolution -name,tcp,listen -port -ipv6 -ipv4 -interface -udp -routing table(same as route) -monitor packets
tcpdump -nn -l -s 2000 -w packets -i eth0 for interface' ip addr add 10.10.0.1/24 dev eth0 label eth0:0
-'nn for everything' 'l for line buffering' 'w for file to be written' 'i
-set virtual ip
port -a logical place where both services access the system(enter or exit) Nagios -3rd party network monitoring tool. NTOPINTERFACE BONDING Interface Bonding -connecting multiple interfaces into a single virtual interface Modes 0 -balancing or round robin Mode 1 -active backup Mode 3 -broadcasting *********** Interface Bonding ************* Interface Bonding-connecting multiple interfaces into a single virtual interface Modes 0 -balancing or round robin, Mode 1 -active backup, Mode 3 -broadcasting # vim /etc/sysconfig/network-scripts/ifcfg-bond0 DEVICE=bond0 IPADDR=192.168.6.70 NETMASK=255.255.255.0 GATEWAY=192.168.6.3 ONBOOT=yes BOOTPROTO=none USERCTL=no # vim /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 USERCTL=no BOOTPROTO=none MASTER=bond0 SLAVE=yes ONBOOT=yes # vim /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 USERCTL=no BOOTPROTO=none MASTER=bond0 SLAVE=yes ONBOOT=yes # vim /etc/modprobe.conf alias bond0 bonding options bond0 mode=balance-alb miimon=100 # service network restart # init 6
iptables has 5 chains i)prerouting chain ii)forwarding iii)input iv)output v)postrouting Rule -Criteria determining which packets to match and a target or action determining what to do with those packets Chain -(where rules reside)a list of rules which will be checked in order,first match takes effect Policy -the default action,ACCEPT or DROP taken if no rule matches in a built-in chain Table -a set of chains used for a particular purpose filter or block traffic PREROUTING-this filtering point deals with packets first upon arrival POSTROUTING-this filtering point handles packets immediately prior to leaving the system. FORWARD -this filtering point handles packets being routed through the local system INPUT -this filtering point handles packets destined for local system after the routing decision OUTPUT -this filtering point handles packets after they have left their sending process and prior to postrouting MASQUERADE-it targets process the source ip address to be changed to match the ip of the interface which leaves the firewall on
iptables
-I INPUT chain
iptables -L INPUT -list input chain -I -insert -A -append -R -replace -P -default policy -D -delete -s -source -d -destination -t -table -j -jump -p -protocol -m -match -i -input interface -o -output interface
iptables -t filter -L
iptables -I INPUT -m state --state NEW -j ACCEPT -accept a new network if it is enabled someday iptables -I INPUT -m state --state ESTABLISHED -j ACCEPT iptables -I INPUT -m state --state RELATED -j ACCEPT iptables -I INPUT -m state --state RELATED -j LOG iptables -A INPUT -s 0/0 -d 192.168.0.7 -i eth0 -p udp --sport 1024:65535 --dport 80 -j ACCEPT iptables -I FORWARD -s 0/0 -d 192.168.0.107 -i eth0 -o eth1 -p udp --sport 1024:64535 --dport 80 -j ACCEPT iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.107 -it is to set a rule to redirect a traffic arriving at serverX.example.com on port 80 to the same port on 192.168.0.254 iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.0.1 iptables -t nat -A PREROUTING -i eth0 -m tcp -p tcp --dport 80 -j DNAT iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source <public IP> iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source 61.17.18.20 -command to share internet on a LAN(****imp****) SNAT is done in POSTROUTING DNAT is done in PREROUTING and OUTPUT MASQUERADE is another case of SNAT and is done in POSTROUTING SSH PORT FORWARDING
AVAHI Avahi performs zeroconf service discovery on a network on a client machine Zeroconf-permits machines on the same subnet to communicate and discover each other's services without static networking,dhcp or other explicit configuration. ISCSI iscsiadm -m discovery -t st -p 192.168.0.254 ('m' for mode 't' for type 'st' for send target 'p' for portal) iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server6 -p 192.1638.0.254 -l service iscsi status fdisk -cu /dev/sda mkfs.ext4 /dev/sda1 mkdir /iscsi vim /etc/fstab /dev/sda1 /iscsi etx4 _netdev 0 0 mount -a iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server6 -p 192.168.0.254 -u iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server6 -p 192.168.0.254 -o delete HTTPS yum install crypto* yum install -y httpd* yum install -y mod_ssl* genkey --days 365 server6.example.com vim /etc/httpd/conf.d/ssl.conf SSLCertificateFile /etc/pki/tls/certs/server6.example.com.crt SSLCertificateKeyFile /etc/pki/tls/private/server6.example.com.key links https://server6.example.com
APACHE VIRTUAL HOSTS semanage -a -t httpd_sys_content_t '/www4/html(/.*)?' restorecon -vFR /www4/html vim /etc/httpd/conf/httpd.conf NameVirtualHost 192.168.0.104:80 <VirtualHost server4.example.com:80> ServerAdmin root@server4.example.com DocumentRoot /var/www/html ServerName server4.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common ServerAlias server4 </VirtualHost> <VirtualHost www4.example.com:80> ServerAdmin root@www4.example.com DocumentRoot /www4/html ServerName www4.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common ServerAlias www4 </VirtualHost> mkdir -p /www4/html chcon --reference=/var/www/html/ /www4/ service httpd restart CGI(Common Gateway Interface) wget ftp://instructor.example.com/pub/gls/special.cgi chmod 755 /var/www/cgi-bin/special.cgi chown root:root /var/www/cgi-bin/special.cgi <VirtualHost www6.example.com:80> ServerAdmin root@www6.example.com DocumentRoot /www6/html ServerName www6.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common ServerAlias www6 ScriptAlias /cgi-bin/ "/www6/html/cgi-bin/" </VirtualHost> curl http://www6.example.com/cgi-bin/special.cgi service httpd restart Authentication htpasswd -mc /etc/httpd/.htpasswd bob htpasswd -m /etc/httpd/.htpasswd alice vim /etc/httpd/conf/httpd.conf <VirtualHost server6.example.com:80> ServerAdmin root@server6.example.com
DocumentRoot /var/www/html ServerName server6.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common ServerAlias server6 </VirtualHost> <VirtualHost www6.example.com:80> ServerAdmin root@www6.example.com DocumentRoot /www6/html ServerName www6.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common ServerAlias www6 </VirtualHost> <Directory /www6/html/private> AuthName "Secret" AuthType basic AuthUserFile /etc/httpd/.htpasswd Require valid-user </Directory> service httpd configtest service httpd restart chkconfig httpd on LDAPAuthentication wget ftp://instructor/pub/example-ca.crt vim /etc/httpd/conf/httpd.conf LDAPTrustedGlobalCert CA_BASE64 /etc/httpd/example-ca.crt <Directory /www6/html/private> AuthName "Secret" AuthType basic AuthBasicProvider ldap AuthLDAPUrl "ldap://instructor.example.com/dc=example,dc=com" TLS Require valid-user </Directory> httpd -t service httpd restart
NTP service ntpd start vim /etc/ntp.conf restrict 192.168.0.0 mask 255.255.255.0 server 192.168.0.254 peer 192.168.0.1 peer 192.168.0.101 peer 192.168.0.201 service ntpd restart ntpq -p
remote refid st t when poll reach delay offset jitter ============================================================================== instructor.exam LOCAL(0) 11 u 61 64 3 0.180 0.956 0.725 RTC-real time clock kod-kiss of death UTC-cordinated universal time SMTP Port-25 MUA-Mail User Agent MTA-Mail Transfer Agent MDA-Mail Delivery Agent POP3-Post Office Protocol(port-110) IMAP-Internet Message Access Protocol(port-143) yum -y install postfix yum -y install mutt vim /etc/postfix/main.cf inet_interfaces = all service postfix restart mutt elvis@server6.example.com mailq postfix flush sendmail -q [root@desktop6 ~]# host -al domain6.example.com less -F /var/log/messages vim /etc/postfix/main.cf myorigin =domain6.example.com local_transport="error:local delivery disabled" relayhost =domain6.example.com service postfix restart chkconfig postfix ondate | mail -s test student tail /var/log/maillog [root@server6 ~] vim /etc/postfix/main.cf inet_interfaces = all myorigin = domain6.example.com relayhost =[smtp.domain6.example.com] mydestination =domain6.example.com service postfix restart chkconfig postfix on [root@host6 ~] vim /etc/postfix/main.cf inet_interfaces = all
myorigin = domain6.example.com local_transport="error:local delivery disabled" mynetworks="127.0.0.0/8 192.168.0.0/24" service postfix restart chkconfig postfix on DNS yum -y install bind vim /etc/named.conf listen-on port 53 { any;}; forwarders { 192.168.0.254; }; allow-query { 192.168.0.0/24; }; dnssec-validation no; service named restart NFS yum install nfs* mkdir -p /share/current /share/archives vim /etc/exports /share/current 192.168.0.0/24(rw,sync) /share/archives 192.168.0.0/24(ro,sync) exportfs -rv service nfs start chkconfig nfs on chmod 777 /share/current/ service nfs restart #On client showmount -e 192.168.0.4 mkdir -p /sales/current /sales/archives vim /etc/fstab desktop4.example.com:/share/current /sales/current nfs soft,nfsvers=4 0 0 desktop4.example.com:/share/archives /sales/archives nfs soft,nfsvers=4 0 0 mount -a mount SAMBA yum install samba* vim /etc/samba/smb.conf workgroup = BUTLER [school] comment = Public Stuff path = /shared/school printable = no write list = @greenred writable = no guest ok = no
groupadd greenred useradd -s /sbin/nologin -aG greenred alan mkdir -p /shared/school chgrp greenred /shared/school/ chmod 2777 /shared/school/ smbpasswd -a alan useradd -s /sbin/nologin bob smbpasswd -a bob service smb restart chkconfig smb on semanage fcontext -a -t public_content_t '/shared(/.*)?' semanage fcontext -a -t samba_share_t '/shared/school(/.*)?' restorecon -vvRf /shared/ restorecon -vvRf /shared/school/ iptables -A INPUT -p udp --dport 137:138 ACCEPT iptables -A INPUT -p udp --dport 137:138 -j ACCEPT iptables -A INPUT -p udp --dport 139 -j ACCEPT iptables -A INPUT -p udp --dport 445 -j ACCEPT service iptables save service iptables restart FTP yum install vsftpd* mkdir /var/ftp/dropbox chmod 733 /var/ftp/dropbox/ chgrp ftp /var/ftp/dropbox/ vim /etc/vsftpd/vsftpd.conf anon_upload_enable=YES local_umask=077 chown_uploads=YES iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -A INPUT -p udp --dport 20 -j ACCEPT service iptables save service iptables restart service vsftpd restart setsebool -P allow_ftpd_anon_write on semanage fcontext -a -t public_content_rw_t '/var/ftp/dropbox(/.*)?' restorecon -vFR /var/ftp/dropbox/ service vsftpd restart chkconfig vsftpd on
TROUBLESHOOTING device (hd0) /dev/vda root (hd0,0) setup (hd0) quit chroot /mnt/sysimage Tips and Tricks 1.always use "chkconfig service on" after changing its settings 2.update /etc/fstab file for automatic mounting of file systems 3.reboot system after altering partition table using fdisk/parted
4.check ntsysv for automatic startups of various services 5.use iptables -F if needed 6.always execute resize2fs after lvextend 7.always execute resize2fs before lvreduce 8.update /etc/crypttab file for automatic mounting of LUKS encrypted file systems 9.use service autofs reload not "restart" 10.keep a backup of fstab and inittab during exam. fdisk -cu /dev/sda partx -a /dev/sda5 partx -d /dev/sda5 -sectors -add new partition -
init 6 cat /proc/partitions fdisk -ul cryptsetup luksFormat /dev/vda6 cryptsetup luksFormat /dev/vda7 cryptsetup luksOPen /dev/vda7 test cryptsetup luksOpen /dev/vda7 test mkfs -t ext4 /dev/mapper/test mkdir /test mount /dev/mapper/test /test/ ls /test/ du -h /test/ umount /test/ cryptsetup Close test cryptsetup luksClose test vim /etc/crypttab vim /etc/fstab cat /etc/crypttab cat /etc/fstab init 6 mount vim /etc/crypttab echo testing123 > /root/encrypted chown /root/encrypted root chown root /root/encrypted chmod 600 /root/encrypted ls /root/encrypted ll /root/encrypted cryptsetup luksAddKey /dev/vda7 /root/encrypted init 6 cp fn ~/Desktop && chown user ~/Desktop/fn ping -c 2 8.8.8.8 ping -c 2 8.8.8.8 -s 32(32 bytes+8 bye icmp overhead) ping -c 2 -i 3 8.8.8.8 -interval of 3 ping -I 192.168.1.120 192.168.1.225 telnet 192.168.1.225 netstat -a -all netstat -an -all but name resolution is not shown netstat -ntl -name,tcp,listen netstat -ntlp -port :::514 -ipv6 0.0.0:514 -ipv4 netstat -i -interface netstat -u -udp netstat -rn -routing table(same as route) arp -a -BSD style arp -e -linux style