RHEL 6.0 (Santiago) Features: 1.kernel 2.6.32-71.el6.x86_64 2.Gnome 2.28.2 3.KDE 4.3.

4 [nascent@rhel6-testing Desktop]$ uname -a Linux rhel6-testing 2.6.32-71.el6.x86_64 #1 SMP Wed Sep 1 01:33:01 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux VIM vi filename vi +100 RHCE.txt insert insert(2 times) Esc :wq :wq! :e! yy dd dw yw p gg G set nu x a i d$ 2w 3e 0 BASH commands cat /etc/issue cat /etc/redhat-release cat > filename example: # cat > abc.txt (Ctrl +D) is used to save the file e2fsck mkfs -t ext3 /dev/sda2 mount -t iso9600 /devcdrom /mnt/cdrom mount -t iso9600 -o loop fn.iso /dir pwd ls -lta ls -ll lsusb -v lsusb -vv locate grub.conf locate grub.conf > ab -show OS name -display OS

-open file cursor on line 100 -insert mode -replace mode -escape mode -write changes and quit -write changes and force quit -returns to the last saved version of the file -copy a line -delete a line -cut a word -copy a word -paste -go to beginning -go to end -view lines in a numbered manner -to delete the character under the cursor -to append text(after cursor) -to append text(before cursor) -to delete to the end of the line -to move the cursor two words forward -to move the cursor to the end of the third word forward -to move to the start of the line

-check a Linux ext2/ext3/ext4 file system -to make a partition -mount .iso image on /mnt -mount iso image -print working directory -list long,time-based,hidden -long list -display detailed information about all devices -very detailed information about all devices -find files by name -display file locations and dump o/p in file ab

find / -name grub find / -user nascent > fn find / -name xorg.conf du -h /home/nascent/Desktop/ COMPRESSION gzip -c filename > fn.gz bzip2 -c fn.txt > fn.bz2 tar -zcvf fn.txt.tar.gz fn.txt tar -jcvf fn.txt.tar.bz2 fn.txt tar czvf home.tar.gz /home gzip hai gunzip hai.gz bzip2 hai bunzip2 hai.bz2 tar -cvf hai.tar hai tar -xvf hai.tar grep 'search' fn.txt grep -i 'search' fn.txt grep sshd messages grep -v sshd messages cdrecord -v /tmp/backhome.iso date -s "07/19/2011" date -s "07/19/2011 10:15:00" cal cal 2011 cal 07 2011 history -c bc whoami who which w uname -r mkdir -p {1,2,3}/{apple,ball,cat} head -5 install.log tail -5 install.log more install.log less install.log ln -s ab ac ln ab ac updatedb chkconfig wc # wc /var/log/dmesg 754 5093 37215 /var/log/dmesg (lines|words|size) lpr USER MANAGEMENT cat /etc/passwd cat /etc/default/useradd useradd

-search for files in a directory hierarchy -dumps into file fn -find files -shows the size of the folder Desktop

-compress and dump the o/p(stdout)

-make tarball from home directory -create hai.gz(replace original file) -exctract hai.gz(replace original file)

-search for the keyword in the text(case sensitive) -case insensitive -search sshd in file messages -all entries but 'sshd' will be shown -write iso image to cd -change date -change date and time -show calender -show 2011 -show july 2011 -clear history -calculator -print who is logged -show who is logged on -shows the full path of (shell) commands -Show who is logged on and what they are doing -kernel version - make dir apple,ball,cat etc in all dir 1,2,3 -view top 5 lines -view bottom 5 lines -view with scrolling(b & space) -view with scrolling(advanced) - make symbolic links instead of hard links(ab is the original file) - make hard links - update a database for mlocate(locate command) -displays runlevel information for system services -print newline, word, and byte counts for each file

-print files

-all users' info -default config file for useradd -add user

usermod -G grpname usernam -add user to a group usermod -d /kel sibin -change home directory usermod -u 502 -G sales,marketing -s /bin/bash arun usermod -u 502 -G sales,marketing -s /bin/bash arun chmod +x fn.py -change mode execution permission chmod -x fn.py -remove executn permission chmod 664 -no one can execute chmod 775 -everyone can execute chmod 600 -only user and root can execute chmod 2775 chmod 3777 /sales/Downloads -ensure the dir will not lose files from incorrect users chmod 664 dsadsad -default file permissions chmod 1777 asd -only root and owner can delete chmod 2777 asd -set SGID chmod 4777 asd -set SUID chmod o=x aaa -only execute for others for file aaa chmod o+r aaa -add read for others for file aaa chmod o-w aaa -remove write for others for file aaa chmod u+s /usr/sbin/kppp chmod u=r,g=r,o=r aaa -read for user,group and others stat /marketing -display file or file system status chmod 1777 /marketing/ -apply sticky bit(only owner can delete the file) chmod g+s /mass -special group permission for all files created in folder mass) chmod 2755 /mass -" chown user1 /marketing chgrp sales asd PARTITIONING fdisk /dev/sda mkfs -t ext4 /dev/sda6 mount -a (update vi /etc/fstab) mkswap /dev/sda7 swapon /dev/sda7 swapon -s (update vi /etc/fstab) Or dd if=/dev/zero of=/swapfile1G bs=1024 count=1048568 parted -l parted /dev/sda mkpart primary 1 10GB mke2fs -t ext4 -j /dev/sdb1 mkpart primary 11.2 15 set 4 lvm on blkid LVM pvcreate /dev/sda5 /dev/sda6 /dev/sda7 vgcreate nascent /dev/sda5 /dev/sda6 /dev/sda7 lvcreate -L 250M -n ar /dev/nascent lvcreate -L 320M -n as /dev/nascent lvcreate -L 684M -n at /dev/nascent pvs vgdisplay -change ownership of folder /ar to user1 -change group for file asd to group sales

-command-line utility to locate/print block device attributes

mkfs -t ext4 /dev/nascent/ar mkfs -t ext4 /dev/nascent/as mkfs -t ext4 /dev/nascent/at (update vi /etc/fstab) pvcreate /dev/partition1 /dev/partion2 -create a LVM partiton pvs -report information about physical volumes pvdisplay -display attributes of a physical volume vgcreate grpname /dev/partion1 /dev/partition2 -create a vol group partiton vgdisplay lvcreate -L 100M -n lvm1 /dev/nascent lvscan -display existing lvm members root@rhel6-testing ~]# lvscan ACTIVE '/dev/nascent/aa' [600.00 MiB] inherit ACTIVE '/dev/nascent/as' [320.00 MiB] inherit ACTIVE '/dev/nascent/ad' [320.00 MiB] inherit lvextend -L +20M /dev/nascent/aa -extend the size of a logical volume [root@rhel6-testing ~]# lvextend -L +320 /dev/nascent/aa Extending logical volume aa to 660.00 MiB Logical volume aa successfully resized lvreduce -reduce the size of a logical volume [root@rhel6-testing ~]# lvreduce -L -60 /dev/nascent/aa WARNING: Reducing active logical volume to 600.00 MiB THIS MAY DESTROY YOUR DATA (filesystem etc.) Do you really want to reduce aa? [y/n]: y Reducing logical volume aa to 600.00 MiB Logical volume aa successfully resized lvextend -l 120 /dev/nascent/aa -extend using PE(physicalextends) resize2fs -p /dev/nascent/aa -(p for displaying progress) lvcreate -s snap_name -L 100M /dev/nascent/asd -create snapshot of asd

lvreduce -L 6G /dev/nascent/aa resize2fs /dev/nascent/aa 6G lvresize -L 15GB /dev/nascent/aa resize2fs /dev/nascent/aa 15G lvrename volgrp_name oldname newname lvresize -L 6GB /dev/nascent/aa pvcreate /dev/sdb6 vgrename oldname newname vgextend volgrp_name /dev/sdb6 vgreduce volgrp_name /dev/sdb6 HACK ROOT PASSWORD 1.log in single user mode 2.getenforce 3.setenforce 0 4.passwd FILE PERMISSION FORMAT

-adding new partition to volgrp -remove partition to volgrp

-status of SELinux(normally Enforcing) -changes to permissive mode

[akhil@rhel6-testing ~]$ ls -ltr total 8 -rw-rw-r--. 1 akhil akhil 52 Jul 27 11:17 dsadsad -rw-rw-r--. 1 akhil akhil 0 Jul 27 11:31 asd drwxrwxr-x. 2 akhil akhil 4096 Jul 27 11:35 aaa

- for file d for directory r for read w for write x for execute first 3 for user next 3 for group next 3 for others -rw-rw-r--. 1 nascent nascent 0 Jul 28 11:15 aaa -rw-r--r--. 1 root root 0 Jul 28 11:20 aaa -default settings of a file when a user creates it(664) -default settings of a file when root user creates it(644)

drwxr-xr-x. 2 root root 4096 Jul 28 15:12 aaaa -default settings of a folder when root user creates it(755) drwxrwxr-x. 2 nascent nascent 4096 Jul 28 15:12 aaaa -default settings of a folder when a user creates it(775) FILE S/m CHECK [root@rhel6-testing ~]# fsck /dev/sda1 fsck from util-linux-ng 2.17.2 WARNING: bad format on line 19 of /etc/fstab e2fsck 1.41.12 (17-May-2010) /dev/sda1: clean, 40/51200 files, 36958/204800 blocks RPM PACKAGE MANAGEMENT rpm -ivh flash-plugin-10.3.181.26-release.i386.rpm rpm -ivh --aid <package> rpm -ivh --nodeps <package> rpm -Uvh <package> rpm -Fvh <package> rpm -qa <package> rpm -qa | grep <package> rpm -qi <package> rpm -e <package> rpm -ql <package> rpm -qa rpm -qa | grep grep rpm -qa | grep -i xorg | wc -l rpm -qf <package> rpm -qc <package> rpm -qd <package> rpm -V <package> rpm -qp <package> rpm2cpio x.rpm | cpio --list rpm2cpio x.rpm | cpio -id

-all install dependencies -install package without dependencies -upgrade -repair -query all -query and find -query installed -remove -query locations -query all packages -search for package named 'grep' -returns the no of packages with 'xorg' in their names

-list files in an rpm package -show block size

############################################################## YUM mkdir /repodir mount /dev/cdrom /mnt cd /mnt/ cp -rf /mnt/packages/* /repodir cp -rf /mnt/Server/repodata/* /repodir createrepo -v /repodir rpm --import RPM-GPG-KEY-redhat-beta rpm --import RPM-GPG-KEY-redhat-release

vi /etc/yum.repos.d/x2.repo [nascent] baseurl=file:///repodir enabled=1 gpgcheck=0 mv packagekit-media.repo packagekit-media.back yum list all yum install <package> yum remove <package> yum info <package> yum search <package> yum reinstall <package> yum erase <package> PROCESS MANAGEMENT ps -A ps -a ps -o state 3985 [S-sleep T-stop R-running Z-zombie] ps -u nascent fuser -v / tail -f /var/log/messages ps -aux | grep htttpd pgrep -l sshd tload grep "lspci" nice nice -n -19 11073 renice -n 19 11073 kill kill -TERM <PID> kill -15 2806 kill -kill 2806 kill -9 2806 killall firefox pkill ping skill, snice skill top -print processes used by user -identify processes using files or sockets or users -(f for follow) display latest status of the file -(a-all u-user x-BSD)fetch information about the process -display process ID and name -graphic representation of system load average -run a program with modified scheduling priority -highest priority assignment -renicing -terminate a process -terminate child processes first and then parent process -" -all process with PID -process in that terminal -print status of process 3985

-send a signal or report process status -display Linux tasks

top - 15:19:27 up 25 min, 8 users, load average: 0.76, 0.69, 0.90 Tasks: 205 total, 1 running, 204 sleeping, 0 stopped, 0 zombie Cpu(s): 1.0%us, 2.9%sy, 0.0%ni, 96.2%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 2061140k total, 1621256k used, 439884k free, 303640k buffers Swap: 0k total, 0k used, 0k free, 899736k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 3403 root 20 0 93664 51m 27m S 12 2.6 1:29.94 Xorg 13871 ubuntu 20 0 151m 18m 11m S 3 0.9 0:01.29 gnome-terminal 3342 ubuntu 20 0 162m 9240 7660 S 1 0.4 0:10.43 pulseaudio 4301 ubuntu 20 0 206m 79m 41m S 1 3.9 1:23.48 vlc 12 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/3 free poweroff ps -A -Display amount of free and used memory in the system

skill -c evince skill -u nascent jobs skill -STOP gedit skill -STOP evince skill -CONT gedit ps -Ao comm,nice lsof chattr +i asd chattr -i asd lsattr JOB SCHEDULING at, batch, atq, atrm at 02:00 08/12/2011 at -l atq at -d 1 at -m BOOT PROCESS 1.BIOS initialisation i)POST(Power On Self Test) ii)Runtime initialisation 2.Boot loader initialisation Main Boot Record Master Boot Record

-kill process evince by command -kill user nascent -display suspended jobs -stop process gedit(not kill) -" -continue process gedit -display commands with niceness value -list open files -change attributes to file asd -remove attributes to file asd -list attributes

-queue, examine or delete jobs for later execution -execute following commands at the specified time

ACL setfacl setfacl -m u:nascent:5: /mnt/x getfacl /root/asd setfacl -x u:nascent:5: /mnt/x man rpm | col -b > rpm.txt last, lastb ^A-beginning of line ^C-force quit ^E-end of line ^L-clear ^U-clear line ^K-clear line after cursor ^T-toggle ^O-equivalent to enter ^D-exit or logout usermount net system-config-authentication authentication services authconfig-gtk -A graphical tool to mount, unmount and format filesystems -Tool for administration of Samba and remote CIFS servers -GUI utility for configuring user identity and system -" -set file access control lists -permission for -display permission info -remove permission -convert man page to txt file -show listing of last logged in users

authconfig-tui -text mode utility chroot /mnt/sysimage -rescue mode with root privileges scp -rv /home/nascent/Documents/Redhat/ root@192.168.1.35:/home -copy file from one PC to another NETWORKING route netstat -rn system-config-network #cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 HWADDR=20:cf:30:55:97:93 NM_CONTROLLED=yes ONBOOT=no IPADDR=192.168.1.225 BOOTPROTO=none NETMASK=255.255.255.0 TYPE=Ethernet GATEWAY=192.168.1.253 DNS1=192.168.1.253 IPV6INIT=no USERCTL=no #cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=localhost.localdomain hostname hostname domainname dnsdomainname nisdomainname ypdomainname ip IPv4 has subnet and NAT IPv6 has no subnet and NAT wget http://example.com/package-0.3.6-1.el6.rf.x86_64.rpm SELinux(Security Enhaced Linux) First name was MAC.developed by NSA.Redhat acquired it and changed name to selinux Three mode: 1)Disabled 2)Permissive 3)Enforcing Kernel has 3 components 1)Firewalls 2)Subprograms 3)Device drivers SELinux Context sestatus ls -Z fn ls -Zd /root/ -SELinux status tool -to view the context of selinux of file -to view the context of selinux of folder -show / manipulate the IP routing table -display Kernel IP routing table -configure IP and DNS

-display and change hostname -show or set the system's host name -show or set the system's NIS/YP domain name -show the system's DNS domain name -show or set system's NIS/YP domain name -show or set the system's NIS/YP domain name -show / manipulate routing, devices, policy routing and tunnels

[root@localhost mplayer-checkout-2011-08-16]# ls -Zd /root/ dr-xr-x---. root root system_u:object_r:admin_home_t:s0 /root/ system_u object_r sytem_r admin_home_t -user field -role field for file/folder -role field for process -type field(specifies the nature of data in the file/process) -change context -import context from file 57 to 97 -restore SELinux contexts -set boolean value(on/off) for services.each service have one/more

chcon -u root fn chcon --reference=file57 file97 restorecon -R /var/www/html setsebool -P virt_use_samba on booleans NFS yum install nfs* service rpcbind restart chkconfig rpcbind on mkdir /nfs cp -rf /media/JAYAN/Redhat/ /nfs/ vim /etc/exports

/nfs 192.168.1.0/255.255.255.0(ro,sync,no_root_squash) exportfs -rv chkconfig nfs on iptables -F service iptables save service nfs restart showmount -e 192.168.1.226 mount 192.168.1.226:/nfs /mnt vi /etc/fstab 192.168.1.226:/nfs OR mkdir /nfs chmod a+w /nfs yum -y install nfs-utils rpcbind chkconfig nfs on chkconfig rpcbind on chkconfig nfslock on vi /etc/sysconfig/nfs RQUOTAD_PORT=875 LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 MOUNTD_PORT=892 STATD_PORT=662 STATD_OUTGOING_PORT=2020 iptables -I INPUT -m multiport -p tcp --dport 111,662,875,892,2049,32803 -j ACCEPT iptables -I INPUT -m multiport -p udp --dport 111,662,875,892,2049,32769 -j ACCEPT service iptables save vi /etc/exports

/mnt

nfs

soft,nfsvers=2 0 0

/nfs 192.168.10.0/255.255.255.0(rw,sync,no_root_squash) setsebool -P nfs_export_all_rw 1 service rpcbind start service nfs start service nfslock start exportfs -a vi /etc/hosts.allow mountd: 192.168.10.0/255.255.255.0 vi /etc/hosts.deny portmap:ALL lockd:ALL mountd:ALL rquotad:ALL statd:ALL nfsstat

FTP default port:20&21 (udp&tcp) # cat /etc/yum.repos.d/test.repo [Nascent] name=test baseurl=ftp://192.168.1.251/repo gpgcheck=0 enabled=1 yum list all vsftp* cp /media/JAYAN/RHCE.txt /var/ftp/ ls /var/ftp/ /etc/logrotate.d/vsftpd /etc/pam.d/vsftpd rpm -qlc vsftpd vim /etc/vsftpd/vsftpd.conf service vsftpd restart chkconfig vsftpd on iptables -F sestatus chkconfig --list /etc/vsftpd/ftpusers /etc/vsftpd/user_list /etc/vsftpd/vsftpd.conf mkdir uploads chmod 755 uploads/ setenforce 0 getsebool -a | grep ftp* [root@nas-test Desktop]# getsebool -a | grep ftp* allow_ftpd_anon_write --> on allow_ftpd_full_access --> on allow_ftpd_use_cifs --> on

allow_ftpd_use_nfs --> on ftp_home_dir --> on ftpd_connect_db --> on httpd_enable_ftp_server --> on ncftool_read_user_content --> off sftpd_anon_write --> off sftpd_enable_homedirs --> off sftpd_full_access --> off sftpd_write_ssh_home --> off tftp_anon_write --> on setsebool -P allow_ftpd_anon_write on setsebool -P ftp_home_dir on SAMBA yum install samba* mkdir /mnt/samba cp -r /media/JAYAN/Redhat/ /mnt/samba/ ls /mnt/samba cp -r /media/JAYAN/Rapunzel/* /mnt/samba/ ls /mnt/samba ls -Zd /mnt/samba/ chcon -Rt samba_share_t /mnt/samba/ ls -Zd /mnt/samba/ vim /etc/samba/smb.conf # A publicly accessible directory, but read only, except for people in # the "staff" group [nascent] comment = Public Stuff path = /mnt/samba public = yes writable = yes printable = no write list = nas anandu useradd anandu passwd anandu smbpasswd -a anandu smbpasswd anandu smbpasswd -a nas On client system smbclient //192.1668.1.225/nascent -U anandu vim /etc/fstab //192.1668.1.225/nascent findsmb smbtree smbclient APACHE yum install httpd* vim /etc/httpd/conf/httpd.conf /mnt cifs username=anandu 00

-list info about machines that respond to SMB name queries on -A text based smb network browser -ftp-like client to access SMB/CIFS resources on servers

ServerAdmin root@localhost ServerName www.example.com:80 DirectoryIndex index.html index.html.var service httpd start chkconfig httpd on vim /etc/httpd/conf/httpd.conf NameVirtualHost *:80 <VirtualHost nascent.com:80> ServerAdmin root@nascent.com DocumentRoot /var/www/html ServerName nascent.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </VirtualHost> vim /etc/hosts 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 192.168.1.226 nascent.com service httpd restart vim /var/www/html/.htaccess AuthName "redhat" AuthType Basic AuthUserFile /etc/httpd/conf/.htpasswd-rhce require user redhat htpasswd -mc /etc/httpd/conf/.htpasswd-rhce redhat vim /etc/httpd/conf/httpd.conf <Directory /> Options FollowSymLinks AllowOverride Authconfig </Directory> AllowOverride Authconfig service httpd restart vim /var/www/html/.htaccess service httpd restart iptables -F service iptables save service httpd restart IPTABLES iptables iptables-restore iptables-save iptables -L netstat -rn netstat -nlt netstat -nltd netstat -nld iptables -t nat iptables -t nat -L

iptables -t nat -L PREROUTING iptables -t filter -L INPUT ifconfig nslookup 192.168.1.200 netstat -g netstat -n netstat -t netstat -nt netstat -tl netstat -tlp netstat -tlpd netstat -a -all netstat -an -all but name resolution is not shown netstat -ntl -name,tcp,listen netstat -ntlp -port :::514 -ipv6 0.0.0:514 -ipv4 netstat -i -interface netstat -u -udp netstat -rn -routing table(same as route) arp -a -BSD style arp -e -linux style iptables -t nat -L iptables -t filter -L vim /etc/sysconfig/iptables ls -Z /etc/sysconfig/iptables iptables -I INPUT -s 192.168.1.226 -j REJECTiptables -I INPUT -s 192.168.1.226 -j ACCEPT iptables -I INPUT -s 192.168.1.226 -j DROP iptables -I INPUT -s 192.168.1.226 -p tcp -dport 22 -j DROP -ssh denied iptables -I INPUT -s 192.168.1.226 -p tcp -dport 3306 -j DROP -mysql denied iptables -R INPUT 2 -p tcp --dport 336 -j DENY iptables -L -v -verbose list SSH ssh 192.168.0.104 ssh -X 192.168.0.104 Config files: /etc/ssh/sshd_config /etc/ssh/ssh_config [root@server5 Desktop]# cat ~/.ssh/authorized_keys2 ssh-dss AAAAB3NzaC1kc3MAAACBALIjBpLgzBZ+3F/676BG3L+Luxd9y7oL6VNXQ2My+X3Plh6A0KoWoTGhd6d nw7F+YTzskEdKtyt5gxiUtq4pajAUO7z90G0QzTALKjTAotFXDe8mRTn4mlJdF+XhO5tSGm48cQPiJ5pnecT3P rH42aQqK/T81TT+3tWc/l8Iql+7AAAAFQCtgBO8570M7d1XbsEbXySW+aaBiQAAAIEAlA4lHd9QnXZCVrX YuCV94UrI29YEgesrzz1cK4reY35q0u+xXktv4fKyaeX1AYbwONuwEXmUZyl6dFEVU6d4gZQUCdgxthvlhXG uKe98ii2mzOTUwdFHEapL4upRb3m75CWbkyiEo6WxEemPJlSP+XROnqC8bDU5AcBUl1YojO8AAACAU4m PpvYYNr9t3O7woozYusQ6fS1quIC1UxMXkDHSDZOYVw/eRbPwasvWOEDsx24Ds3XXEE9xBeshmzARfX/d s6WIespoiihE0f62m1/ievKVPmBoF0/1b560TIUOPN7KHQv8G2XJW4W/U8B/nPLh8YIl6/Iii5kTCWh359xS84I = root@localhost.localdomain [root@server5 Desktop]# cat ~/.ssh/known_hosts 192.168.0.104 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAu3gDgzixvAPACgHv1pWLnCWgyDj1ryvt8jwZMpq2HMbTNvFGvjj fjRAgK5NeelDnBU/2qHb8/Q+WGvmwJZwOQAPKOQM5DE2Wd8Bhtoh9HIzhZeU1DkaDChNnzI4RjA0JnAc6

XRIWC4ma+Mq9mu7FQpFv3/kbsWMRj1KU6pEv2BZC0BfhB42hnR6wtgCOZeIWtx9sgEE9WcX4GJYaMLGf ORQe02ZYF3XA82iYfRbDaB4bQNsNEvpQ+gtMBIDZhN6beuqs8K43DwN+b/fpg5JjBeSSGXIipHiSgxWmHH nHPyylB5kIflrZ2oaDxQWrnURw/ZIdefj7k0H85ewlenFEVQ== cat ~/.ssh/known_hosts system-config-network service network restart ifup br0 ifconfig br0 192.168.0.5 up ssh 192.168.0.5 -p 2222 -port 2222 vim /etc/ssh/sshd_config PermitRootLogin no PasswordAuthentication no PermitRootLogin without-password Banner /etc/issue.net vim known_hosts ssh-keygen ls cat id_rsa cat id_rsa.pub file id_rsa ssh-copy-id root@192.168.0.4 ssh root@192.168.0.4 RSYNC rsync a fast, versatile, remote (and local) file-copying tool rsync /var/a.txt 192.168.0.5:/mnt rsync /z.txt alice@server3.example.com:/home/alice

PING-Packet Internet Gropper PHYSICAL STORAGE tune2fs -l /dev/vda1 tune2fs -j /dev/vda1 tune2fs -L label_name /dev/vda1 e2label /dev/vda1 e2label /dev/vda1 nascent tune2fs -o user_xattr acl /dev/vda1 -list file s/m properties -create journal -create labelname for partition -show partition label -rename label

wget http://instructor/pub/gls/errata.repo -O /etc/yum.repos.d/errata.repo yum update kernel lab-setup-bootbreak-4 lab-grade-bootbreak-4 AUTOFS yum install autofs config files /etc/auto.master /etc/auto.misc /etc/auto.net /etc/auto.smb /etc/autofs_ldap_auth.conf

/etc/sysconfig/autofs vim /etc/auto.server oshu -ro instructor.example.com:/var/nfs/oshu vim /etc/auto.master /special /etc/auto.server service autofs reload chkconfig autofs --list cd /special/oshu CHAGE chage -m 0 -M 90 -W 7 -I 14 student chage -l student chage -d 0 student LDAP system-config-authentication ldap://instructor.example.com Use TLS to encrypt connections http://instructor.example.com/pub/EXAMPLE-CA-CERT Authentication method-LDAP password vim /etc/auto.master /home/guests /etc/auto.guests vim /etc/auto.guests ldapuser1 -rw * -rw service autofs reload -(m-min days,M-max days,W-waning days,I-inactive days) -list current settings -will force a password chaange on next login

instructor:/home/guests/ldapuser1 instructor:/home/guests/$

LUKS(Linux Unified Key System) mkdir /data mount /dev/vda5 /data/ mkswap /dev/vda6 mount -a cryptsetup luksFormat /dev/vda7 cryptsetup luksOpen /dev/vda7 secret mkfs -t ext4 /dev/mapper/secret mkdir /secret mount /dev/mapper/secret /secret/ mount -a swapon /dev/vda6 lab-grade-storage GRUB, the GRand Unified Boot loader LOG cat rsyslog.conf vim rsyslog.conf *.debug /var/log/debug.log service rsyslog restart

logger -p debug Testing debug tail /var/log/debug.log cat /var/log/debug.log Logger command-to send a message to rsyslogd with debug priority and verify the message was logged to the new log file. Enable BOOT password vim /boot/grub/grub.conf password --md5 >encrypted password> /etc/inittab /etc/init /etc/init/rcS.conf

TROUBLESHOOTING mount -o remount,rw / vim /etc/fstab SUDOERS visudo or vim /etc/sudoers User_Alias NAS = x1 NAS ALL=/sbin/fdisk NAS ALL= NOPASSWD:/sbin/fdisk (without password) LDAP authconfig GNUPG gpg --gen-key gpg --list-keys gpg --export -a 8D365A22 > test.key gpg import

ADVANCED NETWORKING nmap -sU -p 5353 serverX.example.com nmap -sU serverX.example.com nmap sU nmap sT nmap sP netstat -a netstat -l netstat -n netstat -ntl netstat -ntlp :::514 0.0.0:514 netstat -i netstat -u netstat -rn tcpdump -i eth0 -scan port 5353 -scan all open ports -udp scan -tcp scan -port scan -all -listening(active) -display number not name resolution -name,tcp,listen -port -ipv6 -ipv4 -interface -udp -routing table(same as route) -monitor packets

tcpdump -nn -l -s 2000 -w packets -i eth0 for interface' ip addr add 10.10.0.1/24 dev eth0 label eth0:0

-'nn for everything' 'l for line buffering' 'w for file to be written' 'i

-set virtual ip

port -a logical place where both services access the system(enter or exit) Nagios -3rd party network monitoring tool. NTOPINTERFACE BONDING Interface Bonding -connecting multiple interfaces into a single virtual interface Modes 0 -balancing or round robin Mode 1 -active backup Mode 3 -broadcasting *********** Interface Bonding ************* Interface Bonding-connecting multiple interfaces into a single virtual interface Modes 0 -balancing or round robin, Mode 1 -active backup, Mode 3 -broadcasting # vim /etc/sysconfig/network-scripts/ifcfg-bond0 DEVICE=bond0 IPADDR=192.168.6.70 NETMASK=255.255.255.0 GATEWAY=192.168.6.3 ONBOOT=yes BOOTPROTO=none USERCTL=no # vim /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 USERCTL=no BOOTPROTO=none MASTER=bond0 SLAVE=yes ONBOOT=yes # vim /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 USERCTL=no BOOTPROTO=none MASTER=bond0 SLAVE=yes ONBOOT=yes # vim /etc/modprobe.conf alias bond0 bonding options bond0 mode=balance-alb miimon=100 # service network restart # init 6

vim /etc/sysconfig/network-scripts/route-eth0 ADDRESS0=n/w NETMASK0=28 GATEWAY0=route ip vim /etc/sysctl.conf net.ipv4.ip_forward = 1 sysctl -p

sysctl -w net.ipv4.icmp_echo_ignore_all=1 IPTABLES NOTES Functions: i)Filtering ii)NAT iii)

-set ping no response

iptables has 5 chains i)prerouting chain ii)forwarding iii)input iv)output v)postrouting Rule -Criteria determining which packets to match and a target or action determining what to do with those packets Chain -(where rules reside)a list of rules which will be checked in order,first match takes effect Policy -the default action,ACCEPT or DROP taken if no rule matches in a built-in chain Table -a set of chains used for a particular purpose filter or block traffic PREROUTING-this filtering point deals with packets first upon arrival POSTROUTING-this filtering point handles packets immediately prior to leaving the system. FORWARD -this filtering point handles packets being routed through the local system INPUT -this filtering point handles packets destined for local system after the routing decision OUTPUT -this filtering point handles packets after they have left their sending process and prior to postrouting MASQUERADE-it targets process the source ip address to be changed to match the ip of the interface which leaves the firewall on

iptables

-I INPUT chain

-s 192.168.0.7 -j DROP rule policy

iptables -L INPUT -list input chain -I -insert -A -append -R -replace -P -default policy -D -delete -s -source -d -destination -t -table -j -jump -p -protocol -m -match -i -input interface -o -output interface

iptables -t filter -L

iptables -I INPUT -m state --state NEW -j ACCEPT -accept a new network if it is enabled someday iptables -I INPUT -m state --state ESTABLISHED -j ACCEPT iptables -I INPUT -m state --state RELATED -j ACCEPT iptables -I INPUT -m state --state RELATED -j LOG iptables -A INPUT -s 0/0 -d 192.168.0.7 -i eth0 -p udp --sport 1024:65535 --dport 80 -j ACCEPT iptables -I FORWARD -s 0/0 -d 192.168.0.107 -i eth0 -o eth1 -p udp --sport 1024:64535 --dport 80 -j ACCEPT iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.107 -it is to set a rule to redirect a traffic arriving at serverX.example.com on port 80 to the same port on 192.168.0.254 iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.0.1 iptables -t nat -A PREROUTING -i eth0 -m tcp -p tcp --dport 80 -j DNAT iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source <public IP> iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source 61.17.18.20 -command to share internet on a LAN(****imp****) SNAT is done in POSTROUTING DNAT is done in PREROUTING and OUTPUT MASQUERADE is another case of SNAT and is done in POSTROUTING SSH PORT FORWARDING

ssh -L 2025:mailhost:25 sshhost -

AVAHI Avahi performs zeroconf service discovery on a network on a client machine Zeroconf-permits machines on the same subnet to communicate and discover each other's services without static networking,dhcp or other explicit configuration. ISCSI iscsiadm -m discovery -t st -p 192.168.0.254 ('m' for mode 't' for type 'st' for send target 'p' for portal) iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server6 -p 192.1638.0.254 -l service iscsi status fdisk -cu /dev/sda mkfs.ext4 /dev/sda1 mkdir /iscsi vim /etc/fstab /dev/sda1 /iscsi etx4 _netdev 0 0 mount -a iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server6 -p 192.168.0.254 -u iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server6 -p 192.168.0.254 -o delete HTTPS yum install crypto* yum install -y httpd* yum install -y mod_ssl* genkey --days 365 server6.example.com vim /etc/httpd/conf.d/ssl.conf SSLCertificateFile /etc/pki/tls/certs/server6.example.com.crt SSLCertificateKeyFile /etc/pki/tls/private/server6.example.com.key links https://server6.example.com

APACHE VIRTUAL HOSTS semanage -a -t httpd_sys_content_t '/www4/html(/.*)?' restorecon -vFR /www4/html vim /etc/httpd/conf/httpd.conf NameVirtualHost 192.168.0.104:80 <VirtualHost server4.example.com:80> ServerAdmin root@server4.example.com DocumentRoot /var/www/html ServerName server4.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common ServerAlias server4 </VirtualHost> <VirtualHost www4.example.com:80> ServerAdmin root@www4.example.com DocumentRoot /www4/html ServerName www4.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common ServerAlias www4 </VirtualHost> mkdir -p /www4/html chcon --reference=/var/www/html/ /www4/ service httpd restart CGI(Common Gateway Interface) wget ftp://instructor.example.com/pub/gls/special.cgi chmod 755 /var/www/cgi-bin/special.cgi chown root:root /var/www/cgi-bin/special.cgi <VirtualHost www6.example.com:80> ServerAdmin root@www6.example.com DocumentRoot /www6/html ServerName www6.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common ServerAlias www6 ScriptAlias /cgi-bin/ "/www6/html/cgi-bin/" </VirtualHost> curl http://www6.example.com/cgi-bin/special.cgi service httpd restart Authentication htpasswd -mc /etc/httpd/.htpasswd bob htpasswd -m /etc/httpd/.htpasswd alice vim /etc/httpd/conf/httpd.conf <VirtualHost server6.example.com:80> ServerAdmin root@server6.example.com

DocumentRoot /var/www/html ServerName server6.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common ServerAlias server6 </VirtualHost> <VirtualHost www6.example.com:80> ServerAdmin root@www6.example.com DocumentRoot /www6/html ServerName www6.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common ServerAlias www6 </VirtualHost> <Directory /www6/html/private> AuthName "Secret" AuthType basic AuthUserFile /etc/httpd/.htpasswd Require valid-user </Directory> service httpd configtest service httpd restart chkconfig httpd on LDAPAuthentication wget ftp://instructor/pub/example-ca.crt vim /etc/httpd/conf/httpd.conf LDAPTrustedGlobalCert CA_BASE64 /etc/httpd/example-ca.crt <Directory /www6/html/private> AuthName "Secret" AuthType basic AuthBasicProvider ldap AuthLDAPUrl "ldap://instructor.example.com/dc=example,dc=com" TLS Require valid-user </Directory> httpd -t service httpd restart

NTP service ntpd start vim /etc/ntp.conf restrict 192.168.0.0 mask 255.255.255.0 server 192.168.0.254 peer 192.168.0.1 peer 192.168.0.101 peer 192.168.0.201 service ntpd restart ntpq -p

remote refid st t when poll reach delay offset jitter ============================================================================== instructor.exam LOCAL(0) 11 u 61 64 3 0.180 0.956 0.725 RTC-real time clock kod-kiss of death UTC-cordinated universal time SMTP Port-25 MUA-Mail User Agent MTA-Mail Transfer Agent MDA-Mail Delivery Agent POP3-Post Office Protocol(port-110) IMAP-Internet Message Access Protocol(port-143) yum -y install postfix yum -y install mutt vim /etc/postfix/main.cf inet_interfaces = all service postfix restart mutt elvis@server6.example.com mailq postfix flush sendmail -q [root@desktop6 ~]# host -al domain6.example.com less -F /var/log/messages vim /etc/postfix/main.cf myorigin =domain6.example.com local_transport="error:local delivery disabled" relayhost =domain6.example.com service postfix restart chkconfig postfix ondate | mail -s test student tail /var/log/maillog [root@server6 ~] vim /etc/postfix/main.cf inet_interfaces = all myorigin = domain6.example.com relayhost =[smtp.domain6.example.com] mydestination =domain6.example.com service postfix restart chkconfig postfix on [root@host6 ~] vim /etc/postfix/main.cf inet_interfaces = all

myorigin = domain6.example.com local_transport="error:local delivery disabled" mynetworks="127.0.0.0/8 192.168.0.0/24" service postfix restart chkconfig postfix on DNS yum -y install bind vim /etc/named.conf listen-on port 53 { any;}; forwarders { 192.168.0.254; }; allow-query { 192.168.0.0/24; }; dnssec-validation no; service named restart NFS yum install nfs* mkdir -p /share/current /share/archives vim /etc/exports /share/current 192.168.0.0/24(rw,sync) /share/archives 192.168.0.0/24(ro,sync) exportfs -rv service nfs start chkconfig nfs on chmod 777 /share/current/ service nfs restart #On client showmount -e 192.168.0.4 mkdir -p /sales/current /sales/archives vim /etc/fstab desktop4.example.com:/share/current /sales/current nfs soft,nfsvers=4 0 0 desktop4.example.com:/share/archives /sales/archives nfs soft,nfsvers=4 0 0 mount -a mount SAMBA yum install samba* vim /etc/samba/smb.conf workgroup = BUTLER [school] comment = Public Stuff path = /shared/school printable = no write list = @greenred writable = no guest ok = no

groupadd greenred useradd -s /sbin/nologin -aG greenred alan mkdir -p /shared/school chgrp greenred /shared/school/ chmod 2777 /shared/school/ smbpasswd -a alan useradd -s /sbin/nologin bob smbpasswd -a bob service smb restart chkconfig smb on semanage fcontext -a -t public_content_t '/shared(/.*)?' semanage fcontext -a -t samba_share_t '/shared/school(/.*)?' restorecon -vvRf /shared/ restorecon -vvRf /shared/school/ iptables -A INPUT -p udp --dport 137:138 ACCEPT iptables -A INPUT -p udp --dport 137:138 -j ACCEPT iptables -A INPUT -p udp --dport 139 -j ACCEPT iptables -A INPUT -p udp --dport 445 -j ACCEPT service iptables save service iptables restart FTP yum install vsftpd* mkdir /var/ftp/dropbox chmod 733 /var/ftp/dropbox/ chgrp ftp /var/ftp/dropbox/ vim /etc/vsftpd/vsftpd.conf anon_upload_enable=YES local_umask=077 chown_uploads=YES iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -A INPUT -p udp --dport 20 -j ACCEPT service iptables save service iptables restart service vsftpd restart setsebool -P allow_ftpd_anon_write on semanage fcontext -a -t public_content_rw_t '/var/ftp/dropbox(/.*)?' restorecon -vFR /var/ftp/dropbox/ service vsftpd restart chkconfig vsftpd on

TROUBLESHOOTING device (hd0) /dev/vda root (hd0,0) setup (hd0) quit chroot /mnt/sysimage Tips and Tricks 1.always use "chkconfig service on" after changing its settings 2.update /etc/fstab file for automatic mounting of file systems 3.reboot system after altering partition table using fdisk/parted

4.check ntsysv for automatic startups of various services 5.use iptables -F if needed 6.always execute resize2fs after lvextend 7.always execute resize2fs before lvreduce 8.update /etc/crypttab file for automatic mounting of LUKS encrypted file systems 9.use service autofs reload not "restart" 10.keep a backup of fstab and inittab during exam. fdisk -cu /dev/sda partx -a /dev/sda5 partx -d /dev/sda5 -sectors -add new partition -

init 6 cat /proc/partitions fdisk -ul cryptsetup luksFormat /dev/vda6 cryptsetup luksFormat /dev/vda7 cryptsetup luksOPen /dev/vda7 test cryptsetup luksOpen /dev/vda7 test mkfs -t ext4 /dev/mapper/test mkdir /test mount /dev/mapper/test /test/ ls /test/ du -h /test/ umount /test/ cryptsetup Close test cryptsetup luksClose test vim /etc/crypttab vim /etc/fstab cat /etc/crypttab cat /etc/fstab init 6 mount vim /etc/crypttab echo testing123 > /root/encrypted chown /root/encrypted root chown root /root/encrypted chmod 600 /root/encrypted ls /root/encrypted ll /root/encrypted cryptsetup luksAddKey /dev/vda7 /root/encrypted init 6 cp fn ~/Desktop && chown user ~/Desktop/fn ping -c 2 8.8.8.8 ping -c 2 8.8.8.8 -s 32(32 bytes+8 bye icmp overhead) ping -c 2 -i 3 8.8.8.8 -interval of 3 ping -I 192.168.1.120 192.168.1.225 telnet 192.168.1.225 netstat -a -all netstat -an -all but name resolution is not shown netstat -ntl -name,tcp,listen netstat -ntlp -port :::514 -ipv6 0.0.0:514 -ipv4 netstat -i -interface netstat -u -udp netstat -rn -routing table(same as route) arp -a -BSD style arp -e -linux style