Академический Документы
Профессиональный Документы
Культура Документы
RHCE
Red Hat Certified Engineer
M. A. Agheli
1
1957: Bell Labs found they needed an operating system which at the time was running various batch jobs. 1965: Bell Labs create Multics (Multiplexed Information and Computing Service) 1969: Summer 1969 UNIX was developed by AT&T 1975: Sixth edition of UNIX released May 1975 1985: GNU project started 1991: Linux is introduced by Linus Benedict Torvalds who was a second year student of Computer Science at the University of Helsinki 1993: NetBSD & FreeBSD released 1994: Red Hat Linux is introduced
2
From: torvalds@klaava.Helsinki.FI (Linus Benedict Torvalds) Newsgroups: comp.os.minix Subject: What would you like to see most in minix? Summary: small poll for my new operating system Message-ID: <1991Aug25.205708.9541@klaava.Helsinki.FI> Date: 25 Aug 91 20:57:08 GMT Organization: University of Helsinki Hello everybody out there using minix I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I'd like any feedback on things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) among other things). I've currently ported bash(1.08) and gcc(1.40),and things seem to work.This implies that I'll get something practical within a few months, andI'd like to know what features most people would want.a Any suggestions are welcome, but I won't promise I'll implement them :-) Linus (torvalds@kruuna.helsinki.fi) PS. Yes - it's free of any minix code, and it has a multi-threaded fs. It is NOT protable (uses 386 task switching etc), and it probably never will support anything other than AT-harddisks, as that's all I have :-(.
3
GPL:
Global Public license(Copyleft)
4
Mandrake Linux Slackware Linux SuSE Linux Turbo Linux Vector Linux
Low purchase cost Open Source Software (OSS) UNIX heritage Multi User Scalability Vendor support Reliable uptime Security Logging System
Steep
Win 9x
Poor Excellent None Excellent Good Good Poor
Win NT
Good Good Good Good Poor Good Good
Linux
Good Good Good Good Excellent Excellent Good
8
/etc
/home /lib /mnt /proc
Configuration Files
User Home Directories Shared Libraries and Kernel Modules Mount Point for Temporarily Mounted FS System Information Virtual File System
/root
/sbin /tmp /usr /var
Session 2
RHCE
Red Hat Certified Engineer
M. A. Agheli
10
Installing Linux
2. 3. 4. 5.
Partitioning Boot Loader Installation Network Configuration Setting the time zone
12
8.
9. 10. 11.
Firewall Configuration Specifying authentication options (optional) Specifying user accounts Selecting packages Installing packages Creating a boot disk Configuration the X Windows system (optional)
13
Installing Linux:
Console 1 2 3 4 5 7
Text-based installation procedure Shell prompt Messages from installation program Kernel messages Other messages, including file system creation messages Graphical installation procedure
14
mouseconfig
timeconfig sndconfig netconfig
ntsysv
setup redhat-config-
15
Session 3
RHCE
Red Hat Certified Engineer
M. A. Agheli
16
SHELL
sach mc
PS1 PS2
echo cat
man tac
help cp
info mv
ls rm
cd
clear exit
touch
alias reboot
pwd
less halt
mkdir
date
rmdir
logout
18
Session 4
RHCE
Red Hat Certified Engineer
M. A. Agheli
19
BASH
`value`
| 0 1 2
20
Redirection Operators:
> stdin stdout stderr >> << <
21
$*
$n $0
tee
Create,
Session 5
RHCE
Red Hat Certified Engineer
M. A. Agheli
25
File Permissions
Hard & Symbolic Links (ln) Find System Files (find, locate, which) Using Emergency & Single User Mode
27
Mode
Mode
Insert Text
Normal
Command
Mode
Session 6
RHCE
Red Hat Certified Engineer
M. A. Agheli
29
Run Levels
Run Levels 0 1 Definition This runlevel halts the system This runlevel sets single-user mode
2
3 4 5 6
/etc/inittab
/etc/rc.d/init.d & /etc/rc[0123456].d/
30
GRUB
Edit
31
Administrative Tasks
Manage Users, Groups & Related Files
useradd, userdel, groupadd, groupdel, passwd, vipw, vigr /etc/passwd, /etc/shadow, /etc/skel, /etc/profile,
Scheduling Jobs (at & crontab commands) Backup & Restore Tools
tar, bzip2, gzip
32
Session 7
RHCE
Red Hat Certified Engineer
M. A. Agheli
33
Make and Install Programs from Source RPM (Redhat Package Manager)
34
Kernel
About
Kernel and Loadable Modules Manage Kernel Modules at Runtime (/etc/modules.conf) Reconfigure, Build and Install a Custom Kernel
35
Session 8
RHCE
Red Hat Certified Engineer
M. A. Agheli
37
Shell Scripts
#
Control
read
Constructs
Shell Scripts
command test command ( [ ] ) if ; then ; else ; fi case ...; in pattern) ;; esac while ; do ; done until ; do ; done
39
Session 9
RHCE
Red Hat Certified Engineer
M. A. Agheli
40
Basic X Concepts
Basic X Concepts
X Display Manager
43
Installing X
1.
2.
44
X Server Selection
XFree86-*
Configuring X
redhat-config-xfree86 xvidtune
46
47
redhat-config-network-tui Command in Text Mode Modem Configuration Files kppp Command in X window
48
Session 10
RHCE
Red Hat Certified Engineer
M. A. Agheli
49
Network Basics
IP (network & host portion)
192.168.168.1 :
11000000.10101000.10101000.00000001
Dynamic IP
Static IP
Netmask Address
11111111.11111111.11111111.00000000
255.255.255.0 :
Network Address
11000000.10101000.10101000.00000000
192.168.168.0 :
Broadcast Address
50
192.168.168.255 : 11000000.10101000.10101000.11111111
Network Classes
Class A 1.0.0.0-126.0.0.0 Class B 128.0.0.0-191.0.0.0 Class C 192.0.0.0-223.0.0.0
Reserved IP
127.0.0.0-127.255.255.255 224.0.0.0-239.255.255.255 240.0.0.0-255.255.255.255
51
Internet Protocols
54
Transport Protocols
Connection-based
Connectionless
Application Protocols
Stand-alone
xinetd
56
Start the daemon Stop the daemon Restart the daemon Status the daemon
57
Session 11
RHCE
Red Hat Certified Engineer
M. A. Agheli
58
Configuration Network
netconfig redhat-config-network
59
Configuration Network
Configuration Network
IP Aliasing
Session 12
RHCE
Red Hat Certified Engineer
M. A. Agheli
62
DHCP
63
An Example of dhcpd.conf
ddns-update-style ad-hoc; subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.1 192.168.0.25; option routers 192.168.0.1; option subnet-mask 255.255.255.0; option domain-name "domain.com"; option domain-name-servers 192.168.1.1; default-lease-time 21600; max-lease-time 43200; # we want the nameserver to appear at a fixed address host dns1 { hardware ethernet 12:34:56:78:AB:CD; fixed-address 192.168.0.20; } }
64
dhcpd.leases Format
lease 192.168.1.8 { starts 3 2004/04/12 09:34:12 ends 6 2004/07/15 23:49:57 hardware ethernet 00:09:e6:88:0a:05 } ...
65
NFS
Related Daemons
Installation
2004Agust
NFS Configuration
Server Side
Edit /etc/exports file PATH host_lists(options) Run exportfs r command redhat-config-nfs Command
mount t nfs server:PATH Mountpoint Edit /etc/fstab file server:PATH M.P. nfs ro 0
Client Side
0
67
SAMBA (1)
Related Services
smbd nmbd
samba samba-common samba-client
68
Related Packages
SAMBA (2)
Server Configuration
Client Configuration
Session 13
RHCE
Red Hat Certified Engineer
M. A. Agheli
70
TCP/IP Services
Client
Server
Process
Process
2. Client binds to port 3. Client connects to server
Port
4. Server designates port
Port
5. Client and server communicate
Port
71
Remote Login
Telnet
SSH
Modules
Installation Apache
74
Basic Configuration
httpd.conf
Section 1:
The Global Environment The Main Configuration The Virtual Host Configuration
75
Section 2:
Section 3:
Authentication in Apache Configure with PHP Configure with SSL Configure Virtual Host
76
Authentication in Apache
78
79
Apache Administration
Start Stop Restart Reload Status
80
81
Using lokkit or redhat-configsecuritylevel Command Password & Physical Security Securing TCP/IP Using Tripwire Keeping Up-to-Date on Linux Security Issues
82
Session 14
RHCE
Red Hat Certified Engineer
M. A. Agheli
83
FTP
Installation
rpm ivh vsftp*.rpm Config File /etc/vsftpd/vsftpd.conf
Access Levels
Install squid
Managing squid
start,
An Example of squid.conf
http_port 8081 cache_effective_user squid cache_effective_group squid acl all src 0.0.0.0/0.0.0.0 http_access allow all cache_dir ufs /cache 1024 16 32
visible_hostname ws1
87
Running Squid
squid d1 f /etc/squid/squid.conf
88
Upstream Proxy
cache_peer yourproxy.com parent 3128 3130 prefer_direct off
Transparent Proxy
httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on
89
Session 15
RHCE
Red Hat Certified Engineer
M. A. Agheli
90
Configuring Kernel
Enable IP Forwading
91
Type of Routes
92
93
Routing Command
mask_addr interface
interface
94
An Example
Internet
192.168.1.2
192.168.100.2
B
Router 10.1.1.2 192.168.1.3
eth2
eth0 eth1
192.168.100.3 G
192.168.1.4 D
192.168.100.4
H
192.168.1.5
192.168.100.5
95
Related Rules
route add net 192.168.1.0 netmask 255.255.255.0 eth0 route add net 192.168.100.0 netmask 255.255.255.0 eth1 route add net 10.1.1.0 netmask 255.255.255.0 eth2 route add default gateway 10.1.1.2 eth2
96
Destination
Gateway
Genmask
Result
Flags
Metric
Ref
Use
Iface
* * * * *
UH UH UH U U
0 0 0 0 0
0 0 0 0 0
0 0 0 0 0
* 10.1.1.2 *
U UG U
0 0 0
0 0 0
0 0 0
Eth2 eth2 lo
U: Network link is up
G: Gateway
97
Electronic Mail
(Sendmail)
98
?
user1@mail1.com
user2@mail2.com
99
Concepts
Advantage of Sendmail
Disadvantage of Sendmail
MTAs
MUAs
Required Packages
Sendmail Configuration
LOCAL_DOMAIN(example.com)dnl
104
Email Aliases
105
Rejecting Email
106
Session 16
RHCE
Red Hat Certified Engineer
M. A. Agheli
107
108
Where do I look?
/etc/nsswitch.conf
(nameservice switch)
t@localhost:~$ cat /etc/nsswitch.conf hosts: files dns
109
Files
Search order determined by nsswitch.conf It is polite to have /etc/hosts first!
sjh@mccoy:~$ cat /etc/hosts 127.0.0.1 localhost 193.62.81.135 mccoy.tardis.ed.ac.uk mccoy 193.62.81.134 baker.tardis.ed.ac.uk baker 193.62.81.132 packages.tardis.ed.ac.uk packages
110
DNS Traversal
1. 2. 3. 4.
Local files Dns server locally Item in cache? Root server, work your way down
111
Resolving Names
Configuration Files for the Local Host Name Resolution (important for testing) /etc/resolv.conf /etc/nsswitch.conf /etc/host.conf
112
DNS
BIND Berkley Internet Name Daemon Dents buggy as hell (still in alpha?) Djbdns Dan Bernsteins DNS server Banyan VINES dont go there!
113
/etc/named.conf:
this defines a directory to store the DNS config files Contains info about what zones we serve, and where to find config files! Config file for named tells us if we are master / slave, allow or deny zone transfers, what the IPs of other master / slave servers are, etc. Contains "pointers" to the Root Servers
<DNSROOT>/root.hints:
<DNSROOT>/127.0.0:
<DNSROOT>/<zone>:
<DNSROOT>/<in-addr.arpa file>
A simple named.conf
## named.custom - custom configuration for bind zone "." { type hint; file "root.lists"; }; options { directory "/var/named/"; }; zone "0.0.127.in-addr.arpa" { type master; file "127.0.0"; }; zone "hq.alim.ir" { type master; file "hq.alim.ir"; }; zone "168.168.192.in-addr.arpa" { type master; file "192.168.168"; };
115
DNS Data
DNS databases contain more than just hostname-to-address records: SOA Start Of Authority it is the daddy! IN NS Name Server IN MX Mail eXchanger IN A A record (Address record) IN CNAME Canonical NAME
116
IN
Servers PTR router.hq.alim.ir. PTR hq.alim.ir. PTR funn.hq.alim.ir. Workstations PTR ws-177200.hq.alim.ir. PTR ws-177201.hq.alim.ir. PTR ws-177202.hq.alim.ir.
118
Forward DNS
hq.alim.ir (as per /etc/named.conf) SOA Start Of Authority it is the daddy! IN NS Name Server IN MX Mail eXchanger IN A A record (Address record) IN CNAME Canonical NAME
119
Reverse DNS
120
121
Common Mistakes
Forgetting to increment the Serial Number! CNAME pointing at another CNAME! Forgetting the . In appropriate places! Underscores in hostnames! Forgetting to reload the daemon! Version control issues clobber changes! TTL Issues
122
Test Tools
nslookup dig
whois
http://www.squish.net/dnscheck/
Session 17
RHCE
Red Hat Certified Engineer
M. A. Agheli
124
Firewall
Required Properties:
Control
Allow only those packets that you are interested to pass through.
Security
Watchfulness
125
Firewall Types
Statefull
Stateless
126
1st generation
2nd generation
3rd generation
4th generation
Installing Iptables
Networking Options -> TCP/IP Networking ->Network Packet Filtering Networking Options -> TCP/IP Networking ->IP: advanced router -> * Networking Options -> IP: NetfilterNetworking Options -> IP: Netfilter Networking Options> QoS and/or fair queueing -> *
Chains of Tables
INPUT
Controls
OUTPUT
Controls
FORWARD
Controls
what packets can move from one network to another through your system
129
Routing Decision
Forward
130
1.
2.
When a packet comes in, the kernel first looks at the destination of the packet: this is called routing. If its destined for this box
Passes downwards in the diagram To INPUT chain
If it passes, any processes waiting for that packet will receive it.
Otherwise go to step 3
Continue
131
4. Packets generated from local process pass to the OUPUT chain immediately.
If its says accept, the packet will be sent out.
132
Tables of Iptables
135
Network
Destination NAT
Routing decision
Mangle INPUT Filter INPUT Local process Routing decision Mangle OUTPUT NAT OUTPUT Filter OUTPUT NAT POSTROUTING Chain Mangle POSTROUTING Mangle FORWARD
Filter FORWARD
Network
136
Tables of Chains
Chain POSTROUTI INPUT OUTPUT FORWARD PREROUTING NG table
MANGLE NAT FILTER
* *
* * *
* *
* * -
* * -
137
iptables s 200.200.200.1
Refers to packet from a specific IP address The -s refers to the source of the packet, where the packet is coming from. A corresponding -d refers to the destination, where the packet is going to.
138
139
Other Actions
REDIRECT
Sends
packets to a proxy
LOG
Tracks
RETURN
Terminates
140
This command does not allow your system to sent packets to 200.200.200.1
141
The -p specifies a specific protocol: tcp, udp, or icmp The -destination-port is where the packet is going
Keep in mind that the source-port is very different from the destination-port. In this example the inbound message is going to your telenet server. The telenet client that is sending you the message could be running on any port. --dport == --destination-port --sport == --source-port
142
Assume your machine has two interface cards. One to a LAN named eth0 and the other to the Internet named ppp0 iptables A INPUT p tcp --dport telnet i ppp0 j DROP
Together these rules would accept telnet requests from the LAN but block telnet requests from the Internet.
143
The -P option followed by a table name and action determines the default policy of the table. If no rule in the table matches this default action is taken.
144
Appends the rule to the end of the table Inserts the rule as rule 3 in the table, moving all other rules down 1. Replaces rule 3 in the table
iptables D INPUT 3
-L
-F -Z
An Example
Firewall
192.168.1.1
Web Server SSH Server
Accessible ONLY via LAN
eth1 eth0
Internet
192.168.1.5
GW: 192.168.1.1
192.168.1.6
GW: 192.168.1.1
192.168.1.7
GW: 192.168.1.1
148
Session 18
RHCE
Red Hat Certified Engineer
Advanced
M. A. Agheli
149
/etc/rc.d/init.d/cbq.init
(http://ovh.dl.sourceforge.net/sourceforge/cbqinit/cbq.init-v0.7.3)
151
The End
Good Luck
152