RED HAT SYSTEM ADMINISTRATOR I
Written by Arthur Berezin 054-2266463 [email protected] Red Hat System Administrator I
Written by Arthur Berezin 054-2266463 [email protected] Unit One GNOME DESKTOP
Gnome gedit
Written by Arthur Berezin 054-2266463 [email protected] GNOME
● GNOME is default graphical environment ● Lets you use your mouse and keyboard ● Includes integrated apps
● Nautilus File Manager ● Gedit Text Editor ● and many more...
Written by Arthur Berezin 054-2266463 [email protected] GNOME
● Panel ● Applet ● Work Space
Written by Arthur Berezin 054-2266463 [email protected] GNOME
Switch workspace with keyboard ctrl + alt + [ Left Arrow | Right Arrow]
or
● Switch Work Space
Written by Arthur Berezin 054-2266463 [email protected] GNOME
● Linux is knows for it's Command Line ● Why graphical Environment ?
● Some things are easier ● Useful to understand differences ● Support users as Sysadmin
● The command line is very important
Written by Arthur Berezin 054-2266463 [email protected] Password
● Regular User Requirements:
● Must have 6 chars ● Must not be based on dictionary word ● Must be complex (Chars, Caps, Nums)
● User root may set any password
● To himself ● Any other user
Written by Arthur Berezin 054-2266463 [email protected] Password
● Change Password Using GUI
● Or # passwd in Bash
Written by Arthur Berezin 054-2266463 [email protected] Text Configuration Files
● Linux basic design principle
● Easier for humans ● Simple editor can fix problems ● Most programs use text configuration files
Written by Arthur Berezin 054-2266463 [email protected] gedit
● Graphical tool for editing text files
● Command Line Editors:
● vi ● vim ● nano
Written by Arthur Berezin 054-2266463 [email protected] Unit Two MANAGE FILES
Nautilus Remote Storage
Written by Arthur Berezin 054-2266463 [email protected] Nautilus
● Gnome file manager
● Explore file-system ● View file properties ● Manipulate files – Copy, Delete, Move,Cut, Paste..
● Applications > System Tools > File Broser
Written by Arthur Berezin 054-2266463 [email protected] Nautilus
● Default view: Spatial mode
● Open folders in new windows ● May be changed to Browser Mode – System > Preferences > File Managment ● Behavior > Always Open In Browser Windows
Written by Arthur Berezin 054-2266463 [email protected]
Written by Arthur Berezin 054-2266463 [email protected] Nautilus
● Allows access to remote systems
● FTP ● Windows Shares ● SSH (remote login) ● NFS (Network File-system)
Written by Arthur Berezin 054-2266463 [email protected] Nautilus
● Nautilus tips:
● List View [ View > List | CTRL + 2 ] ● Hidden Files – Name begins with (.) period – View > Show Hidden Files ● Drag and Drop – Same Partition: Move – Different Partition: Copy
● Command Line: ls(List), mv(Move),cp(Copy), mkdir
Written by Arthur Berezin 054-2266463 [email protected] Nautilus
● Nfs shares withWritten autofs by Arthur Berezin in /net/host 054-2266463 [email protected] Unit Three GETTING HELP
Local Documentation On-Line Red Hat Documentation Getting most from Support
Written by Arthur Berezin 054-2266463 [email protected] Local Documentation
● Man pages
● Most commonly used ● Documenting commands and configuration files ● Decided into chapters ● GNU Info
● Hypertext books ● Gnome help system
● For desktop environment ● Hypertext books
Written by Arthur Berezin 054-2266463 [email protected] Gnome Help Browser
Written by Arthur Berezin 054-2266463 [email protected] GNU Info
● To access open GNOME help browser
● Go to > GNU Info Pages ● Search info:[node name] – For example info:GRUB
Written by Arthur Berezin 054-2266463 [email protected] Man pages
● On GNOME help Brewser
● Search man:man-page
● Same items on different pages can appear
● Specify chapter
● Man:passwd(5)
● Command Line: man, info
● More documentation in /usr/share/doc
Written by Arthur Berezin 054-2266463 [email protected] On-Line Red Hat Documentation
● Documentation
● Http://access.redhat.com/docs – Release notes – Installation Guide – Migration Planing Guide – Deployment Guide – ● Customer Portal
● Bunch of info ● Knowledge-base
Written by Arthur Berezin 054-2266463 [email protected] Getting most from Support
● Define the problem, how to reproduce? ● Do your homework
● Documentation ● k.bases ● Background info
● Software versions ● Diagnostics Info
● Sosreprot collects logs and conf. files
Written by Arthur Berezin 054-2266463 [email protected] Unit Four LOCAL SERVICES
The root User System Clock Print Queue Print Jobs
Written by Arthur Berezin 054-2266463 [email protected] Role of user: root
● User root is the superuser ● Has all power over the system ● Has power to override normal privileges ● install, remove, software, Manage configuration ● Most devices controlled by root
● Exeption: USB
Written by Arthur Berezin 054-2266463 [email protected] Role of user: root
● “With Great Power Comes Great Responsibility” Stan Lee
● Unlimited power to damage the system
● We will use normal user, and gain power when needed
● Command: su substitute user ● Command: sudo execute command as another user
Written by Arthur Berezin 054-2266463 [email protected] System Clock
● Network Time Protocol (NTP)
● Time synchronization Protocol ● Makes the seconds shorter if it rushes ● Reduces time differences between systems ● Recomended to have at least three NTP servers
Written by Arthur Berezin 054-2266463 [email protected] System Clock
Written by Arthur Berezin 054-2266463 [email protected] Printers
● Common Unix Priniting System (CUPS) ● Locally or network ● Supports IPP, LPD(Linux Printer Daemon) and Microsoft Shared Printers
Written by Arthur Berezin 054-2266463 [email protected] Printers
● Each printer has one or more queues ● Print job is sent to a queue ● System Administrator sets a printer ● System > Administration > Printing ● Web interface TCP port 631
● Http://localhost:631 ● Http://localhost:631/help ● Man: man system-config-printer(1)
Written by Arthur Berezin 054-2266463 [email protected] Unit Five BASH
Bash Syntax Using Bash Launching graphical commands as root
Written by Arthur Berezin 054-2266463 [email protected] Introduction to Bash
● Shell Command Line Interface ● Bash – Red Hat Default Shell ● Bash – “bourne again shell” ● Improved version of old unix bourne shell(sh) ● Looks like windows cmd.exe
Written by Arthur Berezin 054-2266463 [email protected] Using Command Line
● Application > system tools > Terminal ● right click on the desktop > Open Terminal ● Prompt line
● Current user ● Short hostname ● Directory ● $ for normal user ● # for superuser
Written by Arthur Berezin 054-2266463 [email protected] Using Command Line
● Command line usually have three basic parts
● Command ● Options – One dash for short (-a) or two for full option name (--all) ● Arguments
● # df -h /home
● --help for syntax
Written by Arthur Berezin 054-2266463 [email protected] Using Command Line
● Conventions
● [ ] is optional ● ... is N times ● | choose any of the options ● <> variable Data –
● Man is your friend, man bash
Written by Arthur Berezin 054-2266463 [email protected] Using Bash
● #passwd
● # id
● # su [ - ] username
● -c for single command (similar to Run As.) ● # exit
Written by Arthur Berezin 054-2266463 [email protected] Useful Features
● Tab Completion
● Allows quickly complete commands
● History
● !<>
Written by Arthur Berezin 054-2266463 [email protected] Launching Graphical Tools from bash
● Command &
● CTRL + c Cancel
● CTRL + z Background
● # jobs – running commands ● # fg - bring to front ground
Written by Arthur Berezin 054-2266463 [email protected] Unit Six MANAGE STORAGE I
PC Storage Model Determine Disk Usage Manage Virtual Guests Create a New File System
Written by Arthur Berezin 054-2266463 [email protected] Partitions
● Hard disks are split into partitions (IBM) ● Each partitions has a file system ● Each partitions can be used for a different purpose
● Example: home partition, system partition
Written by Arthur Berezin 054-2266463 [email protected] Master Boot Record
● RHEL(Red Hat Enterprise Linux) and Windows use Master Boor Record partitioning system ● This backs to IBM PC (early 80's)
Written by Arthur Berezin 054-2266463 [email protected] Master Boot Record
● MBR is the first Sector of the Hard Disk (512 bytes) – First 446 is part of the Boot Loader – Last 64 is the Partition Table
Written by Arthur Berezin 054-2266463 [email protected] Partition Table
● Has room for 4 primary partitions
● Contains info on each partition – first sector – Last sector – Code that indicates information type(fs, lvm..)
● If more needed one is used as extended partition
● Divided into logical partitions
Written by Arthur Berezin 054-2266463 [email protected]
Written by Arthur Berezin 054-2266463 [email protected] Disk Utility
● Graphical utility to easily manage disk partitions ● List available devices, Disk Partitions, Info ● Allows to re-partition the disk ● Application > System Tools > Disk Utility
Written by Arthur Berezin 054-2266463 [email protected] Disk Utility
● Allows to create new partitions
● Partitions must be formated
● Standard system uses EXT4 filesystem
● To use filesystem we need to mount it Mount -t
● Mount point – empty directory
● When mounted the filesystem can be view as content of the directory
● This is called “Mounting file-system on mount-point”
Written by Arthur Berezin 054-2266463 [email protected] /etc/fstab
● Text file lists all mounted partitions on boot ● Can be edited only by root ● Example line:
● /dev/sda6 /data/ ext4 defaults 1 2
Written by Arthur Berezin 054-2266463 [email protected] Unit Seven MANAGE LOGICAL VOLUMES
LVM Concept Display LVM Usage Deploy LVM Extending LVM Storage Extending File-system on LVM Remove a disk form LVM
Written by Arthur Berezin 054-2266463 [email protected] Logical Volume Management
● A flexible way to manage disk space ● Disk Partitions are pooled together, then divided into Logical Volumes ● This allows :
● creating file-system larger then physical disks ● Dividing the disk to unlimited amount ● Extend file-systems without re-formatting
Written by Arthur Berezin 054-2266463 [email protected] Logical Volume Management
● Physical Volume(PV) Physical partition marked with LVM type ● Volume Group(VG) Collection of one or more Pvs(Virtual Disk Drive) ● Logical Volume (LV) virtual partition within the VG, formatted with filesystem. ● Physical Extent chunk size from which LVM is built
Written by Arthur Berezin 054-2266463 [email protected] Extending a Volume Group
● VGs can be extended by adding additional PVs ● Additional VG can be on same disk or on another disks ● Or extending existing LVs
Written by Arthur Berezin 054-2266463 [email protected] Extending a Logical Volume
● Can be extended with free extents ● File-system must be extended after extending Logical Volume
Written by Arthur Berezin 054-2266463 [email protected] Removing Physical Volume
● Usually done to replace to newer/larger disks ● Data from PV can be migrated to another PV ● This can be done without disturbing LVM
Written by Arthur Berezin 054-2266463 [email protected] Unit Eight MONITOR SYSTEM RESOURCES
Process, Priorities and Signals System Monitor Process Management Disk Usage Analyzer
Written by Arthur Berezin 054-2266463 [email protected] Processes
● Process is running Program ● Kernel keeps track of all process ● Process has
● Address space memory ● Threads ● Security context ● PID ● Kernel tells this info in /proc/
Written by Arthur Berezin 054-2266463 [email protected] Processes
● Child Process - When a process starts another process ● Child prcoess inherits it's parant characteristics
● Environment ● User ● Group ● A child can also have a child ● When the parent dies, all it's children die
Written by Arthur Berezin 054-2266463 [email protected] Signals
● The Kernel communicates with process thought signals ● Signals report events or errors. ● Usually Signals result in exiting a process ● SIGTERM – terminates a process in a clean manner ● SIGKILL – Kills a process immidiately
Written by Arthur Berezin 054-2266463 [email protected] Process Scheduling
● Only one process can run each time on a core ● Every process has scheduling priority
● Ranking system among running processes ● Linux process scheduler divides cpu time into slices ● Higher priority runs first ● The formula is complex but we can effect the niceness value
Written by Arthur Berezin 054-2266463 [email protected] Niceness
● Range from -20 to +19 indicates bonus or penalty
● Most processes are 0 nice
● Users can only increase niceness
● Root can decrease niceness
● All ready processes with equal nicess will share CPU time equally Application > System Tooles > System Monitor
Written by Arthur Berezin 054-2266463 [email protected] Disk Usage
● Disk Usage Analyzer is used to analyze disk space usage ● A visual tool ● Shows info as browsable ring charts ● Application > System Tools > Disk Usage
Written by Arthur Berezin 054-2266463 [email protected] Unit Nine MANAGE SYSTEM SOFTWARE
Software Inventory Red Hat Network(RHN) Manage Packages
Written by Arthur Berezin 054-2266463 [email protected] RPM – Red Hat Package Manager
● Standard way to package software ● Provides all needed tools to install, remove update and manage software ● Ensures all needed libraries installed ● All software provided by Red Hat is RPM ● Most vendors provide software to Red Hat Enterprise Linux via RPM Packages
Written by Arthur Berezin 054-2266463 [email protected] RPM - Redhat Package Manager
● RPM is an Archive contains
● All Software files
● Configuration Files
● Information about the program
● Dependencies – other needed package names (shares libraries, supporting software etc')
● Install / Uninstall scripts
● A system is a collection of RPMs
● Packages are installed from a repository
● System > Administration > Add/Remove Software
Written by Arthur Berezin 054-2266463 [email protected] Red Hat Network(RHN)
● centrally managed service for deploying software and updates ● Remotely manage and monitor systems ● RHN Satellite is self managed product that can be installed on local server ● rhn_register is graphical/text registration tool
Written by Arthur Berezin 054-2266463 [email protected] Install, Remove, Update Packages
● System > Administration > Add/Remove Software ● Individual / package collections ● System > administration > Software Update
● Updates itself first
Written by Arthur Berezin 054-2266463 [email protected] Unit ten GET HELP IN TEXTUAL ENVIRONMENT
Man reader Searching for keywords pinfo reader Additional Documentation
Written by Arthur Berezin 054-2266463 [email protected] Read Man Documentation
● Man is a single book divided into chapters
● Each section contains particular type of info
1 User commands 2 Kernel system calls (entry points to the kernel from userspace) 3 Library functions 4 Special files and devices 5 File formats and conventions 6 Games 7 Conventions, standards and misc. pages 8 System administration commands 9 Linux kernel API (internal kernel calls)
Written by Arthur Berezin 054-2266463 [email protected] Read Man Documentation
● Two sections may have same name ● Section mentioned in man title
● Man (#) passwd > title would be passwd(#)
Written by Arthur Berezin 054-2266463 [email protected] Navigation Man Pages
● Space Scroll forward one screen
● DownArrow Scroll forward one line
● UpArrow Scroll back one line
● /string Search forward for string in the man page
● n Repeat previous search forward in the man page
● N Repeat previous search backward in the man page
● q Exit man and return to the prompt
● Searches use regular expressions - man 7 regex
● Man uses “less” for viewing text
Written by Arthur Berezin 054-2266463 [email protected] Man Pages by Keywords
● Search for man pages by keyword
● Man -k passwd ● For sysadmins usually relevant sections are ● 1 User Commands ● 5 File formats ● 8 Administration Commands
Written by Arthur Berezin 054-2266463 [email protected] Man Pages by Keywords
● Keyword search is done on a database generates with “# makewhatis” ● Makewhatis is run automaticlly once an hour ● Can be executed manually
Written by Arthur Berezin 054-2266463 [email protected] pinfo
● GNU Projects use the Info system ● Info pages are books with hyperlinks ● In some cases there's both man and info ● #pinfo has more in-depth documentations
● #man tar ● #pinfo tar
Written by Arthur Berezin 054-2266463 [email protected] /usr/share/doc
● Is everything else that doesn't appear in man/pinfo ● Has complete examples of configuration files ● Sometimes comes from a separate package
● Samba-doc ● kernel-doc
Written by Arthur Berezin 054-2266463 [email protected] Unit eleven NETWORK CONECTIVITY
Ipv4 Concepts Linux Network Configuration Confirming Network Functionality
Written by Arthur Berezin 054-2266463 [email protected] Essential Network Concepts
● IP(Internet Protocol) sends traffic between hosts across the internet ● IPv4 – 32bit network address ● IPv6 – 128 bit network address
Written by Arthur Berezin 054-2266463 [email protected] Essential Network Concepts
● Ipv4 normally expressed as
● 4 octets ranging in value from 0 to 255 XXX.XXX.XXX.XXX ● Address divided in two parts
● Network
● Host ● All hosts on same network can talk directly(without a router)
● No two host on same subnet can have same host part
Written by Arthur Berezin 054-2266463 [email protected]
Written by Arthur Berezin 054-2266463 [email protected] Essential Network Concepts
● Subnet is to know which part of the IP is the network and which is the host
● The more bit available for host part, the more hosts can be on the subnet
● Network Address is the first possible
● Example
● IP 192.168.201.1
● Netmask: 255.255.0.0
● Network 192.168.0.0
● Broadcast 192.168.255.255
Written by Arthur Berezin 054-2266463 [email protected] Essential Network Concepts
● Network mask(netmask) are expressed in 2 ways:
● 24 bits (255.255.255.0) ● CIDR(Class Inter-domain routing) notation (8/16/24)number of bits that are 1 ● Both have same meaning
● How many bits of the IP express the network
● 127.0.0.1 with 255.0.0.0 is localhost
Written by Arthur Berezin 054-2266463 [email protected] IPv6
● 128 bit number ● 8 colon separated groups ● Rage from 0000 to ffff ● Network is always first 64 bits(first 4 colons) ● Leading zeros can be suppressed – :00d3: is :d3: :0000: is :0: ● ::1 is localhost (127.0.0.1)
Written by Arthur Berezin 054-2266463 [email protected]
Written by Arthur Berezin 054-2266463 [email protected] Routing
● Network traffic moves from host to host ● From network to network ● Each host has routing table with all know networks ● If the network is not know, the host forwards the packet to default gateway
Written by Arthur Berezin 054-2266463 [email protected]
Written by Arthur Berezin 054-2266463 [email protected] DNS
● Computers love to work with numbers ● Human Being love to work with names ● Domain Name Server/Service/System is distributed network of servers ● It maps hostnames to IP addresses ● The host must point to a DNS server ● Doesn't have to be on same subnet, has to be reachable
Written by Arthur Berezin 054-2266463 [email protected] Networking Command Line
● # ifconfig / ip addr show
● # ethtool
● # ip route – show your routing table
● # host
● # nslookup – same as above
● # ping
● Conf file /etc/sysconfig/network-scripts/ifcfg-ethX
Written by Arthur Berezin 054-2266463 [email protected] Unit twelve USERS AND GROUPS
Creating Deleting Users Disabling User Accounts Creating Deleting Groups Changing Group Memberships Managing Password Aging
Written by Arthur Berezin 054-2266463 [email protected] Users / Groups Administration
● User Manager / system-config-users is the graphical tool for managing users
● Create delete local users and groups ● Assign users to groups ● Lock / unlock accounts ● Password aging ● User expiration
Written by Arthur Berezin 054-2266463 [email protected] Users / Groups Administration
● System > Administration > Users and Groups
● # useradd/usermod/userdel/groupadd in systems administration II
Written by Arthur Berezin 054-2266463 [email protected] Unit thirteen MANGE FILES FROM COMMAND
Linux File system hierarchy Absolute path names File/directory management Relative path names
Written by Arthur Berezin 054-2266463 [email protected] Linux File system hierarchy
● In Linux file-systems are organized by hierarchy ● The root of the tree is / (called root) ● File-systems are mounted on empty directories ● Each file/directory has absolute path from root ● Slash(“/”) is the directory separator
● /home/bob/text.txt is the text.txt under bob under home in root(/)
Written by Arthur Berezin 054-2266463 [email protected]
Written by Arthur Berezin 054-2266463 [email protected] Common Paths
● /etc is usually for configuration ● /var is for regularly changing files (logs, etc..) ● Commands and executable are under
● /user/bin ● /bin ● /usr/sbin ● /sbin
Written by Arthur Berezin 054-2266463 [email protected] Common Paths
● /home is for home direcotries of users ● /root is user root home directory ● /tmp is for temporery data ● /media is for removable media ● /mnt for manually mounting temp dirs
Written by Arthur Berezin 054-2266463 [email protected] Common Paths
● In Linux everything is a file
● /dev holds files for hardware devices ● /proc Virtual filesystem shows kernel data
Written by Arthur Berezin 054-2266463 [email protected] File/directory management
● Two special paths available ~ is home of the current user ~
● Comands # cd – Change directory # ls – lists files (usually used “ll” which is “ls -l”) # pwd – prints absolute current path
Written by Arthur Berezin 054-2266463 [email protected] Absolute / Relative Paths
● All files have absolute path
● Begins with / ● Unique to every file
● Shell keeps track of current directory
● Files have relative path from your current path
● When using commands in shell
Written by Arthur Berezin 054-2266463 [email protected] Absolute / Relative Paths
● Absolute:
● Pwd – Absolute Path ● ~ Current user home directory ● ~
● . Current directory ● .. Parent of current directry
Written by Arthur Berezin 054-2266463 [email protected] Commands
● Cp
● Ln -s
● Mv
● Rm - Remove
● Touch - Create Empty File
● Mkdir - Make Directory
● Rmdir - Remove Directory
Written by Arthur Berezin 054-2266463 [email protected] Scatter / Gather
● Use relative paths when files are “close” to each other
● Use “..” to point one directory up ● Use “../../” to point two directories up ● And so on
● Use Absolute paths when files are all over the file-system
● Tab Completion is you friend
Written by Arthur Berezin 054-2266463 [email protected] Wilecards
● Shell uses * to mach zero or more matches
● rm /tmp/* ● mv ~/Music/Radiohead* /media/usb ● cp ~reuven/Movies/*.mkv ~arthur/Movies/
Written by Arthur Berezin 054-2266463 [email protected] Unit fourteen SECURE LINUX FILE ACCESS
User/Group/Other Nautilus File Security Command Line File Securiy
Written by Arthur Berezin 054-2266463 [email protected] User / Group / Other
● Access to files is controlled by permissions ● Linux file permission is simple yet flexible ● Files have just three categories: ● File Owned by user – the creator usually ● File group of the creator (Primary group) ● All others
● Most specific permission applies
Written by Arthur Berezin 054-2266463 [email protected] Read, Write, Execute
● Just three permissions apply r(ead), w(rite), (e)x(excute)
● On Files:
● Read – view file content
● Write – Edit the file
● Execute – run the file as command
● On Directories:
● Read – list content of the direcitry
● Write – Create / Delete files in the Directory
● Execute – Access the directory (cd)
● Everything is a files – the directory is too
Written by Arthur Berezin 054-2266463 [email protected] Read, Write, Execute
● Read only Directories usually have read and execute
● Execute permission on a directory allows access files if we know the name
● Files can be delete with write permissions of the directory
Written by Arthur Berezin 054-2266463 [email protected] Read, Write, Execute
● Permissions changes apply only on files and directories they are set on. ● Not automatically inherited to sub-directories
Written by Arthur Berezin 054-2266463 [email protected] Nautilus Permissions
● Right click on file/folder ● Properties ● Permissions
Written by Arthur Berezin 054-2266463 [email protected] Permissions from Command Line
● Command ls -l or ll to list permissions ● Command ls -ld
Written by Arthur Berezin 054-2266463 [email protected] Chmod permissions
● Symbolic Method:
● # chmod WhoWhatWhich File | Direcotry
● Who is u, g, o, a (User, Group, Other, all) ● What is +, - ,= (Add, Remove, Set) ● Which is r, w, x (Read, Write, Execute)
– Example: chmod u+w somefile
Written by Arthur Berezin 054-2266463 [email protected] Chmod permissions
● Numeric Method ● chmod ### File | Directory ● Each digit represents an access level:
● User, Group, Other ● # is sum of
● R=4, W=2, X =1 ● So 7 is rwx ● And 5 is rx..
Written by Arthur Berezin 054-2266463 [email protected] Change Ownership
● Command chown ● chown
Written by Arthur Berezin 054-2266463 [email protected] Change Group
● Command chgrp ● chgrp
Written by Arthur Berezin 054-2266463 [email protected] Special Permissions
● Set User ID (setuid) and set Group ID (setgid) on executable runs process as owner, not file executer
● # ls -l /usr/bin/passwd ● Sticky Bit on direcotry allows only the owner of the file to delete a file even than others have permissions on the direcotry
● # ls -ld /tmp setgid on directory makes new files within the directory inherit group from the containing
directory Written by Arthur Berezin 054-2266463 [email protected] Special Permissions
● Executable:
● u + s = file executes as owner, instead of executing user ● g + s = file executes as group owns the file ● Directories:
● g + s = new files get inherit group from containing directory ● o + t = Users with write permissions can on directory can remove only their own files
Written by Arthur Berezin 054-2266463 [email protected] Unit fifteen REMOTE ADMINISTRATION
Remote shell access Remote file transfer Ssh keys
Written by Arthur Berezin 054-2266463 [email protected] Remote Shell Access
● For remote shell administration use SSH
● Allows remote login and command execution
● Uses encrypted connection
● Enabled by default
● OpenSSH (server)Usually doesn't require modifications
● The client saves server's identifier on first connection (~/.ssh/known_hosts) ssh -X
● -X indicates X forwarding
Written by Arthur Berezin 054-2266463 [email protected] Remote File Transfer
● SSH is a useful tool to run commands but also a secure way to copy files
● scp
● rsync – synchronizes local and remote direcotries
● Pull: rsync [USER@]HOST:SRC... [DEST]
● Push: rsync SRC... [USER@]HOST:DEST
● -r for recursive
Written by Arthur Berezin 054-2266463 [email protected] Archives and File Compression
● Archive – bundled collection of files and directories
● Archive Manager can create/extract many archive formats (ZIP,TAR..)
● Applications > Accessories > Archive Manager
● Compress
● Decompress
● # man tar
Written by Arthur Berezin 054-2266463 [email protected] SSH Keys
● SSH Key Charing allows password-less connection
● SSH allows Private-Public key sharing
● Public key holder (ssh Server) verifies identity of Private Key holder (Client)
● This allows secure authentication without password
● Generate 2 keys: Private, Public
● Can generate a pass-phrase
● Private should be kept Private
Written by Arthur Berezin 054-2266463 [email protected] SSH Key Sharing
● Command ssh-keygen ● Two encription algorithems
● DSA, or RSA ● Ssh version 1 is not recommended ● Command ssh-copy-id Copies your public key to the server
Written by Arthur Berezin 054-2266463 [email protected] Unit sixteen GENERAL SERVICES
Network Services SSH Handling VNC Server Remote Desktop Access
Written by Arthur Berezin 054-2266463 [email protected] Service Deployment
In the server world we deploy Services
● Install (yum or system > Admin > Add software) ● Start (service
Written by Arthur Berezin 054-2266463 [email protected] Securing SSH Access
● Configuring services is a common task
● Add ssh server package (yum list,yum install) ● List configuration file (rpm -ql) ● Man on .conf file ● Disable password login ● Disable Root Login
Written by Arthur Berezin 054-2266463 [email protected] VNC Server
● Virtual Network Computing(VNC)
● Allows remote graphical Desktops
● Steps
● Install (yum/rpm/add remove)
● Configure /etc/sysconfig/vncservers – VNCSERVERS=”1: visitor 2:student” ● Set VNC password – Vncpasswd ● Start Service
● Enable Service
Written by Arthur Berezin 054-2266463 [email protected] Access Remote GNOME Desktop
● Command Line: vncviewer is VNC Client
● Allpiactions > Insternet > Tiger VNC Viewer
● Found on tigervnc package
● VNC is clear-text, We better use tcp tunneling for security layer based on sshd
● On the VNC server
● vncservers[2]=”-localhost” ● Connect
● # vncviewer -via sshuser@server localhost:2
Written by Arthur Berezin 054-2266463 [email protected] Unit Seventeen MANAGE PHYSICAL STORAGE II
File-system Parameters Modify File-system Parameters Remove partitions SWAP SPACE SWAP Management
Written by Arthur Berezin 054-2266463 [email protected] File-system Parameters
● Let's look under the hood (I.E. no Graphics)
● On RHEL6 the default file-system is EXT4
● EXT4 has many settings(Parameters) we can tune
● Command # tune2fs -l
● Note that file-system is not the mount point, usually under /dev/SOME-DEVICE ● -L to change Label
● -j to change Journals
● -o the change default mount options
Written by Arthur Berezin 054-2266463 [email protected] Mount Options
● Default mount options are usually set in
● /etc/fstab
Written by Arthur Berezin 054-2266463 [email protected] Delete Partition
● Freeing a disk is simpe:
● # umount ● Remove from /etc/fstab ● Remove from LVM ● Use Disk Utility ● Or the hard-code way with command # dd if= of= count= bs=
Written by Arthur Berezin 054-2266463 [email protected] SWAP Space
● SWAP is disk space that extends system's memory ● Partitions need to be formatted as SWAP
● Disk Utility or fdisk/mkswap ● Activate SWAP command # swapon (like mount) ● Dectivate SWAP command # swapoff ● Add a line to /etc/fstab
Written by Arthur Berezin 054-2266463 [email protected] SWAP Utilization
● The Kernel decides what is going to the SWAP ● System Monitor: Resources ● SWAP lowers performance significantly ● But is better that to run out of memory ● Usually the Kernel decides to SWAP out unused pages, to provide better performance of more frequently used pages
Written by Arthur Berezin 054-2266463 [email protected] Unit Eighteen INSTALL LINUX GRAPHICLY
Anaconda: Red Hat Enterprise Linux Installer First-boot Customization
Written by Arthur Berezin 054-2266463 [email protected] Anaconda Graphical Installer
● RHEL(Red Hat Enterprise Linux) installer called Anaconda ● Supports variety of installation methods
● DVD ● USB ● Network: PXE,FTP,HTTP ● Easiest method is bootable DVD ● Other methods require minimal installation environment
Written by Arthur Berezin 054-2266463 [email protected] Anaconda
● Minimal installation environment can come from: – Minimal bootable CD/DVD/USB – PXE Server
● Minimal image available called “boot.iso”
● Provides first stage of Anaconda ● Common with network install
Written by Arthur Berezin 054-2266463 [email protected] Stages of Anaconda
● Stage 1 – Text User Interface(TUI)
● Text based menus – Language – Installation Method(DVD, HDD, URL(HTTP, FTP) or NFS) – Network Configuration
Written by Arthur Berezin 054-2266463 [email protected] Stages of Anaconda
● Stage 2 – Graphical Environment
● How the machine should be installed and configured: – Storage Layout ● Partitioning / LVM / Filesystem / SWAP – Time zone, UTC – Root Password – Boot loader (MBR, GRUB, Password Protect) – Packages
Written by Arthur Berezin 054-2266463 [email protected] Troubleshooting Anaconda
● Debugging messages on virtual Consoles
● Ctrl + alt F1 = Installer Process ● Ctrl + alt F2 = Shell Prompt (Stage 2) ● Ctrl + alt F3 = Installer Log Messages ● Ctrl + alt F4 = Installer Kernel Messages ● Ctrl + alt F5 = Other(Partitioning, File-system)
Written by Arthur Berezin 054-2266463 [email protected] Firstboot Post-Install configuration
● Firstboot runs on first boot (I wonder where it got it's name from..) ● Performs basic configuration on first boot: – Agree to RH licensing terms – Register to RHN for Software Updates – Keyboard Layout – Create User Account (Or network authenticate) – Time/Date (NTP) – Kdump for kernel crash troubleshooting
Written by Arthur Berezin 054-2266463 [email protected] Unit Nineteen MANAGE VIRTUAL MACHINES
KVM Virtualization Virtual Guest Installation Auto-start at boot
Written by Arthur Berezin 054-2266463 [email protected] KVM Virtualization
● Virtualization allows single physical machine to be divided into multiple virtual machines ● Each machine is independent Operating System ● RHEL6 Support KVM, this allows RHEL to function as a hypervisor
Written by Arthur Berezin 054-2266463 [email protected] KVM Virtualization
● KVM – Kernel Based Virtual Machine ● KVM is a kernel Module ● KVM is Hardware Assisted Virtualization ● VirtIO – paravirtualization modules allowing guests to obtain maximum possible performance (Storage / Network drivers)
Written by Arthur Berezin 054-2266463 [email protected] KVM Benefits
● Fast - Takes advantage of Hardware Support ● Simple - Design makes it easy to support, Optimize, Use
● We gain by every new feature added to Linux ● Standard – Unmodified Kernel for guest and host, can run windows as well
Written by Arthur Berezin 054-2266463 [email protected] KVM Requirements
● Intel or AMD 64 bit CPU support(no Itanium, Power, Mainframe, ARM(Yet) )
● Hardware must support Virtualization Extensions (Intel-VTx or AMD-V)
● Enabled at Bios [root@rhel6kvm ~]# grep --color -E 'svm|vmx' /proc/cpuinfo flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm lahf_lm tpr_shadow
Written by Arthur Berezin 054-2266463 [email protected] KVM Requirements
● lm = Long Mode (64 bit) ● Svm (AMD) ● Vmx (Intel)
● XEN ?
Written by Arthur Berezin 054-2266463 [email protected] virt-manager
● Virt-manager as command or from GUI ● Virt-install, virt-view, virsh are available ● Boot on host start ● # etc/sysconfig/libvirt-guest #ON_BOOT=
Written by Arthur Berezin 054-2266463 [email protected] Unit Twenty THE BOOT PROCESS
Boot alternative kernel Boot into a specific runlevel Overcome bootloader misconfigurations /boot/grub/grub.conf Kernel boot Parameters /etc/inittab
Written by Arthur Berezin 054-2266463 [email protected] Alternative Kernel
● Kernel is the heart of the Operating System
● Interface between the applications(User Sapce) and the hardware
● Red Hat Linux Allows installing Multiple Kernel version Hardware ● Allows to test new kernel, and easily go Kernel Space Back
● Reboot To Use new Kernel User Space
Written by Arthur Berezin 054-2266463 [email protected] Linux Boot Process
● Power On > ● BIOS > ● First Sector > ● /boot/ > ● GRUB - (/boot/grub/grub.conf) > ● Kernel + initial Ram Disk (initrd) ● Switch to / ● Start Services
Written by Arthur Berezin 054-2266463 [email protected] Grand Unified Bootloader(GRUB)
● Can be used to
● Boot alternative Kernel ● Boot into single user mode
● on boot process stop the autoboot ● Select from the menu the kernel to load ● Edit kernel line to change default parameters
Written by Arthur Berezin 054-2266463 [email protected] Runlevels
● We have 3 runlevels:
● 1 – Single User Mode, for system maintenance
● 3 – Multiuser, for regular server activity
● 5 – Multiuser with Graphical Interface ● On system boot only one runlevel boots
● Command: # runlevel to check current runlevel
● Command: # who -r to check current runlevel
● Command: # init <1|3|5> to change runlevel
● /etc/inittab for default runlevel
Written by Arthur Berezin 054-2266463 [email protected] The GRUB boot screen
● Menu with list of bootable images ● We can protect the grub with a password
● p for typing a password ● Each menu entry has on /boot/grub/grub.conf
● root locating of the /boot (root where the grub is) ● kernel with kernel location(relative to root above) and command options ● initrd initial RAM Disk location which contains critical device drivers needed to boot
Written by Arthur Berezin 054-2266463 [email protected] The GRUB boot screen
● Key: Esc to stop from booting automaticly ● Key: e to edit current configuration ● Keys UP<>DOWN to select entry ● Key: e to edit current entry ● Key: b to boot with changes
● Changes are NOT boot persistent!
Written by Arthur Berezin 054-2266463 [email protected] Unit Twenty One DEPLOY FILE SHARING
FTP Server Deployment & Configuration Web Server Deployment & Configuration
Written by Arthur Berezin 054-2266463 [email protected] FTP Server
● FTP is one of the oldest network protocols ● Provides simple way to transfer files ● Vsftp – for Very Secure FTP ● Default is
● anonymous ● Download-only ● Chroot to /var/ftp ● User Login: Download readable, upload to writable
Written by Arthur Berezin 054-2266463 [email protected] Deploy FTP
● As any network service
● Install (#rpm -Uvh vsftp, or # yum install vsftp) ● Start(service vsftpd start) ● Enable(chkconfig vsftpd on) ● Test (firefox, nautilus)
Written by Arthur Berezin 054-2266463 [email protected] FTP Configuration
● How do we find the conf file ? – (rpm -ql Package Name)
● /etc/vsftp/vsftpd.conf
● anonymous_enable=YES ● local_enable=NO ● write_enable=NO
● Where can we find more info on conf file?
Written by Arthur Berezin 054-2266463 [email protected] Web Server
● Configuration:
● /etc/httpd/conf/httpd.conf
● Put HTML documents to:
● /var/www/html/
Written by Arthur Berezin 054-2266463 [email protected] Unit TWENTY TWO SECURE NETWORK SERVICES
Firewall Activation Opening Firewall ports SELinux Consept SELinux Modes SELinux Managment
Written by Arthur Berezin 054-2266463 [email protected] Firewall
● The firewall is a kernel module
● System > Administration > Firewall
● System-config-firewall
● Enabled by default
● allow all outbound traffic
● Allows inbound traffic for:
● All from localhost device ● All traffic that is started by the server itself ● Ssh (port 22)
Written by Arthur Berezin 054-2266463 [email protected] Firewall
● Desktop also allows:
● CUPS (631/UDP)
● SMB Client (137/UDP and 138/UDP)
● On command 2 separate tools available
● # iptables
● # ip6tables
● Make sure NOT to block yourself :)
Written by Arthur Berezin 054-2266463 [email protected] Basic SELinux Concept
● Protect data from compromised services. Even root
● Parallel set of permissions
● Each process has it own cntext
● And each file/directory has it own context
● Process can access only match context process
● For example http_t or tmp_t
● Command ls -Z to show file context
● To access both local and SELinux must be permitted
Written by Arthur Berezin 054-2266463 [email protected]
Written by Arthur Berezin 054-2266463 [email protected]
Written by Arthur Berezin 054-2266463 [email protected]
Written by Arthur Berezin 054-2266463 [email protected] SELinux Modes
● SELinux has 3 modes
● Enforcing: all SELinux contexts are enforced ● Permissive: all SELinux rules are allowd, but logged to troubleshoot ● Disabled: SELinux is NOT enforced
● System > Administration > SELinux Management
Written by Arthur Berezin 054-2266463 [email protected]