Linux-training-volume1

[email protected] Training Manual EduCARMA 11 1. OVERVIEW OF THE LINUX OPERATING SYSTEM 11 1.1. What is an Operating System? 11 1.1.1. Features of OS 12 1.2. Introduction to Linux Operating System 14 1.2.1. History of Linux 14 1.2.2. Linux kernel and distributions. 14 1.2.3. Open Source Nature of Linux 16 1.3. Structure of Linux OS and the linux kernel 16 1.3.1. Overview of the Linux OS and Kernel Structure 16 1.3.2. Modular kernel 19 2. BASICS OF LINUX 19 2.1. The Linux Shell 19 2.1.1. Types of linux shell 20 2.2. File System / Directory Structure 20 2.2.1. FileSystem Hierarchy Standard 20 2.3. Elementary Linux Commands 23 2.3.1. User/Group Management 23 2.3.2. Some basic linux commands 27 2.4. The X Window System 31 2.4.1. Running X 31 2.4.1.1). Starting X 32 2.4.1.2). Stopping X 33 2.4.2. Running a Program in X 33 2.4.3. Command Line Options to X Client 34 2.4.3.1). Specifying Window Size and Location 34 2.4.3.2). Specifying Window Colors 34

2.4.3.3). Running a Shell in X 35 3. FILE MANIPULATION AND MANAGEMENT 35 3.1. Files and Directories 35 3.1.1. Naming Files and Directories 35 3.1.2. Making an Empty File/Directory 36 3.1.3. Changing Directories 36 3.2. File Permissions 36 3.2.1. Concept of File Permissions and Ownership 36 3.2.2. Interpreting file permissions 37 3.2.3. File Permission Dependencies 38 3.2.3.1). User file-creation mode mask 39 3.2.4. Changing permissions 40 3.2.5. Understanding File Permissions Beyond "rwx" 41 3.2.5.1). 's' bit or 'Set User ID'/ SUID and 'Set Group ID' / SGID 41 3.2.5.2). 't' bit or 'Sticky' bit : 42 3.2.5.3). The Other Mysterious Letters - "d", "l", "b", "c", "p" 43 3.2.5.4). Setting SUID, SGID, sticky bit on a single file 43 3.3. Managing file links 43 3.3.1. Hard links 43 3.3.2. Symbolic Links 45 3.4. File ownership and Attributes 45 3.4.1. Determining the Ownership of a File 45 3.4.2. Changing the Ownership of a File 46 3.4.3. Determing the advanced attributes of a file 46 3.4.4. Changing advanced Attributes of a File 47 3.5. Finding Files 47 3.5.1. Finding All Files That Match a Pattern 47 3.5.2. Finding Files in a Directory Tree 48

3.5.2.1). Finding Files in a Directory Tree by Name 48 3.5.2.2). Finding Files in a Directory Tree by Size 48 3.5.2.3). Finding Files in a Directory Tree by Modification Time 49 3.5.2.4). Finding Files in a Directory Tree by Owner 50 3.5.2.5) Running Commands on the Files You Find 50 3.5.3. Finding Files in Directory Listings 50 3.5.3.1). Finding the Largest Files in a Directory 50 3.5.3.2). Finding the Smallest Files in a Directory 51 3.5.3.3). Finding the Smallest Directories 51 3.5.3.4). Finding the Largest Directories 51 3.5.3.5). Finding the Number of Files in a Listing 51 3.5.4. Finding Where a Command Is Located 52 3.6. Managing Files 52 3.6.1. Determining File Type and Format 52 3.6.2. Changing File Modification Time 53 3.6.3. Splitting a File into Smaller Ones 53 3.6.4. Comparing Files 54 3.6.4.1). Determining Whether Two Files Differ using 'cmp' 54 3.6.4.2). Finding the Differences between Files using 'diff' 54 3.6.4.3). Patching a File with a Difference Report 55 3.6.5. File Compression/Decompression 55 3.6.5.1). Compression/Decompression Tools 56 3.6.5.2). Archiving Files at the Shell Prompt 57 4. TEXT MANAGEMENT AND EDITORS 59 4.1. The 'vi' editor 59 4.1.1. Starting "vi" 60 4.1.2. Inserting text. 60 4.1.3. Deleting text 60 4.1.4. Changing text 61

4.1.5. Commands for moving the cursor 61 4.1.6. Saving files and quitting vi 61 4.1.7. Editing another file 62 4.1.8. Running shell commands 62 4.2. The Emacs Editor 63 4.2.1. Getting Acquainted with Emacs 63 4.2.1.1). Basic Emacs Editing Keys 63 4.3. The pico editor 65 4.4. The editor “joeâ€

66

4.5. Text Manipulation 66 4.5.1. Searching for Text 67 4.5.2. Matching Text Patterns using Regular Expressions 67 4.5.2.1). MetaCharacters and their meaning 68 4.5.2.2). Matching Lines Ending with Certain Text 69 4.5.2.3). Matching Lines of a Certain Length 69 4.5.2.4). Matching Lines That Contain Any of Some Regexps 70 4.5.2.5). Matching Lines That Contain All of Some Regexps 70 4.5.2.6). Matching Lines That Don't Contain a Regexp 70 4.5.2.7). Matching Lines That Only Contain Certain Characters 71 4.5.2.8). Using a List of Regexps to Match From 71 4.5.3. Searching More than Plain Text Files 71 4.5.4. Matching Lines in Web Pages 71 4.5.5. Searching and Replacing Text 72 5. MORE ABOUT SHELL & COMMAND LINE INTERFACE 72 5.1. Passing Special Characters to Commands 72 5.2. Letting the Shell Complete What You Type 72 5.3. Repeating the Last Command You Typed 73 5.4. Running a List of Commands 73

5.5. Redirecting Input and Output 73 5.5.1. Redirecting Input to a File 74 5.5.2. Redirecting Output to a File 74 5.5.3. Redirecting Error Messages to a File 74 5.5.4. Redirecting Output to Another Command's Input 75 6. BASICS OF LINUX SYSTEM ADMINISTRATION 75 6.1. Disks, Partitions and File Systems 75 6.1.1. Character and Block devices 75 6.1.2. Partitions/MBR 76 6.1.2.1). Why Partition Hard Drive(s) 76 6.1.2.2). Master Boot Record or MBR 77 6.1.2.3). Partitioning Scheme 78 6.1.2.4). Partition types 79 6.1.2.5). Partitioning a hard disk 80 6.1.2.6). Various Mount Points 80 6.1.2.7). Device files and partitions 83 6.1.3. FileSystems 83 6.1.3.1). Some of the Linux Filesystems 84 6.1.4. Software RAID 85 6.1.4.1). Advantages of using RAID 86 6.1.4.2). Hardware and Software RAID 86 6.1.4.3). Different Types of Raid Implementations 86 6.1.5. Logical Volume Manager (LVM) 91 6.2.RedHat Installation and Hardware Configuration 92 6.2.1. Preparing for Installation 92 6.2.1.1). Installation Disk Space Requirements 92 6.2.1.2). Installation Methods 93 6.2.1.3). Choosing the Installation Class 94 6.2.1.4). Hardware/System Information Required 95

6.2.2. RedHat Installation Procedure 96 6.2.2.1). Initial Installation Steps 97 6.2.3. Disk Partitioning Setup 98 6.2.3.1). Automatic Partitioning 98 6.2.3.2). Manual Partitioning Using Disk Druid 98 6.2.3.3). Recommended Partitioning Scheme 100 6.2.3.4). Adding Partitions 100 6.2.4. Boot Loader Configuration 101 6.2.4.1). Advanced Boot Loader Configuration 102 6.2.5. Network Configuration 103 6.2.6. Firewall Configuration 103 6.2.7. Language Support Selection 103 6.2.8. Time Zone Configuration 104 6.2.9. Set Root Password 104 6.2.10. Authentication Configuration 104 6.2.11. Package Group Selection 105 6.2.12. Boot Diskette Creation 105 6.2.13. Hardware Configuration 105 6.2.14. Installation Complete 106 6.3. System Administration Commands 106 6.3.1. Process Management 106 6.3.1.1). Process task_struct data structure 107 6.3.1.2). ps 111 6.3.1.3). top 112 6.3.1.4). pstree 114 6.3.1.5). kill 115 6.3.1.6). killall 116 6.3.1.7). fuser 116

6.3.1.8). pidof 116 6.3.1.9). skill 117 6.3.1.10). Background Process - & 117 6.3.1.11). nice 117 6.3.1.12). snice 118 6.3.1.13). /proc/$PID directory 118 6.3.2. System Startup and Shutdown 119 6.3.2.1). The Boot Process 119 6.3.2.2). The Init Program 120 6.3.2.3). Runlevels 122 6.3.2.4). System Processes 124 6.3.2.5). The Linux Login Process 126 6.3.2.6). Single – User Mode 126 6.3.2.7). Shutting Down 127 6.3.3. Memory Management and Performance Monitoring 128 6.3.3.1). Virtual Memory / Swap Space 128 6.3.3.2). Swapping In and Swapping Out 129 6.3.3.3). Commands which show the current memory usage 129 6.3.3.4). Creating a swap space 129 6.3.3.5). Using a Swap Space 130 6.3.3.6). Disk Buffering/ Buffer cache 131 6.3.3.7). Direct Memory Access or DMA 132 6.3.3.8). Resource Monitoring Tools 133 6.3.4. Disk Management Tools 136 6.3.4.1). Listing a Disk's Free Space 136 6.3.4.2). Listing a File's Disk Usage 136 6.3.4.3). Partitioning a Hard Drive 137 6.3.5. File System Management 139 6.3.5.1). Creating a filesystem 139

6.3.5.2). Mounting/Unmounting File Systems, fstab & mtab 139 6.3.5.3). Checking File System Integrity 143 6.3.6. Disk Quota Management 144 6.3.6.1). Configuring and Implementing Disk Quotas on Partitions 145 6.3.6.2). Managing Disk Quotas 148 6.3.7. RAID Setup 149 6.3.7.1). Linear Raid Setup 150 6.3.7.2). RAID-0 Setup 151 6.3.7.3). RAID-1 Setup 152 6.3.7.4). RAID-5 Setup 153 7. NETWORKING AND NETWORK SERVICES 153 7.1. Networking Overview 153 7.1.1. OSI Reference Model 153 7.1.2. TCP/IP Networks 155 7.1.2.1). Layers in the TCP/IP Protocol Architecture 156 7.1.3. LAN Network 156 7.1.3.1). Area Networks 156 7.1.3.2). LAN Basics 157 7.1.3.3). LAN Protocols and the OSI Reference Model 158 7.1.3.4). LAN Media-Access Methods 159 7.1.3.5). LAN Transmission Methods 161 7.1.3.6). LAN Topologies 161 7.1.3.7). LAN Devices 163 7.1.4. WAN Basics 166 7.1.4.1). WAN Networks 167 7.1.4.2). WAN Virtual Circuits 169 7.1.4.3). WAN Devices 170 7.1.4.4). Other Area Networks 172

7.1.5. Ethernet and Networking Hardware 172 7.1.5.1). Ethernet Network Medium 173 7.1.5.2). Ethernet Network Interface 175 7.1.6. Internet Protocol or IP Address 175 7.1.6.1). IP Address Notation and Classes of Networks 176 7.1.7. Transmission Control Protocol 177 7.1.8. User Datagram Protocol 178 7.1.9. Connection Ports 178 7.1.10. Address Resolution 178 7.1.11. IP Routing 178 7.1.11.1). Subnetworks 179 7.1.11.2). Gateways 180 7.1.11.3). Routing Table 180 7.2. Linux Network Administration 181 7.2.1. Network Configuration Files 181 7.2.2. Network Administration Commands 182 7.2.2.1). IP Address Assignment 182 7.2.2.2). Setting up Routing 184 7.2.2.3). Network Monitoring/ Analysis Tools 186 7.2.2.4) Changing the System Hostname 188 7.2.2.5). Networking terms 189 7.2.3. Packet Filtering Using Iptables 190 7.2.3.1). Network Address Translation (NAT) 190 7.2.3.2). Packet filtering tables 190 7.2.3.3). Built –In Chains for the different tables 191 7.2.3.4). Types of Targets 191 7.2.3.5). The Iptables Commandline 192 7.3. Network Information Service (NIS) 198 7.3.1. NIS Maps 198

7.3.2. NIS Domain 198 7.3.2.1). NIS Topologies used 198 7.3.3. NIS Server Installation and Configuration 199 7.3.3.1). Installing the NIS Server utility 199 7.3.3.2). Setting up the NIS domain name 200 7.3.3.3). Configuring and starting the deamon ypserv 200 7.3.3.4). Initializing the NIS Maps 202 7.3.3.5). Starting the NIS Password Deamon 202 7.3.3.6). Starting the Server Transfer deamon 203 7.3.3.7). Modifying the startup process to start NIS at Boot 203 7.3.4). Installing and Configuring the NIS Client 203 7.3.4.1). Installing the ypbind utility 203 7.3.4.3). Configure and start the NIS client deamon 204 7.3.4.4). Test the Client daemon 204 7.3.4.5). Configuring the NIS Client startup files 205 7.3.4.6). NIS Configuration Files/Commands 205 7.3.5. More about NIS 208 7.4. Network File Systems (NFS) 209 7.4.1. Main Configuration Files 209 7.4.1.1). /etc/exports file 209 7.4.1.2). /etc/hosts.allow and /etc/hosts.deny 210 7.4.2. NFS Server Setup 212 7.4.2.1). Pre-requisites 212 7.4.2.2). The NFS Daemons and starting them 213 7.4.2.3). Verifying that NFS is running 214 7.4.2.4). Making changes to /etc/exports later on 215 7.4.3. Setting up an NFS Client 215 7.4.3.1). Mounting remote directories 215

7.4.3.2). Getting NFS File Systems to Be Mounted at Boot Time 216 7.4.3.3). Options for Mounting 216 7.4.4. Using Automount services (Autofs) 217 7.4.4.1). Autofs Setup 217 7.4.4.2). Starting and Stopping Autofs 218 7.5. TCP Wrappers and Xinetd Services 219 7.5.1. TCP Wrappers 219 7.5.1.1). Advantages of TCP Wrappers 220 7.5.1.2). TCP Wrappers Configuration Files 220 7.5.2. Xinetd 222 7.5.2.1). /etc/xinetd.conf 223 7.5.2.2). The /etc/xinetd.d/ Directory 224 7.5.2.3). Access Control Options 225 7.5.2.4). Logging Options 227 7.5.2.5). Binding and Redirection Options 227 8. SHELL SCRIPTING 229 8.1. Shell Scripting Basics 229 8.1.1. Variables in Shell 230 8.1.1.1). Defining User-defined variables 231 8.1.1.2). Rules for naming variables 232 8.1.1.3). The “echoâ€

command 232

8.1.2. Shell arithmetic 232 8.1.3. Understanding Quotes inside the Shell 233 8.1.4. Finding the Exit Status of a Command Execution 234 8.1.5. Reading input from the Standard Input 235 8.1.6. Command Line Arguments 235 8.1.7. Structured Language Constructs 236 8.1.7.1). Decision Making 236 8.1.7.2). Flow Control 237

8.1.7.3). Loop Constructs 240 8.1.7.4). Debugging a Shell script 243 8.2. Advanced Shell Scripting 244 8.2.1. /dev/null 244 8.2.2. Conditional Execution using && and || 244 8.2.3. I/O Redirection and file descriptors 245 8.2.4. Essential Utilities 245 8.2.4.1). cut 245 8.2.4.2). paste 247 8.2.4.3). join 247 8.2.4.4). tr 248 8.2.4.5). uniq 249 8.2.5. Awk Utility 249 8.2.5.1). Understanding Awk Basic Examples 249 8.2.5.2). Doing arithmetic and user defined variables with awk 251 8.2.6. The sed Utility 253 8.2.6.1). Sample sed Commands/Scripts 254 9. INSTALLING LINUX SOFTWARE/KERNEL 256 9.1. RPM Installations 256 9.1.1. Getting the RPM source 256 9.1.2. Manually installing rpms 257 9.1.3. RPM Installation Errors 257 9.1.4. Installing Source Rpms 258 9.1.5. Listing Installed RPMs 259 9.1.6. Listing Files Associated with RPMs 259 9.1.6.1). Listing Files for Already Installed RPMs 260 9.1.6.2). Listing Files in RPM Files 260 9.1.6.3). Listing the RPM to Which a File Belongs 261

9.1.7. Uninstalling Rpms 261 9.2. Software Installations from Source using Tarballs 261 9.2.1. The GCC Compiler 261 9.2.2. Steps for installing from Tarball 262 9.3. Linux Kernel Recompilation 263 9.3.1. Linux kernel – A Modular Kernel 263 9.3.2. Recompiling the kernel 264 9.3.2.1) PreRequisites 264 9.3.2.2) Checking the current kernel and Redhat version 265 9.3.2.3). Kernel Recompilation Steps 265 9.3.3. Command Line Tools for Kernel level administration 269 9.3.3.1). Kernel Modules Management 269 9.4 . More About Lilo and Grub 270 9.4.1. Grub (Grand Unified Boot loader) 270 9.4.1.1). Stages in Grub Loading 271 9.4.1.2). Direct Loading and Chain Loading Booting Methods 271 9.4.1.3). Naming Conventions and Partitions used by Grub 272 9.4.1.4). Installing and Booting Grub 274 9.4.1.5). GRUB Interfaces 275 9.4.1.6). GRUB Commands 276 9.4.1.7). GRUB Menu Configuration File 278 9.4.1.8). Changing Runlevels at Boot Time 280 9.4.2. LILO or Linux Loader 280 9.4.2.1). LILO Booting stages 281 9.4.2.2) Lilo Configuration File 281 9.4.2.3). Installing lilo 283 9.4.2.4). Changing Runlevel at Boot Time 283 10. LINUX SERVICES 284 10.1. Open SSH Server 284

10.1.1. Configuring an OpenSSH server 284 10.1.2. Configuring an OpenSSH Client 284 10.1.2.1). Using the SSH command 285 10.1.2.2). Using the scp Command 286 10.1.2.3). Using the sftp Command 287 10.1.2.4). Generating Key Pairs 287 10.2. Berkeley Internet Name Domain (BIND) Server 289 10.2.1. Nameserver Zones 289 10.2.2. Types of Nameservers 290 10.2.3. BIND as a Nameserver 290 10.2.3.1). Configuration Files 290 10.3. File Transfer Program or FTP 291 10.3.1. FTP server/client 292 10.3.2. FTP Commandline Interface 292 10.3.2.1) Anonymous FTP 294 10.3.2.2) Common FTP Commands 294 10.4. Service Manager : chkconfig ,ntsysv , xinetd 295 10.4.1. ChkConfig 295 10.4.1.1). Chkconfig commandline Usage 296 10.4.2. Ntsysv 297 10.4.3. Xinetd Services 297 10.5. Telnet Program 298 10.6. Dynamic Host Configuration Protocol (DHCP) 298 10.6.1. Advantages of DHCP 299 10.6.2. DHCP server/Client 299 10.6.2.1). DHCP server configuration file 299 10.6.2.2). DHCP communication between server-client 299 10.6.2.3). DHCP Client configuration 301

10.7. Linux Samba Server 301 10.7.1. Samba configuration file 301 10.7.1. Samba password file for Clients 302 10.8. Linux Proxy Server – Squid 302 10.8.1. Squid Package and Config File 303 10.8.2. Stopping , Starting and Restarting Squid 303 10.8.3. Configuring squid Clients 303 11. SECURING LINUX SYSTEMS 303 11.1. Physical Security 304 11.2. Local Security 304 11.2.1. Checking for Unlocked Accounts 304 11.2.2. Checking for Unused Accounts 305 11.3. Files and File system Security 305 11.3.1. Default Umask 305 11.3.2. SUID/SGID Files 306 11.3.3. World-Writable Files 306 11.3.4. Setting File System Limits 307 11.3.5. Unowned Files 307 11.3.6. Protecting Binaries like Compilers 307 11.3.7. Integrity Checking 308 11.3.8. Trojan Horses, Backdoors and Rootkits 308 11.3.8.1). Nmap tool 309 11.4. Password Security and Encryption 311 11.4.1. Encryption Methods 311 11.4.1.1). DES (Data Encryption Standard) 311 11.4.1.2). PGP and Public-Key Cryptography 311 11.4.2. Authentication Methods 312 11.4.2.1). PAM - Pluggable Authentication Modules 312 11.4.2.2). Cryptographic IP Encapsulation (CIPE) 312

11.4.2.3). Kerberos 313 11.4.3. Enforcing Stronger Passwords 313 11.4.4. Locking User Accounts After Many Login Failures 314 11.4.5. Restricting Direct Login for System/Shared Accounts 315 11.4.6. Password Cracking/Brute Force Attack 316 11.4.6.1). How the brute force attack works? 316 11.4.6.2). Signs of a brute force attempt 317 11.4.6.3). Tools to stop and prevent brute force hack attempts 317 11.5. Network Security 318 11.5.1. Network Intruders and Attacks 318 11.5.1.1). Packet Sniffers 318 11.5.1.2). Denial Of Service (DOS) Attacks 318 11.5.1.3). Attacks via IP Spoofing 322 11.5.2. TCP Wrappers and xinetd 324 11.5.2.1). Controlling DOS Attacks Via Xinetd 325 11.5.3. SATAN, ISS, and Other Network Scanners 326 11.5.3.1). Detecting Port Scans 327 11.5.4. Securing SSH 327 11.5.5. Securing NFS 328 11.5.5.1). Restricting Incoming NFS Requests 329 11.5.6. Kernel Tunable Security Parameters 330 11.5.6.1). Enable TCP SYN Cookie Protection 331 11.5.6.2). Disable IP Source Routing 331 11.5.6.3). Disable ICMP Redirect Acceptance 331 11.5.6.4). Enable IP Spoofing Protection 331 11.5.6.5). Enable Ignoring to ICMP Requests 332 11.5.6.6). Enable Ignoring Broadcasts Request 332 11.5.6.7). Enable Bad Error Message Protection 332

11.5.6.8).Enable Logging of Spoofed/Source Routed/Redirect Packets 332

1. OVERVIEW OF THE LINUX OPERATING SYSTEM

1.1. What is an Operating System? In simple terms, an operating system is a manager. It manages all the available resources on a computer. These resources can be the hard disk, a printer, or the monitor screen. Even memory is a resource that needs to be managed. Within an operating system are the management functions that determine who gets to read data from the hard disk, what file is going to be printed next, what characters appear on the screen, and how much memory a certain program gets.

For example, if you own a car, you don't really need to know the details of the internal combustion engine to understand that this is what makes the car move forward. You don't need to know the principles of hydraulics to understand what isn't happening when pressing the brake pedal has no effect.

An operating system is like that. You can work productively for years without even knowing what operating system you're running on, let alone how it works. Sometimes things go wrong. In many companies, you are given a number to call when problems arise, you report what happened, and it is dealt with.

By having a working knowledge of the principles of an operating system you are in a better position to understand not only the problems that can arise, but also what steps are necessary to find a solution. There is also the attitude that you have a better relationship with things you understand. Like in a car, if you see steam pouring out from under the hood, you know that you need to add water. This also applies to the operating system.

Linux is an operating system like many others, such as DOS, Macintosh etc. In this section, I am going to discuss what goes into an operating system, what it does, how it does it, and how you, the user, are affected by all this.

1.1.1. Features of OS

1. Multitasking

An Operating system that is capable of allowing multiple software processes to be run at the same time. It can do so by actually switching back and forth between each tasks extremely fast. This is the concept of multitasking. That is, the computer is working on multiple tasks "at the same time."

2. Multi-users

A multi-user Operating System allows for multiple users to use the same computer at the same time and/or different times. That is, the operating system needs to keep track of whose program, or task, is currently writing its file to the printer or which program needs to read a certain spot on the hard disk, etc. This is the concept of multi-users, as multiple users have access to the same resources.

3. Multi Processing

A Multi Processing Operating System is one which is capable of supporting and utilizing more than one computer processor. Multiprocessing systems are much more complicated than single-process systems because the operating system must allocate resources to competing processes in a reasonable manner. Therefore, if a computer has multiple CPUs, it can do multiprocessing.

4. Process Management

One basic concept of an operating system is the process. A process is more than just a program. Especially in a multi-user, multi-tasking operating system such as UNIX, there is much more to consider. Each program has a set of data that it uses to do what it needs. Often, this data is not part of the program. For example, if you are using a text editor, the file you are editing is not part of the program on disk, but is part of the process in memory. If someone else were to be using the same editor, both of you would be using the same program. However, each of you would have a different process in memory.

* Child/Parent Process : When you log onto a Linux system, you usually get access to a command line interpreter, or shell. This takes your input and runs programs for you. If you were to start up an editor, your file would be loaded and you could edit your file. The interesting thing is that the shell has not gone away. It is still in memory. The editor is simply another process that belongs to you. Because it was started by the shell, the editor is considered a "child" process of the shell. The shell is the parent process of the editor. (A process has only one parent, but may have many children.)

* Daemons : In addition to user processes, such as shells, text editors, and databases, there are system processes running. These are processes that were started by the system. Several of these deal with managing memory and scheduling turns on the CPU. Others deal with delivering mail, printing, and other tasks that we take for granted. In principle, both of these kinds of processes are identical. However, system processes can run at much higher priorities and therefore run more often than user processes. Typically a system process of this kind is referred to as a daemon process or background process because they run behind the scenes (i.e. in the background) without user intervention. It is also possible for a user to put one of his or her processes in the background.

In short, the OS keeps track of all the processes running on the system and also manages multitasking and multiprocessing.

5. Memory Management

On UNIX, when you run a program (like any of the shell commands you have been using), the actual computer instructions are read from a file on disk from one of the bin/ directories and placed in RAM. The program is then executed in memory and becomes a process. When the process has finished running, it is removed from memory.

The CPU assists the operating system in managing users and processes. This shows how multiple processes might look in memory:

You can see that many processes could be sharing the same portion of the memory. We'll look into this topic in more detail at a later stage.

1.2. Introduction to Linux Operating System

1.2.1. History of Linux

Linux is a freely distributable version of UNIX.

* UNIX was born at the end of the 1960's and began as a one-man project designed by Ken Thompson of Bell Labs and had grown to become the most widely used operating system.

* Linus Torvalds, who was then a student at the University of Helsinki in Finland, developed Linux in 1991. It was released for free on the Internet.

* He was inspired by MINIX which was written from scratch by Andrew S. Tanenbaum, a US-born Dutch professor who wanted to teach his students the inner workings of a real operating system. It was designed to run on the Intel 8086 microprocessors that had flooded the world market. As an operating system, MINIX was not a superb one. But it had the advantage that the source code was available and served as a source of inspiration for Torvolds.

1.2.2. Linux kernel and distributions.

Linux kernel is the core of the Linux OS and is called the “Chief of Operations†. Although Linux is technically only the kernel, it is commonly considered to be all of the associated programs and utilities. Combined with the kernel, the utilities and often some applications comprise a commercial distribution.

A distro comprises a prepackaged kernel, system utilities, GUI interfaces and application programs and its the kernel which puts the linux into all the distributions.

Some of the popular Linux distros are RedHat, Mandrake, Suse ,Debian etc.

* RedHat RedHat Linux is considered by many to be the best distribution for beginners. It is designed for those who simply want to get Linux working on their system with a minimum amount of effort.

* Mandrake Mandrake is a good choice for someone is who is just starting Linux and wants all the new hardware support. The best thing about Mandrake is that its still RedHat compatible, so support is as plentiful as RedHat support from the Linux Community.

* Debian

Debian is for those who would like to learn the inner workings of Linux, yet demand more friendly features than are provided with distros like Slackware. Prior knowledge of Unix and Linux is recommended before trying this distribution.

* Slackware Slackware is one of the oldest distributions of Linux. It lacks many 'userfriendly' features that can be taken for granted with many other distros.

* SuSE Originally begun as a German Linux distribution, SuSE has become increasingly popular in the US and is the number one Linux distibution in Europe. It is considered one of the most complete distros available, with many software packages available for almost any application. SuSE is a great distro for beginners, on par with Red Hat.

* Corel Corel is a distribution aimed at new users, offering an attractive graphical interface and quick setup. Installing new applications not included with the distribution is troublesome, however.

* LinuxPPC LinuxPPC is a powerful and easy-to-use port of Linux to the PowerPC platform.

* FreeBSD FreeBSD is a "Linux-like" free Unix operating system based on the BSD source code. Its main focus is for servers, but it can also function as a workstation OS, supporting most Linux applications. The extensive "Ports Collection" makes installation of software simple and relatively painless, but hardware support tends to lag behind Linux.

* Fedora and RedHat Enterprise Linux Fedora and RedHat Enterprise Linux are two descendants of Red Hat Linux .

The Fedora Project is one of the sources for new technologies and enhancements that may be incorporated into Red Hat Enterprise Linux in the future. The goal of the Fedora Project is to work with the Linux community to build a complete, general purpose operating system exclusively from open source software. RedHat Enterprise Linux is based on subscription which comes with a charge and has both Server as well as Client Solutions.

1.2.3. Open Source Nature of Linux

Linux is developed under the GNU General Public License which means the source code for Linux is freely available to everyone.The GNU project by Richard Stallman was a software movement to provide free and quality software.The first organized effort to produce open source software was the Free Software Foundation (FSF), founded by Richard M. Stallman (known as RMS) in 1985

The FSF developed this concept into the GNU Public License (GPL), a software distribution license that stipulates (in a nutshell):

* Software released under the GPL shall be freely distributable * The software shall be distributed along with its source code * Anyone is free to modify the source code and change the program, as long as the resulting program is also freely distributable and modifiable.

Around half of the open source software available today is made available under the terms of the GPL.

1.3. Structure of Linux OS and the linux kernel 1.3.1. Overview of the Linux OS and Kernel Structure The Linux operating system is composed of four major subsystems as shown in the diagram below:

* User Applications -- the set of applications in use on a particular Linux system will be different depending on what the computer system is used for, but typical examples include a text editor and a web-browser. * O/S Services -- these are services that are typically considered part of the operating system (a windowing system, command shell, etc.); also, the

programming interface to the kernel (compiler tool and library) is included in this subsystem. * Linux Kernel -- this is the main area of interest which abstracts and mediates access to the hardware resources, including the CPU. * Hardware Controllers -- this subsystem is comprised of all the possible physical devices in a Linux installation; for example, the CPU, memory hardware, hard disks, and network hardware are all members of this subsystem. The Linux kernel presents a virtual machine interface to user processes. The kernel actually runs several processes concurrently, and is responsible for mediating access to hardware resources so that each process has fair access to processor memory while inter-process security is maintained. The Linux kernel is composed of five main subsystems: 1. The Process Scheduler (SCHED) : is responsible for controlling process access to the CPU. The scheduler enforces a policy that ensures that processes will have fair access to the CPU, while ensuring that necessary hardware actions are performed by the kernel on time. 2. The Memory Manager (MM) : permits multiple process to securely share the machine's main memory system. In addition, the memory manager supports virtual memory that allows Linux to support processes that use more memory than is available in the system. Unused memory is swapped out to persistent storage using the file system then swapped back in when it is needed. It also handles requests for run-time memory allocation. 3. The Virtual File System (VFS): abstracts the details of the variety of hardware devices by presenting a common file interface to all devices. In addition, the VFS supports several file system formats that are compatible with other operating systems. 4. The Network Interface (NET): provides access to several networking standards and a variety of network hardware. 5. The Inter-Process Communication (IPC) : subsystem supports several mechanisms for process-to-process communication on a single Linux system. Processes communicate with each other and with the kernel to coordinate their activities. A visual representation of the structure of the linux kernel is given below.

* dd This diagram emphasizes that the most central subsystem is the process scheduler: all other subsystems depend on the process scheduler since all

subsystems need to suspend and resume processes. Usually a subsystem will suspend a process that is waiting for a hardware operation to complete, and resume the process when the operation is finished.

The other dependencies are somewhat less obvious, but equally important:

* The process-scheduler subsystem uses the memory manager to adjust the hardware memory map for a specific process when that process is resumed.

* The inter-process communication subsystem depends on the memory manager to support a shared-memory communication mechanism. This mechanism allows two processes to access an area of common memory in addition to their usual private memory.

* The virtual file system uses the network interface to support a network file system (NFS), and also uses the memory manager to provide a ramdisk device.

* The memory manager uses the virtual file system to support swapping; this is the only reason that the memory manager depends on the process scheduler. When a process accesses memory that is currently swapped out, the memory manager makes a request to the file system to fetch the memory from persistent storage, and suspends the process.

On top of these five components comes the System Call Interface that hides the hardware layer for the user applications. We'll be dealing with these topics in more detail later.

1.3.2. Modular kernel

* One of the greatest advantage of Linux Kernel is it's modular structure. Most of the Linux kernel is built as a collection of source modules.

* The required modules are compiled together while the kernel is being built. But that's not all. The Linux kernel has the ability to load and unload

the modules according to the requirement on the fly without the requirement of system shutdowns. That is the reason why the Linux kernel is a Dynamic Kernel.

* This is also the reason why Linux can run on such a wide variety of hardware platforms. A developer has only to port the machine specific modules to support new hardware.

2. BASICS OF LINUX

2.1. The Linux Shell Linux is a multitasking, multiuser operating system, which means that many people can run many different applications on one computer at the same time. Before you can use a newly installed Linux system, you must set up a user account for yourself. It's usually not a good idea to use the root account for normal use; you should reserve the root account for running privileged commands and for maintaining the system. 2.1.1. Types of linux shell

Shell is a linux commandline interface and there are different types of shell in Linux. Each shell has its own pro's and con's, but each shell can perform the same basic tasks. The main difference between them is the prompt, and how they interpret commands.

* bash : Bourne Again Shell , developed by Free Software Foundation

* sh : Bourne Shell , named after its creator Steve Bourne

* csh : C Shell , came as part of Unix implementation

* ksh : Korn Shell named after David Korn.

All the shells above come as a standard part of any Linux distro. The most common shell used by default on Linux systems is bash. In bash, the default prompt for a user is a $ sign. Unless you are logged in as root in which case it the # sign.

When you enter a command, the shell does several things.

* First, it checks the command to see if it is internal to the shell. (That is, a command which the shell knows how to execute itself. There are a number of these commands, and we'll go into them later.)

* The shell also checks to see if the command is an alias, or substitute name, for another command.

* If neither of these conditions apply, the shell looks for a program, on disk, having the specified name. If successful, the shell runs the program, sending the arguments specified on the command line.

2.2. File System / Directory Structure

2.2.1. FileSystem Hierarchy Standard

* In Linux (and Unix), everything is a file. Rather, everything is mapped by the system on to a file. Thus, a hard-disk partition is one file, a detected hardware device is a file, a semaphore for IPC is still another. * Linux file-system structure is like a tree with the root Directory denoted as '/'. The entire system resides under this root directory. Everything starts from the root directory, represented by '/', and then expands into subdirectories. Where DOS/Windows had various partitions and then directories under those partitions, Linux places all the partitions under the root directory by 'mounting' them under specific directories. * The official way files are organized in Linux is called the "Filesystem Hierarchy Standard" (FHS).

The following directories, or symbolic links to directories, are required in /.

1. . bin ---------- Essential command binaries /bin contains commands that may be used by both the system administrator and by users, but which are required when no other filesystems are mounted (e.g. in single user mode). It may also contain commands which are used indirectly by scripts.

* There must be no subdirectories in /bin. * It should not be mounted separately.

2. boot ------- Static files of the boot loader This directory contains everything required for the boot process except configuration files not needed at boot time and the map installer. Thus /boot stores data that is used before the kernel begins executing user-mode programs. This may include saved master boot sectors and sector map files.

* The operating system kernel must be located in /boot. * Its usually mounted as a separate partition on the hard-disk.

3. dev -------- Device files This is a very interesting directory that highlights one important characteristic of the Linux filesystem - everything is a file or a directory. Look through this directory and you should see hda1, hda2 etc which represent the various partitions on the first master drive of the system. /dev/cdrom and /dev/fd0 represent your CDROM drive and your floppy drive. This may seem strange but it will make sense if you compare the characteristics of files to that of your hardware. Both can be read from and written to. Take /dev/dsp, for instance. This file represents your speaker device. So any data written to this file will be re-directed to your speaker. Try 'cat /etc/lilo.conf > /dev/dsp' and you should hear some sound on the speaker.

* It should not be mounted separately.

2. etc -------- Host-specific system configuration The /etc hierarchy contains configuration files. A "configuration file" is a local file used to control the operation of a program; it must be static and cannot be an executable binary.

* No binaries may be located under /etc.

3. home --------- User home directories (optional) Linux is a multi-user environment so each user is also assigned a specific directory which is accessible only to them and the system administrator. These are the user home directories, which can be found under /home/username

4. lib -------- Essential shared libraries and kernel modules This contains all the shared libraries that are required by system programs. Windows equivalent to a shared library would be a DLL file.These libraries are needed to boot the system and run the commands in the root filesystem, ie. by binaries in /bin and /sbin.

5. media ------- Mount point for removeable media (Optional) This directory contains subdirectories which are used as mount points for removeable media such as floppy disks, cdroms and zip disks.

6. mnt -------- Mount point for mounting a filesystem temporarily This is a generic mount point under which you mount your filesystems or devices. Mounting is the process by which you make a filesystem available to the system. After mounting your files will be accessible under the mount-point. This directory usually contains mount points or sub-directories where you mount your floppy and your CD. You can also create additional mount-points here if you want.

7. opt --------- Add-on application software packages /opt is reserved for the installation of add-on application software packages. A package to be installed in /opt must locate its static files in a separate /opt/<package> directory tree, where <package> is a name that describes the software package

8. sbin ---------- Essential system binaries

This directory contains all the binaries that are essential to the working of the system. These include system administration as well as maintenance and hardware configuration programs. Find lilo, fdisk, init, ifconfig etc here. These are the essential programs that are required by all the users. Another directory that contains system binaries is /usr/sbin. This directory contains other binaries of use to the system administrator. This is where you will find the network daemons for your system along with other binaries that only the system administrator has access to.

9. srv ----------- Data for services provided by this system (Optional) /srv contains site-specific data which is served by this system.

10. tmp ---------- Temporary files This directory contains mostly files that are required temporarily. Many programs us this to create lock files and for temporary storage of data.

11. usr ----------- Secondary hierarchy /usr is the second major section of the filesystem. It needs to be safe from being overwritten when the system software is updated. * Locally installed software must be placed within /usr/local rather than /usr unless it is being installed to replace or upgrade software in /usr. * X and its supporting libraries can be found here. User programs like telnet, ftp,apache etc are also placed here. * /usr/doc contains useful system documentation. /usr/src/linux contains the source code for the Linux kernel.

12. var ---------- Variable data /var contains variable data files. This includes spool directories and files, administrative and logging data, and transient and temporary files. Some portions of /var are not shareable between different systems. For instance, /var/log, /var/lock, and /var/run. This directory contains spooling data like mail and also the output from the printer daemon.

* The system logs are also kept here in /var/log/messages.

* You will also find the database for BIND in /var/named and for NIS in /var/yp.

12. proc --------- Memory resident file system The Proc psuedo file system is a real time, memory resident file system that tracks the processes running on your machine and the state of your system. The most striking factor about the /proc file system is the fact that the file system doesn't exist on any particular media. The /proc File System is a pseudo file system residing in the virtual memory and maintains highly dynamic data on the state of your operating system.

Most of the information in the /proc file system is updated to match the current state of the operating system. The contents of the /proc file system can be read by anyone who has the requisite permissions.

* Have you ever wondered where exactly the information dished out to you by the "ps" and the "top" process comes from? The information for these processes come from the /proc file system which is updated on the fly as changes take place in the processes.

More info on FHS: Reference link : http://www.pathname.com/fhs/pub/fhs-2.3.html 2.3. Elementary Linux Commands 2.3.1. User/Group Management

Before you can use a newly installed Linux system, you must set up a user account for yourself. It's usually not a good idea to use the root account for normal use; you should reserve the root account for running privileged commands and for maintaining the system.

* Users can be either people, meaning accounts tied to physical users, or accounts which exist for specific applications to use such as the apache user.

* Groups are logical expressions of organization, tying users together for a common purpose. Users within the same group can read, write, or execute files owned by the group.

* Each user and group have a unique numerical identification number called a userid (UID) and a groupid (GID) respectively.

* On Linux servers, user and group ids lower than 100 are reserved for priveleged system users on the linux machine.

The following command line tools can be used to manage users and groups:

1. Creating a User In order to create an account for yourself, log in as root and use the useradd or adduser command. $ useradd carma

* When a user carma is added, there is an entry created inside the configuration file /etc/passwd corresponding to that user as below. carma:x:504:509::/home/carma:/bin/bash

* The number 504 is the user id for the user ‘carma’ on the linux machine and 509 the group id of the group to which the user carma belongs.

2. Setting password for the user You can set the password for a user using the command "passwd". The same command stands good for changing a user password as well.

$ passwd carma

* In multiuser environments it is very important to use shadow passwords (provided by the shadow-utils package).

*

Doing so enhances the security of system authentication files.

* For this reason, the Red Hat Linux installation program enables shadow passwords by default. And hence, the passwords set for a linux user is stored inside the file ‘/etc/shadow’ in encrypted form.

3. Logging In

At login time, you'll see the a prompt resembling the following on your screen:

Here, enter your username, and press the Return key.

Now, enter your password. It won't be echoed to the screen when you login, so type carefully. If you mistype your password, you'll see the message that the login is incorrect and you'll have to try again. Once you have correctly entered the username and password, you are officially logged into the system

3. Logging out At the shell prompt, use the command "exit" to logout of the shell or by using .

$ exit

3. Deleting a User A linux user can be deleted by using the commandline ‘userdel’.This command will delete the files from the users home directory, the entry for this user from /etc/passwd, /etc/group ,/etc/shadow.

$ userdel <user>

3. Modifying a User

The usermod command modifies the system account files to reflect the changes that are specified, like Home dir, password, etc. on the command line. Some example usages for the usermod command is given below:

* Create the new home directory for carma in /home2 & move old dir contents to this directory. $ usermod -d /home2/carma carma

* Set carma's initial group as carma12. $ usermod -g carma12 carma

* Set the new passwd for carma to ‘newpass’. $ usermod –p newpass carma

* Set Bash as the default login shell for carma. $ usermod -s /bin/bash carma

* Lock a user's password. This puts a “!†in front of the encrypted password for that user inside /etc/shadow file, effectively disabling the password. $ usermod –L carma

* Unlock a user’s password. It’ll remove the lock( !) from the password field for that user in /etc/shadow. $ usermod –U carma

3. Creating User Groups

The group for a user can be created using the "groupadd" command.

$ groupadd nobody

* When a group is added, the group info gets stored inside the file /etc/group, and the entry for the group nobody is as shown below. nobody:x:99:

* In the entry below, 99 is the groupid of the group ‘nobody’.

3. Deleting User Groups

The group for a user can be deleted by using the “groupdel†command. Deleting a group removes the group info from the /etc/group file. $ groupdel nobody

9. Modifying User Group

A user group can be modified using the ‘groupmod’ command. The groupmod command modifies the system account files to reflect the changes that are specified on the command line for a group. The two options available with this are

* Change the group id of a group .Note that the gid specified should be unique. $ groupmod –g eg: $ groupmod –g 520 carma

* Change the groupname for an existing group.For eg: to change the group name carma to carma1, use the commandline below. $ groupmod –n carma1 carma

10. Setting Group Password and manipulating Users’ Groups

The password for a group can be set or changed using the ‘gpasswd’ command. The group password for the user carma can be set using the commandline below.

$ gpasswd carma

* The password for the group ‘carma’ will be set inside the file /etc/gshadow.In normal cases, there is no group password set for any of the groups on a linux machine.

* This command can also be used to delete or add users belonging to a specific group.The commandline below will add carma to the group ‘nobody’ $ gpasswd –a <user> $ gpasswd –a carma nobody

* Similarly, the commandline below will delete the user carma from the group nobody

$ gpasswd –d <user> $ gpasswd –d carma nobody 10. Finding out a User’s Group The ‘groups’ command can be used to print the group to which a user belongs to.

$ groups carma

2.3.2. Some basic linux commands

1) ls : The "ls" (list) command lists the contents of the current directory. When used from a terminal, it generally uses colours to differentiate between directories, images, executable files etc. And the prompt reappears at the end.

Try out the following variations of the ls command, to see different forms of output: $ ls -l Produces a "long format" directory listing. For each file or directory, it also shows the owner, group, size, date modified and permissions

$ ls -a Lists all the files in the directory, including hidden ones. In Linux, files that start with a period (.) are usually not shown.

$ ls -R Lists the contents of each subdirectory, their subdirectories etc (recursive).

With the "ls" command, if you don’t specify any parameter, it will list the contents of the current directory. However, you could instead give it a parameter specifying what to list. For example if you type in "ls /usr", it will list the contents of the "/usr" directory

2. man : Almost every command in Linux has online help available from the command line, through the "man" (manual) command. Type in "man ls". The resulting page will describe the command, then describe every option, then give further details about the program, the author, and so on.

$ man ls

3. info : Another source of online help is the "info" command. Some Linux commands may supply both "man" and "info" documentation. As a general rule, "info" documentation is more verbose and descriptive, like a user guide, while "man" documentation is more like a reference manual, giving lists of options and parameters, and the meaning of each. $ info ls

The method for moving around in "info" is quite similar to "man" - you can also use the arrows and PgUp/PgDn to move, and Q to quit.

4.

–help : Most (but not all) programs have a --help option which displays a very short description of its main options and parameters. $ ls –help

5. date : Displays the current date and time or changes the system date and time to the specified value. $ date To set the date and time to “Sun Oct 6 16:55:16â€

, use the syntax

$ date –set='Sun Oct 6 16:55:16 EDT 2002'

5. cal : The 'cal' command displays a simple calendar and if no arguments are specified , the current month is displayed. $ cal $ cal -y

7. who : The who command displays info about the users currently logged unto the system and displays the following information : login name, terminal line, login time, remote hostname or X display. $ who $ who -m , who -u , who -H

8. who am i : Displaying info about yourself. This command displays your login name, terminal name , date and time of login. $ who am i

9. tty : Knowing your terminal The tty(teletype) command displays the name of the terminal you are working on. $ tty

10. cd : cd is the command for moving around in the directory structure , which is short for ``change directory''.

$ cd /home/carma

* Using cd with no argument will return you to your own home directory. * To move back up to the next higher (or parent) directory, use the command "cd .."

11. pwd : The pwd command displays the absolute pathname of the present working directory. $ pwd

12. mkdir : Creates a directory under the current working directory or in the path specified. $ mkdir /root/sample

13. rmdir : Removes the specified directory and the directory to be removed should not be under the current working directory.Note that rmdir deletes a directory, but only if the directory is empty $ rmdir /root/sample

14. cp : The cp command copies the files listed on the command line to the file or directory given as the last argument. Notice that we use “.'' to refer to the current directory. $ cp /etc/shells . $ cp /home/carma/test /root/test

15. mv: The mv command moves files, rather than copying them. Note that it actually renames the file or folder. $ mv /home/carma/test /home/carma/testfolder

16. rm : The rm command is used to a delete a file and stands for "remove". $ rm file1 file2 To delete files recursively and forcefully from a directory , you can use $ rm -rf /home/carma/testfolder

17. more : The more command is used for viewing the contents of files one screenful at a time. While using more, press Space to display the next page of text, and b to display the previous page. There are other commands available in more as well, these are just the basics. Pressing q will quit more. $ more /etc/services

18. file : Displays the file-type by examining its contents, with a very high degree of accuracy. The type of file like ASCII etc. $ file filename

19. locate : Locate file-or-directory-name searches for a file or directory in the entire hard disk and displays all the places it’s found. You can also specify a partial name or a section of the entire path. $ locate cron

20. cat : cat reads data from all of the files specified by the command line, and sends this data directly to stdout. Therefore, using the command you can view the contents of a text file from the command line, without having to invoke an editor. Cat is short for "concatenate" and you can use it with the -n option, which prints the file contents with numbered output lines. $ cat /root/test

$ cat -50 /var/log/messages

21. touch : ‘touch filename’ change the date/time stamp of the file to the current time.Or it will create an empty file if the file does not exist.

$ touch /home/carma/testfile You can change the stamp to any date using touch. $ touch -t 200501311759.30 (year 2005 January day 31 time 17:59:30).

There are three date/time values associated with every file on an ext2 filesystem: - the time of last access to the file (atime) - the time of last modification to the file (mtime) - the time of last change to the file's inode (ctime). Touch will change the first two of the value specified, and the last one always to the current system time.

21. tail : The tail command may be used to view the end of a file and you can specify the number of lines you want to view. If no number is specified, it will output the last 10 lines by default. $ tail /var/log/messages $ tail -100 /var/log/messages $ tail -f /var/log/messages ( The "-f" option indicates "Don't quit at the end of file; "follow" file as it grows and end when the user presses Ctrl-c").

23. head : head prints the beginning of a text file to standard putput. $ head /var/log/messages – Prints the first 10 lines of /var/log/messages. $ head -100 /var/log/messages - Prints first 100 lines instead of first 10.

24. last : Using last you can find out who has recently used the system, which terminals they used, and when they logged in and out.

$ last To find out when a particular user last logged in to the system, give his username as an argument $ last carma NOTE: The last tool gets its data from the system file `/var/log/wtmp'; the last line of output tells how far this file goes back. Sometimes, the output will go back for several weeks or more.

24. chsh : chsh command is used to change a users’ login shell. chsh will accept the full pathname of any executable file on the system. However, it will issue a warning if the shell is not listed in the /etc/shells file. A sample chsh session is given below which changes the shell for the user carma to /bin/bash. $ chsh carma Changing shell for carma. New shell [/usr/local/cpanel/bin/noshell]: /bin/bash Shell changed.

24. lynx : lynx is a text based browser for accessing the web pages on the internet from the linux command line interface. The general syntax for accessing the yahoo website using lynx is given below. $ lynx http://www.yahoo.com

24. w : An extension of the who command that displays details of all users currently on the server. This is a very important system admin tool to track who is on the server and what processes they are running.

The default setting for the w command is to show the long list of process details. You can also run the command w -s to review a shorter process listing, which is helpful when you have a lot of users on the server.

$ w $ w -s

24.

wget : Wget is a free utility for non-interactive download of files from the Web. It supports HTTP, HTTPS, and FTP protocols, as well as retrieval through HTTP proxies.

$ wget http://mirrors.ccs.neu.edu/Apache/httpd/httpd-2.0.54.tar.gz

24. su : Set User command is used to change the effective user id and group id to that of another USER. It thereby allows one user to temporarily become another user. If no USER is given, the default is `root', the super-user. If USER has a password, `su' prompts for the password unless run by a user with effective user id of zero (the super-user) $ su OR $ su root ( To change to the root user ) $ su carma

2.4. The X Window System

* The X Window System, commonly called "X," is a graphical windowing interface that comes with all popular Linux distributions.

* X is available for many Unix-based operating systems; the version of X that runs on Linux systems with x86-based CPUs is called "XFree86." The current version of X is 11, Revision 6 -- or "X11R6."

* All the command-line tools and most of the applications that you can run in the console can run in X; also available are numerous applications written specifically for X. 2.4.1. Running X

When you start X, you should see a mouse pointer appear on the screen as a large, black "X." If your X is configured to start any tools or applications, they should each start and appear in individual windows.

*

In X, each program or application in X runs in its own window. Each window has a decorative border on all four sides, called the window border; L-shaped corners, called frames; a top window bar, called the title bar, which displays the name of the window; and several title bar buttons on the left and right sides of the title bar .

* The entire visible work area, including the root window and any other windows, is called the desktop. The box in the lower right-hand corner, called the pager, allows you to move about a large desktop.

* A window manager controls the way windows look and are displayed -- the window dressing, as it were -- and can provide some additional menu or program management capabilities. There are many different window managers to choose from, with a variety of features and capabilities.

* Window managers typically allow you to customize the colors and borders that are used to display a window, as well as the type and location of buttons that appear on the window.

* And recently, desktop environments have become popular. These are a collection of applications that run on top of the window manager (and X), with the purpose of giving your X session a standardized "look and feel"; these suites normally come with a few basic tools such as clocks and file managers.

* The two popular ones are GNOME and KDE, and they generate a lot of press these days because of their graphical nature. 2.4.1.1). Starting X

There are two ways to start X. Some systems run the X Display Manager, xdm, when the system boots, at which point a graphical xdm login screen appears; you can use this to log in directly to an X session. On systems not running xdm, the virtual console reserved for X will be blank until you start X by running the startx command.

* To start X from a virtual console, type:

$ startx

* To run startx and redirect its output to a log file, type:

$ startx >$HOME/startx.log 2>&1 [RET]

* Both of these examples start X on the seventh virtual console, regardless of which console you are at when you run the command -- your console switches to X automatically.

* You can always switch to another console during your X session (using AltCtrl-F1, Alt-Ctrl-F2 etc upto Alt-Ctrl-F6). The second example writes any error messages or output of startx to a file called `startx.log' in your home directory.

* On some systems, X starts with 8-bit color depth by default. Use startx with the special `-bpp' option to specify the color depth. Follow the option with a number indicating the color depth to use, and precede the option with two hyphen characters (`--'), which tells startx to pass the options which follow it to the X server itself.

* To start X from a virtual console, and specify 16-bit color depth, type:

$ startx -- -bpp 16 [RET]

2.4.1.2). Stopping X

* To end an X session, you normally choose an exit X option from a menu in your window manager.

* If you started your X session with startx, these commands will return you to a shell prompt in the virtual console where the command was typed. If, on the

other hand, you started your X session by logging in to xdm on the seventh virtual console, you will be logged out of the X session and the xdm login screen will appear; you can then switch to another virtual console or log in to X again.

* To exit X immediately and terminate all X processes, press the [CTRL][ALT]-[BKSP] combination. You'll lose any unsaved application data, but this is useful when you cannot exit your X session normally -- in the case of a system freeze or other problem.

2.4.2. Running a Program in X

* Programs running in an X session are called X clients. (The X Window System itself is called the X server).

* To run a program in X, you start it as an X client -- either by selecting it from a menu, or by typing the command to run in an xterm shell window (see Running a Shell in X).

* To run an X client from the start menu, click the left mouse button to select the client's name from the submenus.

* You can also start a client by running it from a shell window -- useful for starting a client that isn't on the menu, or for when you want to specify options or arguments. When you run an X client from a shell window, it opens in its own window; run the client in the background to free the shell prompt in the shell window.

* To run a digital clock from a shell window or the opera web browser , type

$ xclock -digital & $ opera &

2.4.3. Command Line Options to X Client 2.4.3.1). Specifying Window Size and Location

* Specify a window's size and location by giving its window geometry with the `geometry' option. Four fields control the width and height of the windows, and the window's distance ("offset") from the edge of the screen. It is specified in the form:

-geometry WIDTHxHEIGHT+XOFF+YOFF

* To start a small xclock, 48 pixels wide and 48 pixels high, type: $ xclock -geometry 48x48

* To start an xclock with a width of 48 pixels and the default height, type: $ xclock -geometry 48

* To start an xclock with a height of 48 pixels and the default width, type: $ xclock -geometry x48

* You can give positive or negative numbers for the XOFF and YOFF fields. Positive XOFF values specify a position from the left of the screen; negative values specify a position from the right. If YOFF is positive, it specifies a position from the top of the screen; if negative, it specifies a position from the bottom of the screen. When giving these offsets, you must specify values for both XOFF and YOFF.

* To start an xclock with a width of 120 pixels, a height of 100 pixels, an x offset of 250 pixels from the right side of the screen, and a y offset of 25 pixels from the top of the screen, type:

$ xclock -geometry 120x100-250+25

2.4.3.2). Specifying Window Colors

The window colors available in your X session depend on your display hardware and the X server that is running. The xcolors tool will show all colors available on your X server and the names used to specify them.

* To list the available colors, type:

$ xcolors [RET]

Press [Q] to exit xcolors.

* To specify a color to use for the window background, window border, and text or graphics in the window itself, give the color name as an argument to the appropriate option: `-bg' for background color, `-bd' for window border color, and `-fg' for foreground color.

* To start an xclock with a light blue window background, type:

$ xclock -bg lightblue [RET]

2.4.3.3). Running a Shell in X

* Use xterm to run a shell in a window. You can run commands in an xterm window just as you would in a virtual console; a shell in an xterm acts the same as a shell in a virtual console.

* Unlike a shell in a console, you can cut and paste text from an xterm to another X client (see Selecting Text).

* To scroll through text that has scrolled past the top of the screen, type [Shift]-[PgUp]. The number of lines you can scroll back to depends on the value of the scrollback buffer, specified with the `-sl' option; its default value is 64.

* NOTE: xterm is probably the most popular terminal emulator X client, but it is not the only one; others to choose from include wterm and rxvt, all with their own special features -- try them all to find one you like.

3. FILE MANIPULATION AND MANAGEMENT 3.1. Files and Directories

3.1.1. Naming Files and Directories

* File names can consist of upper and lowercase letters, numbers, periods (`.'), hyphens (`-'), and underscores (`_').File names are also case sensitive. Directory names follow the same conventions as used with files. * Linux does not force you to use file extensions, but it is convenient and useful to give files proper extensions, since they will help you to identify file types at a glance. * Some commonly used file extensions are .html, .jpg, .xml, .php , .cgi , .pl , .gz

3.1.2. Making an Empty File/Directory

* You can create an empty file using the touch command. If a file does not exist, it creates it. $ touch newfile

* You can use mkdir to make a new directory giving the path name of the new directory as an argument. $ mkdir /home/carma/public_html/test123

* You can make a directory tree using mkdir with the '-p' option. $ mkdir -p work/support/security

This makes a `security' subdirectory in the directory called `support', which in turn is in a directory called `work' in the current directory; if the `support' or the `work' directories do not already exist, they are made as well.

3.1.3. Changing Directories

* You can change directories using the cd command. $ cd /home/carma

* Using just "cd" will take you to your home directory. $ cd

* Use "cd -" to return to the directory you were last in, $ cd -

* Every directory has two special files whose names consist of one and two periods. `..' refers to the parent of the current working directory, and `.' refers to the current working directory itself. If the current working directory is `/home/carma', you can use `.' to specify `/home/carma' and `..' to specify `/home'. Furthermore, you can specify the `/home/test' directory as ../test.

3.2. File Permissions 3.2.1. Concept of File Permissions and Ownership

Because there is typically more than one user on a Linux system, Linux provides a mechanism known as file permissions, which protect user files from tampering by other users. This mechanism lets files and directories be “owned'' by a particular user. For example, because the user Carma created the files in his home directory, Carma owns those files and has access to them.

* Sharing files between Groups : Linux also lets files be shared between users and groups of users. If Carma desired, he could cut off access to his files so that no other user could access them. However, on most systems the default is to allow other users to read your files but not modify or delete them in any way.

* Every file is owned by a particular user. However, files are also owned by a particular group, which is a defined group of users of the system.

* Every user is placed into at least one group when that user's account is created. However, the system administrator may grant the user access to more than one group.

* User Groups: Groups are usually defined by the type of users who access the machine. For example, on a university Linux system users may be placed into the groups student, staff, faculty or guest. There are also a few system-defined groups (like wheel and admin) which are used by the system itself to control access to resources--very rarely do actual users belong to these system groups. Each member of a group can work with the group's files and make new files that belong to the group. The system administrator can add new groups and give users membership to the different groups.

* File permissions fall into three main divisions: read, write, and execute. These permissions may be granted to three classes of users: (1) the owner of the file, (2) the group to which the file belongs, and (3) to all users, regardless of group.

* Read permission lets a user read the contents of the file, or in the case of directories, list the contents of the directory (using ls).

* Write permission lets the user write to and modify the file. For directories, write permission lets the user create new files or delete files within that directory.

* Finally, execute permission lets the user run the file as a program or shell script (if the file is a program or shell script). For directories, having execute permission lets the user cd into the directory in question.

3.2.2. Interpreting file permissions

Using the ls command with the -l option displays a ``long'' listing of the file, including file permissions.

$ ls -l testfile -rw-r--r-- 1 carma users 505 Mar 13 19:05 testfile

The first field in the listing represents the file permissions. The third field is the owner of the file (carma ) and the fourth field is the group to which the file belongs (users). Obviously, the last field is the name of the file (testfile). We'll cover the other fields later.

* This file is owned by carma, and belongs to the group users. The string rw-r--r-- lists, in order, the permissions granted to the file's owner, the file's group, and everybody else.

* The first character of the permissions string (``-'') represents the type of file. A “-'' means that this is a regular file (as opposed to a directory which is denoted by d or device driver).

* The next three characters (``rw-'') represent the permissions granted to the file's owner, carma. The ``r'' stands for ``read'' and the ``w'' stands for ``write''. Thus, carma has read and write permission to the file testfile.

* The next three characters, (“r--''), represent the group's permissions on the file. The group that owns this file is users. Because only an ``r'' appears here, any user who belongs to the group users may read this file.

* The last three characters, also (“r--''), represent the permissions granted to every other user on the system (other than the owner of the file and those in the group users). Again, because only an ``r'' is present, other users may read the file, but not write to it or execute it.

Here are some other examples of permissions:

3.2.3. File Permission Dependencies

The permissions granted to a file also depend on the permissions of the directory in which the file is located. For example, even if a file is set to rwxrwxrwx, other users cannot access the file unless they have read and execute access to the directory in which the file is located.

* For example, if Carma wanted to restrict access to all of his files, he could set the permissions to his home directory /home/carma to -rwx------. In this way, no other user has access to his directory, and all files and directories within it. Carma doesn't need to worry about the individual permissions on each of his files.

* In short, to access a file at all, you must have execute access to all directories along the file's pathname, and read (or execute) access to the file itself.

* Default permissions : The default set of permissions given to files is rw-r—r—which depends on the umask of that directory as discussed in the section below. And ,the usual set of permissions given to directories is drwxrxr-x, which lets other users look through your directories, but not create or delete files within them.

3.2.3.1). User file-creation mode mask

* The umask (UNIX shorthand for "user file-creation mode mask") is a fourdigit octal number that UNIX uses to determine the file permission for newly created files. * The umask specifies the permissions you do not want given by default to newly created files and directories. * Depending on the umask value of a directory, the permissions of a file or directory created under it can vary. * How umask is used to set and determine the default file creation permissions on the system is explained below. o

Default permissions are: 777 - Executable files , 666 - Text file. o The permission for the creation of new executable files is calculated by subtracting the umask value from the default permission value for the file type being created. o An example for a text file is shown below with a umask value of 022: 666 Default Permission for text file -022 Minus the umask value ---644 Allowed Permissions o Similary for a directory, the default permission will be 755 as calculated below: 777 – 022 (Umask value) = 755

* The commandline to set the umask on a directory is: $ umask 022

* The most common umask setting is 022. The /etc/profile script is where the umask command is usually set for all users.

3.2.4. Changing permissions

The command chmod is used to set the permissions on a file. Only the owner of a file or the root user may change the permissions on that file.

The syntax of chmod is chmod {a,u,g,o}{+,i}{r,w,x} filenames

Briefly, you first specify one or more of all, user, group, or other. Then you specify whether you are adding rights (+) or taking them away (-). Finally, you specify one or more of read, write, and execute.

Some sample commands are given below:

There is another way in which you can specify the file permissions. The permission bits r,w and x are assigned a number.

r = 4 ,w = 2 , x = 1 Now you can use numbers, which are the sum of the various permission bits. E.g - rwx will be 4+3+1 = 7. rx becomes 4+1 = 5. The chmod command now becomes

$chmod xyz filename where x,y and z are numbers representing the permissions of user, group and others respectively. Each number is the sum of the permissions to be set and are calculated as given above.

$ chmod 644 testfile 6 = 4 + 2 = rw , 4 = r ,4 = r 3.2.5. Understanding File Permissions Beyond "rwx" 3.2.5.1). 's' bit or 'Set User ID'/ SUID and 'Set Group ID' / SGID

'Set User ID'/ SUID bit

a) How to recognise it : If we change the permissions of a file to 4777 and list it back (in long format) the permissions will be shown as "-rwsrwxrwx". We can now see that the SUID bit for this file has been set by the presence of the "s". That's fine , but now we can't tell if the user execute bit is set, can we? Well actually, the case gives it away. A lower case "s" means that the execute bit is set, an upper case "S" means that it is clear. If we change the permissions of our file to 4677 the permissions will be shown as "-rwSrwxrwx".

b) What is it for? The SUID bit only comes into play if the file has execute permission. When such a file is executed, the resulting process takes on the effective user ID of the owner of that file . For example, say we have a program file owned by user "carma" with permissions "rwsrwxrwx". This file can be run by any user, however, the resulting process will have all the same access capabilities as carma. If it so chooses, it can read all the files that carma can read, it can write to all the files that carma can write to, and it can execute all the files that carma can execute.

c) How to set it ?

$ chmod 4nnn Or $ chmod u+s

d) Some points worth remembering.

1) Only make a file a root owned SUID if it absolutely has to be. 2. Keep up-to-date with the security fixes.

"Set Group ID" or SGID bit

a) How to recognise it : A file with permissions set to 2777 will be displayed as "-rwxrwsrwx". As before, a lower case "s" signifies that the group execute bit is set.

b) What is it for? On executable files, SGID has similar function as SUID, but as you might expect, the resulting process takes on the effective group ID of that of the file. When applied to directories, SGID takes on a special meaning. Any files created in such a directory will take on the same group ID as that of the directory, regardless of the group ID of the user creating the file.

For example, let's say we have a directory with permissions "drwxrwsrwx" owned by the group "rockers" and a user belonging to the group "carma" (we are talking about the user's main group ID here) comes along and creates a file in this directory. The resulting file will have a group ID of "rockers", not "carma" as would be the case in a normal directory. On non-executable files and nondirectories, the SGID bit has no effect.

c) How to Set it? It can be set as follows:

chmod 2nnn ie chmod 2755 /root/testdir

or chmod g+s 3.2.5.2). 't' bit or 'Sticky' bit :

a) How to recognise it : A file with permissions set to 1777 will be displayed as "-rwxrwsrwt". A lower case "t" signifies that the other execute bit is set.

b) What is it for? On Linux systems, the sticky bit only has an effect when applied to directories. A directory with this bit set will allow users to be able to rename or remove only those files which they own within that directory (other directory permissions permitting). It is usually found on tmp directories and prevents users from tampering with one another's files.

c) How to set it ? The sticky bit can be set as follows: chmod 1nnn ie chmod 1755 /root/testfile.html or chmod +t

3.2.5.3). The Other Mysterious Letters - "d", "l", "b", "c", "p"

You may have come across these little fellows in your travel through your file system. Here is just a brief explanation on each of them.

* d - Example "drwxrwxrwx". You probably haven't managed to get this far without knowing that this is a directory. I mention it here for completeness.

* l - Example "lrwxrwxrwx". This is file that links to another file and can accessing that file. The permissions on the permissions on the target file that

a symbolic link. A symbolic link is a be used as an alternative way of a symbolic link are irrelevant as it is count.

* b and c - Examples "brwxrwxrwx" and "crwxrwxrwx". These are found on special files called device files, located in the /dev directory (although there

is nothing to stop them from being created elsewhere). "b" refers to block devices (such as hard drives), "c" refers to character devices (such as printers).

* p - Example "pwrxrwxrwx". This is a special type of file called a "pipe". It allows two processes to pass data - one places data into the pipe, the other takes it out. This type of named pipe file is not often used.

3.2.5.4). Setting SUID, SGID, sticky bit on a single file

As with read, write, execute permissions, it is possible to mix and match SUID, SGID and sticky bit settings when using the octal style parameter to chmod. An extreme example would be:

$ chmod 7777 myfile

but there you have it, that's a file with all bits set .

# ls -la myfile -rwsrwsrwt 1 root root 0 Feb 26 16:39 myfile

3.3. Managing file links

Links let you give a single file more than one name. Files are actually identified by the system by their inode number, which is just the unique file system identifier for the file. A directory is actually a listing of inode numbers with their corresponding filenames. Each filename in a directory is a link to a particular inode.

3.3.1. Hard links

The ln command is used to create multiple links for one file. For example, let's say that you have a file called foo in a directory. Using ls -i, you can look at the inode number for this file.

$ ls -i foo 639098 foo

foo has an inode number of 639098 in the file system.

* You can create another link to foo, named foolink as follows: $ ln foo foolink

* With ls -i, you check the inodes for these two files and you will see that they have the same inode. $ ls -i foolink 639098 foolink

Now, specifying either foo or foolink will access the same file. If you make changes to foo, those changes appear in foolink as well. For all purposes, foo and foolink are the same file.

* These links are known as hard links because they create a direct link to an inode. Note that you can hard-link files only when they're on the same file system; symbolic links (explained) don't have this restriction.

* When you delete a file with rm, you are actually only deleting one link to a file. If you use the command

$ rm foo then only the link named foo is deleted, foolink will still exist. A file is only truly deleted on the system when it has no links to it. Usually, files have only one link, so using the rm command deletes the file. However, if a file has multiple links to it, using rm will delete only a single link; in order to delete the file, you must delete all links to the file.

* The command ls -l displays the number of links to a file . The second column in the listing, ``2'', specifies the number of links to the file. $ ls -l foo foolink -rw-rw-r-- 2 carma carma 0 Feb 26 13:11 foo -rw-rw-r-- 2 carma carma 0 Feb 26 13:11 foolink

*

If you do 'ls -lad' on a directory and even if a directory is empty, it will show that there are 2 links present inside it. This is because every directory contains at least two hard links: “.'' (a link pointing to itself), and “..'' (a link pointing to the parent directory). The root directory (/) “..'' link just points back to /. (In other words, the parent of the root directory is the root directory itself.)

$ ls -lad testfile/ drwxrwxr-x 2 carma carma 4096 Feb 26 13:22 testfile/ 3.3.2. Symbolic Links

Symbolic links, or symlinks, are another type of link, which are different from hard links. A symbolic link lets you give a file another name, but doesn't link the file by inode.

The command ln -s creates a symbolic link to a file

$ ln -s foo foolink This will create a symbolic link named foolink that points to the file foo.

$ ls -i foo foolink 639098 foo 639098 foolink You can see that the two files have the same inodes indeed.

* Using ls -l, we see that the file foolink is a symlink pointing to foo.

$ ls -l foo foolink -rw-rw-r-- 1 carma carma 0 Feb 26 13:11 foo lrwxrwxrwx 1 carma carma 3 Feb 26 14:54 foolink -> foo

* The file permissions on a symbolic link are not used (they always appear as rwxrwxrwx). Instead, the permissions on the symbolic link are determined by the permissions on the target of the symbolic link (in our example, the file foo).

*

Functionally, hard links and symbolic links are similar, but there are differences. For one thing, you can create a symbolic link to a file that doesn't exist; the same is not true for hard links. Symbolic links are processed by the kernel differently than are hard links, which is just a technical difference but sometimes an important one. Symbolic links are helpful because they identify the file they point to; with hard links, there is no easy way to determine which files are linked to the same inode.

3.4. File ownership and Attributes

Every file belongs to both a user and a group -- usually to the user who created it and to the group the user was working in at the time (which is almost always the user's login group). File ownership determines the type of access users have to particular files.

3.4.1. Determining the Ownership of a File

Use ls with the `-l' option to list the owner and group name for a file. The name of the user who owns the file appears in the third column of the output, and the name of the group that owns the file appears in the fourth column as we had already discussed in our previous sections. $ ls -l 3.4.2. Changing the Ownership of a File

* To change the ownership of the file, use the chown command. $ chown root testfile

* To change the group ownership of file `testfile' to root , use $ chgrp root testfile

* Using the `-R' option, you can recursively change the ownership of directories and all of their contents inside it. $ chown -R root testdir $ chgrp -R root testdir $ chown -R root.root testdir 3.4.3. Determing the advanced attributes of a file

lsattr lists the advanced file attributes on a second extended filesystem. On an ext2 file system, it is possible to use ext2 attributes to protect things. Some of the attributes are given below.

* ‘append-only' or 'a' attribute: A file with this attribute may be appended to, but may not be deleted, and the existing contents of the file may not be overwritten. If a directory has this attribute, any files or directories within it may be modified as normal, but no files may be deleted.

* `immutable' or 'i' attribute : This attribute can only be set or cleared by root. A file or directory with this attribute may not be modified, deleted, renamed, or (hard) linked.

* 'undeletable' or 'u' attribute : If a file with that attribute is deleted, instead of actually being reused, it is merely moved to a `safe location' for deletion at a later date.

Please go through "man chattr" for finding out more about the attributes that can be set.

# lsattr test.html ----ia------- test.html You can see that the file test.html has the immutable and append-only attribute set on it.

3.4.4. Changing advanced Attributes of a File

The attributes set on a file can be manipulated using the 'chattr' command. Please note that you need to be the root user to change the attribute on a file.

* 'a' attribute or append-only attribute can be set using $chattr +a /root/testfile or can be removed using $ chattr -a /root/testfile

* 'i' or immutable attribute can be set using $chattr +i /root/testfile or can be removed using $ chattr -i /root/testfile

* 'chattr -R' recursively changes attributes of directories and their contents. Symbolic links encountered during recursive directory traversals are ignored. $ chattr -R +ia /root/testdir --ïƒ sets i and a attributes on the directory /root/testdir and all contents inside it.

3.5. Finding Files

Sometimes you will need to find files on the system that match a given criteria, such as name and file size. This section will show you how to find a file when you know only part of the file name, and how to find a file whose name matches a given pattern. You will also learn how to list files and directories by their size and to find the location of commands. 3.5.1. Finding All Files That Match a Pattern

* The simplest way to find files is with the locate command. locate outputs a list of all files on the system that match the pattern, giving their full path name.

For example, all files with the text `audio' somewhere in their full path name, or all files ending with `ron'.

* To find all the files on the system that have the text `audio' anywhere in their name, type: $ locate audio

* To find all the files on the system whose file names end with the text `ron', type: $ locate *ron

* To find all hidden "dotfiles" on the system, type: $ locate /.

NOTE: locate searches are not case sensitive.

3.5.2. Finding Files in a Directory Tree The 'find' command can be used to find specific files in a particular directory tree, specifying the name of the directory tree to search, the criteria to match, and -- optionally -- the action to perform on the found files.

You can specify a number of search criteria, and format the output in various ways; the following sections include recipes for the most commonly used find commands, as well as a list of find's most popular options.

3.5.2.1). Finding Files in a Directory Tree by Name

Use find to find files in a directory tree by name. Give the name of the directory tree to search through, and use the `-name' option followed by the name you want to find.

* To list all files on the system whose file name is `top', type: $ find / -name top This command will search all directories on the system to which you have access; if you don't have execute permission for a directory, find will report that permission is denied to search the directory.

* The `-name' option is case sensitive; use the similar `-iname' option to find name regardless of case. $ find / -iname top

* To list all files in your home directory tree that end in `.php', regardless of case, type: $ find ~ -iname '*.php'

* To list all files in the `/usr/share' directory tree with the text `lib' somewhere in their name, type: $ find /usr/share -name '*lib*'

* Use `-regex' in place of `-name' to search for files whose names match a regular expression, or a pattern describing a set of strings. To list all files in the current directory tree whose names have either the string `net' or `comm' anywhere in their file names, type: $ find ./ -regex '.*\(net\|comm\).*'

3.5.2.2). Finding Files in a Directory Tree by Size

To find files of a certain size, use the `-size' option, following it with the file size to match. The file size takes one of three forms:

* when preceded with a plus sign (`+'), it matches all files greater than the given size; * when preceded with a hyphen or minus sign (`-'), it matches all files less than the given size; * with neither prefix, it matches all files whose size is exactly as specified. (The default unit is 512-byte blocks; follow the size with `k' to denote kilobytes or `b' to denote bytes.)

Examples :

* To list all files in the `/usr/local' directory tree that are greater than 10,000 kilobytes in size, type:

$ find /usr/local -size +10000k

*

To list all files in your home directory tree less than 300 bytes in size, type: $ find ~ -size -300b

* To list all files on the system whose size is exactly 42 512-byte blocks, type:

$ find / -size 42

* Use the `-empty' option to find empty files -- files whose size is 0 bytes. This is useful for finding files that you might not need, and can remove. To find all empty files in your home directory tree, type:

$ find ~ -empty

3.5.2.3). Finding Files in a Directory Tree by Modification Time

To find files last modified during a specified time, use find with the `-mtime' or `-mmin' options; the argument you give with `-mtime' specifies the number of 24-hour periods, and with `-mmin' it specifies the number of minutes.

* To list the files in the `/usr/local' directory tree that were modified exactly 24 hours ago, type:

$ find /usr/local -mtime 1

* To list the files in the `/usr' directory tree that were modified exactly five minutes ago, type:

$ find /usr -mmin 5

* To list the files in the `/usr/local' directory tree that were modified within the past 24 hours, type:

$ find /usr/local -mtime -1

* To find files in the `/etc' directory tree that are newer than the file `/etc/motd', type:

$ find /etc -newer /etc/motd

3.5.2.4). Finding Files in a Directory Tree by Owner

To find files owned by a particular user, give the username to search for as an argument to the `-user' option.

* To list all files in the `/usr/local/fonts' directory tree owned by the user carma, type:

$ find /usr/local/fonts -user carma

* The `-group' option is similar, but it matches group ownership instead of user ownership. To list all files in the `/dev' directory tree owned by the audio group, type:

$ find /dev -group audio

3.5.2.5) Running Commands on the Files You Find

You can also use find to execute a command you specify on each found file, by giving the command as an argument to the `-exec' option. If you use the string “{}'' in the command, this string is replaced with the file name of the current found file when the command executes. Mark the end of the command with the string `';''.

* To find all files in the `~/html/' directory tree with an `.html' extension, and output lines from these files that contain the string `organic', type:

$ find ~/html/ -name '*.html' -exec grep organic '{}' ';'

3.5.3. Finding Files in Directory Listings 3.5.3.1). Finding the Largest Files in a Directory

To find the largest files in a given directory, use ls to list its contents with the `-S' option, which sorts files in descending order by their size (normally, ls outputs files sorted alphabetically). Include the `-l' option to output the size and other file attributes.

To list the files in the current directory, with their attributes, sorted with the largest files first, type:

$ ls -lS

3.5.3.2). Finding the Smallest Files in a Directory

To list the contents of a directory with the smallest files first, use ls with both the `-S' and `-r' options, which reverses the sorting order of the listing. To list the files in the current directory and their attributes, sorted from smallest to largest, type:

$ ls -lSr

3.5.3.3). Finding the Smallest Directories

To output a list of directories sorted by their size -- the size of all the files they contain -- use du and sort. The du tool outputs directories in ascending order with the smallest first; the `-S' option puts the size in kilobytes of each directory in the first column of output.

Give the directory tree you want to output as an option, and pipe the output to sort with the `-n' option, which sorts its input numerically.

To output a list of the subdirectories of the current directory tree, sorted in ascending order by size, type:

$ du -S . | sort -n

3.5.3.4). Finding the Largest Directories

Use the `-r' option with sort to reverse the listing and output the largest directories first.

To output a list of the subdirectories in the current directory tree, sorted in descending order by size, type:

$ du -S . | sort -nr

3.5.3.5). Finding the Number of Files in a Listing

To find the number of files in a directory, use ls and pipe the output to `wc l', which outputs the number of lines in its input .

To output the number of files in the current directory, type:

$ ls | wc -l

3.5.4. Finding Where a Command Is Located

Use 'which' to find the full path name of a tool or application from its base file name.

* To find out whether perl is installed on your system, and, if so, where it resides, type:

$ which perl /usr/bin/perl

In this example, which output `/usr/bin/perl', indicates that the perl binary is installed in the `/usr/bin' directory.

* This is also useful for determining "which" binary would execute, should you type the name, since some systems may have different binaries of the same file name located in different directories. In that case, you can use which to find which one would execute.

3.6. Managing Files

3.6.1. Determining File Type and Format

When we speak of a file's type, we are referring to the kind of data it contains, which may include text, executable commands, or some other data; this data is organized in a particular way in the file, and this organization is called its format. For example, an image file might contain data in the JPEG image format, or a text file might contain unformatted text in the English language .

The file tool analyzes files and indicates their type and -- if known -- the format of the data they contain. Supply the name of a file as an argument to file and it outputs the name of the file, followed by a description of its format and type.

$ file Kids.tar.gz Kids.tar.gz: gzip compressed data, was "Kids.tar", from Unix

$ file gaim-1.1.1-0.src.rpm gaim-1.1.1-0.src.rpm: RPM v3 src i386 gaim-1.1.1-0

$ file testfile testfile: empty

$ file xmas.gif xmas.gif: GIF image data, version 87a, 445 x 329

3.6.2. Changing File Modification Time

Use to change a file's timestamp without modifying its contents. Give the name of the file to be changed as an argument. The default action is to change the timestamp to the current time.

* To change the timestamp of file `services' to the current date and time, type:

$ touch services

* To change the timestamp of file `services' to `17 May 1999 14:16', type:

$ touch -d '17 May 1999 14:16' services

* To change the timestamp of file `services' to `14 May', type:

$ touch -d '14 May' services

* To change the timestamp of file `services' to `14:16', type:

$ touch -d '14:16' services

NOTE: When only the date is given, the time is set to `0:00'; when no year is given, the current year is used.

3.6.3. Splitting a File into Smaller Ones

It's sometimes necessary to split one file into a number of smaller ones. The split tool copies a file, chopping up the copy into separate files of a specified size. It takes as optional arguments the name of the input file (using standard input if none is given) and the file name prefix to use when writing the output files (using `x' if none is given). The output files' names will consist of the file prefix followed by a group of letters: `aa', `ab', `ac', and so on -- the default output file names would be `xaa', `xab', and so on.

* To split 'flash_player_linux.tar.gz' into separate files of 200K each, whose names begin with `flash.tar', type:

$ split -b200k flash_player_linux.tar.gz flash.tar.gz $ ls -la total 1960 -rw-r--r-- 1 root root 204800 Feb 28 13:17 flash.tar.gzaa -rw-r--r-- 1 root root 204800 Feb 28 13:17 flash.tar.gzab -rw-r--r-- 1 root root 204800 Feb 28 13:17 flash.tar.gzac -rw-r--r-- 1 root root 204800 Feb 28 13:17 flash.tar.gzad -rw-r--r-- 1 root root 168252 Feb 28 13:17 flash.tar.gzae -rw-rw-r-- 1 root root 987452 Dec 27 07:14 flash_player_linux.tar.gz

3.6.4. Comparing Files

There are a number of tools for comparing the contents of files in different ways; these recipes show how to use some of them.

3.6.4.1). Determining Whether Two Files Differ using 'cmp'

Use cmp to determine whether or not two text files differ. It takes the names of two files as arguments, and if the files contain the same data, cmp outputs nothing. If, however, the files differ, cmp outputs the byte position and line number in the files where the first difference occurs.

$ cmp testfile samplefile testfile samplefile differ: byte 2, line 1

3.6.4.2). Finding the Differences between Files using 'diff'

* Use 'diff' to compare two files and output a difference report containing the text that differs between two files.To compare two files and output a difference report, give their names as arguments to diff.

Eg: $ diff testfile samplefile 1,2c1 < this is a test file < --> testing !!!!!!!!!!!!!

* To better see the difference between two files, use sdiff instead of diff; instead of giving a difference report, it outputs the files in two columns, side by side, separated by spaces. Lines that differ in the files are separated by

`|'; lines that appear only in the first file end with a `<', and lines that appear only in the second file are preceded with a `>'.

$ sdiff testfile samplefile

3.6.4.3). Patching a File with a Difference Report

To apply the differences in a difference report to the original file compared in the report, use patch. It takes as arguments the name of the file to be patched and the name of the difference report file (or "patchfile"). It then applies the changes specified in the patchfile to the original file. This is especially useful for distributing different versions of a file -- small patchfiles may be sent across networks easier than large source files.

* To update the original file `manuscript.new' with the patchfile `manuscript.diff', type:

$ patch manuscript.new manuscript.diff

* To update an entire directory with a patch file, use the syntax below

$ patch -p1 < ../grsecurity.patch

* The –p option specifies how much of preceding pathname to strip. A num of 0 strips everything, leaving just the filename. 1 strips the leading /. Each higher number after that strips another directory from the left.

For Ex: if you have a patchfile with a header as such:

+++ new/modules/kernel Tue Dec 19 20:05:41 2000

* Using a -p0 will expect, from your current working directory, to find a subdirectory called "new", then "modules" below that, then the "kernel" file below that.

*

Using a -p1 will strip off the 1st level from the path and will expect to find (from your current working directory) a directory called "modules", then a file called "kernel". Patch will ignore the "new" directory mentioned in the header of the patchfile.

* Using a -p2 will strip of the first two levels from the path. Patch will expect to find "kernel" in the current working directory. Patch will ignore the "new" and "modules" directories mentioned in the header of the patchfile.

3.6.5. File Compression/Decompression

File compression is useful for storing or transferring large files. When you compress a file, you shrink it and save disk space. File compression uses an algorithm to change the data in the file; to use the data in a compressed file, you must first uncompress it to restore the original data (and original file size).

3.6.5.1). Compression/Decompression Tools

In Red Hat Linux you can compress files with the compression tools gzip, bzip2, or zip.

* The bzip2 compression tool is recommended because it provides the most compression and is found on most UNIX-like operating systems.

* The gzip compression tool can also be found on most UNIX-like operating systems.

* If you need to transfer files between Linux and other operating system such as MS Windows, you should use zip because it is more compatible with the compression utilities on Windows.

Compression Tool

File Extension

Uncompression Tool gzip

.gz

gunzip bzip2

.bz2

bunzip2 zip

.zip

unzip

* By convention, files compressed with gzip are given the extension .gz, files compressed with bzip2 are given the extension .bz2, and files compressed with zip are given the extension .zip.

* Files compressed with gzip are uncompressed with gunzip, files compressed with bzip2 are uncompressed with bunzip2, and files compressed with zip are uncompressed with unzip.

Bzip2 and Bunzip2

To use bzip2 to compress a file, type the following command at a shell prompt:

$ bzip2 filename

The file will be compressed and saved as filename.bz2.To expand the compressed file, type the following command:

$ bunzip2 filename.bz2

The filename.bz2 is deleted and replaced with filename.You can use bzip2 to compress multiple files and directories at the same time by listing them with a space between each one:

$ bzip2 filename.bz2 file1 file2 file3 /usr/local/share

The above command compresses file1, file2, file3, and the contents of the /usr/local/share directory (assuming this directory exists) and places them in a file named filename.bz2.

Gzip and Gunzip

* To use gzip to compress a file, type: $ gzip filename The file will be compressed and saved as filename.gz.

* To expand the compressed file, type the command: $ gunzip filename.gz The filename.gz is deleted and replaced with filename.

* To compress multiple files and directories at the same time by listing them with a space between each one: $ gzip -r filename.gz file1 file2 file3 /usr/local/share The above command compresses file1, file2, file3, and the contents of the /usr/local/share directory (assuming this directory exists) and places them in a file named filename.gz.

Zip and Unzip

* To compress a file with zip, type the following command: $ zip -r filename.zip filesdir filename.zip represents the file you are creating and filesdir represents the directory you want to put in the new zip file. The -r option specifies that you want to include all files contained in the filesdir directory recursively.

* To extract the contents of a zip file, type the following command: $ unzip filename.zip

* You can use zip to compress multiple files and directories at the same time by listing them with a space between each one: $ zip -r filename.zip file1 file2 file3 /usr/local/share

3.6.5.2). Archiving Files at the Shell Prompt

A tar file is a collection of several files and/or directories in one file. This is a good way to create backups and archives.

Some of the options used with the tar command are:

-c

Create a new archive

-f

When used with the -c option, use the filename specified for the creation of the tar file; when used with the -x option, unarchive the specified file. -t

show the list of files in the tar file.

-v

show the progress of the files being archived

-x

extract files from an archive.

-z

compress the tar file with gzip.

-j

— compress the tar file with bzip2.

* To create a tar file, type:

$ tar -cvf filename.tar directory/file

* You can tar multiple files and directories at the same time by listing them with a space between each one:

$ tar -cvf filename.tar /home/carma/public_html /home/carma/www

The above command places all the files in the public_html and the www subdirectories of /home/carma in a new file called filename.tar in the current directory.

* To list the contents of a tar file, type:

$ tar -tvf filename.tar

*

To extract the contents of a tar file, type:

$ tar -xvf filename.tar

This command does not remove the tar file, but it places copies of its unarchived contents in the current working directory, preserving any directory structure that the archive file used. For example, if the tarfile contains a file called file.txt within a directory called foo/, then extracting the archive file will result in the creation of the directory foo/ in your current working directory with the file file.txt inside of it.

* Remember, the tar command does not compress the files by default. To create a tarred and bzipped compressed file, use the -j option:

$ tar -cjvf filename.tbz file

* You can also expand and unarchive a bzip tar file in one command:

$ tar -xjvf filename.tbz

* To create a tarred and gzipped compressed file, use the -z option:

$ tar -czvf filename.tgz file

tar files compressed with gzip are conventionally given the extension .tgz or it can have tar.gz. This command creates the archive file filename.tar and then compresses it as the file filename.tgz. (The file filename.tar is not saved.) If you uncompress the filename.tgz file with the gunzip command, the filename.tgz file is removed and replaced with filename.tar.

* You can expand a gzip tar file( .tgz or .tar.gz) in one command:

$ tar -xzvf filename.tgz 4. TEXT MANAGEMENT AND EDITORS

There are a lot of text editors to choose from on Linux systems,but the majority of editors fit in one of the two families of editor: Emacs and Vi. Most users prefer one or the other. Some of the others available are pico, joe, vim, wily, xemacs etc.

4.1. The 'vi' editor v i-- the "visual editor" is guaranteed to be present on any UNIX or Linux system . While using vi, at any one time you are in one of three modes of operation.

* Command mode : This mode lets you use commands to edit files or change to other modes. For example, typing ``x'' while in command mode deletes the character underneath the cursor. The arrow keys move the cursor around the file you're editing. Generally, the commands used in command mode are one or two characters long.

* Insert mode : You actually insert or edit text within insert mode. When using vi, you'll probably spend most of your time in this mode. You start insert mode by using a command such as ``i'' (for ``insert'') from command mode. While in insert mode, you can insert text into the document at the current cursor location. To end insert mode and return to command mode, press Esc.

* Last line mode/Ex : is a special mode used to give certain extended commands to vi. While typing these commands, they appear on the last line of the screen (hence the name). For example, when you type ``:'' in command mode, you jump into last line mode and can use commands like ``wq'' (to write the file and quit vi), or ``q!'' (to quit vi without saving changes). Last line mode is generally used for vi commands that are longer than one character. In last line mode, you enter a single-line command and press Enter to execute it.

4.1.1. Starting "vi"

The syntax for vi is "vi filename " where filename is the name of the file to edit.

$ vi test To edit the file test, you should see something like

T he column of ``~'' characters indicates you are at the end of the file.

4.1.2. Inserting text.

* The vi program when it starts is always in command mode.

* Insert text into the file by pressing i, which places the editor into insert mode, and begin typing.

* Type as many lines as you want (pressing Enter after each). You may correct mistakes with the Backspace key.

* To end insert mode and return to command mode, press Esc.

* There are several ways to insert text other than the 'i' command. The 'a' command inserts text beginning after the current cursor position, instead of at the current cursor position.

* To begin inserting text at the next line, use the o command.

4.1.3. Deleting text

* From command mode, the x command deletes the character under the cursor.

* You can delete entire lines using the command dd (that is, press d twice in a row). If the cursor is on the second line and you type dd, the second line will be deleted.

* To delete the word that the cursor is on, use the dw command. Place the cursor on a word , and type dw to delete it. 4.1.4. Changing text

* You can replace sections of text using the R command. Place the cursor on the first letter of a word "party'', press R, and type the word “hungry'' and the word party will be replaced by hungry.

* Using R to edit text is like the i and a commands, but R overwrites, rather than inserts, text.

* The r command replaces the single character under the cursor. For example, move the cursor to the beginning of the word ``Now'', and press r followed by C, you'll see "Cow" instead.

* The “~'' command changes the case of the letter under the cursor from upper- to lower-case, and back. 4.1.5. Commands for moving the cursor

* The 0 command (that's the zero key) moves the cursor to the beginning of the current line.

* The $ command moves it to the end of the line.

* When editing large files, you'll want to move forward or backward through the file a screenful at a time. Pressing Ctrl-F moves the cursor one screenful forward, and Ctrl-B moves it a screenful back.

*

To move the cursor to the end of the file, press G. You can also move to an arbitrary line; for example, typing the command 10G would move the cursor to line 10 in the file. To move to the beginning of the file, use 1G.

4.1.6. Saving files and quitting vi

* To quit vi without making changes to the file, use the command :q!. When you press the ``:'', the cursor changed to the last line or Exec mode and moves to the last line on the screen.

* The command :wq saves the file and then exits vi.

* The command ZZ (from command mode, without the ``:'') is equivalent to :wq.

* Remember that you must press Enter after a command is entered in last line mode.

* To save the file without quitting vi, use :w.

4.1.7. Editing another file

* To edit another file, use the :e command. For example, to stop editing test and edit the file foo instead, use the command :e foo

* If you use :e without saving the file first, you'll get an error message which means that vi doesn't want to edit another file until you save the first one.

*

If you use the :r command, you can include the contents of another file in the current file. For example, the command :r foo.txt inserts the contents of the file foo.txt in the text at the location of the cursor.

4.1.8. Running shell commands

* You can also run shell commands within vi. The :r! command works like :r, but rather than read a file, it inserts the output of the given command into the buffer at the current cursor location.

* For example, if you use the command :r! ls -l You can also ``shell out'' of vi, in other words, run a command from within vi, and return to the editor when you're done.

* For example, if you use the command :! ls -F the ls -F command will be executed and the results displayed on the screen, but not inserted into the file you're editing.

* If you use the command :shell vi starts an instance of the shell, letting you temporarily put vi “on hold'' while you execute other commands. Just log out of the shell (using the exit command) to return to vi.

4.2. The Emacs Editor

To call Emacs a text editor does not do it justice -- it's a large application capable of performing many functions, including reading email.

* GNU Emacs is the Emacs released under the auspices of Richard Stallman, who wrote the original Emacs predecessor in the 1970s. Emacs (formerly Lucid Emacs) offers essentially the same features GNU Emacs does, but also contains its own features for use with the X Window System.

4.2.1. Getting Acquainted with Emacs

Start Emacs in the usual way, either by choosing it from the menu supplied by your window manager in X, or by typing its name (in lowercase letters) at a shell prompt.

To start GNU Emacs at a shell prompt, type:

$ emacs

* A file or other text open in Emacs is held in its own area called a buffer. By default, the current buffer appears in the large area underneath the menu bar. To write text in the buffer, just type it. The place in the buffer where the cursor is at is called point, and is referenced by many Emacs commands.

* The horizontal bar near the bottom of the Emacs window and directly underneath the current buffer is called the mode line; it gives information about the current buffer, including its name, what percentage of the buffer fits on the screen, what line point is on, and whether or not the buffer is saved to a file.

* The mode line also lists the modes active in the buffer. Emacs modes are general states that control the way Emacs behaves -- for example, when Overwrite mode is set, text you type overwrites the text at point; in Insert mode (the default), text you type is inserted at point. Usually, either Fundamental mode (the default) or Text mode will be listed.

4.2.1.1). Basic Emacs Editing Keys

The following table lists basic editing keys and describes their function. Where two common keystrokes are available for a function, both are given. Note that C stands for the Ctrl key and M for the Escape key

KEYS

DESCRIPTION [ ] or Ctrl-p

Move point up to the previous line.

[↓] or Ctrl-n

Move point down to the next line. [↠] or Ctrl-b

Move point back through the buffer one character to the left.

[→] or Ctrl-f

Move point forward through the buffer one character to the right. [PgUp] or Ctrl-v

Move point forward through the buffer one screenful.

[PgDn] or M-v

Move point backward through the buffer one screenful.

[BKSP] or C-h

Delete character to the left of point. [DEL] or C-d

Delete character to the right of point. [INS]

Toggles between Insert mode and Overwrite mode.

Ctrl-[SPC]

Set mark (see Cutting Text). Ctrl-_

Undo the last action (control-underscore).

Ctrl-a

Move point to the beginning of the current line.

Ctrl-e

Move point to the end of the current line.

Ctrl-h i

Start Info. Ctrl-h F

Open a copy of the Emacs FAQ in a new buffer.

Ctrl-g

Cancel the current command. Ctrl-h a function [Enter]

List all Emacs commands related to function.

Ctrl-h k key

Describe key.

Ctrl-h t

Start the Emacs tutorial. Ctrl-k

Kill text from point to end of line. Ctrl-u number

Repeat the next command or keystroke you type number times.

Ctrl-w

Kill text from mark to point.

Ctrl-x Ctrl-c

Save all buffers open in Emacs, and then exit the program.

C-x C-f file

Open file in a new buffer for editing. To create a new file that does not yet exist, just specify the file name you want to give it. To browse through your files, type [TAB] instead of a file name.

C-left-click

Display a menu of all open buffers, sorted by major mode (works in X only).

[SHIFT]-left-click

Display a font selection menu (works in X Only)

* You can run any Emacs function by typing M-x followed by the function name and pressing [RET]. To run the find-file function, type: M-x find-file

This command runs the find-file function, which prompts for the name of a file and opens a copy of the file in a new buffer.

* Type C-g in Emacs to quit a function or command; if you make a mistake when typing a command, this is useful to cancel and abort the keyboard input. To exit the program -- just type C-x C-c.

* Emacs can have more than one buffer open at once. To switch between buffers, type C-x C-b. Then, give the name of the buffer to switch to, followed by [RET]; alternatively, type [RET] without a buffer name to switch to the last buffer you had visited. (Viewing a buffer in Emacs is called visiting the buffer.)

To switch to a buffer called `filemacs, type: C-x C-b filemacs

* A special buffer called `*scratch*' is for notes and things you don't want to save; it always exists in Emacs.

To switch to the `*scratch*' buffer, type:

C-x C-b *scratch* [RET]

* Incidentally, C-h is the Emacs help key; all help-related commands begin with this key. For example, to read the Emacs FAQ, type C-h F, and to run the Info documentation browser (which contains The GNU Emacs Manual), type C-h i. 4.3. The pico editor

One of the simplest text editors available for UNIX is PICO. It is PINE's default editor, so if you use PINE to read and compose e-mail, you are probably familiar with pico. pico is an easy editor to use, but it lacks a lot of features .

Again, ^ stands for the key in the following commands:

* To start PICO, type pico (all lowercase letters). $ pico

* To edit a pre-existing file filename, or to create a new file with that name, type $ pico filename

* To exit, type ^X. PICO will ask you whether you want to save your work if it is unsaved.

* To save your work without quitting, type ^O.

* To display the location of the cursor, type ^C.

*

To cut a line (or lines) of text, move your cursor to the lines you want to cut, and press ^K. To paste the last block of text you cut, press ^U.

* To search for text, press ^W. (There is no search-and-replace in PICO.)

* To get help, look at the bottom of the screen, or press ^G. 4.4. The editor “joeâ€

joe is a text screen editor.To create or modify file foo, type

$ joe foo

* Once you are in the editor, you can type in text and use special controlcharacter sequences to perform other editing tasks. To find out what the control-character sequences are, read the man page or type Ctrl-K H for help in the editor.

* Once you have typed Ctrl-K H, a menu of help topics appears on the bottom line. Use the arrow keys to select the topic and then press the spacebar or ENTER to have help on that topic appear on the screen.

* The help window will appear in the top half of the screen, and the editing window will be in the lower half of the screen. You can enter and edit text while viewing the help screen. Use the Ctrl-K H command again to dismiss the help window.

4.5. Text Manipulation

4.5.1. Searching for Text

The primary command used for searching through text is the command called grep. It outputs lines of its input that contain a given string or pattern.The various options that can be used with grep are listed below.

*

To output lines in the file ‘catalog' containing the word 'audio'. $ grep audio catalog

* To output lines in the file ‘catalog' containing the word `Compact Disc' $ grep 'Compact Disc' catalog

* To output lines in the file `catalog' containing the string `compact disc' regardless of the case of its letters $ grep -i 'compact disc' catalog

One thing to keep in mind is that grep only matches patterns that appear on a single line, so in the preceding example, if one line in `catalog' ends with the word `compact' and the next begins with `disc', grep will not match either line.

* You can specify more than one file to search. When you specify multiple files, each match that grep outputs is preceded by the name of the file it's in. To output lines in all of the files in the current directory containing the word ‘cd', type: $ grep cd *

* To output lines in all of the `.txt' files in the `~/doc' directory containing the word `CD', suppressing the listing of file names in the output, type: $ grep -h CD ~/doc/*.txt

* Use the `-r' option to search a given directory recursively, searching all subdirectories it contains.To output lines containing the word `CD' in all of the `.txt' files in the `~/doc' directory and in all of its subdirectories, type: $ grep -r CD ~/doc/*.txt

4.5.2. Matching Text Patterns using Regular Expressions

In addition to word and phrase searches, you can use grep to search for complex text patterns called regular expressions. A regular expression -- or "regexp"--is a text string of special characters that specifies a set of patterns to match.

There are a number of reserved characters called metacharacters that don't represent themselves in a regular expression, but have a special meaning that is used to build complex patterns. These metacharacters are as follows: ., *, [, ], ^, $, and \.

To specify one of these literal characters in a regular expression, precede the character with a `\'.

* To output lines in the file `catalog' that contain a `$' character, type: $ grep '\$' catalog

* To output lines in the file `catalog' that contain the string `$1.99', type: $ grep '\$1\.99' catalog

* To output lines in the file `catalog' that contain a `\' character, type: $ grep '\\' catalog

4.5.2.1). MetaCharacters and their meaning

The following table describes the special meanings of the metacharacters and gives examples of their usage.

META CHARACTER

MEANING .

Matches any one character, with the exception of the newline character. For example, . matches `a', `1', `?', `.' (a literal period character), and so forth.

*

Matches the preceding regexp zero or more times. For example, matches `-', `--', `---', `--------', and so forth

[ ]

Encloses a character set, and matches any member of the set. For example, [abc] matches either `a', `b', or `c'. In addition, the hyphen (`') and caret (`^') characters have special meanings when used inside brackets:

-

The hyphen specifies a range of characters, ordered according to their ASCII value .For example, [0-9] is synonymous with [0123456789]; [A-Za-z] matches one uppercase or lowercase letter. To include a literal `-' in a list, specify it as the last character in a list:so [0-9-] matches either a single digit character or a `-'

^

As the first character of a list, the caret means that any character except those in the list should be matched. For example, [^a] matches any character except `a', and [^0-9] matches any character except a numeric digit.

^

Matches the beginning of the line. So ^a matches `a' only when it is the first character on a line.

$

Matches the end of the line. So a$ matches `a' only when it is the last character on a line.

\

Use \ before a metacharacter when you want to specify that its a literal character. So \$ matches a dollar sign character (`$'), and \\ matches a single backslash character (`\').

\< \>

Matches the beginning (\<) or end (\>) of a word. For example, \
Or two conditions together. For example (him|her) matches the line "it belongs to him" and matches the line "it belongs to her" but does not match the line "it belongs to them." NOTE: this metacharacter is not supported by all applications. +

Matches one or more occurences of the character or regular expression immediately preceding. For example, the regular expression 9+ matches 9, 99, 999. NOTE: this metacharacter is not supported by all applications. ?

Matches 0 or 1 occurence of the character or regular expression immediately preceding.NOTE: this metacharacter is not supported by all applications. \{i\}

Match a specific number of instances or instances within a range of the preceding character. For example, the expression A[0-9]\{3\} will match "A" followed by exactly 3 digits. That is, it will match A123 but not A1234. \{i,j\}

Match a specific number of instances or instances within a range of the preceding character. The expression [0-9]\{4,6\} any sequence of 4, 5, or 6 digits. NOTE: this metacharacter is not supported by all applications.

4.5.2.2). Matching Lines Ending with Certain Text

Use `$' as the last character of quoted text to match that text only at the end of a line.

* To output lines in the file `file1' ending with an exclamation point, type: $ grep '!$' file1

4.5.2.3). Matching Lines of a Certain Length

* To match lines of a particular length, use that number of `.' characters between `^' and `$'---for example, to match all lines that are two characters (or columns) wide, use `^..$' as the regexp to search for.To output all lines in `/usr/dict/words' that are exactly two characters wide, type:

$ grep '^..$' /usr/dict/words

* To output all lines in `/usr/dict/words' that are exactly seventeen characters wide, type:

$ grep '^.\{17\}$' /usr/dict/words

* To output all lines in `/usr/dict/words' that are twenty-five or more characters wide, type:

$ grep '^.\{25,\}$' /usr/dict/words

4.5.2.4). Matching Lines That Contain Any of Some Regexps

* To output all lines in `playlist' that contain either the patterns `the sea' or `cake', type:

$ grep 'the sea\|cake' playlist

4.5.2.5). Matching Lines That Contain All of Some Regexps

To output lines that match all of a number of regexps, use grep to output lines containing the first regexp you want to match, and pipe the output to a grep with the second regexp as an argument. Continue adding pipes to grep searches for all the regexps you want to search for.

* To output all lines in `playlist' that contain both patterns `the sea' and `cake', regardless of case, type

$ grep -i 'the sea' playlist | grep -i cake

4.5.2.6). Matching Lines That Don't Contain a Regexp

To output all lines in a text that don't contain a given pattern, use grep with the `-v' option -- this option reverts the sense of matching, selecting all nonmatching lines.

* To output all lines in `/usr/dict/words' that are not three characters wide, type:

$ grep -v '^...$'

* To output all lines in `access_log' that do not contain the string `http', type:

$ grep -v http access_log

4.5.2.7). Matching Lines That Only Contain Certain Characters

* To output lines in `/usr/dict/words' that only contain vowels, type:

$ grep -i '^[aeiou]*$' /usr/dict/words

*

The `-i' option matches characters regardless of case; so, in this example, all vowel characters are matched regardless of case.

4.5.2.8). Using a List of Regexps to Match From

* To output all lines in `/usr/dict/words' containing any of the words listed in the file `forbidden-words', type:

$ grep -f forbidden-words /usr/dict/words

* To output all lines in `/usr/dict/words' that do not contain any of the words listed in `forbidden-words', regardless of case, type:

$ grep -v -i -f forbidden-words /usr/dict/words

4.5.3. Searching More than Plain Text Files

Use zgrep to search through text in files that are compressed. These files usually have a `.gz' file name extension, and can't be searched or otherwise read by other tools without uncompressing the file first.

* To search through the compressed file `README.gz' for the text `Linux', type:

$ zgrep Linux README.gz

4.5.4. Matching Lines in Web Pages

You can grep a Web page or other URL by giving the URL to lynx with the `-dump' option, and piping the output to grep.

* To search the contents of the URL http://example.com/ for lines containing the text `edu' or `carma', type:

lynx -dump http://example.com/ | grep 'edu\|carma'

4.5.5. Searching and Replacing Text

* A quick way to search and replace some text in a file is to use the following one-line perl command:

$ perl -pi -e "s/oldstring/newstring/g;" file1

* In this example, oldstring is the string to search, newstring is the string to replace it with, and file1 is the name of the file or files to work on. You can use this for more than one file.

* To replace the string `helpless' with the string `helpful' in all files in the current directory, type:

$ perl -pi -e "s/helpless/helpful/g;" *

5. MORE ABOUT SHELL & COMMAND LINE INTERFACE

5.1. Passing Special Characters to Commands

Some characters are reserved and have special meaning to the shell on their own. Before you can pass one of these characters to a command, you must quote it by enclosing the entire argument in single quotes ' '.

* When the argument you want to pass has one or more single quote characters in it, enclose it in double quotes,

$ grep "Please Don't Stop!" filename

5.2. Letting the Shell Complete What You Type

Completion is where bash does its best to finish your typing. To use it, press [TAB] on the input line and the shell will complete the word to the left of the cursor to the best of its ability.

For example, suppose you want to specify, as an argument to the ls command, the `/usr/lib/emacs/20.4/, instead of typing out the whole directory name, you can type [TAB] to complete it for you

$ ls /usr/lib/e[TAB]

5.3. Repeating the Last Command You Typed

* Type the upward arrow key to put the last command you typed back on the input line. You can then type ENTER to run the command again, or you can edit the command first.

* To put the last command you entered containing the string `grep' back on the input line, type: $ Ctrl-r (reverse-i-search)`': grep

* To put the third-to-the-last command you entered containing the string grep back on the input line, type: $ C-r (reverse-i-search)`': grep C-r C-r

* When a command is displayed on the input line, type [RET] to run it. You can also edit the command line as usual. 5.4. Running a List of Commands

To run more than one command on the input line, type each command in the order you want them to run, separating each command from the next with a semicolon (`;').

* To clear the screen and then log out of the system, type:

$ clear; logout

5.5. Redirecting Input and Output

* The standard output is where the shell streams the text output of commands -- the screen on your terminal, by default.

* The standard input, typically the keyboard, is where you input data for commands. When a command reads the standard input, it usually keeps reading text until you type C-d on a new line by itself.

* When a command runs and exits with an error, the error message is usually output to your screen, but as a separate stream called the standard error.

* You redirect these streams -- to a file, or even another command -- with redirection. The following sections describe the shell redirection operators that you can use to redirect standard input and output.

5.5.1. Redirecting Input to a File

To redirect standard input to a file, use the `<' operator. To do so, follow a command with < and the name of the file it should take input from.

apropos searches a set of database files containing short descriptions of system commands for keywords and displays the result on the standard output.

For example, instead of giving a list of words as arguments to apropos you can redirect standard input to a file containing a list of keywords to use. To redirect standard input for apropos to file `keywords', type:

$ apropos < keywords

5.5.2. Redirecting Output to a File

Use the `>' operator to redirect standard output to a file. To use it, follow a command with > and the name of the file the output should be written to.

* To redirect standard output of the command ‘ls –la’ to the file ‘filelist', type: $ ls –la > filelist

* To append the standard output of ‘ls –la’ to an existing file `commands', type:

$ ls -la >> commands

5.5.3. Redirecting Error Messages to a File

To redirect the standard error stream to a file, use the `>' operator preceded by a `2'. Follow a command with 2> and the name of the file the error stream should be written to.

* To redirect the standard error of ‘ls –la’ to the file `command.error', type: $ ls –la 2> command.error

* As with the standard output, use the `>>' operator instead of `>' to append the standard error to the contents of an existing file. To append the standard error of apropos shells to an existing file `command.error', type: $ ls –la 2>> command.error

* To redirect both standard output and standard error to the same file, use `&>' instead.

To redirect the standard output and the standard error of ls –la to the file `commands', type:

$ apropos shells &> commands

5.5.4. Redirecting Output to Another Command's Input

Piping is when you connect the standard output of one command to the standard input of another. You do this by specifying the two commands in order, separated by a vertical bar character, `|' (sometimes called a "pipe"). Commands built in this fashion are called pipelines.

* To pipe the output of ‘cat readme.txt’ to less, $ cat readme.txt | less

* To pipe the output of the ls command to the grep command you can use $ ls -la | grep html 6. BASICS OF LINUX SYSTEM ADMINISTRATION 6.1. Disks, Partitions and File Systems

The basic tasks in administering disks are:

1. Formatting your disk. This does various things to prepare it for use, such as checking for bad sectors. (Formatting is nowadays not necessary for most hard disks.)

2. Partition a hard disk, if you want to use it for several activities that aren't supposed to interfere with one another. One reason for partitioning is to store different operating systems on the same disk. Another reason is to keep user files separate from system files, which simplifies back-ups and helps protect the system files from corruption.

3. Make a filesystem (of a suitable type) on each disk or partition. The disk means nothing to Linux until you make a filesystem; then files can be created and accessed on it.

4. Mount different filesystems to form a single tree structure, either automatically, or manually as needed. (Manually mounted filesystems usually need to be unmounted manually as well.)

6.1.1. Character and Block devices

Linux recognizes two different kinds of device: * random-access block devices (such as disks) * character devices (such as tapes and serial lines), some of which may be serial, and some random-access.

Each supported device is represented in the filesystem as a device file. When you read or write a device file, the data comes from or goes to the device it represents. For example, to send a file to the printer, one could just say

$ cat filename > /dev/lp1 and the contents of the file are printed.

* Note that usually all device files exist even though the device itself might be not be installed. So just because you have a file /dev/sda, it doesn't mean that you really do have an SCSI hard disk.

* Each hard disk is represented by a separate device file. There can (usually) be only two or four IDE hard disks. These are known as /dev/hda, /dev/hdb, /dev/hdc, and /dev/hdd, respectively.

* SCSI hard disks are known as /dev/sda, /dev/sdb, and so on.

6.1.2. Partitions/MBR

*

A hard disk can be divided into several partitions. Each partition functions as if it were a separate hard disk.

6.1.2.1). Why Partition Hard Drive(s)

While it is true that Linux will operate just fine on a disk with only one large partition defined, there are several advantages to partitioning your disk for at least the four main file systems (root, usr, home, and swap). These include:

1. Reduce time required for fsck : First, it may reduce the time required to perform file system checks (both upon bootup and when doing a manual fsck), because these checks can be done in parallel. Also, file system checks are a lot easier to do on a system with multiple partitions. For example, if I knew my /home partition had problems, I could simply unmount it, perform a file system check, and then remount the repaired file system

2. Mount partitions as read-only : Second, with multiple partitions, you can, if you wish, mount one or more of your partitions as read-only. For example, if you decide that everything in /usr will not be touched even by root, you can mount the /usr partition as read-only.

3. Protecting your file systems: Finally, the most important benefit that partitioning provides is protection of your file systems. If something should happen to a file system (either through user error or system failure), on a partitioned system you would probably only lose files on a single file system. On a non-partitioned system, you would probably lose them on all file systems.

4. Multiple OS Support : Finally, since Linux allows you to set up other operating system(s) (such as Windows 95/98/NT), and then dual- (or triple-, ...) boot your system, you might wish to set up additional partitions to take advantage of this. Typically, you would want to set up at least one separate partition for each operating system. Linux includes a decent boot loader which allows you to specify which operating system you want to boot at power on.

6.1.2.2). Master Boot Record or MBR

The information about how a hard disk has been partitioned is stored in its first sector (that is, the first sector of the first track of the first disk surface).

* The first sector of the primary hard drive is the master boot record (MBR) of the disk; this is the sector that the BIOS reads in and starts when the machine is first booted.

* The master boot record is only 512 bytes in size and contains a small program that reads the partition table, checks which partition is active (that is, marked bootable), and reads the first sector of that partition, the partition's boot sector (the MBR is also a boot sector, but it has a special status and therefore a special name).

* This boot sector contains another small program that reads the first part of the operating system stored on that partition (assuming it is bootable), and then start it.

* The booting process will be dealt with in more detail later on.

6.1.2.3). Partitioning Scheme

* The partitioning scheme is not built into the hardware, or even into the BIOS.

* It is only a convention that many operating systems follow. Not all operating systems follow it, but they are the exceptions and an operating system that doesn't support partitions cannot co-exist on the same disk with any other operating system.

You can see the partitions on a machine using the fdisk command as below.

$ fdisk –l

Disk /dev/hda: 15 heads, 56 sectors, 690 cylinders

Units = cylinders of 855 * 512 bytes

Device Boot Begin Start End Blocks Id System /dev/hda1 * 1 1 24 1023 83 Linux native /dev/hda2 25 25 48 10260 83 Linux native /dev/hda3 49 49 408 153900 83 Linux native /dev/hda4 409 409 690 163305 5 Extended /dev/hda5 409 409 644 143611+ 83 Linux native /dev/hda6 645 645 690 19636+ 83 Linux native

Extended and logical partitions

The original partitioning scheme for PC hard disks allowed only four partitions. This quickly turned out to be too little in real life, partly because some people want more than four operating systems (Linux, MS-DOS, FreeBSD, NetBSD, or Windows/NT, to name a few), but primarily because sometimes it is a good idea to have several partitions for one operating system.

To overcome this design problem, extended partitions were invented. This trick allows partitioning a primary partition into sub-partitions.

* The primary partition thus subdivided is the extended partition;

* The sub-partitions of an extended partition are logical partitions. They behave like primary partitions, but are created differently. There is no speed difference between them.

The partition structure of a hard disk might look like that in Figure below. The disk is divided into three primary partitions, the second of which is divided into two logical partitions. Part of the disk is not partitioned at all. The disk as a whole and each primary partition has a boot sector.

A sample hard disk partitioning.

6.1.2.4). Partition types

* The partition tables (the one in the MBR, and the ones for extended partitions) contain one byte per partition that identifies the type of that partition. This attempts to identify the operating system that uses the partition, or what it is used for.

* The purpose is to make it possible to avoid having two operating systems accidentally using the same partition.

There is no standardization agency to specify what each byte value means, but some commonly accepted ones are included in the table below.

0

Empty

40

Venice 80286

94

Amoeba BBT 1

DOS 12-bit FAT

51

Novell?

a5

BSD/386 2

Xenix root

52

Microport

b6

BSDI fs 3

Xenix usr

63

GNU HURD

b8

BSDI swap 4

DOS 16-bit FAT<32M

64

Novell

e1

DOS access 5

Extended

65

PC/IX

f2

DOS 6

DOS 16-bit >=32M

80

Old MINIX

6

OS/2 HPFS

81

Linux/MINIX

8

AIX

82

Linux swap

9

AIX bootable

83

Linux native

6.1.2.5). Partitioning a hard disk

There are many programs for creating and removing partitions.The most commonly used one is ‘fdisk’.

Some points to keep in mind are:

* When using IDE disks, the boot partition (the partition with the bootable kernel image files) must be completely within the first 1024 cylinders. This is because the disk is used via the BIOS during boot (before the system goes into protected mode), and BIOS can't handle more than 1024 cylinders. Therefore, make sure your boot partition is completely within the first 1024 cylinders

* Each partition should have an even number of sectors, since the Linux filesystems use a 1 kilobyte block size, i.e., two sectors. An odd number of sectors will result in the last sector being unused. This won't result in any problems, but it is ugly, and some versions of fdisk will warn about it.

* Changing a partition's size usually requires first backing up everything you want to save from that partition ,deleting the partition, creating new partition, then restoring everything to the new partition 6.1.2.6). Various Mount Points

Here is a description of the various mount points and file system information, which may give you a better idea of how to best define your partition sizes for your own needs:

1. / (root) - used to store things like temporary files, the Linux kernel and boot image, important binary files (things that are needed before Linux can mount the /usr partition), and more importantly log files, spool areas for print jobs and outgoing e-mail, and user's incoming e-mail. It is also used for temporary space when performing certain operations, such as building RPM packages from source RPM files

2. /usr/ - should be the largest partition, because most of the binary files required by Linux, as well as any locally installed software, web pages , some locally-installed software log files, etc. are stored here. The partition type should be left as the default of 83 (Linux native).

3. /home/ - typically if you aren't providing shell accounts to your users, you don't need to make this partition very big. The exception is if you are providing user home pages (such web pages), in which case you might benefit from making this partition larger. Again, the partition type should be left as the default of 83 (Linux native).

4. swap - Linux provides something called "virtual memory" to make a larger amount of memory available than the physical RAM installed in your system. The swap partition is used with main RAM by Linux to accomplish this. As a rule of thumb, your swap partition should be at least double the amount of physical RAM installed in your system.If you have more than one physical hard drive in your system, you can create multiple swap partitions. The partition type needs to be changed to 82 (Linux swap).

5. /var/ (optional) - You may wish to consider splitting up your / root partition a bit further. The /var directory is used for a great deal of runtime storage, including mail spools (both ingoing and outgoing), print jobs, process locks, etc. Having this directory mounted under / (root) may be a bit dangerous because a large amount of incoming e-mail (for example), may suddenly fill up the partition. Since bad things can when the / (root) partition fills up, having /var on its own partition may avoid such problems. The partition type should be left as the default of 83 (Linux native).

6. /boot/ (optional) - In some circumstances (such as a system set up in a software RAID configuration) it may be necessary to have a separate partition from which to boot the Linux system. This partition would allow booting and then

loading of whatever drivers are required to read the other file systems. The size of this partition can be as small as a couple of Mb (approx 10 Mb) The partition type should be left as the default of 83 (Linux native).

7. /backup (optional) - If you have any extra space lying around, perhaps you would benefit from a partition for a directory called, for example, /backup. The partition type can be left as the default of 83 (Linux native).

Example : Settings up partitions

To give you an example of how one might set up partitions, you can verify below.

Device Boot Start End Blocks Id System /dev/hda1 * 1 254 1024096+ 6 16-bit >=32M DOS /dev/hda2 255 682 2128896 5 Extended /dev/hda3 255 331 310432+ 83 Linux native /dev/hda5 332 636 1229628+ 83 Linux native /dev/hda6 636 649 455584+ 83 Linux native /dev/hda8 650 682 133024+ 82 Linux swap

* The first partition, /dev/hda1, is a DOS-formatted file system used to store the alternative operating system (Windows 95). This gives 1 Gb of space for that operating system.

* The second partition, /dev/hda2, is a physical partition (called "extended") that encompasses the remaining space on the drive.

* The third through fifth partitions, /dev/hda3, /dev/hda5, and /dev/hda6, are all e2fs-formatted file systems used for the / (root), /usr, and the /home partitions, respectively.

*

Finally, the sixth partition, /dev/hda8, is used for the swap partition.

For yet another example, this time is a box with two hard drives (sole boot, Linux only), you can choose the following partitioning scheme:

Device Boot Start End Blocks Id System /dev/sda1 * 1 1 2046 4 DOS 16-bit <32M /dev/sda2 2 168 346859 83 Linux native /dev/sda3 169 231 130851 82 Linux swap /dev/sda4 232 1009 1615906 5 Extended /dev/sda5 232 398 346828 83 Linux native /dev/sda6 399 1009 1269016 83 Linux native /dev/sdb1 1 509 2114355 83 Linux native /dev/sdb2 510 1019 2118540 83 Linux native

* The first partition, /dev/sda1, is a DOS-formatted file system used to store the LILO boot loader. The Alpha platform has a slightly different method of booting than an Intel system does, therefore Linux stores its boot information in a FAT partition. This partition only needs to be as large as the smallest possible partition allowed -- in this case, 2Mb.

* The second partition, /dev/sda2, is an e2fs-formatted file system used for the / (root) partition.

* The third partition, /dev/sda3, is used for the swap partition.

* The fourth partition, /dev/sda4, is an "extended" partition (see previous example for details).

* The fifth and sixth partitions, /dev/sda5, and /dev/sda6, are e2fsformatted file systems used for the /home and /usr partitions, respectively.

* The seventh partition, /dev/sdb1, is an e2fs-formatted file system used for the /archive partition.

* The eighth and final partition, /dev/sdb2, is an e2fs-formatted file system used for the /archive2 partition.

After you finish setting up your partition information, you'll need to write the new partition to disk. After this, the Red Hat installation program reloads the partition table into memory, so you can continue on to the next step of the installation process.

6.1.2.7). Device files and partitions

Each partition and extended partition has its own device file.

* The naming convention for these files is that a partition's number is appended after the name of the whole disk, with the convention that 1-4 are primary partitions (regardless of how many primary partitions there are).

* Number greater than 5 are logical partitions (regardless of within which primary partition they reside).

* For example, /dev/hda1 is the first primary partition on the first IDE hard disk, and /dev/sdb6 is the third extended partition on the second SCSI hard disk.

6.1.3. FileSystems

What are filesystems?

A filesystem is the methods and data structures that an operating system uses to keep track of files on a disk or partition; that is, the way the files are organized on the disk.

*

The difference between a disk or partition and the filesystem it contains is important. A few programs (including, reasonably enough, programs that create filesystems) operate directly on the raw sectors of a disk or partition; if there is an existing file system there, it will be destroyed or seriously corrupted.

* Most programs operate on a filesystem, and therefore won't work on a partition that doesn't contain one (or that contains one of the wrong type).

* Making a file system : Before a partition or disk can be used as a filesystem, it needs to be initialized, and the bookkeeping data structures need to be written to the disk. This process is called making a filesystem.

Some terms related to file system

Some of the common terms which you come across related to file systems are superblock, inode, data block, directory block, and indirection block.

* The superblock contains information about the filesystem as a whole, such as its size, access rights and time of the last modification. (the exact information here depends on the filesystem).

* An inode contains all information about a file, except its name. The name is stored in the directory, together with the number of the inode.

* A directory entry consists of a filename and the number of the inode which represents the file.

* The inode contains the numbers of several data blocks, which are used to store the data in the file.

*

There is space only for a few data block numbers in the inode, however, and if more are needed, more space for pointers to the data blocks is allocated dynamically. These dynamically allocated blocks are indirect blocks; the name indicates that in order to find the data block, one has to find its number in the indirect block first.

6.1.3.1). Some of the Linux Filesystems

Linux supports several types of filesystems. Some of the important ones are.

1. ext3 : ext3 filesystem has all the features of the ext2 filesystem. The difference is, journaling has been added. This improves performance and recovery time in case of a system crash. This has become more popular than ext2.

2. ext2 : The most featureful of the native Linux filesystems. It is designed to be easily upwards compatible, so that new versions of the filesystem code do not require re-making the existing filesystems.

3. ext : An older version of ext2 that wasn't upwards compatible. It is hardly ever used in new installations any more, and most people have converted to ext2.

4. vfat : This is an extension of the FAT filesystem known as FAT32. It supports larger disk sizes than FAT. Most MS Windows disks are vfat.

5. nfs : A networked filesystem that allows sharing a filesystem between many computers to allow easy access to the files from all of them. 6. physical volume (LVM) — Creating one or more physical volume (LVM) partitions allows you to create an LVM logical volume 7. software RAID — Creating two or more software RAID partitions allows you to create a RAID device. 8. swap — Swap partitions are used to support virtual memory. In other words, data is written to a swap partition when there is not enough RAM to store the data your system is processing.

9. smbfs : A networks filesystem which allows sharing of a filesystem with an MS Windows computer. It is compatible with the Windows file sharing protocols.

Journaled File System

A filesystem that uses journaling is also called a journaled filesystem. A journaled filesystem maintains a log, or journal, of what has happened on a filesystem.

* In the event of a system crash, a journaled filesystem is designed to use the filesystem's logs to recreate unsaved and lost data. This makes data loss much less likely and is likely become a standard feature in Linux filesystems.

* Currently, ext3 is the most popular filesystem, because it is a journaled filesystem 6.1.4. Software RAID

RAID stands for Redundant Array of Independent Disks. The basic idea behind RAID is to combine multiple small, inexpensive disk drives into an array to accomplish performance or redundancy goals not attainable with one large and expensive drive. This array of drives will appear to the computer as a single logical storage unit or drive.

* RAID is a method in which information is spread across several disks, using techniques such as disk striping (RAID Level 0), disk mirroring (RAID level 1), and disk striping with parity (RAID Level 5) to achieve redundancy, lower latency and/or increase bandwidth for reading or writing to disks, and maximize the ability to recover from hard disk crashes.

* The underlying concept of RAID is that data may be distributed across each drive in the array in a consistent manner.

* To do this, the data must first be broken into consistently-sized chunks (often 32K or 64K in size, although different sizes can be used). Each chunk is then written to a hard drive in RAID according to the RAID level used.

* When the data is to be read, the process is reversed, giving the illusion that multiple drives are actually one large drive.

6.1.4.1). Advantages of using RAID

Primary reasons to use RAID include:

* Enhanced speed * Increased storage capacity using a single virtual disk * Lessened impact of a disk failure 6.1.4.2). Hardware and Software RAID There are two possible RAID approaches: Hardware RAID and Software RAID. Hardware RAID

* The hardware-based system manages the RAID subsystem independently from the host and presents to the host only a single disk per RAID array. * An example of a Hardware RAID device would be one that connects to a SCSI controller and presents the RAID arrays as a single SCSI drive. * An external RAID system moves all RAID handling "intelligence" into a controller located in the external disk subsystem. The whole subsystem is connected to the host via a normal SCSI controller and appears to the host as a single or multiple disk.

Software RAID * Software RAID implements the various RAID levels in the kernel disk (block device) code. *

It offers the cheapest possible solution, as expensive disk controller cards or hot-swap chassis (A hot-swap chassis allows you to remove a hard drive without having to power-down your system) are not required. * Software RAID also works with cheaper IDE disks as well as SCSI disks. With today's fast CPUs, Software RAID performance can excel against Hardware RAID. * The MD driver in the Linux kernel is an example of a RAID solution that is completely hardware independent. The Linux MD driver supports currently RAID levels 0/1/4/5 + linear mode. * The performance of a software-based array is dependent on the server CPU performance and load.

6.1.4.3). Different Types of Raid Implementations

The current RAID drivers in Linux supports the following levels of Software RAID implementations.

Level 0

* RAID level 0, often called "striping," is a performance-oriented striped data mapping technique.

* This means the data being written to the array is broken down into strips and written across the member disks of the array, allowing high I/O performance at low inherent cost but provides no redundancy.

* The storage capacity of a level 0 array is equal to the total capacity of the member disks in a Hardware RAID or the total capacity of member partitions in a Software RAID.

* There is no redundancy in this level and if you remove a drive RAID-0 set, the RAID device will not just miss one consecutive block will be filled with small holes all over the device. e2fsck or other recovery tools will probably not be able to recover much from such a

from a of data, it filesystem device.

Level 1

* RAID level 1, or "mirroring," has been used longer than any other form of RAID.

* Level 1 provides redundancy by writing identical data to each member disk of the array, leaving a "mirrored" copy on each disk.

* Mirroring remains popular due to its simplicity and high level of data availability.

* This is the first mode which actually has redundancy.

* RAID-1 can be used on two or more disks with zero or more spare-disks. This mode maintains an exact mirror of the information on one disk on the other disk(s). Of Course, the disks must be of equal size.

* If one disk is larger than another, your RAID device will be the size of the smallest disk.

* Level 1 provides very good data reliability and improves performance for read-intensive applications but at a relatively high cost.

* The storage capacity of the level 1 array is equal to the capacity of one of the mirrored hard disks in a Hardware RAID or one of the mirrored partitions in a Software RAID.

Level 4

* Level 4 uses parity concentrated on a single disk drive to protect data.

* It can be used on three or more disks. Instead of completely mirroring the information, it keeps parity information on one drive, and writes data to the other disks in a RAID-0 like way.

* If one drive fails, the parity information can be used to reconstruct all data. If two drives fail, all data is lost.

* The reason this level is not more frequently used, is because the parity information is kept on one drive. This information must be updated every time one of the other disks are written to. Thus, the parity disk will become a bottleneck, if it is not a lot faster than the other disks.

* Although RAID level 4 is an option in some RAID partitioning schemes, it is not an option allowed in Red Hat Linux RAID installations.

Level 5

* This is the most common type of RAID. It can be used on three or more disks, with zero or more spare-disks.

* The big difference between RAID-5 and -4 is, that the parity information is distributed evenly among the participating drives, avoiding the bottleneck problem in RAID-4.

* The only performance bottleneck is the parity calculation process. With modern CPUs and Software RAID, that usually is not a very big problem.

*

The storage capacity of Hardware RAID level 5 is equal to the capacity of member disks, minus the capacity of one member disk.

* If one of the disks fail, all data are still intact, thanks to the parity information. If spare disks are available, reconstruction will begin immediately after the device failure. If two disks fail simultaneously, all data are lost. RAID-5 can survive one disk failure, but not two or more.

Linear RAID

* Linear RAID is a simple grouping of drives to create a larger virtual drive.

* The disks are "appended" to each other, so writing linearly to the RAID device will fill up disk 0 first, then disk 1 and so on. The disks does not have to be of the same size. In fact, size doesn't matter at all here.

* There is no redundancy in this level. If one disk crashes you will most probably lose all your data. You can however be lucky to recover some data, since the filesystem will just be missing one large consecutive chunk of data.

* The capacity is the total of all member disks.

6.1.5. Logical Volume Manager (LVM) LVM is a method of allocating hard drive space into logical volumes that can be easily resized instead of partitions. * With LVM, the hard drive or set of hard drives is allocated to one or more logical volumes. * Since a physical volume can not span over more than one drive, if you want the logical volume group to span over more than one drive, you must create one or more logical volumes per drive. *

The physical volumes are combined into logical volume groups, with the exception of the /boot partition. The /boot partition can not be on a logical volume group because the boot loader can not read it. * If you want to have the root / partition on a logical volume, you will need to create a separate /boot partition which is not a part of a volume group. * The logical volume group is divided into logical volumes, which are assigned mount points such as /home and / and file system types such as ext3. * When "partitions" reach their full capacity, free space from the logical volume group can be added to the logical volume to increase the size of the partition. * When a new hard drive is added to the system, it can be added to the logical volume group, and the logical volumes that are the partitions can be expanded.

* On the other hand, if a system is partitioned with the ext3 file system, the hard drive is divided into partitions of defined sizes. If a partition becomes full, it is not easy to expand the size of the partition. * LVM support must be compiled into the kernel. The default kernel for Red Hat Linux 9 is compiled with LVM support 6.2.RedHat Installation and Hardware Configuration

Red Hat Linux 9 should be compatible with most hardware in systems that were factory built within the last two years.

Before you start the installation process, one of the following conditions must be met: * Your computer must have enough disk space for the installation of Red Hat Linux. * You must have one or more partitions that may be deleted, thereby freeing up enough disk space to install Red Hat Linux.

6.2.1. Preparing for Installation

6.2.1.1). Installation Disk Space Requirements * Personal Desktop A personal desktop installation, including a graphical desktop environment, requires at least 1.6GB of free space. Choosing both the GNOME and KDE desktop environments requires at least 1.8GB of free disk space.

* Workstation

A workstation installation, including a graphical desktop environment and software development tools, requires at least 2.1GB of free space. Choosing both the GNOME and KDE desktop environments requires at least 2.2GB of free disk space.

* Server

A server installation requires 850MB for a minimal installation without X (the graphical environment), at least 1.5GB of free space if all package groups other than X are installed, and at least 5.0GB to install all packages including the GNOME and KDE desktop environments.

* Custom A Custom installation requires 465MB for a minimal installation and at least 5.0GB of free space if every package is selected.

6.2.1.2). Installation Methods

The following installation methods are available: * CD-ROM If you have a CD-ROM drive and the Red Hat Linux CD-ROMs, you can use this method. You will need a boot diskette or a bootable CD-ROM.

*

Hard Drive If you have copied the Red Hat Linux ISO images to a local hard drive, you can use this method. You will need a boot diskette. Hard drive installations require the use of the ISO (or CD-ROM) images. An ISO image is a file containing an exact copy of a CD-ROM disk image

* NFS Image If you are installing from an NFS server using ISO images or a mirror image of Red Hat Linux, you can use this method. You will need a network driver diskette.

* FTP If you are installing directly from an FTP server, use this method. You will need a network driver diskette.

* HTTP If you are installing directly from an HTTP (Web) server, use this method. You will need a network driver diskette. 6.2.1.3). Choosing the Installation Class

1. Personal Desktop Installations

Minimum Requirements

* Personal Desktop: 1.6GB * Personal Desktop choosing both GNOME and KDE: 1.8GB * With all package groups (for example, Office/Productivity is a group of packages) : 5.0GB minimum.

What a Personal Desktop Installation Will Do:

If you choose automatic partitioning, a personal desktop installation will create the following partitions:

* The size of the swap partition is determined by the amount of RAM in your system and the amount of space available on your hard drive. For example, if you have 128MB of RAM then the swap partition created can be 128MB – 256MB (twice your RAM), depending on how much disk space is available.

* A 100MB partition mounted as /boot in which the Linux kernel and related files reside.

* A root partition mounted as / in which all other files are stored (the exact size of this partition is dependent on your available disk space).

2. Workstation Installations

Minimum Requirements :

* Workstation: 2.1GB * Workstation choosing both GNOME and KDE: 2.2GB * With all package groups : 5 GB or more

What a Workstation Installation Will Do

If you choose automatic partitioning, a workstation installation will create the partitions in the same way as for the personal desktop.

Server Installations

Minimum Requirements :

* Server (minimum, no graphical interface): 850MB * Server (choosing everything, no graphical interface): 1.5GB * Server (choosing everything, including a graphical interface): 5.0GB * With all software packages: 5GB and more

What a Server Installation Will Do

If you choose automatic partitioning, a server installation will create the partitions in the same way as for the workstation.

Custom Installations

The custom installation allows you the most flexibility during your installation. During a custom installation, you have complete control over the packages that are installed on your system.

Recommended Minimum Requirements:

* Custom (minimum): 465MB * Custom (choosing everything): 5.0GB

What a Custom Installation Will Do:

As you might guess from the name, a custom installation puts the emphasis on flexibility. You have complete control over which packages will be installed on your system.

If you choose automatic partitioning, a custom installation will create the partitions in the same format as we have discussed above.

Upgrading Your System

Upgrading Red Hat Linux 6.2 (or greater) will not delete any existing data. The installation program updates the modular kernel and all currently installed software packages.

6.2.1.4). Hardware/System Information Required

The hardware or system info that you are required to know to make your Red Hat Linux installation go more smoothly are given below though most of them will be automatically detected by the installation software.

* Hard drive(s): type, label, size; ex: IDE hda=1.2 GB * Partitions: map of partitions and mount points; ex: /dev/hda1=/home, /dev/hda2=/ (fill this in once you know where they will reside)

* memory: amount of RAM installed on your system; ex: 64 MB, 128 M

* CD-ROM: interface type; ex: SCSI, IDE (ATAPI)

* SCSI adapter: if present, make and model number; ex: BusLogic SCSI Adapter

* network card: if present, make and model number; ex: Tulip, 3COM 3C590 * mouse: type, protocol, and number of buttons; ex: generic 3 button PS/2 mouse, MouseMan 2 button serial mouse

* monitor: make, model, and manufacturer specifications; ex: Optiquest Q53, ViewSonic G663

* video card: make, model number and size of VRAM; ex: Creative Labs Graphics Blaster 3D, 8MB

* sound card: make, chipset and model number; ex: S3 SonicVibes, Sound Blaster 32/64 AWE 6.2.2. RedHat Installation Procedure

To start the installation, you must first boot the installation program. You can boot the installation program using the bootable CD-ROM. Your BIOS settings may need to be changed to allow you to boot from the diskette or CD-ROM.

After a short delay, a screen containing the boot: prompt should appear. The screen contains information on a variety of boot options. Each boot option also has one or more help screens associated with it. To access a help screen, press the appropriate function key as listed in the line at the bottom of the screen.

Normally, you only need to press [Enter] to boot. Watch the boot messages to see if the Linux kernel detects your hardware. If your hardware is properly detected, please continue to the next section. If it does not properly detect your hardware, you may need to restart the installation in expert mode.

* If you do not wish to perform a graphical installation, you can start a text mode installation using the following boot command: boot: linux text

* If the installation program does not properly detect your hardware, you may need to restart the installation in expert mode. Enter expert mode using the following boot command:

boot: linux noprobe

* For text mode installations in expert mode, use:

boot: linux text noprobe

Expert mode disables most hardware probing, and gives you the option of entering options for the drivers loaded during the installation. The initial boot messages will not contain any references to SCSI or network cards. This is normal; these devices are supported by modules that are loaded during the installation process.

6.2.2.1). Initial Installation Steps

1. Put your linux installation CD-ROM into the drive and boot from the CD.

2. Language Selection : Using your mouse, select the language you would prefer to use for the installation. (English). Once you select the appropriate language, click Next to continue.

3. Keyboard Configuration : Using your mouse, select the correct layout type (for example, U.S. English) for the keyboard you would prefer to use for the installation and as the system default. Once you have made your selection, click Next to continue.

4. Mouse Configuration : Choose the correct mouse type for your system. If you cannot find an exact match, choose a mouse type that you are sure is compatible with your system. The Emulate 3 buttons checkbox allows you to use a two-button mouse as if it had three buttons. In general, the graphical interface (the X Window System) is easier to use with a three-button mouse. If you select this checkbox, you can emulate a third, "middle" button by pressing both mouse buttons simultaneously.

5. Choosing to Upgrade or Install : To perform a new installation of Red Hat Linux on your system, select Perform a new Red Hat Linux installation and click Next.

6. Installation Type : Choose the type of installation you would like to perform .Red Hat Linux allows you to choose the installation type that best fits your needs. Your options are Personal Desktop, Workstation, Server, Custom, and Upgrade.

6.2.3. Disk Partitioning Setup

On this screen, you can choose to perform automatic partitioning, or manual partitioning using Disk Druid. * Automatic partitioning allows you to perform an installation without having to partition your drive(s) yourself. If you do not feel comfortable with partitioning your system, it is recommended that you do not choose to partition manually and instead let the installation program partition for you. * To partition manually, choose the Disk Druid partitioning tool. 6.2.3.1). Automatic Partitioning Automatic partitioning allows you to have some control concerning what data is removed (if any) from your system. Your options are: * Remove all Linux partitions on this system — select this option to remove only Linux partitions (partitions created from a previous Linux installation). This will not remove other partitions you may have on your hard drive(s) (such as VFAT or FAT32 partitions). * Remove all partitions on this system — select this option to remove all partitions on your hard drive(s) (this includes partitions created by other operating systems such as Windows 9x/NT/2000/ME/XP or NTFS partitions). * Keep all partitions and use existing free space — select this option to retain your current data and partitions, assuming you have enough free space available on your hard drive(s). 6.2.3.2). Manual Partitioning Using Disk Druid

The partitioning tool used by the installation program is Disk Druid. Above the display, you will see the drive name (such as /dev/hda), the geom (which shows the hard disk's geometry and consists of three numbers representing the number of cylinders, heads, and sectors as reported by the hard disk), and the model of the hard drive as detected by the installation program. Disk Druid's Buttons * New: Used to request a new partition. When selected, a dialog box appears containing fields (such as mount point and size) that must be filled in. *

Edit: Used to modify attributes of the partition currently selected in the Partitions section. Selecting Edit opens a dialog box. Some or all of the fields can be edited, depending on whether the partition information has already been written to disk. * You can also edit free space as represented in the graphical display to create a new partition within that space. Either highlight the free space and then select the Edit button, or double-click on the free space to edit it. * Delete: Used to remove the partition currently highlighted in the Current Disk Partitions section. You will be asked to confirm the deletion of any partition. * Reset: Used to restore Disk Druid to its original state. All changes made will be lost if you Reset the partitions. * RAID: Used to provide redundancy to any or all disk partitions. It should only be used if you have experience using RAID. To read more about RAID, refer to the Red Hat Linux Customization Guide. To make a RAID device, you must first create software RAID partitions. Once you have created two or more software RAID partitions, select RAID to join the software RAID partitions into a RAID device. * LVM: Allows you to create an LVM logical volume. The role of LVM (Logical Volume Manager) is to present a simple logical view of underlying physical storage space, such as a hard drive(s). LVM manages individual physical disks — or to be more precise, the individual partitions present on them. To create an LVM logical volume, you must first create partitions of type physical volume (LVM). Once you have created one or more physical volume (LVM) partitions, select LVM to create an LVM logical volume.

Partition Fields

Above the partition hierarchy are labels which present information about the partitions you are creating. The labels are defined as follows: * Device: This field displays the partition's device name. * Mount Point/RAID/Volume: A mount point is the location within the directory hierarchy at which a volume exists; the volume is "mounted" at this location. This field indicates where the partition will be mounted. If a partition exists, but is not set, then you need to define its mount point. Double-click on the partition or click the Edit button. *

Type: This field shows the partition's type (for example, ext2, ext3, or vfat). * Format: This field shows if the partition being created will be formatted. * Size (MB): This field shows the partition's size (in MB). * Start: This field shows the cylinder on your hard drive where the partition begins. * End: This field shows the cylinder on your hard drive where the partition ends. 6.2.3.3). Recommended Partitioning Scheme

Unless you have a reason for doing otherwise, you can use the following partitioning scheme

* A swap partition (at least 32MB) — swap partitions are used to support virtual memory. In other words, data is written to a swap partition when there is not enough RAM to store the data your system is processing. The size of your swap partition should be equal to twice your computer's RAM, or 32MB, whichever amount is larger.

* A /boot partition (100MB) — the partition mounted on /boot contains the operating system kernel (which allows your system to boot Red Hat Linux), along with files used during the bootstrap process. For most users, a 100MB boot partition is sufficient. 6.2.3.4). Adding Partitions

The following fields need to be taken care off while creating new partitions.

* Mount Point: Enter the partition's mount point. For example, if this partition should be the root partition, enter /; enter /boot for the /boot partition, and so on. You can also use the pull-down menu to choose the correct mount point for your partition.

*

File System Type(ext2 or ext3 or swap) : Using the pull-down menu, select the appropriate file system type for this partition.

* Allowable Drives: This field contains a list of the hard disks installed on your system. If a hard disk's box is highlighted, then a desired partition can be created on that hard disk.

* Size (Megs): Enter the size (in megabytes) of the partition. Note, this field starts with 100 MB; unless changed, only a 100 MB partition will be created.

* Additional Size Options: Choose whether to keep this partition at a fixed size, to allow it to "grow" (fill up the available hard drive space) to a certain point, or to allow it to grow to fill any remaining hard drive space available.

* If you choose Fill all space up to (MB), you must give size constraints in the field to the right of this option. This allows you to keep a certain amount of space free on your hard drive for future use.

* Force to be a primary partition: Select whether the partition you are creating should be one of the first four partitions on the hard drive. If unselected, the partition created will be a logical partition

* Check for bad blocks: Checking for bad blocks can help prevent data loss by locating the bad blocks on a drive and making a list of them to prevent using them in the future.

* Selecting Check for bad blocks may dramatically increase your total installation time

* Ok: Select Ok once you are satisfied with the settings and wish to create the partition.

* Cancel: Select Cancel if you do not want to create the partition.

6.2.4. Boot Loader Configuration

* A boot loader is the first software program that runs when a computer starts.

* It is responsible for loading and transferring control to the operating system kernel software. The kernel, in turn, initializes the rest of the operating system.

The installation program provides two boot loaders for you to choose from, GRUB and LILO.

* GRUB (Grand Unified Bootloader), which is installed by default, is a very powerful boot loader. GRUB can load a variety of free operating systems, as well as proprietary operating systems with chain-loading (the mechanism for loading unsupported operating systems, such as DOS or Windows, by loading another boot loader).

* LILO (Linux Loader) is a versatile boot loader for Linux. It does not depend on a specific file system, can boot Linux kernel images from floppy diskettes and hard disks, and can even boot other operating systems.

* If you do not want to install GRUB as your boot loader, click Change boot loader. You can then choose to install LILO or choose not to install a boot loader at all.

* If you already have a boot loader that can boot Linux and do not want to overwrite your current boot loader, or if you plan to boot the system using boot diskettes, choose “Do not install a boot loader†by clicking on the Change boot loader button.

* Boot loader Label : Every bootable partition is listed, including partitions used by other operating systems. The partition holding the system's root file system will have a Label of Red Hat Linux (for GRUB) or linux (for LILO). If you would like to add or change the boot label for other partitions that have been detected by the installation program, click once on the partition to select it. Once selected, you can change the boot label by clicking the Edit button.

* Default Boot Partition : Select Default beside the preferred boot partition to choose your default bootable OS. You will not be able to move forward in the installation unless you choose a default boot image.

* Boot Loader Password : If you choose to use a boot loader password to enhance your system security, be sure to select the checkbox labeled Use a boot loader password. Once selected, enter a password and confirm it.

6.2.4.1). Advanced Boot Loader Configuration

Now that you have chosen which boot loader to install, you can also determine where you want the boot loader to be installed. You may install the boot loader in one of two places:

* The master boot record (MBR)

o This is the recommended place to install a boot loader. The MBR is a special area on your hard drive that is automatically loaded by your computer's BIOS, and is the earliest point at which the boot loader can take control of the boot process.

o If you install it in the MBR, when your machine boots, GRUB (or LILO) will present a boot prompt. You can then boot Red Hat Linux or any other operating system that you have configured the boot loader to boot.

* The first sector of your boot partition

* This is recommended if you are already using another boot loader on your system. In this case, your other boot loader will take control first.

* You can then configure that boot loader to start GRUB (or LILO), which will then boot Red Hat Linux.

* If your system will use only Red Hat Linux, you should choose the MBR. For systems with Windows 95/98, you should also install the boot loader to the MBR so that it can boot both operating systems.

* The Force LBA32 (not normally required) option allows you to exceed the 1024 cylinder limit for the /boot partition. If you have a system which supports the LBA32 extension for booting operating systems above the 1024 cylinder limit, and you want to place your /boot partition above cylinder 1024, you should select this option.

* If you wish to add default options to the boot command, enter them into the Kernel parameters field. Any options you enter will be passed to the Linux kernel every time it boots.

6.2.5. Network Configuration

The installation program will automatically detect any network devices you have and display them in the Network Devices list.

* Once you have selected a network device, click Edit. From the Edit Interface pop-up screen, you can choose to configure the IP address and Netmask of the device and you can choose to activate the device at boot time. If you select Activate on boot, your network interface will be started when you boot.

* If you have a hostname (fully qualified domain name) for the network device, you can choose to have DHCP (Dynamic Host Configuration Protocol)

automatically detect it or you can manually enter the hostname in the field provided.

* Finally, if you entered the IP and Netmask information manually, you may also enter the Gateway address and the Primary, Secondary, and Tertiary DNS addresses.

6.2.6. Firewall Configuration

Red Hat Linux offers firewall protection for enhanced system security. A firewall exists between your computer and the network, and determines which resources on your computer remote users on the network can access. A properly configured firewall can greatly increase the security of your system.

* You can choose the appropriate security level for your system as high . medium or no firewall.

* Trusted Devices : Selecting any of the Trusted Devices allows access to your system for all traffic from that device; it is excluded from the firewall rules.

* Allow Incoming : Enabling these options allow the specified services to pass through the firewall. Note, during a workstation installation, the majority of these services are not installed on the system.

* Other ports : You can allow access to ports which are not listed here, by listing them in the Other ports field. Use the following format: port:protocol. For example, if you want to allow IMAP access through your firewall, you can specify imap:tcp. 6.2.7. Language Support Selection

You must select a language to use as the default language. The default language will be used on the system once the installation is complete.

6.2.8. Time Zone Configuration

You can set your time zone by selecting your computer's physical location. 6.2.9. Set Root Password

Setting up a root account and password is one of the most important steps during your installation. The installation program will prompt you to set a root password for your system. You must enter a root password. The installation program will not let you proceed to the next section without entering a root password.

6.2.10. Authentication Configuration

You may skip this section if you will not be setting up network passwords.

* Enable MD5 passwords — allows a long password to be used (up to 256 characters), instead of the standard eight characters or less.

* Enable shadow passwords — provides a secure method for retaining passwords. The passwords are stored in /etc/shadow, which can only be read by root. * Enable NIS — allows you to run a group of computers in the same Network Information Service domain with a common password and group file. You can choose from the following options:

* NIS Domain — allows you to specify the domain or group of computers your system belongs to.

* Use broadcast to find NIS server — allows you to broadcast a message to your local area network to find an available NIS server.

* NIS Server — causes your computer to use a specific NIS server, rather than broadcasting a message to the local area network asking for any available server to host your system.

*

Note : If you have selected a medium or high firewall to be setup during this installation, network authentication methods (NIS and LDAP) will not work.

* Enable LDAP — tells your computer to use LDAP for some or all authentication. LDAP consolidates certain types of information within your organization.

* Enable Kerberos — Kerberos is a secure system for providing network authentication services

* Enable SMB Authentication — Sets up PAM to use an SMB server to authenticate users. You must supply two pieces of information here: o SMB Server — Indicates which SMB server your workstation will connect to for authentication. o SMB Workgroup — Indicates which workgroup the configured SMB servers are in. 6.2.11. Package Group Selection

Unless you choose a custom installation, the installation program will automatically choose most packages for you.

* To select packages individually, check “Customize the set of packages to be installed†checkbox.

* You can select package groups like Desktop ( X, GNOME, KDE), Editors ( emacs, joe), Open Office, applications like Apache, mysql, ftp etc.

* You can choose to view the individual packages in Tree View or Flat View. Tree View allows you to see the packages grouped by application type. Flat View allows you to see all of the packages in an alphabetical listing on the right of the screen.

* Unresolved Dependencies : If any package requires another package which you have not selected to install, the program presents a list of these unresolved dependencies and gives you the opportunity to resolve them. Under the list of missing packages, you can enable the option to Install packages to satisfy dependencies

* You should now see a screen preparing you for the installation of Red Hat Linux and the installation will continue to install the packages selected. 6.2.12. Boot Diskette Creation To create a boot diskette, insert a blank, formatted diskette into your diskette drive and click Next. f you do not want to create a boot diskette, make sure to select the appropriate option before you click Next.

6.2.13. Hardware Configuration

* The installation program will now present a list of video cards for you to choose from. If you decided to install the X Window System packages, you now have the opportunity to configure an X server for your system.

* You can also select Skip X Configuration if you would rather configure X after the installation or not at all.

X Configuration — Monitor and Customization

* The installation program will present you with a list of monitors to select from. From this list, you can either use the monitor that is automatically detected for you, or choose another monitor.

* Choose the correct color depth and resolution for your X configuration. Also choose the login type as graphical or text. Personal desktop and workstation installations will automatically boot into a graphical environment. 6.2.14. Installation Complete

Congratulations! Your Red Hat Linux 9 installation is now complete! The installation program will prompt you to prepare your system for reboot. Remember to remove any installation media (diskette in the diskette drive or CD in the CD-ROM drive) if they are not ejected automatically upon reboot.

The first time you start your Red Hat Linux machine, you will be presented with the Setup Agent, which guides you through the Red Hat Linux configuration. Using this tool, you can set your system time and date, install software, register your machine with Red Hat Network, and more. The Setup Agent lets you configure your environment at the beginning, so that you can get started using your Red Hat Linux system quickly.

6.3. System Administration Commands 6.3.1. Process Management

* Linux is a multiprocessing operating system. Each process is a separate task with its own rights and responsibilities. If one process crashes it will not cause another process in the system to crash.

* Each individual process runs in its own virtual address space and is not capable of interacting with another process except through secure, kernelmanaged mechanisms.

* During the lifetime of a process it will use many system resources. It will use the CPUs in the system to run its instructions and the system's physical memory to hold it and its data.

* Linux must keep track of the process itself and of the system resources that it has so that it can manage it and the other processes in the system fairly.

* The most precious resource in the system is the CPU, usually there is only one. Linux is a multiprocessing operating system, its objective is to have a process running on each CPU in the system at all times, to maximize CPU utilization.

*

Multiprocessing is a simple idea; a process is executed until it must wait, usually for some system resource; when it has this resource, it may run again. In a uniprocessing system, for example DOS, the CPU would simply sit idle and the waiting time would be wasted. In a multiprocessing system many processes are kept in memory at the same time.

* Whenever a process has to wait the operating system takes the CPU away from that process and gives it to another, more deserving process. It is the scheduler which chooses which is the most appropriate process to run next and Linux uses a number of scheduling strategies to ensure fairness.

* As well as the normal type of process, Linux supports real time processes. These processes have to react very quickly to external events (hence the term "real time") and they are treated differently from normal user processes by the scheduler.

6.3.1.1). Process task_struct data structure

* Each process is represented by a task_struct data structure (task and process are terms that Linux uses interchangeably). The task vector is an array of pointers to every task_struct data structure in the system.

* This means that the maximum number of processes in the system is limited by the size of the task vector; by default it has 512 entries.

* As processes are created, a new task_struct is allocated from system memory and added into the task vector. To make it easy to find, the current, running, process is pointed to by the current pointer.

* Although the task_struct data structure is quite large and complex, but its fields can be divided into a number of functional areas:

1. Process States

As a process executes, it changes state according to its circumstances. Linux processes have the following states:

1. Runnable( process state code : R) : The process is either running (it is the current process in the system) or it is ready to run (it is waiting to be assigned to one of the system's CPUs).

2. Waiting/Sleeping (process state code : D/S) : The process is waiting for an event or for a resource. Linux differentiates between two types of waiting process; interruptible and uninterruptible.

* Interruptible waiting processes can be interrupted by signals(S). * Uninterruptible waiting processes are waiting directly on hardware conditions and cannot be interrupted under any circumstances(D).

3. Stopped (T): The process has been stopped, usually by receiving a signal. A process that is being debugged can be in a stopped state.

4. Zombie/Defunct(Z) : This is a halted process which, for some reason, still has a task_struct data structure in the task vector. It is what it sounds like, a dead process.

2. Scheduling Information

The scheduler needs this information in order to fairly decide which process in the system most deserves to run.

* Processes are always making system calls and so may often need to wait. Even so, if a process executes until it waits then it still might use a disproportionate amount of CPU time and so Linux uses pre-emptive scheduling. * In this scheme, each process is allowed to run for a small amount of time, 200ms, and, when this time has expired another process is selected to run and

the original process is made to wait for a little while until it can run again. This small amount of time is known as a time-slice.

* It is the scheduler which must select the most deserving process to run out of all of the runnable processes in the system.

* Linux uses a reasonably simple priority based scheduling algorithm to choose between the current processes in the system.

* When it has chosen a new process to run it saves the state of the current process, the processor specific registers and other context being saved in the processes task_struct data structure.

* For the scheduler to fairly allocate CPU time between the runnable processes in the system it keeps information in the task_struct for each process.

* priority : This is the priority that the scheduler will give to this process. It is also the amount of time (in jiffies ) that this process will run for when it is allowed to run. You can alter the priority of a process using system calls and the renice command.

* In an SMP (Symmetric Multi-Processing) linux system,the kernel is capable of evenly balancing work between the many CPUs in the system. Nowhere is this balancing of work more apparent than in the scheduler.

* In an SMP system each processes task_struct contains the number of the processor that it is currently running on (processor ) and its processor number of the last processor that it ran on (last_processor ). There is no reason why a process should not run on a different CPU each time it is selected to run but Linux can restrict a process to one or more processors in the system using the processor_mask.

3. Identifiers

* Every process in the system has a process identifier.

* Each process also has User and group identifiers, these are used to control this processes access to the files and devices in the system.

4. Inter-Process Communication

* Linux supports IPC mechanisms of signals, pipes and semaphores and also the System V IPC mechanisms of shared memory, semaphores and message queues.

* Signals are one of the oldest inter-process communication methods and are used to signal asynchronous events to one or more processes. A signal could be generated by a keyboard interrupt or an error condition such as the process attempting to access a non-existent location in its virtual memory. Signals are also used by the shells to signal job control commands to their child processes.

* Refer url below for more details on InterProcess Communication methods. http://www.science.unitn.it/~fiorella/guidelinux/tlk/node52.html

5. Links

* In a Linux system no process is independent of any other process. Every process in the system, except the initial process has a parent process.

* You can see the family relationship between the running processes in a Linux system using the pstree command:

init(1)-+-crond(98) |-emacs(387)

|-gpm(146) |-inetd(110) |-kerneld(18) |-kflushd(2) |-klogd(87) |-kswapd(3) |-login(160)---bash(192)---emacs(225) |-lpd(121) |-mingetty(161) |-mingetty(162) |-mingetty(163) |-mingetty(164) |-login(403)---bash(404)---pstree(594) |-sendmail(134) |-syslogd(78) `-update(166)

6. Times and Timers

* The kernel keeps track of a processes creation time as well as the CPU time that it consumes during its lifetime.

* Each clock tick, the kernel updates the amount of time in jiffies that the current process has spent in system and in user mode.

* Linux also supports process specific interval timers, processes can use system calls to set up timers to send signals to themselves when the timers expire. These timers can be single-shot or periodic timers.

7. File system

* Processes can open and close files as they wish and the processes task_struct contains pointers to descriptors for each open file as well as pointers to two VFS inodes.

* Each VFS inode uniquely describes a file or directory within a file system and also provides a uniform interface to the underlying file systems .

* The first is to the root of the process (its home directory) and the second is to its current or pwd directory. These two VFS inodes have their count fields incremented to show that one or more processes are referencing them.

* This is why you cannot delete the directory that a process has as its pwd directory set to, or for that matter one of its sub-directories.

8. Virtual memory

* Most processes have some virtual memory (kernel threads and daemons do not) and the Linux kernel must track how that virtual memory is mapped onto the system's physical memory.

9. Processor Specific Context and Context Switching

* A process could be thought of as the sum total of the system's current state.

* Whenever a process is running it is using the processor's registers, stacks and so on. This is the processes context and, when a process is suspended, all of that CPU specific context must be saved in the task_struct for the process. When a process is restarted by the scheduler its context is restored from here.

*

Context switching is the series of procedures to switch the control of CPU from current process to a certain process. While the context switching, the operating system saves the context of current process and restores the context of the next process which is decided by the scheduler as per the info stored in the tast_struct for that process.

Process monitoring is an important function of a Linux system administrator. To that end, ps and top are two of the most useful commands. 6.3.1.2). ps The ps command provides a snapshot of the currently running processes. The simplest form of ps is : $ ps PID TTY TIME CMD 3884 pts/1 00:00:00 bash 3955 pts/2 00:00:00 more 3956 pts/5 00:00:05 sqlplus

* The PID is the identification number for the process. * TTY is the terminal console to which the process belongs. * The TIME column is the total CPU time used by the process. * The CMD column lists the command line being executed.

$ ps -ef | grep oracle UID PID PPID C STIME TTY TIME CMD oracle 1633 1 0 13:58 ? 00:00:00 ora_pmon_ora1 oracle 1635 1 0 13:58 ? 00:00:00 ora_dbw0_ora1 oracle 1637 1 0 13:58 ? 00:00:01 ora_lgwr_ora1 oracle 1639 1 0 13:58 ? 00:00:02 ora_ckpt_ora1 oracle 1641 1 0 13:58 ? 00:00:02 ora_smon_ora1

* Although uid usually refers to a numeric identification, the username is specified under the first column, labeled UID. * PPID is the identification number for the parent process. For the Oracle processes, this is 1- which is the id of the init process, the parent process of all processes, because Oracle is set up on this system to be started as a part of the login process. * The column labeled C is a factor used by the CPU to compute execution priority. * STIME refers to the start time of the process. * The question marks indicate that these processes don't belong to any TTY because they were started by the system.

Here is another example of the ps command with some different options. Notice that many of the columns are the same as they were when ps was executed with ef:

$ ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND carma 4024 0.0 0.2 2240 1116 pts/1 S 20:59 0:00 su carma carma 4025 0.0 0.3 2856 1668 pts/1 S 20:59 0:00 bash carma 4051 0.0 0.2 2488 1504 pts/1 R 21:01 0:00 ps aux carma 4052 0.0 0.1 1636 600 pts/1 S 21:01 0:00 grep carma

* The above ps option gives the username under which the process is running. It also gives the current status (STAT) of the process. * Regular users can see all system processes, but they can only kill processes that they own.

To see if a particular process is running or not, you can use $ ps –aux |grep mysql 6.3.1.3). top

Ps only gives you a snapshot of the current processes. For an ongoing look at the most active processes, use top. * Top provides process information in real time. It also has an interactive state that allows users to enter commands, such as n followed by a number such as 5 or 10. The result will be to instruct top to display the 5 or 10 most active processes. Top runs until you press "q" to quit top. * It can sort the tasks by CPU usage, memory usage and runtime. $ top –c ------- will display the processes sorted by the order of their cpu usage. Here is a partial display of top:

$ top –c 15:10:31 up 2 days, 2:34, 5 users, load average: 0.00, 0.03, 0.15 Tasks: 78 total, 2 running, 76 sleeping, 0 stopped, 0 zombie Cpu(s): 0.7% us, 0.3% sy, 0.0% ni, 99.0% id, 0.0% wa, 0.0% hi, 0.0% si Mem: 248980k total, 244496k used, 4484k free, 2196k buffers Swap: 522072k total, 216056k used, 306016k free, 61872k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2014 root 15 0 226m 26m 143m S 0.3 11.0 176:49.13 X 5030 root 15 0 190m 78m 35m S 0.3 32.5 25:19.13 mozilla-bin 9499 carma 16 0 2612 904 1620 R 0.3 0.4 0:00.02 top 1 root 16 0 2096 336 1316 S 0.0 0.1 0:04.86 init 2 root 34 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0 3 root 5 -10 0 0 0 S 0.0 0.0 0:00.23 events/0

4 root 5 -10 0 0 0 S 0.0 0.0 0:00.00 kblockd/0 6 root 5 -10 0 0 0 S 0.0 0.0 0:00.01 khelper 5 root 15 0 0 0 0 S 0.0 0.0 0:00.00 khubd 7 root 15 0 0 0 0 S 0.0 0.0 0:00.08 pdflush 8 root 15 0 0 0 0 S 0.0 0.0 0:00.16 pdflush 10 root 14 -10 0 0 0 S 0.0 0.0 0:00.00 aio/0 9 root 15 0 0 0 0 S 0.0 0.0 0:01.77 kswapd * The display is updated every 5 seconds by default, but you can change that with the d command-line option. Field Descriptions * "uptime" : The first line displays the time the system has been up, and the three load averages for the system. * The load averages are the average number of process ready to run during the last 1, 5 and 15 minutes. This line is just like the output of uptime command. * Tasks are the total number of processes running at the time of the last update. This is also broken down into the number of tasks which are running, sleeping, stopped, or undead. The processes and states display may be toggled by the ‘t’ interactive command. * Cpu(s) : "CPU states" shows the percentage of CPU time in user mode, system mode, niced tasks, iowait and idle. (Niced tasks are only those whose nice value is positive.) Time spent in niced tasks will also be counted in system and user time, so the total will be more than 100. * Mem: Statistics on memory usage, including total available memory, free memory, used memory, shared memory, and memory used for buffers. The display of memory information may be toggled by the m interactive command. * Swap : Statistics on swap space, including total swap space, available swap space, and used swap space. This and Mem are just like the output of free command. * PID : The process ID of each task. *

PPID: The parent process ID each task. * UID : The user ID of the task's owner. * USER : The user name of the task's owner. * PRI: The priority of the task. * NI : The nice value of the task which decides the prioirity of the task with the scheduler. Negative nice values are higher priority. * %CPU : The task's share of the CPU time since the last screen update, expressed as a percentage of total CPU time per processor. * %MEM : The task's share of the physical memory. * COMMAND : The task's command name, which will be truncated if it is too long to be displayed on one line. Tasks in memory will have a full command line, but swapped-out tasks will only have the name of the program in parentheses (for example, "(getty)†) 6.3.1.4). pstree

pstree displays a tree of processes. The tree is rooted at either pid or init if pid is omitted. If a user name is specified, all process trees rooted at processes owned by that user are shown. * pstree visually merges identical branches by putting them in square brackets and prefixing them with the repetition count, e.g. init-+-getty |-getty |-getty `-getty becomes init---4*[getty] $ pstree *

Some of the options you can use with it are –n ( Sort processes by PID), -p (show PIDs) etc. 6.3.1.5). kill The command kill sends the specified signal to the specified process or process group. * If no signal is specified, the TERM signal is sent. The TERM signal will kill processes which do not catch this signal. * For other processes, it may be necessary to use the KILL (9) signal, since this signal cannot be caught. $ kill [ -s signal] PID $ kill -9 PID * -s signal : Specify the signal to send. The signal may be given as a signal name or number. * You can get a list of all the system's signals using the kill -l command $ kill -l 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP 6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1 11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP 21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ 26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR 31) SIGSYS 33) SIGRTMIN 34) SIGRTMIN+1 35) SIGRTMIN+2 36) SIGRTMIN+3 37) SIGRTMIN+4 38) SIGRTMIN+5 39) SIGRTMIN+6 40) SIGRTMIN+7 41) SIGRTMIN+8 42) SIGRTMIN+9 43) SIGRTMIN+10 44) SIGRTMIN+11 45) SIGRTMIN+12 46) SIGRTMIN+13 47) SIGRTMIN+14 48) SIGRTMIN+15 49) SIGRTMAX-15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12 53) SIGRTMAX-11 54) SIGRTMAX-10

55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7 58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2 63) SIGRTMAX-1

* Pid can be process id or process name. But use the process id itself with the -9 option. * $ kill 0 : will stop all process except your shell 6.3.1.6). killall kill processes by name . killall sends a signal to all processes running any of the specified commands. If no signal name is specified, SIGTERM is sent.

* A killall process never kills itself (but may kill other killall processes). * $ killall –l :will also list all known signal names. * Eg ‘$killall mysql’ will kill all mysql processes.

6.3.1.7). fuser fuser displays the PIDs of processes using the specified files or file systems. In the default display mode, each file name is followed by a letter denoting the type of access. $ fuser -a /var/log/messages Will output the PID that is accessing the file at present. By default, only files that are accessed by at least one process are shown. * The ‘k’ option can be used to kill processes accessing a file system. $ fuser -km /home * In the default display mode, each file name is followed by a letter denoting the type of access:

$ fuser –m /var/log/messages c : current directory. e : executable being run. f : open file. f is omitted in default display mode. r : root directory. m: map'ed file or shared library 6.3.1.8). pidof This command find the process ID of a running program. $ pidof httpd Will list all the process ids under which Apache runs. 6.3.1.9). skill Skill is similar to kill. The default signal for skill is TERM. Use -l or -L to list available signals. Particularly useful signals include HUP, INT, KILL, STOP, CONT, and 0. Alternate signals may be specified in three ways: -9 -SIGKILL -KILL.

* $ kill [signal to send] [options] process selection criteria * PROCESS SELECTION OPTIONS : Selection criteria can be: terminal, user, pid, command. The options below may be used to ensure correct interpretation. -t The next argument is a terminal (tty or pty). -u The next argument is a username. -p The next argument is a process ID number. -c The next argument is a command name. $ skill -KILL pts/* ========= Kill users on PTY devices $ skill -STOP user1 user2 ======== Stop 2 users

6.3.1.10). Background Process - &

& at the end of the command makes it run in the background.

$ opera & 6.3.1.11). nice * Nice command invokes a command with an altered scheduling priority. * The general syntax is $ nice [-increment | -n increment ] command [argument ... ] * Increment Range goes from -20 (highest priority) to 19 (lowest). * Command is the name of a command that is to be invoked. If no command or arguments are given, `nice' prints the current scheduling priority, which is inherited. * Argument is any string to be supplied as an argument when invoking a command. The commandline below runs the pico command on myfile.txt with an increment of +13. ie the priority or niceness value of the pico command is reduced by 13. $ nice +13 pico myfile.txt 6.3.1.12). snice * The snice command is similar to the nice command but the default priority for snice is +4. (snice +4 ...) * Priority numbers range from +20 (slowest) to -20 (fastest). Negative priority numbers are restricted to administrative users. $ snice netscape crack +7 ----- Slow down netscape and crack $ snice -17 root bash ----- Give priority to root's shell 6.3.1.13). /proc/$PID directory * /proc is a pseudo-filesystem which is used as an interface to kernel data structures. * There is a numerical subdirectory for each running process under /proc; the subdirectory is named by the process ID. For example, if the subdirectory is 14534, the directory is /proc/14534. *

Some of the pseudo-files and directories containted inside the /proc/$PID directory is detailed below: o cmdline : This holds the complete command line for the process,unless the whole process has been swapped out, or unless the process is a zombie. In either of these later cases there is nothing in this file: i.e. a read on this file will return 0 characters. o cwd : This is a link to the current working directory of the process. To find out the cwd of process 20, instance, you can do this, $ cd /proc/20/cwd; /bin/pwd o environ : This file contains the environment for the process. The entries are separated by null characters, and there may be a null character at the end. Thus, to print out the environment of process 1, you could do: $ cat /proc/1/environ o exe : exe is a symbolic link containing the actual path name of the executed command. o fd : This is a subdirectory containing one entry for each file which the process has open, named by its file descriptor, and which is a symbolic link to the actual. Thus, 0 is standard input, 1 standard output, 2 standard error, etc. o stat : Status information about the process. This is used by ps and top. 6.3.2. System Startup and Shutdown 6.3.2.1). The Boot Process

1. The Bootstrap Process – First Stage (BIOS)

* The PC boot process is started on powerup. The processor will start execution of code contained in the Basic Input and Output System (BIOS). The BIOS is a program stored in Read Only Memory (ROM) and is the lowest level interfae between the computer and peripherals. * BIOS then does the Power On Self Test, or POST routine runs to find certain hardware and to test that the hardware is working at a basic level. It

compares the hardware settings in the CMOS (Complementary Metal Oxide Semiconductor) to what is physically on the system. It then initialize the hardware devices. * Once the POST is completed, the hardware jumps to a specific, predefined location in RAM. The instructions located here are relatively simple and basically tell the hardware to go look for a boot device. Depending on how your CMOS is configured, the hardware first checks your floppy and then your hard disk. * When a boot device is found (let's assume that it's a hard disk), the hardware is told to go to the 0th (first) sector (cylinder 0, head 0, sector 0), then load and execute the instructions there. This is the master boot record, or MBR . * The BIOS will first load the MBR into memory which is only 512 bytes in size and points to the boot loader (LILO: Linux boot loader) or GRUB. * Once the BIOS finds and loads the boot loader program into memory, it yields control of the boot process to it.

1. The Boot Loader – Stage 2

* LILO or GRUB allows the root user to set up the boot process as menudriven or command-line, and permits the user to choose from amongst several boot options. * It also allows for a default boot option after a configurable timeout, and current versions are designed to allow booting from broken Level 1 (mirrored) RAID arrays.

* It has the ability to create a highly configurable, "GUI-fied" boot menu, or a simple, text-only, command-line prompt.

* Depending on the kernel boot option chosen or set as default, lilo or grub will load that kernel .

2. Kernel Loading – Stage 3

* When the kernel is loaded, it immediately initializes and configures the computer's memory and configures the various hardware attached to the system, including all processors, I/O subsystems, and storage devices.

* It then looks for the compressed initrd image in a predetermined location in memory, decompresses it, mounts it, and loads all necessary drivers.

* Next, it initializes virtual devices related to the file system, such as LVM or software RAID before unmounting the initrd disk image and freeing up all the memory the disk image once occupied.

* The kernel then creates a root device, mounts the root partition readonly, and frees any unused memory.

* At this point, the kernel is loaded into memory and operational.

4. Final Stage - Init

* The first thing the kernel does after completing the boot process is to execute init program. * The /sbin/init program (also called init) coordinates the rest of the boot process and configures the environment for the user. *

Init is the root/parent of all processes executing on Linux which becomes process number 1. * When the init command starts, it becomes the parent or grandparent of all of the processes that start up automatically on a Red Hat Linux system. * Based on the appropriate run-level in the /etc/inittab file , scripts are executed to start various processes to run the system and make it functional.

6.3.2.2). The Init Program

* As seen in the previous section, the kernel will start a program called init or /sbin/init * The init process is the last step in the boot procedure and identified by process id "1". * The init command then runs the /etc/inittab script. * The first thing init runs out of the inittab is the script /etc/rc.d/rc.sysinit , which sets the environment path, starts swap, checks the file systems, and takes care of everything the system needs to have done at system initialization. * Next, init looks through /etc/inittab for the line with initdefault in the third field. The initdefault entry tells the system what run-level to enter initially. id:5:initdefault: ( 5 is the default runlevel)

* Depending on the run level, the init program starts all of the background processes by using scripts from the appropriate rc directory for the runlevel. o The rc directories are numbered to correspond to the runlevel they represent. o For instance, /etc/rc.d/rc5.d/ is the directory for runlevel 5. o

The scripts are found in the directory /etc/rc.d/rc#.d/ where the symbol # represents the run level. # ls /etc/rc.d/rc5.d/ ./ K70aep1000 S12syslog S80antirelayd S95cpanel ../ K70bcm5820 S17keytable S80chkservd S97rhnsd K05saslauthd K74nscd S20random S80exim S98portsentry K20nfs S05kudzu S25netfs S85httpd S99local@ K24irda S08iptables S28autofs S85postgresql S99nagios K25squid S09isdn S40proftpd S90crond K35winbind S10network S55sshd S90mysql K45named S11filelimits S56rawdevices S95anacron K50tux S11ipaliases S56xinetd S95bandmin

* Scripts beginning with S denote startup scripts while scripts beginning with K denote shutdown (kill) scripts. * Numbers follow these letters to denote the order of execution. (lowest to highest) * Adding a script to the /etc/rc.d/rc#.d/ directory with either an S or K prefix, adds the script to the boot or shutdown process o Hence these scripts are executed to start all the system services which starts at S for run level 5 in the example above. * One of the last things the init program executes is the /etc/rc.d/rc.local file. This file is useful for system customization. * Ading commands to this script is an easy way to perform necessary tasks like starting special services or initialize devices without writing complex initialization scripts in the /etc/rc.d/init.d/ directory and creating symbolic links. * Init typically will start multiple instances of "getty" which waits for console logins which spawn one's user shell process. *

Upon system shutdown init controls the sequence and processes for shutdown. The init process is never shut down. It is a user process and not a kernel system process although it does run as root.

The order in which the init program executes the initialization scripts is below: 1. /etc/inittab 2. /etc/rc.d/rc.sysinit 3. Scripts under /etc/rc.d/rc3.d/ - Note: we are running runlevel 3 here. 4. /etc/rc.d/rc.local 6.3.2.3). Runlevels

Linux utilizes what is called "runlevels". A runlevel is a software configuration of the system that allows only a selected group of processes to exist.

* Init can run the system in one of eight runlevels. These runlevels are 0-6 and S or s. The system runs in only one of these runlevels at a time. Typically these runlevels are used for different purposes. * Runlevels 0, 1, and 6 are reserved. For Redhat Linux version 6 and above , the runlevels are: Runlevels

State 0

Shutdown 1

Single User Mode 2

Multi user with no network services activated 3

Default text start. Full multi user .No GUI 4

Reserved for local use. With X-windows and multi user 5

XDM X-windows with network support. Full multi-user 6

Reboot S or s

Single User/Maintenance mode

The inittab file The "/etc/inittab" file tells init which runlevel to start the system at and describes the processes to be run at each runlevel.

An entry in the inittab file has the following format: id:runlevels:action:process * id - A unique sequence of 1-4 characters which identifies an entry in inittab. * runlevels - Lists the runlevels for which the specified action should be taken. This field may contain multiple characters for different runlevels allowing a particular process to run at multiple runlevels. For example, 123 specifies that the process should be started in runlevels 1, 2, and 3.

* process - Specifies the process to be executed * action - Describes which action should be taken. Some of the actions are listed below : o respawn - The process will be restarted whenever it terminates. o wait - The process will be started once when the specified runlevel is entered and init will wait for its termination. o boot - The process will be executed during system boot. The runlevels field is ignored. o off - This does nothing. o initdefault - Specifies the runlevel which should be entered after system boot. If none exists, init will ask for a runlevel on the console. The process field is ignored. o sysinit - The process will be executed during system boot. It will be executed before any boot or bootwait entries. The runlevels field is ignored. o powerwait - The process will be executed when init receives the SIGPWR signal. Init will wait for the process to finish before continuing. o powerfail - Same as powerwait but init does not wait for the process to complete. o ctrlaltdel - This process is executed when init receives the SIGINT signal. This means someone on the system console has pressed the "CTRL-ALT-DEL" key combination.

6.3.2.4). System Processes * The top 6 system processes with PIDs 1-6 are given below.

System Processes:

Process ID

Description 1

Init Process 2

kflushd(bdflush) : Started by update - does a more imperfect sync more frequently 3

kupdate : Does a sync every 30 seconds 4

kpiod 5

kswapd 6

mdrecoveryd

* Processes 2, 3, 4, 5 and 6 are kernel daemons. The kernel daemons are started after init, so they get process numbers like normal processes do. But their code and data lives in the kernel's part of the memory. So what are these kernel daemons for?

* Kflushd and Kupdate o Input and output is done via buffers in memory. This allows things to run faster and the data in the buffer are written to disk in larger more efficient chunks.

o The daemons kflushd and kupdate handle this work. o kupdate runs periodically (5 seconds) to check whether there are any dirty buffers. If there are, it gets kflushd to flush them to disk. * Kswap and Kpiod o System memory can be better managed by shifting unused parts of running programs out to the swap partition(s) of the hard disk. o Moving this data in and out of memory as needed is done by kpiod and kswapd. o Every second or so, kswapd wakes up to check out the memory situation, and if something on the disk is needed in memory, or there is not enough free memory, kpiod is called in.

* Mdrecoveryd * mdrecoveryd is part of the Multiple Devices package used for software RAID and combining multiple disks into one virtual disk Basically it is part of the kernel. * It can be removed from the kernel by deselecting it (CONFIG_BLK_DEV_MD) and recompiling the kernel.

* Some of the other system services are discussed below:

System Service

Description anacron

Run jobs which were scheduled for execution while computer was turned off. Catch up with system duties. arpwatch

Keeps track of IP address to MAC address pairings autofs

automounts file systems on demand. crond

Job scheduler for periodic tasks. gpm

Allows console terminal cut and paste. (Non X-window consoles) https

Apache web server iptables

Firewall rules interface to kernel. keytable

Loads selected keyboard map as set in /etc/sysconfig/keyboard kudzu

New hardware probe/detection during system boot. lpd

Network printer services mysqld

Database services named

name services (Bind)

network

Active network services during system boot. nfs

Network file system syslog

System log file facility ypbind

NIS file sharing/authentication infrastructure service. ypserv

NIS file sharing/authentication infrastructure service xfs

X-Windows font server

6.3.2.5). The Linux Login Process

After the system boots, at serial terminals or virtual terminals, the user will see a login prompt similar to: machinename login:

* This prompt is being generated by a program, usually getty or mingetty, which is regenerated by the init process every time a user ends a session on the console. * The getty program will call login, and login, if successful will call the users shell. The steps of the process are: o The init process spawns the getty process. o

The getty process invokes the login process when the user enters their name and passes the user name to login. o The login process prompts the user for a password, checks it, then if there is success, the user's shell is started. On failure the program displays an error message, ends and then init will respawn getty. o The user will run their session and eventually logout. On logout, the shell program exits and we return to step 1. o Note: This process is what happens for runlevel 3, but runlevel 5 uses some different programs to perform similar functions. These X programs are called X clients.

6.3.2.6). Single – User Mode

* If your system password is not working, you can use the single user mode to reset the root password. * If your system boots, but does not allow you to log in when it has completed booting, try single-user mode. In single-user mode, you computer boots to runlevel 1. Your local filesystems will be mounted, but your network will not be activated. You will have a usable system maintenance shell.

Booting to single-user mode in Grub * If you are using GRUB, use the following steps to boot into single-user mode: o If you have a GRUB password configured, type p and enter the password. o

Select Red Hat Linux with the version of the kernel that you wish to boot and type ‘e’ for edit. You will be presented with a list of items in the configuration file for the title you just selected. o Select the line that starts with kernel and type ‘e’ to edit the line. o Go to the end of the line and type single as a separate word (press the [Spacebar] and then type single). Press [Enter] to exit edit mode. o Back at the GRUB screen, type ‘b’ to boot into single user mode.

Booting to single-user mode in Lilo

* If you are using LILO, specify one of these options at the LILO boot prompt (if you are using the graphical LILO, you must press [Ctrl]-[x] to exit the graphical screen and go to the boot: prompt): * boot: linux single * boot: linux emergency

In emergency mode, you are booted into the most minimal environment possible. The root filesystem will be mounted read-only and almost nothing will be set up. The main advantage of emergency mode over linux single is that your init files are not loaded. If init is corrupted or not working, you can still mount filesystems to recover data that could be lost during a re-installation.

6.3.2.7). Shutting Down

To shut down Red Hat Linux, issue the shutdown command. The format of the command is $ shutdown time warning-message The time argument is the time to shut down the system (in the format hh:mm:ss), and warning-message is a message displayed on all user's terminals before shutdown.

Alternately, you can specify the time as “now'', to shut down immediately. The -r option may be given to shutdown to reboot the system after shutting down. /sbin/shutdown -h now /sbin/shutdown -r now

* You must run shutdown as root. After shutting everything down, the -h option will halt the machine, and the -r option will reboot. * Although the reboot and halt commands are now able to invoke shutdown if run while the system is in runlevels 1-5, it is a bad habit to get into, as not all Linux-like operating systems have this feature. $ reboot $ halt

* To shut down and reboot the system at 8:00 pm, use the command $ shutdown –r 20:00

6.3.3. Memory Management and Performance Monitoring

6.3.3.1). Virtual Memory / Swap Space

* Linux supports virtual memory, that is, using a disk as an extension of RAM so that the effective size of usable memory grows correspondingly. * The kernel will write the contents of a currently unused block of memory to the hard disk so that the memory can be used for another purpose. When the original contents are needed again, they are read back into memory. * This is all made completely transparent to the user; programs running under Linux only see the larger amount of memory available and don't notice that

parts of them reside on the disk from time to time. The part of the hard disk that is used as virtual memory is called the swap space. * For this purpose, the swap partition is created on the hard disk. * You can see the swap space as well as the current memory available and usage using the command ‘free’ $ free

6.3.3.2). Swapping In and Swapping Out

* Memory Page : One basic concept in the Linux implementation of virtual memory is the concept of a page. A page is a 4Kb area of memory and is the basic unit of memory with which both the kernel and the CPU deal. Although both can access individual bytes (or even bits), the amount of memory that is managed is usually in pages.

* When physical memory becomes scarce the Linux memory management subsystem must attempt to free physical pages. This task falls to the kernel swap daemon (kswapd). * The kernel swap daemon is a special type of process, a kernel thread. Kernel threads are processes that have no virtual memory, instead they run in kernel mode in the physical address space. * Swapping in is the process in which a page in the virtual memory is brought back into the physical memory by the kwapd daemon. * Swapping out is the process where a page is swapped out of physical memory into the system's swap files thereby freeing the physical memory on the system. 6.3.3.3). Commands which show the current memory usage

* free $ free $ free -m

* top $ top * Print the output of /proc/meminfo $ cat /proc/meminfo ( detailed output)

6.3.3.4). Creating a swap space

Criteria for a Swap file

* A swap file is an ordinary file; it is in no way special to the kernel. * The only thing that matters to the kernel is that it has no holes, and that it is prepared for use with mkswap. It must reside on a local disk, however; it can't reside in a filesystem that has been mounted over NFS due to implementation reasons. * The bit about holes is important. The swap file reserves the disk space so that the kernel can quickly swap out a page without having to go through all the things that are necessary when allocating a disk sector to a file. The kernel merely uses any sectors that have already been allocated to the file. Because a hole in a file means that there are no disk sectors allocated (for that place in the file), it is not good for the kernel to try to use them. * One good way to create the swap file without holes is through the following command ‘dd’: $ dd if=/dev/zero of=/extra-swap bs=1024 count=1024 o bs is for bytes and count is for blocks. o dd is for converting and copying a file. o of is to write to file instead of writing to standard output o

if is to read from file instead of from standard input o extra-swap is the name of the swap file and the size of is given after the count=.

Swap Partition

A swap can be created just like any other partition but it has to be of type 82 (Linux swap). Setting up Swap Space

* After you have created a swap file or a swap partition, you need to write a signature to its beginning; this contains some administrative information and is used by the kernel. The command to do this is mkswap, used like this: $ mkswap /extra-swap 1024 Setting up swapspace, size = 1044480 bytes

6.3.3.5). Using a Swap Space

Note that the swap space which is setup is still not in use yet: it exists, but the kernel does not use it to provide virtual memory.

* An initialized swap space is taken into use with ‘swapon’. This command tells the kernel that the swap space can be used. The path to the swap space is given as the argument, so to start swapping on a temporary swap file one might use the following command. $ swapon /extra-swap * Swap spaces can be used automatically by listing them in the /etc/fstab file. *

The startup scripts will run the command swapon -a, which will start swapping on all the swap spaces listed in /etc/fstab. Therefore, the swapon command is usually used only when extra swap is needed. $ swapon –a * You can get the swap info using free, ‘cat /proc/meminfo’ or top. * A swap space can be removed from use with swapoff. * All the swap spaces that are used automatically with swapon -a can be removed from use with swapoff -a; it looks at the file /etc/fstab to find what to remove.

6.3.3.6). Disk Buffering/ Buffer cache

Why Disk Buffering?

* Reading from a disk is very slow compared to accessing (real) memory. In addition, it is common to read the same part of a disk several times during relatively short periods of time. * For example, one might first read an e-mail message, then read the letter into an editor when replying to it, then make the mail program read it again when copying it to a folder. Or, consider how often the command ls might be run on a system with many users. * By reading the information from disk only once and then keeping it in memory until no longer needed, one can speed up all but the first read. This is called disk buffering, and the memory used for the purpose is called the buffer cache. * Because of this, you should never turn off the power without using a proper shutdown procedure. * The cache does not actually buffer files, but blocks, which are the smallest units of disk I/O (under Linux, they are usually 1 kB). * The sync command flushes the buffer, i.e., forces all unwritten data to be written to disk.

$ sync

Linux Daemon bdflush

* Linux has an additional daemon, bdflush, which does a more imperfect sync more frequently to avoid the sudden freeze due to heavy disk I/O that sync sometimes causes. * Under Linux, bdflush is started by /sbin/update. There is usually no reason to worry about it, but if bdflush happens to die for some reason, the kernel will warn about this, and you should start it by hand (/sbin/update).

6.3.3.7). Direct Memory Access or DMA

* Direct memory access or DMA is the generic term used to refer to a transfer protocol where a peripheral device transfers information directly to or from memory, without the system processor being required to perform the transaction. * Enabling DMA has high permformance benefits on the system processor. * Today DMA is the only feasible way to transfer data from the hard drive to memory as most of todays operating systems use multitasking and can better use the CPU for other tasks. * To enable dma, edit /etc/sysconfig/harddisks and uncomment USE_DMA=1. Setting this option will enable DMA on your hard disk. * Another option to enable DMA is using the commandline hdparm $ hdparm -d1 /dev/hda -------- to enable dma $ hdparm –d0 /dev/hda --------- to disable dma * To check if DMA is enabled, use the commandline below and it will say whether dma is set to on or off. $ hdparm /dev/hda

* hdparm is used to get and set harddrive parameters such as DMA modes, xfer settings and various other settings that can help improve the speed of your hard disks and cdroms. * hdparm provides a command line interface to various hard disk ioctls supported by the stock Linux ATA/IDE device driver subsystem. These settings are not enabled by default so you will probably want to enable them. * To get more info about your hda hard drive, use the option $ hdparm –i /dev/hda

A good reference url : http://www.yolinux.com/TUTORIALS/LinuxTutorialOptimization.html 6.3.3.8). Resource Monitoring Tools 1. free The free command displays system memory utilization. Here is an example of its output: $ free total used free shared buffers cached Mem: 255508 240268 15240 0 7592 86188 -/+ buffers/cache: 146488 109020 Swap: 530136 26268 503868

To get a continuous ouput of the free command , you may use $ watch -n 1 -d free The –n option will control the delay between updates and ‘-d’ will highlight any changes between updates.

2. top

While free displays only memory-related information, the top command does a little bit of everything. CPU utilization, process statistics, memory utilization — top does it all. $ top $ top –c

3. vmstat Using this resource monitor, it is possible to get an overview of process, memory, swap, I/O, system, and CPU activity in one line of numbers:

$ vmstat procs memory swap io system cpu r b w swpd free buff cache si so bi bo in cs us sy id 1 0 0 0 524684 155252 338068 0 0 1 6 111 114 10 3 87

The process-related fields are: * r — The number of runnable processes waiting for access to the CPU * b — The number of processes in an uninterruptible sleep state * w — The number of processes swapped out, but runnable.

The memory-related fields are: * swpd — The amount of virtual memory used * free — The amount of free memory * buff — The amount of memory used for buffers * cache — The amount of memory used as page cache.

The swap-related fields are: * si — The amount of memory swapped in from disk * so — The amount of memory swapped out to disk

The I/O-related fields are: * bi — Blocks sent to a block device * bo— Blocks received from a block device

The system-related fields are: * in — The number of interrupts per second * cs — The number of context switches per second

The CPU-related fields are: * us — The percentage of the time the CPU ran user-level code * sy — The percentage of the time the CPU ran system-level code * id — The percentage of the time the CPU was idle

4. ulimit * Ulimit control the resources available to a process started by the shell, on systems that allow such control by the kernel. *

To improve performance, we can safely set the limit of processes for the super-user root to be unlimited. * All processes which will be started from the shell (bash in many cases), will have the same resource limits. * The command "ulimit -a" reports the current limits set for the various parameters. $ ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited max locked memory (kbytes, -l) 4 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 7168 virtual memory (kbytes, -v) unlimited

* The options available with ulimit are given below: -a All current limits are reported. -c The maximum size of core files created. -d The maximum size of a process's data segment. -f The maximum size of files created by the shell. -H Change and report the hard limit associated with a resource. -l The maximum size that may be locked into memory. -m The maximum resident set size.

-n The maximum number of open file descriptors. -p The pipe buffer size. -s The maximum stack size. -S Change and report the soft limit associated with a resource. -t The maximum amount of cpu time in seconds. -u The maximum number of processes available to a single user. -v The maximum amount of virtual memory available to the process * To increase the ulimit value for the maximum no of open file descriptors on the system to 2048 for the root account, use the commandline below from the root shell. $ ulimit –n 2048 * To increase the maximum no of processes available to the root user to unlimited , use the commandline below $ ulimit –u unlimited 6.3.4. Disk Management Tools 6.3.4.1). Listing a Disk's Free Space

* To see how much free space is left on a disk, use df. Without any options, df outputs a list of all mounted filesystems. * Six columns are output, displaying information about each disk: the name of its device file in `/dev'; the number of 1024-byte blocks the system uses; the number of blocks in use; the number of blocks available; the percent of the device used; and the name of the directory tree the device is mounted on.

$ df Filesystem 1024-blocks Used Available Capacity Mounted on /dev/hda1 195167 43405 141684 23% / /dev/hda2 2783807 688916 1950949 26% /usr /dev/hdb1 2039559 1675652 258472 87% /home/carma

* The ‘-h’ option will display in human readable format .eg: size in Kb, Mb etc.

$ df -h Filesystem Size Used Avail Use% Mounted on /dev/hda2 37G 12G 23G 34% / /dev/hda1 99M 18M 77M 19% /boot /usr/tmpDSK 243M 4.1M 226M 2% /tmp

6.3.4.2). Listing a File's Disk Usage Use du to list the amount of space on disk used by files. To specify a particular file name or directory tree, give it as an argument. With no arguments, du works on the current directory. $ du $ du –h /usr $ du –h –max-depth=1 : will print the total disk space used by subdirectories to just one level down the directory structure. $ du –sh : Calculates the total file space usage for a given directory

6.3.4.3). Partitioning a Hard Drive

‘fdisk’ is the partition table manipulator for Linux and is a menu driven program for creation and manipulation of partition tables. It even understands DOS type partition tables.

Creating Partitions using ‘fdisk’ You may use fdisk to partition /dev/hdb using the steps given below:

$ fdisk /dev/hdb Command (m for help): m (Enter the letter "m" to get list of commands)

Command action a toggle a bootable flag b edit bsd disklabel c toggle the dos compatibility flag d delete a partition l list known partition types m print this menu n add a new partition o create a new empty DOS partition table p print the partition table q quit without saving changes s create a new empty Sun disklabel t change a partition's system id u change display/entry units v verify the partition table w write table to disk and exit x extra functionality (experts only)

Command (m for help): n (To add a new partition ) Command action e extended p primary partition (1-4) Partition number (1-4): 1 First cylinder (1-2654, default 1): 1 Using default value 1 Last cylinder or +size or +sizeM or +sizeK (1-2654, default 2654): Using default value 2654

Command (m for help): p

Disk /dev/hdb: 240 heads, 63 sectors, 2654 cylinders Units = cylinders of 15120 * 512 bytes

Device Boot Start End Blocks Id System /dev/hdb1 1 2654 20064208+ 5 Extended

Command (m for help): w (Write and save partition table)

Other options with fdisk

* List the current partition table $ fdisk –l * Delete a partition.Give fdisk and then choose the ‘d’ option. $ fdisk /dev/hda and d and give the partition no: to be deleted. * $ sfdisk and cfdisk commands also do the same task as fdisk. 6.3.5. File System Management 6.3.5.1). Creating a filesystem The mkfs is used to create a Linux filesystem on a device. The exit code returned by mkfs is 0 on success and 1 on failure.It can also be used for checking bad blocks before building the file system.

$ mkfs -t ext3 /dev/

* There are also some related commands that can be used with mkfs.

Examples of mkfs commands are: FileSystem Command EXT2 FS mkfs.ext2 , mke2fs EXT3 FS mkfs.ext3 Minix FS mkfs.minix DOS (FAT) FS mkfs.msdos , mkdosfs Virtual FAT FS mkfs.vfat XFS mkfs.xfs * mkfs.ext2 , mke2fs will make an ext2 type file system. $ mkfs.ext2 /dev/hda1 $ mkfs -t ext3 /dev/hda1 6.3.5.2). Mounting/Unmounting File Systems, fstab & mtab

Viewing the currently mounted file systems * The command ‘mount’ displays all mounted devices, their mountpoint, filesystem, and access. $ mount

* cat /proc/mounts will show all mounted filesystems currently in use. $ cat /proc/mounts

* cat /proc/filesystems will display all filesystems currently in use. $ cat /proc/filesystems

Mounting File Systems

* On Linux systems, disks are used by mounting them to a directory, which makes the contents of the the disk available at that given directory mount point. * Disks can be mounted on any directory on the system, but any divisions between disks are transparent -- so a system which has, aside from the root filesystem disk mounted on `/', separate physical partitions for the `/home', `/usr', and `/usr/local' directory trees will look and feel no different from the system that only has one physical partition. * The mount command is used to mount a file system on a partition. The syntax for it is given below. $ mount -t ext3 /dev/hdb1 /home2 You need to make sure that you have first created the mount point. For eg: in our above example when you are mounting /home2 on /dev/hdb1, you have to first create the directory /home2. * To mount a cdrom or floppy, you may use the syntax below. $ mount /mnt/cdrom $ mount /mnt/floppy $ mount –a : command causes all file systems mentioned in /etc/fstab to be mounted as indicated, except for those whose line contains the noauto keyword

The fstab and mtab files

* fstab is a configuration file that contains information of all the partitions and storage devices in your computer. The file is located under /etc, so the full path to this file is /etc/fstab. * /etc/fstab contains information of where your partitions and storage devices should be mounted and how.This file is used by the boot process to mount the file systems on your linux machine. * So, you can usually fix your mounting problems by editing your fstab file. /etc/fstab is just a plain text file, so you can open and edit it with any text editor you're familiar with.

Overview of the file A sample /etc/fstab file is given below:

/dev/hda2 / ext2 defaults 1 1 /dev/hdb1 /home ext2 defaults 1 2 /dev/fd0 /media/floppy auto rw,noauto,user,sync 0 0 proc /proc proc defaults 0 0 /dev/hda1 swap swap pri=42 0 0

* You can note that every line (or row) contains the information of one device or partition * The 1st and 2nd columns give the device and its default mount point. * The line ‘/dev/hda2 / ext2 defaults 1 1’ mean that /dev/hda2 will be mounted to /. * The third column in /etc/fstab specifies the filesystem type of the device or partition. Like Ext3, ReiserFS is a journaled filesystem, but it's much more advanced than Ext3. Many Linux distros (including SuSE) have started using ReiserFS as their default filesystem for Linux partitions. * The option "auto" simply means that the filesystem type is detected automatically. * The fourth column in fstab lists all the mount options for the device or partition. o auto and noauto : With the auto option, the device will be mounted automatically . auto is the default option. If you don't want the device to be mounted automatically, use the noauto option in /etc/fstab. With noauto, the device can be mounted only explicitly. o user and nouser : The user option allows normal users to mount the device, whereas nouser lets only the root to mount the device. nouser is the default.

o exec and noexec: exec lets you execute binaries that are on that partition, whereas noexec doesn't let you do that.exec is the default option, which is a good thing. o ro : Mount the filesystem read-only. o rw : Mount the filesystem read-write o sync and async : How the input and output to the filesystem should be done. sync means it's done synchronously. However, if you have the async option in /etc/fstab, input and output is done asynchronously. async is the default. o noquota : Do not set user quotas on this partition. o nosuid : Do not set SUID/SGID access on this partition. o nodev : Do not set character or special devices access on this partition. o defaults : Uses the default options that are rw, suid, dev, exec, auto, nouser, and async. * The 5th column in /etc/fstab is the dump option. Dump checks it and uses the number to decide if a filesystem should be backed up. If it's zero, dump will ignore that filesystem. If you take a look at the example fstab, you'll notice that the 5th column is zero in most cases. * The 6th column is a fsck option. fsck looks at the number in the 6th column to determine in which order the filesystems should be checked. If it's zero, fsck won't check the filesystem.

The /etc/mtab file The mtab file tracks mounted filesystems and therefore its contents change from time to time . A Sample /etc/mtab file is given below. $ cat /etc/mtab /dev/hda3 / ext3 rw 0 0

none /proc proc rw 0 0 none /dev/pts devpts rw,gid=5,mode=620 0 0 /dev/hda2 /boot ext3 rw 0 0 none /dev/shm tmpfs rw 0 0 /dev/hda6 /windows vfat rw 0 0 /dev/hdc1 /backup ext3 rw 0 0

Unmounting file systems

The umount command detaches the file system(s) mentioned from the file system hierarchy. A file system can be specified by giving the directory where it has been mounted.

* To unmount the floppy that is mounted on `/floppy', type: $ umount /floppy * To unmount the disc in the CD-ROM drive mounted on `/cdrom', type: $ umount /cdrom * To unmount /home2 mounted on /dev/hdb1 , you may give $ umount /home2 or $ umount /dev/hdb1

6.3.5.3). Checking File System Integrity

A filesystem's correctness and validity can be checked using the fsck command. It can be instructed to repair any minor problems it finds, and to alert the user if there any unrepairable problems.

* Most systems are setup to run fsck automatically at boot time, so that any errors are detected (and hopefully corrected) before the system is used. * The automatic checking only works for the filesystems that are mounted automatically at boot time. * fsck must only be run on unmounted filesystems, never on mounted filesystems. This is because it accesses the raw disk, and can therefore modify the filesystem without the operating system realizing it.

Running fsck * To run fsck on /dev/hda1 , use the command line below. $ fsck /dev/hda1 $ fsck -t type device Eg: $ fsck -t ext2 /dev/hda3 * To check a Linux second extended file system as well as ext3, you may use fsck.e2fs or e2fsck. $ e2fsck -t ext2 /dev/hda3 $ e2fsck –f –t ext2 /dev/hda3 : Force checking even if the filesystem seems clean. * To automatically repair the file system without asking any options, give $ e2fsck –p /dev/hda1

* E2fsck with the –c option will run the badblocks program to find any blocks which are bad on the filesystem, and then marks them as bad by adding them to the bad block inode. $ e2fsck –c /dev/hda1

Other File System Check Commands

* badblocks : is used to check a filesystem for bad blocks. You can call it to scan for bad blocks and write a log of bad sectors by using the -o outputfile option. When called from e2fsck by using the -c option, the bad blocks that are found will automatically be marked bad $ badblocks /dev/hda1 1440 > bad-blocks The ‘-l’ option is used to add the block numbers listed in the file specified by filename to the list of bad blocks. The format of this file is the same as the one generated by the badblocks program. $ fsck -t ext2 -l bad-blocks /dev/hda1

* tune2fs : is used to “tune†a filesystem. This is mostly used to set filesystem check options, such as the maximum mount count and the time between filesystem checks. The mount count is used to 'stagger' the mount counts of the different filesystems, which ensures that at reboot not all filesystems will be checked at the same time. $ tune2fs –l /dev/hda1 : will list the contents of the filesystem super block

* dumpe2fs : prints the super block and blocks group information for the filesystem present on device. $ dumpe2fs /dev/hda1

* stat : display information about the file or file system status like the inode no, blocks, type of file etc. $ stat /root/testfile 6.3.6. Disk Quota Management

* In addition to monitoring the disk space used on a system, disk space can be restricted by implementing disk quotas so that the system administrator is alerted before a user consumes too much disk space or a partition becomes full.

*

Disk quotas can be configured for individual users as well as user groups.

* In addition, quotas can be set not just to control the number of disk blocks consumed but to control the number of inodes. Because inodes are used to contain file-related information, this allows control over the number of files that can be created.

* The quota RPM must be installed to implement disk quotas.The default Linux Kernel which comes with Redhat and Fedora Core comes with quota support compiled in.

6.3.6.1). Configuring and Implementing Disk Quotas on Partitions

To implement disk quotas, use the following steps: 1. Enable quotas per file system by modifying /etc/fstab 2. Remount the file system(s) 3. Create the quota files and generate the disk usage table 4. Assign quotas

1. Enabling Quotas * Add the usrquota and/or grpquota options to the file systems that require quotas inside the /etc/fstab file. * In the /etc/fstab entries below, only the /home file system has user and group quotas enabled.

LABEL=/ / ext3 defaults 1 1 LABEL=/boot /boot ext3 defaults 1 2

none /dev/pts devpts gid=5,mode=620 0 0 LABEL=/home /home ext3 defaults,usrquota,grpquota 1 2 none /proc proc defaults 0 0 none /dev/shm tmpfs defaults 0 0 /dev/hda2 swap swap defaults 0 0 2. Remounting the File Systems * After adding the userquota and grpquota options, remount each file system whose fstab entry has been modified. $ umount /home $ mount –a * If the file system is not in use by any process, use the umount command followed by the mount to remount the file system. * If the file system is currently in use, the easiest method for remounting the file system is to reboot the system. 3. Creating Quota Files

* After each quota-enabled file system is remounted, the system is now capable of working with disk quotas. * However, the file system itself is not yet ready to support quotas. The next step is to run the quotacheck command. * The quotacheck command examines quota-enabled file systems and builds a table of the current disk usage per file system. * The table is then used to update the operating system's copy of disk usage. In addition, the file system's disk quota files are updated. * To create the quota files (aquota.user and aquota.group) on the file system, use the -c option of the quotacheck command. *

For example, if user and group quotas are enabled for the /home partition, create the quota files in the /home directory: $ quotacheck -cug /home o a — Check all quota-enabled, locally-mounted file systems in /etc/mtab. o c –- Create Quota files for each file system with quotas enabled. o u -- Check user disk quota o g -- Check group disk quota information o If neither the -u or -g options are specified, only the user quota file is created. If only -g is specified, only the group quota file is created. * After the files are created, run the following command to generate the table of current disk usage per file system with quotas enabled: $ quotacheck –avug o v -- Display verbose status information as the quota check proceeds * After quotacheck has finished running, the quota files corresponding to the enabled quotas (user or group) are populated with data for each quotaenabled file system such as /home. 4. Assigning Quotas per User * The last step is assigning the disk quotas with the edquota command. To configure the quota for a user, as root in a shell prompt, execute the command: $ edquota username * For example, if a quota is enabled in /etc/fstab for the /home partition (/dev/hda3) and the command edquota testuser is executed, the following is shown in the editor configured as the default for the system: Disk quotas for user testuser (uid 501): Filesystem blocks soft hard inodes soft hard

/dev/hda3 440436 0 0 37418 0 0

* The first column is the name of the file system that has a quota enabled for it. * The second column shows how many blocks the user is currently using. * The next two columns are used to set soft and hard block limits for the user on the file system. * The inodes column shows how many inodes the user is currently using. * The last two columns are used to set the soft and hard inode limits for the user on the file system. * A hard limit is the absolute maximum amount of disk space that a user or group can use. Once this limit is reached, no further disk space can be used. * The soft limit defines the maximum amount of disk space that can be used. However, unlike the hard limit, the soft limit can be exceeded for a certain amount of time. That time is known as the grace period. The grace period can be expressed in seconds, minutes, hours, days, weeks, or months. * To verify or view the quota for the user which has been set, use the command: $ quota testuser

5. Assigning Quotas per Group * Quotas can also be assigned on a per-group basis. * For example, to set a group quota for the devel group, use the command (the group must exist prior to setting the group quota): $ edquota -g devel 6. Assigning Quotas per File System *

To assign quotas based on each file system enabled for quotas, use the command: $ edquota –t * Like the other edquota commands, this one opens the current quotas for the file system in the text editor: The block grace period or inode grace period can be changed here. Grace period before enforcing soft limits for users: Time units may be: days, hours, minutes, or seconds Filesystem Block grace period Inode grace period /dev/hda3 7days 7days

6.3.6.2). Managing Disk Quotas

1. Reporting on Disk Quotas

* Creating a disk usage report entails running the repquota utility.

* For example, the command repquota /home produces this output:

$ repquota /home *** Report for user quotas on device /dev/hda3 Block grace time: 7days; Inode grace time: 7days Block limits File limits User used soft hard grace used soft hard grace ---------------------------------------------------------------------root -- 36 0 0 4 0 0 tfox -- 540 0 0 125 0 0 testuser -- 440400 500000 550000 37418 0 0

* To view the disk usage report for all quota-enabled file systems, use the command: $ repquota –a 2. Enabling and Disabling Quotas * It is possible to disable quotas without setting them to be 0. To turn all user and group quotas off, use the following command:

$ quotaoff

* To enable user and group quotas for all file systems:

$ quotaon

* To enable quotas for a specific file system, such as /home:

$ quotaon -vug /home

6.3.7. RAID Setup This is what you need for any of the RAID levels: * Kernel support for RAID * The “raidtoolsâ€

package

Some of the terms to be familiar with to understand the Raid configuration file /etc/raidtab is given below:

1. Chunk Size *

You can never write completely parallel to a set of disks. If you have two disks and wanted to write a byte, you would have to write four bits on each disk, actually, every second bit would go to disk 0 and the others to disk 1. Hardware just doesn't support that. * Instead, we choose some chunk-size, which we define as the smallest "atomic" mass of data that can be written to the devices. * A write of 16 kB with a chunk size of 4 kB, will cause the first and the third 4 kB chunks to be written to the first disk, and the second and fourth chunks to be written to the second disk, in the RAID-0 case with two disks. * Chunk sizes must be specified for all RAID levels, including linear mode. However, the chunk-size does not make any difference for linear mode. * The argument to the chunk-size option in /etc/raidtab specifies the chunk size in kilobytes. So "4" means "4 kB".

2. Persistent Superblock

* When an array is initialized with the persistent-superblock option in the /etc/raidtab file, a special superblock is written in the beginning of all disks participating in the array. * This allows the kernel to read the configuration of RAID devices directly from the disks involved, instead of reading from some configuration file that may not be available at all times. * This is essential if you want to boot from a raid. * The persistent superblock is mandatory if you want auto-detection of your RAID devices upon system boot.

6.3.7.1). Linear Raid Setup

1. Create two or more partitions which are not necessarily the same size, which you want to append to each other. 2. Setup the raid configuration file : Set up the /etc/raidtab file to describe your setup and for two disks - /dev/hda6 and /dev/hdb5, it can look like this.

raiddev /dev/md0 raid-level linear nr-raid-disks 2 chunk-size 32 persistent-superblock 1 device /dev/hda6 raid-disk 0 device /dev/hdb5 raid-disk 1

* To add another device to the RAID, increment the nr-raid-disks parameter and add another set of device and raid-disk parameter. * The persistent-superblock option has to be switched on (set to 1) to enable the system to auto-detect the raid device after a reboot. * The chunk-size option is meaningless for a linear RAID configuration so this can have any value. 3. Initialize the Raid device : Now create the raid device using the commandline below . This will initialize your array, write the persistent superblocks, and start the array. $ mkraid /dev/md0

4. To check the status of the new raid device , output the file /proc/mdstat. You should see that the array is running. $ cat /proc/mdstat Personalities : [linear] read_ahead 1024 sectors

md0 : active linear hdb7[1] hda7[0] 47664640 blocks 32k rounding unused devices: <none>

5. Create a filesystem : A RAID device does not rely on having a particular type of filesystem. To create an ext3 filesystem on the new RAID device use the mkfs command: $ mkfs –t ext3 /dev/md0 6. Mount the RAID partition : Mount the RAID device as follows: $ mount –t ext3 /raid /dev/md0 7. Add a new entry to /etc/fstab for the RAID device as follows so that it automatically gets mounted on reboot : /dev/md0 /raid ext3 defaults 1 2 8. When you have your RAID device running, you can always stop it or re-start it using the comandlines below $ raidstop /dev/md0 or $ raidstart /dev/md0 6.3.7.2). RAID-0 Setup 1. Create two devices of approximately same size, so that you can combine their storage capacity and also combine their performance by accessing them in parallel.

2. Setup the Raid Configuration file - Set up the /etc/raidtab file to describe the configuration. An example raidtab looks like below:

raiddev /dev/md0

raid-level 0 nr-raid-disks 2 chunk-size 4 persistent-superblock 1 device /dev/hda6 raid-disk 0 device /dev/hdb5 raid-disk 1

* RAID-0 has no redundancy, so when a disk dies, the array goes with it.

Repeat steps 3 through 7 to initialize the raid device and mount it. 6.3.7.3). RAID-1 Setup 1. Create two devices of approximately same size, so that they can be mirrors of each other. 2. Setup the Raid Configuration file - Set up the /etc/raidtab file to describe the configuration. An example raidtab looks like below:

raiddev /dev/md0 raid-level 1 nr-raid-disks 2 nr-spare-disks 0 persistent-superblock 1 device /dev/hda6 raid-disk 0 device /dev/hdb5 raid-disk 1

* If you have more devices, which you want to keep as stand-by spare-disks, that will automatically become a part of the mirror if one of the active devices break.Remember to set the nr-spare-disks entry correspondingly. * If you have spare disks, you can add them to the end of the device specification like device /dev/hdc5 spare-disk 0 3. Now we're all set to start initializing the RAID. Repeat steps 3 through 7 to initialize the raid device and mount it.

6.3.7.4). RAID-5 Setup 1. Create two or more devices of approximately same size, so that they can be combined into a larger device, but still maintain a degree of redundancy for data safety. Eventually you have a number of devices to use as spare-disks, that will not take part in the array before another device fails. 2. Setup the Raid Configuration file - Set up the /etc/raidtab file to describe the Raid – 5 configuration. An example raidtab looks like below:

raiddev /dev/md0 raid-level 5 nr-raid-disks 4 nr-spare-disks 0 persistent-superblock 1 parity-algorithm left-symmetric chunk-size 32 device /dev/hda3 raid-disk 0 device /dev/hdb1 raid-disk 1

device /dev/hdc1 raid-disk 2 device /dev/hdd1 raid-disk 3

3. Now we're all set to start initializing the RAID. Repeat steps 3 through 7 to initialize the raid device and mount it. 7. NETWORKING AND NETWORK SERVICES 7.1. Networking Overview 7.1.1. OSI Reference Model

The OSI Reference model defines seven layers that describe how applications running upon network-aware devices may communicate with each other. The model is generic and applies to all network types, not just TCP/ IP, and all media types, not just Ethernet. OSI was a working group within the ISO and thereby OSI model is sometimes referred to as ISO Model by some folks.

OSI is a seven layer model where traditionally, layer diagrams are drawn with Layer 1 at the bottom and Layer 7 at the top.

Layer 1 of the 7 layer Model is the Physical Layer and defines the physical and electrical characteristics of the network. * The NIC cards in your PC and the interfaces on your routers all run at this level since, eventually, they have to pass strings of ones and zeros down the wire.

Layer 2 is known as the Data Link Layer. It defines the access strategy for sharing the physical medium, including data link and media access issues. Protocols such as PPP, SLIP and HDLC live here.

*

Devices which depend on this level includes bridges and switches, which learn which segment's devices are on by learning the MAC addresses of devices attached to various ports. * This is how bridges are eventually able to segment off a large network, only forwarding packets between ports if two devices on separate segments need to communicate. * Switches quickly learn a topology map of the network, and can thus switch packets between communicating devices very quickly. It is for this reason that migrating a device between different switch ports can cause the device to lose network connectivity for a while, until the switch, or bridge, re-ARPs.

Layer 3 is the Network Layer, providing a means for communicating open systems to establish, maintain and terminate network connections. The IP protocol lives at this layer, and so do some routing protocols. * All the routers in your network are operating at this layer

Layer 4 is the Transport Layer, and is where TCP lives. The standard says that "The Transport Layer relieves the Session Layer [Layer 5] of the burden of ensuring data reliability and integrity". * It is for this reason that people are becoming very excited about the new Layer 4 switching technology. Before these devices became available, only software operated at this layer. * Hopefully, you will now also understand why TCP/ IP is uttered in one breath. TCP over IP, since Layer 4 is above (over) Layer 3. * It is at this layer that, should a packet fail to arrive (perhaps due to misrouting, or because it was dropped by a busy router), it will be retransmitted, when the sending party fails to receive an acknowledgement from the device with which it is communicating. * The more powerful routing protocols also operate here. OSPF and BGP, for example, are implemented as protocols directly over IP.

Layer 5 is the Session Layer. It provides for two communicating presentation entities to exchange data with each other. *

The Session Layer is very important in the E-commerce field since, once a user starts buying items and filling their "shopping basket" on a Web server, it is very important that they are not load-balanced across different servers in a server pool. * This is why, clever as Layer 4 switching is, these devices still operate software to look further up the layer model. They are required to understand when a session is taking place, and not to interfere with it.

Layer 6 is the Presentation Layer. This is where application data is either packed or unpacked, ready for use by the running application. * Protocol conversions, encryption/ decryption and graphics expansion all takes place here. Layer 7 is the Application Layer. This is where you find your end-user and endapplication protocols, such as telnet, ftp, and mail (pop3 and smtp). 7.1.2. TCP/IP Networks

* TCP/ IP stands for Transmission Control Protocol/ Internet Protocol. * TCP/IP traces its origin to a research project funded by the United States DARPA (Defense Advanced Research Projects Agency) in 1969. This was an experimental network, the ARPANET, which was converted into an operational one in 1975, after it had proven to be a success. * When ARPANET finally grew into the Internet, the use of TCP/IP had spread to networks beyond the Internet itself. * In 1983, the new protocol suite TCP/IP was adopted as a standard, and all hosts on the network were required to use it. * TCP/IP is the protocol used in remote logins, NFS etc. * Because TCP/IP is so widely supported, it is ideal for uniting different hardware and software, even if you don't communicate over the Internet. * A globally unique addressing scheme allows any TCP/IP device to address any other device in the entire network, even if the network is as large as the world-wide Internet. *

TCP/IP attempts to create a heterogeneous network with open protocols that are independent of operating system and architectural difference.

7.1.2.1). Layers in the TCP/IP Protocol Architecture

For more info about the protocol architecture, refer to the url below: http://www.citap.com/documents/tcp-ip/tcpip012.htm

7.1.3. LAN Network 7.1.3.1). Area Networks

For historical reasons, the industry refers to nearly every type of network as an "area network." The most commonly-discussed categories of computer networks include the following –

* Local Area Network (LAN) * Wide Area Network (WAN) * Metropolitan Area Network (MAN) * Storage Area Network (SAN) * System Area Network (SAN) * Server Area Network (SAN) * Small Area Network (SAN) * Personal Area Network (PAN) * Desk Area Network (DAN) * Controller Area Network (CAN) *

Cluster Area Network (CAN)

The concept of "area" made good sense at this time, because a key distinction between a LAN and a WAN involves the physical distance that the network spans. A third category, the MAN, also fit into this scheme as it too is centered on a distance-based concept. As technology improved, new types of networks appeared on the scene. These, too, became known as various types of "area networks" for consistency's sake, although distance no longer proved a useful differentiator. 7.1.3.2). LAN Basics

* A LAN connects network devices over a relatively short distance. A networked office building, school, or home usually contains a single LAN, though sometimes one building will contain a few small LANs, and occasionally a LAN will span a group of nearby buildings. * In IP networking, one can conceive of a LAN as a single IP subnet (though this is not necessarily true in practice). * Besides operating in a limited space, LANs include several other distinctive features. LANs are typically owned, controlled, and managed by a single person or organization. * They also use certain specific connectivity technologies, primarily Ethernet and Token Ring. Three most commonly used LAN Implementations Are :

7.1.3.3). LAN Protocols and the OSI Reference Model

* LAN protocols function at the lowest two layers of the OSI reference model, between the physical layer and the data link layer. * Figure below illustrates how several popular LAN protocols map to the OSI reference model.

7.1.3.4). LAN Media-Access Methods

* Media contention occurs when two or more network devices have data to send at the same time. * Because multiple devices cannot talk on the network simultaneously, some type of method must be used to allow one device access to the network media at a time. This is done in two main ways: carrier sense multiple access collision detect (CSMA/CD) and token passing.

Carrier Sense Multiple Access/Collision Detection (CSMA/CD) N/w

* In networks using CSMA/CD technology such as Ethernet, network devices contend for the network media. * When a device has data to send, it first listens to see if any other device is currently using the network. If not, it starts sending its data. * After finishing its transmission, it listens again to see if a collision occurred. * A collision occurs when two devices send data simultaneously. When a collision happens, each device waits a random length of time before resending its data. In most cases, a collision will not occur again between the two devices then. * Because of this type of network contention, the busier a network becomes, the more collisions occur. This is why performance of Ethernet degrades rapidly as the number of devices on a single network increases. * For CSMA/CD networks, switches segment the network into multiple collision domains. This reduces the number of devices per network segment that must contend for the media. * By creating smaller collision domains, the performance of a network can be increased significantly without requiring addressing changes.

Token Passing N/W

* In token-passing networks such as Token Ring and FDDI, a special network frame called a token is passed around the network from device to device. * When a device has data to send, it must wait until it has the token and then sends its data. * When the data transmission is complete, the token is released so that other devices may use the network media. * The main advantage of token-passing networks is that they are deterministic. In other words, it is easy to calculate the maximum time that will pass before a device has the opportunity to send data. * This explains the popularity of token-passing networks in some real-time environments such as factories, where machinery must be capable of communicating at a determinable interval.

Full Duplex and Half Duplex

* Normally CSMA/CD networks are half-duplex, meaning that while a device sends information, it cannot receive at the time. While that device is talking, it is incapable of also listening for other traffic. * This is much like a walkie-talkie. When one person wants to talk, he presses the transmit button and begins speaking. While he is talking, no one else on the same frequency can talk. * When the sending person is finished, he releases the transmit button and the frequency is available to others.

* When switches are introduced, full-duplex operation is possible. Fullduplex works much like a telephone—you can listen as well as talk at the same time.

* When a network device is attached directly to the port of a network switch, the two devices may be capable of operating in full-duplex mode.

* However, full-duplex operation does increase the throughput of most applications because the network media is no longer shared. Two devices on a full-duplex connection can send data as soon as it is ready.

* Token-passing networks such as Token Ring can also benefit from network switches. In large networks, the delay between turns to transmit may be significant because the token is passed around a larger network. 7.1.3.5). LAN Transmission Methods

* LAN data transmissions fall into three classifications: unicast, multicast, and broadcast. * In each type of transmission, a single packet is sent to one or more nodes. * In a unicast transmission, a single packet is sent from the source to a destination on a network. First, the source node addresses the packet by using the address of the destination node. The package is then sent onto the network, and finally, the network passes the packet to its destination. * A multicast transmission consists of a single data packet that is copied and sent to a specific subset of nodes on the network. First, the source node addresses the packet by using a multicast address. The packet is then sent into the network, which makes copies of the packet and sends a copy to each node that is part of the multicast address. * A broadcast transmission consists of a single data packet that is copied and sent to all nodes on the network. In these types of transmissions, the source node addresses the packet by using the broadcast address. The packet is then sent on to the network, which makes copies of the packet and sends a copy to every node on the network.

7.1.3.6). LAN Topologies

* LAN topologies define the manner in which network devices are organized. * Four common LAN topologies exist: bus, ring, star, and tree. * These topologies are logical architectures, but the actual devices need not be physically organized in these configurations. * Logical bus and ring topologies, for example, are commonly organized physically as a star. * A bus topology is a linear LAN architecture in which transmissions from network stations propagate the length of the medium and are received by all other stations. o Of the three most widely used LAN implementations, Ethernet/IEEE 802.3 networks—including 100BaseT—implement a bus topology, which is illustrated. * A ring topology is a LAN architecture that consists of a series of devices connected to one another by unidirectional transmission links to form a single closed loop. o Both Token Ring/IEEE 802.5 and FDDI networks implement a ring topology. Figure depicts a logical ring topology.

* A star topology is a LAN architecture in which the endpoints on a network are connected to a common central hub, or switch, by dedicated links. Logical bus and ring topologies are often implemented physically in a star topology. A star topology which is illustrated in figure.

* A tree topology is a LAN architecture that is identical to the bus topology, except that branches with multiple nodes are possible in this case. Figure illustrates a logical tree topology.

7.1.3.7). LAN Devices

* Devices commonly used in LANs include repeaters, hubs, LAN extenders, bridges, LAN switches, and routers.

Repeater

* A repeater is a physical layer device used to interconnect the media segments of an extended network. * A repeater essentially enables a series of cable segments to be treated as a single cable. * Repeaters receive signals from one network segment and amplify, retime, and retransmit those signals to another network segment. * These actions prevent signal deterioration caused by long cable lengths and large numbers of connected devices. * Repeaters are incapable of performing complex filtering and other traffic processing. * In addition, all electrical signals, including electrical disturbances and other errors, are repeated and amplified. The total number of repeaters and network segments that can be connected is limited due to timing and other issues. Figure 2-6 illustrates a repeater connecting two network segments. Hub * A hub is a physical layer device that connects multiple user stations, each via a dedicated cable. A typical hub is a multi-port repeater. * Electrical interconnections are established inside the hub. *

Hubs are used to create a physical star network while maintaining the logical bus or ring configuration of the LAN. In some respects, a hub functions as a multiport repeater. * Hubs and repeaters work at the first layer of the OSI model, also known as the Physical layer. Bridges * Bridges are introduced as devices which connect LANs at the MAC layer. * The purpose of bridges is to allow hosts attached to different LANs to communicate as if they were located on the same LAN. * In contrast to repeaters/hubs , that act at the physical layer and allow all traffic to cross LAN segments, bridges are more intelligent and limit the traffic to the section of the network on which it is relevant. * Brides posses work at the second layer of the OSI model, known as the data-link layer. * Since a bridge examines the packet to record the sender and lookup the recipient, there is overhead in sending a packet through a bridge.

Switches * This is a device with multiple ports which forwards packets from one port to another. A switch is essentially a multi-port bridge. * The behavior of a switch is exactly the same as a bridge, record sender port, look up the recipient, and forward based on the recipient’s port. * The difference is that most switches implement these functions in hardware using a dedicated processor. This makes them much faster than traditional software based bridges.

Router

*

The basic function of the router is to route the traffic from one network to another network efficiently. It provide intelligent redundancy and security required to select the optimum path. Usually routers are used for connecting remote networks. * A router works at the next layer, layer 3 (Network) of the OSI model. * The router uses network addresses (IP Addresses) to determine how to forward a packet. * Routers also offer more advanced filtering options, along with features designed to improve redundancy.

LAN Extender * A LAN extender is a remote-access multilayer switch that connects to a host router. * LAN extenders forward traffic from all the standard network layer protocols and filter traffic based on the MAC address or network layer protocol type. * LAN extenders scale well because the host router filters out unwanted broadcasts and multicasts. However, LAN extenders are not capable of segmenting traffic or creating security firewalls. * Figure illustrates multiple LAN extenders connected to the host router through a WAN. 7.1.4. WAN Basics

* As the term implies, a wide-area network spans a large physical distance. A WAN like the Internet spans most of the world! * A WAN is a geographically-dispered collection of LANs. * A network device called a router connects LANs to a WAN. In IP networking, the router maintains both a LAN address and a WAN address. * WANs differ from LANs in several important ways.

* Like the Internet, most WANs are not owned by any one organization but rather exist under collective or distributed ownership and management. * WANs use technology like ATM, Frame Relay and X.25 for connectivity. * WAN technologies generally function at the lower three layers of the OSI reference model: the physical layer, the data link layer, and the network layer.

7.1.4.1). WAN Networks

Point-to-Point Links * A point-to-point link provides a single, pre-established WAN communications path from the customer premises through a carrier network, such as a telephone company, to a remote network. * Point-to-point lines are usually leased from a carrier and thus are often called leased lines. * For a point-to-point line, the carrier allocates pairs of wire and facility hardware to your line only. These circuits are generally priced based on bandwidth required and distance between the two connected points. * Point-to-point links are generally more expensive than shared services such as Frame Relay. Circuit Switching * Switched circuits allow data connections that can be initiated when needed and terminated when communication is complete. * This works much like a normal telephone line works for voice communication. * Integrated Services Digital Network (ISDN) is a good example of circuit switching.

* When a router has data for a remote site, the switched circuit is initiated with the circuit number of the remote network. In the case of ISDN circuits, the device actually places a call to the telephone number of the remote ISDN circuit. When the two networks are connected and authenticated, they can transfer data. When the data transmission is complete, the call can be terminated. * A Circuit-Switched WAN Undergoes a Process Similar to That Used for a Telephone Call as can be seen below:

Packet Switching

* Packet switching is a WAN technology in which users share common carrier resources. * Because this allows the carrier to make more efficient use of its infrastructure, the cost to the customer is generally much better than with point-to-point lines. * In a packet switching setup, networks have connections into the carrier's network, and many customers share the carrier's network. * The carrier can then create virtual circuits between customers' sites by which packets of data are delivered from one to the other through the network. The section of the carrier's network that is shared is often referred to as a cloud. * Some examples of packet-switching networks include Asynchronous Transfer Mode (ATM), Frame Relay, Switched Multimegabit Data Services (SMDS), and X.25. * Figure hows an example packet-switched circuit. The virtual connections between customer sites are often referred to as a virtual circuit.

Packet Switching Transfers Packets Across a Carrier Network

7.1.4.2). WAN Virtual Circuits

* A virtual circuit is a logical circuit created within a shared network between two network devices. * Two types of virtual circuits exist: switched virtual circuits (SVCs) and permanent virtual circuits (PVCs).

Switched Virtual Circuits * SVCs are virtual circuits that are dynamically established on demand and terminated when transmission is complete. * Communication over an SVC consists of three phases: circuit establishment, data transfer, and circuit termination. * The establishment phase involves creating the virtual circuit between the source and destination devices. * Data transfer involves transmitting data between the devices over the virtual circuit. * The circuit termination phase involves tearing down the virtual circuit between the source and destination devices. * SVCs are used in situations in which data transmission between devices is sporadic. Permanent Virtual Circuits

* PVC is a permanently established virtual circuit that consists of one mode: data transfer. * PVCs are used in situations in which data transfer between devices is constant. *

PVCs decrease the bandwidth use associated with the establishment and termination of virtual circuits, but they increase costs due to constant virtual circuit availability. * PVCs are generally configured by the service provider when an order is placed for service. Internet Service Providers * Home networkers with cable modem or DSL service already have encountered LANs and WANs in practice, though they may not have noticed. * A cable/DSL router join the home LAN to the WAN link maintained by one's ISP. * The ISP provides a WAN IP address used by the router, and all of the computers on the home network use private LAN addresses. * On a home network, like many LANs, all computers can communicate directly with each other, but they must go through a central gateway location to reach devices outside of their local area.

7.1.4.3). WAN Devices

* WANs use numerous types of devices that are specific to WAN environments. * WAN switches, access servers, modems, CSU/DSUs, and ISDN terminal adapters are discussed in the following sections. * Other devices found in WAN environments that are used in WAN implementations include routers, ATM switches, and multiplexers.

Access Server

* An access server acts as a concentration point for dial-in and dial-out connections. Figure illustrates an access server concentrating dial-out connections into a WAN.

CSU/DSU

* A channel service unit/digital service unit (CSU/DSU) is a digitalinterface device used to connect a router to a digital circuit like a T1. * The CSU/DSU also provides signal timing for communication between these devices. * Figure below illustrates the placement of the CSU/DSU in a WAN implementation. ISDN Terminal Adapter * An ISDN terminal adapter is a device used to connect ISDN Basic Rate Interface (BRI) connections to other interfaces, such as EIA/TIA-232 on a router. * A terminal adapter is essentially an ISDN modem, although it is called a terminal adapter because it does not actually convert analog to digital signals. * Figure below illustrates the placement of the terminal adapter in an ISDN environment.

WAN Switch

* A WAN switch is a multiport internetworking device used in carrier networks. * These devices typically switch such traffic as Frame Relay, X.25, and SMDS, and operate at the data link layer of the OSI reference model. * Figure below illustrates two routers at remote ends of a WAN that are connected by WAN switches.

Modem * A modem is a device that interprets digital and analog signals, enabling data to be transmitted over voice-grade telephone lines. * At the source, digital signals are converted to a form suitable for transmission over analog communication facilities. * At the destination, these analog signals are returned to their digital form. * Figure below shows a simple modem-to-modem connection through a WAN. 7.1.4.4). Other Area Networks

After LANs and WANs, one will most commonly encounter the following three network designs:

* A Metropolitan Area Network connects an area larger than a LAN but smaller than a WAN, such as a city, with dedicated or high-performance hardware. * A Storage Area Network connects servers to data storage devices through a technology like Fibre Channel. * A System Area Network connects high-performance computers with high-speed connections in a cluster configuration. 7.1.5. Ethernet and Networking Hardware

Ethernet is a frame-based computer networking technology for local area networks (LANs). * It defines wiring and signaling for the physical layer, and frame formats and protocols for the media access control (MAC)/data link layer of the OSI model. * The most commonly installed Ethernet systems are called 10BASE-T and provide transmission speeds up to 10 Mbps.

* Ethernet is mostly standardized as IEEE's 802.3. It has become the most widespread LAN technology in use

* Ethernet follows a simple set of rules that govern its basic operation. * To better understand these rules, it is important to understand the basics of Ethernet terminology. o Medium - Ethernet devices attach to a common medium that provides a path along which the electronic signals will travel. Historically, this medium has been coaxial copper cable, but today it is more commonly a twisted pair or fiber optic cabling. o Segment - We refer to a single shared medium as an Ethernet segment. o Node - Devices that attach to that segment are stations or nodes. o Frame - The nodes communicate in short messages called frames, which are variably sized chunks of information. * One interesting thing about Ethernet addressing is the implementation of a broadcast address. A frame with a destination address equal to the broadcast address is intended for every node on the network, and every node will both receive and process this type of frame. 7.1.5.1). Ethernet Network Medium

* A Network Medium is the type of cabling used in a network. * There are many types of cables used in networks today, although only a few are commonly used. * The type of cabling can have an influence on the speed of the network.

1. Twisted-pair Cable

* A Twisted-pair cable has a pair of wires twisted around each other to reduce the interference. * There can be two, four, or even more sets of twisted pairs in a network cable. * Twisted-pair cables are usually attached to the network devices with a jack that looks like a telephone modular jack, but a little wider, supporting up to eight wires. * There are two types of Twisted-Pair cable in use: o A Unshielded Twisted-Pair (UTP) cable is one of the most commonly used network media because it is cheap and easy to work with. o A Shielded Twisted-Pair (STP) cable has the same basic construction as its unshielded cousin, but the entire cable is wrapped in a layer of insulation for protection from interference. 2. Coaxial Cable * A Coaxial cable is designed with two conductors, one in the centre surrounded by a layer of insulation, and the second a mesh or foil conductor surrounding the insulation. * Outside the mesh is a layer of outer insulation. Because of its reduced electrical impedance, coaxial is capable of faster transmission than twistedpair cable. * Coax is also broadband, supporting several network channels on the same cable. * There are two types of coaxial cable in use: o Thick coax is a heavy cable that is used as a network backbone for the bus network. This cable is formally known as Ethernet PVC coax, but is usually called 10BASE5. Because thick coax is so heavy and stiff, it is difficult to work with and is quit expensive. o Thin coax is the most common type used in Ethernet networks. It goes by several names, including Thin Ethernet, 10BASE2, and cheapernet. Thin coax is the same as your television cable. Thin coax is quite flexible and has a low impedance, so it is capable of fast throughput rates. It is not difficult to lay

out, as it is quite flexible, and it is easy to construct cables with the proper connectors, usually BNC connectors, at each end. Thin coax is broadband, although most local area networks use only a single channel of the cable. 3. Fibre-optic Cable * A Fibre-optic cable called FDDI (Fiber Distributed Data Interface) is becoming popular for very high-speed networks (500 Mbits). It is very expensive but capable of supporting many channels at tremendous speed. o Fibre-optic cable is almost never used in local area networks, although some large corporations do use it to connect many LAN’s together into a wide area network. o The supporting hardware to handle fibre-optic backbones is quite expensive and specialised. o It consists of a single cable with hosts being attached to it through connectors, taps or transceiver. 7.1.5.2). Ethernet Network Interface

* To hide the diversity of equipment that may be used in a networking environment, TCP/IP defines an abstract interface through which the hardware is accessed called the Ethernet interface or network interface. * This interface offers a set of operations which is the same for all types of hardware and basically deals with sending and receiving packets. * For each peripheral device you want to use for networking, a corresponding interface has to be present in the kernel. * For example, Ethernet interfaces are called eth0 and eth1 and these interface names are used for configuration purposes when you want to name a particular physical device to the kernel.

7.1.6. Internet Protocol or IP Address

* To extend your network beyond the Ethernet, regardless of the hardware you run or the sub-units its made up of, you have the Internet Protocol which

facilitates this. The current version of Internet Protocol that is in use is IP Version 4 ("IPv4") which is now nearly twenty years old.. * Hence we have a dedicated host, a so-called gateway, which handles incoming and outgoing packets by copying them between any two Ethernets and the fiber optics cable. * This scheme of directing data to a remote host is called routing, and packets are often referred to as datagrams in this context. To facilitate things, datagram exchange is governed by a single protocol that is independent of the hardware used: IP, or Internet Protocol. * The main benefit of IP is that it turns physically dissimilar networks into one apparently homogeneous network. This is called internetworking, and the resulting ``meta-network'' is called an internet. * IP also requires a hardware-independent addressing scheme. This is achieved by assigning each host a unique 32-bit number according to the current version of Internet Protocol ipv4, called the IP-address. An IP-address is usually written as four 8-bit numbers called octets, separated by dots. This format is also called dotted quad notation. * To be usable for TCP/IP networking, an interface must be assigned an IPaddress which serves as its identification when communicating with the rest of the world.

7.1.6.1). IP Address Notation and Classes of Networks

* IP-addresses are split into a network number, which is contained in the leading octets, and a host number, which is the remainder. * When applying to the NIC for IP-addresses, you are not assigned an address for each single host you plan to use. Instead, you are given a network number, and are allowed to assign all valid IP-addresses within this range to hosts on your network according to your preferences. * Depending on the size of the network, the host part may need to be smaller or larger. To accommodate different needs, there are several classes of networks, defining different splits of IP-addresses.

Class A *

Class A comprises networks 1.0.0.0 through 127.0.0.0. The network number is contained in the first octet. This provides for a 24 bit host part, allowing roughly 1.6 million hosts.

Class B * Class B contains networks 128.0.0.0 through 191.255.0.0; the network number is in the first two octets. This allows for 16320 nets with 65024 hosts each.

Class C * Class C networks range from 192.0.0.0 through 223.255.255.0, with the network number being contained in the first three octets. This allows for nearly 2 million networks with up to 254 hosts.

Classes D, E, and F * Addresses fall into the range of 224.0.0.0 through 254.0.0.0 are either experimental, or are reserved for future use and don't specify any network.

For example, if the IP address of a host is 149.76.12.4, it refers to host 12.4 on the class-B network 149.76.0.0.

* You may have noticed that in the above list not all possible values were allowed for each octet in the host part. * This is because host numbers with octets all 0 or all 255 are reserved for special purposes. * An address where all host part bits are zero refers to the network, and one where all bits of the host part are 1 is called a broadcast address. This refers to all hosts on the specified network simultaneously. *

Thus, 149.76.255.255 is not a valid host address, but refers to all hosts on network 149.76.0.0.

Reserved Network Addresses * There are also two network addresses that are reserved, 0.0.0.0 and 127.0.0.0. The first is called the default route, the latter the loopback address. * Network 127.0.0.0: is reserved for IP traffic local to your host. Usually, address 127.0.0.1 will be assigned to a special interface on your host, the socalled loopback interface, which acts like a closed circuit. Any IP packet handed to it from TCP or UDP will be returned to them as if it had just arrived from some network. This allows you to develop and test networking software without ever using a ``real'' network. Another useful application is when you want to use networking software on a standalone host. 7.1.7. Transmission Control Protocol

* TCP, or Transmission Control Protocol builds a reliable service on top of IP. The essential property of TCP is that it uses IP to give you the illusion of a simple connection between the two processes on your host and the remote machine, so that you don't have to care about how and along which route your data actually travels. * A TCP connection works essentially like a two-way pipe that both processes may write to and read from. * TCP identifies the end points of such a connection by the IP-addresses of the two hosts involved, and the number of a so-called port on each host. Ports may be viewed as attachment points for network connections.

7.1.8. User Datagram Protocol

TCP isn't the only user protocol in TCP/IP networking. Although its suitable for more applications, the overhead involved is quite high.Hence, many applications use a sibling protocol of TCP called UDP, or User Datagram Protocol.

*

UDP also allows an application to contact a service on a certain port on the remote machine, but it doesn't establish a connection for this. Instead, you may use it to send single packets to the destination service. 7.1.9. Connection Ports

* Ports may be viewed as attachment points for network connections. If an application wants to offer a certain service, it attaches itself to a port and waits for clients to connect to this port (this is also called listening on the port). * A client that wants to use this service allocates a port on its local host, and connects to the server's port on the remote host. * It is worth noting that although both TCP and UDP connections rely on ports, these numbers do not conflict. This means that TCP port 513, for example, is different from UDP port 513. In fact, these ports can serve as access points for two different services. * Some of the common ports you come across are port 80( used by httpd), 21( used by ftp), 22 ( used by sshd) etc.

7.1.10. Address Resolution

Address Resolution refers to mapping IP-addresses onto Ethernet addresses. This is the Address Resolution Protocol, or ARP. * When ARP wants to find out the Ethernet address corresponding to a given IP-address, it uses a feature of Ethernet known as “broadcasting'' , where a datagram is addressed to all stations on the network simultaneously. * The broadcast datagram sent by ARP contains a query for the IP-address. Each receiving host compares this to its own IP-address, and if it matches, returns an ARP reply to the inquiring host. The inquiring host can now extract the sender's Ethernet address from the reply. 7.1.11. IP Routing

* When you write a letter to someone, you usually put a complete address on the envelope, specifying the country, state, zip code, etc. After you put it

into the letter box, the postal service will deliver it to its destination: it will be sent to the country indicated, whose national service will dispatch it to the proper state and region, etc. The advantage of this hierarchical scheme is rather obvious. * IP-networks are structured in a similar way. The whole Internet consists of a number of proper networks, called autonomous systems. * Each such system performs any routing between its member hosts internally, so that the task of delivering a datagram is reduced to finding a path to the destination host's network. 7.1.11.1). Subnetworks

* Ip addresses can be split into a host and network part. By default, the destination network is derived from the network part of the IP-address. Thus, hosts with identical IP-network numbers should be found within the same network. * IP allows you to subdivide an IP-network into several subnets or subnetworks. * It is worth noting that sub-netting (as the technique of generating subnets is called) is only an internal division of the network. Subnets are generated by the network owner (or the administrators) to reflect existing boundaries, be they physical (between two Ethernets)or administrative (between two departments). However, this structure affects only the network's internal behavior, and is completely invisible to the outside world.

How sub-netting is done? In sub-netting, the network part is extended to include some bits from the host part. The number of bits that are interpreted as the subnet number is given by the so-called subnet mask, or netmask. This is a 32-bit number, too, which specifies the bit mask for the network part of the IP-address.

For example: A sample network has a class-B network number of 149.76.0.0, and its netmask is therefore 255.255.0.0. * Internally, this network consists of several smaller networks, such as the LANs of various departments. So the range of IP-addresses is broken up into 254 subnets, 149.76.1.0 through 149.76.254.0. *

For example, the Department1 has been assigned 149.76.12.0. The Department2 is given a network by its own right, and is given 149.76.1.0. * These subnets share the same IP-network number, while the third octet is used to distinguish between them. Thus they will use a subnet mask of 255.255.255.0.

7.1.11.2). Gateways * A gateway is a host that is connected to two or more physical networks simultaneously and is configured to switch packets between them. * A gateway is assigned one IP-address per network it is on. These addresses--- along with the corresponding netmask--- are tied to the interface the subnet is accessed through. Thus, the mapping of interfaces and addresses could look like this:

+-------+-------------+----------------+ |iface | address | netmask | +-------+-------------+----------------+ +-------+-------------+----------------+ |eth0 | 149.76.4.1 | 255.255.255.0 | |fddi0 | 149.76.1.4 | 255.255.255.0 | |lo | 127.0.0.1 | 255.0.0.0 | +-------+-------------+----------------+ +-------+-------------+----------------+

* The last entry describes the loopback interface lo. * Hosts that are on two subnets at the same time are shown with both addresses.

7.1.11.3). Routing Table

The routing table is used while delivering datagrams to IP address on a remote server which is maintained by the kernel.

* The routing information IP uses for this is basically a table linking networks to gateways that reach them. * A catch-all entry (the default route) must generally be supplied, too; this is the gateway associated with network 0.0.0.0. All packets to an unknown network are sent through the default route. * For larger networks, they are built and adjusted at run-time by routing daemons; these run on central hosts of the network and exchange routing information to compute ``optimal'' routes between the member networks. * Depending on the size of the network, different routing protocols will be used. The most prominent one is RIP, the Routing Information Protocol, which is implemented by the BSD routed daemon. * Dynamic routing based on RIP chooses the best route to some destination host or network based on the number of “hops'', that is, the gateways a datagram has to pass before reaching it. The shorter a route is, the better RIP rates it. 7.2. Linux Network Administration 7.2.1. Network Configuration Files 1. Resolver configuration file -- /etc/resolv.conf This file specifies the IP addresses of DNS servers and the search domain. Unless configured to do otherwise, the network initialization scripts populate this file.

search name-of-domain.com - Name of your domain or ISP's domain if using their name server nameserver XXX.XXX.XXX.XXX - IP address of primary name server nameserver XXX.XXX.XXX.XXX - IP address of secondary name server

*

This configures Linux so that it knows which DNS server will be resolving domain names into IP addresses. If using a static IP address, ask the ISP or check another machine on your network.

2. /etc/hosts - Locally resolve node/host names to IP addresses. The main purpose of this file is to resolve hostnames that cannot be resolved any other way. It can also be used to resolve hostnames on small networks with no DNS server. * Regardless of the type of network the computer is on, this file should contain a line specifying the IP address of the loopback device (127.0.0.1) as localhost.localdomain 127.0.0.1 localhost.localdomain localhost XXX.XXX.XXX.XXX hostname hostname1 192.168.0.2 srv1.carmatec.com

* Note when adding hosts to this file, place the fully qualified name first.

3. /etc/sysconfig/network : Red Hat network configuration file used by the system during the boot process. Specifies routing and host information for all network interfaces. The following values may be used inside : * NETWORKING=, where is one of the following boolean values: yes — Networking should be configured. no — Networking should not be configured. * HOSTNAME=, where should be the Fully Qualified Domain Name (FQDN), such as hostname.example.com, but can be whatever hostname is necessary. * GATEWAY=, where is the IP address of the network's gateway. * GATEWAYDEV=, where is the gateway device, such as eth0.

* NISDOMAIN=, where is the NIS domain name.

4. /etc/nsswitch.conf - System Databases and Name Service Switch configuration file . The /etc/nsswitch.conf file is used to configure which services are to be used to determine information such as hostnames, password files, and group files.

hosts: files dns nisplus nis

* This example tells Linux to first resolve a host name by looking at the local hosts file(/etc/hosts), then if the name is not found look to your DNS server as defined by /etc/resolv.conf and if not found there look up to your NIS server.

5. /etc/sysconfig/network-scripts/ifcfg- For each network interface on a Red Hat Linux system, there is a corresponding interface configuration script. Each of these files provide information specific to a particular network interface. * /etc/sysconfig/network-scripts/ifcfg-eth0 is the interface config script for eth0 interface * Configuration settings for your first ethernet port (0). Your second port is eth1. 7.2.2. Network Administration Commands 7.2.2.1). IP Address Assignment

The command ifconfig if used for this purpose. This command is used to configure network interfaces, or to display their current configuration. In addition to activating and deactivating interfaces with the up and down settings, this command is necessary for setting an interface's address information.

Determining your IP address Assignment *

You can determine the IP address of a linux machine and which device its assigned to using the ifconfig command. $ ifconfig

Setting up the main IP * An IP interface, for example, needs to be told both its own address and the network mask and broadcast address of its subnet. * To configure the IP 192.168.10.12 on the interface eth0, you can use: $ ifconfig eth0 192.168.10.12 netmask 255.255.255.0 broadcast 192.168.10.255 up

* 255.255.255.0 is the subnet mask. * After this, to make the changes permanent so that this IP is activated after every system reboot, a file has to be created called /etc/sysconfig/network-scripts/ifcfg-eth0 which will have contents like below for a static IP address configuration.

DEVICE=eth0 BOOTPROTO=static BROADCAST=192.168.10.255 IPADDR=192.168.10.12 NETMASK=255.255.255.0 NETWORK=192.168.10.0 ONBOOT=yes

* You can also use the commandline above to change the main IP address of a machine.

Adding more IP addresses to a machine * Using ifconfig, you can add more Ips to a machine using the commandline below

$ ifconfig eth0:0 192.168.10.13 netmask 255.255.255.0 broadcast 192.168.10.255 up

* In this case, the file that needs to be created is /etc/sysconfig/networkscripts/ifcfg-eth0:0 so that this IP is activated after system boot up. A sample file is given below.

DEVICE=eth0:0 BOOTPROTO=static BROADCAST=192.168.10.255 IPADDR=192.168.10.13 NETMASK=255.255.255.0 NETWORK=192.168.10.0 ONBOOT=yes

* If you are giving another IP, the file will be ifcfg-eth0:1 and the command line will be : $ ifconfig eth0:1 192.168.10.14 netmask 255.255.255.0 broadcast 192.168.10.255 up

* Note : After making these changes, you need to restart the network daemon using $ /etc/rc.d/init.d/network restart

* The command ‘usernetctl’ can be used to activate or de-activate a network interface. $ usernetctl eth0 up $ usernetctl eth0:1 up $ usernetctl eth0 down 7.2.2.2). Setting up Routing

Routing A routing table is a simple set of rules that tells what will be done with network packets. * The destination address of every outgoing packet is checked against every line of the routing table maintained by the kernel; if a matching line is found then the packet is sent out through the interface listed on that line of the table; if no match is found the system returns the error “Unreachable host.'' * The route command is the tool used to display or modify the routing table. * If you type "route" or “route –n†for a machine having the IP 192.168.2.2 for eth0 , the routing table below will be displayed: $ route Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.2.2 * 255.255.255.255 UH 0 0 0 eth0 192.168.2.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 192.168.0.2 0.0.0.0 UG 0 0 0 eth0

* The last line which has the Genmask 0.0.0.0 is the default route and the default gateway is set to 192.168.0.2. All packets to an unknown network are sent through the default route. *

The routing table looks like a set of instructions, very similar to a case statement which has a "default" at its end and can be described as below for the above routing table setup. if (address=me) then send to me; elseif (address=my network) then send to my network; elseif (address=my local) then send to my local interface; else send to my gateway 192.168.0.2; Iface : Interface to which packets for this route will be sent. Setting Up Routing * The default gateway can be set using the route command using the command line below $ route add -net default gw 192.168.2.0 dev eth0 ( for a network) OR $ route add default gw 192.168.2.0 eth0 (for a machine )

* To setup routing for more than 2 network interfaces, ie if you have both eth0 as well as eth1, you may use the command lines below . $ route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.2 dev eth0 $ route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3 dev eth1 * Note that in the above example the network 192.168.2.0 uses the gateway 192.168.0.2 and 192.168.1.0 is configured to use the gateway 192.168.0.3

* The flags above mean the following: U - Route is up H -Only a single host can be reached through the route. For example, this is the case for the loopback entry 127.0.0.1. G - Use gateway

Deleting a Route

* A route can be removed from a network using the command line below $ route del -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.2 eth0 * For a standalone machine, it can be removed as $ route del default gw 192.168.2.0 eth0 7.2.2.3). Network Monitoring/ Analysis Tools

1. Netstat :

* Displays information about the systems currently active network connections, including port connections, routing tables, and more. * To display the routing table, use the option $ netstat –nr , netstat –r * n will show numerical addresses instead of symbolic hostnames * To get the list of programs or services listening on all the open ports on the system along with their process id or program name, use the option $ netstat –lpn * To display all connected sockets and the foreign Ips from which the connection is coming from, use $ netstat –an * Using the –a flag by itself will display all sockets from all families. *

To see all connections from outside to httpd port 80, you may use $ netstat –an | grep 80 * To display the statistics for the network interfaces currently configured $ netstat –i

2. Traceroute:

* Used to determine the network route from your computer to some other computer on your network or the internet.It can be used with the hostname or the IP address. $ traceroute 216.239.39.99 OR $ traceroute google.com * Traceroute will list the series of hosts/gateways through which your packets travel on their way to a given destination. 3. Ping

* The IP protocol includes control messages called ICMP (Internet Control Message Protocol) packets. * One type of ICMP packet is called an “echo request'' , and the IP rules require its recipient to send back an “ echo reply†. * These are incredibly useful because you can determine o whether the remote host is up and talking to the network, o the time required for a packet to make a round-trip to the host, o

By sending a few dozen echo requests, what fraction of the packets sent between the hosts get lost somewhere along the way. * The ping command sends echo requests to the host you specify on the command line, and lists the responses received in their round trip time. * When you terminate ping (probably by hitting control-C) it summarizes the results, giving the average round trip time and the percent packet loss. * This command is used constantly to determine whether there is a problem with the network connection between two hosts. * The ping command can be called with the hostname or the IP address $ ping google.com $ ping 216.239.39.99

4. arp * The ARP (Address Resolution Protocol) table normally uses an automatic mechanism to find what physical addresses go with which IP addresses. The arp command displays this table, and can be used to modify it, though this necessity is rare. * The commandline to display the arptable and a sample output is given below. $ arp -a IP address HW type HW address 172.16.1.3 10Mbps Ethernet 00:00:C0:5A:42:C1 172.16.1.2 10Mbps Ethernet 00:00:C0:90:B3:42 172.16.2.4 10Mbps Ethernet 00:00:C0:04:69:AA

* The arp -s command can be used to change the IP address of a device. The syntax is: $ arp -s ip_address ethernet_address

$ arp -s 220.0.0.182 00-40-af-36-0c-38 * The column HW address is the Ethernet, or MAC, address. A typical Ethernet address (also known as MAC address - Media Access Control) looks like this: aabb-cc-dd-ee-ff where aa-bb-cc equals a number unique to the manufacturer and ddee-ff equals a serial number.

5. tcpdump * Tcpdump is a command-line tool for monitoring network traffic. * Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. $ tcpdump * To print all packets arriving at or departing from the host educarma.com $ tcpdump host educarma.com 7.2.2.4) Changing the System Hostname * Use the command hostname. Hostname is the program that is used to either set or display the current host, domain or node name of the system. These names are used by many of the networking programs to identify the machine. $ hostname * To change the hostname, use any of the options below $ echo “hostnameâ€

> /proc/sys/kernel/hostname

$ sysctl –w kernel.hostname=educarma.com * Sysctl is used to change kernel parameters at runtime. The parameters available are those listed under /proc/sys/ * To make the change in hostname permanent, the new hostname has to be added to the file /etc/sysconfig/network using the entry below. HOSTNAME=

7.2.2.5). Networking terms ARP - Address resolution protocol. Used to translate hardware addresses (ethernet ports) and IP addresses and vice versa. Uses broadcast messages for resolution. BOOTP - A protocol used to allow client computers to get their IP address from a BOOTP server. DHCP supercedes, though does not replace this protocol. DHCP - Dynamic Host Configuration Protocol, allows clients to get their IP addresses from a DHCP server. This system "leases" IP addresses to clients for limited periods of time. If the client has not used their IP address within the lease time, the IP address is free for re-assignment. ICMP - Internet Control Message Protocol. Part of the IP layer. Communicates error messages and other messages that require attention. IGMP - Internet Group Management Protocol. Protocol used to manage multicasting through routers. IP - Three kinds of IP addresses are unicast, broadcast and multicast. MBONE - Used to refer to a network that supports multicasting. NIS - Network information service, is a name service created by Sun Microsystems. NFS - Network file sharing, allows two Unix style computers to mount and access part or all of a file system on a remote computer. OSPF - Open Shortest Path First dynamic routing protocol intended as a replacement for RIP. PPP - Point to point protocol is a serial protocol commonly used to connect using a modem to the internet RARP - Reverse ARP, used for clients to determine their IP addresses. RIP - Routing Information Protocol, used by almost all TCP/IP implementation to perform dynamic routing. RPC - Remote procedure call is a set of function calls used by a client program to call functions in a remote server program. SLIP - Serial line internet protocol SMTP - Simple mail transport protocol, commonly uset as the mail message transport protocol. SNMP - Simple network management protocol. UDP - User Datagram Protocol, a transport layer protocol UUCP - Unix to Unix copy is a protocol that allows Unix computers to exchange files. 7.2.3. Packet Filtering Using Iptables

* Iptable is a tool for packet filtering – the process of controlling network packets as they enter, move through and exit the network stack within the kernel. * Pre 2.4 kernels relied on ipchains. It is part of the kernelspace netfilter project. * Using Linux and iptables / ipchains one can configure a gateway which will allow all computers on a private network to connect to the internet via the gateway and one external IP address, using a technology called "Network Address Translation" (NAT) or masquerading. * Iptables/ipchains can also be configured so that the Linux computer acts as a firewall, providing protection to the internal network. 7.2.3.1). Network Address Translation (NAT)

* An individual on a computer on the private network may point their web browser to a site on the internet. This request is recognized to be beyond the local network so it is routed to the Linux gateway using the private network address. * The request for the web page is sent to the web site using the external internet IP address of the gateway. * The request is returned to the gateway which then translates the IP address to computer on the private network which made the request. This is often called IP masquerading. * The software interface which enables one to configure the kernel for masquerading is iptables (Linux kernel 2.4) or ipchains (Linux kernel 2.2) 7.2.3.2). Packet filtering tables

The Linux kernel has the built-in ability to filter packets, allowing some of them into the system while stopping others. The 2.4 kernel's netfilter has three built-in tables or rules lists. 1. Filter - The default table for handling network packets. 2.

Nat - Used to alter packets that create a new connection.Used for Network Address Translation. 3. Mangle - Used for specific types of packet alteration. * Each of these tables in turn has a group of built-in chains which correspond to the actions performed on the packet by the netfilter. The built-in chains of different tables are as shown below. 7.2.3.3). Built –In Chains for the different tables

Chains available in Filter table

INPUT — Applies to network packets that are targeted for the host. OUTPUT — Applies to locally-generated network packets. FORWARD — Applies to network packets routed through the host.

Chains available in NAT table PREROUTING — Alters network packets when they arrive. OUTPUT — Alters locally-generated network packets before they are sent out. POSTROUTING — Alters network packets before they are sent out.

Chains available in Mangle table INPUT — Alters network packets targeted for the host. OUTPUT — Alters locally-generated network packets before they are sent out. FORWARD — Alters network packets routed through the host. PREROUTING — Alters incoming network packets before they are routed. POSTROUTING — Alters network packets before they are sent out. * Every packet sent or received by a linux machine is subject to at least one table. Once the incoming packet is found matching to a rule in the chain a target, or action is performed on them.

7.2.3.4). Types of Targets

Target is the action or policy to be taken with the corresponding packet. The types of targets which are available are : * ACCEPT - The packet skips the rest of the rule checks and is allowed to continue to its destination * REJECT - If a rule specifies the optional REJECT target, the packet is dropped, but an error packet is sent to the packet's originator. * DROP - Packet is refused access to the system and nothing is sent back to the host that sent the packet * QUEUE – The packet is passed to the user space where it can be manipulated by the user programs. * RETURN - Handled by default targets * MARK - Used for error response. * MASQUERADE - Used with nat table and DHCP. * LOG - Log to file and specify error message. Every chain has a default policy to ACCEPT, DROP, REJECT, or QUEUE. If none of the rules in the chain apply to the packet, then the packet is dealt with in accordance with the default policy. 7.2.3.5). The Iptables Commandline

* Rules that allow packets to be filtered by the kernel are put in place by running the iptables command

Command structure of Iptables $ iptables [-t ] <parameter-1> <parameter-n> *

- lets the user to select the table ie Filter, NAT or Mangle. * - Commands tell iptables to perform a specific action on the chosen table like Append, Check, Delete, Rename or Flush the table. Commonly used Iptable commands * -A : Appends the iptables rule to the end of the specified chain. This is the command used to simply add a rule when rule order in the chain does not matter. * -C : Checks a particular rule before adding it to the user-specified chain. This command can help you construct complicated iptables rules by prompting you for additional parameters and options. * -D : Deletes a rule in a particular chain by number (such as 5 for the fifth rule in a chain). You can also type the entire rule, and iptables will delete the rule in the chain that matches it. * -E : Renames a user-defined chain. This does not affect the structure of the table. * -F : Flushes the selected chain, which effectively deletes every rule in the the chain. If no chain is specified, this command flushes every rule from every chain. * -h : Provides a list of command structures, as well as a quick summary of command parameters and options. * -I : Inserts a rule in a chain at a point specified by a user-defined integer value. If no number is specified, iptables will place the command at the top of the chain. * -L : Lists all of the rules in the chain specified after the command. To list all rules in all chains in the default filter table, do not specify a chain or table. Otherwise, the following syntax should be used to list the rules in a specific chain in a particular table: $ iptables -L -t $ iptables –L

*

-N : Creates a new chain with a user-specified name. * -P : Sets the default policy for a particular chain, so that when packets traverse an entire chain without matching a rule, they will be sent on to a particular target, such as ACCEPT or DROP. * -R : Replaces a rule in a particular chain. The rule's number must be specified after the chain's name. The first rule in a chain corresponds to rule number one. * -X : Deletes a user-specified chain. Deleting a built-in chain for any table is not allowed. * -Z : Zeros the byte and packet counters in all chains for a particular table. - A name for the table which could be user defined. <parameter-n> - Once certain iptables commands are specified, including those used to add, append, delete, insert, or replace rules within a particular chain, parameters are required to construct a packet filtering rule. For example, * -c command resets the counters for a particular rule. This parameter accepts the PKTS and BYTES options to specify what counter to reset. * -d : Sets the destination hostname, IP address, or network of a packet that will match the rule. When matching a network, the following IP address/netmask formats are supported: o N.N.N.N/M.M.M.M — Where N.N.N.N is the IP address range and M.M.M.M is the netmask. o N.N.N.N/M — Where N.N.N.N is the IP address range and M is the netmask. o -f — Applies this rule only to fragmented packets. o By using the ! option after this parameter, only unfragmented packets will be matched.

* -i : Sets the incoming network interface, such as eth0 or ppp0. With iptables, this optional parameter may only be used with the INPUT and FORWARD chains when used with the filter table and the PREROUTING chain with the nat and mangle tables. This parameter also supports the following special options: o ! — Tells this parameter not to match, meaning that any specified interfaces are specifically excluded from this rule.For eg: -i ! eth0, would match all incoming interfaces, except eth0. o + — A wildcard character used to match all interfaces which match a particular string. For example, the parameter -i eth+ would apply this rule to any Ethernet interfaces but exclude any other interfaces, such as ppp0. o If the -i parameter is used but no interface is specified, then every interface is affected by the rule.

* -j : Tells iptables to jump to a particular target when a packet matches a particular rule. Valid targets to be used after the -j option include the standard options, ACCEPT, DROP, QUEUE, and RETURN, as well as extended options that are available through modules loaded by default with the Red Hat Linux iptables RPM package, such as LOG, MARK, and REJECT, among others. You may also direct a packet matching this rule to a user-defined chain outside of the current chain so that other rules can be applied to the packet. If no target is specified, the packet moves past the rule with no action taken. However, the counter for this rule is still increased by one, as the packet matched the specified rule. * -o : Sets the outgoing network interface for a rule and may only be used with OUTPUT and FORWARD chains in the filter table, and the POSTROUTING chain in the nat and mangle tables. This parameter's options are the same as those of the incoming network interface parameter (-i). * -p : Sets the IP protocol for the rule, which can be either icmp, tcp, udp, or all, to match every supported protocol. In addition, any protocols listed in /etc/protocols may also be used. If this option is omitted when creating a rule, the all option is the default. * -s : Sets the source for a particular packet using the same syntax as the destination (-d) parameter. We could also invert the match with an !. If we

were, in other words, to use a match in the form of --source ! 192.168.0.0/24, we would match all packets with a source address not coming from within the 192.168.0.x range.

Match Options * Different network protocols provide specialized matching options which may be set in specific ways to match a particular packet using that protocol. * The protocol must first be specified in the iptables command, by using -p tcp <protocol-name> (where <protocol-name> is the target protocol), to make the options for that protocol available. * TCP Protocol – TCP Protocol is specified using the option –p tcp and the match options available for tcp is as shown below, * --dport : Sets the destination port for the packet. Use either a network service name (such as www or smtp), port number, or range of port numbers to configure this option. The --destination-port match option is synonymous with -dport. o To specify a specific range of port numbers, separate the two numbers with a colon (:), such as -p tcp --dport 3000:3200. The largest acceptable valid range is 0:65535. o Use an exclamation point character (!) after the --dport option to tell iptables to match all packets which do not use that network service or port, such as -p tcp --dport ! 80.

* --sport : Sets the source port of the packet using the same options as -dport. The --source-port match option is synonymous with --sport. * --syn : Applies to all TCP packets designed to initiate communication, commonly called SYN packets. Any packets that carry a data payload are not touched. Placing an exclamation point character (!) as a flag after the --syn option causes all non-SYN packets to be matched. Eg : iptables -p tcp ! --syn * --tcp-flags — Allows TCP packets with specific bits, or flags, set to be matched with a rule. The --tcp-flags match option accepts two parameters. The

first parameter is the mask, which sets the flags to be examined in the packet. The second parameter refers to the flag that must be set in order to match. The possible flags are: ACK , FIN , PSH, RST, SYN, URG , ALL, NONE o For example, an iptables rule which contains -p tcp --tcp-flags ACK,FIN,SYN SYN will only match TCP packets that have the SYN flag set and the ACK and FIN flags unset. o Using the exclamation point character (!) after --tcp-flags reverses the effect of the match option. o For eg: iptables -p tcp --tcp-flags ! SYN,FIN,ACK

* --tcp-option — Attempts to match with TCP-specific options that can be set within a particular packet. This match option can also be reversed with the exclamation point character (!). A TCP Option is a specific part of the header.

Target Options * Once a packet has matched a particular rule, the rule can direct the packet to a number of different targets that decide its fate and, possibly, take additional actions. * Each chain has a default target, which is used if none of the rules on that chain match a packet or if none of the rules which match the packet specify a target. The following are the standard targets: * <user-defined-chain> : Replace <user-defined-chain> with the name of a user-defined chain within the table. This target passes the packet to the target chain. * ACCEPT — Allows the packet to successfully move on to its destination or another chain. * DROP — Drops the packet without responding to the requester. The system that sent the packet is not notified of the failure. *

QUEUE — The packet is queued for handling by a user-space application. * RETURN — Stops checking the packet against rules in the current chain. If the packet with a RETURN target matches a rule in a chain called from another chain, the packet is returned to the first chain to resume rule checking where it left off. If the RETURN rule is used on a built-in chain and the packet cannot move up to its previous chain, the default target for the current chain decides what action to take. Rules created with the iptables command are stored in memory. If the system is restarted after setting up iptables rules, they will be lost. In order for netfilter rules to persist through system reboot, they need to be saved. To do this, log in as root and type: $ /sbin/service iptables save

* The next time the system boots, the iptables init script will reapply the rules saved in /etc/sysconfig/iptables by using the /sbin/iptables-restore command. * The rules in the iptables can be seen by using $ iptables –L * To flush all the rules in filter or nat tables, use $ iptables --flush $ iptables --table nat –flush

* To stop/start/restart iptables $ /etc/rc.d/init.d/iptables stop/start/restart

* To delete all chains that are not in default filter and nat table. $ iptables --delete-chain $ iptables --table nat --delete-chain

* To deny all connections from a specific host $ iptables -I INPUT -s XXX.XXX.XXX.XXX -j DROP

* For Debugging and Logging add the lines below to iptables and you can see the messages in /var/log/messages. $ iptables -A INPUT -j LOG --log-prefix "INPUT_DROP: " $ iptables -A OUTPUT -j LOG --log-prefix "OUTPUT_DROP: " * To disallow access to port 80 from the IP address 212.160.2.4, you can use $ iptables –A INPUT –p tcp –dp 80 –s 212.160.2.4 –j DROP

Here you are adding a rule to the INPUT chain which is dropping all packets to port 80 on your machine from the IP address 212.160.2.4

* To disallow access to the smtp server from the network 212.160.2.0, you can use $ iptables –A INPUT –p tcp –dp 25 –s 212.160.2.0/24 –j DROP

* To disallow access to the smtp server from the network 212.160.0.0, you can use $ iptables –A INPUT –p tcp –dp 25 –s 212.160.0.0/16 –j DROP

* The -d 0.0.0.0/0 refers to all or any destination address of packet.

*

To view the rules along with the rule numbers so that its easier to delete a rule from the chain $ iptables –L –line-numbers * To delete rule no 2 from the INPUT chain from the default filter table $ iptables –D INPUT 1 * To setup routing so that all packets from the network 192.168.10.0/24 is altered to be routed from the public IP 202.15.20.198, use the commandline below to add a rule to the POSTROUTING table $ iptables –t NAT –A POSTROUTING –s 192.168.10.0/24 –j SNAT –to-source 202.15.20.198

* SNAT or SOURCE NAT : stores internal IP in the NAT table and route to and fro traffic to correct IP on the internal network.

7.3. Network Information Service (NIS)

The Network Information Service (NIS) provides a simple network lookup service consisting of databases and processes. It was formerly known as Sun Yellow Pages (YP).

Its purpose is to provide information, that has to be known throughout the network, to all machines on the network. Information likely to be distributed by NIS are:

* Login names/passwords/home directories (/etc/passwd) * Group information (/etc/group) * Host names and IP numbers (/etc/hosts)

For example, if your password entry is recorded in the NIS password database, you will be able to login on all machines on the net which have the NIS client programs running.

7.3.1. NIS Maps

* NIS client programs query the NIS servers for data which is stored in its databases, which are known as maps.

* NIS maps are stored in DBM format which is a binary format based on simple ASCII files.

* ASCII to DBM conversion can be done by using the makedbm command.

7.3.2. NIS Domain

An NIS domain refers to a group of systems in a network or subnet which use the same NIS Map.

7.3.2.1). NIS Topologies used

1. A single domain with a master server and one or more clients.

2. A single domain with one master server, one or more slave NIS servers and one or more clients.

3. Multiple domains with its own master server, no slave servers and one or more clients.

4. Multiple domains with its own master server, its own slave servers and one or more clients.

7.3.3. NIS Server Installation and Configuration

7.3.3.1). Installing the NIS Server utility

* There are two NIS packages and the portmap server that needs to be installed for the NIS server to work on a machine. o ypserv o yp-tools o portmap (if not already installed).

* The NIS utilities – ypserv and yp-tools can be found at,

Site Directory File Name

ftp.kernel.org /pub/linux/utils/net/NIS ypserv-2.9.tar.gz ftp.kernel.org /pub/linux/utils/net/NIS yp-tools-2.9.tar.gz

* Compile the NIS softwares ( ypserv and yp-tools) to generate the ypserv and makedbm. Makedbm program converts the ascii format database files into dbm format.

* NIS server configuration involves the following steps,

1. Setting up the NIS domain name.

2. Configuring and starting the NIS server deamon ypserv

3. Initializing the NIS Maps

4. Starting the NIS password deamon

5. Starting the NIS transfer deamon ( If you are using slave servers)

6. Modifying the startup process to start the NIS deamon when the system reboots. 7.3.3.2). Setting up the NIS domain name

* To set up the NIS domain name, give the entry below at the shell prompt.

$ nisdomainname <domainname>

eg: $ nisdomainname carmatrain.com

* Next reissue the nisdomainname command to confirm that the nis domain is set. This is a temporary arrangement. To make this permanent, add the entry NISDOMAIN=nisdomainname in the /etc/sysconfig/network file.

7.3.3.3). Configuring and starting the deamon ypserv

* With the NIS domain name set you can start the NIS server deamon. The key configuration files are,

1. /var/yp/securenets

It contains the netmasks and the network number pairs that defines the list of hosts permitted to access the NIS server.

255.255.255.0 192.168.0.0

2. /etc/ypserv.conf ( Configuration for the primary NIS server deamon and the NIS transfer deamon ypxfrd). It contains runtime configuration options called option line, for ypserv, and host access information, called access rules.

Default values in /etc/ypserv.conf is sufficient for most of the NIS server configurations.

dns: no *:shadow.byname:port:yes *:passwd.adjunct.byname:port:yes

* Entries in the file appear one per line. Each line is made up of colon separated fields defining an option line or an access rule with the format,

Option:[yes/no]

* Options can be either dns or xfr_check_port.

* dns controls whether or not the NIS server performs a dns lookup for hosts not listed in the host maps. The default is no.

* xfr_check_port controls whether the ypserv runs on a port numbered less than 1023, a so called privileged port. The default is yes.

* Access rules have a slightly complicated format.

Host:map:security:mangle[:field]

* Host – the ip address to match. Wild cards are also allowed.

* Map – the name of a map to match for . l* for all the maps.

* Security – The type of security to use. Can be one of none, port, deny or des.

o none enables always access to hosts. Mangle the passwd field if so configured, default is not. o Port enables access if the connection is coming from a privileged port (<1024) . If mangle is set to yes, access is enabled, but the password field is mangled. If mangle is set to no, access is denied. o Deny denies the matching host access to this map. o Des requires des authentication.

* Mangle – possible values are "yes" or "no". If "yes", the field entry will be mangled. Mangling means that the field is replaced by 'x' if the port check reveals the request originated from an unpriviliged port. If set to no, field is not mangled if the requesting port is unprivileged.

* Field – the field number is the map to mangle. The default value if the field is not specified is 2, which corresponds to the password field in /etc/group, /etc/shadow, and /etc/passwd.

* Access rules are tried in order, and all rules are evaluated. If no rule matches a connecting host, access to the corresponding map is enabled.

* For NIS to work, port mapper should be running. Port map translates the RPC port numbers and program numbers to TCP/IP port numbers.

You can check the status of port map by running the command,

$ /sbin/service portmap status

Which should show an output like,

Portmap (pid 559) running ….

If its not running you can start the same by issuing the command

$ /sbin/service portmap start

Once the portmap is started you can start the NIS server by issuing the command,

$ /sbin/service ypserv start

Once the ypserv daemon is started, the command

$ rpcinfo -u localhost ypserv

should given an output like below

program 100004 version 1 ready and waiting program 100004 version 2 ready and waiting

7.3.3.4). Initializing the NIS Maps

* Now you need to generate the password database using ypinit, which would generate the complete set of NIS maps and places them in the directory /var/yp named by the nisdomain.

To generate the NIS database issue the command,

$ /usr/lib/yp/ypinit –m

The –m option is used to indicate that its creating maps for the master server.

If you are using a slave server for redundancy then, make sure that ypwhich -m works from each of them. This means, that your slave must be also configured as NIS clients.

To create a slave server using the databases from the master server named masterhost, use

/usr/lib/yp/ypinit -s masterhost 7.3.3.5). Starting the NIS Password Deamon

When new users are added or deleted the NIS clients and slaves should be notified of this change. The deamon that handles this change is yppasswdd.

* Yppasswdd handles password changes and updating other NIS information that depends on user passwords.

* This daemon runs only on the NIS master server.

To start this,

$ /sbin/service yppasswdd start

It runs only on the NIS master server. 7.3.3.6). Starting the Server Transfer deamon

Ypxfrd is used to speed up the transfer of large maps from the NIS master to the slave servers.

$ /sbin/service ypxfrd start

7.3.3.7). Modifying the startup process to start NIS at Boot

*

Firstly, to permanently save the NIS domain name, add the line below to /etc/sysconfig/network. NISDOMAIN=carmatec.com * Run the GUI tool “serviceconf†which is the RedHat service configuration tool to configure the NIS daemons to start at boot time. After starting serviceconf, goto Main Menu -->System Settings ïƒ Server Settings ïƒ Server Settings ïƒ Services. Enable the checkbox for ypserv and yppasswdd services.

7.3.4). Installing and Configuring the NIS Client

7.3.4.1). Installing the ypbind utility

The NIS client requires the ypbind package to be installed on it as well as the portmapper server running.

* The ypbind daemon binds NIS clients to an NIS domain. Ypbind must be running on any machine running NIS client programs.

* The ypbind software is also available from http://ftp.kernel.org/pub/linux/utils/net/NIS/

* Compile and install the software as per the instructions inside.

* Install the portmapper package also if its not already installed on the server.

* After this, the NIS client needs to be configured , the steps for which are given below:

1.

Set up the NIS domain name. 2. Configure and start the NIS client deamon. 3. Test the client deamon. 4. Configure the client startup files to use NIS. 5. Reboot the client.

7.3.4.2). Setting up the NIS domain name

Add the entry in the /etc/sysconfig/network file as NISDOMAIN=

For example, To set the NIS domain as carmatec.com, you may give NISDOMAIN=carmatec.com 7.3.4.3). Configure and start the NIS client deamon * The NIS client deamon ypbind uses the configuration file /etc/yp.conf that specifies which NIS servers’ clients should use and how to locate them.

ypserver

* Valid entries are

+ domain NISDOMAIN server HOSTNAME : Use server HOSTNAME for the domain NISDOMAIN.

+ domain NISDOMAIN broadcast : Use broadcast on the local net for domain NISDOMAIN.

+ ypserver HOSTNAME : Use server HOSTNAME for the local domain. The IP-address of server must be listed in /etc/hosts.

* A sample entry can be

ypserver 192.168.0.2 OR domain educarma.com server 192.168.0.2

* The same thing above can also be done using a GUI tool called authconfig.

Now start the NIS client by issuing the command,

$ /sbin/service ypbind start 7.3.4.4). Test the Client daemon

* The commandline below using rpcinfo will let you confirm that ypbind was able to register its service with the portmapper.

$ rpcinfo –u 192.168.0.2 ypbind

* The commandline below can be used to check if the portmapper is running $ rpcinfo –p 192.168.0.2

* Now edit /etc/host.conf file to use NIS for password lookup, ie change the order to the entry below

order hosts,nis,bind

* The configuration above means that the nameservice lookups will first query /etc/hosts, then NIS and then user BIND, the nameserver.

* Lastly, edit the /etc/nssswitch.conf and add the entries shown below if not already present.

passwd: files nis shadow: files nis group: files nis hosts: files nis

7.3.4.5). Configuring the NIS Client startup files

* After configuring the NIS server, you need to make sure that the client daemon ypbind starts and stops when the system starts and stops. * This can be done by checking the daemon ‘ypbind’ in the Service Configuration Tool which can opened using the command “serviceconf†$ serviceconf * Save the changes after checking ypbind and NIS Client services will be up and running after a system reboot. * Reboot the server to make sure the NIS Client daemon starts. 7.3.4.6). NIS Configuration Files/Commands

NIS File/Command

Description/Usage ypwhich

Displays the name of the master NIS server $ ypwhich ypcat

Prints the entries in an NIS database $ ypcat –x (To check options) $ ypcat passwd ( To see entries from the map “passwd.bynameâ€

)

yppasswd

Changes user passwords and info on the NIS server $ yppasswd carma yppoll

Displays the server and version no of an NIS map $ yppoll -h 192.168.0.2 passwd.byname ypmatch

Prints the value of one or more entries in an NIS map /etc/yp.conf

Configures the NIS client bindings

/etc/nsswitch.conf

Configures the system name database lookup

/etc/host.conf

Configures host name resolution

7.3.5. More about NIS

* Within a network which has NIS setup, there must be at least one machine acting as a NIS server.

*

You can have multiple NIS servers, each serving different NIS "domains" or you can have co operating NIS servers, where one is the master NIS server, and all the other are so-called slave NIS servers (for a certain NIS "domain", that is!) - Or you can have a mix of them.

* To have the NIS work you need to run the program portmap which is available at /sbin/portmap.

* Portmap is a program which converts RPC port numbers to TCP/IP port numbers. To make RPC calls you need to have Portmap running, which is a pre requisite for the NIS clients and servers to work as they rely on RPC method of communication.

* When an RPC server is started, it will tell portmap what port number it is listening to, and what RPC program numbers it is prepared to serve.

* When a client wishes to make an RPC call to a given program number, it will first contact portmap on the server machine to determine the port number where RPC packets should be sent.

7.4. Network File Systems (NFS)

The Network File System (NFS) was developed to allow machines to mount a disk partition on a remote machine as if it were on a local hard drive.

* This allows for fast, seamless sharing of files across a network.

* There are three main configuration files you will need to edit to set up an NFS server:

1. /etc/exports 2. /etc/hosts.allow

3. /etc/hosts.deny 7.4.1. Main Configuration Files 7.4.1.1). /etc/exports file

/etc/exports file contains a list of entries, each entry indicates a volume that is shared and how its shared. An entry in /etc/exports will typically look like this: directory machine1(option11,option12) machine2(option21,option22)]

where directory the directory that you want to share. It may be an entire volume though it need not be. If you share a directory, then all directories under it within the same file system will be shared as well. machine1 and machine2 client machines that will have access to the directory. The machines may be listed by their DNS address or their IP address (e.g., machine.company.com or 192.168.0.8). Using IP addresses is more reliable and more secure. optionxx The option listing for each machine will describe what kind of access that machine will have. Important options are: * ro: The directory is shared read only; the client machine will not be able to write to it. This is the default.

* rw: The client machine will have read and write access to the directory. * no_root_squash: By default, any file request made by user root on the client machine is treated as if it is made by user nobody on the server. * Exactly which UID the request is mapped to depends on the UID of user "nobody" on the server, not the client. *

If no_root_squash is selected, then root on the client machine will have the same level of access to the files on the system as root on the server. * This can have serious security implications, although it may be necessary if you want to perform any administrative work on the client machine that involves the exported directories. You should not specify this option without a good reason. * no_subtree_check: If only part of a volume is exported, a routine called subtree checking verifies that a file that is requested from the client is in the appropriate part of the volume. If the entire volume is exported, disabling this check will speed up transfers.

* sync: By default, all but the most recent version (version 1.11) of exportfs command will use async behavior, telling a client machine that a write is complete - that is, it has been written to stable storage - when has finished handing the write over to the file system. This behavior may data corruption if the server reboots, and the sync option prevents this.

the file NFS cause

Eg entry: /var/tmp 192.168.0.3(async,w) 7.4.1.2). /etc/hosts.allow and /etc/hosts.deny These two files specify which computers on the network can use services on your machine. Each line of the file contains a single entry listing a service and a set of machines. When the server gets a request from a machine, it does the following: * It first checks /etc/hosts.allow to see if the machine matches a description listed in there. If it does, then the machine is allowed access. * If the machine does not match an entry in hosts.allow, the server then checks hosts.deny to see if the client matches a listing in there. If it does then the machine is denied access. * If the client matches no listings in either file, then it is allowed access. Configuring /etc/hosts.allow and /etc/hosts.deny for NFS security * In addition to controlling access to services handled by inetd (such as telnet and FTP), this file can also control access to NFS by restricting

connections to the daemons that provide NFS services. Restrictions are done on a per-service basis. * The first daemon to restrict access to is the portmapper. This daemon essentially just tells requesting clients how to find all the NFS services on the system. * Restricting access to the portmapper is the best defense against someone breaking into your system through NFS because completely unauthorized clients won't know where to find the NFS daemons. * However, there are two things to watch out for. First, restricting portmapper isn't enough if the intruder already knows for some reason how to find those daemons. And second, if you are running NIS, restricting portmapper will also restrict requests to NIS. In general it is a good idea with NFS (as with most internet services) to explicitly deny access to IP addresses that you don't need to allow access to.

* The first step in doing this is to add the followng entry to /etc/hosts.deny: portmap:ALL * If you have a newer version of nfs-utils, add entries for each of the NFS daemons in hosts.deny: lockd:ALL mountd:ALL rquotad:ALL statd:ALL * Some sys admins choose to put the entry ALL:ALL in the file /etc/hosts.deny, which causes any service that looks at these files to deny access to all hosts unless it is explicitly allowed.

*

Next, we need to add an entry to hosts.allow to give any hosts access that we want to have access. (If we just leave the above lines in hosts.deny then nobody will have access to NFS.) Entries in hosts.allow follow the format service: host [or network/netmask] , host [or network/netmask] * Here, host is IP address of a potential client; it may be possible in some versions to use the DNS name of the host, but it is strongly discouraged.

* Suppose we have the setup above and we just want to allow access to 192.168.0.1 and 192.168.0.2, respectively. We could add the following entry to /etc/hosts.allow: portmap: 192.168.0.1 , 192.168.0.2 * For recent nfs-utils versions, we would also add the following (again, these entries are harmless even if they are not supported): lockd: 192.168.0.1 , 192.168.0.2 rquotad: 192.168.0.1 , 192.168.0.2 mountd: 192.168.0.1 , 192.168.0.2 statd: 192.168.0.1 , 192.168.0.2 * If you intend to run NFS on a large number of machines in a local network, /etc/hosts.allow also allows for network/netmask style entries in the same manner as /etc/exports above. 7.4.2. NFS Server Setup 7.4.2.1). Pre-requisites The NFS server should now be configured and firstly, you will need to have the appropriate packages installed. This consists mainly a kernel which supports NFS and the nfs-utils package. * NFS depends on the portmapper daemon, either called portmap or rpc.portmap. It will need to be started using $ /sbin/service portmap start *

Most recent Linux distributions start this daemon in the boot scripts, but it is worth making sure that it is running before you begin working with NFS using $ /sbin/service portmap status

7.4.2.2). The NFS Daemons and starting them Providing NFS services requires the service of six daemons. 1. portmap : Enables NFS clients to discover the NFS services available on a given NFS server. 2. nfsd : Provides all NFS services except file locking and quota management. 3. lockd : Starts the kernels NFS lock manager 4. statd : Implements NFS lock recovery when an NFS server system crashes 5. rquotad : Handles user file quotas on exported volumes to NFS clients. 6. mountd : Processes NFS client mount requests

* The daemons are all part of the nfs-utils package, and may be either in the /sbin directory or the /usr/sbin directory. * If your distribution does not include them in the startup scripts, then , you should add them and configure it to start in the following order: 1. portmap 2. nfsd 3. mountd 4. statd 5.

rquotad ( if necessary)

* lockd is started by nfsd on an as-needed basis so there is no need to invoke it manually. * The nfs-utils package has a sample startup script for RedHat and the script will take care of starting all the NFS server daemons for you except the portmapper. $ /etc/rc.d/init.d/nfs start/stop/status/restart * Hence if you need to restart nfs manually, the order to do so is $ /etc/rc.d/init.d/portmap start $ /etc/rc.d/init.d/nfs start $ /etc/rc.d/init.d/nfslock start

7.4.2.3). Verifying that NFS is running To do this, query the portmapper with the command rpcinfo -p to find out what services it is providing. You should get something like this:

$ rpcinfo –p portmapper program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100011 1 udp 749 rquotad 100011 2 udp 749 rquotad 100005 1 udp 759 mountd 100005 1 tcp 761 mountd 100005 2 udp 764 mountd 100005 2 tcp 766 mountd 100005 3 udp 769 mountd

100005 3 tcp 771 mountd 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 300019 1 tcp 830 amd 300019 1 udp 831 amd 100024 1 udp 944 status 100024 1 tcp 946 status 100021 1 udp 1042 nlockmgr 100021 3 udp 1042 nlockmgr 100021 4 udp 1042 nlockmgr 100021 1 tcp 1629 nlockmgr 100021 3 tcp 1629 nlockmgr 100021 4 tcp 1629 nlockmgr * .name for lockd) versions 1, 3, and 4. There are also different service listings depending on whether NFS is travelling over TCP or UDP. * If you do not at least see a line that says portmapper, a line that says nfs, and a line that says mountd then you will need to backtrack and try again to start up the server. * If you do see these services listed, then you should be ready to set up NFS clients to access files from your server.

7.4.2.4). Making changes to /etc/exports later on * If you come back and change your /etc/exports file, the changes you make may not take effect immediately. * You should therefore run the command exportfs -ra to force nfsd to re-read the /etc/exports file. If you can't find the exportfs command, then you can kill nfsd and restart it. * Exportfs command will also let you manipulate the list of available exports or list the currently exported file systems

$ exportfs –v // List currently exported file systems $ exportfs –v –u 192.168.0.4:/home //Remove an exported file system

7.4.3. Setting up an NFS Client

7.4.3.1). Mounting remote directories * Firstly, the kernel on the client machine needs to be compiled with NFS support. * The portmapper should be running on the client machine machine, and to use NFS file locking, you also need statd and lockd running on both the client and the server. * With portmap, lockd, and statd running, you should now be able to mount the remote directory from your server just the way you mount a local hard drive, with the mount command. * Suppose our NFS server is called master.carma.com,and we want to mount the /home directory on slave.carma.com, use the command line below for mounting on slave.carma.com. $ mount –t nfs master.carma.com:/home /home1 OR

$ mount -t nfs 192.168.0.2:/home /home1 –o –rw,soft * And the directory /home on master will appear as the directory /home1 on slave.carma.com. Note that this assumes we have created the directory /home1 as an empty mount point beforehand on slave.carma.com * You can get rid of the file system mounted via nfs using just like you would for a local file system. $ umount /home1 7.4.3.2). Getting NFS File Systems to Be Mounted at Boot Time * NFS file systems can be added to your /etc/fstab file the same way local file systems can, so that they mount when your system starts up. *

The only difference is that the file system type will be set to nfs and the dump and fsck order (the last two entries) will have to be set to zero. So for our example above, the entry in /etc/fstab would look like: device mountpoint fs-type options dump fsckorder

master.carma.com:/home /home1 nfs rw 0 0

7.4.3.3). Options for Mounting

Soft vs. Hard Mounting

There are some options which govern the way the NFS client handles a server crash or network outage. One of the cool things about NFS is that it can handle this gracefully if you set up the clients right. There are two distinct failure modes: * soft If a file request fails, the NFS client will report an error to the process on the client machine requesting the file access. * hard The program accessing a file on a NFS mounted file system will hang when the server crashes. The process cannot be interrupted or killed (except by a "sure kill") unless you also specify intr. When the NFS server is back online the program will continue undisturbed from where it was. We recommend using hard,intr on all NFS mounted file systems. Picking up from previous example, the fstab entry would now look like: device mountpoint fs-type options dump fsckord ... master.carma.com:/home /home1 nfs rw,hard,intr 0 0 ... Setting Block Size to Optimize Transfer Speeds * The rsize and wsize mount options specify the size of the chunks of data that the client and server pass back and forth to each other. *

rsize=n will set the NFS read buffer size to n bytes ( default is 4096) * wsize=n will set the NFS write buffer size to n bytes ( “ ) * While mounting manually, the mount options can be specified as below $ mount –t nfs 192.168.0.2:/home /home1 –o rsize=8292, wsize=8192, hard,intr,nolock * intr will allow signals such as Ctrl-C to interrupt a failed NFS file operation if the file system is mounted with the hard option and hence its used with the hard option. * nolock disables NFS locking and stops the statd and lockd daemons and lock will enable it.

7.4.4. Using Automount services (Autofs)

* The easiest way for client systems to mount NFS exports is to use autofs, which automatically mounts file systems not already mounted when the file system is first accessed. * Autofs uses the automated daemon to mount and unmount file systems that automount has been configured to control. * The automount daemons automatically mounts filesystems and unmounts them after a period of inactivity thereby saving a lot of resources. * For autofs to work, you need the kernel support for autofs and the autofs package installed on the system. 7.4.4.1). Autofs Setup

* Autofs uses a set of map files to control automounting and a master map file which is called /etc/auto.master which assosciates mount points with secondary map files that control the file systems mounted under the corresponding mount points. * For example, consider the following /etc/auto.master config file:

/home /etc/auto.home /var /etc/auto.var –timeout 600 * This file assosciates the secondary map file /etc/auto.home with the mount point /home and the map file /etc/auto.var with the /var mount point. * Thus, auto.home defines filesystems mounted under /home and auto.var defines file systems mounted under /var. * Hence each file in the master map file has 3 fields : mountpoint, full path to secondary map file and options that control the behaviour of the automount daemon which is optional. * Here , --timeout=600 means after every 600 secs/10 mins of inactivity, the /var mount point will be unmounted automatically.

The Secondary Map Files

The secondary map file has the general syntax below: localdir [-options] remotefs * localdir refers to the directory beneath the mount point where the NFS mount will be mounted. * remotefs is the host and pathname of the NFS mount * options can be anything like rw,ro,soft,hard,intr,rsize,wsize etc

Consider a sample auto.home file which is used to mount /home from the host 192.168.0.2 carma -rw,hard,intr 192.168.0.2:/home/carma

* If /home/carma exist on the local system, it’ll be temporarily replaced by the contents of the NFS mount.

If the entire /home directory needs to be mounted from the NFS server, it can be done using some wild card characters as below. * -rw,hard,intr 192.168.0.2:/home/& o The above line states that any directory a user tries to access under the local /home directory (due to the asterisk character) should result in an NFS mount on the 192.168.0.2 system within its exported /home filesystem.

7.4.4.2). Starting and Stopping Autofs

* The Autofs service can be started by the root user using $ /sbin/service autofs start

* To check the status of autofs, use the option $ /sbin/service autofs status

* After changing a map file, the configuration can be reloaded using $ /sbin/service autofs reload 7.5. TCP Wrappers and Xinetd Services

TCP wrappers provide access control to a variety of services. Most modern network services, such as SSH, Telnet, and FTP, make use of TCP wrappers, which stands guard between an incoming request and the requested service.

The benefits offered by TCP wrappers are enhanced when used in conjunction with xinetd, a super service that provides * additional access * logging

* binding * redirection, and * resource utilization control. 7.5.1. TCP Wrappers

* The TCP wrappers package (tcp_wrappers) is installed by default under Red Hat Linux and provides host-based access control to network services.

* The most important component within the package is the /usr/lib/libwrap.a library. In general terms, a TCP wrapped service is one that has been compiled against the libwrap.a library.

* When a connection attempt is made to a TCP wrapped service, the service first references the hosts access files (/etc/hosts.allow and /etc/hosts.deny) to determine whether or not the client host is allowed to connect.

* It then uses the syslog daemon (syslogd) to write the name of the requesting host and the requested service to /var/log/messages.

* If a client host is allowed to connect, TCP wrappers release control of the connection to the requested service and do not interfere further with communication between the client host and the server.

* In addition to access control and logging, TCP wrappers can activate commands to interact with the client before denying or releasing control of the connection to the requested network service.

*

Because TCP wrappers are a valuable addition to any server administrator's arsenal of security tools, most network services within Red Hat Linux are linked against the libwrap.a library.

* Some such applications include /usr/sbin/sshd, /usr/sbin/sendmail, and /usr/sbin/xinetd.

7.5.1.1). Advantages of TCP Wrappers

TCP wrappers provide the following advantages over other network service control techniques:

1. Transparency to both the client host and the wrapped network service. Both the connecting client and the wrapped network service are unaware that TCP wrappers are in use. Legitimate users are logged and connected to the requested service while connections from banned clients fail.

2. Centralized management of multiple protocols. — TCP wrappers operate separately from the network services they protect, allowing many server applications to share a common set of configuration files for simpler management.

7.5.1.2). TCP Wrappers Configuration Files

To determine if a client machine is allowed to connect to a service, TCP wrappers reference the following two files, which are commonly referred to as hosts access files:

1. /etc/hosts.allow

2. /etc/hosts.deny

When a client request is received by a TCP wrapped service, it takes the following basic steps:

* The service references /etc/hosts.allow. — The TCP wrapped service sequentially parses the /etc/hosts.allow file and applies the first rule

specified for that service. If it finds a matching rule, it allows the connection. If not, it moves on to step 2.

* The service references /etc/hosts.deny. — The TCP wrapped service sequentially parses the /etc/hosts.deny file. If it finds a matching rule is denies the connection. If not, access to the service is granted.

The following are important points to consider when using TCP wrappers to protect network services:

* Because access rules in hosts.allow are applied first, they take precedence over rules specified in hosts.deny.

* Therefore, if access to a service is allowed in hosts.allow, a rule denying access to that same service in hosts.deny is ignored.

* Since the rules in each file are read from the top down and the first matching rule for a given service is the only one applied, the order of the rules is extremely important.

* If no rules for the service are found in either file, or if neither file exists, access to the service is granted.

* TCP wrapped services do not cache the rules from the hosts access files, so any changes to hosts.allow or hosts.deny take effect immediately without restarting network services.

Formatting Access Rules

* The format for both /etc/hosts.allow and /etc/hosts.deny are identical.

*

Any blank lines or lines that start with a hash mark (#) are ignored, and each rule must be on its own line.

* Each rule uses the following basic format to control access to network services:

: [: : : ...]

* A sample rule is given below which intsructs TCP wrappers to watch for connections to the FTP daemon (vsftpd) from any host in the example.com domain.

* If this rule appears in hosts.allow, the connection will be accepted. If this rule appears in hosts.deny, the connection will be rejected.

vsftpd : .example.com

* Placing a period at the beginning of a hostname, matches all hosts sharing the listed components of the name.

* The next sample hosts access rule is more complex and uses two option fields:

sshd : .example.com \ : spawn /bin/echo `/bin/date` access denied>>/var/log/sshd.log \ : deny

*

This sample rule states that if a connection to the SSH daemon (sshd) is attempted from a host in the example.com domain, execute the echo command (which will log the attempt to a special file), and deny the connection.

* Because the optional deny directive is used, this line will deny access even if it appears in the hosts.allow file.

* Note that in this example that each option field is preceded by the backslash (\). Use of the backslash prevents failure of the rule due to length.

* Placing a period at the end of an IP address matches all hosts sharing the initial numeric groups of an IP address. The following example would apply to any host within the 192.168.x.x network:

* ALL — Matches everything. It can be used for both the daemon list and the client list.

ALL : 192.168. OR ALL : 192.168.0.0/255.255.254.0

* The following two rules allow SSH connections from client-1.example.com, but deny connections from client-2.example.com:

sshd : client-1.example.com : allow sshd : client-2.example.com : deny

7.5.2. Xinetd

* The xinetd daemon is a TCP wrapped super service which controls access to a subset of popular network services including FTP, IMAP, and Telnet.

* It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.

* When a client host attempts to connect to a network service controlled by xinetd, the super service receives the request and checks for any TCP wrappers access control rules.

* If access is allowed, xinetd verifies if the connection is allowed under its own access rules for that service and that the service is not consuming more than its alloted amount of resources or in breach of any defined rules.

* It then starts an instance of the requested service and passes control of the connection to it. Once the connection is established, xinetd does not interfere further with communication between the client host and the server.

The configuration files for xinetd are as follows:

1. /etc/xinetd.conf — The global xinetd configuration file.

2. /etc/xinetd.d/ directory — The directory containing all service-specific files. 7.5.2.1). /etc/xinetd.conf

* The /etc/xinetd.conf contains general configuration settings which effect every service under xinetd's control.

* It is read once when the xinetd service is started, so in order for configuration changes to take effect, the administrator must restart the xinetd service. Below is a sample /etc/xinetd.conf file:

defaults { instances = 60 log_type = SYSLOG authpriv log_on_success = HOST PID log_on_failure = HOST cps = 25 30 } includedir /etc/xinetd.d

These lines control various aspects of xinetd as below:

* instances — Sets the maximum number of requests xinetd can handle at once.

* log_type — Configures xinetd to use the authpriv log facility, which writes log entries to the /var/log/secure file. Adding a directive such as FILE /var/log/xinetdlog here would create a custom log file called xinetdlog in the /var/log/ directory.

* log_on_success — Configures xinetd to log if the connection is successful. By default, the remote host's IP address and the process ID of server processing the request are recorded.

* log_on_failure — Configures xinetd to log if there is a connection failure or if the connection is not allowed.

* cps — Configures xinetd to allow no more than 25 connections per second to any given service. If this limit is reached, the service is retired for 30 seconds.

* includedir /etc/xinetd.d/ — Includes options declared in the servicespecific configuration files located in the /etc/xinetd.d/ directory.

7.5.2.2). The /etc/xinetd.d/ Directory

* The files in the /etc/xinetd.d/ directory contains the configuration files for each service managed by xinetd and the names of the files correlate to the service.

* As with xinetd.conf, this file is read only when the xinetd service is started. In order for any changes to take effect, the administrator must restart the xinetd service.

* The format of files in the /etc/xinetd.d/ directory use the same conventions as /etc/xinetd.conf.

* The primary reason the configuration for each service is stored in separate file is to make customization easier and less likely to effect other services.

* To get an idea of how these files are structured, consider the /etc/xinetd.d/telnet file for the telnet service:

service telnet { flags = REUSE socket_type = stream

wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = yes }

These lines control various aspects of the telnet service:

* service — Defines the service name, usually to match a service listed in the /etc/services file.

* flags — Sets any of a number of attributes for the connection. REUSE instructs xinetd to reuse the socket for a Telnet connection.

* socket_type — Sets the network socket type to stream.

* wait — Defines whether the service is single-threaded (yes) or multithreaded (no).

* user — Defines what user ID the process will run under.

* server — Defines the binary executable to be launched.

* log_on_failure — Defines logging parameters for log_on_failure in addition to those already defined in xinetd.conf.

*

disable — Defines whether or not the service is active.

7.5.2.3). Access Control Options

* Users of xinetd services can choose to use the TCP wrappers hosts access rules, provide access control via the xinetd configuration files, or a mixture of both.

* The xinetd hosts access control differs from the method used by TCP wrappers. While TCP wrappers places all of the access configuration within two files, /etc/hosts.allow and /etc/hosts.deny, each service's file in /etc/xinetd.d can contain its own access control rules.

* The following hosts access options are supported by xinetd:

o only_from — Allows only the specified hosts to use the service.

o no_access — Blocks listed hosts from using the service.

o access_times — Specifies the time range when a particular service may be used. The time range must be stated in 24-hour format notation, HH:MMHH:MM.

* The only_from and no_access options can use a list of IP addresses or host names, or can specify an entire network.

* Like TCP wrappers, combining xinetd access control with the enhanced logging configuration can enhance security by blocking requests from banned hosts while verbosely record each connection attempt.

* For example, the following /etc/xinetd.d/telnet file can be used to block telnet access from a particular network group and restrict the overall time range that even allowed users can log in:

service telnet { disable = no flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID no_access = 10.0.1.0/24 log_on_success += PID HOST EXIT access_times = 09:45-16:15 }

* In this example, when client system from the 10.0.1.0/24 network, such as 10.0.1.2, tries accessing the Telnet service, it will receive a message stating the following message:

Connection closed by foreign host.

* In addition, their login attempt is logged in /var/log/secure as follows:

May 15 17:38:49 boo xinetd[16252]: START: telnet pid=16256 from=10.0.1.2 May 15 17:38:49 boo xinetd[16256]: FAIL: telnet address from=10.0.1.2

May 15 17:38:49 boo xinetd[16252]: EXIT: telnet status=0 pid=16256

* When using TCP wrappers in conjunction with xinetd access controls, it is important to understand the relationship between the two access control mechanisms.

* The following is the order of operations followed by xinetd when client requests a connection:

1. The xinetd daemon accesses the TCP wrappers hosts access rules through a libwrap.a library call. If a deny rule matches the client host, the connection is dropped. If an allow rule matches the client host, the connection is passed on to xinetd.

2. The xinetd daemon checks its own access control rules both for the xinetd service and the requested service. If a deny rule matches the client host the connection is dropped. Otherwise, xinetd starts an instance of the requested service and passes control of the connection to it. 7.5.2.4). Logging Options

The following logging options are available for both /etc/xinetd.conf and the service-specific configuration files in the /etc/xinetd.d/ directory.

Below is a list of some of the more commonly used logging options:

* ATTEMPT — Logs the fact that a failed attempt was made (log_on_failure).

* DURATION — Logs the length of time the service is used by a remote system (log_on_success).

*

EXIT — Logs the exit status or termination signal of the service (log_on_success).

* HOST — Logs the remote host's IP address (log_on_failure and log_on_success).

* PID — Logs the process ID of the server receiving the request (log_on_success).

* RECORD — Records information about the remote system in the case the service cannot be started. Only particular services, such as login and finger, may use this option (log_on_failure).

* USERID — Logs the remote user using the method defined in RFC 1413 for all multi-threaded stream services (log_on_failure and log_on_success).

7.5.2.5). Binding and Redirection Options

* The service configuration files for xinetd support binding the service to an IP address and redirecting incoming requests for that service to another IP address, hostname, or port.

* Binding is controlled with the bind option in the service-specific configuration files and links the service to one IP address on the system.

* Once configured, the bind option only allows requests for the proper IP address to access the service. This way different services can be bound to different network interfaces based on need.

* This is particularly useful for systems with multiple network adapters or with multiple IP addresses configured. On such a system, insecure services, like

Telnet, can be configured to listen only on the interface connected to a private network and not to the interface connected with the Internet.

* The redirect option accepts an IP address or hostname followed by a port number.

* It configures the service to redirect any requests for this service to the specified host and port number.

* This feature can be used to

o point to another port number on the same system. o redirect the request to different IP address on the same machine. o shift the request to a totally different system and port number, or any combination of these options. o In this way, a user connecting to certain service on a system may be rerouted to another system with no disruption.

* The xinetd daemon is able to accomplish this redirection by spawning a process that stays alive for the duration of the connection between the requesting client machine and the host actually providing the service, transferring data between the two systems.

* But the advantages of the bind and redirect options are most clearly evident when they are used together. By binding a service to a particular IP address on a system and then redirecting requests for this service to a second machine that only the first machine can see, an internal system can be used to provide services for a totally different network.

*

For example, consider a system that is used as a firewall with this setting for its Telnet service:

* service telnet { socket_type = stream wait = no server = /usr/sbin/in.telnetd log_on_success += DURATION USERID log_on_failure += USERID bind = 123.123.123.123 redirect = 10.0.1.13 21 23 }

* The bind and redirect options in this file ensures that the Telnet service on the machine is bound to the external IP address (123.123.123.123), the one facing the Internet.

* In addition, any requests for Telnet service sent to 123.123.123.123 are redirected via a second network adapter to an internal IP address (10.0.1.13) that only the firewall and internal systems can access.

* The firewall then send the communication between the two systems, and the connecting system thinks it is connected to 123.123.123.123 when it is actually connected to a different machine.

* This feature is particularly useful for users with broadband connections and only one fixed IP address.

*

When using Network Address Translation (NAT), the systems behind the gateway machine, which are using internal-only IP addresses, are not available from outside the gateway system.

* However, when certain services controlled by xinetd are configured with the bind and redirect options, the gateway machine can act as a type of proxy between outside systems and a particular internal machine configured to provide the service.

* In addition, the various xinetd access control and logging options are also available for additional protection, such as limiting the number of simultaneous connections for the redirected service.

8. SHELL SCRIPTING

A shell script is a series of commands written in plain text files. Somes of its uses are: * Shell script can take input from user or file and output them on screen. * Useful to create your own commands. * Save lots of time. * To automate some task of day today life.For eg: To be set inside the cron daemon. * System Administration part can be also automated using shell scripts. 8.1. Shell Scripting Basics

* The shell that is normally used is the Bash Shell . * After writing shell script , set execute permission for your script as follows $ chmod +x your-script-name

$ chmod 755 your-script-name

* Execute your script using any of the options below: $ bash your-script-name $ sh your-script-name $ ./your-script-name

* Use any editor like vi to write shell script. * For shell script file try to give file extension such as .sh, which can be easily identified by you as a shell script. * A sample script is given below which will print user information about who is currently logged in , current date & time etc. $ vi userinfo # # Script to print user information like who is currently logged in , current date & time # clear echo "Hello $USER" echo "Today is \c ";date echo "Number of user login : \c" ; who | wc -l echo "Calendar" cal exit 0

8.1.1. Variables in Shell

In Linux (Shell) , there are two types of variables: 1. System variables - Created and maintained by Linux itself. This type of variable is defined in CAPITAL LETTERS. 2. User defined variables (UDV) - Created and maintained by user. This type of variable is defined in lower case letters.

* Some of the important System variables and their meanings are given below:

System Variable Meaning BASH=/bin/bash Your shell name BASH_VERSION=1.14.7 Your shell version name COLUMNS=80 No. of columns for your screen HOME=/home/carma Your home directory LINES=25 No. of rows for your screen. LOGNAME=root LOGNAME contains the username you logged in with. OSTYPE=Linux The Os type PATH=/usr/bin:/sbin:/bin:/usr/sbin Your path settings PWD=/home/carma The current working directory SHELL=/bin/bash Your shell name USERNAME=carma User who is currently logged in to this machine.

* The above settings can be printed using the echo command $ echo $USERNAME * echo will echo the string(s) specified to the standard output * $ is used to specify the shell variable.

8.1.1.1). Defining User-defined variables

* To define UDV , use following syntax: $ variable name=value * 'value' is assigned to given 'variable name' Example: * To assign variable no having value ‘10#’ $ no=10# * To define variable called 'vehicle' having value Bus $ vehicle=Bus * To define variable called n having value 10 $ n=10 * To print contents of variable 'vehicle' type $ echo $vehicle * To print contents of variable n $ echo $n 8.1.1.2). Rules for naming variables

1. Variable name must begin with Alphanumeric character or underscore character (_) , followed by one or more alphanumeric character. For eg : HOME, System_Version. 2.

Don't put spaces on either side of the equal sign when assigning value to variable. Eg : $ no=10 is fine. But there will be problems for any of the following variable declaration: $ no =10 $ no= 10 $ no = 10 3. Variables are case-sensitive, just like filename in Linux. 4. You can define NULL variable as follows (NULL variable is a variable which has no value at the time of definition) For e.g: $ vech= $ vech="" 5. Do not use ?,* etc, inside your variable names. 8.1.1.3). The “echo†command

* Use echo command to display text or value of a variable. * Some of the options which can be used with echo are given below. o ‘-n’ : Do not output the trailing new line. o ‘-e’ : Enable interpretation of the following backslash escape characters in the strings: \b backspace \c suppress trailing new line \n new line \r carriage return \t horizontal tab \\ backslash

* Eg: $ echo -e "An apple a day keeps away \t\tdoctor\n"

8.1.2. Shell arithmetic

* Use to perform arithmetic operations. * Syntax: $ expr op1 math-operator op2 * Examples: $ expr 1 + 3 : Addition $ expr 2 – 1 : Subtraction $ expr 10 / 2 : Division $ expr 20 % 3 : Remainder $ expr 10 \* 3 : Multiplication $ echo `expr 6 + 3` : echo the results of an arithmetic expression

Note: * expr 20 %3 – Remainder. Read as 20 mod 3 and remainder is 2. * expr 10 \* 3 - Multiplication use \* and not * since its wild card. * For the last statement note the following points o Firstly, before expr keyword we used ` (back quote) sign and not the (single quote i.e. ') sign. o Back quote is generally found on the key under tilde (~) on PC keyboard OR above TAB key. o Second, expr also ends with ` i.e. back quote. o Here expr 6 + 3 is evaluated to 9, and echo command prints 9 as sum o If you give echo “expr 6 + 3†print expr 6 + 3 o

or echo ‘expr 6 + 3’ , it’ll

A sample script which performs an arithmetic expression is given below

$ vi arith.sh #!/bin/sh # Perform some arithmetic x=24 y=4 Result=`expr $x \* $y` echo "$x times $y is $Result"

8.1.3. Understanding Quotes inside the Shell

Quotes

Name

Meaning “

Double Quotes

"Double Quotes" - Anything enclosed in double quotes removes meaning of those characters (except \, ` and $). ‘

Single Quotes

'Single quotes' – Anything enclosed in single quotes remains unchanged. `

Back Quote

To execute command

Eg: Some examples to understand the meaning of the quotes and their output is given below. $ echo "Today is `date`" Today is Thu Mar 10 15:13:49 IST 2005 $ echo "$USERNAME" root $ echo '$USERNAME' $ USERNAME 8.1.4. Finding the Exit Status of a Command Execution

By default in Linux if a particular command/shell script is executed, it will return two type of values which is used to see whether the command or shell script executed is successful or not. * If return value is zero (0), command is successful. * If return value is nonzero, command is not successful or some sort of error is there executing command/shell script. * This value is know as Exit Status.And to determine this exit Status you can use $? which is a special variable of shell. * For e.g: This example assumes that unknownfile doest not exist on your hard drive $ rm unknownfile It will show error as follows rm: cannot remove `unknownfile': No such file or directory and after that if you give command $ echo $? it will print nonzero value to indicate error. Now give command $ ls

$ echo $? It will print 0 to indicate that the command is successful. 8.1.5. Reading input from the Standard Input

* The read statement is used to get input (data from user) from the standard input and store the data in a variable. * Here’s a sample script which does this. $ vi sayhello.sh # #Script to read your name from key-board # echo "Your first name please:" read fname echo "Hello $fname, Lets be friend!"

Run it as follows: $ chmod 755 sayhello.sh $ ./sayhello.sh 8.1.6. Command Line Arguments

* When you run the command $ ls file file1 file2 , ls is the command and file, file1, file2 are command line arguments passed to it * Hence the command above has 3 command line arguments. * $# holds number of arguments specified on command line. And $* or $@ refer to all arguments passed to script. o $* expands to a single variable containing all the command line parameters separated by spaces. o

$@ expands to a list of separate words, each containing one of the command line parameters . o $# is the number of parameters, excluding $0 * Hence $1, $2, $3 refers to file, file1 and file2 * If you are running a shell script using the commandline below $ myshell.sh file1 dir1 * The shell script name myshell.sh is referred to as $0, file1 is $1 and dir1 $2 * These command line arguments to shell script are known as "positional parameters". 8.1.7. Structured Language Constructs 8.1.7.1). Decision Making

Any type of comparison in Linux Shell gives only two answers, one is YES and other is NO.

In Linux Shell Value Meaning Example Zero Value (0) Yes/True 0 NON-ZERO Value No/False -1, 32, 55 anything but not zero

* test command or [ expr ] is used to see if an expression is true, and if it is true it returns zero(0), otherwise returns nonzero for false. * Syntax: test expression OR [ expression ] * For Mathematical comparisons, use following operator in Shell Script

Mathematical Operator in Shell Script

Meaning

Normal Arithmetical/ Mathematical Statements

But in Shell For test statement with if command

For [ expr ] statement with if command -eq

Equal to

5==6

if test 5 -eq 6

if [ 5 -eq 6 ] -ne

Not equal to

5!=6

if test 5 -ne 6

if [ 5 -ne 6 ] -lt

Less than

5<6

if test 5 -lt 6

if [ 5 -lt 6 ] -le

Less than or equal to

5<=6

if test 5 -le 6

if [ 5 -le 6 ] -gt

Greater than

5>6

if test 5 -gt 6

if [ 5 -gt 6 ] -ge

Greater than or equal to

5>=6

if test 5 -ge 6

if [ 5 –ge 6 ]

* For string Comparisons use: Operator

Returns True if string1 = string2

string1 is equal to string2

string1 != string2

string1 is NOT equal to string2 string1

string1 is NOT NULL or not defined -n string1

string1 is NOT NULL and does exist -z string1

string1 is NULL and does exist(has length 0)

* Shell also tests for files and directory types : Operator

Returns True if -s file

File exists and is a non empty file -f file

File exists and is a normal file and not a directory -d dir

File exists and is a directory -w file

File is writeable.You’ve write permission on the file. -r file

File is readable.

-x file

File is executable

* Logical Operators which are used to combine two or more conditions at a time: Operator

Meaning ! expression

Logical NOT expression1 -a expression2

Logical AND expression1 -o expression2

Logical OR

8.1.7.2). Flow Control

if...else...fi Syntax:

if condition then condition is zero (true - 0) execute all commands up to else statement else

if condition is not true then execute all commands up to fi fi

Example: if test $1 -gt 0 then echo "$1 number is positive" else echo "$1 number is negative" fi

Nested if-else-fi Syntax: if condition then if condition then ..... .. do this else .... .. do this fi else ... .....

do this fi

Multilevel if-then-else

Syntax: if condition then condition is zero (true - 0) execute all commands up to elif statement elif condition1

then condition1 is zero (true - 0) execute all commands up to elif statement elif condition2 then condition2 is zero (true - 0) execute all commands up to elif statement else None of the above condtion,condtion1,condtion2 are true(i.e. all of the above are nonzero or false) execute all commands up to fi fi

Example: # #!/bin/sh

# Script to test if..elif...else if [ $1 -gt 0 ]; then echo "$1 is positive" elif [ $1 -lt 0 ] then echo "$1 is negative" elif [ $1 -eq 0 ] then echo "$1 is zero" else echo "Opps! $1 is not number, give number" fi

8.1.7.3). Loop Constructs

FOR Loop Syntax: for { variable name } in { list } do execute one for each item in the list until the list is not finished (And repeat all statements between do and done) done

Example: Before trying to understand above syntax, try the following script: $ cat testfor for i in 1 2 3 4 5 do echo "Welcome $i times"

done

* The for loop first creates i variable and assigns a number to i from the list of numbers from 1 to 5, The shell will then execute echo statement for each assignment of i. (This is usually known as iteration) * This process will continue until all the items in the list are finished, and because of this it will repeat 5 echo statements.

Nesting of For Loop

* To understand the nesting of for loop see the following shell script.

$ vi nestedfor.sh for (( i = 1; i <= 5; i++ )) ### Outer for loop ### do

for (( j = 1 ; j <= 5; j++ )) ### Inner for loop ### do echo -n "$i " done echo "" #### print the new line ### done

Run the above script as follows: $ chmod +x nestedfor.sh $ ./nestedfor.sh 1 1 1 1 1

2 2 2 2 2 3 3 3 3 3 4 4 4 4 4 5 5 5 5 5

* Here, for each value of i the inner loop is cycled through 5 times, with the varible j taking values from 1 to 5 * The inner for loop terminates when the value of j exceeds 5, and the outer loop terminates when the value of i exceeds 5.

The while Loop

Syntax: while [ condition ] do command1 command2 command3 .. .... done

* Loop is executed as long as given condition is true. * The example below shows a shell script to sum the integers between 1 and 100: #!/bin/bash # Simple script to demonstrate while and arithmetic

count=0 sum=0 while [ $count -lt 101 ] ; do sum=$(( $sum + $count )) count=$(( $count + 1 )) done echo "Sum = $sum"

The Case Statement * The case statement is a good alternative to Multilevel if-then-else-fi statement. It enable you to match several values against one variable. Its easier to read and write. Syntax: case $variable-name in pattern1) command ... .. command;; pattern2) command ... .. command;; patternN) command ... .. command;; *) command ... ..

command;; esac

* The $variable-name is compared against the patterns until a match is found. The shell then executes all the statements up to the two semicolons that are next to each other. The default is *) and is executed if no match is found. For e.g. write script as follows:

Example Syntax: rental=$1 case $rental in "car") echo "For $rental Rs.20 per k/m";; "van") echo "For $rental Rs.10 per k/m";; "jeep") echo "For $rental Rs.5 per k/m";; "bicycle") echo "For $rental 20 paisa per k/m";; *) echo "Sorry, I cannot get a $rental for you";;

8.1.7.4). Debugging a Shell script * Use the ‘-x’ or ‘-v’ option to show debug results * x shows the exact values of variables (or statements are shown on screen with values). * Use -v option to debug complex shell script. $ sh –x sample.sh $ sh –v sample.sh

8.2. Advanced Shell Scripting 8.2.1. /dev/null

* /dev/null - Is used to send unwanted output of a program * This is a special Linux file which is used to send any unwanted output from program/command. Syntax: command > /dev/null Example: $ ls > /dev/null Output of the above command is not shown on screen but its send to this special file. $ cat /dev/null > /var/log/messages This will empty the /var/log/messages file.

8.2.2. Conditional Execution using && and ||

* The control operators used for conditional execution are && (read as AND) and || (read as OR). The syntax for AND list is as follows. Syntax for AND: command1 && command2 * command2 is executed if, and only if, command1 returns an exit status of zero. Syntax for OR: command1 || command2 * command2 is executed if and only if command1 returns a non-zero exit status.

You can use a combination of both as follows

Syntax: command1 && command2 if exist status is zero || command3 if exit status is nonzero * if command1 is executed successfully then shell will run command2 and if command1 is not successful then command3 is executed.

Example: $ rm myf && echo "File is removed successfully" || echo "File is not removed"

8.2.3. I/O Redirection and file descriptors

Standard File

File Descriptors number

Use

Example Stdin

0

as Standard input

Keyboard Stdout

1

as Standard output

Screen Stderr

2

as Standard error

Screen

Eg: $ echo "There is an Error" 1>&2

* The 1>&2 at the end of echo statement, directs the standard output (stdout) to standard error (stderr) device. 8.2.4. Essential Utilities 8.2.4.1). cut

* Cut is used for selecting portions of a file. * Syntax: cut -f{field number or byte mumber} {file-name} * $ cut –f2 testfile ---- For printing the contents of second column * $ cut -f2,3 testfile ----For printing the contents of second and 3rd column * For example :

$ cat testfile Sr.No Name 11 Vivek 12 Renuka 13 Prakash 14 Ashish 15 Rani

$ cut –f2 testfile Vivek Renuka Prakash Ashish Rani

* $ cut –b2,3 test file -----will print the 2nd and 3rd byte * $ cut -b1,2-10 testfile ----- will print the 1st byte, and 2nd to 10th byte. $ cut -b1,2 testfile Sr 11 12 13 14 15 $ cut -b10-30 test Name Vivek Renuka Prakash Ashish Rani

The number can be specified in the various formats below:

* N Nth byte, character or field, counted from 1 * N- from Nth byte, character or field, to end of line * N-M from Nth to Mth (included) byte, character or field * -M from first to Mth (included) byte, character or field 8.2.4.2). paste

* Paste utility is useful to put textual information together located in various files. * Syntax: paste {file1} {file2} * Example:

$cat /file1 Vivek Renuka Prakash Ashish Rani $cat /file2 67 55 96 36 67 $ paste /file1 /file2 Vivek 67

Renuka 55 Prakash 96 Ashish 36 Rani 67

* It will therefore read the contents of the file line by line and concatenate the first line, second line etc till the nth line of both the files. 8.2.4.3). join * join utility joins, lines from separate files. * Syntax: join {file1} {file2} * $ join file1 file2

$ cat /file1 Sr.No Name 11 Vivek 12 Renuka 13 Prakash 14 Ashish 15 Rani

$ cat /file2 Sr.No Mark 11 67 12 55 13 96 14 36

15 67

$ join /file1 /file2 11 Vivek 67 12 Renuka 55 13 Prakash 96 14 Ashish 36 15 Rani 67

* join will only work, if there is common field in both file and if values are identical to each other.

8.2.4.4). tr

* tr translate range of characters (i.e. small a to z) into other (i.e. to Capital A to Z) ranges. * General Syntax: tr {pattern-1} {pattern-2} * $ tr "[a-z]" "[A-Z]" * After executing command above type text in lower case and it’ll be converted to upper case. CTRL + C will terminate

8.2.4.5). uniq

* Uniq is used to remove duplicate lines from a file * Syntax: uniq {file-name}

* The uniq utility compares only adjacent lines, duplicate lines must be next to each other in the file * Otherwise you can sort the file and pass it to uniq Eg: $ sort file1 | uniq 8.2.5. Awk Utility

Awk utility is a powerful data manipulation/scripting programming language. * General Syntax of awk : awk -f {awk program file} filename * awk reads the input from given file (or from stdin also) one line at a time, then each line in the file is compared with the pattern specified. * If pattern is matching for any line , then given action is taken. Pattern can be regular expressions.

8.2.5.1). Understanding Awk Basic Examples The examples we’ll be seeing below is based on the text file ‘testfile1’ , the contents of which is listed below:

SrNo Product Qty Unit Price 1 Pen 5 20.00 2 Rubber 10 2.00 3 Pencil 3 3.50 4 Clock 2 45.50

Now give the following commandline $ awk '{ print $1 “.†SrNo.Product--> Rs.0 1.Pen--> Rs.100 2.Pencil--> Rs.20

$2 "--> Rs." $3 * $4 }' testfile1

3.Rubber--> Rs.10.5 4.Clock--> Rs.91

* The print command is used to print contents of variables or text enclosed in " text ". * Here $1, $2, $3, $4 are all special variables containing values of fields or columns.Therefore $1 is the value of the first field for each of the lines in the file. * Finally we are directly doing the calculation using $3 * $4 i.e. multiplication of third and fourth field in the text file. * Note that "--> Rs." is a string which is printed as it is.

$ awk '{ print $2 }’ testfile1 Product Pen Pencil Rubber Clock $ awk '{ print $0 }' testfile2 SrNo Product Qty Unit Price 1 Pen 5 20.00 2 Pencil 10 2.00 3 Rubber 3 3.50 4 Clock 2 45.50

* $0 is a special variable for awk , which refers to an entire record or the entire line.

* The ‘-f’ option instructs awk, to read its command from a given awk file. * Awk also uses some predefined variables like NR and NF which means Number of the input Record, Number of Fields in input record respectively. * An example which uses both these options is given below: First, create an awk file below called def_var with the contents below. $ cat def_var { print "Printing Rec. #" NR "(" $0 "),And # of fields for this record is " NF }

Then, run it as follows and the result is printed below. $awk -f def_var testfile1 $awk -f def_var testfile1 Printing Rec. #1(1 Pen 5 20.00),And # of fields for this record is 4 Printing Rec. #2(2 Pencil 10 2.00),And # of fields for this record is 4 Printing Rec. #3(3 Rubber 3 3.50),And # of fields for this record is 4 Printing Rec. #4(4 Clock 2 45.50),And # of fields for this record is 4

* Some of the other Awk predefined variables are : Awk Variable

Meaning FILENAME

Name of current input file RS

Input record separator character (Default is new line) OFS

Output field separator string (Blank is default) ORS

Output record separator string (Default is new line) NF

Number of fields/columns in the input record NR

Number of the input record (1 for 1st Record, 2 for 2nd record etc) OFMT

Output format of number FS , F

Field separator character (Blank & tab is default)

8.2.5.2). Doing arithmetic and user defined variables with awk

You can easily do arithmetic with awk as follows $ vi math { print $1 " + " $2 " = " $1 + $2 print $1 " - " $2 " = " $1 - $2 print $1 " / " $2 " = " $1 / $2 print $1 " x " $2 " = " $1 * $2 print $1 " mod " $2 " = " $1 % $2 }

$ awk -f math 20 3 20 + 3 = 23 20 - 3 = 17 20 / 3 = 6.66667 20 x 3 = 60 20 mod 3 = 2 (Press CTRL + D to terminate)

You can also define your own variable in awk program, as follows: $ cat math1 { no1 = $1 no2 = $2 ans = $1 + $2 print no1 " + " no2 " = " ans }

Run the program as follows $ awk -f math1 1 5 1 + 5 = 6 8.2.6. The sed Utility

* SED is a stream editor. * A stream editor is used to perform basic text transformations on an input stream (a file or input from a pipeline). *

SED works by making only one pass over the input(s), and is consequently more efficient. * But it is SED's ability to filter text in a pipeline which particularly distinguishes it from other types of editors. * General Syntax of sed $ sed -option 'general expression' [data-file] $ sed -option sed-script-file [data-file] * Sed means start the sed command. * The option that can be specified are given below:

Option

Meaning

Example -e

Read the sed command from command line

$ sed -e 'sed-commands' data-file-name -f

Read the sed command from sed script file

$sed -f sed-script-file data-file-name -n

Suppress the output of sed command. When -n is used you must use p command of print flag.

$ sed -n '/^\*..$/p' demofile2

* The most basic and commonly used operators in the sed toolkit are printing (to stdout), deletion, and substitution. Their specifications are listed below.

Operator

Name

Implication

[address-range]/p

print

Print [specified address range] [address-range]/d

delete

Delete[specified address range] s/pattern1/pattern2/

substitute

Substitute pattern2 for first instance of pattern1 in a line [address-range]/s/pattern1/pattern2/

substitute

Substitute pattern2 for first instance of pattern1 in a line, over address-range [address-range]/y/pattern1/pattern2/

transform

replace any character in pattern1 with the corresponding character in pattern2, over address-range (equivalent of tr) g

global

Operate on every pattern match within each matched line of input

* Examples of sed operators: Notation

Meaning

8d

Delete 8th line of input. /^$/d

Delete all blank lines. 1,/^$/d

Delete from beginning of input up to, and including first blank line. /Jones/p

Print only lines containing "Jones" (with -n option). s/Windows/Linux/

Substitute "Linux" for first instance of "Windows" found in each input line. s/BSOD/stability/g

Substitute "stability" for every instance of "BSOD" found in each input line. s/ *$//

Delete all spaces at the end of every line. s/00*/0/g

Compress all consecutive sequences of zeroes into a single zero. /GUI/d

Delete all lines containing "GUI". s/GUI//g

Delete all instances of "GUI", leaving the remainder of each line intact. 8.2.6.1). Sample sed Commands/Scripts

* You can redirect the output of sed command to file as follows $ sed 's/Linux/UNIX/' file1 > file.out

* Deleting blank lines from file. Using sed you can delete all blank lines from file * as follow $ sed '/^$/d' demofile1

* The following sed command takes input from who command and sed checks whether a particular user is logged in or not. Here -n option to sed command, will suppress the output of sed command; and /carma/ is the pattern that we are looking for, so finally if the pattern is found its printed using p command of sed. $ who | sed -n '/carma/p'

Sample Script1 To remove all blank lines and convert multiple spaces into single space, use the sed script ‘sedscript’ below.

$ cat sedscript /^$/d s/ */ /g

And run it on a demofile as below $ sed –f sedscript demofile * /^$/d : Will find all blank lines and delete is using d command. * s/ */ /g : Find two or more than two blank space and replace it with single blank space

Sample Script2

The command below will search for every instance of 1001 from the demofile $ sed -n '/10\{2\}1/p' demofile2 * {n,\} : At least n occurrences will be matched. So /10\{2\} will look for 1 followed by 2 occurences of zero. * So /10\{2,\} : will look for atleast 2 occurences of zero, * {n,\m} : Matches any number of occurrence between n and m.

Therefore, the command below $ sed -n '/10\{2,4\}1/p' demofile2 * Will match "1001", "10001", "100001" but not "101" or "10000000". As 0\{2,4\} will match 2 to 4 occurences of Zero.

Sample Script3 The command below will match only lines which have only 3 astericks * $ sed -n '/^\*\*\*$/p' demofile2

* \* will search for * and \*\*\* will match 3 *’s and because its ^\*\*\*$, it’ll only match lines which have only three astericks. * /p will print the program or results * Same thing can be done using the commandline below also $ sed -n '/^\*\{3\}$/p' demofile2 9. INSTALLING LINUX SOFTWARE/KERNEL 9.1. RPM Installations

* RPM is a widely used tool for delivering software for Linux. Users can easily install an RPM-packaged product. * RPM (Red Hat Package Manager) is the most common software package manager used for Linux distributions. Because it allows you to distribute software already compiled, a user can install the software with a single command.

9.1.1. Getting the RPM source

There are three commonly used sources for RPM’s. 1. Your Redhat/Fedora Installation CD( But they may not be updated to the latest version). 2. Download it from redhat.com site using the browser or ftp program. RedHat site will have only their approved software on their sites. A good general purpose source for additional software can also be found at the url www.rpmfind.net. 3. The command wget can be used for downloading via the http or ftp protocol .The command line that can be used is:

$ wget http://redhat.com/download/pub/fedora/linux/core/i386/RPMS/ openssh3.6.1p2-34.i386.rpm OR $ wget ftp://ftp.redhat.com/download/pub/fedora/linux/core/i386/RPMS/ openssh3.6.1p2-34.i386.rpm 4. Using yum if it is installed. On Fedora systems, its installed by default.

9.1.2. Manually installing rpms

* Download the RPMs (which usually have a file extension ending with .rpm) using any of the methods above into a temporary directory, such as /opt. * The next step is to issue the rpm -ivh or –Uvh command to install the package. o The –i qualifier is to install an RPM package o The -U qualifier is used for updating an RPM to the latest version o The -h qualifier gives a list of hash # characters during the installation and o The -v qualifier prints verbose status messages while the command is being executed.

* Here is an example of a typical RPM installation command to install the MySQL server package: $ rpm -ivh mysql-server-3.23.58-9.i386.rpm Preparing... ####################### [100%] 1:mysql-server ####################### [100%]

9.1.3. RPM Installation Errors

* Sometimes the installation of RPM software doesn't go according to plan and you need to take corrective actions. This section shows you how to recover from some of the most common errors you'll encounter. * Failed Dependencies : Sometimes RPM installations will fail giving “Failed dependencies errors†which actually mean that a prerequisite RPM needs to be installed. * For example, in the example below, rpm installation of the MySQL database server application fails because the mysql client RPM, on which it depends, needs to be installed beforehand. $ rpm -ivh mysql-server-3.23.58-9.i386.rpm error: Failed dependencies: libmysqlclient.so.10 is needed by mysql-server-3.23.58-9

* To get around this problem you can run the rpm command with the --nodeps option to disable dependency checks $ rpm –ivh –nodeps mysql-server-3.23.58-9.i386.rpm Preparing... ####################### [100%] 1:mysql ####################### [100%]

* You may also use an option called --force, to forcefully do the rpm installation leaving out the dependency checks. $ rpm –ivh –nodeps –force mysql-server-3.23.58-9.i386.rpm

* Rpm packaged files contains certain digests and signatures which ensure the integrity and origin of the package. Digital signatures cannot be verified without a public encryption key and this can be imported using the command line below $ rpm --import /usr/share/rhn/RPM-GPG-KEY

9.1.4. Installing Source Rpms Sometimes the packages you want to install need to be compiled in order to match your kernel version. This requires you to use source RPM files:

* Download the source RPMs which usually have a file extension ending with (.src.rpm). * Run the following commands as root. Compiling and installing source RPMs can be done simply with the rpmbuild command. * rpmbuild is used to build both binary and source software packages. * Packages come in two varieties: binary packages, used to encapsulate software to be installed, and source packages, containing the source code and recipe necessary to produce binary packages. $ rpmbuild --rebuild filename.src.rpm * Here is an example in which we install the tac_plus package. $ rpmbuild --rebuild tac_plus-4.0.3-2.src.rpm Installing tac_plus-4.0.3-2.src.rpm Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.61594 + umask 022 + cd /usr/src/redhat/BUILD + cd /usr/src/redhat/BUILD + rm -rf tac_plus-4.0.3 + /usr/bin/gzip -dc /usr/src/redhat/SOURCES/tac_plus-4.0.3.tgz + tar -xvvf ... ... + umask 022 + cd /usr/src/redhat/BUILD + rm -rf tac_plus-4.0.3

+ exit 0

* The compiled RPM file can now be found in one of the architecture subdirectories under /usr/src/redhat/RPMS directory. * For example, if you compiled an i386 architecture version of the RPM it will be placed in the i386 subdirectory (/usr/src/redhat/RPMS/i386). * You will then have to install the compiled RPMs found in their respective subdirectories as you normally would. 9.1.5. Listing Installed RPMs

* The rpm -qa command will list all the packages installed on your system. $ rpm –qa * You could use rpm -q package-name command to find an installed package if you know the package name. $ rpm –q openssh * If you are not sure of the package name, the command line that can be used is $ rpm –qa |grep ssh 9.1.6. Listing Files Associated with RPMs

* Sometimes you'll find yourself installing software that terminates with an error requesting the presence of a particular file. In many cases the installation program doesn't state the RPM package in which the file can be found. It is therefore important to be able to determine the origin of certain files, by listing the contents for RPMs in which you suspect the files might reside. 9.1.6.1). Listing Files for Already Installed RPMs

* You can use the -ql qualifier to list all the files associated with an installed RPM. * In this example we test to make sure that the openssh package is installed using the -q qualifier. $ rpm -q openssh * And then we use the -ql qualifier to get the file listing. # rpm -ql openssh /etc/ssh /etc/ssh/moduli /usr/bin/ssh-keygen /usr/libexec/openssh /usr/libexec/openssh/ssh-keysign /usr/share/doc/openssh-3.5p1 /usr/share/doc/openssh-3.5p1/CREDITS /usr/share/doc/openssh-3.5p1/ChangeLog /usr/share/doc/openssh-3.5p1/INSTALL /usr/share/doc/openssh-3.5p1/LICENCE /usr/share/doc/openssh-3.5p1/OVERVIEW /usr/share/doc/openssh-3.5p1/README /usr/share/man/man8/ssh-keysign.8.gz

9.1.6.2). Listing Files in RPM Files

Suppose you have downloaded an rpm and you want to see all the files inside the RPM archive, you can do this using the -qpl qualifier as below: $ rpm -qpl dhcp-3.0pl1-23.i386.rpm

9.1.6.3). Listing the RPM to Which a File Belongs

* You might need to know the RPM that was used to install a particular file. This is useful when you have a suspicion about the function of a file but are not entirely sure. * For example, the MySQL RPM uses the /etc/my.cnf file as its configuration file, not a file named /etc/mysql.conf as you'd normally expect. So you may check the rpm to which this particular files belongs using the command line below. $ rpm -qf /etc/my.cnf mysql-3.23.58-9 * Note that this will work only if the rpm package you are querying is already installed on the machine. 9.1.7. Uninstalling Rpms

* The rpm -e command will erase an installed package. The package name given must match that listed in the rpm -qa command because the version of the package is important. * Example : $ rpm -e package-name $ rpm –e mysql-3.23.58-9 9.2. Software Installations from Source using Tarballs

* The tar file installation process usually requires you first to uncompress and extract the contents of the archive in a local subdirectory, which frequently has the same name as the tar file. * The subdirectory will usually contain a file called README or INSTALL, which outlines all the customized steps to install the software.

9.2.1. The GCC Compiler

* The gcc C and C++ compiler is used to compile software on your system, most importantly the kernel. So in case they are not present you need to install them or upgrade then. * The newest version of gcc is found on the Linux FTP sites. On sunsite.unc.edu, it is found in the directory /pub/Linux/GCC (along with the libraries) eg: ftp://sunsite.unc.edu/pub/Linux/GCC. There should be a release file for the gcc distribution detailing what files you need to download and how to install them.

9.2.2. Steps for installing from Tarball

1. Download the tarball using wget to /opt or some temporary directory. For example, $ wget http://prdownloads.sourceforge.net/gaim/gaim-1.1.3.tar.gz

2. The tarball format will be generally .tgz or tar.gz or sometimes .tbzip or tar.bz. The tar.gz file has to be uncompressed and unarchived using the command line below. $ tar –xvzf gaim-1.1.3.tar.gz * This would create a directory called gaim-1.1.3 within the current directory and unzip all the files within that new directory. 1. Once this is complete the installation instructions will ask you to execute the 3 basic commands : configure, make & make install. First goto the gaim-1.1.3. directory to run the above commands. $ cd gaim-1.1.3 $ ./configure *

The above command makes the shell run the script named 'configure' which exists in the current directory. The configure checks for lots of dependencies on your system. * If any of the major requirements are missing on your system, the configure script would exit and you cannot proceed with the installation, until you get those required things. * The main job of the configure script is to create a ' Makefile ' . Depending on the results of the tests (checks) that the configure script performed ,it would write down the various steps that need to be taken (while compiling the software) in the file named Makefile.

4. ‘make’ is actually a utility which exists on almost all Unix systems and it requires a file named Makefile in the same directory in which you run make. The make utility compiles all your program code and creates the executables. It sets the sequence for the events using ‘labels’ so that your program does not complain about missing dependencies.Hence step to do is ‘make’ under the directory game-1.1.3 $ make 5. One of the labels present in the Makefile happens to be named 'install' and when you run ‘make’ with install as the parameter, the make utility searches for a label named install within the Makefile, and executes only that section of the Makefile. The install section happens to be only a part where the executables and other required files created during the last step (i.e. make) are copied into the required final directories on your machine.( eg: /bin, /usr/bin or /usr/sbin) .Similarly all the other files are also copied to the standard directories in Linux $ make install

9.3. Linux Kernel Recompilation

Linux is a shining example of the power of the Open Source movement as a positive force of change in the software industry. * The Linux kernel, the core of any Linux distribution, is constantly evolving to incorporate new technologies and improve performance, scalability, support, and usability.

* Many of these enhancements are related to adding support for additional architectures, processors, buses, interfaces, and devices. * In addition to new features, each new stable Linux kernel version provides many improvements that standardize its internal interfaces, extend the performance and size of supported devices, and simplify adding support for new devices and subsystems to the kernel. * The kernel is the heart of the Linux operating system, managing all system threads, processes, resources, and resource allocation. * Unlike most other operating systems, Linux enables users to reconfigure the kernel, which is usually done to reduce its size, add or deactivate support for specific devices or subsystems, or both. 9.3.1. Linux kernel – A Modular Kernel

* Modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. * For example, one type of kernel module is the device driver, which allows the kernel to access hardware connected to the system. * Without modules, we would have to build monolithic kernels and add new functionality directly into the kernel image. Besides having larger kernels, this has the disadvantage of requiring us to rebuild and reboot the kernel every time we want new functionality. * You can see the modules that are already loaded into the kernel using the lsmod command which gets its information by reading the file /proc/modules. $ lsmod 9.3.2. Recompiling the kernel

9.3.2.1) PreRequisites

* You need to have the latest version of GCC installed before going ahead with the recompile. *

You need to have enough disk space in the partition which has the /usr/src/ directory. * Also for 2.6 kernel versions and above , it would be required to install the modutils and mod-init-tools package using the steps below: To install modutils using an rpm installation Download the latest version of modutils rpm from http://www.kernel.org/pub/linux/kernel/people/rusty/modules/ To compile this source rpm – follow the steps below rpmbuild --rebuild modutils-2.4.22.src.rpm cd /usr/src/redhat/RPMS/i386 rpm –ivh modutils-2.4.22.rpm To install modutils using an rpm installation $ wget http://www.kernel.org/pub/linux/kernel/people/rusty/modules/moduleinit-tools-3.0.tar.gz $ tar -zxvf module-init-tools-3.0.tar.gz $ cd module-init-tools-3.0/ $ ./configure --prefix="" $ make $ make install $ ./generate-modprobe.conf /etc/modprobe.conf

9.3.2.2) Checking the current kernel and Redhat version

* The current running version of the kernel can be checked using the command “uname –a†$ uname –a Linux educarma.com 2.4.20-8 #1 Thu Mar 13 17:18:24 EST 2003 i686 athlon i386 GNU/Linux

* The example above shows that the system is running the kernel version 2.4.20-8 * The running version of Redhat can be checked using the command line below $ cat /etc/redhat-release

9.3.2.3). Kernel Recompilation Steps

1. Download the latest source from ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-2.6.10.tar.gz 2. Download the above source to the folder /usr/src. 3. Uncompress the above source using the commandline below and goto that folder. $ tar –xzvf linux-2.6.10.tar.gz $ cd /usr/src/linux-2.6.10

4. Do the step below to build the source tree. And “make mrproper" deletes your old .config file if you are rebuilding the kernel. $ make mrproper

5. Configuration : Use one of the following tools to create the .config file. This gives you the chance to choose what goes into the kernel. You can choose support for many of the latest capabilities, device drivers, and can tune the kernel for particular uses. Pick one of the following and type the command line from the directory /usr/src/linux-2.6.10: * $ make config (Bash shell script) OR * $make menuconfig (uses text window curses) OR *

$make xconfig - recommended due to online help feature and intuitive interface. Save configuration to file: .config OR * $ make oldconfig Build a configuration file based on defaults found in current .config file. On using menuconfig, menuconfig note the symbols below * <*> = Compile into kernel * (y) as a Built-in module * <M> = Compile as a module (m)

6. Compile : Make sure the compiling is done from the directory /usr/src/linux-2.6.10. The steps to be followed are listed below * $ make dep ( make or build the dependencies for your chosen configuration, deprecated for 2.6.10 kernel version and above). * Do a ‘make distclean’ to clean up junk from old compiles ( in case the same kernel is being compiled again). $ make distclean Or $ make clean * The next step is to create the new kernel and then move it to /boot/vmlinuz. bzImage is a very compressed kernel image. $ make bzImage

8. Compile the kernel modules $ make modules ====== To compile the kernel modules $ make modules_install ===== Generates the file

/lib/modules/2.6.10/modules.dep.

9. Install : Follow the steps below to install the new kernel. $ ln –s /usr/src/linux-2.6.10 /usr/src/linux $ make install * Make install actually does the steps below, so please make sure that its taken care off. $ mv /usr/src/linux/arch/i386/boot/bzImage /boot/vmlinuz-2.6.10 $ ln -s /boot/vmlinuz-2.6.10 /boot/vmlinuz $ mv /usr/src/linux-2.6.0/System.map /boot/System.map $ ln –s /boot/System.map /boot/System.map-2.6.10

* System.map file : The kernel has symbols, just like the programs you write. The difference is, of course, that the kernel is a very complicated piece of coding and has many, many global symbols. The kernel doesn't use symbol names. It's much happier knowing a variable or function name by the variable or function's address. The kernel is mainly written in C, so the compiler/linker allows us to use symbol names when we code and allows the kernel to use addresses when it runs.

* There are situations, however, where we need to know the address of a symbol (or the symbol for an address). This is done by a symbol table. symbol table is a listing of all symbols along with their address.

* Every time you compile a new kernel, the addresses of various symbol names are bound to change. System.map is an actual file on your filesystem. When you compile a new kernel, your old System.map has wrong symbol information. A new System.map is generated with each kernel compile and you need to replace the old copy with your new copy.

10. Make the initrd image Execute the following command which creates the initrd image file used to let the system boot.

* For modular kernel, during booting this image loads hardware drivers which are not built into the kernel. * The purpose of the initial RAM disk is to allow a modular kernel to have access to modules that it might need to boot from before the kernel has access to the device where the modules normally reside. * It uses an empty directory called /initrd and if this directory is found missing, the kernel will give a “kernel panic†and fail to boot. $ mkinitrd /boot/initrd-2.6.10.img linux-2.6.10 The second argument is the name of the sub-directory of the modules under the directory /lib/modules/

11. Configure the boot loader lilo : Lilo must point to the new kernel. Edit /etc/lilo.conf and add a new image statement to point to the new kernel. Keep the old as backup in case you need to boot using that.

A sample lilo.conf file

Sample lilo.conf: boot=/dev/hda map=/boot/map - Locations on hard drive where the kernel can be found for boot install=/boot/boot.b prompt timeout=50 linear - Specific to SCSI configurations default=linux

image=/boot/vmlinuz-2.4.3 - Old kernel label=linux - Label/Name to be displayed by Lilo boot manager

initrd=/boot/initrd-2.4-3.img read-only root=/dev/hda1

image=/boot/vmlinuz-2.6.10 --- New kernel label=linux-2.6.10 ---- Label for the new kernel initrd=/boot/initrd-2.6.10.img read-only root=/dev/hda1

11. Install lilo : Run /sbin/lilo -v to configure the master boot record with data from lilo.conf $ /sbin/lilo –v

The kernel recompilation is through and you are now ready to boot the machine on the new kernel. If you do not want to change the default boot image and boot the kernel on the new image only in the next boot, call lilo using $ lilo –R linux-2.6.10

13. Reboot the machine using the command line below. $ reboot

9.3.3. Command Line Tools for Kernel level administration

9.3.3.1). Kernel Modules Management

* Modules are used to reduce the amount of memory used to hold the kernel. *

There is a slight penalty for the time taken to load and unload the module. * If the code is required for general operation of the kernel or is needed often or required by the boot process, it is best to compile it into the kernel and it should NOT be compiled as a module. Commands :

* The kernel will use the modprobe utility (/sbin/modprobe) to determine if the module is compatible with the kernel. * The program used is specified by a proc file: $ cat /proc/sys/kernel/modprobe * Modules are loaded by init scripts which call insmod/rmmod to load/unload modules. List of modules are held in /etc/modules.conf.

Command

Description

lsmod

List loaded modules insmod

Inserts a module into the active kernel $ insmod usb-uhci rmmod

Remove a loaded module. Just specify the module name. No ".o" or path necessary. $ rmmod usb-uhci modprobe

High level handling of loadable modules. Loads module and dependancies. depmod

Creates dependencies file for a module (used by modprobe) modinfo

Display information about a kernel module

Other useful commands: * List Processor type: $ cat /proc/cpuinfo * List devices: $ cat /proc/devices * List pci devices $ lspci * List usb devices $ lsusb * List IO ports (device address used by drivers): $ cat /proc/ioports * List DMA channels: $ cat /proc/dma * View interrupts used by the system:

$ cat /proc/interrupts * Display boot messages: $ dmesg * Display sound driver status: $ cat /dev/sndstat 9.4 . More About Lilo and Grub 9.4.1. Grub (Grand Unified Boot loader)

* Briefly, a boot loader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to an operating system kernel software. * Grub can load a wide variety of operating systems and other proprietary operating systems like windows using chain loading. * Chain loading is a method by which another boot loader is loaded to boot the unsupported operating system.

Some of the advantages of Grub are 1. Recognize multiple executable formats 2. Support non-Multiboot kernels 3. Load multiple modules 4. Load a configuration file 5. Provide a menu interface 6. Have a flexible command-line interface 7. Support multiple filesystem types

8. Support automatic decompression 9. Access data on any installed device 10. Be independent of drive geometry translations 11. Detect all installed RAM 12. Support Logical Block Address mode 13. Support network booting via ftp 14. Support remote terminals ( serial ) 9.4.1.1). Stages in Grub Loading

GRUB loads itself into memory in the following stages: * The Stage 1 or primary boot loader is read into memory by the BIOS from the MBR. The primary boot loader exists on less than 512 bytes of disk space within the MBR and is capable of loading either the Stage 1.5 or Stage 2 boot loader. * The Stage 1.5 boot loader is read into memory by the Stage 1 boot loader, if necessary. Some hardware requires an intermediate step to get to the Stage 2 boot loader. This is sometimes true when the /boot partition is above the 1024 cylinder head of the hard drive or when using LBA mode. The Stage 1.5 boot loader is found either on the /boot partition or on a small part of the MBR and the /boot partition. * The Stage 2 or secondary boot loader is read into memory. The secondary boot loader displays the GRUB menu and command environment. This interface allows you to select which operating system or Linux kernel to boot, pass arguments to the kernel, or look at system parameters, such as available RAM. * The secondary boot loader reads the operating system or kernel and initrd into memory. Once GRUB determines which operating system to start, it loads it into memory and transfers control of the machine to that operating system.

9.4.1.2). Direct Loading and Chain Loading Booting Methods

* The boot method used to boot Red Hat Linux is called the direct loading method because the boot loader loads the operating system directly. There is no intermediary between the boot loader and the kernel. * The boot process used by other operating systems may differ. For example, Microsoft's DOS and Windows operating systems, as well as various other proprietary operating systems, are loaded using a chain loading boot method. * Under this method, the MBR points to the first sector of the partition holding the operating system. There it finds the files necessary to actually boot that operating system. * GRUB supports both direct and chain-loading boot methods, allowing it to boot almost any operating system.

9.4.1.3). Naming Conventions and Partitions used by Grub

GRUB uses the following rules when naming devices and partitions: * It does not matter if system hard drives are IDE or SCSI. All hard drives start with hd. Floppy disks start with fd. * To specify an entire device without respect to its partitions, leave off the comma and the partition number. This is important when telling GRUB to configure the MBR for a particular disk. For example, (hd0) specifies the MBR on the first device and (hd3) specifies the MBR on the fourth device.

File Names and Blocklists

* When typing commands to GRUB involving a file, such as a menu list to use when allowing the booting of multiple operating systems, it is necessary to include the file immediately after specifying the device and partition. *

Most of the time, you will be specifying files by their path on that partition plus the file's name. This is rather straightforward. An example is (hd0,0)/grub/grub.conf. * It is also possible to specify files to GRUB that do not actually appear in the file system, such as a chain loader that appears in the first few blocks of a partition. * To specify these files, you must provide a blocklist, which tells GRUB, block by block, where the file is located in the partition, since a file can be comprised of several different sets of blocks, there is a specific way to write blocklists. * Each file's section location is described by an offset number of blocks and then a number of blocks from that offset point, and the sections are put together in a comma-delimited order. The following is a sample blocklist: 0+50,100+25,200+1 This blocklist tells GRUB to use a file that starts at the first block on the partition and uses blocks 0 through 49, 99 through 124, and 199. * Knowing how to write blocklists is useful when using GRUB to load operating systems that use chain loading, such as Microsoft Windows. * It is possible to leave off the offset number of blocks if starting at block 0. As an example, the chain loading file in the first partition of the first hard drive would have the following name: (hd0,0)+1 * You can also use the chainloader command with a similar blocklist designation at the GRUB command line after setting the correct device and partition as root: chainloader +1

GRUB's Root File System

* The GRUB root file system is the root partition for a particular device. GRUB uses this information to mount the device and load files from it.

* With Red Hat Linux, once GRUB has loaded its root partition (which equates to the /boot partition and contains the Linux kernel), the kernel command can be executed with the location of the kernel file as an option. Naming convention used by grub to identify devices

* First of all grub requires the device names to be enclosed with ( and ). For example, * GRUB uses its own unique partition numbering scheme; it starts from 0. * hd0,0 means the first partition of the first drive, or hda1. Both SCSI and IDE drives are represented by hd. GRUB numbers sequentially, from zero: hda1 hd0,0 First partition of the first drive hda2 hd0,1 Second partition of the first drive hda3 hd0,2 Third partition of the first drive hda4 hd0,3 Fourth partition of the first drive

* But that's not all. Remember, the standard Linux partition table is like this: 1-4 primary partitions 5-up extended partitions

In GRUB, it's like this: 0-3 primary partitions 4-up extended partitions

* To specify a file on the first partition of the first drive, use the command as, (hd0,0)/vmlinuz. This specifies the file named vmlinuz.

9.4.1.4). Installing and Booting Grub

How to install Grub

* First install the grub system and utilities from the tar ball or the package available for your system. On redhat linux it is, grub-0.94-5. * Install the boot loader. This could be done using the grub binary named as grub-install. $ grub-install /dev/hda OR $ grub-install /dev/hd0 * This will install grub on the MBR of the first hard disk. * If you have a separate boot partition then grub should be installed as, $ grub-install --root-directory=/boot /dev/hda

How to boot operating systems GRUB has two distinct boot methods. * One of the two is to load an operating system directly, and * the other is to chain-load another boot loader which then will load an actual operating system. * However, the latter is sometimes required, since GRUB doesn't support all the existing operating systems natively.

GRUB image files

GRUB consists of several images: two essential stages, optional stages called Stage 1.5.

* Stage1 Image This is an essential image used for booting up GRUB. Usually, this is embedded in an MBR or the boot sector of a partition. o Because a PC boot sector is 512 bytes, the size of this image is exactly 512 bytes. o All stage1 must do is to load Stage 2 or Stage 1.5 from a local disk. o Because of the size restriction, stage1 encodes the location of Stage 2 (or Stage 1.5) in a block list format, so it never understand any filesystem structure. * Stage2 Image This is the core image of GRUB. It does everything but booting up itself. 9.4.1.5). GRUB Interfaces

GRUB features three interfaces, which provide different levels of functionality. Each of these interfaces allows users to boot operating systems, and move between interfaces within the GRUB environment.

1. Menu Interface

* If GRUB was automatically configured by the Red Hat Linux installation program, this is the interface shown by default. * A menu of operating systems or kernels preconfigured with their own boot commands are displayed as a list, ordered by name. * Use the arrow keys to select an option other than the default selection and press the [Enter] key to boot it. Alternatively, a timeout period is set, so that GRUB will start loading the default option. * From the menu interface, press the [e] key to enter the entry editor interface or the [c] key to load a command line interface.

2. Menu Entry Editor Interface

* To access the menu entry editor, press the [e] key from the boot loader menu interface. * The GRUB commands for that entry are displayed here, and users may alter these command lines before booting the operating system by adding a command line such as below. * [o] inserts the new line after the current line and [O] before it, editing one ([e]), or deleting one ([d]). * After all changes are made, hit the [b] key to execute the commands and boot the operating system. * The [Esc] key discards any changes and reloads the standard menu interface. * The [c] key will load the command line interface. * This method can be used to boot linux in “single userâ€

mode.

3. Command Line Interface

* The command line is the most basic GRUB interface, but it is also the one that grants the most control. * The command line makes it possible to type any relevant GRUB commands followed by the [Enter] key to execute them. * This interface features some advanced shell-like features, including [Tab] key completion, based on context, and [Ctrl] key combinations when typing commands, such as [Ctrl]-[a] to move to the beginning of a line, and [Ctrl]-[e] to move to the end of a line. *

In addition, the arrow, [Home], [End], and [Delete] keys work as they do in the bash shell. * The grub commandline can be accessed from a normal bash shell on linux systems where grub is installed using the command “grub†$ grub

Order of Interface Use

* When the GRUB environment loads the second stage boot loader, it looks for its configuration file. * When found, it uses the configuration file to build the menu list and displays the boot menu interface. * If the configuration file cannot be found, or if the configuration file is unreadable, GRUB will load the command line interface to allow users to manually type the commands necessary to boot an operating system. * If the configuration file is not valid, GRUB will print out the error and ask for input. This can be very helpful, because users will then be able to see precisely where the problem occurred and fix it in the file. * Pressing any key will reload the menu interface, where it is then possible to edit the menu option and correct the problem based on the error reported by GRUB. If the correction fails, the error is reported and GRUB will begin again. 9.4.1.6). GRUB Commands

* GRUB allows a number of useful commands in its command line interface. * Some of the commands accept options after their name; these options should be separated from the command and other options on that line by space characters. The following is a list of useful commands: * boot — Boots the operating system or chain loader that has been previously specified and loaded.

* chainloader — Loads the specified file as a chain loader. To grab the file at the first sector of the specified partition, use +1 as the file's name. +1' indicates that GRUB should read one sector from the start of the partition * displaymem — Displays the current use of memory, based on information from the BIOS. This is useful to determine how much RAM a system has prior to booting it.

* initrd — Enables users to specify an initial RAM disk to use when booting. An initrd is necessary when the kernel needs certain modules in order to boot properly, such as when the root partition is formated with the ext3 file system.

* install <stage-1> <stage-2> p — Installs GRUB to the system MBR. When using the install command the user must specify the following: o <stage-1> — Signifies a device, partition, and file where the first boot loader image can be found, such as (hd0,0)/grub/stage1. o — Specifies the disk where the stage 1 boot loader should be installed, such as (hd0). o <stage-2> — Passes to the stage 1 boot loader the location of where the stage 2 boot loader is located, such as (hd0,0)/grub/stage2. o p — This option tells the install command to look for the menu configuration file specified by . An example of a valid path to the configuration file is (hd0,0)/grub/grub.conf. Eg: install /grub/stage1 (hd0) /grub/stage2 p /grub/grub.conf * kernel — Specifies the kernel file to load from GRUB's root file system when using direct loading to boot the operating system. Options can follow the kernel command and will be passed to the kernel when it is loaded. For Red Hat Linux, an example kernel command looks like the following:

kernel /vmlinuz root=/dev/hda1

Example to load a Linux kernel from grub command line: grub> kernel (hd0,1)/boot/vmlinuz root=/dev/hda2 grub> boot * This line specifies that the vmlinuz file is loaded from GRUB's root file system, such as (hd0,0). * An option is also passed to the kernel specifying that when loading the root file system for the Linux kernel, it should be on hda5, the fifth partition on the first IDE hard drive. Multiple options may be placed after this option, if needed. * root <device-and-partition> — Configures GRUB's root partition to be a specific device and partition, such as (hd0,0), and mounts the partition so that files can be read. * rootnoverify <device-and-partition> — Performs the same functions as the root command but does not mount the partition.

9.4.1.7). GRUB Menu Configuration File

* The configuration file (/boot/grub/grub.conf), which is used to create the list of operating systems to boot in GRUB's menu interface, essentially allows the user to select a pre-set group of commands to execute.

Special Configuration File Commands The following commands can only be used in the GRUB menu configuration file: * color <normal-color> <selected-color> — Allows specific colors to be used in the menu, where two colors are configured as the foreground and background. Use simple color names, such as red/black. * default — The default entry title name that will be loaded if the menu interface times out.

* fallback — If used, the entry title name to try if first attempt fails. * hiddenmenu — If used, prevents the GRUB menu interface from being displayed, loading the default entry when the timeout period expires. The user can see the standard GRUB menu by pressing the key. * password <password> — If used, prevents a user who does not know the password from editing the entries for this menu option. * timeout — If used, sets the interval, in seconds, before GRUB loads the entry designated by the default command. * splashimage — Specifies the location of the splash screen image to be used when GRUB boots. * title — Sets a title to be used with a particular group of commands used to load an operating system. * The hash mark (#) character can be used at the beginning of a line to place comments in the menu configuration file.

Configuration File Structure * The GRUB menu interface configuration file is /boot/grub/grub.conf. * The commands to set the global preferences for the menu interface are placed at the top of the file, followed by the different entries for each of the operating systems or kernels listed in the menu. * The following is a very basic GRUB menu configuration file designed to boot either Red Hat Linux and Microsoft Windows 2000:

default=0 fallback=1 timeout=10 splashimage=(hd0,0)/grub/splash.xpm.gz

# section to load linux title Red Hat Linux (2.4.20) root (hd0,0) kernel /vmlinuz-2.4.20 ro root=/dev/hda2 initrd /initrd-2.4.20.img

# section to load Windows 2000 title windows rootnoverify (hd0,0) chainloader +1

* This file tells GRUB to build a menu with Red Hat Linux as the default operating system and sets it to autoboot after 10 seconds. * Two sections are given, one for each operating system entry, with commands specific to the system disk partition table. * Note that the default is specified as a number. This refers to the first title line GRUB comes across. * If you want windows to be the default, change the default=0 to default=1. * chainloader +1 boots the windows partition from the first sector of the first hard drive.

9.4.1.8). Changing Runlevels at Boot Time

If you are using GRUB as your boot loader, follow these steps: * In the graphical GRUB boot loader screen, select the Red Hat Linux boot label and press [e] to edit it. *

Arrow down to the kernel line and press [e] to edit it. * At the prompt, type the number of the runlevel you wish to boot into (1 through 5), or the word single and press [Enter]. * You will be returned to the GRUB screen with the kernel information. Press the [b] key to boot the system. 9.4.2. LILO or Linux Loader

* LILO stands for Linux Loader. * The Linux Loader or LILO is one of the most popular methods of booting into Linux.It is the Linux boot manager that is either written to the Master Boot Record of your hard drive or to the first sector of your hard drive. * It also allows you to choose which operating system to load if you have multiple operating systems on your machine. It also allows you to boot different Linux kernel versions if you want. * Because of this, its a very flexible boot loader.

LILO vs. GRUB

In general, LILO works similarly to GRUB except for three major differences: 1. It has no interactive command interface and only allows one command with arguments. 2. It stores information about the location of the kernel or other operating system it is to load on the MBR. 3. It cannot read ext2 partitions.

*

The last two points mean that if you change LILO's configuration file or install a new kernel, you must rewrite the Stage 1 LILO boot loader to the MBR by issuing the /sbin/lilo -v command. * This is more risky than GRUB's method, because a misconfigured MBR leaves the system unbootable. With GRUB, if the configuration file is erroneously configured, it will simply default to its command line interface. 9.4.2.1). LILO Booting stages

* LILO loads itself into memory almost identically to GRUB, except it is only a two stage loader. 1. The Stage 1 or primary boot loader is read into memory by the BIOS from the MBR. The primary boot loader exists on less than 512 bytes of disk space within the MBR. The only thing it does is load the Stage 2 boot loader and pass to it disk geometry information. 2. The Stage 2 or secondary boot loader is read into memory. The secondary boot loader displays the Red Hat Linux initial screen. This screen allows you to select which operating system or Linux kernel to boot. 3. The Stage 2 boot loader reads the operating system or kernel and initrd into memory. Once LILO determines which operating system to start, it loads it into memory and hands control of the machine to that operating system. 9.4.2.2) Lilo Configuration File

* Default Configuration : During the installation of Linux, you are given the option to install LILO as your boot manager. If you choose to install it, the LILO configuration file is usually in the /etc/lilo.conf (the default for RedHat).

* A typical configuration file will look like the following: boot=/dev/hda map=/boot/map

install=/boot/boot.b prompt timeout=50 message=/boot/message lba32 default=linux append="hdc=ide-scsi" image=/boot/vmlinuz-2.2.5-15 label=linux root=/dev/hda3 initrd=/boot/initrd-2.2.5-15.img read-only other=/dev/hda1 label=dos

The following is a more detailed look at the lines of this file: * boot= /dev/hda — Instructs LILO to be installed on the first hard disk of the first IDE controller. * map=/boot/map — Locates the map file. In normal use, this should not be modified. * install=/boot/boot.b — Instructs LILO to install the specified file as the new boot sector. In normal use, this should not be altered. If the install line is missing, LILO assumes a default of /boot/boot.b as the file to be used. * prompt — Instructs LILO to show you whatever is referenced in the message line. While it is not recommended that you remove the prompt line, if you do remove it, you can still access a prompt by holding down the [Shift] key while your machine starts to boot. * timeout=50 — Sets the amount of time that LILO waits for user input before proceeding with booting the default line entry. This is measured in tenths of a second, with 50 as the default.

* message=/boot/message — Refers to the screen that LILO displays to let you select the operating system or kernel to boot. * lba32 — Describes the hard disk geometry to LILO. Another common entry here is linear. You should not change this line unless you are very aware of what you are doing. Otherwise, you could put your system in an unbootable state. * default=linux — Refers to the default operating system for LILO to boot as seen in the options listed below this line. The name linux refers to the label line below in each of the boot options. * image=/boot/vmlinuz-2.2.5-15— Specifies which Linux kernel to boot with this particular boot option. * label=linux — Names the operating system option in the LILO screen. In this case, it is also the name referred to by the default line. * initrd=/boot/initrd-2.2.5-15.img — Refers to the initial ram disk image that is used at boot time to initialize and start the devices that makes booting the kernel possible. The initial ram disk is a collection of machine-specific drivers necessary to operate a SCSI card, hard drive, or any other device needed to load the kernel. You should never try to share initial ram disks between machines. * read-only — Specifies that the root partition (refer to the root line below) is read-only and cannot be altered during the boot process. * root=/dev/hda3 — Specifies which disk partition to use as the root partition. * other=/dev/hda1 — Specifies the partition containing DOS. * append="hdc=ide-scsi" allows you to pass parameters to the kernel at boot without any intervention from you. This can be a global setting or a per-image setting. Just enter the parameters that are to be passed to the kernel within double-quotes. The advantage is that you don't have to pass the parameters to Linux at every boot. Here using the append statement, you can tell Linux to use the ide-scsi module for /dev/hdc.

9.4.2.3). Installing lilo

*

After editing the configuration file to include additional operating systems or additional kernels, the lilo command must be run for your changes to take effect. $ /sbin/lilo OR $ lilo * To add multiple kernel images, they can be appended to the /etc/lilo.conf file * To get a more verbose description of the labels thta have been added by lilo, use the option $ lilo –v * To instruct lilo to use a specific kernel only on the next reboot without changing the default in the /etc/lilo.conf file, use the option $ lilo –R

9.4.2.4). Changing Runlevel at Boot Time * If you use LILO as your boot loader, access the boot: prompt by typing [Ctrl]-[X]. Then type: linux Eg: linux single linux 5

* Replace number with either the number of the runlevel you wish to boot into (1 through 5), or the word single to boot into single user mode. 10. LINUX SERVICES 10.1. Open SSH Server

The openssh is a free, open source implementation of the SSH (Secure shell) protocols.

* It replaces telnet, ftp, rlogin, rsh, and rcp with secure, encrypted network connectivity tools. * OpenSSH supports versions 1.3, 1.5, and 2 of the SSH protocol. Since OpenSSH version 2.9, the default protocol is version 2, which uses RSA keys as the default. * Another reason to use OpenSSH is that it automatically forwards the DISPLAY variable to the client machine. In other words, if you are running the X Window System on your local machine, and you log in to a remote machine using the ssh command, when you execute a program on the remote machine that requires X, it will be displayed on your local machine. * This is convenient if you prefer graphical system administration tools but do not always have physical access to your server.

10.1.1. Configuring an OpenSSH server

* To run an OpenSSH server you require two packages, openssh-server package openssh package * You can use ‘rpm –qa’ to see the version of openssh-server and openssh package installed on the server $ rpm –qa openssh $ rpm –qa openssh-server * The configuration file used by ssh is /etc/ssh/sshd_config. * The port on which sshd listens to by default is port 22 * To start the service use the command $ /sbin/service sshd start *

To stop the server use the command $ /sbin/service sshd stop

10.1.2. Configuring an OpenSSH Client

* ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. * It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. * The packages required for an OpenSSH client are o openssh-clients o openssh 10.1.2.1). Using the SSH command

* Logging in to a remote machine with ssh is similar to using telnet. * To log in to a remote machine named penguin.example.net, type the following command at a shell prompt: $ ssh [-l login_name] hostname OR user@hostname [command] * If you don’t use –l command the login name will be the username initiating the connection. ie If you are logged in as x then the username will be x unless specified by the –l <username> option. * Use the option –p to specify a port at the remote machine if sshd is not running at the standard port 22. * To disable X11 forwarding use the option –x. $ ssh penguin.example.net

* The first time you ssh to a remote machine, you will see a message similar to the following. ########################## The authenticity of host 'penguin.example.net' can't be established. DSA key fingerprint is 94:68:3a:3a:bc:f3:9a:9b:01:5d:b3:07:38:e2:11:0c. Are you sure you want to continue connecting (yes/no)? Type yes to continue. This will add the server to your list of known hosts as seen in the following message: Warning: Permanently added 'penguin.example.net' (DSA) to the list of known hosts. ##########################

* Next, you'll see a prompt asking for your password for the remote machine. After entering your password, you will be at a shell prompt for the remote machine. * If you use ssh without any command line options, the username that you are logged in as on the local client machine is passed to the remote machine. * The ssh command can be used to execute a command on the remote machine without logging in to a shell prompt. * For example, if you want to execute the command ‘ls /usr/share/doc’ on the remote machine penguin.example.net, type the following command at a shell prompt: $ ssh penguin.example.net ls /usr/share/doc After you enter the correct password, the contents of /usr/share/doc will be displayed, and you will return to your shell prompt.

10.1.2.2). Using the scp Command

*

The scp command can be used to transfer files between machines over a secure, encrypted connection. It is similar to rcp. * The general syntax to transfer a local file to a remote system is $ scp localfile username@tohostname:/newfilename.

* The localfile specifies the source, and the group username@tohostname:/newfilename specifies the destination. * To transfer the local file /root/testfile to your account on penguin.educarma.com, type the following at a shell prompt (replace username with your username):

$ scp /root/testfile :/home/username

* This will transfer the local file /root/testfile to /home/username/testfile on penguin.educarma.com. * The general syntax to transfer a remote file to the local system is $ scp username@tohostname:/remotefile /newlocalfile * The remotefile specifies the path of the file on the remote machine, and newlocalfile specifies the destination. * Multiple files can be specified as the source files. For example, to transfer the contents of the directory /downloads to an existing directory called uploads on the remote machine penguin.educarma.com, type the following at a shell prompt: $ scp /downloads/* :/uploads/ 10.1.2.3). Using the sftp Command

* The sftp utility can be used to open a secure, interactive FTP session. *

It is similar to ftp except that it uses a sec+ure, encrypted connection. * The general syntax is sftp . * Once authenticated, you can use a set of commands similar to using FTP. * The sftp utility is only available in OpenSSH version 2.5.0p1 and higher. 10.1.2.4). Generating Key Pairs

* If you do not want to enter your password every time you use ssh, scp, or sftp to connect to a remote machine, you can generate an authorization key pair. * Keys must be generated for each user. To generate keys for a user, follow the following steps as the user who wants to connect to remote machines. * If you complete the following steps as root, only root will be able to use the keys.

Generating a DSA Key Pair for Version 2

Use the following steps to generate a DSA key pair for version 2 of the SSH Protocol. * To generate a DSA key pair to work with version 2 of the protocol, type the following command at a shell prompt: $ ssh-keygen -t dsa

* Accept the default file location of ~/.ssh/id_dsa. Enter a passphrase different from your account password and confirm it by entering it again.

*

The public key is written to ~/.ssh/id_dsa.pub. The private key is written to ~/.ssh/id_dsa. It is important never to give anyone the private key. * Change the permissions of your .ssh directory using the command $ chmod 755 ~/.ssh * Copy the contents of ~/.ssh/id_dsa.pub to ~/.ssh/authorized_keys on the machine to which you want to connect. * If the file ~/.ssh/authorized_keys does not exist, you can copy the file ~/.ssh/id_dsa.pub to the file ~/.ssh/authorized_keys on the other machine

Generating an RSA Key Pair for Version 2

Use the following steps to generate a RSA key pair for version 2 of the SSH protocol. This is the default starting with OpenSSH 2.9.

* To generate a RSA key pair to work with version 2 of the protocol, type the following command at a shell prompt: $ ssh-keygen -t rsa

* Accept the default file location of ~/.ssh/id_rsa. Enter a passphrase different from your account password and confirm it by entering it again. * The public key is written to ~/.ssh/id_rsa.pub. The private key is written to ~/.ssh/id_rsa. Never distribute your private key to anyone. * Change the permissions of your .ssh directory using the command $ chmod 755 ~/.ssh * Copy the contents of ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys on the machine to which you want to connect. If the file ~/.ssh/authorized_keys does not exist, you can copy the file ~/.ssh/id_rsa.pub to the file ~/.ssh/authorized_keys on the other machine.

Generating an RSA Key Pair for Version 1.3 and 1.5

Use the following steps to generate an RSA key pair, which is used by version 1 of the SSH Protocol. If you are only connecting between Red Hat Linux 7.3 systems, you do not need an RSA version 1.3 or RSA version 1.5 key pair.

* To generate an RSA (for version 1.3 and 1.5 protocol) key pair, type the following command at a shell prompt: $ ssh-keygen -t rsa1

* Accept the default file location (~/.ssh/identity). Enter a passphrase different from your account password. Confirm the passphrase by entering it again. * The public key is written to ~/.ssh/identity.pub. The private key is written to ~/.ssh/identity. Do not give anyone the private key. * Change the permissions of your .ssh directory and your key with the commands below: $ chmod 755 ~/.ssh $ chmod 644 ~/.ssh/identity.pub * Copy the contents of ~/.ssh/identity.pub to the file ~/.ssh/authorized_keys on the machine to which you wish to connect. * If the file ~/.ssh/authorized_keys does not exist, you can copy the file ~/.ssh/identity.pub to the file ~/.ssh/authorized_keys on the remote machine. 10.2. Berkeley Internet Name Domain (BIND) Server

* In modern networks users identify other computers by their name. *

The most effective way to achieve this is by means of DNS ( Domain Name Service) or Nameserver, which resolves hostnames on the network to numerical addresses and vice versa. * DNS is usually implemented using centralized nameservers, which are authoritative to some machines, which belongs to the network the Nameserver is implemented and forward the queries to other DNS servers for other domains. * When a client host requests information from a nameserver, it usually connects to port 53. * The nameserver then attempts to resolve the FQDN based on its resolver library, which may contain authoritative information about the host requested or cached data from an earlier query. * If the nameserver does not already have the answer in its resolver library, it queries other nameservers, called root nameservers, to determine which nameservers are authoritative for the FQDN in question. * Then, with that information, it queries the authoritative nameservers to determine the IP address of the requested host. If performing a reverse lookup, the same procedure is used, except the query is made with an unknown IP address rather than a name. 10.2.1. Nameserver Zones

* On the Internet, the FQDN ( Fully Qualified Domain name) of a host can be broken down into different sections. * These sections are organized into a hierarchy much like a tree, with a main trunk, primary branches, secondary branches, and so forth. * Consider the following FQDN: bob.sales.example.com * When looking at how a FQDN is resolved to find the IP address that relates to a particular system, read the name from right to left, with each level of the hierarchy divided by periods (.). * In this example, com defines the top level domain for this FQDN. The name ‘example’ is a subdomain under com, while sales is a sub-domain under example. The name furthest to the left, bob, identifies a specific machine. *

Except for the hostname, each section is a called a zone, which defines a specific namespace. * A namespace controls the naming of the sub-domains to its left. While this example only contains two sub-domains, a FQDN must contain at least one subdomain but may include many more, depending upon how the namespace is organized. * Zones are defined on authoritative nameservers through the use of zone files, which describe the namespace of that zone, the mail servers to be used for a particular domain or sub-domain, and more. * Zone files are stored on primary nameservers (also called master nameservers), which are truly authoritative and where changes are made to the zone files, and secondary nameservers (also called slave nameservers), which receive their zone files from the primary nameservers. * Any nameserver can be a primary and secondary nameserver for different zones at the same time, and they may also be considered authoritative for multiple zones. It all depends on how the nameserver is configured. 10.2.2. Types of Nameservers

* master -- Stores original and authoritative zone records for a certain namespace, answering questions from other nameservers searching for answers concerning that namespace. * slave -- Answers queries from other nameservers concerning namespaces for which it is considered an authority. However, slave nameservers get their namespace information from master nameservers. * caching only -- Offers name to IP resolution services but is not authoritative for any zones. Answers for all resolutions are cached in memory for a fixed period of time, which is specified by the retrieved zone record. * forwarding -- Forwards requests to a specific list of nameservers for name resolution. If none of the specified nameservers can perform the resolution, the resolution fails 10.2.3. BIND as a Nameserver

* Bind performs name resolution services through the /usr/sbin/named deamon. *

Bind also includes an administration utility called /usr/sbin/rndc.

10.2.3.1). Configuration Files

/etc/named.conf : The named.conf file is a collection of statements using nested options surrounded by opening and closing ellipse characters, { }.

/var/named directory: The named working directory which stores zone, statistics, and cache files.

A typical named.conf file is organized similar to the following example:

<statement-1> ["<statement-1-name>"] [<statement-1-class>] { ; ; ; };

<statement-2> ["<statement-2-name>"] [<statement-2-class>] { ; ; ; };

Named and Bind will be discussed in more detail in later sections. 10.3. File Transfer Program or FTP

* FTP - Internet file transfer program. *

The FTP utility program is commonly used for copying files to and from other computers * Command usage, $ ftp [-pinegvd] [hostname] p – passive mode transfer i - turnoff interactive mode n – restrains ftp from attempting an auto login e – disables command editing and history support g – disables file name globbing v – shows all responses from the remote server d – enables debugging 10.3.1. FTP server/client

* The FTP server program can be proftpd, pureftpd, vsftpd which will be dealt in more detail later. * The FTP server runs on port 21 on the server and uses the tcp protocol * The FTP client server could be 3rd party softwares like wsftpd, smartftp, or the simple ftp user interface on a linux machine.

10.3.2. FTP Commandline Interface

* To connect your local machine to the remote machine, type $ ftp [options] machinename/IP_Address where machinename is the full hostname of the remote machine, or its IP address * In order to login to ftp on a remote machine, you require an ftp login username and password on the remote machine. When you enter your own loginname and password for the remote machine, it returns the prompt below which means you are connected to the ftp server on the remote machine ftp>

* Once you are logged in, ftp permits you access to your own home directory on the remote machine. * You should be able to move around in your own directory and to copy files to and from your local machine using the FTP interface commands given on the next page. FTP Active and Passive Mode FTP transfers using the FTP Protocol involve two TCP connections. The first control connection goes from the FTP client to port 21 on the FTP server. This connection is used for logon and to send commands and responses between the endpoints. Data transfers (including the output of “ls†and “dir†commands)requires a second data connection. The data connection is dependent on the mode that the client is operating in: Active Mode In active mode FTP the client connects from a random unprivileged port (N > 1024) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20 for transferring data. FTP Active Mode Data Transfer

Passive Mode Passive mode is named after the command PASV used by the client to tell the server it is in passive mode. In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1024 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1024) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data. FTP Passive Mode Data Transfer

10.3.2.1) Anonymous FTP

*

At times you may wish to copy files from a remote machine on which you do not have a loginname. This can be done using anonymous FTP. * When the remote machine asks for your loginname, you should type in the word anonymous. Instead of a password, you should enter your own electronic mail address. This allows the remote site to keep records of the anonymous FTP requests. * Once you have been logged in, you are in the anonymous directory for the remote machine. This usually contains a number of public files and directories. Again you should be able to move around in these directories. * However, you are only able to copy the files from the remote machine to your own local machine; you are not able to write on the remote machine or to delete any files there.

10.3.2.2) Common FTP Commands

FTP Command

Meaning ?

to request help or information about the FTP ascii

to set the mode of file transfer to ASCII (this is the default and transmits seven bits per character) binary

to set the mode of file transfer to binary(the binary mode transmits all eight bits per byte and thus provides less chance of a transmission error and must be used to transmit files other than ASCII files) bye

to exit the FTP environment (same as quit) close

to terminate a connection with another computer

cd

to change directory on the remote machine delete

to delete (remove) a file in the current remote directory (same as rm in UNIX) get

to copy one file from the remote machine to the local machine. > get ABC DEF --- copies file ABC in the current remote directory to a file named DEF in your current local directory. help

to request a list of all available FTP commands lcd

to change directory on your local machine (same as UNIX cd) ls

to list the names of the files in the current remote directory mget

to copy multiple files from the remote machine to the local machine; mget * ---copies all the files in the current remote directory to your current local directory, using the same filenames. mput

to copy multiple files from the local machine to the remote machine;you are prompted for a y/n answer before transferring each file mkdir

to make a new directory within the current remote put

to copy one file from the local machine to the remote machine

pwd

to find out the pathname of the current directory on the remote machine quit

to exit the FTP environment (same as bye) rmdir

remove (delete) a directory in the current remote directory open

to open a connection with another computer ftp> open carma.com 10.4. Service Manager : chkconfig ,ntsysv , xinetd

10.4.1. ChkConfig

* Chkconfig updates and queries runlevel information for system services. * chkconfig provides a simple command-line tool for maintaining the /etc/rc[0-6].d directory hierarchy by relieving system administrators of the task of directly manipulating the numerous symbolic links in those directories. * Chkconfig has five distinct functions: 1. Adding new services for management 2. Removing services from management 3. Listing the current startup information for services 4. Changing the startup information for services, and 5. Checking the startup state of a particular service. *

When chkconfig is executed without any options, it displays usage information. If only a service name is given, it checks to see if the service is configured to be started in the current runlevel. * If it is, chkconfig returns true; otherwise it returns false.The --level option may be used to have chkconfig query an alternative runlevel rather than the current one. * If one of on, off, or reset is specified after the service name, chkconfig changes the startup information for the specified service. * The on and off flags cause the service to be started or stopped, respectively, in the runlevels being changed. * The reset flag resets the startup information for the service to whatever is specified in the init script in question. * By default, the on and off options affect only runlevels 2, 3, 4, and 5, while reset affects all of the runlevels. The --level option may be used to specify which runlevels are affected. * Chkconfig requires the chkconfig rpm installed on the server.To see the version of rpm installed, use $ rpm –qa chkconfig

10.4.1.1). Chkconfig commandline Usage

* Note that for every service, each runlevel has either a start script or a stop script. When switching runlevels, init will not re-start an already-started service, and will not re-stop a service that is not running. * Command usage $ chkconfig --list [name] $ chkconfig --add name $ chkconfig --del name $ chkconfig [--level levels] name $ chkconfig [--level levels] name

name is the name of the service to be configured * Examples: $ chkconfig –list nfs $ chkconfig –add nfs $ chkconfig -level 1235 nfs on $ chkconfig –del nfs 10.4.2. Ntsysv

* Ntsysv provides a simple interface for setting which system services are started or stopped in various runlevels (instead of directly manipulating the numerous symbolic links in /etc/rc.d).It again uses chkconfig for its configuration. $ ntsysv * By default it configures the current run level. To configure other runlevels, you can use the option below which will set the services for runlevels 2,3,5. $ ntsysv –level 235 10.4.3. Xinetd Services

* To control access to network services, you can use xinetd, a secure replacement for inetd. * The xinetd daemon conserves system resources, provides access control and logging, and can be used to start special-purpose servers. * xinetd can be used to o provide access only to particular hosts. o deny access to particular hosts. o provide access to a service at certain times. o

limit the rate of incoming connections . o limit the load created by connections, etc. * xinetd runs constantly and listens on all of the ports for the services it manages. When a connection request arrives for one of its managed services, xinetd starts up the appropriate server for that service. * The configuration file for xinetd is /etc/xinetd.conf, but you'll notice upon inspection of the file that it just contains a few defaults and an instruction to include the /etc/xinetd.d directory. * To enable or disable a xinetd service, edit its configuration file in the /etc/xinetd.d directory. * If the disable attribute is set to yes, the service is disabled. * If the disable attribute is set to no, the service is enabled. * If you edit any of the xinetd configuration files or change its enabled status using ntsysv or chkconfig, you must restart xinetd with the command service xinetd restart before the changes will take effect. $ /etc/rc.d/init.d/xinetd stop/start/restart * More about xinetd is discussed in a later section on Security -> TCP wrappers and Xinetd. 10.5. Telnet Program

* Telnet is a program that allows users to log into your server and get a command prompt just as if they were logged into the console. * Telnet is installed and enabled by default on RedHat Linux. * One of the disadvantages of Telnet is that the data is sent as clear text. This means that it is possible for someone to use a network analyzer to peek into your data packets and see your username and password. *

Telnet is configured via xinetd. The configuration file is at /etc/xinetd.d/telnet file. Once the changes are made you need to restart the xinetd deamon. $ /etc/rc.d/init.d/xinetd restart * You could telnet to a machine by using the telnet client program as, $ telnet <port number> * There are a lot more options which are available to the telnet command which could be viewed at man telnet from a shell.

10.6. Dynamic Host Configuration Protocol (DHCP)

Dynamic Host Configuration Protocol (DHCP) is a network protocol for automatically assigning TCP/IP information to client machines.

* Each DHCP client connects to the centrally-located DHCP server which returns that client's network configuration including IP address, gateway, and DNS servers. 10.6.1. Advantages of DHCP

* DHCP is useful for fast delivery of client network configuration. * When configuring the client system, the administrator can choose DHCP and not have to enter an IP address, netmask, gateway, or DNS servers. The client retrieves this information from the DHCP server. * DHCP is also useful if an administrator wants to change the IP addresses of a large number of systems. Instead of reconfiguring all the systems, he can just edit one DHCP configuration file on the server for the new set of IP address. * If the DNS servers for an organization changes, the changes are made on the DHCP server, not on the DHCP clients. Once the network is restarted on the clients (or the clients are rebooted), the changes will take effect.

10.6.2. DHCP server/Client

For DHCP server, download and install the dhcp rpm package. 10.6.2.1). DHCP server configuration file * The first step in configuring a DHCP server is to create the configuration file that stores the network information for the clients * The configuration file that it uses is /etc/dhcpd.conf. * It allows you to define “pools†allocated to client PCs by the server.

of TCP/ IP addresses, which are then

10.6.2.2). DHCP communication between server-client

* The conversation between the DHCP client (the computer requesting an IP address) and the DHCP server (the computer responsible for assigning IP addresses) follows a specific pattern.

o First, the client sends out a broadcast message asking DHCP servers to reply with an offer of an IP address. This is a DHCP Discover message. The DHCP standard allows multiple servers to reply with an offer. The Discover message can contain suggestions to the servers for an IP address and other IP parameters. Note that this is only a suggestion.

o The second step in the process is for DHCP servers to respond to the Discover message with an Offer message. The Offer message contains, among other things, the IP address and the domain name server address the DHCP server is offering. It also contains a lease period. The lease period is an important part of the assignment process. the DHCP server “leases†you an IP address for a specific period of time. Once the lease expires, the IP address becomes available for others to use. If you are a permanent network user, your computer periodically renews its lease. o During the third step in the DHCP negotiation process, the client sends a DHCP Request message back to the DHCP server requesting a specific IP

address. The request also includes something called the server identifier (usually the IP address of the DHCP server) as a check to confirm that the request is being made of the correct DHCP server. (More than one DHCP server can offer an address to the client.) o In the fourth and final step, the DHCP server sends a DHCP ACK message, acknowledging the IP address assignment.

* The figure below illustrates the complete process

* The DHCP process uses a protocol called BOOTP. This protocol was based upon Reverse Address Resolution Protocol (RARP), which was one of the first attempts to allocate network addresses dynamically. BOOTP (DHCP) rides upon User Datagram Protocol (UDP). As a result, delivery of DHCP messages is not guaranteed.

* There are two ways that a DHCP address can be put back into the pool. One way is for the lease to expire. The other way is for the client to send a Release message to the DHCP server

* Messages targeted at the DHCP server are sent as broadcast messages with the special address of 255.255.255.255. Any messages with this destination address are intended to be “read†by all network devices. More than one DHCP server could respond to a DHCP Discover message, so these messages should be sent to everyone. Once the DHCP ACK message has been sent, the client may begin using the assigned IP address.

10.6.2.3). DHCP Client configuration

* To configure the DHCP client manually, you need to modify the /etc/sysconfig/network file as below to enable networking.

NETWORKING=yes

* The /etc/sysconfig/network-scripts/ifcfg-eth0 file should contain the following lines:

DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes

10.7. Linux Samba Server

Samba is a strong network service for file and printer sharing that works on the majority of operating systems available today. * The packages that samba uses is samba-version.tar.gz Samba Homepage: http://us1.samba.org/samba/samba.html Samba FTP Site: 63.238.153.11 You need to download: samba-2.0.7.tar.gz or samba-version.tar.gz * The tar file needs to be uncompressed and the samba package configured and compiled.

10.7.1. Samba configuration file

* The configuration file that samba uses is /etc/smb.conf. * In this file, you can specify which directory you want to access from Windows machines, which IP addresses are authorized, and so on. *

The first few lines of the file under the [global] line contain global configuration directives, which are common to all shares, unless they are overridden on a per-share basis, followed by share sections.

Reference url for smb.conf file : http://www.faqs.org/docs/securing/chap29sec284.html

10.7.1. Samba password file for Clients

* The /etc/smbpasswd file is the Samba encrypted password file. It contains the username; Unix UID and SMB hashed passwords of the allowed users to your Samba server, as well as account flag information and the time the password was last changed. * It's important to create this password file and include all allowed users to it before your clients try to connect to your Samba server. Without this step, no one will be able to connect to your Samba server. * To create a Samba account you must first have a valid Linux account for them, so create in your /etc/passwd file all the users you want to connect to your Samba server first before generating the smbpasswd file of Samba. * To add a new users to your /etc/passwd file, use the following commands: $ useradd smbclient $ passwd smbclient * Once you have added all Samba clients in your /etc/passwd file on the Linux server, you now need to generate the smbpasswd file from the /etc/passwd file.

Reference url : http://www.faqs.org/docs/securing/chap29sec286.html 10.8. Linux Proxy Server – Squid

* The utility squid is an internet proxy server that can be used within a network to distribute an internet connection to all the computers within the network. *

Because it is a proxy, it has the capabilities to log all user actions such as the URLs visited.

10.8.1. Squid Package and Config File

* Squid uses the rpm squid or the squid package can be installed from source tarball. * Squid uses the config file /etc/squid/squid.conf. Access through the proxy can be given by individual IP addresses or by a subnet of IP addresses. * In squid.conf search for the default access control lists(acl) and add the following lines below them: acl mynetwork src 192.168.1.0/255.255.255.0 (for subnet) or acl mynetwork src 192.168.1.0/24 ( for subnet) acl mynetwork src 192.168.1.10/255.255.255.0 (for individual IP)

* Then add the access control list named "mynetwork" to the http_access list with the following line: # http_access allow mynetwork * The default port for the proxy is 3128. Uncomment the following line and replace 3128 with the desired port : http_port 3128 10.8.2. Stopping , Starting and Restarting Squid

* Starting squid $ /etc/rc.d/init.d/squid start * Restarting squid

$ /etc/rc.d/init.d/squid restart * Stopping squid $ /etc/rc.d/init.d/squid stop 10.8.3. Configuring squid Clients

* To configure any application including a web browser to use squid, modify the proxy setting with the IP address of the squid server and the port number (default 3128). 11. SECURING LINUX SYSTEMS

Linux was built from the ground up with security in mind. However, this security will amount to nothing if some basic security measures are not adopted. "Security is not an option, but a way of life". This is the mantra given by Kurt Seifried, the author of the famed 'Linux Administrators Security Guide' which holds true for all linux systems.

This section will discuss various means with which you can secure the assets you have worked hard for: your local machine, your data, your users, your network.

11.1. Physical Security

* Physical security should be of the utmost concern. Linux production servers should be in locked datacenters where only people with passed security checks have access.

* Since we assume that all Linux production systems are physically secured, we will not cover the configuration of a boot loader password. This could actually pose a problem for rebooting servers remotely.

11.2. Local Security

* Here we discuss the security of the system against attacks from local users.

* Getting access to a local user account is one of the first things that system intruders attempt while on their way to exploiting the root account.

* With lax local security, they can then "upgrade" their normal user access to root access using a variety of bugs and poorly setup local services.

* If you make sure your local security is tight, then the intruder will have another hurdle to jump. 11.2.1. Checking for Unlocked Accounts

* It is important that all system and vendor accounts that are not used for logins are locked. Since no one is using them, they provide the ideal attack vehicle.

* To get a list of unlocked accounts on your system, you can check for accounts that do NOT have an encrypted password string starting with "!" or "*" in the /etc/shadow file.

* If you lock an account using passwd -l, it will put a '!!' in front of the encrypted password, effectively disabling the password. If you lock an account using usermod -L, it will put a '!' in front of the encrypted password.

* Many system and shared accounts are usually locked by default by having a '*' or '!!' in the password field which renders the encrypted password into an invalid string.

Hence, to get a list of all unlocked (encryptable) accounts, run:

$ egrep -v '.*:\*|:!' /etc/shadow | awk -F: '{print $1}'

*

Also make sure all accounts have a 'x' in the password field in /etc/passwd. The following command lists all accounts that do not have a 'x' in the password field:

$ grep -v ':x:' /etc/passwd

* A 'x' in the password field means that the password has been shadowed, i.e. the encrypted password has to be looked up in the /etc/shadow file.

* If the password field in /etc/passwd is empty, then the system will not lookup the shadow file and it will not prompt the user for a password at the login prompt.

11.2.2. Checking for Unused Accounts

* All system or vendor accounts that are not being used by users, applications, by the system or by daemons should be removed from the system. You can use the following command to find out if there are any files owned by a specific account:

$ find / -path /proc -prune -o -user -ls

* The -prune option in this example is used to skip the /proc filesystem.

* If you are sure that an account can be deleted, you can remove the account using the following command:

$ userdel -r

* Without the "-r" option userdel will not delete the user's home directory and mail spool (/var/spool/mail/<user>). Note that many system accounts have no home directory.

11.3. Files and File system Security

11.3.1. Default Umask

* The umask (user file-creation mode mask) command is a shell built-in command which determines the default file permissions for newly created files. This can be overwritten by system calls but many programs and utilities make use of umask.

* Configure your users' file-creation umask to be as restrictive as possible.

* By default, Red Hat sets umask to 022 or 002 which is fine.

* If the name of the user account and the group account is the same and the UID is 100 or larger, then umask is set to 002, otherwise it's set to 022.

11.3.2. SUID/SGID Files

* There should never be a reason for users' home directories to allow SUID/SGID programs to be run from there.

* Use the nosuid option in /etc/fstab for partitions that are writable by others than root.

* You may also wish to use nodev and noexec on /tmp partitions, as well as /var/tmp, thus prohibiting execution of programs, and creation of character or block devices, which should never be necessary anyway.

* SUID and SGID files on your system are a potential security risk, and should be monitored closely. Because these programs grant special privileges to

the user who is executing them, it is necessary to ensure that insecure programs are not installed.

* A favorite trick of crackers is to exploit SUID-root programs, then leave a SUID program as a back door to get in the next time, even if the original hole is plugged.

* Find all SUID/SGID programs on your system, and keep track of what they are, so you are aware of any changes which could indicate a potential intruder. Use the following command to find all SUID/SGID files on your system: $ find / -path /proc -prune -o -type f -perm +6000 -ls

11.3.3. World-Writable Files

* World-writable files are a security risk since it allows anyone to modify them. Additionally, world-writable directories allow anyone to add or delete files.

* To locate world-writable files and directories, you can use the following command:

$ find / -path /proc -prune -o -perm -2 ! -type l -ls

* The "! -type l" parameter skips all symbolic links since symbolic links are always world-writable. However, this is not a problem as long as the target of the link is not world-writable, which is checked by the above find command.

* World-Writable directories with sticky bit such as the /tmp directory do not allow anyone to delete or modify files in this directory.

* The sticky bit makes files stick to the user who created it and it prevents other users from deleting and renaming the files. Therefore, depending

on the purpose of the directory , world-writable directories with sticky are usually not an issue. An example is the /tmp directory.

11.3.4. Setting File System Limits

* Set file system limits instead of allowing unlimited as is the default. You can control the per-user limits using the resource-limits PAM module and /etc/pam.d/limits.conf. For example, limits for group users might look like this:

@users hard core 0 @users hard nproc 50 @users hard rss 5000

* This says to prohibit the creation of core files, restrict the number of processes to 50, and restrict memory usage per user to 5M.

11.3.5. Unowned Files

* Unowned files may also be an indication an intruder has accessed your system.

* You can locate files on your system that have no owner, or belong to no group with the command:

$ find / -path /proc -prune -o -nouser -o -nogroup 11.3.6. Protecting Binaries like Compilers

* The immutable bit can be used to prevent accidentally deleting or overwriting a file that must be protected like some of the system binaries.

*

It also prevents someone from creating a hard link to the file.For example, setting the gcc compiler to immutable is a good idea

$ chattr +ia /usr/bin/gcc 11.3.7. Integrity Checking

* Another very good way to detect local (and also network) attacks on your system is to run an integrity checker like Tripwire or ChkRootkit.

* These integrety checkers run a number of checksums on all your important binaries and config files and compares them against a database of former, knowngood values as a reference. Thus, any changes in the files will be flagged.

* It's a good idea to run it as part of your normal security administration duties to see if anything has changed as a part of the cron job as below.

# set mailto # run Tripwire 15 05 * * * root /usr/local/adm/tcheck/tripwire

OR # set mailto # run Tripwire 15 05 * * * sh /root/chkrootkit-3.2/chkrootkit

* You can find the freely available unsusported version of Tripwire at http://www.tripwire.org, free of charge.

*

And the latest version of chkrootkit is available for download from http://www.chkrootkit.org/download/

11.3.8. Trojan Horses, Backdoors and Rootkits

* Trojan Horses are malicious, security-breaking programs that is disguised as something benign. The idea is that a cracker distributes a program or binary that sounds great, and encourages other people to download it and run it as root. Then the program can compromise their system.

* The crackers who thereby gain access to the system can create backdoors which will later allow them to re-enter the system.

* Furthermore, they may also use Trojan root kits to hide the Trojan horse such as a “trojaned†/bin/ps to hide their daemons.

* Usually on a trojan horse infected machine, intruders often replace the important system binaries such as ps, fuser, netstat , lsmod, find, cp, move, kill etc with Trojan horse equivalents, so do not use these tools on the machine you are investigating unless you have verified that they haven’t been altered or replaced.

* To find out if a system is infected by a trojan or backdoor rootkits, it may be necessary to check currently running daemons to see whether a Trojan horse has infected them.

* For example, the syslogd process could have been compromised and, instead of the valid daemon running on UDP port 514, there could be a Trojan daemon on that port.

* Therefore, all binaries or running daemons may need to be checked for validity. This could become a time-consuming task that may not be worth the time or money.

* This task could be made easier by using open source third-party tools which can detect a Trojan horse or to supplement the toolkit of well-known binaries.

* One such tool is called chkrootkit (http://www.chkrootkit.org), which can detect a rootkit that has been installed as part of the Trojan horse.

* Chkrootkit looks for known “signatures†in trojaned system binaries. It can detect rootkits such as the Ramen Worm, the T0rn rootkit, or the Ambient’s Rootkit for Linux, just to name a few. It can also detect promiscuous interfaces.

* Back Orifice and NetBus are two popular trojans that affect linux machines.

* An interesting reference url on trojan horses is : http://www.samag.com/documents/s=7467/sam0208e/0208e.htm

11.3.8.1). Nmap tool

* Nmap is a Network exploration tool and security scanner.

* Nmap is designed to allow system administrators and curious individuals to scan large networks to determine which hosts are up and what services they are offering.

* Depending on options used, nmap may also report the following characteristics of the remote host: OS in use, TCP sequencability, usernames running the programs which have bound to each port, the DNS name, whether the host is a smurf address, and a few others.

* For example, consider the instance where a machine is infected by a trojan horse, and we need to check if the trojan is listening to any port on the machine ( usually a backdoor to re-enter the machine later).

* The following options can be used with the nmap commandline to scan for all open tcp and udp ports on the machine.

$ /toolkit/nmap -sU -sS -p 1-65535 localhost

Here is an example of the results:

Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ ) Interesting ports on localhost.localdomain (127.0.0.1): (The 131048 ports scanned but not shown below are in state: closed) Port State Service Unable to find nmap-services! Resorting to /etc/services 25/tcp open smtp 53/tcp open domain 53/udp open domain 80/tcp open http 110/tcp open pop3 111/tcp open sunrpc 111/udp open sunrpc 137/udp open netbios-ns 138/udp open netbios-dgm 139/tcp open netbios-ssn 143/tcp open imap 389/tcp open ldap 443/tcp open https 515/tcp open printer

617/tcp open unknown 5222/tcp open unknown 5269/tcp open unknown 8383/tcp open unknown 10000/udp open unknown 19635/tcp open unknown 35737/udp open unknown

* Nmap automatically tries to map port numbers with service names in /etc/services, but it returns the unknown if it doesn’t find anything.

* If, after checking your nmap results, you don’t recall anything on your machine that should be listening on tcp port 19635, you can find out by using the fuser command.

* To determine which process is running on this port number, run the following:

$ fuser –vn tcp 19635

$ /toolkit/fuser -vn tcp 19635 USER PID ACCESS COMMAND 19635/tcp root 32444 f.... http

* This indicates that there is a process named “http†running with PID 32444 and listening on port 19635. This http process is not the Apache Web server. If we missed this before, we would now know that the Trojan horse disguised itself by blending in with the multiple valid httpd processes running on the machine.

11.4. Password Security and Encryption

*

One of the most important security features used today are passwords. It is important for both you and all your users to have secure, unguessable passwords.

* Most of the more recent Linux distributions include passwd programs that do not allow you to set a easily guessable password. Make sure your passwd program is up to date and has these features.

11.4.1. Encryption Methods 11.4.1.1). DES (Data Encryption Standard)

* Most Unix/Linux primarily use a one-way encryption algorithm, called DES (Data Encryption Standard) to encrypt your passwords.

* This encrypted password is then stored in (typically) /etc/passwd or (less commonly) in /etc/shadow.

* When you attempt to login, the password you type in is encrypted again and compared with the entry in the file that stores your passwords.

* If they match, it must be the same password, and you are allowed access. Although DES is a two-way encryption algorithm (you can code and then decode a message, given the right keys), the variant that most Unixes use is one-way.

* This means that it should not be possible to reverse the encryption to get the password from the contents of /etc/passwd (or /etc/shadow).

11.4.1.2). PGP and Public-Key Cryptography

* Public-key cryptography, such as that used for PGP, uses one key for encryption, and one key for decryption.

* To alleviate the need to securely transmit the encryption key, public-key encryption uses two separate keys: a public key and a private key.

* Each person's public key is available by anyone to do the encryption, while at the same time each person keeps his or her private key to decrypt messages encrypted with the correct public key.

* PGP (Pretty Good Privacy) is well-supported on Linux. GnuPG is a complete and free replacement for PGP and is in compliance with OpenPGP. 11.4.2. Authentication Methods

11.4.2.1). PAM - Pluggable Authentication Modules

* PAM is an authentication scheme that allows you to change your authentication methods and requirements on the fly, and encapsulate all local authentication methods without recompiling any of your binaries.

* Some of the features that can be done with PAM are:

o Use encryption other than DES for your passwords. (Making them harder to brute-force decode)

o Set resource limits on all your users so they can't perform denialof-service attacks (number of processes, amount of memory, etc)

o Enable shadow passwords on the fly .

o

Allow specific users to login only at specific times from specific places

11.4.2.2). Cryptographic IP Encapsulation (CIPE)

* The primary goal of this software is to provide a facility for secure (against eavesdropping, including traffic analysis, and faked message injection) subnetwork interconnection across an insecure packet network such as the Internet.

* CIPE encrypts the data at the network level. Packets traveling between hosts on the network are encrypted.

* The encryption engine is placed near the driver which sends and receives packets.

* This is unlike SSH, which encrypts the data by connection, at the socket level. A logical connection between programs running on different hosts is encrypted.

* CIPE can be used in tunnelling, in order to create a Virtual Private Network. Low-level encryption has the advantage that it can be made to work transparently between the two networks connected in the VPN, without any change to application software.

11.4.2.3). Kerberos

* Kerberos is an authentication system developed by the Athena Project at MIT.

* When a user logs in, Kerberos authenticates that user (using a password), and provides the user with a way to prove her identity to other servers and hosts scattered around the network.

* This authentication is then used by programs such as rlogin to allow the user to login to other hosts without a password (in place of the .rhosts file).

* Kerberos and the other programs that come with it, prevent users from "spoofing" the system into believing they are someone else.

11.4.3. Enforcing Stronger Passwords

* It is important to restrict people from using simple passwords that can be cracked too easily. However, if the passwords being enforced are too strong, people start writing them down. Strong passwords that are written down are not much safer than weak passwords.

* The pam_cracklib module checks the password against dictionary words and other constraints.

The following example shows how to enforce the following password rules:

- Minimum length of password must be 8 - Minimum number of lower case letters must be 1 - Minimum number of upper case letters must be 1 - Minimum number of digits must be 1 - Minimum number of other characters must be 1

pam_cracklib.so

minlen=8

Minimum length of password is 8 pam_cracklib.so

lcredit=-1

Minimum number of lower case letters is 1 pam_cracklib.so

ucredit=-1

Minimum number of upper case letters is 1 pam_cracklib.so

dcredit=-1

Minimum number of digits is 1 pam_cracklib.so

ocredit=-1

Minimum number of other characters is 1

* To setup these password restrictions, edit the /etc/pam.d/system-auth file and add/change the following pam_cracklib arguments highlighted in blue:

auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so

account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so

* Now verify that the new password restrictions work for new passwords.

* NOTE : The /etc/pam.d/system-auth PAM configuration file is auto-generated and contains records which dictate a generic authentication scheme and using the authconfig command will revert some of these changes that you made.

11.4.4. Locking User Accounts After Many Login Failures

* The following example will show how to lock only individual user accounts after too many failed su or login attempts.

* Add the following two lines highlighted in blue to the /etc/pam.d/systemauth file as shown below:

auth required /lib/security/$ISA/pam_env.so auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so

account required /lib/security/$ISA/pam_tally.so per_user deny=5 no_magic_root reset account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so

* The first added line counts failed login and failed su attempts for each user. The default location for attempted accesses is recorded in /var/log/faillog.

* The second added line specifies to lock accounts automatically after 5 failed login or su attempts (deny=5). The counter will be reset to 0 (reset) on successful entry if deny=n was not exceeded.

11.4.5. Restricting Direct Login for System/Shared Accounts All users should do a direct login using their own account and then switch to the system or shared account. Its always better to restrict direct login as root or other system or shared accounts.

In this example we will discuss how to restrict direct logins for system or shared account :

- SSH (/etc/pam.d/sshd) - Console Login (/etc/pam.d/login) - or for all logins (/etc/pam.d/system-auth)

* For restricting direct SSH Logins add the pam_access module to /etc/pam.d/sshd as follows:

auth required pam_stack.so service=system-auth auth required pam_nologin.so account required /lib/security/pam_access.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth

* For Console Logins add the pam_access module to /etc/pam.d/login as follows:

auth required pam_securetty.so auth required pam_stack.so service=system-auth auth required pam_nologin.so account required /lib/security/pam_access.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_selinux.so close session required pam_stack.so service=system-auth session optional pam_console.so session required pam_selinux.so multiple open

* For all logins, add the following line to the /etc/security/access.conf configuration file:

-:ALL EXCEPT users :ALL

*

The /etc/security/access.conf configuration file is read by the pam_access module. This entry specifies that no users are accepted except users that are in the "users" group.

* Since the pam_access module has been configured for "Authorization" (account) in the above PAM configuration files, it denies direct logins for all accounts except the ones that are in the "users" group.

* To disallow non-local logins to privileged accounts (group wheel), add the following entry to /etc/security/access.conf

-:wheel:ALL EXCEPT LOCAL server.hostname

11.4.6. Password Cracking/Brute Force Attack

* Password cracking programs work on a simple idea: they try every word in the dictionary, and then variations on those words, encrypting each one and checking it against your encrypted password. If they get a match they know what your password is.

* A brute force attack consists of trying every possible code, combination, or password until you find the right one.

11.4.6.1). How the brute force attack works?

1. Manual login attempts, they will try to type in a few usernames and passwords 2. Dictionary based attacks, automated scripts and programs will try guessing thousands of usernames and passwords from a dictionary file, sometimes a file for usernames and another file for passwords.

3.

Generated logins, a cracking program will generate random usernames set by the user. They could generate numbers only, a combination of numbers and letters or other combinations.

11.4.6.2). Signs of a brute force attempt

* You can easily spot a brute force attempt by checking your servers log file - /var/log/messages.

* You will see a series of failed login attempts for the service they’re trying to break into.

* A sample failed login is shown below:

Check for failed login attemps such as: Apr 11 19:02:10 fox proftpd[6950]: yourserver (usersip[usersip]) - USER theusername (Login failed): Incorrect password.

11.4.6.3). Tools to stop and prevent brute force hack attempts

* Never enable demo or guest accounts as they will be the first way an attacker will get access into your system and further exploit it.

* Never have more than one user in the root group.

* Install the APF Firewall and Brute Force Detection(BFD) Software which is a modular shell script for parsing applicable logs and checking for authentication failures.

*

If it finds that your authentication failed the set amount of times for an application, it will ban your IP address using APF firewall.

* APF is a firewall that works using iptables but has some nice features added and makes it easy to use, including Anti-Dos protection.

* The two of these make an excellent, automated brute force prevention package.

* BFD checks your logs every few minutes for multiple failed logins attempts, based on a set of rules, if the person fails to login X amount of times the IP is automatically banned at the firewall, preventing further attacks on your system.

11.5. Network Security

* Network security is becoming more and more important as people spend more and more time connected. Compromising network security is often much easier than compromising physical or local security, and is much more common. 11.5.1. Network Intruders and Attacks 11.5.1.1). Packet Sniffers

* One of the most common ways intruders gain access to more systems on the network is by employing a packet sniffer on an already compromised host.

* This "sniffer" just listens on the Ethernet port for things like passwd and login and su in the packet stream and then logs the traffic after that.

* This way, attackers gain passwords for systems they are not even attempting to break into. Clear-text passwords are very vulnerable to this attack.

* Example: Host A has been compromised. Attacker installs a sniffer. Sniffer picks up admin logging into Host B from Host C. It gets the admins personal password as they login to B.

* Then, the admin does a su to fix a problem. They now have the root password for Host B. Later the admin lets someone telnet from his account to Host Z on another site. Now the attacker has a password/login on Host Z.

* Using ssh or other encrypted password methods thwarts this attack. Things like APOP for POP accounts also prevents this attack. (Normal POP logins are very vulnerable to this, as is anything that sends clear-text passwords over the network.)

* The safest method to counteract this problem is by transmitting data over a secure network such as ssh in which case data is transmitted in an encypted format.

11.5.1.2). Denial Of Service (DOS) Attacks

* Denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service.

* Examples include :

o attempts to "flood" a network, thereby preventing legitimate network traffic . o attempts to disrupt connections between two machines, thereby preventing access to a service . o attempts to prevent a particular individual from accessing a service. o

attempts to disrupt service to a specific system or person.

* Illegitimate use of resources may also result in denial of service. For example, an intruder may use your anonymous ftp area as a place to store illegal copies of commercial software, consuming disk space and generating network traffic.

Impact of DOS Attacks

* Denial-of-service attacks can essentially disable your computer or your network. Depending on the nature of your enterprise, this can effectively disable your organization.

* Some denial-of-service attacks can be executed with limited resources against a large, sophisticated site. This type of attack is sometimes called an "asymmetric attack."

Modes Of Attack

Denial-of-service attacks come in a variety of forms and aim at a variety of services. There are three basic types of attack:

1. Consumption of scarce, limited, or non-renewable resources.

2. Destruction or alteration of configuration information.

3. Physical destruction or alteration of network components

The Denial of Service Attack comes in the first category and it can affect the resources on the server and crash the server in the following situations discussed below.

1. Consumption of Scarce Resources

* Denial-of-service attacks are most frequently executed against network connectivity. The goal is to prevent hosts or networks from communicating on the network. An example of this type of attack is the "SYN flood" attack.

* In this type of attack, the attacker begins the process of establishing a connection to the victim machine, but does it in such a way as to prevent the ultimate completion of the connection.

* In the meantime, the victim machine has reserved one of a limited number of data structures required to complete the impending connection. The result is that legitimate connections are denied while the victim machine is waiting to complete bogus "half-open" connections.

* You should note that this type of attack does not depend on the attacker being able to consume your network bandwidth. In this case, the intruder is consuming kernel data structures involved in establishing a network connection.

* The implication is that an intruder can execute this attack from a dial-up connection against a machine on a very fast network. (This is a good example of an asymmetric attack.)

2. Using Your Own Resources Against You

* An intruder can also use your own resources against you in unexpected ways.

* An example is an attack in which the intruder uses forged UDP packets to connect to the echo service on one machine to the chargen service on another machine.

*

The result is that the two services consume all available network bandwidth between them. Thus, the network connectivity for all machines on the same networks as either of the targeted machines may be affected.

3. Bandwidth Consumption

* An intruder may also be able to consume all the available bandwidth on your network by generating a large number of packets directed to your network.

* Typically, these packets are ICMP ECHO packets, but in principle they may be anything.

* Further, the intruder need not be operating from a single machine; he may be able to coordinate or co-opt several machines on different networks to achieve the same effect making it difficult to block the IP address.

4. Consumption of Other Resources

* In addition to network bandwidth, intruders may be able to consume other resources that your systems need in order to operate.

* For example, in many systems, a limited number of data structures are available to hold process information (process identifiers, process table entries, process slots, etc.).

* An intruder may be able to consume these data structures by writing a simple program or script that does nothing but repeatedly create copies of itself.

* Many modern operating systems have quota facilities to protect against this problem, but not all do.

*

An intruder may also attempt to consume disk space in other ways, including generating excessive numbers of bogus mail messages to domains on the server called “email bombing spamming†.

* In general, anything that allows data to be written to disk can be used to execute a denial-of-service attack if there are no bounds on the amount of data that can be written.

* Also, many sites have schemes in place to "lockout" an account after a certain number of failed login attempts. A typical set up locks out an account after 3 or 5 failed login attempts.

* An intruder may be able to use this scheme to prevent legitimate users from logging in. In some cases, even the privileged accounts, such as root or administrator, may be subject to this type of attack.

If your systems are experiencing frequent crashes with no apparent cause, it could be the result of these type of DOS attacks.

Some of the more popular and recent DOS attacks are listed below.

* SYN Flooding - SYN flooding is a network denial of service attack. It takes advantage of a "loophole" in the way TCP connections are created.Its a common form of DOS attack to the Apache webserver. The newer Linux kernels (2.0.30 and up) have several configurable options to prevent SYN flood attacks from denying people access to your machine or services.

* Pentium "F00F" Bug - It was recently discovered that a series of assembly codes sent to a genuine Intel Pentium processor would reboot the machine. This affects every machine with a Pentium processor (not clones, not Pentium Pro or PII), no matter what operating system it's running. Linux kernels 2.0.32 and up contain a work around for this bug, preventing it from locking your machine.

* Ping Flooding - Ping flooding is a simple brute-force denial of service attack. The attacker sends a "flood" of ICMP packets to your machine. If they

are doing this from a host with better bandwidth than yours, your machine will be unable to send anything on the network.

* A variation on this attack, called "smurfing", sends ICMP packets to a host with your machine's return IP, allowing them to flood you less detectably. You can find more information about the "smurf" attack at http://www.quadrunner.com/~chuegen/smurf.txt

* If you are ever under a ping flood attack, use a tool like tcpdump to determine where the packets are coming from (or appear to be coming from), then contact your provider with this information. Ping floods can most easily be stopped at the router level or by using a firewall.

* Ping o' Death - The Ping o' Death attack sends ICMP ECHO REQUEST packets that are too large to fit in the kernel data structures intended to store them. Because sending a single, large (65,510 bytes) "ping" packet to many systems will cause them to hang or even crash, this problem was quickly dubbed the "Ping o' Death." This one has long been fixed, and is no longer anything to worry about.

* Teardrop / New Tear - One of the most recent exploits involves a bug present in the IP fragmentation code on Linux and Windows platforms. It is fixed in kernel version 2.0.33, and does not require selecting any kernel compile-time options to utilize the fix. Linux is apparently not vulnerable to the "newtear" exploit. 11.5.1.3). Attacks via IP Spoofing

* A spoofing attack involves forging one's source address. It is the act of using one machine to impersonate another. For example,

Let your IP Address be: 203.45.98.01 (REAL) Let the IP Address of the Victim computer be: 202.14.12.1 (VICTIM) Let the IP Address of the system you want data to be sent from: 173.23.45.89 (FAKE)

*

Normally sitting on the computer whose IP is REAL, the datagrams to VICTIM will appear to have come from REAL. Now consider a situation you want to send data packets to VICTIM and make him believe that they a computer whose IP is FAKE i.e.173.23.45.89. This is when you perform Spoofing.

you send in which came from IP

* Most of the applications and tools in UNIX rely on the source IP address authentication. Many developers have used the host based access controls to secure their networks.

* Source IP address is a unique identifier but not a reliable one. It can easily be spoofed using some IP spoofing tools as below.

o Mendax for Linux : Mendax is an easy-to-use tool for TCP sequence number prediction and rshd spoofing.

o Ipspoof : ipspoof is a TCP and IP spoofing utility.

o Hunt : hunt is a sniffer which also offers many spoofing functions.

o Dsniff :dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic.

* IP Spoofing thus, can be said to be the process by which you change or rather spoof your IP Address, so as to fool the target system into believing that your identity is not the one, which is actually yours, but make it believe that you actually are the computer having the spoofed address.

IP Spoofed Attack is a Blind Attack

*

What we mean by a blind attack is that, we do not get any messages or any feedback regarding our progress.

* When an attacker is trying to perform IP Spoofing, then, there is no mechanism which tells him, whether he has been successful or not, if yes then by what extent or if no then what when wrong.

* Taking the assumptions made earlier, we can explain this problem in the following manner:

* The main problem with IP Spoofing is that even if you (REAL) are able to send a spoofed datagram to the remote host (VICTIM), making it believe that the datagram came from FAKE, then the remote host (VICTIM) will reply to the spoofed IP Address (FAKE) and not your real IP Address (REAL), thus, as a result, REAL does not get any feedback whatsoever, regarding his progress.

* The following is the explanation of the blind nature of IP Spoofing, using the concept of the three-way handshake, which has to take place, each time a TCP/IP connection is established.

* If REAL wants to establish a TCP/IP connection with VICTIM, without spoofing of any IP Address, then typically the three way handshake would take place as follows:

1. REAL sends a SYN packet to VICTIM. 2. VICTIM sends back a SYN/ACK packet to REAL. 3. REAL acknowledges this by replying with a SYN packet.

* However, if REAL wants to spoof his IP Address and make it appear to be FAKE, then the following will take place:

1.

REAL sends a SYN packet to VICTIM, but this time with the source address being FAKE.

2. VICTIM sends back a SYN/ACK packet to FAKE. There is no way that REAL can determine when and if VICTIM has actually replied with a SYN/ACK addressed to FAKE. This is the blind part and REAL just has to let some time pass (once it has sent a SYN packet to VICTIM) and assume that by then VICTIM must have sent a SYN/ACK to FAKE.

3. After some time has passed, REAL then has to send a SYN packet to VICTIM acknowledging that FAKE has received the SYN/ACK packet. (Assuming that it indeed has.)

Measures to prevent IP Spoofed Attacks:

* Avoid using the source address authentication. Implement cryptographic authentication systemwide.

* Configure your network to reject packets from the InterNet that claim to originate from a local address. This is most commonly done with a router or using a firewall like APF or Bastille.

* If you allow outside connections from trusted hosts, enable encryption sessions at the router.

* Spoofed attacks are very dangerous and difficult to detect. They are becoming more and more popular now.

* The only way to prevent these attacks are to implement security measures like encrypted authentication to secure your network. 11.5.2. TCP Wrappers and xinetd

*

Controlling access to network services is one of the most important security tasks facing a server administrator.

* Fortunately, under Red Hat Linux there are a number of tools which do just that. For instance, an iptables-based firewall filters out unwelcome network packets within the kernel's network stack.

* For network services that utilize it, TCP wrappers add an additional layer of protection by defining which hosts are allowed or not allowed to connect to "wrapped" network services.

* One such wrapped network service is the xinetd super server. This service is called a super server because it controls connections to a subset of network services and further refines access control.

* Figure below is a basic illustration of how these tools work together to protect network services.

11.5.2.1). Controlling DOS Attacks Via Xinetd

The xinetd daemon can add a basic level of protection from a Denial of Service (DoS) attacks.

Below is a list of directives which can be used in /etc/xinetd.conf that aid in limiting the effectiveness of such attacks:

* per_source — Defines the maximum number of instances for a service per source IP address. It accepts only integers as an argument and can be used in both xinetd.conf and in the service-specific configuration files in the xinetd.d/ directory.

* cps — Defines the maximum number of connections per second. This directive takes two integer arguments separated by white space. The first is the

maximum number of connections allowed to the service per second. The second is the number of seconds xinetd must wait before re-enabling the service. It accepts only integers as an argument and can be used in both xinetd.conf and in the service-specific configuration files in the xinetd.d/ directory.

* max_load — Defines the CPU usage threshold for a service. It accepts a floating point number argument.

11.5.3. SATAN, ISS, and Other Network Scanners * There are a number of different software packages out there that do port and service-based scanning of machines or networks.

* SATAN, ISS, SAINT, and Nessus are some of the more well-known ones. This software connects to the target machine (or all the target machines on a network) on all the ports they can, and try to determine what service is running there.

* Based on this information, you can tell if the machine is vulnerable to a specific exploit on that server.

* SATAN (Security Administrator's Tool for Analyzing Networks) is a port scanner with a web interface. It can be configured to do light, medium, or strong checks on a machine or a network of machines. It's a good idea to get SATAN and scan your machine or network, and fix the problems it finds. Make sure you get the copy of SATAN from metalab or a reputable FTP or web site

* ISS (Internet Security Scanner) is another port-based scanner. It is faster than Satan, and thus might be better for large networks. However, SATAN tends to provide more information.

* SAINT is a updated version of SATAN. It is web-based and has many more upto-date tests than SATAN. You can find out more about it at: http://www.wwdsi.com/~saint

* Nessus is a free security scanner. It has a GTK graphical interface for ease of use. It is also designed with a very nice plug in setup for new portscanning tests. For more information, take a look at: http://www.nessus.org 11.5.3.1). Detecting Port Scans

* There are some tools designed to alert you to probes by SATAN and ISS and other scanning software on your server in case an intruder is trying to exploit your machine.

* However, if you liberally use tcp_wrappers, and look over your log files /var/log/messages regularly, you should be able to notice such probes.

* Even on the lowest setting, SATAN still leaves traces in the logs on a stock Red Hat system.

* There are also "stealth" port scanners. A packet with the TCP ACK bit set (as is done with established connections) will likely get through a packetfiltering firewall. The returned RST packet from a port that _had no established session_ can be taken as proof of life on that port. The TCP wrappers will not detect this.

11.5.4. Securing SSH

* Many network services like telnet, rlogin, and rsh are vulnerable to eavesdropping which is one of several reasons why SSH should be used instead.

* Red Hat's default configuration for SSH meets the security requirements for most environments. However, a few security tweaking that can be done are as follows:

*

/etc/ssh/sshd_config: It is advisable to disable direct root login at the SSH layer as well by setting the parameter below in the ssh configuration file mentioned.

PermitRootLogin no

* You may also disable TCP forwarding and sftp if you don't use it:

AllowTcpForwarding no #Subsystem sftp /usr/lib/misc/sftp-server

* Since SSH protocol version 1 is not as secure as Protocol 2, you may want to limit the protocol to version 2 only by setting the following parameter:

Protocol 2

* After changing any parameter, make sure to restart sshd:

$ /etc/rc.d/init.d/sshd restart

11.5.5. Securing NFS

NFS (Network File System) allows servers to share files over a network. But like all network services using NFS involves risk.

Here are some basic rules:

* NFS should not be enabled if not needed.

* If you must use NFS, use TCP wrapper to restrict remote access.

* Make sure you export to only those machines that you really need to.

* Use fully qualified domain names to diminish spoofing attempts

* Export only directories you need to export.

* Export read-only wherever possible.

* Use NFS over TCP.

* If you don't have shared directories to export, ensure that the NFS service is NOT enabled and running:

$ service nfs status rpc.mountd is stopped nfsd is stopped rpc.rquotad is stopped

$ chkconfig --list nfs nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off

* You probably don't need the portmap service as well which is used by NFS (the portmap daemon registers rpc-based services for services like NFS, NIS, etc.):

$ service portmap status portmap is stopped $ chkconfig --list portmap portmap 0:off 1:off 2:off 3:off 4:off 5:off 6:off

11.5.5.1). Restricting Incoming NFS Requests

* A recommended security-strategy is to block all incoming requests by default, but allow specific hosts or networks to connect.

* The portmap program and some of the NFS programs include a built-in TCP wrapper. To verify if a program includes a TCP wrapper, you can run the following commands:

$ strings /sbin/portmap | egrep "hosts.deny|hosts.allow|libwrap" hosts_allow_table hosts_deny_table /etc/hosts.allow /etc/hosts.deny

$ strings /usr/sbin/rpc.rquotad | egrep "hosts.deny|hosts.allow|libwrap" libwrap.so.0

$ ldd /usr/sbin/rpc.rquotad | grep libwrap libwrap.so.0 => /usr/lib/libwrap.so.0 (0x00874000)

* If hosts.deny and hosts.allow are displayed, or if libwrap is displayed, then the program includes a built-in TCP wrapper. If none of these strings are displayed, then adding the program name to /etc/hosts.deny and /etc/hosts.allow will have no effect.

* To block all incoming requests by default, add the following line to /etc/hosts.deny if you have not done so yet:

ALL: ALL

* Verify from a remote server that portmapper does not list any registered RPC programs:

$ rpcinfo -p <server> No remote programs registered.

* To allow NFS requests from e.g. servers server1, server2, server3 and from the .subnet.example.com network, the configuration in /etc/hosts.allow would look like as follows:

portmap: rac1pub rac2pub rac3pub .subnet.example.com rpc.mountd: rac1pub rac2pub rac3pub .subnet.example.com rpc.rquotad: rac1pub rac2pub rac3pub .subnet.example.com

* For portmapper you can now test access from trusted servers or networks using the rpcinfo command:

$ rpcinfo -p <server> program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100011 1 udp 607 rquotad

100011 2 udp 607 rquotad 100011 1 tcp 610 rquotad 100011 2 tcp 610 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100005 1 udp 623 mountd 100005 1 tcp 626 mountd 100005 2 udp 623 mountd 100005 2 tcp 626 mountd 100005 3 udp 623 mountd 100005 3 tcp 626 mountd

* If you run it from an "untrusted" server or network, you should get the following output:

$ rpcinfo -p <server> No remote programs registered. 11.5.6. Kernel Tunable Security Parameters

The following section discusses tunable kernel parameters that you can use to secure your Linux server against attacks.

* For each tunable kernel parameters we will discuss the entry that needs to be added to the /etc/sysctl.conf configuration file to make the change permanent after reboots.

* To activate the configured kernel parameters immediately at runtime, use:

$ sysctl -p

11.5.6.1). Enable TCP SYN Cookie Protection

* A "SYN Attack" is a denial of service attack that consumes all the resources on a machine. Any server that is connected to a network is potentially subject to this attack.

* To enable TCP SYN Cookie Protection, edit the /etc/sysctl.conf file and add the following line:

net.ipv4.tcp_syncookies = 1

11.5.6.2). Disable IP Source Routing

* Source Routing is used to specify a path or route through the network from source to destination. This feature can be used by network people for diagnosing problems.

* However, if an intruder was able to send a source routed packet into the network, then he could intercept the replies and your server might not know that it's not communicating with a trusted server.

* To enable Source Route Verification, edit the /etc/sysctl.conf file and add the following line:

net.ipv4.conf.all.accept_source_route = 0

11.5.6.3). Disable ICMP Redirect Acceptance

* ICMP redirects are used by routers to tell the server that there is better path to other networks than the one chosen by the server.

* However, an intruder could potentially use ICMP redirect packets to alter the hosts's routing table by causing traffic to use a path you didn't intend.

* To disable ICMP Redirect Acceptance, edit the /etc/sysctl.conf file and add the following line:

net.ipv4.conf.all.accept_redirects = 0

11.5.6.4). Enable IP Spoofing Protection

* IP spoofing is a technique where an intruder sends out packets which claim to be from another host by manipulating the source address.

* IP spoofing is very often used for denial of service attacks.

* To enable IP Spoofing Protection, turn on Source Address Verification. Edit the /etc/sysctl.conf file and add the following line:

net.ipv4.conf.all.rp_filter = 1

11.5.6.5). Enable Ignoring to ICMP Requests

* If you want or need Linux to ignore ping requests, edit the /etc/sysctl.conf file and add the following line:

net.ipv4.icmp_echo_ignore_all = 1

* This may not be possible in many environments. 11.5.6.6). Enable Ignoring Broadcasts Request

* If you want or need Linux to ignore broadcast requests, edit the /etc/sysctl.conf file and add the following line:

net.ipv4.icmp_echo_ignore_broadcasts = 1

11.5.6.7). Enable Bad Error Message Protection

* To alert you about bad error messages in the network, edit the /etc/sysctl.conf file and add the following line:

net.ipv4.icmp_ignore_bogus_error_responses = 1

11.5.6.8).Enable Logging of Spoofed/Source Routed/Redirect Packets

* To turn on logging for Spoofed Packets, Source Routed Packets, and Redirect Packets, edit the /etc/sysctl.conf file and add the following line:

net.ipv4.conf.all.log_martians = 1

References for Kernel Tunable Parameters

http://www.linuxsecurity.com/content/view/111337/65/ http://www.linuxexposed.com/internal.php?op=modload&name=News&file=article&sid=5 50

332 CopyRight @ 2005 EduCARMA

Copyright © 2024 PDFCOKE.