Linux-training-volume1

  • June 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Linux-training-volume1 as PDF for free.

More details

  • Words: 90,329
  • Pages: 433
[email protected] Training Manual EduCARMA 11 1. OVERVIEW OF THE LINUX OPERATING SYSTEM 11 1.1. What is an Operating System? 11 1.1.1. Features of OS 12 1.2. Introduction to Linux Operating System 14 1.2.1. History of Linux 14 1.2.2. Linux kernel and distributions. 14 1.2.3. Open Source Nature of Linux 16 1.3. Structure of Linux OS and the linux kernel 16 1.3.1. Overview of the Linux OS and Kernel Structure 16 1.3.2. Modular kernel 19 2. BASICS OF LINUX 19 2.1. The Linux Shell 19 2.1.1. Types of linux shell 20 2.2. File System / Directory Structure 20 2.2.1. FileSystem Hierarchy Standard 20 2.3. Elementary Linux Commands 23 2.3.1. User/Group Management 23 2.3.2. Some basic linux commands 27 2.4. The X Window System 31 2.4.1. Running X 31 2.4.1.1). Starting X 32 2.4.1.2). Stopping X 33 2.4.2. Running a Program in X 33 2.4.3. Command Line Options to X Client 34 2.4.3.1). Specifying Window Size and Location 34 2.4.3.2). Specifying Window Colors 34

2.4.3.3). Running a Shell in X 35 3. FILE MANIPULATION AND MANAGEMENT 35 3.1. Files and Directories 35 3.1.1. Naming Files and Directories 35 3.1.2. Making an Empty File/Directory 36 3.1.3. Changing Directories 36 3.2. File Permissions 36 3.2.1. Concept of File Permissions and Ownership 36 3.2.2. Interpreting file permissions 37 3.2.3. File Permission Dependencies 38 3.2.3.1). User file-creation mode mask 39 3.2.4. Changing permissions 40 3.2.5. Understanding File Permissions Beyond "rwx" 41 3.2.5.1). 's' bit or 'Set User ID'/ SUID and 'Set Group ID' / SGID 41 3.2.5.2). 't' bit or 'Sticky' bit : 42 3.2.5.3). The Other Mysterious Letters - "d", "l", "b", "c", "p" 43 3.2.5.4). Setting SUID, SGID, sticky bit on a single file 43 3.3. Managing file links 43 3.3.1. Hard links 43 3.3.2. Symbolic Links 45 3.4. File ownership and Attributes 45 3.4.1. Determining the Ownership of a File 45 3.4.2. Changing the Ownership of a File 46 3.4.3. Determing the advanced attributes of a file 46 3.4.4. Changing advanced Attributes of a File 47 3.5. Finding Files 47 3.5.1. Finding All Files That Match a Pattern 47 3.5.2. Finding Files in a Directory Tree 48

3.5.2.1). Finding Files in a Directory Tree by Name 48 3.5.2.2). Finding Files in a Directory Tree by Size 48 3.5.2.3). Finding Files in a Directory Tree by Modification Time 49 3.5.2.4). Finding Files in a Directory Tree by Owner 50 3.5.2.5) Running Commands on the Files You Find 50 3.5.3. Finding Files in Directory Listings 50 3.5.3.1). Finding the Largest Files in a Directory 50 3.5.3.2). Finding the Smallest Files in a Directory 51 3.5.3.3). Finding the Smallest Directories 51 3.5.3.4). Finding the Largest Directories 51 3.5.3.5). Finding the Number of Files in a Listing 51 3.5.4. Finding Where a Command Is Located 52 3.6. Managing Files 52 3.6.1. Determining File Type and Format 52 3.6.2. Changing File Modification Time 53 3.6.3. Splitting a File into Smaller Ones 53 3.6.4. Comparing Files 54 3.6.4.1). Determining Whether Two Files Differ using 'cmp' 54 3.6.4.2). Finding the Differences between Files using 'diff' 54 3.6.4.3). Patching a File with a Difference Report 55 3.6.5. File Compression/Decompression 55 3.6.5.1). Compression/Decompression Tools 56 3.6.5.2). Archiving Files at the Shell Prompt 57 4. TEXT MANAGEMENT AND EDITORS 59 4.1. The 'vi' editor 59 4.1.1. Starting "vi" 60 4.1.2. Inserting text. 60 4.1.3. Deleting text 60 4.1.4. Changing text 61

4.1.5. Commands for moving the cursor 61 4.1.6. Saving files and quitting vi 61 4.1.7. Editing another file 62 4.1.8. Running shell commands 62 4.2. The Emacs Editor 63 4.2.1. Getting Acquainted with Emacs 63 4.2.1.1). Basic Emacs Editing Keys 63 4.3. The pico editor 65 4.4. The editor “joeâ€

66

4.5. Text Manipulation 66 4.5.1. Searching for Text 67 4.5.2. Matching Text Patterns using Regular Expressions 67 4.5.2.1). MetaCharacters and their meaning 68 4.5.2.2). Matching Lines Ending with Certain Text 69 4.5.2.3). Matching Lines of a Certain Length 69 4.5.2.4). Matching Lines That Contain Any of Some Regexps 70 4.5.2.5). Matching Lines That Contain All of Some Regexps 70 4.5.2.6). Matching Lines That Don't Contain a Regexp 70 4.5.2.7). Matching Lines That Only Contain Certain Characters 71 4.5.2.8). Using a List of Regexps to Match From 71 4.5.3. Searching More than Plain Text Files 71 4.5.4. Matching Lines in Web Pages 71 4.5.5. Searching and Replacing Text 72 5. MORE ABOUT SHELL & COMMAND LINE INTERFACE 72 5.1. Passing Special Characters to Commands 72 5.2. Letting the Shell Complete What You Type 72 5.3. Repeating the Last Command You Typed 73 5.4. Running a List of Commands 73

5.5. Redirecting Input and Output 73 5.5.1. Redirecting Input to a File 74 5.5.2. Redirecting Output to a File 74 5.5.3. Redirecting Error Messages to a File 74 5.5.4. Redirecting Output to Another Command's Input 75 6. BASICS OF LINUX SYSTEM ADMINISTRATION 75 6.1. Disks, Partitions and File Systems 75 6.1.1. Character and Block devices 75 6.1.2. Partitions/MBR 76 6.1.2.1). Why Partition Hard Drive(s) 76 6.1.2.2). Master Boot Record or MBR 77 6.1.2.3). Partitioning Scheme 78 6.1.2.4). Partition types 79 6.1.2.5). Partitioning a hard disk 80 6.1.2.6). Various Mount Points 80 6.1.2.7). Device files and partitions 83 6.1.3. FileSystems 83 6.1.3.1). Some of the Linux Filesystems 84 6.1.4. Software RAID 85 6.1.4.1). Advantages of using RAID 86 6.1.4.2). Hardware and Software RAID 86 6.1.4.3). Different Types of Raid Implementations 86 6.1.5. Logical Volume Manager (LVM) 91 6.2.RedHat Installation and Hardware Configuration 92 6.2.1. Preparing for Installation 92 6.2.1.1). Installation Disk Space Requirements 92 6.2.1.2). Installation Methods 93 6.2.1.3). Choosing the Installation Class 94 6.2.1.4). Hardware/System Information Required 95

6.2.2. RedHat Installation Procedure 96 6.2.2.1). Initial Installation Steps 97 6.2.3. Disk Partitioning Setup 98 6.2.3.1). Automatic Partitioning 98 6.2.3.2). Manual Partitioning Using Disk Druid 98 6.2.3.3). Recommended Partitioning Scheme 100 6.2.3.4). Adding Partitions 100 6.2.4. Boot Loader Configuration 101 6.2.4.1). Advanced Boot Loader Configuration 102 6.2.5. Network Configuration 103 6.2.6. Firewall Configuration 103 6.2.7. Language Support Selection 103 6.2.8. Time Zone Configuration 104 6.2.9. Set Root Password 104 6.2.10. Authentication Configuration 104 6.2.11. Package Group Selection 105 6.2.12. Boot Diskette Creation 105 6.2.13. Hardware Configuration 105 6.2.14. Installation Complete 106 6.3. System Administration Commands 106 6.3.1. Process Management 106 6.3.1.1). Process task_struct data structure 107 6.3.1.2). ps 111 6.3.1.3). top 112 6.3.1.4). pstree 114 6.3.1.5). kill 115 6.3.1.6). killall 116 6.3.1.7). fuser 116

6.3.1.8). pidof 116 6.3.1.9). skill 117 6.3.1.10). Background Process - & 117 6.3.1.11). nice 117 6.3.1.12). snice 118 6.3.1.13). /proc/$PID directory 118 6.3.2. System Startup and Shutdown 119 6.3.2.1). The Boot Process 119 6.3.2.2). The Init Program 120 6.3.2.3). Runlevels 122 6.3.2.4). System Processes 124 6.3.2.5). The Linux Login Process 126 6.3.2.6). Single – User Mode 126 6.3.2.7). Shutting Down 127 6.3.3. Memory Management and Performance Monitoring 128 6.3.3.1). Virtual Memory / Swap Space 128 6.3.3.2). Swapping In and Swapping Out 129 6.3.3.3). Commands which show the current memory usage 129 6.3.3.4). Creating a swap space 129 6.3.3.5). Using a Swap Space 130 6.3.3.6). Disk Buffering/ Buffer cache 131 6.3.3.7). Direct Memory Access or DMA 132 6.3.3.8). Resource Monitoring Tools 133 6.3.4. Disk Management Tools 136 6.3.4.1). Listing a Disk's Free Space 136 6.3.4.2). Listing a File's Disk Usage 136 6.3.4.3). Partitioning a Hard Drive 137 6.3.5. File System Management 139 6.3.5.1). Creating a filesystem 139

6.3.5.2). Mounting/Unmounting File Systems, fstab & mtab 139 6.3.5.3). Checking File System Integrity 143 6.3.6. Disk Quota Management 144 6.3.6.1). Configuring and Implementing Disk Quotas on Partitions 145 6.3.6.2). Managing Disk Quotas 148 6.3.7. RAID Setup 149 6.3.7.1). Linear Raid Setup 150 6.3.7.2). RAID-0 Setup 151 6.3.7.3). RAID-1 Setup 152 6.3.7.4). RAID-5 Setup 153 7. NETWORKING AND NETWORK SERVICES 153 7.1. Networking Overview 153 7.1.1. OSI Reference Model 153 7.1.2. TCP/IP Networks 155 7.1.2.1). Layers in the TCP/IP Protocol Architecture 156 7.1.3. LAN Network 156 7.1.3.1). Area Networks 156 7.1.3.2). LAN Basics 157 7.1.3.3). LAN Protocols and the OSI Reference Model 158 7.1.3.4). LAN Media-Access Methods 159 7.1.3.5). LAN Transmission Methods 161 7.1.3.6). LAN Topologies 161 7.1.3.7). LAN Devices 163 7.1.4. WAN Basics 166 7.1.4.1). WAN Networks 167 7.1.4.2). WAN Virtual Circuits 169 7.1.4.3). WAN Devices 170 7.1.4.4). Other Area Networks 172

7.1.5. Ethernet and Networking Hardware 172 7.1.5.1). Ethernet Network Medium 173 7.1.5.2). Ethernet Network Interface 175 7.1.6. Internet Protocol or IP Address 175 7.1.6.1). IP Address Notation and Classes of Networks 176 7.1.7. Transmission Control Protocol 177 7.1.8. User Datagram Protocol 178 7.1.9. Connection Ports 178 7.1.10. Address Resolution 178 7.1.11. IP Routing 178 7.1.11.1). Subnetworks 179 7.1.11.2). Gateways 180 7.1.11.3). Routing Table 180 7.2. Linux Network Administration 181 7.2.1. Network Configuration Files 181 7.2.2. Network Administration Commands 182 7.2.2.1). IP Address Assignment 182 7.2.2.2). Setting up Routing 184 7.2.2.3). Network Monitoring/ Analysis Tools 186 7.2.2.4) Changing the System Hostname 188 7.2.2.5). Networking terms 189 7.2.3. Packet Filtering Using Iptables 190 7.2.3.1). Network Address Translation (NAT) 190 7.2.3.2). Packet filtering tables 190 7.2.3.3). Built –In Chains for the different tables 191 7.2.3.4). Types of Targets 191 7.2.3.5). The Iptables Commandline 192 7.3. Network Information Service (NIS) 198 7.3.1. NIS Maps 198

7.3.2. NIS Domain 198 7.3.2.1). NIS Topologies used 198 7.3.3. NIS Server Installation and Configuration 199 7.3.3.1). Installing the NIS Server utility 199 7.3.3.2). Setting up the NIS domain name 200 7.3.3.3). Configuring and starting the deamon ypserv 200 7.3.3.4). Initializing the NIS Maps 202 7.3.3.5). Starting the NIS Password Deamon 202 7.3.3.6). Starting the Server Transfer deamon 203 7.3.3.7). Modifying the startup process to start NIS at Boot 203 7.3.4). Installing and Configuring the NIS Client 203 7.3.4.1). Installing the ypbind utility 203 7.3.4.3). Configure and start the NIS client deamon 204 7.3.4.4). Test the Client daemon 204 7.3.4.5). Configuring the NIS Client startup files 205 7.3.4.6). NIS Configuration Files/Commands 205 7.3.5. More about NIS 208 7.4. Network File Systems (NFS) 209 7.4.1. Main Configuration Files 209 7.4.1.1). /etc/exports file 209 7.4.1.2). /etc/hosts.allow and /etc/hosts.deny 210 7.4.2. NFS Server Setup 212 7.4.2.1). Pre-requisites 212 7.4.2.2). The NFS Daemons and starting them 213 7.4.2.3). Verifying that NFS is running 214 7.4.2.4). Making changes to /etc/exports later on 215 7.4.3. Setting up an NFS Client 215 7.4.3.1). Mounting remote directories 215

7.4.3.2). Getting NFS File Systems to Be Mounted at Boot Time 216 7.4.3.3). Options for Mounting 216 7.4.4. Using Automount services (Autofs) 217 7.4.4.1). Autofs Setup 217 7.4.4.2). Starting and Stopping Autofs 218 7.5. TCP Wrappers and Xinetd Services 219 7.5.1. TCP Wrappers 219 7.5.1.1). Advantages of TCP Wrappers 220 7.5.1.2). TCP Wrappers Configuration Files 220 7.5.2. Xinetd 222 7.5.2.1). /etc/xinetd.conf 223 7.5.2.2). The /etc/xinetd.d/ Directory 224 7.5.2.3). Access Control Options 225 7.5.2.4). Logging Options 227 7.5.2.5). Binding and Redirection Options 227 8. SHELL SCRIPTING 229 8.1. Shell Scripting Basics 229 8.1.1. Variables in Shell 230 8.1.1.1). Defining User-defined variables 231 8.1.1.2). Rules for naming variables 232 8.1.1.3). The “echoâ€

command 232

8.1.2. Shell arithmetic 232 8.1.3. Understanding Quotes inside the Shell 233 8.1.4. Finding the Exit Status of a Command Execution 234 8.1.5. Reading input from the Standard Input 235 8.1.6. Command Line Arguments 235 8.1.7. Structured Language Constructs 236 8.1.7.1). Decision Making 236 8.1.7.2). Flow Control 237

8.1.7.3). Loop Constructs 240 8.1.7.4). Debugging a Shell script 243 8.2. Advanced Shell Scripting 244 8.2.1. /dev/null 244 8.2.2. Conditional Execution using && and || 244 8.2.3. I/O Redirection and file descriptors 245 8.2.4. Essential Utilities 245 8.2.4.1). cut 245 8.2.4.2). paste 247 8.2.4.3). join 247 8.2.4.4). tr 248 8.2.4.5). uniq 249 8.2.5. Awk Utility 249 8.2.5.1). Understanding Awk Basic Examples 249 8.2.5.2). Doing arithmetic and user defined variables with awk 251 8.2.6. The sed Utility 253 8.2.6.1). Sample sed Commands/Scripts 254 9. INSTALLING LINUX SOFTWARE/KERNEL 256 9.1. RPM Installations 256 9.1.1. Getting the RPM source 256 9.1.2. Manually installing rpms 257 9.1.3. RPM Installation Errors 257 9.1.4. Installing Source Rpms 258 9.1.5. Listing Installed RPMs 259 9.1.6. Listing Files Associated with RPMs 259 9.1.6.1). Listing Files for Already Installed RPMs 260 9.1.6.2). Listing Files in RPM Files 260 9.1.6.3). Listing the RPM to Which a File Belongs 261

9.1.7. Uninstalling Rpms 261 9.2. Software Installations from Source using Tarballs 261 9.2.1. The GCC Compiler 261 9.2.2. Steps for installing from Tarball 262 9.3. Linux Kernel Recompilation 263 9.3.1. Linux kernel – A Modular Kernel 263 9.3.2. Recompiling the kernel 264 9.3.2.1) PreRequisites 264 9.3.2.2) Checking the current kernel and Redhat version 265 9.3.2.3). Kernel Recompilation Steps 265 9.3.3. Command Line Tools for Kernel level administration 269 9.3.3.1). Kernel Modules Management 269 9.4 . More About Lilo and Grub 270 9.4.1. Grub (Grand Unified Boot loader) 270 9.4.1.1). Stages in Grub Loading 271 9.4.1.2). Direct Loading and Chain Loading Booting Methods 271 9.4.1.3). Naming Conventions and Partitions used by Grub 272 9.4.1.4). Installing and Booting Grub 274 9.4.1.5). GRUB Interfaces 275 9.4.1.6). GRUB Commands 276 9.4.1.7). GRUB Menu Configuration File 278 9.4.1.8). Changing Runlevels at Boot Time 280 9.4.2. LILO or Linux Loader 280 9.4.2.1). LILO Booting stages 281 9.4.2.2) Lilo Configuration File 281 9.4.2.3). Installing lilo 283 9.4.2.4). Changing Runlevel at Boot Time 283 10. LINUX SERVICES 284 10.1. Open SSH Server 284

10.1.1. Configuring an OpenSSH server 284 10.1.2. Configuring an OpenSSH Client 284 10.1.2.1). Using the SSH command 285 10.1.2.2). Using the scp Command 286 10.1.2.3). Using the sftp Command 287 10.1.2.4). Generating Key Pairs 287 10.2. Berkeley Internet Name Domain (BIND) Server 289 10.2.1. Nameserver Zones 289 10.2.2. Types of Nameservers 290 10.2.3. BIND as a Nameserver 290 10.2.3.1). Configuration Files 290 10.3. File Transfer Program or FTP 291 10.3.1. FTP server/client 292 10.3.2. FTP Commandline Interface 292 10.3.2.1) Anonymous FTP 294 10.3.2.2) Common FTP Commands 294 10.4. Service Manager : chkconfig ,ntsysv , xinetd 295 10.4.1. ChkConfig 295 10.4.1.1). Chkconfig commandline Usage 296 10.4.2. Ntsysv 297 10.4.3. Xinetd Services 297 10.5. Telnet Program 298 10.6. Dynamic Host Configuration Protocol (DHCP) 298 10.6.1. Advantages of DHCP 299 10.6.2. DHCP server/Client 299 10.6.2.1). DHCP server configuration file 299 10.6.2.2). DHCP communication between server-client 299 10.6.2.3). DHCP Client configuration 301

10.7. Linux Samba Server 301 10.7.1. Samba configuration file 301 10.7.1. Samba password file for Clients 302 10.8. Linux Proxy Server – Squid 302 10.8.1. Squid Package and Config File 303 10.8.2. Stopping , Starting and Restarting Squid 303 10.8.3. Configuring squid Clients 303 11. SECURING LINUX SYSTEMS 303 11.1. Physical Security 304 11.2. Local Security 304 11.2.1. Checking for Unlocked Accounts 304 11.2.2. Checking for Unused Accounts 305 11.3. Files and File system Security 305 11.3.1. Default Umask 305 11.3.2. SUID/SGID Files 306 11.3.3. World-Writable Files 306 11.3.4. Setting File System Limits 307 11.3.5. Unowned Files 307 11.3.6. Protecting Binaries like Compilers 307 11.3.7. Integrity Checking 308 11.3.8. Trojan Horses, Backdoors and Rootkits 308 11.3.8.1). Nmap tool 309 11.4. Password Security and Encryption 311 11.4.1. Encryption Methods 311 11.4.1.1). DES (Data Encryption Standard) 311 11.4.1.2). PGP and Public-Key Cryptography 311 11.4.2. Authentication Methods 312 11.4.2.1). PAM - Pluggable Authentication Modules 312 11.4.2.2). Cryptographic IP Encapsulation (CIPE) 312

11.4.2.3). Kerberos 313 11.4.3. Enforcing Stronger Passwords 313 11.4.4. Locking User Accounts After Many Login Failures 314 11.4.5. Restricting Direct Login for System/Shared Accounts 315 11.4.6. Password Cracking/Brute Force Attack 316 11.4.6.1). How the brute force attack works? 316 11.4.6.2). Signs of a brute force attempt 317 11.4.6.3). Tools to stop and prevent brute force hack attempts 317 11.5. Network Security 318 11.5.1. Network Intruders and Attacks 318 11.5.1.1). Packet Sniffers 318 11.5.1.2). Denial Of Service (DOS) Attacks 318 11.5.1.3). Attacks via IP Spoofing 322 11.5.2. TCP Wrappers and xinetd 324 11.5.2.1). Controlling DOS Attacks Via Xinetd 325 11.5.3. SATAN, ISS, and Other Network Scanners 326 11.5.3.1). Detecting Port Scans 327 11.5.4. Securing SSH 327 11.5.5. Securing NFS 328 11.5.5.1). Restricting Incoming NFS Requests 329 11.5.6. Kernel Tunable Security Parameters 330 11.5.6.1). Enable TCP SYN Cookie Protection 331 11.5.6.2). Disable IP Source Routing 331 11.5.6.3). Disable ICMP Redirect Acceptance 331 11.5.6.4). Enable IP Spoofing Protection 331 11.5.6.5). Enable Ignoring to ICMP Requests 332 11.5.6.6). Enable Ignoring Broadcasts Request 332 11.5.6.7). Enable Bad Error Message Protection 332

11.5.6.8).Enable Logging of Spoofed/Source Routed/Redirect Packets 332

1. OVERVIEW OF THE LINUX OPERATING SYSTEM

1.1. What is an Operating System? In simple terms, an operating system is a manager. It manages all the available resources on a computer. These resources can be the hard disk, a printer, or the monitor screen. Even memory is a resource that needs to be managed. Within an operating system are the management functions that determine who gets to read data from the hard disk, what file is going to be printed next, what characters appear on the screen, and how much memory a certain program gets.

For example, if you own a car, you don't really need to know the details of the internal combustion engine to understand that this is what makes the car move forward. You don't need to know the principles of hydraulics to understand what isn't happening when pressing the brake pedal has no effect.

An operating system is like that. You can work productively for years without even knowing what operating system you're running on, let alone how it works. Sometimes things go wrong. In many companies, you are given a number to call when problems arise, you report what happened, and it is dealt with.

By having a working knowledge of the principles of an operating system you are in a better position to understand not only the problems that can arise, but also what steps are necessary to find a solution. There is also the attitude that you have a better relationship with things you understand. Like in a car, if you see steam pouring out from under the hood, you know that you need to add water. This also applies to the operating system.

Linux is an operating system like many others, such as DOS, Macintosh etc. In this section, I am going to discuss what goes into an operating system, what it does, how it does it, and how you, the user, are affected by all this.

1.1.1. Features of OS

1. Multitasking

An Operating system that is capable of allowing multiple software processes to be run at the same time. It can do so by actually switching back and forth between each tasks extremely fast. This is the concept of multitasking. That is, the computer is working on multiple tasks "at the same time."

2. Multi-users

A multi-user Operating System allows for multiple users to use the same computer at the same time and/or different times. That is, the operating system needs to keep track of whose program, or task, is currently writing its file to the printer or which program needs to read a certain spot on the hard disk, etc. This is the concept of multi-users, as multiple users have access to the same resources.

3. Multi Processing

A Multi Processing Operating System is one which is capable of supporting and utilizing more than one computer processor. Multiprocessing systems are much more complicated than single-process systems because the operating system must allocate resources to competing processes in a reasonable manner. Therefore, if a computer has multiple CPUs, it can do multiprocessing.

4. Process Management

One basic concept of an operating system is the process. A process is more than just a program. Especially in a multi-user, multi-tasking operating system such as UNIX, there is much more to consider. Each program has a set of data that it uses to do what it needs. Often, this data is not part of the program. For example, if you are using a text editor, the file you are editing is not part of the program on disk, but is part of the process in memory. If someone else were to be using the same editor, both of you would be using the same program. However, each of you would have a different process in memory.

* Child/Parent Process : When you log onto a Linux system, you usually get access to a command line interpreter, or shell. This takes your input and runs programs for you. If you were to start up an editor, your file would be loaded and you could edit your file. The interesting thing is that the shell has not gone away. It is still in memory. The editor is simply another process that belongs to you. Because it was started by the shell, the editor is considered a "child" process of the shell. The shell is the parent process of the editor. (A process has only one parent, but may have many children.)

* Daemons : In addition to user processes, such as shells, text editors, and databases, there are system processes running. These are processes that were started by the system. Several of these deal with managing memory and scheduling turns on the CPU. Others deal with delivering mail, printing, and other tasks that we take for granted. In principle, both of these kinds of processes are identical. However, system processes can run at much higher priorities and therefore run more often than user processes. Typically a system process of this kind is referred to as a daemon process or background process because they run behind the scenes (i.e. in the background) without user intervention. It is also possible for a user to put one of his or her processes in the background.

In short, the OS keeps track of all the processes running on the system and also manages multitasking and multiprocessing.

5. Memory Management

On UNIX, when you run a program (like any of the shell commands you have been using), the actual computer instructions are read from a file on disk from one of the bin/ directories and placed in RAM. The program is then executed in memory and becomes a process. When the process has finished running, it is removed from memory.

The CPU assists the operating system in managing users and processes. This shows how multiple processes might look in memory:

You can see that many processes could be sharing the same portion of the memory. We'll look into this topic in more detail at a later stage.

1.2. Introduction to Linux Operating System

1.2.1. History of Linux

Linux is a freely distributable version of UNIX.

* UNIX was born at the end of the 1960's and began as a one-man project designed by Ken Thompson of Bell Labs and had grown to become the most widely used operating system.

* Linus Torvalds, who was then a student at the University of Helsinki in Finland, developed Linux in 1991. It was released for free on the Internet.

* He was inspired by MINIX which was written from scratch by Andrew S. Tanenbaum, a US-born Dutch professor who wanted to teach his students the inner workings of a real operating system. It was designed to run on the Intel 8086 microprocessors that had flooded the world market. As an operating system, MINIX was not a superb one. But it had the advantage that the source code was available and served as a source of inspiration for Torvolds.

1.2.2. Linux kernel and distributions.

Linux kernel is the core of the Linux OS and is called the “Chief of Operations†. Although Linux is technically only the kernel, it is commonly considered to be all of the associated programs and utilities. Combined with the kernel, the utilities and often some applications comprise a commercial distribution.

A distro comprises a prepackaged kernel, system utilities, GUI interfaces and application programs and its the kernel which puts the linux into all the distributions.

Some of the popular Linux distros are RedHat, Mandrake, Suse ,Debian etc.

* RedHat RedHat Linux is considered by many to be the best distribution for beginners. It is designed for those who simply want to get Linux working on their system with a minimum amount of effort.

* Mandrake Mandrake is a good choice for someone is who is just starting Linux and wants all the new hardware support. The best thing about Mandrake is that its still RedHat compatible, so support is as plentiful as RedHat support from the Linux Community.

* Debian

Debian is for those who would like to learn the inner workings of Linux, yet demand more friendly features than are provided with distros like Slackware. Prior knowledge of Unix and Linux is recommended before trying this distribution.

* Slackware Slackware is one of the oldest distributions of Linux. It lacks many 'userfriendly' features that can be taken for granted with many other distros.

* SuSE Originally begun as a German Linux distribution, SuSE has become increasingly popular in the US and is the number one Linux distibution in Europe. It is considered one of the most complete distros available, with many software packages available for almost any application. SuSE is a great distro for beginners, on par with Red Hat.

* Corel Corel is a distribution aimed at new users, offering an attractive graphical interface and quick setup. Installing new applications not included with the distribution is troublesome, however.

* LinuxPPC LinuxPPC is a powerful and easy-to-use port of Linux to the PowerPC platform.

* FreeBSD FreeBSD is a "Linux-like" free Unix operating system based on the BSD source code. Its main focus is for servers, but it can also function as a workstation OS, supporting most Linux applications. The extensive "Ports Collection" makes installation of software simple and relatively painless, but hardware support tends to lag behind Linux.

* Fedora and RedHat Enterprise Linux Fedora and RedHat Enterprise Linux are two descendants of Red Hat Linux .

The Fedora Project is one of the sources for new technologies and enhancements that may be incorporated into Red Hat Enterprise Linux in the future. The goal of the Fedora Project is to work with the Linux community to build a complete, general purpose operating system exclusively from open source software. RedHat Enterprise Linux is based on subscription which comes with a charge and has both Server as well as Client Solutions.

1.2.3. Open Source Nature of Linux

Linux is developed under the GNU General Public License which means the source code for Linux is freely available to everyone.The GNU project by Richard Stallman was a software movement to provide free and quality software.The first organized effort to produce open source software was the Free Software Foundation (FSF), founded by Richard M. Stallman (known as RMS) in 1985

The FSF developed this concept into the GNU Public License (GPL), a software distribution license that stipulates (in a nutshell):

* Software released under the GPL shall be freely distributable * The software shall be distributed along with its source code * Anyone is free to modify the source code and change the program, as long as the resulting program is also freely distributable and modifiable.

Around half of the open source software available today is made available under the terms of the GPL.

1.3. Structure of Linux OS and the linux kernel 1.3.1. Overview of the Linux OS and Kernel Structure The Linux operating system is composed of four major subsystems as shown in the diagram below:

* User Applications -- the set of applications in use on a particular Linux system will be different depending on what the computer system is used for, but typical examples include a text editor and a web-browser. * O/S Services -- these are services that are typically considered part of the operating system (a windowing system, command shell, etc.); also, the

programming interface to the kernel (compiler tool and library) is included in this subsystem. * Linux Kernel -- this is the main area of interest which abstracts and mediates access to the hardware resources, including the CPU. * Hardware Controllers -- this subsystem is comprised of all the possible physical devices in a Linux installation; for example, the CPU, memory hardware, hard disks, and network hardware are all members of this subsystem. The Linux kernel presents a virtual machine interface to user processes. The kernel actually runs several processes concurrently, and is responsible for mediating access to hardware resources so that each process has fair access to processor memory while inter-process security is maintained. The Linux kernel is composed of five main subsystems: 1. The Process Scheduler (SCHED) : is responsible for controlling process access to the CPU. The scheduler enforces a policy that ensures that processes will have fair access to the CPU, while ensuring that necessary hardware actions are performed by the kernel on time. 2. The Memory Manager (MM) : permits multiple process to securely share the machine's main memory system. In addition, the memory manager supports virtual memory that allows Linux to support processes that use more memory than is available in the system. Unused memory is swapped out to persistent storage using the file system then swapped back in when it is needed. It also handles requests for run-time memory allocation. 3. The Virtual File System (VFS): abstracts the details of the variety of hardware devices by presenting a common file interface to all devices. In addition, the VFS supports several file system formats that are compatible with other operating systems. 4. The Network Interface (NET): provides access to several networking standards and a variety of network hardware. 5. The Inter-Process Communication (IPC) : subsystem supports several mechanisms for process-to-process communication on a single Linux system. Processes communicate with each other and with the kernel to coordinate their activities. A visual representation of the structure of the linux kernel is given below.

* dd This diagram emphasizes that the most central subsystem is the process scheduler: all other subsystems depend on the process scheduler since all

subsystems need to suspend and resume processes. Usually a subsystem will suspend a process that is waiting for a hardware operation to complete, and resume the process when the operation is finished.

The other dependencies are somewhat less obvious, but equally important:

* The process-scheduler subsystem uses the memory manager to adjust the hardware memory map for a specific process when that process is resumed.

* The inter-process communication subsystem depends on the memory manager to support a shared-memory communication mechanism. This mechanism allows two processes to access an area of common memory in addition to their usual private memory.

* The virtual file system uses the network interface to support a network file system (NFS), and also uses the memory manager to provide a ramdisk device.

* The memory manager uses the virtual file system to support swapping; this is the only reason that the memory manager depends on the process scheduler. When a process accesses memory that is currently swapped out, the memory manager makes a request to the file system to fetch the memory from persistent storage, and suspends the process.

On top of these five components comes the System Call Interface that hides the hardware layer for the user applications. We'll be dealing with these topics in more detail later.

1.3.2. Modular kernel

* One of the greatest advantage of Linux Kernel is it's modular structure. Most of the Linux kernel is built as a collection of source modules.

* The required modules are compiled together while the kernel is being built. But that's not all. The Linux kernel has the ability to load and unload

the modules according to the requirement on the fly without the requirement of system shutdowns. That is the reason why the Linux kernel is a Dynamic Kernel.

* This is also the reason why Linux can run on such a wide variety of hardware platforms. A developer has only to port the machine specific modules to support new hardware.

2. BASICS OF LINUX

2.1. The Linux Shell Linux is a multitasking, multiuser operating system, which means that many people can run many different applications on one computer at the same time. Before you can use a newly installed Linux system, you must set up a user account for yourself. It's usually not a good idea to use the root account for normal use; you should reserve the root account for running privileged commands and for maintaining the system. 2.1.1. Types of linux shell

Shell is a linux commandline interface and there are different types of shell in Linux. Each shell has its own pro's and con's, but each shell can perform the same basic tasks. The main difference between them is the prompt, and how they interpret commands.

* bash : Bourne Again Shell , developed by Free Software Foundation

* sh : Bourne Shell , named after its creator Steve Bourne

* csh : C Shell , came as part of Unix implementation

* ksh : Korn Shell named after David Korn.

All the shells above come as a standard part of any Linux distro. The most common shell used by default on Linux systems is bash. In bash, the default prompt for a user is a $ sign. Unless you are logged in as root in which case it the # sign.

When you enter a command, the shell does several things.

* First, it checks the command to see if it is internal to the shell. (That is, a command which the shell knows how to execute itself. There are a number of these commands, and we'll go into them later.)

* The shell also checks to see if the command is an alias, or substitute name, for another command.

* If neither of these conditions apply, the shell looks for a program, on disk, having the specified name. If successful, the shell runs the program, sending the arguments specified on the command line.

2.2. File System / Directory Structure

2.2.1. FileSystem Hierarchy Standard

* In Linux (and Unix), everything is a file. Rather, everything is mapped by the system on to a file. Thus, a hard-disk partition is one file, a detected hardware device is a file, a semaphore for IPC is still another. * Linux file-system structure is like a tree with the root Directory denoted as '/'. The entire system resides under this root directory. Everything starts from the root directory, represented by '/', and then expands into subdirectories. Where DOS/Windows had various partitions and then directories under those partitions, Linux places all the partitions under the root directory by 'mounting' them under specific directories. * The official way files are organized in Linux is called the "Filesystem Hierarchy Standard" (FHS).

The following directories, or symbolic links to directories, are required in /.

1. . bin ---------- Essential command binaries /bin contains commands that may be used by both the system administrator and by users, but which are required when no other filesystems are mounted (e.g. in single user mode). It may also contain commands which are used indirectly by scripts.

* There must be no subdirectories in /bin. * It should not be mounted separately.

2. boot ------- Static files of the boot loader This directory contains everything required for the boot process except configuration files not needed at boot time and the map installer. Thus /boot stores data that is used before the kernel begins executing user-mode programs. This may include saved master boot sectors and sector map files.

* The operating system kernel must be located in /boot. * Its usually mounted as a separate partition on the hard-disk.

3. dev -------- Device files This is a very interesting directory that highlights one important characteristic of the Linux filesystem - everything is a file or a directory. Look through this directory and you should see hda1, hda2 etc which represent the various partitions on the first master drive of the system. /dev/cdrom and /dev/fd0 represent your CDROM drive and your floppy drive. This may seem strange but it will make sense if you compare the characteristics of files to that of your hardware. Both can be read from and written to. Take /dev/dsp, for instance. This file represents your speaker device. So any data written to this file will be re-directed to your speaker. Try 'cat /etc/lilo.conf > /dev/dsp' and you should hear some sound on the speaker.

* It should not be mounted separately.

2. etc -------- Host-specific system configuration The /etc hierarchy contains configuration files. A "configuration file" is a local file used to control the operation of a program; it must be static and cannot be an executable binary.

* No binaries may be located under /etc.

3. home --------- User home directories (optional) Linux is a multi-user environment so each user is also assigned a specific directory which is accessible only to them and the system administrator. These are the user home directories, which can be found under /home/username

4. lib -------- Essential shared libraries and kernel modules This contains all the shared libraries that are required by system programs. Windows equivalent to a shared library would be a DLL file.These libraries are needed to boot the system and run the commands in the root filesystem, ie. by binaries in /bin and /sbin.

5. media ------- Mount point for removeable media (Optional) This directory contains subdirectories which are used as mount points for removeable media such as floppy disks, cdroms and zip disks.

6. mnt -------- Mount point for mounting a filesystem temporarily This is a generic mount point under which you mount your filesystems or devices. Mounting is the process by which you make a filesystem available to the system. After mounting your files will be accessible under the mount-point. This directory usually contains mount points or sub-directories where you mount your floppy and your CD. You can also create additional mount-points here if you want.

7. opt --------- Add-on application software packages /opt is reserved for the installation of add-on application software packages. A package to be installed in /opt must locate its static files in a separate /opt/<package> directory tree, where <package> is a name that describes the software package

8. sbin ---------- Essential system binaries

This directory contains all the binaries that are essential to the working of the system. These include system administration as well as maintenance and hardware configuration programs. Find lilo, fdisk, init, ifconfig etc here. These are the essential programs that are required by all the users. Another directory that contains system binaries is /usr/sbin. This directory contains other binaries of use to the system administrator. This is where you will find the network daemons for your system along with other binaries that only the system administrator has access to.

9. srv ----------- Data for services provided by this system (Optional) /srv contains site-specific data which is served by this system.

10. tmp ---------- Temporary files This directory contains mostly files that are required temporarily. Many programs us this to create lock files and for temporary storage of data.

11. usr ----------- Secondary hierarchy /usr is the second major section of the filesystem. It needs to be safe from being overwritten when the system software is updated. * Locally installed software must be placed within /usr/local rather than /usr unless it is being installed to replace or upgrade software in /usr. * X and its supporting libraries can be found here. User programs like telnet, ftp,apache etc are also placed here. * /usr/doc contains useful system documentation. /usr/src/linux contains the source code for the Linux kernel.

12. var ---------- Variable data /var contains variable data files. This includes spool directories and files, administrative and logging data, and transient and temporary files. Some portions of /var are not shareable between different systems. For instance, /var/log, /var/lock, and /var/run. This directory contains spooling data like mail and also the output from the printer daemon.

* The system logs are also kept here in /var/log/messages.

* You will also find the database for BIND in /var/named and for NIS in /var/yp.

12. proc --------- Memory resident file system The Proc psuedo file system is a real time, memory resident file system that tracks the processes running on your machine and the state of your system. The most striking factor about the /proc file system is the fact that the file system doesn't exist on any particular media. The /proc File System is a pseudo file system residing in the virtual memory and maintains highly dynamic data on the state of your operating system.

Most of the information in the /proc file system is updated to match the current state of the operating system. The contents of the /proc file system can be read by anyone who has the requisite permissions.

* Have you ever wondered where exactly the information dished out to you by the "ps" and the "top" process comes from? The information for these processes come from the /proc file system which is updated on the fly as changes take place in the processes.

More info on FHS: Reference link : http://www.pathname.com/fhs/pub/fhs-2.3.html 2.3. Elementary Linux Commands 2.3.1. User/Group Management

Before you can use a newly installed Linux system, you must set up a user account for yourself. It's usually not a good idea to use the root account for normal use; you should reserve the root account for running privileged commands and for maintaining the system.

* Users can be either people, meaning accounts tied to physical users, or accounts which exist for specific applications to use such as the apache user.

* Groups are logical expressions of organization, tying users together for a common purpose. Users within the same group can read, write, or execute files owned by the group.

* Each user and group have a unique numerical identification number called a userid (UID) and a groupid (GID) respectively.

* On Linux servers, user and group ids lower than 100 are reserved for priveleged system users on the linux machine.

The following command line tools can be used to manage users and groups:

1. Creating a User In order to create an account for yourself, log in as root and use the useradd or adduser command. $ useradd carma

* When a user carma is added, there is an entry created inside the configuration file /etc/passwd corresponding to that user as below. carma:x:504:509::/home/carma:/bin/bash

* The number 504 is the user id for the user ‘carma’ on the linux machine and 509 the group id of the group to which the user carma belongs.

2. Setting password for the user You can set the password for a user using the command "passwd". The same command stands good for changing a user password as well.

$ passwd carma

* In multiuser environments it is very important to use shadow passwords (provided by the shadow-utils package).

*

Doing so enhances the security of system authentication files.

* For this reason, the Red Hat Linux installation program enables shadow passwords by default. And hence, the passwords set for a linux user is stored inside the file ‘/etc/shadow’ in encrypted form.

3. Logging In

At login time, you'll see the a prompt resembling the following on your screen:

Here, enter your username, and press the Return key.

Now, enter your password. It won't be echoed to the screen when you login, so type carefully. If you mistype your password, you'll see the message that the login is incorrect and you'll have to try again. Once you have correctly entered the username and password, you are officially logged into the system

3. Logging out At the shell prompt, use the command "exit" to logout of the shell or by using .

$ exit

3. Deleting a User A linux user can be deleted by using the commandline ‘userdel’.This command will delete the files from the users home directory, the entry for this user from /etc/passwd, /etc/group ,/etc/shadow.

$ userdel <user>

3. Modifying a User

The usermod command modifies the system account files to reflect the changes that are specified, like Home dir, password, etc. on the command line. Some example usages for the usermod command is given below:

* Create the new home directory for carma in /home2 & move old dir contents to this directory. $ usermod -d /home2/carma carma

* Set carma's initial group as carma12. $ usermod -g carma12 carma

* Set the new passwd for carma to ‘newpass’. $ usermod –p newpass carma

* Set Bash as the default login shell for carma. $ usermod -s /bin/bash carma

* Lock a user's password. This puts a “!†in front of the encrypted password for that user inside /etc/shadow file, effectively disabling the password. $ usermod –L carma

* Unlock a user’s password. It’ll remove the lock( !) from the password field for that user in /etc/shadow. $ usermod –U carma

3. Creating User Groups

The group for a user can be created using the "groupadd" command.

$ groupadd nobody

* When a group is added, the group info gets stored inside the file /etc/group, and the entry for the group nobody is as shown below. nobody:x:99:

* In the entry below, 99 is the groupid of the group ‘nobody’.

3. Deleting User Groups

The group for a user can be deleted by using the “groupdel†command. Deleting a group removes the group info from the /etc/group file. $ groupdel nobody

9. Modifying User Group

A user group can be modified using the ‘groupmod’ command. The groupmod command modifies the system account files to reflect the changes that are specified on the command line for a group. The two options available with this are

* Change the group id of a group .Note that the gid specified should be unique. $ groupmod –g eg: $ groupmod –g 520 carma

* Change the groupname for an existing group.For eg: to change the group name carma to carma1, use the commandline below. $ groupmod –n carma1 carma

10. Setting Group Password and manipulating Users’ Groups

The password for a group can be set or changed using the ‘gpasswd’ command. The group password for the user carma can be set using the commandline below.

$ gpasswd carma

* The password for the group ‘carma’ will be set inside the file /etc/gshadow.In normal cases, there is no group password set for any of the groups on a linux machine.

* This command can also be used to delete or add users belonging to a specific group.The commandline below will add carma to the group ‘nobody’ $ gpasswd –a <user> $ gpasswd –a carma nobody

* Similarly, the commandline below will delete the user carma from the group nobody

$ gpasswd –d <user> $ gpasswd –d carma nobody 10. Finding out a User’s Group The ‘groups’ command can be used to print the group to which a user belongs to.

$ groups carma

2.3.2. Some basic linux commands

1) ls : The "ls" (list) command lists the contents of the current directory. When used from a terminal, it generally uses colours to differentiate between directories, images, executable files etc. And the prompt reappears at the end.

Try out the following variations of the ls command, to see different forms of output: $ ls -l Produces a "long format" directory listing. For each file or directory, it also shows the owner, group, size, date modified and permissions

$ ls -a Lists all the files in the directory, including hidden ones. In Linux, files that start with a period (.) are usually not shown.

$ ls -R Lists the contents of each subdirectory, their subdirectories etc (recursive).

With the "ls" command, if you don’t specify any parameter, it will list the contents of the current directory. However, you could instead give it a parameter specifying what to list. For example if you type in "ls /usr", it will list the contents of the "/usr" directory

2. man : Almost every command in Linux has online help available from the command line, through the "man" (manual) command. Type in "man ls". The resulting page will describe the command, then describe every option, then give further details about the program, the author, and so on.

$ man ls

3. info : Another source of online help is the "info" command. Some Linux commands may supply both "man" and "info" documentation. As a general rule, "info" documentation is more verbose and descriptive, like a user guide, while "man" documentation is more like a reference manual, giving lists of options and parameters, and the meaning of each. $ info ls

The method for moving around in "info" is quite similar to "man" - you can also use the arrows and PgUp/PgDn to move, and Q to quit.

4.

–help : Most (but not all) programs have a --help option which displays a very short description of its main options and parameters. $ ls –help

5. date : Displays the current date and time or changes the system date and time to the specified value. $ date To set the date and time to “Sun Oct 6 16:55:16â€

, use the syntax

$ date –set='Sun Oct 6 16:55:16 EDT 2002'

5. cal : The 'cal' command displays a simple calendar and if no arguments are specified , the current month is displayed. $ cal $ cal -y

7. who : The who command displays info about the users currently logged unto the system and displays the following information : login name, terminal line, login time, remote hostname or X display. $ who $ who -m , who -u , who -H

8. who am i : Displaying info about yourself. This command displays your login name, terminal name , date and time of login. $ who am i

9. tty : Knowing your terminal The tty(teletype) command displays the name of the terminal you are working on. $ tty

10. cd : cd is the command for moving around in the directory structure , which is short for ``change directory''.

$ cd /home/carma

* Using cd with no argument will return you to your own home directory. * To move back up to the next higher (or parent) directory, use the command "cd .."

11. pwd : The pwd command displays the absolute pathname of the present working directory. $ pwd

12. mkdir : Creates a directory under the current working directory or in the path specified. $ mkdir /root/sample

13. rmdir : Removes the specified directory and the directory to be removed should not be under the current working directory.Note that rmdir deletes a directory, but only if the directory is empty $ rmdir /root/sample

14. cp : The cp command copies the files listed on the command line to the file or directory given as the last argument. Notice that we use “.'' to refer to the current directory. $ cp /etc/shells . $ cp /home/carma/test /root/test

15. mv: The mv command moves files, rather than copying them. Note that it actually renames the file or folder. $ mv /home/carma/test /home/carma/testfolder

16. rm : The rm command is used to a delete a file and stands for "remove". $ rm file1 file2 To delete files recursively and forcefully from a directory , you can use $ rm -rf /home/carma/testfolder

17. more : The more command is used for viewing the contents of files one screenful at a time. While using more, press Space to display the next page of text, and b to display the previous page. There are other commands available in more as well, these are just the basics. Pressing q will quit more. $ more /etc/services

18. file : Displays the file-type by examining its contents, with a very high degree of accuracy. The type of file like ASCII etc. $ file filename

19. locate : Locate file-or-directory-name searches for a file or directory in the entire hard disk and displays all the places it’s found. You can also specify a partial name or a section of the entire path. $ locate cron

20. cat : cat reads data from all of the files specified by the command line, and sends this data directly to stdout. Therefore, using the command you can view the contents of a text file from the command line, without having to invoke an editor. Cat is short for "concatenate" and you can use it with the -n option, which prints the file contents with numbered output lines. $ cat /root/test

$ cat -50 /var/log/messages

21. touch : ‘touch filename’ change the date/time stamp of the file to the current time.Or it will create an empty file if the file does not exist.

$ touch /home/carma/testfile You can change the stamp to any date using touch. $ touch -t 200501311759.30 (year 2005 January day 31 time 17:59:30).

There are three date/time values associated with every file on an ext2 filesystem: - the time of last access to the file (atime) - the time of last modification to the file (mtime) - the time of last change to the file's inode (ctime). Touch will change the first two of the value specified, and the last one always to the current system time.

21. tail : The tail command may be used to view the end of a file and you can specify the number of lines you want to view. If no number is specified, it will output the last 10 lines by default. $ tail /var/log/messages $ tail -100 /var/log/messages $ tail -f /var/log/messages ( The "-f" option indicates "Don't quit at the end of file; "follow" file as it grows and end when the user presses Ctrl-c").

23. head : head prints the beginning of a text file to standard putput. $ head /var/log/messages – Prints the first 10 lines of /var/log/messages. $ head -100 /var/log/messages - Prints first 100 lines instead of first 10.

24. last : Using last you can find out who has recently used the system, which terminals they used, and when they logged in and out.

$ last To find out when a particular user last logged in to the system, give his username as an argument $ last carma NOTE: The last tool gets its data from the system file `/var/log/wtmp'; the last line of output tells how far this file goes back. Sometimes, the output will go back for several weeks or more.

24. chsh : chsh command is used to change a users’ login shell. chsh will accept the full pathname of any executable file on the system. However, it will issue a warning if the shell is not listed in the /etc/shells file. A sample chsh session is given below which changes the shell for the user carma to /bin/bash. $ chsh carma Changing shell for carma. New shell [/usr/local/cpanel/bin/noshell]: /bin/bash Shell changed.

24. lynx : lynx is a text based browser for accessing the web pages on the internet from the linux command line interface. The general syntax for accessing the yahoo website using lynx is given below. $ lynx http://www.yahoo.com

24. w : An extension of the who command that displays details of all users currently on the server. This is a very important system admin tool to track who is on the server and what processes they are running.

The default setting for the w command is to show the long list of process details. You can also run the command w -s to review a shorter process listing, which is helpful when you have a lot of users on the server.

$ w $ w -s

24.

wget : Wget is a free utility for non-interactive download of files from the Web. It supports HTTP, HTTPS, and FTP protocols, as well as retrieval through HTTP proxies.

$ wget http://mirrors.ccs.neu.edu/Apache/httpd/httpd-2.0.54.tar.gz

24. su : Set User command is used to change the effective user id and group id to that of another USER. It thereby allows one user to temporarily become another user. If no USER is given, the default is `root', the super-user. If USER has a password, `su' prompts for the password unless run by a user with effective user id of zero (the super-user) $ su OR $ su root ( To change to the root user ) $ su carma

2.4. The X Window System

* The X Window System, commonly called "X," is a graphical windowing interface that comes with all popular Linux distributions.

* X is available for many Unix-based operating systems; the version of X that runs on Linux systems with x86-based CPUs is called "XFree86." The current version of X is 11, Revision 6 -- or "X11R6."

* All the command-line tools and most of the applications that you can run in the console can run in X; also available are numerous applications written specifically for X. 2.4.1. Running X

When you start X, you should see a mouse pointer appear on the screen as a large, black "X." If your X is configured to start any tools or applications, they should each start and appear in individual windows.

*

In X, each program or application in X runs in its own window. Each window has a decorative border on all four sides, called the window border; L-shaped corners, called frames; a top window bar, called the title bar, which displays the name of the window; and several title bar buttons on the left and right sides of the title bar .

* The entire visible work area, including the root window and any other windows, is called the desktop. The box in the lower right-hand corner, called the pager, allows you to move about a large desktop.

* A window manager controls the way windows look and are displayed -- the window dressing, as it were -- and can provide some additional menu or program management capabilities. There are many different window managers to choose from, with a variety of features and capabilities.

* Window managers typically allow you to customize the colors and borders that are used to display a window, as well as the type and location of buttons that appear on the window.

* And recently, desktop environments have become popular. These are a collection of applications that run on top of the window manager (and X), with the purpose of giving your X session a standardized "look and feel"; these suites normally come with a few basic tools such as clocks and file managers.

* The two popular ones are GNOME and KDE, and they generate a lot of press these days because of their graphical nature. 2.4.1.1). Starting X

There are two ways to start X. Some systems run the X Display Manager, xdm, when the system boots, at which point a graphical xdm login screen appears; you can use this to log in directly to an X session. On systems not running xdm, the virtual console reserved for X will be blank until you start X by running the startx command.

* To start X from a virtual console, type:

$ startx

* To run startx and redirect its output to a log file, type:

$ startx >$HOME/startx.log 2>&1 [RET]

* Both of these examples start X on the seventh virtual console, regardless of which console you are at when you run the command -- your console switches to X automatically.

* You can always switch to another console during your X session (using AltCtrl-F1, Alt-Ctrl-F2 etc upto Alt-Ctrl-F6). The second example writes any error messages or output of startx to a file called `startx.log' in your home directory.

* On some systems, X starts with 8-bit color depth by default. Use startx with the special `-bpp' option to specify the color depth. Follow the option with a number indicating the color depth to use, and precede the option with two hyphen characters (`--'), which tells startx to pass the options which follow it to the X server itself.

* To start X from a virtual console, and specify 16-bit color depth, type:

$ startx -- -bpp 16 [RET]

2.4.1.2). Stopping X

* To end an X session, you normally choose an exit X option from a menu in your window manager.

* If you started your X session with startx, these commands will return you to a shell prompt in the virtual console where the command was typed. If, on the

other hand, you started your X session by logging in to xdm on the seventh virtual console, you will be logged out of the X session and the xdm login screen will appear; you can then switch to another virtual console or log in to X again.

* To exit X immediately and terminate all X processes, press the [CTRL][ALT]-[BKSP] combination. You'll lose any unsaved application data, but this is useful when you cannot exit your X session normally -- in the case of a system freeze or other problem.

2.4.2. Running a Program in X

* Programs running in an X session are called X clients. (The X Window System itself is called the X server).

* To run a program in X, you start it as an X client -- either by selecting it from a menu, or by typing the command to run in an xterm shell window (see Running a Shell in X).

* To run an X client from the start menu, click the left mouse button to select the client's name from the submenus.

* You can also start a client by running it from a shell window -- useful for starting a client that isn't on the menu, or for when you want to specify options or arguments. When you run an X client from a shell window, it opens in its own window; run the client in the background to free the shell prompt in the shell window.

* To run a digital clock from a shell window or the opera web browser , type

$ xclock -digital & $ opera &

2.4.3. Command Line Options to X Client 2.4.3.1). Specifying Window Size and Location

* Specify a window's size and location by giving its window geometry with the `geometry' option. Four fields control the width and height of the windows, and the window's distance ("offset") from the edge of the screen. It is specified in the form:

-geometry WIDTHxHEIGHT+XOFF+YOFF

* To start a small xclock, 48 pixels wide and 48 pixels high, type: $ xclock -geometry 48x48

* To start an xclock with a width of 48 pixels and the default height, type: $ xclock -geometry 48

* To start an xclock with a height of 48 pixels and the default width, type: $ xclock -geometry x48

* You can give positive or negative numbers for the XOFF and YOFF fields. Positive XOFF values specify a position from the left of the screen; negative values specify a position from the right. If YOFF is positive, it specifies a position from the top of the screen; if negative, it specifies a position from the bottom of the screen. When giving these offsets, you must specify values for both XOFF and YOFF.

* To start an xclock with a width of 120 pixels, a height of 100 pixels, an x offset of 250 pixels from the right side of the screen, and a y offset of 25 pixels from the top of the screen, type:

$ xclock -geometry 120x100-250+25

2.4.3.2). Specifying Window Colors

The window colors available in your X session depend on your display hardware and the X server that is running. The xcolors tool will show all colors available on your X server and the names used to specify them.

* To list the available colors, type:

$ xcolors [RET]

Press [Q] to exit xcolors.

* To specify a color to use for the window background, window border, and text or graphics in the window itself, give the color name as an argument to the appropriate option: `-bg' for background color, `-bd' for window border color, and `-fg' for foreground color.

* To start an xclock with a light blue window background, type:

$ xclock -bg lightblue [RET]

2.4.3.3). Running a Shell in X

* Use xterm to run a shell in a window. You can run commands in an xterm window just as you would in a virtual console; a shell in an xterm acts the same as a shell in a virtual console.

* Unlike a shell in a console, you can cut and paste text from an xterm to another X client (see Selecting Text).

* To scroll through text that has scrolled past the top of the screen, type [Shift]-[PgUp]. The number of lines you can scroll back to depends on the value of the scrollback buffer, specified with the `-sl' option; its default value is 64.

* NOTE: xterm is probably the most popular terminal emulator X client, but it is not the only one; others to choose from include wterm and rxvt, all with their own special features -- try them all to find one you like.

3. FILE MANIPULATION AND MANAGEMENT 3.1. Files and Directories

3.1.1. Naming Files and Directories

* File names can consist of upper and lowercase letters, numbers, periods (`.'), hyphens (`-'), and underscores (`_').File names are also case sensitive. Directory names follow the same conventions as used with files. * Linux does not force you to use file extensions, but it is convenient and useful to give files proper extensions, since they will help you to identify file types at a glance. * Some commonly used file extensions are .html, .jpg, .xml, .php , .cgi , .pl , .gz

3.1.2. Making an Empty File/Directory

* You can create an empty file using the touch command. If a file does not exist, it creates it. $ touch newfile

* You can use mkdir to make a new directory giving the path name of the new directory as an argument. $ mkdir /home/carma/public_html/test123

* You can make a directory tree using mkdir with the '-p' option. $ mkdir -p work/support/security

This makes a `security' subdirectory in the directory called `support', which in turn is in a directory called `work' in the current directory; if the `support' or the `work' directories do not already exist, they are made as well.

3.1.3. Changing Directories

* You can change directories using the cd command. $ cd /home/carma

* Using just "cd" will take you to your home directory. $ cd

* Use "cd -" to return to the directory you were last in, $ cd -

* Every directory has two special files whose names consist of one and two periods. `..' refers to the parent of the current working directory, and `.' refers to the current working directory itself. If the current working directory is `/home/carma', you can use `.' to specify `/home/carma' and `..' to specify `/home'. Furthermore, you can specify the `/home/test' directory as ../test.

3.2. File Permissions 3.2.1. Concept of File Permissions and Ownership

Because there is typically more than one user on a Linux system, Linux provides a mechanism known as file permissions, which protect user files from tampering by other users. This mechanism lets files and directories be “owned'' by a particular user. For example, because the user Carma created the files in his home directory, Carma owns those files and has access to them.

* Sharing files between Groups : Linux also lets files be shared between users and groups of users. If Carma desired, he could cut off access to his files so that no other user could access them. However, on most systems the default is to allow other users to read your files but not modify or delete them in any way.

* Every file is owned by a particular user. However, files are also owned by a particular group, which is a defined group of users of the system.

* Every user is placed into at least one group when that user's account is created. However, the system administrator may grant the user access to more than one group.

* User Groups: Groups are usually defined by the type of users who access the machine. For example, on a university Linux system users may be placed into the groups student, staff, faculty or guest. There are also a few system-defined groups (like wheel and admin) which are used by the system itself to control access to resources--very rarely do actual users belong to these system groups. Each member of a group can work with the group's files and make new files that belong to the group. The system administrator can add new groups and give users membership to the different groups.

* File permissions fall into three main divisions: read, write, and execute. These permissions may be granted to three classes of users: (1) the owner of the file, (2) the group to which the file belongs, and (3) to all users, regardless of group.

* Read permission lets a user read the contents of the file, or in the case of directories, list the contents of the directory (using ls).

* Write permission lets the user write to and modify the file. For directories, write permission lets the user create new files or delete files within that directory.

* Finally, execute permission lets the user run the file as a program or shell script (if the file is a program or shell script). For directories, having execute permission lets the user cd into the directory in question.

3.2.2. Interpreting file permissions

Using the ls command with the -l option displays a ``long'' listing of the file, including file permissions.

$ ls -l testfile -rw-r--r-- 1 carma users 505 Mar 13 19:05 testfile

The first field in the listing represents the file permissions. The third field is the owner of the file (carma ) and the fourth field is the group to which the file belongs (users). Obviously, the last field is the name of the file (testfile). We'll cover the other fields later.

* This file is owned by carma, and belongs to the group users. The string rw-r--r-- lists, in order, the permissions granted to the file's owner, the file's group, and everybody else.

* The first character of the permissions string (``-'') represents the type of file. A “-'' means that this is a regular file (as opposed to a directory which is denoted by d or device driver).

* The next three characters (``rw-'') represent the permissions granted to the file's owner, carma. The ``r'' stands for ``read'' and the ``w'' stands for ``write''. Thus, carma has read and write permission to the file testfile.

* The next three characters, (“r--''), represent the group's permissions on the file. The group that owns this file is users. Because only an ``r'' appears here, any user who belongs to the group users may read this file.

* The last three characters, also (“r--''), represent the permissions granted to every other user on the system (other than the owner of the file and those in the group users). Again, because only an ``r'' is present, other users may read the file, but not write to it or execute it.

Here are some other examples of permissions:

3.2.3. File Permission Dependencies

The permissions granted to a file also depend on the permissions of the directory in which the file is located. For example, even if a file is set to rwxrwxrwx, other users cannot access the file unless they have read and execute access to the directory in which the file is located.

* For example, if Carma wanted to restrict access to all of his files, he could set the permissions to his home directory /home/carma to -rwx------. In this way, no other user has access to his directory, and all files and directories within it. Carma doesn't need to worry about the individual permissions on each of his files.

* In short, to access a file at all, you must have execute access to all directories along the file's pathname, and read (or execute) access to the file itself.

* Default permissions : The default set of permissions given to files is rw-r—r—which depends on the umask of that directory as discussed in the section below. And ,the usual set of permissions given to directories is drwxrxr-x, which lets other users look through your directories, but not create or delete files within them.

3.2.3.1). User file-creation mode mask

* The umask (UNIX shorthand for "user file-creation mode mask") is a fourdigit octal number that UNIX uses to determine the file permission for newly created files. * The umask specifies the permissions you do not want given by default to newly created files and directories. * Depending on the umask value of a directory, the permissions of a file or directory created under it can vary. * How umask is used to set and determine the default file creation permissions on the system is explained below. o

Default permissions are: 777 - Executable files , 666 - Text file. o The permission for the creation of new executable files is calculated by subtracting the umask value from the default permission value for the file type being created. o An example for a text file is shown below with a umask value of 022: 666 Default Permission for text file -022 Minus the umask value ---644 Allowed Permissions o Similary for a directory, the default permission will be 755 as calculated below: 777 – 022 (Umask value) = 755

* The commandline to set the umask on a directory is: $ umask 022

* The most common umask setting is 022. The /etc/profile script is where the umask command is usually set for all users.

3.2.4. Changing permissions

The command chmod is used to set the permissions on a file. Only the owner of a file or the root user may change the permissions on that file.

The syntax of chmod is chmod {a,u,g,o}{+,i}{r,w,x} filenames

Briefly, you first specify one or more of all, user, group, or other. Then you specify whether you are adding rights (+) or taking them away (-). Finally, you specify one or more of read, write, and execute.

Some sample commands are given below:

There is another way in which you can specify the file permissions. The permission bits r,w and x are assigned a number.

r = 4 ,w = 2 , x = 1 Now you can use numbers, which are the sum of the various permission bits. E.g - rwx will be 4+3+1 = 7. rx becomes 4+1 = 5. The chmod command now becomes

$chmod xyz filename where x,y and z are numbers representing the permissions of user, group and others respectively. Each number is the sum of the permissions to be set and are calculated as given above.

$ chmod 644 testfile 6 = 4 + 2 = rw , 4 = r ,4 = r 3.2.5. Understanding File Permissions Beyond "rwx" 3.2.5.1). 's' bit or 'Set User ID'/ SUID and 'Set Group ID' / SGID

'Set User ID'/ SUID bit

a) How to recognise it : If we change the permissions of a file to 4777 and list it back (in long format) the permissions will be shown as "-rwsrwxrwx". We can now see that the SUID bit for this file has been set by the presence of the "s". That's fine , but now we can't tell if the user execute bit is set, can we? Well actually, the case gives it away. A lower case "s" means that the execute bit is set, an upper case "S" means that it is clear. If we change the permissions of our file to 4677 the permissions will be shown as "-rwSrwxrwx".

b) What is it for? The SUID bit only comes into play if the file has execute permission. When such a file is executed, the resulting process takes on the effective user ID of the owner of that file . For example, say we have a program file owned by user "carma" with permissions "rwsrwxrwx". This file can be run by any user, however, the resulting process will have all the same access capabilities as carma. If it so chooses, it can read all the files that carma can read, it can write to all the files that carma can write to, and it can execute all the files that carma can execute.

c) How to set it ?

$ chmod 4nnn Or $ chmod u+s

d) Some points worth remembering.

1) Only make a file a root owned SUID if it absolutely has to be. 2. Keep up-to-date with the security fixes.

"Set Group ID" or SGID bit

a) How to recognise it : A file with permissions set to 2777 will be displayed as "-rwxrwsrwx". As before, a lower case "s" signifies that the group execute bit is set.

b) What is it for? On executable files, SGID has similar function as SUID, but as you might expect, the resulting process takes on the effective group ID of that of the file. When applied to directories, SGID takes on a special meaning. Any files created in such a directory will take on the same group ID as that of the directory, regardless of the group ID of the user creating the file.

For example, let's say we have a directory with permissions "drwxrwsrwx" owned by the group "rockers" and a user belonging to the group "carma" (we are talking about the user's main group ID here) comes along and creates a file in this directory. The resulting file will have a group ID of "rockers", not "carma" as would be the case in a normal directory. On non-executable files and nondirectories, the SGID bit has no effect.

c) How to Set it? It can be set as follows:

chmod 2nnn ie chmod 2755 /root/testdir

or chmod g+s 3.2.5.2). 't' bit or 'Sticky' bit :

a) How to recognise it : A file with permissions set to 1777 will be displayed as "-rwxrwsrwt". A lower case "t" signifies that the other execute bit is set.

b) What is it for? On Linux systems, the sticky bit only has an effect when applied to directories. A directory with this bit set will allow users to be able to rename or remove only those files which they own within that directory (other directory permissions permitting). It is usually found on tmp directories and prevents users from tampering with one another's files.

c) How to set it ? The sticky bit can be set as follows: chmod 1nnn ie chmod 1755 /root/testfile.html or chmod +t

3.2.5.3). The Other Mysterious Letters - "d", "l", "b", "c", "p"

You may have come across these little fellows in your travel through your file system. Here is just a brief explanation on each of them.

* d - Example "drwxrwxrwx". You probably haven't managed to get this far without knowing that this is a directory. I mention it here for completeness.

* l - Example "lrwxrwxrwx". This is file that links to another file and can accessing that file. The permissions on the permissions on the target file that

a symbolic link. A symbolic link is a be used as an alternative way of a symbolic link are irrelevant as it is count.

* b and c - Examples "brwxrwxrwx" and "crwxrwxrwx". These are found on special files called device files, located in the /dev directory (although there

is nothing to stop them from being created elsewhere). "b" refers to block devices (such as hard drives), "c" refers to character devices (such as printers).

* p - Example "pwrxrwxrwx". This is a special type of file called a "pipe". It allows two processes to pass data - one places data into the pipe, the other takes it out. This type of named pipe file is not often used.

3.2.5.4). Setting SUID, SGID, sticky bit on a single file

As with read, write, execute permissions, it is possible to mix and match SUID, SGID and sticky bit settings when using the octal style parameter to chmod. An extreme example would be:

$ chmod 7777 myfile

but there you have it, that's a file with all bits set .

# ls -la myfile -rwsrwsrwt 1 root root 0 Feb 26 16:39 myfile

3.3. Managing file links

Links let you give a single file more than one name. Files are actually identified by the system by their inode number, which is just the unique file system identifier for the file. A directory is actually a listing of inode numbers with their corresponding filenames. Each filename in a directory is a link to a particular inode.

3.3.1. Hard links

The ln command is used to create multiple links for one file. For example, let's say that you have a file called foo in a directory. Using ls -i, you can look at the inode number for this file.

$ ls -i foo 639098 foo

foo has an inode number of 639098 in the file system.

* You can create another link to foo, named foolink as follows: $ ln foo foolink

* With ls -i, you check the inodes for these two files and you will see that they have the same inode. $ ls -i foolink 639098 foolink

Now, specifying either foo or foolink will access the same file. If you make changes to foo, those changes appear in foolink as well. For all purposes, foo and foolink are the same file.

* These links are known as hard links because they create a direct link to an inode. Note that you can hard-link files only when they're on the same file system; symbolic links (explained) don't have this restriction.

* When you delete a file with rm, you are actually only deleting one link to a file. If you use the command

$ rm foo then only the link named foo is deleted, foolink will still exist. A file is only truly deleted on the system when it has no links to it. Usually, files have only one link, so using the rm command deletes the file. However, if a file has multiple links to it, using rm will delete only a single link; in order to delete the file, you must delete all links to the file.

* The command ls -l displays the number of links to a file . The second column in the listing, ``2'', specifies the number of links to the file. $ ls -l foo foolink -rw-rw-r-- 2 carma carma 0 Feb 26 13:11 foo -rw-rw-r-- 2 carma carma 0 Feb 26 13:11 foolink

*

If you do 'ls -lad' on a directory and even if a directory is empty, it will show that there are 2 links present inside it. This is because every directory contains at least two hard links: “.'' (a link pointing to itself), and “..'' (a link pointing to the parent directory). The root directory (/) “..'' link just points back to /. (In other words, the parent of the root directory is the root directory itself.)

$ ls -lad testfile/ drwxrwxr-x 2 carma carma 4096 Feb 26 13:22 testfile/ 3.3.2. Symbolic Links

Symbolic links, or symlinks, are another type of link, which are different from hard links. A symbolic link lets you give a file another name, but doesn't link the file by inode.

The command ln -s creates a symbolic link to a file

$ ln -s foo foolink This will create a symbolic link named foolink that points to the file foo.

$ ls -i foo foolink 639098 foo 639098 foolink You can see that the two files have the same inodes indeed.

* Using ls -l, we see that the file foolink is a symlink pointing to foo.

$ ls -l foo foolink -rw-rw-r-- 1 carma carma 0 Feb 26 13:11 foo lrwxrwxrwx 1 carma carma 3 Feb 26 14:54 foolink -> foo

* The file permissions on a symbolic link are not used (they always appear as rwxrwxrwx). Instead, the permissions on the symbolic link are determined by the permissions on the target of the symbolic link (in our example, the file foo).

*

Functionally, hard links and symbolic links are similar, but there are differences. For one thing, you can create a symbolic link to a file that doesn't exist; the same is not true for hard links. Symbolic links are processed by the kernel differently than are hard links, which is just a technical difference but sometimes an important one. Symbolic links are helpful because they identify the file they point to; with hard links, there is no easy way to determine which files are linked to the same inode.

3.4. File ownership and Attributes

Every file belongs to both a user and a group -- usually to the user who created it and to the group the user was working in at the time (which is almost always the user's login group). File ownership determines the type of access users have to particular files.

3.4.1. Determining the Ownership of a File

Use ls with the `-l' option to list the owner and group name for a file. The name of the user who owns the file appears in the third column of the output, and the name of the group that owns the file appears in the fourth column as we had already discussed in our previous sections. $ ls -l 3.4.2. Changing the Ownership of a File

* To change the ownership of the file, use the chown command. $ chown root testfile

* To change the group ownership of file `testfile' to root , use $ chgrp root testfile

* Using the `-R' option, you can recursively change the ownership of directories and all of their contents inside it. $ chown -R root testdir $ chgrp -R root testdir $ chown -R root.root testdir 3.4.3. Determing the advanced attributes of a file

lsattr lists the advanced file attributes on a second extended filesystem. On an ext2 file system, it is possible to use ext2 attributes to protect things. Some of the attributes are given below.

* ‘append-only' or 'a' attribute: A file with this attribute may be appended to, but may not be deleted, and the existing contents of the file may not be overwritten. If a directory has this attribute, any files or directories within it may be modified as normal, but no files may be deleted.

* `immutable' or 'i' attribute : This attribute can only be set or cleared by root. A file or directory with this attribute may not be modified, deleted, renamed, or (hard) linked.

* 'undeletable' or 'u' attribute : If a file with that attribute is deleted, instead of actually being reused, it is merely moved to a `safe location' for deletion at a later date.

Please go through "man chattr" for finding out more about the attributes that can be set.

# lsattr test.html ----ia------- test.html You can see that the file test.html has the immutable and append-only attribute set on it.

3.4.4. Changing advanced Attributes of a File

The attributes set on a file can be manipulated using the 'chattr' command. Please note that you need to be the root user to change the attribute on a file.

* 'a' attribute or append-only attribute can be set using $chattr +a /root/testfile or can be removed using $ chattr -a /root/testfile

* 'i' or immutable attribute can be set using $chattr +i /root/testfile or can be removed using $ chattr -i /root/testfile

* 'chattr -R' recursively changes attributes of directories and their contents. Symbolic links encountered during recursive directory traversals are ignored. $ chattr -R +ia /root/testdir --ïƒ sets i and a attributes on the directory /root/testdir and all contents inside it.

3.5. Finding Files

Sometimes you will need to find files on the system that match a given criteria, such as name and file size. This section will show you how to find a file when you know only part of the file name, and how to find a file whose name matches a given pattern. You will also learn how to list files and directories by their size and to find the location of commands. 3.5.1. Finding All Files That Match a Pattern

* The simplest way to find files is with the locate command. locate outputs a list of all files on the system that match the pattern, giving their full path name.

For example, all files with the text `audio' somewhere in their full path name, or all files ending with `ron'.

* To find all the files on the system that have the text `audio' anywhere in their name, type: $ locate audio

* To find all the files on the system whose file names end with the text `ron', type: $ locate *ron

* To find all hidden "dotfiles" on the system, type: $ locate /.

NOTE: locate searches are not case sensitive.

3.5.2. Finding Files in a Directory Tree The 'find' command can be used to find specific files in a particular directory tree, specifying the name of the directory tree to search, the criteria to match, and -- optionally -- the action to perform on the found files.

You can specify a number of search criteria, and format the output in various ways; the following sections include recipes for the most commonly used find commands, as well as a list of find's most popular options.

3.5.2.1). Finding Files in a Directory Tree by Name

Use find to find files in a directory tree by name. Give the name of the directory tree to search through, and use the `-name' option followed by the name you want to find.

* To list all files on the system whose file name is `top', type: $ find / -name top This command will search all directories on the system to which you have access; if you don't have execute permission for a directory, find will report that permission is denied to search the directory.

* The `-name' option is case sensitive; use the similar `-iname' option to find name regardless of case. $ find / -iname top

* To list all files in your home directory tree that end in `.php', regardless of case, type: $ find ~ -iname '*.php'

* To list all files in the `/usr/share' directory tree with the text `lib' somewhere in their name, type: $ find /usr/share -name '*lib*'

* Use `-regex' in place of `-name' to search for files whose names match a regular expression, or a pattern describing a set of strings. To list all files in the current directory tree whose names have either the string `net' or `comm' anywhere in their file names, type: $ find ./ -regex '.*\(net\|comm\).*'

3.5.2.2). Finding Files in a Directory Tree by Size

To find files of a certain size, use the `-size' option, following it with the file size to match. The file size takes one of three forms:

* when preceded with a plus sign (`+'), it matches all files greater than the given size; * when preceded with a hyphen or minus sign (`-'), it matches all files less than the given size; * with neither prefix, it matches all files whose size is exactly as specified. (The default unit is 512-byte blocks; follow the size with `k' to denote kilobytes or `b' to denote bytes.)

Examples :

* To list all files in the `/usr/local' directory tree that are greater than 10,000 kilobytes in size, type:

$ find /usr/local -size +10000k

*

To list all files in your home directory tree less than 300 bytes in size, type: $ find ~ -size -300b

* To list all files on the system whose size is exactly 42 512-byte blocks, type:

$ find / -size 42

* Use the `-empty' option to find empty files -- files whose size is 0 bytes. This is useful for finding files that you might not need, and can remove. To find all empty files in your home directory tree, type:

$ find ~ -empty

3.5.2.3). Finding Files in a Directory Tree by Modification Time

To find files last modified during a specified time, use find with the `-mtime' or `-mmin' options; the argument you give with `-mtime' specifies the number of 24-hour periods, and with `-mmin' it specifies the number of minutes.

* To list the files in the `/usr/local' directory tree that were modified exactly 24 hours ago, type:

$ find /usr/local -mtime 1

* To list the files in the `/usr' directory tree that were modified exactly five minutes ago, type:

$ find /usr -mmin 5

* To list the files in the `/usr/local' directory tree that were modified within the past 24 hours, type:

$ find /usr/local -mtime -1

* To find files in the `/etc' directory tree that are newer than the file `/etc/motd', type:

$ find /etc -newer /etc/motd

3.5.2.4). Finding Files in a Directory Tree by Owner

To find files owned by a particular user, give the username to search for as an argument to the `-user' option.

* To list all files in the `/usr/local/fonts' directory tree owned by the user carma, type:

$ find /usr/local/fonts -user carma

* The `-group' option is similar, but it matches group ownership instead of user ownership. To list all files in the `/dev' directory tree owned by the audio group, type:

$ find /dev -group audio

3.5.2.5) Running Commands on the Files You Find

You can also use find to execute a command you specify on each found file, by giving the command as an argument to the `-exec' option. If you use the string “{}'' in the command, this string is replaced with the file name of the current found file when the command executes. Mark the end of the command with the string `';''.

* To find all files in the `~/html/' directory tree with an `.html' extension, and output lines from these files that contain the string `organic', type:

$ find ~/html/ -name '*.html' -exec grep organic '{}' ';'

3.5.3. Finding Files in Directory Listings 3.5.3.1). Finding the Largest Files in a Directory

To find the largest files in a given directory, use ls to list its contents with the `-S' option, which sorts files in descending order by their size (normally, ls outputs files sorted alphabetically). Include the `-l' option to output the size and other file attributes.

To list the files in the current directory, with their attributes, sorted with the largest files first, type:

$ ls -lS

3.5.3.2). Finding the Smallest Files in a Directory

To list the contents of a directory with the smallest files first, use ls with both the `-S' and `-r' options, which reverses the sorting order of the listing. To list the files in the current directory and their attributes, sorted from smallest to largest, type:

$ ls -lSr

3.5.3.3). Finding the Smallest Directories

To output a list of directories sorted by their size -- the size of all the files they contain -- use du and sort. The du tool outputs directories in ascending order with the smallest first; the `-S' option puts the size in kilobytes of each directory in the first column of output.

Give the directory tree you want to output as an option, and pipe the output to sort with the `-n' option, which sorts its input numerically.

To output a list of the subdirectories of the current directory tree, sorted in ascending order by size, type:

$ du -S . | sort -n

3.5.3.4). Finding the Largest Directories

Use the `-r' option with sort to reverse the listing and output the largest directories first.

To output a list of the subdirectories in the current directory tree, sorted in descending order by size, type:

$ du -S . | sort -nr

3.5.3.5). Finding the Number of Files in a Listing

To find the number of files in a directory, use ls and pipe the output to `wc l', which outputs the number of lines in its input .

To output the number of files in the current directory, type:

$ ls | wc -l

3.5.4. Finding Where a Command Is Located

Use 'which' to find the full path name of a tool or application from its base file name.

* To find out whether perl is installed on your system, and, if so, where it resides, type:

$ which perl /usr/bin/perl

In this example, which output `/usr/bin/perl', indicates that the perl binary is installed in the `/usr/bin' directory.

* This is also useful for determining "which" binary would execute, should you type the name, since some systems may have different binaries of the same file name located in different directories. In that case, you can use which to find which one would execute.

3.6. Managing Files

3.6.1. Determining File Type and Format

When we speak of a file's type, we are referring to the kind of data it contains, which may include text, executable commands, or some other data; this data is organized in a particular way in the file, and this organization is called its format. For example, an image file might contain data in the JPEG image format, or a text file might contain unformatted text in the English language .

The file tool analyzes files and indicates their type and -- if known -- the format of the data they contain. Supply the name of a file as an argument to file and it outputs the name of the file, followed by a description of its format and type.

$ file Kids.tar.gz Kids.tar.gz: gzip compressed data, was "Kids.tar", from Unix

$ file gaim-1.1.1-0.src.rpm gaim-1.1.1-0.src.rpm: RPM v3 src i386 gaim-1.1.1-0

$ file testfile testfile: empty

$ file xmas.gif xmas.gif: GIF image data, version 87a, 445 x 329

3.6.2. Changing File Modification Time

Use to change a file's timestamp without modifying its contents. Give the name of the file to be changed as an argument. The default action is to change the timestamp to the current time.

* To change the timestamp of file `services' to the current date and time, type:

$ touch services

* To change the timestamp of file `services' to `17 May 1999 14:16', type:

$ touch -d '17 May 1999 14:16' services

* To change the timestamp of file `services' to `14 May', type:

$ touch -d '14 May' services

* To change the timestamp of file `services' to `14:16', type:

$ touch -d '14:16' services

NOTE: When only the date is given, the time is set to `0:00'; when no year is given, the current year is used.

3.6.3. Splitting a File into Smaller Ones

It's sometimes necessary to split one file into a number of smaller ones. The split tool copies a file, chopping up the copy into separate files of a specified size. It takes as optional arguments the name of the input file (using standard input if none is given) and the file name prefix to use when writing the output files (using `x' if none is given). The output files' names will consist of the file prefix followed by a group of letters: `aa', `ab', `ac', and so on -- the default output file names would be `xaa', `xab', and so on.

* To split 'flash_player_linux.tar.gz' into separate files of 200K each, whose names begin with `flash.tar', type:

$ split -b200k flash_player_linux.tar.gz flash.tar.gz $ ls -la total 1960 -rw-r--r-- 1 root root 204800 Feb 28 13:17 flash.tar.gzaa -rw-r--r-- 1 root root 204800 Feb 28 13:17 flash.tar.gzab -rw-r--r-- 1 root root 204800 Feb 28 13:17 flash.tar.gzac -rw-r--r-- 1 root root 204800 Feb 28 13:17 flash.tar.gzad -rw-r--r-- 1 root root 168252 Feb 28 13:17 flash.tar.gzae -rw-rw-r-- 1 root root 987452 Dec 27 07:14 flash_player_linux.tar.gz

3.6.4. Comparing Files

There are a number of tools for comparing the contents of files in different ways; these recipes show how to use some of them.

3.6.4.1). Determining Whether Two Files Differ using 'cmp'

Use cmp to determine whether or not two text files differ. It takes the names of two files as arguments, and if the files contain the same data, cmp outputs nothing. If, however, the files differ, cmp outputs the byte position and line number in the files where the first difference occurs.

$ cmp testfile samplefile testfile samplefile differ: byte 2, line 1

3.6.4.2). Finding the Differences between Files using 'diff'

* Use 'diff' to compare two files and output a difference report containing the text that differs between two files.To compare two files and output a difference report, give their names as arguments to diff.

Eg: $ diff testfile samplefile 1,2c1 < this is a test file < --> testing !!!!!!!!!!!!!

* To better see the difference between two files, use sdiff instead of diff; instead of giving a difference report, it outputs the files in two columns, side by side, separated by spaces. Lines that differ in the files are separated by

`|'; lines that appear only in the first file end with a `<', and lines that appear only in the second file are preceded with a `>'.

$ sdiff testfile samplefile

3.6.4.3). Patching a File with a Difference Report

To apply the differences in a difference report to the original file compared in the report, use patch. It takes as arguments the name of the file to be patched and the name of the difference report file (or "patchfile"). It then applies the changes specified in the patchfile to the original file. This is especially useful for distributing different versions of a file -- small patchfiles may be sent across networks easier than large source files.

* To update the original file `manuscript.new' with the patchfile `manuscript.diff', type:

$ patch manuscript.new manuscript.diff

* To update an entire directory with a patch file, use the syntax below

$ patch -p1 < ../grsecurity.patch

* The –p option specifies how much of preceding pathname to strip. A num of 0 strips everything, leaving just the filename. 1 strips the leading /. Each higher number after that strips another directory from the left.

For Ex: if you have a patchfile with a header as such:

+++ new/modules/kernel Tue Dec 19 20:05:41 2000

* Using a -p0 will expect, from your current working directory, to find a subdirectory called "new", then "modules" below that, then the "kernel" file below that.

*

Using a -p1 will strip off the 1st level from the path and will expect to find (from your current working directory) a directory called "modules", then a file called "kernel". Patch will ignore the "new" directory mentioned in the header of the patchfile.

* Using a -p2 will strip of the first two levels from the path. Patch will expect to find "kernel" in the current working directory. Patch will ignore the "new" and "modules" directories mentioned in the header of the patchfile.

3.6.5. File Compression/Decompression

File compression is useful for storing or transferring large files. When you compress a file, you shrink it and save disk space. File compression uses an algorithm to change the data in the file; to use the data in a compressed file, you must first uncompress it to restore the original data (and original file size).

3.6.5.1). Compression/Decompression Tools

In Red Hat Linux you can compress files with the compression tools gzip, bzip2, or zip.

* The bzip2 compression tool is recommended because it provides the most compression and is found on most UNIX-like operating systems.

* The gzip compression tool can also be found on most UNIX-like operating systems.

* If you need to transfer files between Linux and other operating system such as MS Windows, you should use zip because it is more compatible with the compression utilities on Windows.

Compression Tool

File Extension

Uncompression Tool gzip

.gz

gunzip bzip2

.bz2

bunzip2 zip

.zip

unzip

* By convention, files compressed with gzip are given the extension .gz, files compressed with bzip2 are given the extension .bz2, and files compressed with zip are given the extension .zip.

* Files compressed with gzip are uncompressed with gunzip, files compressed with bzip2 are uncompressed with bunzip2, and files compressed with zip are uncompressed with unzip.

Bzip2 and Bunzip2

To use bzip2 to compress a file, type the following command at a shell prompt:

$ bzip2 filename

The file will be compressed and saved as filename.bz2.To expand the compressed file, type the following command:

$ bunzip2 filename.bz2

The filename.bz2 is deleted and replaced with filename.You can use bzip2 to compress multiple files and directories at the same time by listing them with a space between each one:

$ bzip2 filename.bz2 file1 file2 file3 /usr/local/share

The above command compresses file1, file2, file3, and the contents of the /usr/local/share directory (assuming this directory exists) and places them in a file named filename.bz2.

Gzip and Gunzip

* To use gzip to compress a file, type: $ gzip filename The file will be compressed and saved as filename.gz.

* To expand the compressed file, type the command: $ gunzip filename.gz The filename.gz is deleted and replaced with filename.

* To compress multiple files and directories at the same time by listing them with a space between each one: $ gzip -r filename.gz file1 file2 file3 /usr/local/share The above command compresses file1, file2, file3, and the contents of the /usr/local/share directory (assuming this directory exists) and places them in a file named filename.gz.

Zip and Unzip

* To compress a file with zip, type the following command: $ zip -r filename.zip filesdir filename.zip represents the file you are creating and filesdir represents the directory you want to put in the new zip file. The -r option specifies that you want to include all files contained in the filesdir directory recursively.

* To extract the contents of a zip file, type the following command: $ unzip filename.zip

* You can use zip to compress multiple files and directories at the same time by listing them with a space between each one: $ zip -r filename.zip file1 file2 file3 /usr/local/share

3.6.5.2). Archiving Files at the Shell Prompt

A tar file is a collection of several files and/or directories in one file. This is a good way to create backups and archives.

Some of the options used with the tar command are:

-c

Create a new archive

-f

When used with the -c option, use the filename specified for the creation of the tar file; when used with the -x option, unarchive the specified file. -t

show the list of files in the tar file.

-v

show the progress of the files being archived

-x

extract files from an archive.

-z

compress the tar file with gzip.

-j

— compress the tar file with bzip2.

* To create a tar file, type:

$ tar -cvf filename.tar directory/file

* You can tar multiple files and directories at the same time by listing them with a space between each one:

$ tar -cvf filename.tar /home/carma/public_html /home/carma/www

The above command places all the files in the public_html and the www subdirectories of /home/carma in a new file called filename.tar in the current directory.

* To list the contents of a tar file, type:

$ tar -tvf filename.tar

*

To extract the contents of a tar file, type:

$ tar -xvf filename.tar

This command does not remove the tar file, but it places copies of its unarchived contents in the current working directory, preserving any directory structure that the archive file used. For example, if the tarfile contains a file called file.txt within a directory called foo/, then extracting the archive file will result in the creation of the directory foo/ in your current working directory with the file file.txt inside of it.

* Remember, the tar command does not compress the files by default. To create a tarred and bzipped compressed file, use the -j option:

$ tar -cjvf filename.tbz file

* You can also expand and unarchive a bzip tar file in one command:

$ tar -xjvf filename.tbz

* To create a tarred and gzipped compressed file, use the -z option:

$ tar -czvf filename.tgz file

tar files compressed with gzip are conventionally given the extension .tgz or it can have tar.gz. This command creates the archive file filename.tar and then compresses it as the file filename.tgz. (The file filename.tar is not saved.) If you uncompress the filename.tgz file with the gunzip command, the filename.tgz file is removed and replaced with filename.tar.

* You can expand a gzip tar file( .tgz or .tar.gz) in one command:

$ tar -xzvf filename.tgz 4. TEXT MANAGEMENT AND EDITORS

There are a lot of text editors to choose from on Linux systems,but the majority of editors fit in one of the two families of editor: Emacs and Vi. Most users prefer one or the other. Some of the others available are pico, joe, vim, wily, xemacs etc.

4.1. The 'vi' editor v i-- the "visual editor" is guaranteed to be present on any UNIX or Linux system . While using vi, at any one time you are in one of three modes of operation.

* Command mode : This mode lets you use commands to edit files or change to other modes. For example, typing ``x'' while in command mode deletes the character underneath the cursor. The arrow keys move the cursor around the file you're editing. Generally, the commands used in command mode are one or two characters long.

* Insert mode : You actually insert or edit text within insert mode. When using vi, you'll probably spend most of your time in this mode. You start insert mode by using a command such as ``i'' (for ``insert'') from command mode. While in insert mode, you can insert text into the document at the current cursor location. To end insert mode and return to command mode, press Esc.

* Last line mode/Ex : is a special mode used to give certain extended commands to vi. While typing these commands, they appear on the last line of the screen (hence the name). For example, when you type ``:'' in command mode, you jump into last line mode and can use commands like ``wq'' (to write the file and quit vi), or ``q!'' (to quit vi without saving changes). Last line mode is generally used for vi commands that are longer than one character. In last line mode, you enter a single-line command and press Enter to execute it.

4.1.1. Starting "vi"

The syntax for vi is "vi filename " where filename is the name of the file to edit.

$ vi test To edit the file test, you should see something like

T he column of ``~'' characters indicates you are at the end of the file.

4.1.2. Inserting text.

* The vi program when it starts is always in command mode.

* Insert text into the file by pressing i, which places the editor into insert mode, and begin typing.

* Type as many lines as you want (pressing Enter after each). You may correct mistakes with the Backspace key.

* To end insert mode and return to command mode, press Esc.

* There are several ways to insert text other than the 'i' command. The 'a' command inserts text beginning after the current cursor position, instead of at the current cursor position.

* To begin inserting text at the next line, use the o command.

4.1.3. Deleting text

* From command mode, the x command deletes the character under the cursor.

* You can delete entire lines using the command dd (that is, press d twice in a row). If the cursor is on the second line and you type dd, the second line will be deleted.

* To delete the word that the cursor is on, use the dw command. Place the cursor on a word , and type dw to delete it. 4.1.4. Changing text

* You can replace sections of text using the R command. Place the cursor on the first letter of a word "party'', press R, and type the word “hungry'' and the word party will be replaced by hungry.

* Using R to edit text is like the i and a commands, but R overwrites, rather than inserts, text.

* The r command replaces the single character under the cursor. For example, move the cursor to the beginning of the word ``Now'', and press r followed by C, you'll see "Cow" instead.

* The “~'' command changes the case of the letter under the cursor from upper- to lower-case, and back. 4.1.5. Commands for moving the cursor

* The 0 command (that's the zero key) moves the cursor to the beginning of the current line.

* The $ command moves it to the end of the line.

* When editing large files, you'll want to move forward or backward through the file a screenful at a time. Pressing Ctrl-F moves the cursor one screenful forward, and Ctrl-B moves it a screenful back.

*

To move the cursor to the end of the file, press G. You can also move to an arbitrary line; for example, typing the command 10G would move the cursor to line 10 in the file. To move to the beginning of the file, use 1G.

4.1.6. Saving files and quitting vi

* To quit vi without making changes to the file, use the command :q!. When you press the ``:'', the cursor changed to the last line or Exec mode and moves to the last line on the screen.

* The command :wq saves the file and then exits vi.

* The command ZZ (from command mode, without the ``:'') is equivalent to :wq.

* Remember that you must press Enter after a command is entered in last line mode.

* To save the file without quitting vi, use :w.

4.1.7. Editing another file

* To edit another file, use the :e command. For example, to stop editing test and edit the file foo instead, use the command :e foo

* If you use :e without saving the file first, you'll get an error message which means that vi doesn't want to edit another file until you save the first one.

*

If you use the :r command, you can include the contents of another file in the current file. For example, the command :r foo.txt inserts the contents of the file foo.txt in the text at the location of the cursor.

4.1.8. Running shell commands

* You can also run shell commands within vi. The :r! command works like :r, but rather than read a file, it inserts the output of the given command into the buffer at the current cursor location.

* For example, if you use the command :r! ls -l You can also ``shell out'' of vi, in other words, run a command from within vi, and return to the editor when you're done.

* For example, if you use the command :! ls -F the ls -F command will be executed and the results displayed on the screen, but not inserted into the file you're editing.

* If you use the command :shell vi starts an instance of the shell, letting you temporarily put vi “on hold'' while you execute other commands. Just log out of the shell (using the exit command) to return to vi.

4.2. The Emacs Editor

To call Emacs a text editor does not do it justice -- it's a large application capable of performing many functions, including reading email.

* GNU Emacs is the Emacs released under the auspices of Richard Stallman, who wrote the original Emacs predecessor in the 1970s. Emacs (formerly Lucid Emacs) offers essentially the same features GNU Emacs does, but also contains its own features for use with the X Window System.

4.2.1. Getting Acquainted with Emacs

Start Emacs in the usual way, either by choosing it from the menu supplied by your window manager in X, or by typing its name (in lowercase letters) at a shell prompt.

To start GNU Emacs at a shell prompt, type:

$ emacs

* A file or other text open in Emacs is held in its own area called a buffer. By default, the current buffer appears in the large area underneath the menu bar. To write text in the buffer, just type it. The place in the buffer where the cursor is at is called point, and is referenced by many Emacs commands.

* The horizontal bar near the bottom of the Emacs window and directly underneath the current buffer is called the mode line; it gives information about the current buffer, including its name, what percentage of the buffer fits on the screen, what line point is on, and whether or not the buffer is saved to a file.

* The mode line also lists the modes active in the buffer. Emacs modes are general states that control the way Emacs behaves -- for example, when Overwrite mode is set, text you type overwrites the text at point; in Insert mode (the default), text you type is inserted at point. Usually, either Fundamental mode (the default) or Text mode will be listed.

4.2.1.1). Basic Emacs Editing Keys

The following table lists basic editing keys and describes their function. Where two common keystrokes are available for a function, both are given. Note that C stands for the Ctrl key and M for the Escape key

KEYS

DESCRIPTION [ ] or Ctrl-p

Move point up to the previous line.

[↓] or Ctrl-n

Move point down to the next line. [↠] or Ctrl-b

Move point back through the buffer one character to the left.

[→] or Ctrl-f

Move point forward through the buffer one character to the right. [PgUp] or Ctrl-v

Move point forward through the buffer one screenful.

[PgDn] or M-v

Move point backward through the buffer one screenful.

[BKSP] or C-h

Delete character to the left of point. [DEL] or C-d

Delete character to the right of point. [INS]

Toggles between Insert mode and Overwrite mode.

Ctrl-[SPC]

Set mark (see Cutting Text). Ctrl-_

Undo the last action (control-underscore).

Ctrl-a

Move point to the beginning of the current line.

Ctrl-e

Move point to the end of the current line.

Ctrl-h i

Start Info. Ctrl-h F

Open a copy of the Emacs FAQ in a new buffer.

Ctrl-g

Cancel the current command. Ctrl-h a function [Enter]

List all Emacs commands related to function.

Ctrl-h k key

Describe key.

Ctrl-h t

Start the Emacs tutorial. Ctrl-k

Kill text from point to end of line. Ctrl-u number

Repeat the next command or keystroke you type number times.

Ctrl-w

Kill text from mark to point.

Ctrl-x Ctrl-c

Save all buffers open in Emacs, and then exit the program.

C-x C-f file

Open file in a new buffer for editing. To create a new file that does not yet exist, just specify the file name you want to give it. To browse through your files, type [TAB] instead of a file name.

C-left-click

Display a menu of all open buffers, sorted by major mode (works in X only).

[SHIFT]-left-click

Display a font selection menu (works in X Only)

* You can run any Emacs function by typing M-x followed by the function name and pressing [RET]. To run the find-file function, type: M-x find-file

This command runs the find-file function, which prompts for the name of a file and opens a copy of the file in a new buffer.

* Type C-g in Emacs to quit a function or command; if you make a mistake when typing a command, this is useful to cancel and abort the keyboard input. To exit the program -- just type C-x C-c.

* Emacs can have more than one buffer open at once. To switch between buffers, type C-x C-b. Then, give the name of the buffer to switch to, followed by [RET]; alternatively, type [RET] without a buffer name to switch to the last buffer you had visited. (Viewing a buffer in Emacs is called visiting the buffer.)

To switch to a buffer called `filemacs, type: C-x C-b filemacs

* A special buffer called `*scratch*' is for notes and things you don't want to save; it always exists in Emacs.

To switch to the `*scratch*' buffer, type:

C-x C-b *scratch* [RET]

* Incidentally, C-h is the Emacs help key; all help-related commands begin with this key. For example, to read the Emacs FAQ, type C-h F, and to run the Info documentation browser (which contains The GNU Emacs Manual), type C-h i. 4.3. The pico editor

One of the simplest text editors available for UNIX is PICO. It is PINE's default editor, so if you use PINE to read and compose e-mail, you are probably familiar with pico. pico is an easy editor to use, but it lacks a lot of features .

Again, ^ stands for the key in the following commands:

* To start PICO, type pico (all lowercase letters). $ pico

* To edit a pre-existing file filename, or to create a new file with that name, type $ pico filename

* To exit, type ^X. PICO will ask you whether you want to save your work if it is unsaved.

* To save your work without quitting, type ^O.

* To display the location of the cursor, type ^C.

*

To cut a line (or lines) of text, move your cursor to the lines you want to cut, and press ^K. To paste the last block of text you cut, press ^U.

* To search for text, press ^W. (There is no search-and-replace in PICO.)

* To get help, look at the bottom of the screen, or press ^G. 4.4. The editor “joeâ€

joe is a text screen editor.To create or modify file foo, type

$ joe foo

* Once you are in the editor, you can type in text and use special controlcharacter sequences to perform other editing tasks. To find out what the control-character sequences are, read the man page or type Ctrl-K H for help in the editor.

* Once you have typed Ctrl-K H, a menu of help topics appears on the bottom line. Use the arrow keys to select the topic and then press the spacebar or ENTER to have help on that topic appear on the screen.

* The help window will appear in the top half of the screen, and the editing window will be in the lower half of the screen. You can enter and edit text while viewing the help screen. Use the Ctrl-K H command again to dismiss the help window.

4.5. Text Manipulation

4.5.1. Searching for Text

The primary command used for searching through text is the command called grep. It outputs lines of its input that contain a given string or pattern.The various options that can be used with grep are listed below.

*

To output lines in the file ‘catalog' containing the word 'audio'. $ grep audio catalog

* To output lines in the file ‘catalog' containing the word `Compact Disc' $ grep 'Compact Disc' catalog

* To output lines in the file `catalog' containing the string `compact disc' regardless of the case of its letters $ grep -i 'compact disc' catalog

One thing to keep in mind is that grep only matches patterns that appear on a single line, so in the preceding example, if one line in `catalog' ends with the word `compact' and the next begins with `disc', grep will not match either line.

* You can specify more than one file to search. When you specify multiple files, each match that grep outputs is preceded by the name of the file it's in. To output lines in all of the files in the current directory containing the word ‘cd', type: $ grep cd *

* To output lines in all of the `.txt' files in the `~/doc' directory containing the word `CD', suppressing the listing of file names in the output, type: $ grep -h CD ~/doc/*.txt

* Use the `-r' option to search a given directory recursively, searching all subdirectories it contains.To output lines containing the word `CD' in all of the `.txt' files in the `~/doc' directory and in all of its subdirectories, type: $ grep -r CD ~/doc/*.txt

4.5.2. Matching Text Patterns using Regular Expressions

In addition to word and phrase searches, you can use grep to search for complex text patterns called regular expressions. A regular expression -- or "regexp"--is a text string of special characters that specifies a set of patterns to match.

There are a number of reserved characters called metacharacters that don't represent themselves in a regular expression, but have a special meaning that is used to build complex patterns. These metacharacters are as follows: ., *, [, ], ^, $, and \.

To specify one of these literal characters in a regular expression, precede the character with a `\'.

* To output lines in the file `catalog' that contain a `$' character, type: $ grep '\$' catalog

* To output lines in the file `catalog' that contain the string `$1.99', type: $ grep '\$1\.99' catalog

* To output lines in the file `catalog' that contain a `\' character, type: $ grep '\\' catalog

4.5.2.1). MetaCharacters and their meaning

The following table describes the special meanings of the metacharacters and gives examples of their usage.

META CHARACTER

MEANING .

Matches any one character, with the exception of the newline character. For example, . matches `a', `1', `?', `.' (a literal period character), and so forth.

*

Matches the preceding regexp zero or more times. For example, matches `-', `--', `---', `--------', and so forth

[ ]

Encloses a character set, and matches any member of the set. For example, [abc] matches either `a', `b', or `c'. In addition, the hyphen (`') and caret (`^') characters have special meanings when used inside brackets:

-

The hyphen specifies a range of characters, ordered according to their ASCII value .For example, [0-9] is synonymous with [0123456789]; [A-Za-z] matches one uppercase or lowercase letter. To include a literal `-' in a list, specify it as the last character in a list:so [0-9-] matches either a single digit character or a `-'

^

As the first character of a list, the caret means that any character except those in the list should be matched. For example, [^a] matches any character except `a', and [^0-9] matches any character except a numeric digit.

^

Matches the beginning of the line. So ^a matches `a' only when it is the first character on a line.

$

Matches the end of the line. So a$ matches `a' only when it is the last character on a line.

\

Use \ before a metacharacter when you want to specify that its a literal character. So \$ matches a dollar sign character (`$'), and \\ matches a single backslash character (`\').

\< \>

Matches the beginning (\<) or end (\>) of a word. For example, \
Or two conditions together. For example (him|her) matches the line "it belongs to him" and matches the line "it belongs to her" but does not match the line "it belongs to them." NOTE: this metacharacter is not supported by all applications. +

Matches one or more occurences of the character or regular expression immediately preceding. For example, the regular expression 9+ matches 9, 99, 999. NOTE: this metacharacter is not supported by all applications. ?

Matches 0 or 1 occurence of the character or regular expression immediately preceding.NOTE: this metacharacter is not supported by all applications. \{i\}

Match a specific number of instances or instances within a range of the preceding character. For example, the expression A[0-9]\{3\} will match "A" followed by exactly 3 digits. That is, it will match A123 but not A1234. \{i,j\}

Match a specific number of instances or instances within a range of the preceding character. The expression [0-9]\{4,6\} any sequence of 4, 5, or 6 digits. NOTE: this metacharacter is not supported by all applications.

4.5.2.2). Matching Lines Ending with Certain Text

Use `$' as the last character of quoted text to match that text only at the end of a line.

* To output lines in the file `file1' ending with an exclamation point, type: $ grep '!$' file1

4.5.2.3). Matching Lines of a Certain Length

* To match lines of a particular length, use that number of `.' characters between `^' and `$'---for example, to match all lines that are two characters (or columns) wide, use `^..$' as the regexp to search for.To output all lines in `/usr/dict/words' that are exactly two characters wide, type:

$ grep '^..$' /usr/dict/words

* To output all lines in `/usr/dict/words' that are exactly seventeen characters wide, type:

$ grep '^.\{17\}$' /usr/dict/words

* To output all lines in `/usr/dict/words' that are twenty-five or more characters wide, type:

$ grep '^.\{25,\}$' /usr/dict/words

4.5.2.4). Matching Lines That Contain Any of Some Regexps

* To output all lines in `playlist' that contain either the patterns `the sea' or `cake', type:

$ grep 'the sea\|cake' playlist

4.5.2.5). Matching Lines That Contain All of Some Regexps

To output lines that match all of a number of regexps, use grep to output lines containing the first regexp you want to match, and pipe the output to a grep with the second regexp as an argument. Continue adding pipes to grep searches for all the regexps you want to search for.

* To output all lines in `playlist' that contain both patterns `the sea' and `cake', regardless of case, type

$ grep -i 'the sea' playlist | grep -i cake

4.5.2.6). Matching Lines That Don't Contain a Regexp

To output all lines in a text that don't contain a given pattern, use grep with the `-v' option -- this option reverts the sense of matching, selecting all nonmatching lines.

* To output all lines in `/usr/dict/words' that are not three characters wide, type:

$ grep -v '^...$'

* To output all lines in `access_log' that do not contain the string `http', type:

$ grep -v http access_log

4.5.2.7). Matching Lines That Only Contain Certain Characters

* To output lines in `/usr/dict/words' that only contain vowels, type:

$ grep -i '^[aeiou]*$' /usr/dict/words

*

The `-i' option matches characters regardless of case; so, in this example, all vowel characters are matched regardless of case.

4.5.2.8). Using a List of Regexps to Match From

* To output all lines in `/usr/dict/words' containing any of the words listed in the file `forbidden-words', type:

$ grep -f forbidden-words /usr/dict/words

* To output all lines in `/usr/dict/words' that do not contain any of the words listed in `forbidden-words', regardless of case, type:

$ grep -v -i -f forbidden-words /usr/dict/words

4.5.3. Searching More than Plain Text Files

Use zgrep to search through text in files that are compressed. These files usually have a `.gz' file name extension, and can't be searched or otherwise read by other tools without uncompressing the file first.

* To search through the compressed file `README.gz' for the text `Linux', type:

$ zgrep Linux README.gz

4.5.4. Matching Lines in Web Pages

You can grep a Web page or other URL by giving the URL to lynx with the `-dump' option, and piping the output to grep.

* To search the contents of the URL http://example.com/ for lines containing the text `edu' or `carma', type:

lynx -dump http://example.com/ | grep 'edu\|carma'

4.5.5. Searching and Replacing Text

* A quick way to search and replace some text in a file is to use the following one-line perl command:

$ perl -pi -e "s/oldstring/newstring/g;" file1

* In this example, oldstring is the string to search, newstring is the string to replace it with, and file1 is the name of the file or files to work on. You can use this for more than one file.

* To replace the string `helpless' with the string `helpful' in all files in the current directory, type:

$ perl -pi -e "s/helpless/helpful/g;" *

5. MORE ABOUT SHELL & COMMAND LINE INTERFACE

5.1. Passing Special Characters to Commands

Some characters are reserved and have special meaning to the shell on their own. Before you can pass one of these characters to a command, you must quote it by enclosing the entire argument in single quotes ' '.

* When the argument you want to pass has one or more single quote characters in it, enclose it in double quotes,

$ grep "Please Don't Stop!" filename

5.2. Letting the Shell Complete What You Type

Completion is where bash does its best to finish your typing. To use it, press [TAB] on the input line and the shell will complete the word to the left of the cursor to the best of its ability.

For example, suppose you want to specify, as an argument to the ls command, the `/usr/lib/emacs/20.4/, instead of typing out the whole directory name, you can type [TAB] to complete it for you

$ ls /usr/lib/e[TAB]

5.3. Repeating the Last Command You Typed

* Type the upward arrow key to put the last command you typed back on the input line. You can then type ENTER to run the command again, or you can edit the command first.

* To put the last command you entered containing the string `grep' back on the input line, type: $ Ctrl-r (reverse-i-search)`': grep

* To put the third-to-the-last command you entered containing the string grep back on the input line, type: $ C-r (reverse-i-search)`': grep C-r C-r

* When a command is displayed on the input line, type [RET] to run it. You can also edit the command line as usual. 5.4. Running a List of Commands

To run more than one command on the input line, type each command in the order you want them to run, separating each command from the next with a semicolon (`;').

* To clear the screen and then log out of the system, type:

$ clear; logout

5.5. Redirecting Input and Output

* The standard output is where the shell streams the text output of commands -- the screen on your terminal, by default.

* The standard input, typically the keyboard, is where you input data for commands. When a command reads the standard input, it usually keeps reading text until you type C-d on a new line by itself.

* When a command runs and exits with an error, the error message is usually output to your screen, but as a separate stream called the standard error.

* You redirect these streams -- to a file, or even another command -- with redirection. The following sections describe the shell redirection operators that you can use to redirect standard input and output.

5.5.1. Redirecting Input to a File

To redirect standard input to a file, use the `<' operator. To do so, follow a command with < and the name of the file it should take input from.

apropos searches a set of database files containing short descriptions of system commands for keywords and displays the result on the standard output.

For example, instead of giving a list of words as arguments to apropos you can redirect standard input to a file containing a list of keywords to use. To redirect standard input for apropos to file `keywords', type:

$ apropos < keywords

5.5.2. Redirecting Output to a File

Use the `>' operator to redirect standard output to a file. To use it, follow a command with > and the name of the file the output should be written to.

* To redirect standard output of the command ‘ls –la’ to the file ‘filelist', type: $ ls –la > filelist

* To append the standard output of ‘ls –la’ to an existing file `commands', type:

$ ls -la >> commands

5.5.3. Redirecting Error Messages to a File

To redirect the standard error stream to a file, use the `>' operator preceded by a `2'. Follow a command with 2> and the name of the file the error stream should be written to.

* To redirect the standard error of ‘ls –la’ to the file `command.error', type: $ ls –la 2> command.error

* As with the standard output, use the `>>' operator instead of `>' to append the standard error to the contents of an existing file. To append the standard error of apropos shells to an existing file `command.error', type: $ ls –la 2>> command.error

* To redirect both standard output and standard error to the same file, use `&>' instead.

To redirect the standard output and the standard error of ls –la to the file `commands', type:

$ apropos shells &> commands

5.5.4. Redirecting Output to Another Command's Input

Piping is when you connect the standard output of one command to the standard input of another. You do this by specifying the two commands in order, separated by a vertical bar character, `|' (sometimes called a "pipe"). Commands built in this fashion are called pipelines.

* To pipe the output of ‘cat readme.txt’ to less, $ cat readme.txt | less

* To pipe the output of the ls command to the grep command you can use $ ls -la | grep html 6. BASICS OF LINUX SYSTEM ADMINISTRATION 6.1. Disks, Partitions and File Systems

The basic tasks in administering disks are:

1. Formatting your disk. This does various things to prepare it for use, such as checking for bad sectors. (Formatting is nowadays not necessary for most hard disks.)

2. Partition a hard disk, if you want to use it for several activities that aren't supposed to interfere with one another. One reason for partitioning is to store different operating systems on the same disk. Another reason is to keep user files separate from system files, which simplifies back-ups and helps protect the system files from corruption.

3. Make a filesystem (of a suitable type) on each disk or partition. The disk means nothing to Linux until you make a filesystem; then files can be created and accessed on it.

4. Mount different filesystems to form a single tree structure, either automatically, or manually as needed. (Manually mounted filesystems usually need to be unmounted manually as well.)

6.1.1. Character and Block devices

Linux recognizes two different kinds of device: * random-access block devices (such as disks) * character devices (such as tapes and serial lines), some of which may be serial, and some random-access.

Each supported device is represented in the filesystem as a device file. When you read or write a device file, the data comes from or goes to the device it represents. For example, to send a file to the printer, one could just say

$ cat filename > /dev/lp1 and the contents of the file are printed.

* Note that usually all device files exist even though the device itself might be not be installed. So just because you have a file /dev/sda, it doesn't mean that you really do have an SCSI hard disk.

* Each hard disk is represented by a separate device file. There can (usually) be only two or four IDE hard disks. These are known as /dev/hda, /dev/hdb, /dev/hdc, and /dev/hdd, respectively.

* SCSI hard disks are known as /dev/sda, /dev/sdb, and so on.

6.1.2. Partitions/MBR

*

A hard disk can be divided into several partitions. Each partition functions as if it were a separate hard disk.

6.1.2.1). Why Partition Hard Drive(s)

While it is true that Linux will operate just fine on a disk with only one large partition defined, there are several advantages to partitioning your disk for at least the four main file systems (root, usr, home, and swap). These include:

1. Reduce time required for fsck : First, it may reduce the time required to perform file system checks (both upon bootup and when doing a manual fsck), because these checks can be done in parallel. Also, file system checks are a lot easier to do on a system with multiple partitions. For example, if I knew my /home partition had problems, I could simply unmount it, perform a file system check, and then remount the repaired file system

2. Mount partitions as read-only : Second, with multiple partitions, you can, if you wish, mount one or more of your partitions as read-only. For example, if you decide that everything in /usr will not be touched even by root, you can mount the /usr partition as read-only.

3. Protecting your file systems: Finally, the most important benefit that partitioning provides is protection of your file systems. If something should happen to a file system (either through user error or system failure), on a partitioned system you would probably only lose files on a single file system. On a non-partitioned system, you would probably lose them on all file systems.

4. Multiple OS Support : Finally, since Linux allows you to set up other operating system(s) (such as Windows 95/98/NT), and then dual- (or triple-, ...) boot your system, you might wish to set up additional partitions to take advantage of this. Typically, you would want to set up at least one separate partition for each operating system. Linux includes a decent boot loader which allows you to specify which operating system you want to boot at power on.

6.1.2.2). Master Boot Record or MBR

The information about how a hard disk has been partitioned is stored in its first sector (that is, the first sector of the first track of the first disk surface).

* The first sector of the primary hard drive is the master boot record (MBR) of the disk; this is the sector that the BIOS reads in and starts when the machine is first booted.

* The master boot record is only 512 bytes in size and contains a small program that reads the partition table, checks which partition is active (that is, marked bootable), and reads the first sector of that partition, the partition's boot sector (the MBR is also a boot sector, but it has a special status and therefore a special name).

* This boot sector contains another small program that reads the first part of the operating system stored on that partition (assuming it is bootable), and then start it.

* The booting process will be dealt with in more detail later on.

6.1.2.3). Partitioning Scheme

* The partitioning scheme is not built into the hardware, or even into the BIOS.

* It is only a convention that many operating systems follow. Not all operating systems follow it, but they are the exceptions and an operating system that doesn't support partitions cannot co-exist on the same disk with any other operating system.

You can see the partitions on a machine using the fdisk command as below.

$ fdisk –l

Disk /dev/hda: 15 heads, 56 sectors, 690 cylinders

Units = cylinders of 855 * 512 bytes

Device Boot Begin Start End Blocks Id System /dev/hda1 * 1 1 24 1023 83 Linux native /dev/hda2 25 25 48 10260 83 Linux native /dev/hda3 49 49 408 153900 83 Linux native /dev/hda4 409 409 690 163305 5 Extended /dev/hda5 409 409 644 143611+ 83 Linux native /dev/hda6 645 645 690 19636+ 83 Linux native

Extended and logical partitions

The original partitioning scheme for PC hard disks allowed only four partitions. This quickly turned out to be too little in real life, partly because some people want more than four operating systems (Linux, MS-DOS, FreeBSD, NetBSD, or Windows/NT, to name a few), but primarily because sometimes it is a good idea to have several partitions for one operating system.

To overcome this design problem, extended partitions were invented. This trick allows partitioning a primary partition into sub-partitions.

* The primary partition thus subdivided is the extended partition;

* The sub-partitions of an extended partition are logical partitions. They behave like primary partitions, but are created differently. There is no speed difference between them.

The partition structure of a hard disk might look like that in Figure below. The disk is divided into three primary partitions, the second of which is divided into two logical partitions. Part of the disk is not partitioned at all. The disk as a whole and each primary partition has a boot sector.

A sample hard disk partitioning.

6.1.2.4). Partition types

* The partition tables (the one in the MBR, and the ones for extended partitions) contain one byte per partition that identifies the type of that partition. This attempts to identify the operating system that uses the partition, or what it is used for.

* The purpose is to make it possible to avoid having two operating systems accidentally using the same partition.

There is no standardization agency to specify what each byte value means, but some commonly accepted ones are included in the table below.

0

Empty

40

Venice 80286

94

Amoeba BBT 1

DOS 12-bit FAT

51

Novell?

a5

BSD/386 2

Xenix root

52

Microport

b6

BSDI fs 3

Xenix usr

63

GNU HURD

b8

BSDI swap 4

DOS 16-bit FAT<32M

64

Novell

e1

DOS access 5

Extended

65

PC/IX

f2

DOS 6

DOS 16-bit >=32M

80

Old MINIX

6

OS/2 HPFS

81

Linux/MINIX

8

AIX

82

Linux swap

9

AIX bootable

83

Linux native

6.1.2.5). Partitioning a hard disk

There are many programs for creating and removing partitions.The most commonly used one is ‘fdisk’.

Some points to keep in mind are:

* When using IDE disks, the boot partition (the partition with the bootable kernel image files) must be completely within the first 1024 cylinders. This is because the disk is used via the BIOS during boot (before the system goes into protected mode), and BIOS can't handle more than 1024 cylinders. Therefore, make sure your boot partition is completely within the first 1024 cylinders

* Each partition should have an even number of sectors, since the Linux filesystems use a 1 kilobyte block size, i.e., two sectors. An odd number of sectors will result in the last sector being unused. This won't result in any problems, but it is ugly, and some versions of fdisk will warn about it.

* Changing a partition's size usually requires first backing up everything you want to save from that partition ,deleting the partition, creating new partition, then restoring everything to the new partition 6.1.2.6). Various Mount Points

Here is a description of the various mount points and file system information, which may give you a better idea of how to best define your partition sizes for your own needs:

1. / (root) - used to store things like temporary files, the Linux kernel and boot image, important binary files (things that are needed before Linux can mount the /usr partition), and more importantly log files, spool areas for print jobs and outgoing e-mail, and user's incoming e-mail. It is also used for temporary space when performing certain operations, such as building RPM packages from source RPM files

2. /usr/ - should be the largest partition, because most of the binary files required by Linux, as well as any locally installed software, web pages , some locally-installed software log files, etc. are stored here. The partition type should be left as the default of 83 (Linux native).

3. /home/ - typically if you aren't providing shell accounts to your users, you don't need to make this partition very big. The exception is if you are providing user home pages (such web pages), in which case you might benefit from making this partition larger. Again, the partition type should be left as the default of 83 (Linux native).

4. swap - Linux provides something called "virtual memory" to make a larger amount of memory available than the physical RAM installed in your system. The swap partition is used with main RAM by Linux to accomplish this. As a rule of thumb, your swap partition should be at least double the amount of physical RAM installed in your system.If you have more than one physical hard drive in your system, you can create multiple swap partitions. The partition type needs to be changed to 82 (Linux swap).

5. /var/ (optional) - You may wish to consider splitting up your / root partition a bit further. The /var directory is used for a great deal of runtime storage, including mail spools (both ingoing and outgoing), print jobs, process locks, etc. Having this directory mounted under / (root) may be a bit dangerous because a large amount of incoming e-mail (for example), may suddenly fill up the partition. Since bad things can when the / (root) partition fills up, having /var on its own partition may avoid such problems. The partition type should be left as the default of 83 (Linux native).

6. /boot/ (optional) - In some circumstances (such as a system set up in a software RAID configuration) it may be necessary to have a separate partition from which to boot the Linux system. This partition would allow booting and then

loading of whatever drivers are required to read the other file systems. The size of this partition can be as small as a couple of Mb (approx 10 Mb) The partition type should be left as the default of 83 (Linux native).

7. /backup (optional) - If you have any extra space lying around, perhaps you would benefit from a partition for a directory called, for example, /backup. The partition type can be left as the default of 83 (Linux native).

Example : Settings up partitions

To give you an example of how one might set up partitions, you can verify below.

Device Boot Start End Blocks Id System /dev/hda1 * 1 254 1024096+ 6 16-bit >=32M DOS /dev/hda2 255 682 2128896 5 Extended /dev/hda3 255 331 310432+ 83 Linux native /dev/hda5 332 636 1229628+ 83 Linux native /dev/hda6 636 649 455584+ 83 Linux native /dev/hda8 650 682 133024+ 82 Linux swap

* The first partition, /dev/hda1, is a DOS-formatted file system used to store the alternative operating system (Windows 95). This gives 1 Gb of space for that operating system.

* The second partition, /dev/hda2, is a physical partition (called "extended") that encompasses the remaining space on the drive.

* The third through fifth partitions, /dev/hda3, /dev/hda5, and /dev/hda6, are all e2fs-formatted file systems used for the / (root), /usr, and the /home partitions, respectively.

*

Finally, the sixth partition, /dev/hda8, is used for the swap partition.

For yet another example, this time is a box with two hard drives (sole boot, Linux only), you can choose the following partitioning scheme:

Device Boot Start End Blocks Id System /dev/sda1 * 1 1 2046 4 DOS 16-bit <32M /dev/sda2 2 168 346859 83 Linux native /dev/sda3 169 231 130851 82 Linux swap /dev/sda4 232 1009 1615906 5 Extended /dev/sda5 232 398 346828 83 Linux native /dev/sda6 399 1009 1269016 83 Linux native /dev/sdb1 1 509 2114355 83 Linux native /dev/sdb2 510 1019 2118540 83 Linux native

* The first partition, /dev/sda1, is a DOS-formatted file system used to store the LILO boot loader. The Alpha platform has a slightly different method of booting than an Intel system does, therefore Linux stores its boot information in a FAT partition. This partition only needs to be as large as the smallest possible partition allowed -- in this case, 2Mb.

* The second partition, /dev/sda2, is an e2fs-formatted file system used for the / (root) partition.

* The third partition, /dev/sda3, is used for the swap partition.

* The fourth partition, /dev/sda4, is an "extended" partition (see previous example for details).

* The fifth and sixth partitions, /dev/sda5, and /dev/sda6, are e2fsformatted file systems used for the /home and /usr partitions, respectively.

* The seventh partition, /dev/sdb1, is an e2fs-formatted file system used for the /archive partition.

* The eighth and final partition, /dev/sdb2, is an e2fs-formatted file system used for the /archive2 partition.

After you finish setting up your partition information, you'll need to write the new partition to disk. After this, the Red Hat installation program reloads the partition table into memory, so you can continue on to the next step of the installation process.

6.1.2.7). Device files and partitions

Each partition and extended partition has its own device file.

* The naming convention for these files is that a partition's number is appended after the name of the whole disk, with the convention that 1-4 are primary partitions (regardless of how many primary partitions there are).

* Number greater than 5 are logical partitions (regardless of within which primary partition they reside).

* For example, /dev/hda1 is the first primary partition on the first IDE hard disk, and /dev/sdb6 is the third extended partition on the second SCSI hard disk.

6.1.3. FileSystems

What are filesystems?

A filesystem is the methods and data structures that an operating system uses to keep track of files on a disk or partition; that is, the way the files are organized on the disk.

*

The difference between a disk or partition and the filesystem it contains is important. A few programs (including, reasonably enough, programs that create filesystems) operate directly on the raw sectors of a disk or partition; if there is an existing file system there, it will be destroyed or seriously corrupted.

* Most programs operate on a filesystem, and therefore won't work on a partition that doesn't contain one (or that contains one of the wrong type).

* Making a file system : Before a partition or disk can be used as a filesystem, it needs to be initialized, and the bookkeeping data structures need to be written to the disk. This process is called making a filesystem.

Some terms related to file system

Some of the common terms which you come across related to file systems are superblock, inode, data block, directory block, and indirection block.

* The superblock contains information about the filesystem as a whole, such as its size, access rights and time of the last modification. (the exact information here depends on the filesystem).

* An inode contains all information about a file, except its name. The name is stored in the directory, together with the number of the inode.

* A directory entry consists of a filename and the number of the inode which represents the file.

* The inode contains the numbers of several data blocks, which are used to store the data in the file.

*

There is space only for a few data block numbers in the inode, however, and if more are needed, more space for pointers to the data blocks is allocated dynamically. These dynamically allocated blocks are indirect blocks; the name indicates that in order to find the data block, one has to find its number in the indirect block first.

6.1.3.1). Some of the Linux Filesystems

Linux supports several types of filesystems. Some of the important ones are.

1. ext3 : ext3 filesystem has all the features of the ext2 filesystem. The difference is, journaling has been added. This improves performance and recovery time in case of a system crash. This has become more popular than ext2.

2. ext2 : The most featureful of the native Linux filesystems. It is designed to be easily upwards compatible, so that new versions of the filesystem code do not require re-making the existing filesystems.

3. ext : An older version of ext2 that wasn't upwards compatible. It is hardly ever used in new installations any more, and most people have converted to ext2.

4. vfat : This is an extension of the FAT filesystem known as FAT32. It supports larger disk sizes than FAT. Most MS Windows disks are vfat.

5. nfs : A networked filesystem that allows sharing a filesystem between many computers to allow easy access to the files from all of them. 6. physical volume (LVM) — Creating one or more physical volume (LVM) partitions allows you to create an LVM logical volume 7. software RAID — Creating two or more software RAID partitions allows you to create a RAID device. 8. swap — Swap partitions are used to support virtual memory. In other words, data is written to a swap partition when there is not enough RAM to store the data your system is processing.

9. smbfs : A networks filesystem which allows sharing of a filesystem with an MS Windows computer. It is compatible with the Windows file sharing protocols.

Journaled File System

A filesystem that uses journaling is also called a journaled filesystem. A journaled filesystem maintains a log, or journal, of what has happened on a filesystem.

* In the event of a system crash, a journaled filesystem is designed to use the filesystem's logs to recreate unsaved and lost data. This makes data loss much less likely and is likely become a standard feature in Linux filesystems.

* Currently, ext3 is the most popular filesystem, because it is a journaled filesystem 6.1.4. Software RAID

RAID stands for Redundant Array of Independent Disks. The basic idea behind RAID is to combine multiple small, inexpensive disk drives into an array to accomplish performance or redundancy goals not attainable with one large and expensive drive. This array of drives will appear to the computer as a single logical storage unit or drive.

* RAID is a method in which information is spread across several disks, using techniques such as disk striping (RAID Level 0), disk mirroring (RAID level 1), and disk striping with parity (RAID Level 5) to achieve redundancy, lower latency and/or increase bandwidth for reading or writing to disks, and maximize the ability to recover from hard disk crashes.

* The underlying concept of RAID is that data may be distributed across each drive in the array in a consistent manner.

* To do this, the data must first be broken into consistently-sized chunks (often 32K or 64K in size, although different sizes can be used). Each chunk is then written to a hard drive in RAID according to the RAID level used.

* When the data is to be read, the process is reversed, giving the illusion that multiple drives are actually one large drive.

6.1.4.1). Advantages of using RAID

Primary reasons to use RAID include:

* Enhanced speed * Increased storage capacity using a single virtual disk * Lessened impact of a disk failure 6.1.4.2). Hardware and Software RAID There are two possible RAID approaches: Hardware RAID and Software RAID. Hardware RAID

* The hardware-based system manages the RAID subsystem independently from the host and presents to the host only a single disk per RAID array. * An example of a Hardware RAID device would be one that connects to a SCSI controller and presents the RAID arrays as a single SCSI drive. * An external RAID system moves all RAID handling "intelligence" into a controller located in the external disk subsystem. The whole subsystem is connected to the host via a normal SCSI controller and appears to the host as a single or multiple disk.

Software RAID * Software RAID implements the various RAID levels in the kernel disk (block device) code. *

It offers the cheapest possible solution, as expensive disk controller cards or hot-swap chassis (A hot-swap chassis allows you to remove a hard drive without having to power-down your system) are not required. * Software RAID also works with cheaper IDE disks as well as SCSI disks. With today's fast CPUs, Software RAID performance can excel against Hardware RAID. * The MD driver in the Linux kernel is an example of a RAID solution that is completely hardware independent. The Linux MD driver supports currently RAID levels 0/1/4/5 + linear mode. * The performance of a software-based array is dependent on the server CPU performance and load.

6.1.4.3). Different Types of Raid Implementations

The current RAID drivers in Linux supports the following levels of Software RAID implementations.

Level 0

* RAID level 0, often called "striping," is a performance-oriented striped data mapping technique.

* This means the data being written to the array is broken down into strips and written across the member disks of the array, allowing high I/O performance at low inherent cost but provides no redundancy.

* The storage capacity of a level 0 array is equal to the total capacity of the member disks in a Hardware RAID or the total capacity of member partitions in a Software RAID.

* There is no redundancy in this level and if you remove a drive RAID-0 set, the RAID device will not just miss one consecutive block will be filled with small holes all over the device. e2fsck or other recovery tools will probably not be able to recover much from such a

from a of data, it filesystem device.

Level 1

* RAID level 1, or "mirroring," has been used longer than any other form of RAID.

* Level 1 provides redundancy by writing identical data to each member disk of the array, leaving a "mirrored" copy on each disk.

* Mirroring remains popular due to its simplicity and high level of data availability.

* This is the first mode which actually has redundancy.

* RAID-1 can be used on two or more disks with zero or more spare-disks. This mode maintains an exact mirror of the information on one disk on the other disk(s). Of Course, the disks must be of equal size.

* If one disk is larger than another, your RAID device will be the size of the smallest disk.

* Level 1 provides very good data reliability and improves performance for read-intensive applications but at a relatively high cost.

* The storage capacity of the level 1 array is equal to the capacity of one of the mirrored hard disks in a Hardware RAID or one of the mirrored partitions in a Software RAID.

Level 4

* Level 4 uses parity concentrated on a single disk drive to protect data.

* It can be used on three or more disks. Instead of completely mirroring the information, it keeps parity information on one drive, and writes data to the other disks in a RAID-0 like way.

* If one drive fails, the parity information can be used to reconstruct all data. If two drives fail, all data is lost.

* The reason this level is not more frequently used, is because the parity information is kept on one drive. This information must be updated every time one of the other disks are written to. Thus, the parity disk will become a bottleneck, if it is not a lot faster than the other disks.

* Although RAID level 4 is an option in some RAID partitioning schemes, it is not an option allowed in Red Hat Linux RAID installations.

Level 5

* This is the most common type of RAID. It can be used on three or more disks, with zero or more spare-disks.

* The big difference between RAID-5 and -4 is, that the parity information is distributed evenly among the participating drives, avoiding the bottleneck problem in RAID-4.

* The only performance bottleneck is the parity calculation process. With modern CPUs and Software RAID, that usually is not a very big problem.

*

The storage capacity of Hardware RAID level 5 is equal to the capacity of member disks, minus the capacity of one member disk.

* If one of the disks fail, all data are still intact, thanks to the parity information. If spare disks are available, reconstruction will begin immediately after the device failure. If two disks fail simultaneously, all data are lost. RAID-5 can survive one disk failure, but not two or more.

Linear RAID

* Linear RAID is a simple grouping of drives to create a larger virtual drive.

* The disks are "appended" to each other, so writing linearly to the RAID device will fill up disk 0 first, then disk 1 and so on. The disks does not have to be of the same size. In fact, size doesn't matter at all here.

* There is no redundancy in this level. If one disk crashes you will most probably lose all your data. You can however be lucky to recover some data, since the filesystem will just be missing one large consecutive chunk of data.

* The capacity is the total of all member disks.

6.1.5. Logical Volume Manager (LVM) LVM is a method of allocating hard drive space into logical volumes that can be easily resized instead of partitions. * With LVM, the hard drive or set of hard drives is allocated to one or more logical volumes. * Since a physical volume can not span over more than one drive, if you want the logical volume group to span over more than one drive, you must create one or more logical volumes per drive. *

The physical volumes are combined into logical volume groups, with the exception of the /boot partition. The /boot partition can not be on a logical volume group because the boot loader can not read it. * If you want to have the root / partition on a logical volume, you will need to create a separate /boot partition which is not a part of a volume group. * The logical volume group is divided into logical volumes, which are assigned mount points such as /home and / and file system types such as ext3. * When "partitions" reach their full capacity, free space from the logical volume group can be added to the logical volume to increase the size of the partition. * When a new hard drive is added to the system, it can be added to the logical volume group, and the logical volumes that are the partitions can be expanded.

* On the other hand, if a system is partitioned with the ext3 file system, the hard drive is divided into partitions of defined sizes. If a partition becomes full, it is not easy to expand the size of the partition. * LVM support must be compiled into the kernel. The default kernel for Red Hat Linux 9 is compiled with LVM support 6.2.RedHat Installation and Hardware Configuration

Red Hat Linux 9 should be compatible with most hardware in systems that were factory built within the last two years.

Before you start the installation process, one of the following conditions must be met: * Your computer must have enough disk space for the installation of Red Hat Linux. * You must have one or more partitions that may be deleted, thereby freeing up enough disk space to install Red Hat Linux.

6.2.1. Preparing for Installation

6.2.1.1). Installation Disk Space Requirements * Personal Desktop A personal desktop installation, including a graphical desktop environment, requires at least 1.6GB of free space. Choosing both the GNOME and KDE desktop environments requires at least 1.8GB of free disk space.

* Workstation

A workstation installation, including a graphical desktop environment and software development tools, requires at least 2.1GB of free space. Choosing both the GNOME and KDE desktop environments requires at least 2.2GB of free disk space.

* Server

A server installation requires 850MB for a minimal installation without X (the graphical environment), at least 1.5GB of free space if all package groups other than X are installed, and at least 5.0GB to install all packages including the GNOME and KDE desktop environments.

* Custom A Custom installation requires 465MB for a minimal installation and at least 5.0GB of free space if every package is selected.

6.2.1.2). Installation Methods

The following installation methods are available: * CD-ROM If you have a CD-ROM drive and the Red Hat Linux CD-ROMs, you can use this method. You will need a boot diskette or a bootable CD-ROM.

*

Hard Drive If you have copied the Red Hat Linux ISO images to a local hard drive, you can use this method. You will need a boot diskette. Hard drive installations require the use of the ISO (or CD-ROM) images. An ISO image is a file containing an exact copy of a CD-ROM disk image

* NFS Image If you are installing from an NFS server using ISO images or a mirror image of Red Hat Linux, you can use this method. You will need a network driver diskette.

* FTP If you are installing directly from an FTP server, use this method. You will need a network driver diskette.

* HTTP If you are installing directly from an HTTP (Web) server, use this method. You will need a network driver diskette. 6.2.1.3). Choosing the Installation Class

1. Personal Desktop Installations

Minimum Requirements

* Personal Desktop: 1.6GB * Personal Desktop choosing both GNOME and KDE: 1.8GB * With all package groups (for example, Office/Productivity is a group of packages) : 5.0GB minimum.

What a Personal Desktop Installation Will Do:

If you choose automatic partitioning, a personal desktop installation will create the following partitions:

* The size of the swap partition is determined by the amount of RAM in your system and the amount of space available on your hard drive. For example, if you have 128MB of RAM then the swap partition created can be 128MB – 256MB (twice your RAM), depending on how much disk space is available.

* A 100MB partition mounted as /boot in which the Linux kernel and related files reside.

* A root partition mounted as / in which all other files are stored (the exact size of this partition is dependent on your available disk space).

2. Workstation Installations

Minimum Requirements :

* Workstation: 2.1GB * Workstation choosing both GNOME and KDE: 2.2GB * With all package groups : 5 GB or more

What a Workstation Installation Will Do

If you choose automatic partitioning, a workstation installation will create the partitions in the same way as for the personal desktop.

Server Installations

Minimum Requirements :

* Server (minimum, no graphical interface): 850MB * Server (choosing everything, no graphical interface): 1.5GB * Server (choosing everything, including a graphical interface): 5.0GB * With all software packages: 5GB and more

What a Server Installation Will Do

If you choose automatic partitioning, a server installation will create the partitions in the same way as for the workstation.

Custom Installations

The custom installation allows you the most flexibility during your installation. During a custom installation, you have complete control over the packages that are installed on your system.

Recommended Minimum Requirements:

* Custom (minimum): 465MB * Custom (choosing everything): 5.0GB

What a Custom Installation Will Do:

As you might guess from the name, a custom installation puts the emphasis on flexibility. You have complete control over which packages will be installed on your system.

If you choose automatic partitioning, a custom installation will create the partitions in the same format as we have discussed above.

Upgrading Your System

Upgrading Red Hat Linux 6.2 (or greater) will not delete any existing data. The installation program updates the modular kernel and all currently installed software packages.

6.2.1.4). Hardware/System Information Required

The hardware or system info that you are required to know to make your Red Hat Linux installation go more smoothly are given below though most of them will be automatically detected by the installation software.

* Hard drive(s): type, label, size; ex: IDE hda=1.2 GB * Partitions: map of partitions and mount points; ex: /dev/hda1=/home, /dev/hda2=/ (fill this in once you know where they will reside)

* memory: amount of RAM installed on your system; ex: 64 MB, 128 M

* CD-ROM: interface type; ex: SCSI, IDE (ATAPI)

* SCSI adapter: if present, make and model number; ex: BusLogic SCSI Adapter

* network card: if present, make and model number; ex: Tulip, 3COM 3C590 * mouse: type, protocol, and number of buttons; ex: generic 3 button PS/2 mouse, MouseMan 2 button serial mouse

* monitor: make, model, and manufacturer specifications; ex: Optiquest Q53, ViewSonic G663

* video card: make, model number and size of VRAM; ex: Creative Labs Graphics Blaster 3D, 8MB

* sound card: make, chipset and model number; ex: S3 SonicVibes, Sound Blaster 32/64 AWE 6.2.2. RedHat Installation Procedure

To start the installation, you must first boot the installation program. You can boot the installation program using the bootable CD-ROM. Your BIOS settings may need to be changed to allow you to boot from the diskette or CD-ROM.

After a short delay, a screen containing the boot: prompt should appear. The screen contains information on a variety of boot options. Each boot option also has one or more help screens associated with it. To access a help screen, press the appropriate function key as listed in the line at the bottom of the screen.

Normally, you only need to press [Enter] to boot. Watch the boot messages to see if the Linux kernel detects your hardware. If your hardware is properly detected, please continue to the next section. If it does not properly detect your hardware, you may need to restart the installation in expert mode.

* If you do not wish to perform a graphical installation, you can start a text mode installation using the following boot command: boot: linux text

* If the installation program does not properly detect your hardware, you may need to restart the installation in expert mode. Enter expert mode using the following boot command:

boot: linux noprobe

* For text mode installations in expert mode, use:

boot: linux text noprobe

Expert mode disables most hardware probing, and gives you the option of entering options for the drivers loaded during the installation. The initial boot messages will not contain any references to SCSI or network cards. This is normal; these devices are supported by modules that are loaded during the installation process.

6.2.2.1). Initial Installation Steps

1. Put your linux installation CD-ROM into the drive and boot from the CD.

2. Language Selection : Using your mouse, select the language you would prefer to use for the installation. (English). Once you select the appropriate language, click Next to continue.

3. Keyboard Configuration : Using your mouse, select the correct layout type (for example, U.S. English) for the keyboard you would prefer to use for the installation and as the system default. Once you have made your selection, click Next to continue.

4. Mouse Configuration : Choose the correct mouse type for your system. If you cannot find an exact match, choose a mouse type that you are sure is compatible with your system. The Emulate 3 buttons checkbox allows you to use a two-button mouse as if it had three buttons. In general, the graphical interface (the X Window System) is easier to use with a three-button mouse. If you select this checkbox, you can emulate a third, "middle" button by pressing both mouse buttons simultaneously.

5. Choosing to Upgrade or Install : To perform a new installation of Red Hat Linux on your system, select Perform a new Red Hat Linux installation and click Next.

6. Installation Type : Choose the type of installation you would like to perform .Red Hat Linux allows you to choose the installation type that best fits your needs. Your options are Personal Desktop, Workstation, Server, Custom, and Upgrade.

6.2.3. Disk Partitioning Setup

On this screen, you can choose to perform automatic partitioning, or manual partitioning using Disk Druid. * Automatic partitioning allows you to perform an installation without having to partition your drive(s) yourself. If you do not feel comfortable with partitioning your system, it is recommended that you do not choose to partition manually and instead let the installation program partition for you. * To partition manually, choose the Disk Druid partitioning tool. 6.2.3.1). Automatic Partitioning Automatic partitioning allows you to have some control concerning what data is removed (if any) from your system. Your options are: * Remove all Linux partitions on this system — select this option to remove only Linux partitions (partitions created from a previous Linux installation). This will not remove other partitions you may have on your hard drive(s) (such as VFAT or FAT32 partitions). * Remove all partitions on this system — select this option to remove all partitions on your hard drive(s) (this includes partitions created by other operating systems such as Windows 9x/NT/2000/ME/XP or NTFS partitions). * Keep all partitions and use existing free space — select this option to retain your current data and partitions, assuming you have enough free space available on your hard drive(s). 6.2.3.2). Manual Partitioning Using Disk Druid

The partitioning tool used by the installation program is Disk Druid. Above the display, you will see the drive name (such as /dev/hda), the geom (which shows the hard disk's geometry and consists of three numbers representing the number of cylinders, heads, and sectors as reported by the hard disk), and the model of the hard drive as detected by the installation program. Disk Druid's Buttons * New: Used to request a new partition. When selected, a dialog box appears containing fields (such as mount point and size) that must be filled in. *

Edit: Used to modify attributes of the partition currently selected in the Partitions section. Selecting Edit opens a dialog box. Some or all of the fields can be edited, depending on whether the partition information has already been written to disk. * You can also edit free space as represented in the graphical display to create a new partition within that space. Either highlight the free space and then select the Edit button, or double-click on the free space to edit it. * Delete: Used to remove the partition currently highlighted in the Current Disk Partitions section. You will be asked to confirm the deletion of any partition. * Reset: Used to restore Disk Druid to its original state. All changes made will be lost if you Reset the partitions. * RAID: Used to provide redundancy to any or all disk partitions. It should only be used if you have experience using RAID. To read more about RAID, refer to the Red Hat Linux Customization Guide. To make a RAID device, you must first create software RAID partitions. Once you have created two or more software RAID partitions, select RAID to join the software RAID partitions into a RAID device. * LVM: Allows you to create an LVM logical volume. The role of LVM (Logical Volume Manager) is to present a simple logical view of underlying physical storage space, such as a hard drive(s). LVM manages individual physical disks — or to be more precise, the individual partitions present on them. To create an LVM logical volume, you must first create partitions of type physical volume (LVM). Once you have created one or more physical volume (LVM) partitions, select LVM to create an LVM logical volume.

Partition Fields

Above the partition hierarchy are labels which present information about the partitions you are creating. The labels are defined as follows: * Device: This field displays the partition's device name. * Mount Point/RAID/Volume: A mount point is the location within the directory hierarchy at which a volume exists; the volume is "mounted" at this location. This field indicates where the partition will be mounted. If a partition exists, but is not set, then you need to define its mount point. Double-click on the partition or click the Edit button. *

Type: This field shows the partition's type (for example, ext2, ext3, or vfat). * Format: This field shows if the partition being created will be formatted. * Size (MB): This field shows the partition's size (in MB). * Start: This field shows the cylinder on your hard drive where the partition begins. * End: This field shows the cylinder on your hard drive where the partition ends. 6.2.3.3). Recommended Partitioning Scheme

Unless you have a reason for doing otherwise, you can use the following partitioning scheme

* A swap partition (at least 32MB) — swap partitions are used to support virtual memory. In other words, data is written to a swap partition when there is not enough RAM to store the data your system is processing. The size of your swap partition should be equal to twice your computer's RAM, or 32MB, whichever amount is larger.

* A /boot partition (100MB) — the partition mounted on /boot contains the operating system kernel (which allows your system to boot Red Hat Linux), along with files used during the bootstrap process. For most users, a 100MB boot partition is sufficient. 6.2.3.4). Adding Partitions

The following fields need to be taken care off while creating new partitions.

* Mount Point: Enter the partition's mount point. For example, if this partition should be the root partition, enter /; enter /boot for the /boot partition, and so on. You can also use the pull-down menu to choose the correct mount point for your partition.

*

File System Type(ext2 or ext3 or swap) : Using the pull-down menu, select the appropriate file system type for this partition.

* Allowable Drives: This field contains a list of the hard disks installed on your system. If a hard disk's box is highlighted, then a desired partition can be created on that hard disk.

* Size (Megs): Enter the size (in megabytes) of the partition. Note, this field starts with 100 MB; unless changed, only a 100 MB partition will be created.

* Additional Size Options: Choose whether to keep this partition at a fixed size, to allow it to "grow" (fill up the available hard drive space) to a certain point, or to allow it to grow to fill any remaining hard drive space available.

* If you choose Fill all space up to (MB), you must give size constraints in the field to the right of this option. This allows you to keep a certain amount of space free on your hard drive for future use.

* Force to be a primary partition: Select whether the partition you are creating should be one of the first four partitions on the hard drive. If unselected, the partition created will be a logical partition

* Check for bad blocks: Checking for bad blocks can help prevent data loss by locating the bad blocks on a drive and making a list of them to prevent using them in the future.

* Selecting Check for bad blocks may dramatically increase your total installation time

* Ok: Select Ok once you are satisfied with the settings and wish to create the partition.

* Cancel: Select Cancel if you do not want to create the partition.

6.2.4. Boot Loader Configuration

* A boot loader is the first software program that runs when a computer starts.

* It is responsible for loading and transferring control to the operating system kernel software. The kernel, in turn, initializes the rest of the operating system.

The installation program provides two boot loaders for you to choose from, GRUB and LILO.

* GRUB (Grand Unified Bootloader), which is installed by default, is a very powerful boot loader. GRUB can load a variety of free operating systems, as well as proprietary operating systems with chain-loading (the mechanism for loading unsupported operating systems, such as DOS or Windows, by loading another boot loader).

* LILO (Linux Loader) is a versatile boot loader for Linux. It does not depend on a specific file system, can boot Linux kernel images from floppy diskettes and hard disks, and can even boot other operating systems.

* If you do not want to install GRUB as your boot loader, click Change boot loader. You can then choose to install LILO or choose not to install a boot loader at all.

* If you already have a boot loader that can boot Linux and do not want to overwrite your current boot loader, or if you plan to boot the system using boot diskettes, choose “Do not install a boot loader†by clicking on the Change boot loader button.

* Boot loader Label : Every bootable partition is listed, including partitions used by other operating systems. The partition holding the system's root file system will have a Label of Red Hat Linux (for GRUB) or linux (for LILO). If you would like to add or change the boot label for other partitions that have been detected by the installation program, click once on the partition to select it. Once selected, you can change the boot label by clicking the Edit button.

* Default Boot Partition : Select Default beside the preferred boot partition to choose your default bootable OS. You will not be able to move forward in the installation unless you choose a default boot image.

* Boot Loader Password : If you choose to use a boot loader password to enhance your system security, be sure to select the checkbox labeled Use a boot loader password. Once selected, enter a password and confirm it.

6.2.4.1). Advanced Boot Loader Configuration

Now that you have chosen which boot loader to install, you can also determine where you want the boot loader to be installed. You may install the boot loader in one of two places:

* The master boot record (MBR)

o This is the recommended place to install a boot loader. The MBR is a special area on your hard drive that is automatically loaded by your computer's BIOS, and is the earliest point at which the boot loader can take control of the boot process.

o If you install it in the MBR, when your machine boots, GRUB (or LILO) will present a boot prompt. You can then boot Red Hat Linux or any other operating system that you have configured the boot loader to boot.

* The first sector of your boot partition

* This is recommended if you are already using another boot loader on your system. In this case, your other boot loader will take control first.

* You can then configure that boot loader to start GRUB (or LILO), which will then boot Red Hat Linux.

* If your system will use only Red Hat Linux, you should choose the MBR. For systems with Windows 95/98, you should also install the boot loader to the MBR so that it can boot both operating systems.

* The Force LBA32 (not normally required) option allows you to exceed the 1024 cylinder limit for the /boot partition. If you have a system which supports the LBA32 extension for booting operating systems above the 1024 cylinder limit, and you want to place your /boot partition above cylinder 1024, you should select this option.

* If you wish to add default options to the boot command, enter them into the Kernel parameters field. Any options you enter will be passed to the Linux kernel every time it boots.

6.2.5. Network Configuration

The installation program will automatically detect any network devices you have and display them in the Network Devices list.

* Once you have selected a network device, click Edit. From the Edit Interface pop-up screen, you can choose to configure the IP address and Netmask of the device and you can choose to activate the device at boot time. If you select Activate on boot, your network interface will be started when you boot.

* If you have a hostname (fully qualified domain name) for the network device, you can choose to have DHCP (Dynamic Host Configuration Protocol)

automatically detect it or you can manually enter the hostname in the field provided.

* Finally, if you entered the IP and Netmask information manually, you may also enter the Gateway address and the Primary, Secondary, and Tertiary DNS addresses.

6.2.6. Firewall Configuration

Red Hat Linux offers firewall protection for enhanced system security. A firewall exists between your computer and the network, and determines which resources on your computer remote users on the network can access. A properly configured firewall can greatly increase the security of your system.

* You can choose the appropriate security level for your system as high . medium or no firewall.

* Trusted Devices : Selecting any of the Trusted Devices allows access to your system for all traffic from that device; it is excluded from the firewall rules.

* Allow Incoming : Enabling these options allow the specified services to pass through the firewall. Note, during a workstation installation, the majority of these services are not installed on the system.

* Other ports : You can allow access to ports which are not listed here, by listing them in the Other ports field. Use the following format: port:protocol. For example, if you want to allow IMAP access through your firewall, you can specify imap:tcp. 6.2.7. Language Support Selection

You must select a language to use as the default language. The default language will be used on the system once the installation is complete.

6.2.8. Time Zone Configuration

You can set your time zone by selecting your computer's physical location. 6.2.9. Set Root Password

Setting up a root account and password is one of the most important steps during your installation. The installation program will prompt you to set a root password for your system. You must enter a root password. The installation program will not let you proceed to the next section without entering a root password.

6.2.10. Authentication Configuration

You may skip this section if you will not be setting up network passwords.

* Enable MD5 passwords — allows a long password to be used (up to 256 characters), instead of the standard eight characters or less.

* Enable shadow passwords — provides a secure method for retaining passwords. The passwords are stored in /etc/shadow, which can only be read by root. * Enable NIS — allows you to run a group of computers in the same Network Information Service domain with a common password and group file. You can choose from the following options:

* NIS Domain — allows you to specify the domain or group of computers your system belongs to.

* Use broadcast to find NIS server — allows you to broadcast a message to your local area network to find an available NIS server.

* NIS Server — causes your computer to use a specific NIS server, rather than broadcasting a message to the local area network asking for any available server to host your system.

*

Note : If you have selected a medium or high firewall to be setup during this installation, network authentication methods (NIS and LDAP) will not work.

* Enable LDAP — tells your computer to use LDAP for some or all authentication. LDAP consolidates certain types of information within your organization.

* Enable Kerberos — Kerberos is a secure system for providing network authentication services

* Enable SMB Authentication — Sets up PAM to use an SMB server to authenticate users. You must supply two pieces of information here: o SMB Server — Indicates which SMB server your workstation will connect to for authentication. o SMB Workgroup — Indicates which workgroup the configured SMB servers are in. 6.2.11. Package Group Selection

Unless you choose a custom installation, the installation program will automatically choose most packages for you.

* To select packages individually, check “Customize the set of packages to be installed†checkbox.

* You can select package groups like Desktop ( X, GNOME, KDE), Editors ( emacs, joe), Open Office, applications like Apache, mysql, ftp etc.

* You can choose to view the individual packages in Tree View or Flat View. Tree View allows you to see the packages grouped by application type. Flat View allows you to see all of the packages in an alphabetical listing on the right of the screen.

* Unresolved Dependencies : If any package requires another package which you have not selected to install, the program presents a list of these unresolved dependencies and gives you the opportunity to resolve them. Under the list of missing packages, you can enable the option to Install packages to satisfy dependencies

* You should now see a screen preparing you for the installation of Red Hat Linux and the installation will continue to install the packages selected. 6.2.12. Boot Diskette Creation To create a boot diskette, insert a blank, formatted diskette into your diskette drive and click Next. f you do not want to create a boot diskette, make sure to select the appropriate option before you click Next.

6.2.13. Hardware Configuration

* The installation program will now present a list of video cards for you to choose from. If you decided to install the X Window System packages, you now have the opportunity to configure an X server for your system.

* You can also select Skip X Configuration if you would rather configure X after the installation or not at all.

X Configuration — Monitor and Customization

* The installation program will present you with a list of monitors to select from. From this list, you can either use the monitor that is automatically detected for you, or choose another monitor.

* Choose the correct color depth and resolution for your X configuration. Also choose the login type as graphical or text. Personal desktop and workstation installations will automatically boot into a graphical environment. 6.2.14. Installation Complete

Congratulations! Your Red Hat Linux 9 installation is now complete! The installation program will prompt you to prepare your system for reboot. Remember to remove any installation media (diskette in the diskette drive or CD in the CD-ROM drive) if they are not ejected automatically upon reboot.

The first time you start your Red Hat Linux machine, you will be presented with the Setup Agent, which guides you through the Red Hat Linux configuration. Using this tool, you can set your system time and date, install software, register your machine with Red Hat Network, and more. The Setup Agent lets you configure your environment at the beginning, so that you can get started using your Red Hat Linux system quickly.

6.3. System Administration Commands 6.3.1. Process Management

* Linux is a multiprocessing operating system. Each process is a separate task with its own rights and responsibilities. If one process crashes it will not cause another process in the system to crash.

* Each individual process runs in its own virtual address space and is not capable of interacting with another process except through secure, kernelmanaged mechanisms.

* During the lifetime of a process it will use many system resources. It will use the CPUs in the system to run its instructions and the system's physical memory to hold it and its data.

* Linux must keep track of the process itself and of the system resources that it has so that it can manage it and the other processes in the system fairly.

* The most precious resource in the system is the CPU, usually there is only one. Linux is a multiprocessing operating system, its objective is to have a process running on each CPU in the system at all times, to maximize CPU utilization.

*

Multiprocessing is a simple idea; a process is executed until it must wait, usually for some system resource; when it has this resource, it may run again. In a uniprocessing system, for example DOS, the CPU would simply sit idle and the waiting time would be wasted. In a multiprocessing system many processes are kept in memory at the same time.

* Whenever a process has to wait the operating system takes the CPU away from that process and gives it to another, more deserving process. It is the scheduler which chooses which is the most appropriate process to run next and Linux uses a number of scheduling strategies to ensure fairness.

* As well as the normal type of process, Linux supports real time processes. These processes have to react very quickly to external events (hence the term "real time") and they are treated differently from normal user processes by the scheduler.

6.3.1.1). Process task_struct data structure

* Each process is represented by a task_struct data structure (task and process are terms that Linux uses interchangeably). The task vector is an array of pointers to every task_struct data structure in the system.

* This means that the maximum number of processes in the system is limited by the size of the task vector; by default it has 512 entries.

* As processes are created, a new task_struct is allocated from system memory and added into the task vector. To make it easy to find, the current, running, process is pointed to by the current pointer.

* Although the task_struct data structure is quite large and complex, but its fields can be divided into a number of functional areas:

1. Process States

As a process executes, it changes state according to its circumstances. Linux processes have the following states:

1. Runnable( process state code : R) : The process is either running (it is the current process in the system) or it is ready to run (it is waiting to be assigned to one of the system's CPUs).

2. Waiting/Sleeping (process state code : D/S) : The process is waiting for an event or for a resource. Linux differentiates between two types of waiting process; interruptible and uninterruptible.

* Interruptible waiting processes can be interrupted by signals(S). * Uninterruptible waiting processes are waiting directly on hardware conditions and cannot be interrupted under any circumstances(D).

3. Stopped (T): The process has been stopped, usually by receiving a signal. A process that is being debugged can be in a stopped state.

4. Zombie/Defunct(Z) : This is a halted process which, for some reason, still has a task_struct data structure in the task vector. It is what it sounds like, a dead process.

2. Scheduling Information

The scheduler needs this information in order to fairly decide which process in the system most deserves to run.

* Processes are always making system calls and so may often need to wait. Even so, if a process executes until it waits then it still might use a disproportionate amount of CPU time and so Linux uses pre-emptive scheduling. * In this scheme, each process is allowed to run for a small amount of time, 200ms, and, when this time has expired another process is selected to run and

the original process is made to wait for a little while until it can run again. This small amount of time is known as a time-slice.

* It is the scheduler which must select the most deserving process to run out of all of the runnable processes in the system.

* Linux uses a reasonably simple priority based scheduling algorithm to choose between the current processes in the system.

* When it has chosen a new process to run it saves the state of the current process, the processor specific registers and other context being saved in the processes task_struct data structure.

* For the scheduler to fairly allocate CPU time between the runnable processes in the system it keeps information in the task_struct for each process.

* priority : This is the priority that the scheduler will give to this process. It is also the amount of time (in jiffies ) that this process will run for when it is allowed to run. You can alter the priority of a process using system calls and the renice command.

* In an SMP (Symmetric Multi-Processing) linux system,the kernel is capable of evenly balancing work between the many CPUs in the system. Nowhere is this balancing of work more apparent than in the scheduler.

* In an SMP system each processes task_struct contains the number of the processor that it is currently running on (processor ) and its processor number of the last processor that it ran on (last_processor ). There is no reason why a process should not run on a different CPU each time it is selected to run but Linux can restrict a process to one or more processors in the system using the processor_mask.

3. Identifiers

* Every process in the system has a process identifier.

* Each process also has User and group identifiers, these are used to control this processes access to the files and devices in the system.

4. Inter-Process Communication

* Linux supports IPC mechanisms of signals, pipes and semaphores and also the System V IPC mechanisms of shared memory, semaphores and message queues.

* Signals are one of the oldest inter-process communication methods and are used to signal asynchronous events to one or more processes. A signal could be generated by a keyboard interrupt or an error condition such as the process attempting to access a non-existent location in its virtual memory. Signals are also used by the shells to signal job control commands to their child processes.

* Refer url below for more details on InterProcess Communication methods. http://www.science.unitn.it/~fiorella/guidelinux/tlk/node52.html

5. Links

* In a Linux system no process is independent of any other process. Every process in the system, except the initial process has a parent process.

* You can see the family relationship between the running processes in a Linux system using the pstree command:

init(1)-+-crond(98) |-emacs(387)

|-gpm(146) |-inetd(110) |-kerneld(18) |-kflushd(2) |-klogd(87) |-kswapd(3) |-login(160)---bash(192)---emacs(225) |-lpd(121) |-mingetty(161) |-mingetty(162) |-mingetty(163) |-mingetty(164) |-login(403)---bash(404)---pstree(594) |-sendmail(134) |-syslogd(78) `-update(166)

6. Times and Timers

* The kernel keeps track of a processes creation time as well as the CPU time that it consumes during its lifetime.

* Each clock tick, the kernel updates the amount of time in jiffies that the current process has spent in system and in user mode.

* Linux also supports process specific interval timers, processes can use system calls to set up timers to send signals to themselves when the timers expire. These timers can be single-shot or periodic timers.

7. File system

* Processes can open and close files as they wish and the processes task_struct contains pointers to descriptors for each open file as well as pointers to two VFS inodes.

* Each VFS inode uniquely describes a file or directory within a file system and also provides a uniform interface to the underlying file systems .

* The first is to the root of the process (its home directory) and the second is to its current or pwd directory. These two VFS inodes have their count fields incremented to show that one or more processes are referencing them.

* This is why you cannot delete the directory that a process has as its pwd directory set to, or for that matter one of its sub-directories.

8. Virtual memory

* Most processes have some virtual memory (kernel threads and daemons do not) and the Linux kernel must track how that virtual memory is mapped onto the system's physical memory.

9. Processor Specific Context and Context Switching

* A process could be thought of as the sum total of the system's current state.

* Whenever a process is running it is using the processor's registers, stacks and so on. This is the processes context and, when a process is suspended, all of that CPU specific context must be saved in the task_struct for the process. When a process is restarted by the scheduler its context is restored from here.

*

Context switching is the series of procedures to switch the control of CPU from current process to a certain process. While the context switching, the operating system saves the context of current process and restores the context of the next process which is decided by the scheduler as per the info stored in the tast_struct for that process.

Process monitoring is an important function of a Linux system administrator. To that end, ps and top are two of the most useful commands. 6.3.1.2). ps The ps command provides a snapshot of the currently running processes. The simplest form of ps is : $ ps PID TTY TIME CMD 3884 pts/1 00:00:00 bash 3955 pts/2 00:00:00 more 3956 pts/5 00:00:05 sqlplus

* The PID is the identification number for the process. * TTY is the terminal console to which the process belongs. * The TIME column is the total CPU time used by the process. * The CMD column lists the command line being executed.

$ ps -ef | grep oracle UID PID PPID C STIME TTY TIME CMD oracle 1633 1 0 13:58 ? 00:00:00 ora_pmon_ora1 oracle 1635 1 0 13:58 ? 00:00:00 ora_dbw0_ora1 oracle 1637 1 0 13:58 ? 00:00:01 ora_lgwr_ora1 oracle 1639 1 0 13:58 ? 00:00:02 ora_ckpt_ora1 oracle 1641 1 0 13:58 ? 00:00:02 ora_smon_ora1

* Although uid usually refers to a numeric identification, the username is specified under the first column, labeled UID. * PPID is the identification number for the parent process. For the Oracle processes, this is 1- which is the id of the init process, the parent process of all processes, because Oracle is set up on this system to be started as a part of the login process. * The column labeled C is a factor used by the CPU to compute execution priority. * STIME refers to the start time of the process. * The question marks indicate that these processes don't belong to any TTY because they were started by the system.

Here is another example of the ps command with some different options. Notice that many of the columns are the same as they were when ps was executed with ef:

$ ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND carma 4024 0.0 0.2 2240 1116 pts/1 S 20:59 0:00 su carma carma 4025 0.0 0.3 2856 1668 pts/1 S 20:59 0:00 bash carma 4051 0.0 0.2 2488 1504 pts/1 R 21:01 0:00 ps aux carma 4052 0.0 0.1 1636 600 pts/1 S 21:01 0:00 grep carma

* The above ps option gives the username under which the process is running. It also gives the current status (STAT) of the process. * Regular users can see all system processes, but they can only kill processes that they own.

To see if a particular process is running or not, you can use $ ps –aux |grep mysql 6.3.1.3). top

Ps only gives you a snapshot of the current processes. For an ongoing look at the most active processes, use top. * Top provides process information in real time. It also has an interactive state that allows users to enter commands, such as n followed by a number such as 5 or 10. The result will be to instruct top to display the 5 or 10 most active processes. Top runs until you press "q" to quit top. * It can sort the tasks by CPU usage, memory usage and runtime. $ top –c ------- will display the processes sorted by the order of their cpu usage. Here is a partial display of top:

$ top –c 15:10:31 up 2 days, 2:34, 5 users, load average: 0.00, 0.03, 0.15 Tasks: 78 total, 2 running, 76 sleeping, 0 stopped, 0 zombie Cpu(s): 0.7% us, 0.3% sy, 0.0% ni, 99.0% id, 0.0% wa, 0.0% hi, 0.0% si Mem: 248980k total, 244496k used, 4484k free, 2196k buffers Swap: 522072k total, 216056k used, 306016k free, 61872k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2014 root 15 0 226m 26m 143m S 0.3 11.0 176:49.13 X 5030 root 15 0 190m 78m 35m S 0.3 32.5 25:19.13 mozilla-bin 9499 carma 16 0 2612 904 1620 R 0.3 0.4 0:00.02 top 1 root 16 0 2096 336 1316 S 0.0 0.1 0:04.86 init 2 root 34 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0 3 root 5 -10 0 0 0 S 0.0 0.0 0:00.23 events/0

4 root 5 -10 0 0 0 S 0.0 0.0 0:00.00 kblockd/0 6 root 5 -10 0 0 0 S 0.0 0.0 0:00.01 khelper 5 root 15 0 0 0 0 S 0.0 0.0 0:00.00 khubd 7 root 15 0 0 0 0 S 0.0 0.0 0:00.08 pdflush 8 root 15 0 0 0 0 S 0.0 0.0 0:00.16 pdflush 10 root 14 -10 0 0 0 S 0.0 0.0 0:00.00 aio/0 9 root 15 0 0 0 0 S 0.0 0.0 0:01.77 kswapd * The display is updated every 5 seconds by default, but you can change that with the d command-line option. Field Descriptions * "uptime" : The first line displays the time the system has been up, and the three load averages for the system. * The load averages are the average number of process ready to run during the last 1, 5 and 15 minutes. This line is just like the output of uptime command. * Tasks are the total number of processes running at the time of the last update. This is also broken down into the number of tasks which are running, sleeping, stopped, or undead. The processes and states display may be toggled by the ‘t’ interactive command. * Cpu(s) : "CPU states" shows the percentage of CPU time in user mode, system mode, niced tasks, iowait and idle. (Niced tasks are only those whose nice value is positive.) Time spent in niced tasks will also be counted in system and user time, so the total will be more than 100. * Mem: Statistics on memory usage, including total available memory, free memory, used memory, shared memory, and memory used for buffers. The display of memory information may be toggled by the m interactive command. * Swap : Statistics on swap space, including total swap space, available swap space, and used swap space. This and Mem are just like the output of free command. * PID : The process ID of each task. *

PPID: The parent process ID each task. * UID : The user ID of the task's owner. * USER : The user name of the task's owner. * PRI: The priority of the task. * NI : The nice value of the task which decides the prioirity of the task with the scheduler. Negative nice values are higher priority. * %CPU : The task's share of the CPU time since the last screen update, expressed as a percentage of total CPU time per processor. * %MEM : The task's share of the physical memory. * COMMAND : The task's command name, which will be truncated if it is too long to be displayed on one line. Tasks in memory will have a full command line, but swapped-out tasks will only have the name of the program in parentheses (for example, "(getty)†) 6.3.1.4). pstree

pstree displays a tree of processes. The tree is rooted at either pid or init if pid is omitted. If a user name is specified, all process trees rooted at processes owned by that user are shown. * pstree visually merges identical branches by putting them in square brackets and prefixing them with the repetition count, e.g. init-+-getty |-getty |-getty `-getty becomes init---4*[getty] $ pstree *

Some of the options you can use with it are –n ( Sort processes by PID), -p (show PIDs) etc. 6.3.1.5). kill The command kill sends the specified signal to the specified process or process group. * If no signal is specified, the TERM signal is sent. The TERM signal will kill processes which do not catch this signal. * For other processes, it may be necessary to use the KILL (9) signal, since this signal cannot be caught. $ kill [ -s signal] PID $ kill -9 PID * -s signal : Specify the signal to send. The signal may be given as a signal name or number. * You can get a list of all the system's signals using the kill -l command $ kill -l 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP 6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1 11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP 21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ 26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR 31) SIGSYS 33) SIGRTMIN 34) SIGRTMIN+1 35) SIGRTMIN+2 36) SIGRTMIN+3 37) SIGRTMIN+4 38) SIGRTMIN+5 39) SIGRTMIN+6 40) SIGRTMIN+7 41) SIGRTMIN+8 42) SIGRTMIN+9 43) SIGRTMIN+10 44) SIGRTMIN+11 45) SIGRTMIN+12 46) SIGRTMIN+13 47) SIGRTMIN+14 48) SIGRTMIN+15 49) SIGRTMAX-15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12 53) SIGRTMAX-11 54) SIGRTMAX-10

55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7 58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2 63) SIGRTMAX-1

* Pid can be process id or process name. But use the process id itself with the -9 option. * $ kill 0 : will stop all process except your shell 6.3.1.6). killall kill processes by name . killall sends a signal to all processes running any of the specified commands. If no signal name is specified, SIGTERM is sent.

* A killall process never kills itself (but may kill other killall processes). * $ killall –l :will also list all known signal names. * Eg ‘$killall mysql’ will kill all mysql processes.

6.3.1.7). fuser fuser displays the PIDs of processes using the specified files or file systems. In the default display mode, each file name is followed by a letter denoting the type of access. $ fuser -a /var/log/messages Will output the PID that is accessing the file at present. By default, only files that are accessed by at least one process are shown. * The ‘k’ option can be used to kill processes accessing a file system. $ fuser -km /home * In the default display mode, each file name is followed by a letter denoting the type of access:

$ fuser –m /var/log/messages c : current directory. e : executable being run. f : open file. f is omitted in default display mode. r : root directory. m: map'ed file or shared library 6.3.1.8). pidof This command find the process ID of a running program. $ pidof httpd Will list all the process ids under which Apache runs. 6.3.1.9). skill Skill is similar to kill. The default signal for skill is TERM. Use -l or -L to list available signals. Particularly useful signals include HUP, INT, KILL, STOP, CONT, and 0. Alternate signals may be specified in three ways: -9 -SIGKILL -KILL.

* $ kill [signal to send] [options] process selection criteria * PROCESS SELECTION OPTIONS : Selection criteria can be: terminal, user, pid, command. The options below may be used to ensure correct interpretation. -t The next argument is a terminal (tty or pty). -u The next argument is a username. -p The next argument is a process ID number. -c The next argument is a command name. $ skill -KILL pts/* ========= Kill users on PTY devices $ skill -STOP user1 user2 ======== Stop 2 users

6.3.1.10). Background Process - &

& at the end of the command makes it run in the background.

$ opera & 6.3.1.11). nice * Nice command invokes a command with an altered scheduling priority. * The general syntax is $ nice [-increment | -n increment ] command [argument ... ] * Increment Range goes from -20 (highest priority) to 19 (lowest). * Command is the name of a command that is to be invoked. If no command or arguments are given, `nice' prints the current scheduling priority, which is inherited. * Argument is any string to be supplied as an argument when invoking a command. The commandline below runs the pico command on myfile.txt with an increment of +13. ie the priority or niceness value of the pico command is reduced by 13. $ nice +13 pico myfile.txt 6.3.1.12). snice * The snice command is similar to the nice command but the default priority for snice is +4. (snice +4 ...) * Priority numbers range from +20 (slowest) to -20 (fastest). Negative priority numbers are restricted to administrative users. $ snice netscape crack +7 ----- Slow down netscape and crack $ snice -17 root bash ----- Give priority to root's shell 6.3.1.13). /proc/$PID directory * /proc is a pseudo-filesystem which is used as an interface to kernel data structures. * There is a numerical subdirectory for each running process under /proc; the subdirectory is named by the process ID. For example, if the subdirectory is 14534, the directory is /proc/14534. *

Some of the pseudo-files and directories containted inside the /proc/$PID directory is detailed below: o cmdline : This holds the complete command line for the process,unless the whole process has been swapped out, or unless the process is a zombie. In either of these later cases there is nothing in this file: i.e. a read on this file will return 0 characters. o cwd : This is a link to the current working directory of the process. To find out the cwd of process 20, instance, you can do this, $ cd /proc/20/cwd; /bin/pwd o environ : This file contains the environment for the process. The entries are separated by null characters, and there may be a null character at the end. Thus, to print out the environment of process 1, you could do: $ cat /proc/1/environ o exe : exe is a symbolic link containing the actual path name of the executed command. o fd : This is a subdirectory containing one entry for each file which the process has open, named by its file descriptor, and which is a symbolic link to the actual. Thus, 0 is standard input, 1 standard output, 2 standard error, etc. o stat : Status information about the process. This is used by ps and top. 6.3.2. System Startup and Shutdown 6.3.2.1). The Boot Process

1. The Bootstrap Process – First Stage (BIOS)

* The PC boot process is started on powerup. The processor will start execution of code contained in the Basic Input and Output System (BIOS). The BIOS is a program stored in Read Only Memory (ROM) and is the lowest level interfae between the computer and peripherals. * BIOS then does the Power On Self Test, or POST routine runs to find certain hardware and to test that the hardware is working at a basic level. It

compares the hardware settings in the CMOS (Complementary Metal Oxide Semiconductor) to what is physically on the system. It then initialize the hardware devices. * Once the POST is completed, the hardware jumps to a specific, predefined location in RAM. The instructions located here are relatively simple and basically tell the hardware to go look for a boot device. Depending on how your CMOS is configured, the hardware first checks your floppy and then your hard disk. * When a boot device is found (let's assume that it's a hard disk), the hardware is told to go to the 0th (first) sector (cylinder 0, head 0, sector 0), then load and execute the instructions there. This is the master boot record, or MBR . * The BIOS will first load the MBR into memory which is only 512 bytes in size and points to the boot loader (LILO: Linux boot loader) or GRUB. * Once the BIOS finds and loads the boot loader program into memory, it yields control of the boot process to it.

1. The Boot Loader – Stage 2

* LILO or GRUB allows the root user to set up the boot process as menudriven or command-line, and permits the user to choose from amongst several boot options. * It also allows for a default boot option after a configurable timeout, and current versions are designed to allow booting from broken Level 1 (mirrored) RAID arrays.

* It has the ability to create a highly configurable, "GUI-fied" boot menu, or a simple, text-only, command-line prompt.

* Depending on the kernel boot option chosen or set as default, lilo or grub will load that kernel .

2. Kernel Loading – Stage 3

* When the kernel is loaded, it immediately initializes and configures the computer's memory and configures the various hardware attached to the system, including all processors, I/O subsystems, and storage devices.

* It then looks for the compressed initrd image in a predetermined location in memory, decompresses it, mounts it, and loads all necessary drivers.

* Next, it initializes virtual devices related to the file system, such as LVM or software RAID before unmounting the initrd disk image and freeing up all the memory the disk image once occupied.

* The kernel then creates a root device, mounts the root partition readonly, and frees any unused memory.

* At this point, the kernel is loaded into memory and operational.

4. Final Stage - Init

* The first thing the kernel does after completing the boot process is to execute init program. * The /sbin/init program (also called init) coordinates the rest of the boot process and configures the environment for the user. *

Init is the root/parent of all processes executing on Linux which becomes process number 1. * When the init command starts, it becomes the parent or grandparent of all of the processes that start up automatically on a Red Hat Linux system. * Based on the appropriate run-level in the /etc/inittab file , scripts are executed to start various processes to run the system and make it functional.

6.3.2.2). The Init Program

* As seen in the previous section, the kernel will start a program called init or /sbin/init * The init process is the last step in the boot procedure and identified by process id "1". * The init command then runs the /etc/inittab script. * The first thing init runs out of the inittab is the script /etc/rc.d/rc.sysinit , which sets the environment path, starts swap, checks the file systems, and takes care of everything the system needs to have done at system initialization. * Next, init looks through /etc/inittab for the line with initdefault in the third field. The initdefault entry tells the system what run-level to enter initially. id:5:initdefault: ( 5 is the default runlevel)

* Depending on the run level, the init program starts all of the background processes by using scripts from the appropriate rc directory for the runlevel. o The rc directories are numbered to correspond to the runlevel they represent. o For instance, /etc/rc.d/rc5.d/ is the directory for runlevel 5. o

The scripts are found in the directory /etc/rc.d/rc#.d/ where the symbol # represents the run level. # ls /etc/rc.d/rc5.d/ ./ K70aep1000 S12syslog S80antirelayd S95cpanel ../ K70bcm5820 S17keytable S80chkservd S97rhnsd K05saslauthd K74nscd S20random S80exim S98portsentry K20nfs S05kudzu S25netfs S85httpd S99local@ K24irda S08iptables S28autofs S85postgresql S99nagios K25squid S09isdn S40proftpd S90crond K35winbind S10network S55sshd S90mysql K45named S11filelimits S56rawdevices S95anacron K50tux S11ipaliases S56xinetd S95bandmin

* Scripts beginning with S denote startup scripts while scripts beginning with K denote shutdown (kill) scripts. * Numbers follow these letters to denote the order of execution. (lowest to highest) * Adding a script to the /etc/rc.d/rc#.d/ directory with either an S or K prefix, adds the script to the boot or shutdown process o Hence these scripts are executed to start all the system services which starts at S for run level 5 in the example above. * One of the last things the init program executes is the /etc/rc.d/rc.local file. This file is useful for system customization. * Ading commands to this script is an easy way to perform necessary tasks like starting special services or initialize devices without writing complex initialization scripts in the /etc/rc.d/init.d/ directory and creating symbolic links. * Init typically will start multiple instances of "getty" which waits for console logins which spawn one's user shell process. *

Upon system shutdown init controls the sequence and processes for shutdown. The init process is never shut down. It is a user process and not a kernel system process although it does run as root.

The order in which the init program executes the initialization scripts is below: 1. /etc/inittab 2. /etc/rc.d/rc.sysinit 3. Scripts under /etc/rc.d/rc3.d/ - Note: we are running runlevel 3 here. 4. /etc/rc.d/rc.local 6.3.2.3). Runlevels

Linux utilizes what is called "runlevels". A runlevel is a software configuration of the system that allows only a selected group of processes to exist.

* Init can run the system in one of eight runlevels. These runlevels are 0-6 and S or s. The system runs in only one of these runlevels at a time. Typically these runlevels are used for different purposes. * Runlevels 0, 1, and 6 are reserved. For Redhat Linux version 6 and above , the runlevels are: Runlevels

State 0

Shutdown 1

Single User Mode 2

Multi user with no network services activated 3

Default text start. Full multi user .No GUI 4

Reserved for local use. With X-windows and multi user 5

XDM X-windows with network support. Full multi-user 6

Reboot S or s

Single User/Maintenance mode

The inittab file The "/etc/inittab" file tells init which runlevel to start the system at and describes the processes to be run at each runlevel.

An entry in the inittab file has the following format: id:runlevels:action:process * id - A unique sequence of 1-4 characters which identifies an entry in inittab. * runlevels - Lists the runlevels for which the specified action should be taken. This field may contain multiple characters for different runlevels allowing a particular process to run at multiple runlevels. For example, 123 specifies that the process should be started in runlevels 1, 2, and 3.

* process - Specifies the process to be executed * action - Describes which action should be taken. Some of the actions are listed below : o respawn - The process will be restarted whenever it terminates. o wait - The process will be started once when the specified runlevel is entered and init will wait for its termination. o boot - The process will be executed during system boot. The runlevels field is ignored. o off - This does nothing. o initdefault - Specifies the runlevel which should be entered after system boot. If none exists, init will ask for a runlevel on the console. The process field is ignored. o sysinit - The process will be executed during system boot. It will be executed before any boot or bootwait entries. The runlevels field is ignored. o powerwait - The process will be executed when init receives the SIGPWR signal. Init will wait for the process to finish before continuing. o powerfail - Same as powerwait but init does not wait for the process to complete. o ctrlaltdel - This process is executed when init receives the SIGINT signal. This means someone on the system console has pressed the "CTRL-ALT-DEL" key combination.

6.3.2.4). System Processes * The top 6 system processes with PIDs 1-6 are given below.

System Processes:

Process ID

Description 1

Init Process 2

kflushd(bdflush) : Started by update - does a more imperfect sync more frequently 3

kupdate : Does a sync every 30 seconds 4

kpiod 5

kswapd 6

mdrecoveryd

* Processes 2, 3, 4, 5 and 6 are kernel daemons. The kernel daemons are started after init, so they get process numbers like normal processes do. But their code and data lives in the kernel's part of the memory. So what are these kernel daemons for?

* Kflushd and Kupdate o Input and output is done via buffers in memory. This allows things to run faster and the data in the buffer are written to disk in larger more efficient chunks.

o The daemons kflushd and kupdate handle this work. o kupdate runs periodically (5 seconds) to check whether there are any dirty buffers. If there are, it gets kflushd to flush them to disk. * Kswap and Kpiod o System memory can be better managed by shifting unused parts of running programs out to the swap partition(s) of the hard disk. o Moving this data in and out of memory as needed is done by kpiod and kswapd. o Every second or so, kswapd wakes up to check out the memory situation, and if something on the disk is needed in memory, or there is not enough free memory, kpiod is called in.

* Mdrecoveryd * mdrecoveryd is part of the Multiple Devices package used for software RAID and combining multiple disks into one virtual disk Basically it is part of the kernel. * It can be removed from the kernel by deselecting it (CONFIG_BLK_DEV_MD) and recompiling the kernel.

* Some of the other system services are discussed below:

System Service

Description anacron

Run jobs which were scheduled for execution while computer was turned off. Catch up with system duties. arpwatch

Keeps track of IP address to MAC address pairings autofs

automounts file systems on demand. crond

Job scheduler for periodic tasks. gpm

Allows console terminal cut and paste. (Non X-window consoles) https

Apache web server iptables

Firewall rules interface to kernel. keytable

Loads selected keyboard map as set in /etc/sysconfig/keyboard kudzu

New hardware probe/detection during system boot. lpd

Network printer services mysqld

Database services named

name services (Bind)

network

Active network services during system boot. nfs

Network file system syslog

System log file facility ypbind

NIS file sharing/authentication infrastructure service. ypserv

NIS file sharing/authentication infrastructure service xfs

X-Windows font server

6.3.2.5). The Linux Login Process

After the system boots, at serial terminals or virtual terminals, the user will see a login prompt similar to: machinename login:

* This prompt is being generated by a program, usually getty or mingetty, which is regenerated by the init process every time a user ends a session on the console. * The getty program will call login, and login, if successful will call the users shell. The steps of the process are: o The init process spawns the getty process. o

The getty process invokes the login process when the user enters their name and passes the user name to login. o The login process prompts the user for a password, checks it, then if there is success, the user's shell is started. On failure the program displays an error message, ends and then init will respawn getty. o The user will run their session and eventually logout. On logout, the shell program exits and we return to step 1. o Note: This process is what happens for runlevel 3, but runlevel 5 uses some different programs to perform similar functions. These X programs are called X clients.

6.3.2.6). Single – User Mode

* If your system password is not working, you can use the single user mode to reset the root password. * If your system boots, but does not allow you to log in when it has completed booting, try single-user mode. In single-user mode, you computer boots to runlevel 1. Your local filesystems will be mounted, but your network will not be activated. You will have a usable system maintenance shell.

Booting to single-user mode in Grub * If you are using GRUB, use the following steps to boot into single-user mode: o If you have a GRUB password configured, type p and enter the password. o

Select Red Hat Linux with the version of the kernel that you wish to boot and type ‘e’ for edit. You will be presented with a list of items in the configuration file for the title you just selected. o Select the line that starts with kernel and type ‘e’ to edit the line. o Go to the end of the line and type single as a separate word (press the [Spacebar] and then type single). Press [Enter] to exit edit mode. o Back at the GRUB screen, type ‘b’ to boot into single user mode.

Booting to single-user mode in Lilo

* If you are using LILO, specify one of these options at the LILO boot prompt (if you are using the graphical LILO, you must press [Ctrl]-[x] to exit the graphical screen and go to the boot: prompt): * boot: linux single * boot: linux emergency

In emergency mode, you are booted into the most minimal environment possible. The root filesystem will be mounted read-only and almost nothing will be set up. The main advantage of emergency mode over linux single is that your init files are not loaded. If init is corrupted or not working, you can still mount filesystems to recover data that could be lost during a re-installation.

6.3.2.7). Shutting Down

To shut down Red Hat Linux, issue the shutdown command. The format of the command is $ shutdown time warning-message The time argument is the time to shut down the system (in the format hh:mm:ss), and warning-message is a message displayed on all user's terminals before shutdown.

Alternately, you can specify the time as “now'', to shut down immediately. The -r option may be given to shutdown to reboot the system after shutting down. /sbin/shutdown -h now /sbin/shutdown -r now

* You must run shutdown as root. After shutting everything down, the -h option will halt the machine, and the -r option will reboot. * Although the reboot and halt commands are now able to invoke shutdown if run while the system is in runlevels 1-5, it is a bad habit to get into, as not all Linux-like operating systems have this feature. $ reboot $ halt

* To shut down and reboot the system at 8:00 pm, use the command $ shutdown –r 20:00

6.3.3. Memory Management and Performance Monitoring

6.3.3.1). Virtual Memory / Swap Space

* Linux supports virtual memory, that is, using a disk as an extension of RAM so that the effective size of usable memory grows correspondingly. * The kernel will write the contents of a currently unused block of memory to the hard disk so that the memory can be used for another purpose. When the original contents are needed again, they are read back into memory. * This is all made completely transparent to the user; programs running under Linux only see the larger amount of memory available and don't notice that

parts of them reside on the disk from time to time. The part of the hard disk that is used as virtual memory is called the swap space. * For this purpose, the swap partition is created on the hard disk. * You can see the swap space as well as the current memory available and usage using the command ‘free’ $ free

6.3.3.2). Swapping In and Swapping Out

* Memory Page : One basic concept in the Linux implementation of virtual memory is the concept of a page. A page is a 4Kb area of memory and is the basic unit of memory with which both the kernel and the CPU deal. Although both can access individual bytes (or even bits), the amount of memory that is managed is usually in pages.

* When physical memory becomes scarce the Linux memory management subsystem must attempt to free physical pages. This task falls to the kernel swap daemon (kswapd). * The kernel swap daemon is a special type of process, a kernel thread. Kernel threads are processes that have no virtual memory, instead they run in kernel mode in the physical address space. * Swapping in is the process in which a page in the virtual memory is brought back into the physical memory by the kwapd daemon. * Swapping out is the process where a page is swapped out of physical memory into the system's swap files thereby freeing the physical memory on the system. 6.3.3.3). Commands which show the current memory usage

* free $ free $ free -m

* top $ top * Print the output of /proc/meminfo $ cat /proc/meminfo ( detailed output)

6.3.3.4). Creating a swap space

Criteria for a Swap file

* A swap file is an ordinary file; it is in no way special to the kernel. * The only thing that matters to the kernel is that it has no holes, and that it is prepared for use with mkswap. It must reside on a local disk, however; it can't reside in a filesystem that has been mounted over NFS due to implementation reasons. * The bit about holes is important. The swap file reserves the disk space so that the kernel can quickly swap out a page without having to go through all the things that are necessary when allocating a disk sector to a file. The kernel merely uses any sectors that have already been allocated to the file. Because a hole in a file means that there are no disk sectors allocated (for that place in the file), it is not good for the kernel to try to use them. * One good way to create the swap file without holes is through the following command ‘dd’: $ dd if=/dev/zero of=/extra-swap bs=1024 count=1024 o bs is for bytes and count is for blocks. o dd is for converting and copying a file. o of is to write to file instead of writing to standard output o

if is to read from file instead of from standard input o extra-swap is the name of the swap file and the size of is given after the count=.

Swap Partition

A swap can be created just like any other partition but it has to be of type 82 (Linux swap). Setting up Swap Space

* After you have created a swap file or a swap partition, you need to write a signature to its beginning; this contains some administrative information and is used by the kernel. The command to do this is mkswap, used like this: $ mkswap /extra-swap 1024 Setting up swapspace, size = 1044480 bytes

6.3.3.5). Using a Swap Space

Note that the swap space which is setup is still not in use yet: it exists, but the kernel does not use it to provide virtual memory.

* An initialized swap space is taken into use with ‘swapon’. This command tells the kernel that the swap space can be used. The path to the swap space is given as the argument, so to start swapping on a temporary swap file one might use the following command. $ swapon /extra-swap * Swap spaces can be used automatically by listing them in the /etc/fstab file. *

The startup scripts will run the command swapon -a, which will start swapping on all the swap spaces listed in /etc/fstab. Therefore, the swapon command is usually used only when extra swap is needed. $ swapon –a * You can get the swap info using free, ‘cat /proc/meminfo’ or top. * A swap space can be removed from use with swapoff. * All the swap spaces that are used automatically with swapon -a can be removed from use with swapoff -a; it looks at the file /etc/fstab to find what to remove.

6.3.3.6). Disk Buffering/ Buffer cache

Why Disk Buffering?

* Reading from a disk is very slow compared to accessing (real) memory. In addition, it is common to read the same part of a disk several times during relatively short periods of time. * For example, one might first read an e-mail message, then read the letter into an editor when replying to it, then make the mail program read it again when copying it to a folder. Or, consider how often the command ls might be run on a system with many users. * By reading the information from disk only once and then keeping it in memory until no longer needed, one can speed up all but the first read. This is called disk buffering, and the memory used for the purpose is called the buffer cache. * Because of this, you should never turn off the power without using a proper shutdown procedure. * The cache does not actually buffer files, but blocks, which are the smallest units of disk I/O (under Linux, they are usually 1 kB). * The sync command flushes the buffer, i.e., forces all unwritten data to be written to disk.

$ sync

Linux Daemon bdflush

* Linux has an additional daemon, bdflush, which does a more imperfect sync more frequently to avoid the sudden freeze due to heavy disk I/O that sync sometimes causes. * Under Linux, bdflush is started by /sbin/update. There is usually no reason to worry about it, but if bdflush happens to die for some reason, the kernel will warn about this, and you should start it by hand (/sbin/update).

6.3.3.7). Direct Memory Access or DMA

* Direct memory access or DMA is the generic term used to refer to a transfer protocol where a peripheral device transfers information directly to or from memory, without the system processor being required to perform the transaction. * Enabling DMA has high permformance benefits on the system processor. * Today DMA is the only feasible way to transfer data from the hard drive to memory as most of todays operating systems use multitasking and can better use the CPU for other tasks. * To enable dma, edit /etc/sysconfig/harddisks and uncomment USE_DMA=1. Setting this option will enable DMA on your hard disk. * Another option to enable DMA is using the commandline hdparm $ hdparm -d1 /dev/hda -------- to enable dma $ hdparm –d0 /dev/hda --------- to disable dma * To check if DMA is enabled, use the commandline below and it will say whether dma is set to on or off. $ hdparm /dev/hda

* hdparm is used to get and set harddrive parameters such as DMA modes, xfer settings and various other settings that can help improve the speed of your hard disks and cdroms. * hdparm provides a command line interface to various hard disk ioctls supported by the stock Linux ATA/IDE device driver subsystem. These settings are not enabled by default so you will probably want to enable them. * To get more info about your hda hard drive, use the option $ hdparm –i /dev/hda

A good reference url : http://www.yolinux.com/TUTORIALS/LinuxTutorialOptimization.html 6.3.3.8). Resource Monitoring Tools 1. free The free command displays system memory utilization. Here is an example of its output: $ free total used free shared buffers cached Mem: 255508 240268 15240 0 7592 86188 -/+ buffers/cache: 146488 109020 Swap: 530136 26268 503868

To get a continuous ouput of the free command , you may use $ watch -n 1 -d free The –n option will control the delay between updates and ‘-d’ will highlight any changes between updates.

2. top

While free displays only memory-related information, the top command does a little bit of everything. CPU utilization, process statistics, memory utilization — top does it all. $ top $ top –c

3. vmstat Using this resource monitor, it is possible to get an overview of process, memory, swap, I/O, system, and CPU activity in one line of numbers:

$ vmstat procs memory swap io system cpu r b w swpd free buff cache si so bi bo in cs us sy id 1 0 0 0 524684 155252 338068 0 0 1 6 111 114 10 3 87

The process-related fields are: * r — The number of runnable processes waiting for access to the CPU * b — The number of processes in an uninterruptible sleep state * w — The number of processes swapped out, but runnable.

The memory-related fields are: * swpd — The amount of virtual memory used * free — The amount of free memory * buff — The amount of memory used for buffers * cache — The amount of memory used as page cache.

The swap-related fields are: * si — The amount of memory swapped in from disk * so — The amount of memory swapped out to disk

The I/O-related fields are: * bi — Blocks sent to a block device * bo— Blocks received from a block device

The system-related fields are: * in — The number of interrupts per second * cs — The number of context switches per second

The CPU-related fields are: * us — The percentage of the time the CPU ran user-level code * sy — The percentage of the time the CPU ran system-level code * id — The percentage of the time the CPU was idle

4. ulimit * Ulimit control the resources available to a process started by the shell, on systems that allow such control by the kernel. *

To improve performance, we can safely set the limit of processes for the super-user root to be unlimited. * All processes which will be started from the shell (bash in many cases), will have the same resource limits. * The command "ulimit -a" reports the current limits set for the various parameters. $ ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited max locked memory (kbytes, -l) 4 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 7168 virtual memory (kbytes, -v) unlimited

* The options available with ulimit are given below: -a All current limits are reported. -c The maximum size of core files created. -d The maximum size of a process's data segment. -f The maximum size of files created by the shell. -H Change and report the hard limit associated with a resource. -l The maximum size that may be locked into memory. -m The maximum resident set size.

-n The maximum number of open file descriptors. -p The pipe buffer size. -s The maximum stack size. -S Change and report the soft limit associated with a resource. -t The maximum amount of cpu time in seconds. -u The maximum number of processes available to a single user. -v The maximum amount of virtual memory available to the process * To increase the ulimit value for the maximum no of open file descriptors on the system to 2048 for the root account, use the commandline below from the root shell. $ ulimit –n 2048 * To increase the maximum no of processes available to the root user to unlimited , use the commandline below $ ulimit –u unlimited 6.3.4. Disk Management Tools 6.3.4.1). Listing a Disk's Free Space

* To see how much free space is left on a disk, use df. Without any options, df outputs a list of all mounted filesystems. * Six columns are output, displaying information about each disk: the name of its device file in `/dev'; the number of 1024-byte blocks the system uses; the number of blocks in use; the number of blocks available; the percent of the device used; and the name of the directory tree the device is mounted on.

$ df Filesystem 1024-blocks Used Available Capacity Mounted on /dev/hda1 195167 43405 141684 23% / /dev/hda2 2783807 688916 1950949 26% /usr /dev/hdb1 2039559 1675652 258472 87% /home/carma

* The ‘-h’ option will display in human readable format .eg: size in Kb, Mb etc.

$ df -h Filesystem Size Used Avail Use% Mounted on /dev/hda2 37G 12G 23G 34% / /dev/hda1 99M 18M 77M 19% /boot /usr/tmpDSK 243M 4.1M 226M 2% /tmp

6.3.4.2). Listing a File's Disk Usage Use du to list the amount of space on disk used by files. To specify a particular file name or directory tree, give it as an argument. With no arguments, du works on the current directory. $ du $ du –h /usr $ du –h –max-depth=1 : will print the total disk space used by subdirectories to just one level down the directory structure. $ du –sh : Calculates the total file space usage for a given directory

6.3.4.3). Partitioning a Hard Drive

‘fdisk’ is the partition table manipulator for Linux and is a menu driven program for creation and manipulation of partition tables. It even understands DOS type partition tables.

Creating Partitions using ‘fdisk’ You may use fdisk to partition /dev/hdb using the steps given below:

$ fdisk /dev/hdb Command (m for help): m (Enter the letter "m" to get list of commands)

Command action a toggle a bootable flag b edit bsd disklabel c toggle the dos compatibility flag d delete a partition l list known partition types m print this menu n add a new partition o create a new empty DOS partition table p print the partition table q quit without saving changes s create a new empty Sun disklabel t change a partition's system id u change display/entry units v verify the partition table w write table to disk and exit x extra functionality (experts only)

Command (m for help): n (To add a new partition ) Command action e extended p primary partition (1-4) Partition number (1-4): 1 First cylinder (1-2654, default 1): 1 Using default value 1 Last cylinder or +size or +sizeM or +sizeK (1-2654, default 2654): Using default value 2654

Command (m for help): p

Disk /dev/hdb: 240 heads, 63 sectors, 2654 cylinders Units = cylinders of 15120 * 512 bytes

Device Boot Start End Blocks Id System /dev/hdb1 1 2654 20064208+ 5 Extended

Command (m for help): w (Write and save partition table)

Other options with fdisk

* List the current partition table $ fdisk –l * Delete a partition.Give fdisk and then choose the ‘d’ option. $ fdisk /dev/hda and d and give the partition no: to be deleted. * $ sfdisk and cfdisk commands also do the same task as fdisk. 6.3.5. File System Management 6.3.5.1). Creating a filesystem The mkfs is used to create a Linux filesystem on a device. The exit code returned by mkfs is 0 on success and 1 on failure.It can also be used for checking bad blocks before building the file system.

$ mkfs -t ext3 /dev/

* There are also some related commands that can be used with mkfs.

Examples of mkfs commands are: FileSystem Command EXT2 FS mkfs.ext2 , mke2fs EXT3 FS mkfs.ext3 Minix FS mkfs.minix DOS (FAT) FS mkfs.msdos , mkdosfs Virtual FAT FS mkfs.vfat XFS mkfs.xfs * mkfs.ext2 , mke2fs will make an ext2 type file system. $ mkfs.ext2 /dev/hda1 $ mkfs -t ext3 /dev/hda1 6.3.5.2). Mounting/Unmounting File Systems, fstab & mtab

Viewing the currently mounted file systems * The command ‘mount’ displays all mounted devices, their mountpoint, filesystem, and access. $ mount

* cat /proc/mounts will show all mounted filesystems currently in use. $ cat /proc/mounts

* cat /proc/filesystems will display all filesystems currently in use. $ cat /proc/filesystems

Mounting File Systems

* On Linux systems, disks are used by mounting them to a directory, which makes the contents of the the disk available at that given directory mount point. * Disks can be mounted on any directory on the system, but any divisions between disks are transparent -- so a system which has, aside from the root filesystem disk mounted on `/', separate physical partitions for the `/home', `/usr', and `/usr/local' directory trees will look and feel no different from the system that only has one physical partition. * The mount command is used to mount a file system on a partition. The syntax for it is given below. $ mount -t ext3 /dev/hdb1 /home2 You need to make sure that you have first created the mount point. For eg: in our above example when you are mounting /home2 on /dev/hdb1, you have to first create the directory /home2. * To mount a cdrom or floppy, you may use the syntax below. $ mount /mnt/cdrom $ mount /mnt/floppy $ mount –a : command causes all file systems mentioned in /etc/fstab to be mounted as indicated, except for those whose line contains the noauto keyword

The fstab and mtab files

* fstab is a configuration file that contains information of all the partitions and storage devices in your computer. The file is located under /etc, so the full path to this file is /etc/fstab. * /etc/fstab contains information of where your partitions and storage devices should be mounted and how.This file is used by the boot process to mount the file systems on your linux machine. * So, you can usually fix your mounting problems by editing your fstab file. /etc/fstab is just a plain text file, so you can open and edit it with any text editor you're familiar with.

Overview of the file A sample /etc/fstab file is given below:

/dev/hda2 / ext2 defaults 1 1 /dev/hdb1 /home ext2 defaults 1 2 /dev/fd0 /media/floppy auto rw,noauto,user,sync 0 0 proc /proc proc defaults 0 0 /dev/hda1 swap swap pri=42 0 0

* You can note that every line (or row) contains the information of one device or partition * The 1st and 2nd columns give the device and its default mount point. * The line ‘/dev/hda2 / ext2 defaults 1 1’ mean that /dev/hda2 will be mounted to /. * The third column in /etc/fstab specifies the filesystem type of the device or partition. Like Ext3, ReiserFS is a journaled filesystem, but it's much more advanced than Ext3. Many Linux distros (including SuSE) have started using ReiserFS as their default filesystem for Linux partitions. * The option "auto" simply means that the filesystem type is detected automatically. * The fourth column in fstab lists all the mount options for the device or partition. o auto and noauto : With the auto option, the device will be mounted automatically . auto is the default option. If you don't want the device to be mounted automatically, use the noauto option in /etc/fstab. With noauto, the device can be mounted only explicitly. o user and nouser : The user option allows normal users to mount the device, whereas nouser lets only the root to mount the device. nouser is the default.

o exec and noexec: exec lets you execute binaries that are on that partition, whereas noexec doesn't let you do that.exec is the default option, which is a good thing. o ro : Mount the filesystem read-only. o rw : Mount the filesystem read-write o sync and async : How the input and output to the filesystem should be done. sync means it's done synchronously. However, if you have the async option in /etc/fstab, input and output is done asynchronously. async is the default. o noquota : Do not set user quotas on this partition. o nosuid : Do not set SUID/SGID access on this partition. o nodev : Do not set character or special devices access on this partition. o defaults : Uses the default options that are rw, suid, dev, exec, auto, nouser, and async. * The 5th column in /etc/fstab is the dump option. Dump checks it and uses the number to decide if a filesystem should be backed up. If it's zero, dump will ignore that filesystem. If you take a look at the example fstab, you'll notice that the 5th column is zero in most cases. * The 6th column is a fsck option. fsck looks at the number in the 6th column to determine in which order the filesystems should be checked. If it's zero, fsck won't check the filesystem.

The /etc/mtab file The mtab file tracks mounted filesystems and therefore its contents change from time to time . A Sample /etc/mtab file is given below. $ cat /etc/mtab /dev/hda3 / ext3 rw 0 0

none /proc proc rw 0 0 none /dev/pts devpts rw,gid=5,mode=620 0 0 /dev/hda2 /boot ext3 rw 0 0 none /dev/shm tmpfs rw 0 0 /dev/hda6 /windows vfat rw 0 0 /dev/hdc1 /backup ext3 rw 0 0

Unmounting file systems

The umount command detaches the file system(s) mentioned from the file system hierarchy. A file system can be specified by giving the directory where it has been mounted.

* To unmount the floppy that is mounted on `/floppy', type: $ umount /floppy * To unmount the disc in the CD-ROM drive mounted on `/cdrom', type: $ umount /cdrom * To unmount /home2 mounted on /dev/hdb1 , you may give $ umount /home2 or $ umount /dev/hdb1

6.3.5.3). Checking File System Integrity

A filesystem's correctness and validity can be checked using the fsck command. It can be instructed to repair any minor problems it finds, and to alert the user if there any unrepairable problems.

* Most systems are setup to run fsck automatically at boot time, so that any errors are detected (and hopefully corrected) before the system is used. * The automatic checking only works for the filesystems that are mounted automatically at boot time. * fsck must only be run on unmounted filesystems, never on mounted filesystems. This is because it accesses the raw disk, and can therefore modify the filesystem without the operating system realizing it.

Running fsck * To run fsck on /dev/hda1 , use the command line below. $ fsck /dev/hda1 $ fsck -t type device Eg: $ fsck -t ext2 /dev/hda3 * To check a Linux second extended file system as well as ext3, you may use fsck.e2fs or e2fsck. $ e2fsck -t ext2 /dev/hda3 $ e2fsck –f –t ext2 /dev/hda3 : Force checking even if the filesystem seems clean. * To automatically repair the file system without asking any options, give $ e2fsck –p /dev/hda1

* E2fsck with the –c option will run the badblocks program to find any blocks which are bad on the filesystem, and then marks them as bad by adding them to the bad block inode. $ e2fsck –c /dev/hda1

Other File System Check Commands

* badblocks : is used to check a filesystem for bad blocks. You can call it to scan for bad blocks and write a log of bad sectors by using the -o outputfile option. When called from e2fsck by using the -c option, the bad blocks that are found will automatically be marked bad $ badblocks /dev/hda1 1440 > bad-blocks The ‘-l’ option is used to add the block numbers listed in the file specified by filename to the list of bad blocks. The format of this file is the same as the one generated by the badblocks program. $ fsck -t ext2 -l bad-blocks /dev/hda1

* tune2fs : is used to “tune†a filesystem. This is mostly used to set filesystem check options, such as the maximum mount count and the time between filesystem checks. The mount count is used to 'stagger' the mount counts of the different filesystems, which ensures that at reboot not all filesystems will be checked at the same time. $ tune2fs –l /dev/hda1 : will list the contents of the filesystem super block

* dumpe2fs : prints the super block and blocks group information for the filesystem present on device. $ dumpe2fs /dev/hda1

* stat : display information about the file or file system status like the inode no, blocks, type of file etc. $ stat /root/testfile 6.3.6. Disk Quota Management

* In addition to monitoring the disk space used on a system, disk space can be restricted by implementing disk quotas so that the system administrator is alerted before a user consumes too much disk space or a partition becomes full.

*

Disk quotas can be configured for individual users as well as user groups.

* In addition, quotas can be set not just to control the number of disk blocks consumed but to control the number of inodes. Because inodes are used to contain file-related information, this allows control over the number of files that can be created.

* The quota RPM must be installed to implement disk quotas.The default Linux Kernel which comes with Redhat and Fedora Core comes with quota support compiled in.

6.3.6.1). Configuring and Implementing Disk Quotas on Partitions

To implement disk quotas, use the following steps: 1. Enable quotas per file system by modifying /etc/fstab 2. Remount the file system(s) 3. Create the quota files and generate the disk usage table 4. Assign quotas

1. Enabling Quotas * Add the usrquota and/or grpquota options to the file systems that require quotas inside the /etc/fstab file. * In the /etc/fstab entries below, only the /home file system has user and group quotas enabled.

LABEL=/ / ext3 defaults 1 1 LABEL=/boot /boot ext3 defaults 1 2

none /dev/pts devpts gid=5,mode=620 0 0 LABEL=/home /home ext3 defaults,usrquota,grpquota 1 2 none /proc proc defaults 0 0 none /dev/shm tmpfs defaults 0 0 /dev/hda2 swap swap defaults 0 0 2. Remounting the File Systems * After adding the userquota and grpquota options, remount each file system whose fstab entry has been modified. $ umount /home $ mount –a * If the file system is not in use by any process, use the umount command followed by the mount to remount the file system. * If the file system is currently in use, the easiest method for remounting the file system is to reboot the system. 3. Creating Quota Files

* After each quota-enabled file system is remounted, the system is now capable of working with disk quotas. * However, the file system itself is not yet ready to support quotas. The next step is to run the quotacheck command. * The quotacheck command examines quota-enabled file systems and builds a table of the current disk usage per file system. * The table is then used to update the operating system's copy of disk usage. In addition, the file system's disk quota files are updated. * To create the quota files (aquota.user and aquota.group) on the file system, use the -c option of the quotacheck command. *

For example, if user and group quotas are enabled for the /home partition, create the quota files in the /home directory: $ quotacheck -cug /home o a — Check all quota-enabled, locally-mounted file systems in /etc/mtab. o c –- Create Quota files for each file system with quotas enabled. o u -- Check user disk quota o g -- Check group disk quota information o If neither the -u or -g options are specified, only the user quota file is created. If only -g is specified, only the group quota file is created. * After the files are created, run the following command to generate the table of current disk usage per file system with quotas enabled: $ quotacheck –avug o v -- Display verbose status information as the quota check proceeds * After quotacheck has finished running, the quota files corresponding to the enabled quotas (user or group) are populated with data for each quotaenabled file system such as /home. 4. Assigning Quotas per User * The last step is assigning the disk quotas with the edquota command. To configure the quota for a user, as root in a shell prompt, execute the command: $ edquota username * For example, if a quota is enabled in /etc/fstab for the /home partition (/dev/hda3) and the command edquota testuser is executed, the following is shown in the editor configured as the default for the system: Disk quotas for user testuser (uid 501): Filesystem blocks soft hard inodes soft hard

/dev/hda3 440436 0 0 37418 0 0

* The first column is the name of the file system that has a quota enabled for it. * The second column shows how many blocks the user is currently using. * The next two columns are used to set soft and hard block limits for the user on the file system. * The inodes column shows how many inodes the user is currently using. * The last two columns are used to set the soft and hard inode limits for the user on the file system. * A hard limit is the absolute maximum amount of disk space that a user or group can use. Once this limit is reached, no further disk space can be used. * The soft limit defines the maximum amount of disk space that can be used. However, unlike the hard limit, the soft limit can be exceeded for a certain amount of time. That time is known as the grace period. The grace period can be expressed in seconds, minutes, hours, days, weeks, or months. * To verify or view the quota for the user which has been set, use the command: $ quota testuser

5. Assigning Quotas per Group * Quotas can also be assigned on a per-group basis. * For example, to set a group quota for the devel group, use the command (the group must exist prior to setting the group quota): $ edquota -g devel 6. Assigning Quotas per File System *

To assign quotas based on each file system enabled for quotas, use the command: $ edquota –t * Like the other edquota commands, this one opens the current quotas for the file system in the text editor: The block grace period or inode grace period can be changed here. Grace period before enforcing soft limits for users: Time units may be: days, hours, minutes, or seconds Filesystem Block grace period Inode grace period /dev/hda3 7days 7days

6.3.6.2). Managing Disk Quotas

1. Reporting on Disk Quotas

* Creating a disk usage report entails running the repquota utility.

* For example, the command repquota /home produces this output:

$ repquota /home *** Report for user quotas on device /dev/hda3 Block grace time: 7days; Inode grace time: 7days Block limits File limits User used soft hard grace used soft hard grace ---------------------------------------------------------------------root -- 36 0 0 4 0 0 tfox -- 540 0 0 125 0 0 testuser -- 440400 500000 550000 37418 0 0

* To view the disk usage report for all quota-enabled file systems, use the command: $ repquota –a 2. Enabling and Disabling Quotas * It is possible to disable quotas without setting them to be 0. To turn all user and group quotas off, use the following command:

$ quotaoff

* To enable user and group quotas for all file systems:

$ quotaon

* To enable quotas for a specific file system, such as /home:

$ quotaon -vug /home

6.3.7. RAID Setup This is what you need for any of the RAID levels: * Kernel support for RAID * The “raidtoolsâ€

package

Some of the terms to be familiar with to understand the Raid configuration file /etc/raidtab is given below:

1. Chunk Size *

You can never write completely parallel to a set of disks. If you have two disks and wanted to write a byte, you would have to write four bits on each disk, actually, every second bit would go to disk 0 and the others to disk 1. Hardware just doesn't support that. * Instead, we choose some chunk-size, which we define as the smallest "atomic" mass of data that can be written to the devices. * A write of 16 kB with a chunk size of 4 kB, will cause the first and the third 4 kB chunks to be written to the first disk, and the second and fourth chunks to be written to the second disk, in the RAID-0 case with two disks. * Chunk sizes must be specified for all RAID levels, including linear mode. However, the chunk-size does not make any difference for linear mode. * The argument to the chunk-size option in /etc/raidtab specifies the chunk size in kilobytes. So "4" means "4 kB".

2. Persistent Superblock

* When an array is initialized with the persistent-superblock option in the /etc/raidtab file, a special superblock is written in the beginning of all disks participating in the array. * This allows the kernel to read the configuration of RAID devices directly from the disks involved, instead of reading from some configuration file that may not be available at all times. * This is essential if you want to boot from a raid. * The persistent superblock is mandatory if you want auto-detection of your RAID devices upon system boot.

6.3.7.1). Linear Raid Setup

1. Create two or more partitions which are not necessarily the same size, which you want to append to each other. 2. Setup the raid configuration file : Set up the /etc/raidtab file to describe your setup and for two disks - /dev/hda6 and /dev/hdb5, it can look like this.

raiddev /dev/md0 raid-level linear nr-raid-disks 2 chunk-size 32 persistent-superblock 1 device /dev/hda6 raid-disk 0 device /dev/hdb5 raid-disk 1

* To add another device to the RAID, increment the nr-raid-disks parameter and add another set of device and raid-disk parameter. * The persistent-superblock option has to be switched on (set to 1) to enable the system to auto-detect the raid device after a reboot. * The chunk-size option is meaningless for a linear RAID configuration so this can have any value. 3. Initialize the Raid device : Now create the raid device using the commandline below . This will initialize your array, write the persistent superblocks, and start the array. $ mkraid /dev/md0

4. To check the status of the new raid device , output the file /proc/mdstat. You should see that the array is running. $ cat /proc/mdstat Personalities : [linear] read_ahead 1024 sectors

md0 : active linear hdb7[1] hda7[0] 47664640 blocks 32k rounding unused devices: <none>

5. Create a filesystem : A RAID device does not rely on having a particular type of filesystem. To create an ext3 filesystem on the new RAID device use the mkfs command: $ mkfs –t ext3 /dev/md0 6. Mount the RAID partition : Mount the RAID device as follows: $ mount –t ext3 /raid /dev/md0 7. Add a new entry to /etc/fstab for the RAID device as follows so that it automatically gets mounted on reboot : /dev/md0 /raid ext3 defaults 1 2 8. When you have your RAID device running, you can always stop it or re-start it using the comandlines below $ raidstop /dev/md0 or $ raidstart /dev/md0 6.3.7.2). RAID-0 Setup 1. Create two devices of approximately same size, so that you can combine their storage capacity and also combine their performance by accessing them in parallel.

2. Setup the Raid Configuration file - Set up the /etc/raidtab file to describe the configuration. An example raidtab looks like below:

raiddev /dev/md0

raid-level 0 nr-raid-disks 2 chunk-size 4 persistent-superblock 1 device /dev/hda6 raid-disk 0 device /dev/hdb5 raid-disk 1

* RAID-0 has no redundancy, so when a disk dies, the array goes with it.

Repeat steps 3 through 7 to initialize the raid device and mount it. 6.3.7.3). RAID-1 Setup 1. Create two devices of approximately same size, so that they can be mirrors of each other. 2. Setup the Raid Configuration file - Set up the /etc/raidtab file to describe the configuration. An example raidtab looks like below:

raiddev /dev/md0 raid-level 1 nr-raid-disks 2 nr-spare-disks 0 persistent-superblock 1 device /dev/hda6 raid-disk 0 device /dev/hdb5 raid-disk 1

* If you have more devices, which you want to keep as stand-by spare-disks, that will automatically become a part of the mirror if one of the active devices break.Remember to set the nr-spare-disks entry correspondingly. * If you have spare disks, you can add them to the end of the device specification like device /dev/hdc5 spare-disk 0 3. Now we're all set to start initializing the RAID. Repeat steps 3 through 7 to initialize the raid device and mount it.

6.3.7.4). RAID-5 Setup 1. Create two or more devices of approximately same size, so that they can be combined into a larger device, but still maintain a degree of redundancy for data safety. Eventually you have a number of devices to use as spare-disks, that will not take part in the array before another device fails. 2. Setup the Raid Configuration file - Set up the /etc/raidtab file to describe the Raid – 5 configuration. An example raidtab looks like below:

raiddev /dev/md0 raid-level 5 nr-raid-disks 4 nr-spare-disks 0 persistent-superblock 1 parity-algorithm left-symmetric chunk-size 32 device /dev/hda3 raid-disk 0 device /dev/hdb1 raid-disk 1

device /dev/hdc1 raid-disk 2 device /dev/hdd1 raid-disk 3

3. Now we're all set to start initializing the RAID. Repeat steps 3 through 7 to initialize the raid device and mount it. 7. NETWORKING AND NETWORK SERVICES 7.1. Networking Overview 7.1.1. OSI Reference Model

The OSI Reference model defines seven layers that describe how applications running upon network-aware devices may communicate with each other. The model is generic and applies to all network types, not just TCP/ IP, and all media types, not just Ethernet. OSI was a working group within the ISO and thereby OSI model is sometimes referred to as ISO Model by some folks.

OSI is a seven layer model where traditionally, layer diagrams are drawn with Layer 1 at the bottom and Layer 7 at the top.

Layer 1 of the 7 layer Model is the Physical Layer and defines the physical and electrical characteristics of the network. * The NIC cards in your PC and the interfaces on your routers all run at this level since, eventually, they have to pass strings of ones and zeros down the wire.

Layer 2 is known as the Data Link Layer. It defines the access strategy for sharing the physical medium, including data link and media access issues. Protocols such as PPP, SLIP and HDLC live here.

*

Devices which depend on this level includes bridges and switches, which learn which segment's devices are on by learning the MAC addresses of devices attached to various ports. * This is how bridges are eventually able to segment off a large network, only forwarding packets between ports if two devices on separate segments need to communicate. * Switches quickly learn a topology map of the network, and can thus switch packets between communicating devices very quickly. It is for this reason that migrating a device between different switch ports can cause the device to lose network connectivity for a while, until the switch, or bridge, re-ARPs.

Layer 3 is the Network Layer, providing a means for communicating open systems to establish, maintain and terminate network connections. The IP protocol lives at this layer, and so do some routing protocols. * All the routers in your network are operating at this layer

Layer 4 is the Transport Layer, and is where TCP lives. The standard says that "The Transport Layer relieves the Session Layer [Layer 5] of the burden of ensuring data reliability and integrity". * It is for this reason that people are becoming very excited about the new Layer 4 switching technology. Before these devices became available, only software operated at this layer. * Hopefully, you will now also understand why TCP/ IP is uttered in one breath. TCP over IP, since Layer 4 is above (over) Layer 3. * It is at this layer that, should a packet fail to arrive (perhaps due to misrouting, or because it was dropped by a busy router), it will be retransmitted, when the sending party fails to receive an acknowledgement from the device with which it is communicating. * The more powerful routing protocols also operate here. OSPF and BGP, for example, are implemented as protocols directly over IP.

Layer 5 is the Session Layer. It provides for two communicating presentation entities to exchange data with each other. *

The Session Layer is very important in the E-commerce field since, once a user starts buying items and filling their "shopping basket" on a Web server, it is very important that they are not load-balanced across different servers in a server pool. * This is why, clever as Layer 4 switching is, these devices still operate software to look further up the layer model. They are required to understand when a session is taking place, and not to interfere with it.

Layer 6 is the Presentation Layer. This is where application data is either packed or unpacked, ready for use by the running application. * Protocol conversions, encryption/ decryption and graphics expansion all takes place here. Layer 7 is the Application Layer. This is where you find your end-user and endapplication protocols, such as telnet, ftp, and mail (pop3 and smtp). 7.1.2. TCP/IP Networks

* TCP/ IP stands for Transmission Control Protocol/ Internet Protocol. * TCP/IP traces its origin to a research project funded by the United States DARPA (Defense Advanced Research Projects Agency) in 1969. This was an experimental network, the ARPANET, which was converted into an operational one in 1975, after it had proven to be a success. * When ARPANET finally grew into the Internet, the use of TCP/IP had spread to networks beyond the Internet itself. * In 1983, the new protocol suite TCP/IP was adopted as a standard, and all hosts on the network were required to use it. * TCP/IP is the protocol used in remote logins, NFS etc. * Because TCP/IP is so widely supported, it is ideal for uniting different hardware and software, even if you don't communicate over the Internet. * A globally unique addressing scheme allows any TCP/IP device to address any other device in the entire network, even if the network is as large as the world-wide Internet. *

TCP/IP attempts to create a heterogeneous network with open protocols that are independent of operating system and architectural difference.

7.1.2.1). Layers in the TCP/IP Protocol Architecture

For more info about the protocol architecture, refer to the url below: http://www.citap.com/documents/tcp-ip/tcpip012.htm

7.1.3. LAN Network 7.1.3.1). Area Networks

For historical reasons, the industry refers to nearly every type of network as an "area network." The most commonly-discussed categories of computer networks include the following –

* Local Area Network (LAN) * Wide Area Network (WAN) * Metropolitan Area Network (MAN) * Storage Area Network (SAN) * System Area Network (SAN) * Server Area Network (SAN) * Small Area Network (SAN) * Personal Area Network (PAN) * Desk Area Network (DAN) * Controller Area Network (CAN) *

Cluster Area Network (CAN)

The concept of "area" made good sense at this time, because a key distinction between a LAN and a WAN involves the physical distance that the network spans. A third category, the MAN, also fit into this scheme as it too is centered on a distance-based concept. As technology improved, new types of networks appeared on the scene. These, too, became known as various types of "area networks" for consistency's sake, although distance no longer proved a useful differentiator. 7.1.3.2). LAN Basics

* A LAN connects network devices over a relatively short distance. A networked office building, school, or home usually contains a single LAN, though sometimes one building will contain a few small LANs, and occasionally a LAN will span a group of nearby buildings. * In IP networking, one can conceive of a LAN as a single IP subnet (though this is not necessarily true in practice). * Besides operating in a limited space, LANs include several other distinctive features. LANs are typically owned, controlled, and managed by a single person or organization. * They also use certain specific connectivity technologies, primarily Ethernet and Token Ring. Three most commonly used LAN Implementations Are :

7.1.3.3). LAN Protocols and the OSI Reference Model

* LAN protocols function at the lowest two layers of the OSI reference model, between the physical layer and the data link layer. * Figure below illustrates how several popular LAN protocols map to the OSI reference model.

7.1.3.4). LAN Media-Access Methods

* Media contention occurs when two or more network devices have data to send at the same time. * Because multiple devices cannot talk on the network simultaneously, some type of method must be used to allow one device access to the network media at a time. This is done in two main ways: carrier sense multiple access collision detect (CSMA/CD) and token passing.

Carrier Sense Multiple Access/Collision Detection (CSMA/CD) N/w

* In networks using CSMA/CD technology such as Ethernet, network devices contend for the network media. * When a device has data to send, it first listens to see if any other device is currently using the network. If not, it starts sending its data. * After finishing its transmission, it listens again to see if a collision occurred. * A collision occurs when two devices send data simultaneously. When a collision happens, each device waits a random length of time before resending its data. In most cases, a collision will not occur again between the two devices then. * Because of this type of network contention, the busier a network becomes, the more collisions occur. This is why performance of Ethernet degrades rapidly as the number of devices on a single network increases. * For CSMA/CD networks, switches segment the network into multiple collision domains. This reduces the number of devices per network segment that must contend for the media. * By creating smaller collision domains, the performance of a network can be increased significantly without requiring addressing changes.

Token Passing N/W

* In token-passing networks such as Token Ring and FDDI, a special network frame called a token is passed around the network from device to device. * When a device has data to send, it must wait until it has the token and then sends its data. * When the data transmission is complete, the token is released so that other devices may use the network media. * The main advantage of token-passing networks is that they are deterministic. In other words, it is easy to calculate the maximum time that will pass before a device has the opportunity to send data. * This explains the popularity of token-passing networks in some real-time environments such as factories, where machinery must be capable of communicating at a determinable interval.

Full Duplex and Half Duplex

* Normally CSMA/CD networks are half-duplex, meaning that while a device sends information, it cannot receive at the time. While that device is talking, it is incapable of also listening for other traffic. * This is much like a walkie-talkie. When one person wants to talk, he presses the transmit button and begins speaking. While he is talking, no one else on the same frequency can talk. * When the sending person is finished, he releases the transmit button and the frequency is available to others.

* When switches are introduced, full-duplex operation is possible. Fullduplex works much like a telephone—you can listen as well as talk at the same time.

* When a network device is attached directly to the port of a network switch, the two devices may be capable of operating in full-duplex mode.

* However, full-duplex operation does increase the throughput of most applications because the network media is no longer shared. Two devices on a full-duplex connection can send data as soon as it is ready.

* Token-passing networks such as Token Ring can also benefit from network switches. In large networks, the delay between turns to transmit may be significant because the token is passed around a larger network. 7.1.3.5). LAN Transmission Methods

* LAN data transmissions fall into three classifications: unicast, multicast, and broadcast. * In each type of transmission, a single packet is sent to one or more nodes. * In a unicast transmission, a single packet is sent from the source to a destination on a network. First, the source node addresses the packet by using the address of the destination node. The package is then sent onto the network, and finally, the network passes the packet to its destination. * A multicast transmission consists of a single data packet that is copied and sent to a specific subset of nodes on the network. First, the source node addresses the packet by using a multicast address. The packet is then sent into the network, which makes copies of the packet and sends a copy to each node that is part of the multicast address. * A broadcast transmission consists of a single data packet that is copied and sent to all nodes on the network. In these types of transmissions, the source node addresses the packet by using the broadcast address. The packet is then sent on to the network, which makes copies of the packet and sends a copy to every node on the network.

7.1.3.6). LAN Topologies

* LAN topologies define the manner in which network devices are organized. * Four common LAN topologies exist: bus, ring, star, and tree. * These topologies are logical architectures, but the actual devices need not be physically organized in these configurations. * Logical bus and ring topologies, for example, are commonly organized physically as a star. * A bus topology is a linear LAN architecture in which transmissions from network stations propagate the length of the medium and are received by all other stations. o Of the three most widely used LAN implementations, Ethernet/IEEE 802.3 networks—including 100BaseT—implement a bus topology, which is illustrated. * A ring topology is a LAN architecture that consists of a series of devices connected to one another by unidirectional transmission links to form a single closed loop. o Both Token Ring/IEEE 802.5 and FDDI networks implement a ring topology. Figure depicts a logical ring topology.

* A star topology is a LAN architecture in which the endpoints on a network are connected to a common central hub, or switch, by dedicated links. Logical bus and ring topologies are often implemented physically in a star topology. A star topology which is illustrated in figure.

* A tree topology is a LAN architecture that is identical to the bus topology, except that branches with multiple nodes are possible in this case. Figure illustrates a logical tree topology.

7.1.3.7). LAN Devices

* Devices commonly used in LANs include repeaters, hubs, LAN extenders, bridges, LAN switches, and routers.

Repeater

* A repeater is a physical layer device used to interconnect the media segments of an extended network. * A repeater essentially enables a series of cable segments to be treated as a single cable. * Repeaters receive signals from one network segment and amplify, retime, and retransmit those signals to another network segment. * These actions prevent signal deterioration caused by long cable lengths and large numbers of connected devices. * Repeaters are incapable of performing complex filtering and other traffic processing. * In addition, all electrical signals, including electrical disturbances and other errors, are repeated and amplified. The total number of repeaters and network segments that can be connected is limited due to timing and other issues. Figure 2-6 illustrates a repeater connecting two network segments. Hub * A hub is a physical layer device that connects multiple user stations, each via a dedicated cable. A typical hub is a multi-port repeater. * Electrical interconnections are established inside the hub. *

Hubs are used to create a physical star network while maintaining the logical bus or ring configuration of the LAN. In some respects, a hub functions as a multiport repeater. * Hubs and repeaters work at the first layer of the OSI model, also known as the Physical layer. Bridges * Bridges are introduced as devices which connect LANs at the MAC layer. * The purpose of bridges is to allow hosts attached to different LANs to communicate as if they were located on the same LAN. * In contrast to repeaters/hubs , that act at the physical layer and allow all traffic to cross LAN segments, bridges are more intelligent and limit the traffic to the section of the network on which it is relevant. * Brides posses work at the second layer of the OSI model, known as the data-link layer. * Since a bridge examines the packet to record the sender and lookup the recipient, there is overhead in sending a packet through a bridge.

Switches * This is a device with multiple ports which forwards packets from one port to another. A switch is essentially a multi-port bridge. * The behavior of a switch is exactly the same as a bridge, record sender port, look up the recipient, and forward based on the recipient’s port. * The difference is that most switches implement these functions in hardware using a dedicated processor. This makes them much faster than traditional software based bridges.

Router

*

The basic function of the router is to route the traffic from one network to another network efficiently. It provide intelligent redundancy and security required to select the optimum path. Usually routers are used for connecting remote networks. * A router works at the next layer, layer 3 (Network) of the OSI model. * The router uses network addresses (IP Addresses) to determine how to forward a packet. * Routers also offer more advanced filtering options, along with features designed to improve redundancy.

LAN Extender * A LAN extender is a remote-access multilayer switch that connects to a host router. * LAN extenders forward traffic from all the standard network layer protocols and filter traffic based on the MAC address or network layer protocol type. * LAN extenders scale well because the host router filters out unwanted broadcasts and multicasts. However, LAN extenders are not capable of segmenting traffic or creating security firewalls. * Figure illustrates multiple LAN extenders connected to the host router through a WAN. 7.1.4. WAN Basics

* As the term implies, a wide-area network spans a large physical distance. A WAN like the Internet spans most of the world! * A WAN is a geographically-dispered collection of LANs. * A network device called a router connects LANs to a WAN. In IP networking, the router maintains both a LAN address and a WAN address. * WANs differ from LANs in several important ways.

* Like the Internet, most WANs are not owned by any one organization but rather exist under collective or distributed ownership and management. * WANs use technology like ATM, Frame Relay and X.25 for connectivity. * WAN technologies generally function at the lower three layers of the OSI reference model: the physical layer, the data link layer, and the network layer.

7.1.4.1). WAN Networks

Point-to-Point Links * A point-to-point link provides a single, pre-established WAN communications path from the customer premises through a carrier network, such as a telephone company, to a remote network. * Point-to-point lines are usually leased from a carrier and thus are often called leased lines. * For a point-to-point line, the carrier allocates pairs of wire and facility hardware to your line only. These circuits are generally priced based on bandwidth required and distance between the two connected points. * Point-to-point links are generally more expensive than shared services such as Frame Relay. Circuit Switching * Switched circuits allow data connections that can be initiated when needed and terminated when communication is complete. * This works much like a normal telephone line works for voice communication. * Integrated Services Digital Network (ISDN) is a good example of circuit switching.

* When a router has data for a remote site, the switched circuit is initiated with the circuit number of the remote network. In the case of ISDN circuits, the device actually places a call to the telephone number of the remote ISDN circuit. When the two networks are connected and authenticated, they can transfer data. When the data transmission is complete, the call can be terminated. * A Circuit-Switched WAN Undergoes a Process Similar to That Used for a Telephone Call as can be seen below:

Packet Switching

* Packet switching is a WAN technology in which users share common carrier resources. * Because this allows the carrier to make more efficient use of its infrastructure, the cost to the customer is generally much better than with point-to-point lines. * In a packet switching setup, networks have connections into the carrier's network, and many customers share the carrier's network. * The carrier can then create virtual circuits between customers' sites by which packets of data are delivered from one to the other through the network. The section of the carrier's network that is shared is often referred to as a cloud. * Some examples of packet-switching networks include Asynchronous Transfer Mode (ATM), Frame Relay, Switched Multimegabit Data Services (SMDS), and X.25. * Figure hows an example packet-switched circuit. The virtual connections between customer sites are often referred to as a virtual circuit.

Packet Switching Transfers Packets Across a Carrier Network

7.1.4.2). WAN Virtual Circuits

* A virtual circuit is a logical circuit created within a shared network between two network devices. * Two types of virtual circuits exist: switched virtual circuits (SVCs) and permanent virtual circuits (PVCs).

Switched Virtual Circuits * SVCs are virtual circuits that are dynamically established on demand and terminated when transmission is complete. * Communication over an SVC consists of three phases: circuit establishment, data transfer, and circuit termination. * The establishment phase involves creating the virtual circuit between the source and destination devices. * Data transfer involves transmitting data between the devices over the virtual circuit. * The circuit termination phase involves tearing down the virtual circuit between the source and destination devices. * SVCs are used in situations in which data transmission between devices is sporadic. Permanent Virtual Circuits

* PVC is a permanently established virtual circuit that consists of one mode: data transfer. * PVCs are used in situations in which data transfer between devices is constant. *

PVCs decrease the bandwidth use associated with the establishment and termination of virtual circuits, but they increase costs due to constant virtual circuit availability. * PVCs are generally configured by the service provider when an order is placed for service. Internet Service Providers * Home networkers with cable modem or DSL service already have encountered LANs and WANs in practice, though they may not have noticed. * A cable/DSL router join the home LAN to the WAN link maintained by one's ISP. * The ISP provides a WAN IP address used by the router, and all of the computers on the home network use private LAN addresses. * On a home network, like many LANs, all computers can communicate directly with each other, but they must go through a central gateway location to reach devices outside of their local area.

7.1.4.3). WAN Devices

* WANs use numerous types of devices that are specific to WAN environments. * WAN switches, access servers, modems, CSU/DSUs, and ISDN terminal adapters are discussed in the following sections. * Other devices found in WAN environments that are used in WAN implementations include routers, ATM switches, and multiplexers.

Access Server

* An access server acts as a concentration point for dial-in and dial-out connections. Figure illustrates an access server concentrating dial-out connections into a WAN.

CSU/DSU

* A channel service unit/digital service unit (CSU/DSU) is a digitalinterface device used to connect a router to a digital circuit like a T1. * The CSU/DSU also provides signal timing for communication between these devices. * Figure below illustrates the placement of the CSU/DSU in a WAN implementation. ISDN Terminal Adapter * An ISDN terminal adapter is a device used to connect ISDN Basic Rate Interface (BRI) connections to other interfaces, such as EIA/TIA-232 on a router. * A terminal adapter is essentially an ISDN modem, although it is called a terminal adapter because it does not actually convert analog to digital signals. * Figure below illustrates the placement of the terminal adapter in an ISDN environment.

WAN Switch

* A WAN switch is a multiport internetworking device used in carrier networks. * These devices typically switch such traffic as Frame Relay, X.25, and SMDS, and operate at the data link layer of the OSI reference model. * Figure below illustrates two routers at remote ends of a WAN that are connected by WAN switches.

Modem * A modem is a device that interprets digital and analog signals, enabling data to be transmitted over voice-grade telephone lines. * At the source, digital signals are converted to a form suitable for transmission over analog communication facilities. * At the destination, these analog signals are returned to their digital form. * Figure below shows a simple modem-to-modem connection through a WAN. 7.1.4.4). Other Area Networks

After LANs and WANs, one will most commonly encounter the following three network designs:

* A Metropolitan Area Network connects an area larger than a LAN but smaller than a WAN, such as a city, with dedicated or high-performance hardware. * A Storage Area Network connects servers to data storage devices through a technology like Fibre Channel. * A System Area Network connects high-performance computers with high-speed connections in a cluster configuration. 7.1.5. Ethernet and Networking Hardware

Ethernet is a frame-based computer networking technology for local area networks (LANs). * It defines wiring and signaling for the physical layer, and frame formats and protocols for the media access control (MAC)/data link layer of the OSI model. * The most commonly installed Ethernet systems are called 10BASE-T and provide transmission speeds up to 10 Mbps.

* Ethernet is mostly standardized as IEEE's 802.3. It has become the most widespread LAN technology in use

* Ethernet follows a simple set of rules that govern its basic operation. * To better understand these rules, it is important to understand the basics of Ethernet terminology. o Medium - Ethernet devices attach to a common medium that provides a path along which the electronic signals will travel. Historically, this medium has been coaxial copper cable, but today it is more commonly a twisted pair or fiber optic cabling. o Segment - We refer to a single shared medium as an Ethernet segment. o Node - Devices that attach to that segment are stations or nodes. o Frame - The nodes communicate in short messages called frames, which are variably sized chunks of information. * One interesting thing about Ethernet addressing is the implementation of a broadcast address. A frame with a destination address equal to the broadcast address is intended for every node on the network, and every node will both receive and process this type of frame. 7.1.5.1). Ethernet Network Medium

* A Network Medium is the type of cabling used in a network. * There are many types of cables used in networks today, although only a few are commonly used. * The type of cabling can have an influence on the speed of the network.

1. Twisted-pair Cable

* A Twisted-pair cable has a pair of wires twisted around each other to reduce the interference. * There can be two, four, or even more sets of twisted pairs in a network cable. * Twisted-pair cables are usually attached to the network devices with a jack that looks like a telephone modular jack, but a little wider, supporting up to eight wires. * There are two types of Twisted-Pair cable in use: o A Unshielded Twisted-Pair (UTP) cable is one of the most commonly used network media because it is cheap and easy to work with. o A Shielded Twisted-Pair (STP) cable has the same basic construction as its unshielded cousin, but the entire cable is wrapped in a layer of insulation for protection from interference. 2. Coaxial Cable * A Coaxial cable is designed with two conductors, one in the centre surrounded by a layer of insulation, and the second a mesh or foil conductor surrounding the insulation. * Outside the mesh is a layer of outer insulation. Because of its reduced electrical impedance, coaxial is capable of faster transmission than twistedpair cable. * Coax is also broadband, supporting several network channels on the same cable. * There are two types of coaxial cable in use: o Thick coax is a heavy cable that is used as a network backbone for the bus network. This cable is formally known as Ethernet PVC coax, but is usually called 10BASE5. Because thick coax is so heavy and stiff, it is difficult to work with and is quit expensive. o Thin coax is the most common type used in Ethernet networks. It goes by several names, including Thin Ethernet, 10BASE2, and cheapernet. Thin coax is the same as your television cable. Thin coax is quite flexible and has a low impedance, so it is capable of fast throughput rates. It is not difficult to lay

out, as it is quite flexible, and it is easy to construct cables with the proper connectors, usually BNC connectors, at each end. Thin coax is broadband, although most local area networks use only a single channel of the cable. 3. Fibre-optic Cable * A Fibre-optic cable called FDDI (Fiber Distributed Data Interface) is becoming popular for very high-speed networks (500 Mbits). It is very expensive but capable of supporting many channels at tremendous speed. o Fibre-optic cable is almost never used in local area networks, although some large corporations do use it to connect many LAN’s together into a wide area network. o The supporting hardware to handle fibre-optic backbones is quite expensive and specialised. o It consists of a single cable with hosts being attached to it through connectors, taps or transceiver. 7.1.5.2). Ethernet Network Interface

* To hide the diversity of equipment that may be used in a networking environment, TCP/IP defines an abstract interface through which the hardware is accessed called the Ethernet interface or network interface. * This interface offers a set of operations which is the same for all types of hardware and basically deals with sending and receiving packets. * For each peripheral device you want to use for networking, a corresponding interface has to be present in the kernel. * For example, Ethernet interfaces are called eth0 and eth1 and these interface names are used for configuration purposes when you want to name a particular physical device to the kernel.

7.1.6. Internet Protocol or IP Address

* To extend your network beyond the Ethernet, regardless of the hardware you run or the sub-units its made up of, you have the Internet Protocol which

facilitates this. The current version of Internet Protocol that is in use is IP Version 4 ("IPv4") which is now nearly twenty years old.. * Hence we have a dedicated host, a so-called gateway, which handles incoming and outgoing packets by copying them between any two Ethernets and the fiber optics cable. * This scheme of directing data to a remote host is called routing, and packets are often referred to as datagrams in this context. To facilitate things, datagram exchange is governed by a single protocol that is independent of the hardware used: IP, or Internet Protocol. * The main benefit of IP is that it turns physically dissimilar networks into one apparently homogeneous network. This is called internetworking, and the resulting ``meta-network'' is called an internet. * IP also requires a hardware-independent addressing scheme. This is achieved by assigning each host a unique 32-bit number according to the current version of Internet Protocol ipv4, called the IP-address. An IP-address is usually written as four 8-bit numbers called octets, separated by dots. This format is also called dotted quad notation. * To be usable for TCP/IP networking, an interface must be assigned an IPaddress which serves as its identification when communicating with the rest of the world.

7.1.6.1). IP Address Notation and Classes of Networks

* IP-addresses are split into a network number, which is contained in the leading octets, and a host number, which is the remainder. * When applying to the NIC for IP-addresses, you are not assigned an address for each single host you plan to use. Instead, you are given a network number, and are allowed to assign all valid IP-addresses within this range to hosts on your network according to your preferences. * Depending on the size of the network, the host part may need to be smaller or larger. To accommodate different needs, there are several classes of networks, defining different splits of IP-addresses.

Class A *

Class A comprises networks 1.0.0.0 through 127.0.0.0. The network number is contained in the first octet. This provides for a 24 bit host part, allowing roughly 1.6 million hosts.

Class B * Class B contains networks 128.0.0.0 through 191.255.0.0; the network number is in the first two octets. This allows for 16320 nets with 65024 hosts each.

Class C * Class C networks range from 192.0.0.0 through 223.255.255.0, with the network number being contained in the first three octets. This allows for nearly 2 million networks with up to 254 hosts.

Classes D, E, and F * Addresses fall into the range of 224.0.0.0 through 254.0.0.0 are either experimental, or are reserved for future use and don't specify any network.

For example, if the IP address of a host is 149.76.12.4, it refers to host 12.4 on the class-B network 149.76.0.0.

* You may have noticed that in the above list not all possible values were allowed for each octet in the host part. * This is because host numbers with octets all 0 or all 255 are reserved for special purposes. * An address where all host part bits are zero refers to the network, and one where all bits of the host part are 1 is called a broadcast address. This refers to all hosts on the specified network simultaneously. *

Thus, 149.76.255.255 is not a valid host address, but refers to all hosts on network 149.76.0.0.

Reserved Network Addresses * There are also two network addresses that are reserved, 0.0.0.0 and 127.0.0.0. The first is called the default route, the latter the loopback address. * Network 127.0.0.0: is reserved for IP traffic local to your host. Usually, address 127.0.0.1 will be assigned to a special interface on your host, the socalled loopback interface, which acts like a closed circuit. Any IP packet handed to it from TCP or UDP will be returned to them as if it had just arrived from some network. This allows you to develop and test networking software without ever using a ``real'' network. Another useful application is when you want to use networking software on a standalone host. 7.1.7. Transmission Control Protocol

* TCP, or Transmission Control Protocol builds a reliable service on top of IP. The essential property of TCP is that it uses IP to give you the illusion of a simple connection between the two processes on your host and the remote machine, so that you don't have to care about how and along which route your data actually travels. * A TCP connection works essentially like a two-way pipe that both processes may write to and read from. * TCP identifies the end points of such a connection by the IP-addresses of the two hosts involved, and the number of a so-called port on each host. Ports may be viewed as attachment points for network connections.

7.1.8. User Datagram Protocol

TCP isn't the only user protocol in TCP/IP networking. Although its suitable for more applications, the overhead involved is quite high.Hence, many applications use a sibling protocol of TCP called UDP, or User Datagram Protocol.

*

UDP also allows an application to contact a service on a certain port on the remote machine, but it doesn't establish a connection for this. Instead, you may use it to send single packets to the destination service. 7.1.9. Connection Ports

* Ports may be viewed as attachment points for network connections. If an application wants to offer a certain service, it attaches itself to a port and waits for clients to connect to this port (this is also called listening on the port). * A client that wants to use this service allocates a port on its local host, and connects to the server's port on the remote host. * It is worth noting that although both TCP and UDP connections rely on ports, these numbers do not conflict. This means that TCP port 513, for example, is different from UDP port 513. In fact, these ports can serve as access points for two different services. * Some of the common ports you come across are port 80( used by httpd), 21( used by ftp), 22 ( used by sshd) etc.

7.1.10. Address Resolution

Address Resolution refers to mapping IP-addresses onto Ethernet addresses. This is the Address Resolution Protocol, or ARP. * When ARP wants to find out the Ethernet address corresponding to a given IP-address, it uses a feature of Ethernet known as “broadcasting'' , where a datagram is addressed to all stations on the network simultaneously. * The broadcast datagram sent by ARP contains a query for the IP-address. Each receiving host compares this to its own IP-address, and if it matches, returns an ARP reply to the inquiring host. The inquiring host can now extract the sender's Ethernet address from the reply. 7.1.11. IP Routing

* When you write a letter to someone, you usually put a complete address on the envelope, specifying the country, state, zip code, etc. After you put it

into the letter box, the postal service will deliver it to its destination: it will be sent to the country indicated, whose national service will dispatch it to the proper state and region, etc. The advantage of this hierarchical scheme is rather obvious. * IP-networks are structured in a similar way. The whole Internet consists of a number of proper networks, called autonomous systems. * Each such system performs any routing between its member hosts internally, so that the task of delivering a datagram is reduced to finding a path to the destination host's network. 7.1.11.1). Subnetworks

* Ip addresses can be split into a host and network part. By default, the destination network is derived from the network part of the IP-address. Thus, hosts with identical IP-network numbers should be found within the same network. * IP allows you to subdivide an IP-network into several subnets or subnetworks. * It is worth noting that sub-netting (as the technique of generating subnets is called) is only an internal division of the network. Subnets are generated by the network owner (or the administrators) to reflect existing boundaries, be they physical (between two Ethernets)or administrative (between two departments). However, this structure affects only the network's internal behavior, and is completely invisible to the outside world.

How sub-netting is done? In sub-netting, the network part is extended to include some bits from the host part. The number of bits that are interpreted as the subnet number is given by the so-called subnet mask, or netmask. This is a 32-bit number, too, which specifies the bit mask for the network part of the IP-address.

For example: A sample network has a class-B network number of 149.76.0.0, and its netmask is therefore 255.255.0.0. * Internally, this network consists of several smaller networks, such as the LANs of various departments. So the range of IP-addresses is broken up into 254 subnets, 149.76.1.0 through 149.76.254.0. *

For example, the Department1 has been assigned 149.76.12.0. The Department2 is given a network by its own right, and is given 149.76.1.0. * These subnets share the same IP-network number, while the third octet is used to distinguish between them. Thus they will use a subnet mask of 255.255.255.0.

7.1.11.2). Gateways * A gateway is a host that is connected to two or more physical networks simultaneously and is configured to switch packets between them. * A gateway is assigned one IP-address per network it is on. These addresses--- along with the corresponding netmask--- are tied to the interface the subnet is accessed through. Thus, the mapping of interfaces and addresses could look like this:

+-------+-------------+----------------+ |iface | address | netmask | +-------+-------------+----------------+ +-------+-------------+----------------+ |eth0 | 149.76.4.1 | 255.255.255.0 | |fddi0 | 149.76.1.4 | 255.255.255.0 | |lo | 127.0.0.1 | 255.0.0.0 | +-------+-------------+----------------+ +-------+-------------+----------------+

* The last entry describes the loopback interface lo. * Hosts that are on two subnets at the same time are shown with both addresses.

7.1.11.3). Routing Table

The routing table is used while delivering datagrams to IP address on a remote server which is maintained by the kernel.

* The routing information IP uses for this is basically a table linking networks to gateways that reach them. * A catch-all entry (the default route) must generally be supplied, too; this is the gateway associated with network 0.0.0.0. All packets to an unknown network are sent through the default route. * For larger networks, they are built and adjusted at run-time by routing daemons; these run on central hosts of the network and exchange routing information to compute ``optimal'' routes between the member networks. * Depending on the size of the network, different routing protocols will be used. The most prominent one is RIP, the Routing Information Protocol, which is implemented by the BSD routed daemon. * Dynamic routing based on RIP chooses the best route to some destination host or network based on the number of “hops'', that is, the gateways a datagram has to pass before reaching it. The shorter a route is, the better RIP rates it. 7.2. Linux Network Administration 7.2.1. Network Configuration Files 1. Resolver configuration file -- /etc/resolv.conf This file specifies the IP addresses of DNS servers and the search domain. Unless configured to do otherwise, the network initialization scripts populate this file.

search name-of-domain.com - Name of your domain or ISP's domain if using their name server nameserver XXX.XXX.XXX.XXX - IP address of primary name server nameserver XXX.XXX.XXX.XXX - IP address of secondary name server

*

This configures Linux so that it knows which DNS server will be resolving domain names into IP addresses. If using a static IP address, ask the ISP or check another machine on your network.

2. /etc/hosts - Locally resolve node/host names to IP addresses. The main purpose of this file is to resolve hostnames that cannot be resolved any other way. It can also be used to resolve hostnames on small networks with no DNS server. * Regardless of the type of network the computer is on, this file should contain a line specifying the IP address of the loopback device (127.0.0.1) as localhost.localdomain 127.0.0.1 localhost.localdomain localhost XXX.XXX.XXX.XXX hostname hostname1 192.168.0.2 srv1.carmatec.com

* Note when adding hosts to this file, place the fully qualified name first.

3. /etc/sysconfig/network : Red Hat network configuration file used by the system during the boot process. Specifies routing and host information for all network interfaces. The following values may be used inside : * NETWORKING=, where is one of the following boolean values: yes — Networking should be configured. no — Networking should not be configured. * HOSTNAME=, where should be the Fully Qualified Domain Name (FQDN), such as hostname.example.com, but can be whatever hostname is necessary. * GATEWAY=, where is the IP address of the network's gateway. * GATEWAYDEV=, where is the gateway device, such as eth0.

* NISDOMAIN=, where is the NIS domain name.

4. /etc/nsswitch.conf - System Databases and Name Service Switch configuration file . The /etc/nsswitch.conf file is used to configure which services are to be used to determine information such as hostnames, password files, and group files.

hosts: files dns nisplus nis

* This example tells Linux to first resolve a host name by looking at the local hosts file(/etc/hosts), then if the name is not found look to your DNS server as defined by /etc/resolv.conf and if not found there look up to your NIS server.

5. /etc/sysconfig/network-scripts/ifcfg- For each network interface on a Red Hat Linux system, there is a corresponding interface configuration script. Each of these files provide information specific to a particular network interface. * /etc/sysconfig/network-scripts/ifcfg-eth0 is the interface config script for eth0 interface * Configuration settings for your first ethernet port (0). Your second port is eth1. 7.2.2. Network Administration Commands 7.2.2.1). IP Address Assignment

The command ifconfig if used for this purpose. This command is used to configure network interfaces, or to display their current configuration. In addition to activating and deactivating interfaces with the up and down settings, this command is necessary for setting an interface's address information.

Determining your IP address Assignment *

You can determine the IP address of a linux machine and which device its assigned to using the ifconfig command. $ ifconfig

Setting up the main IP * An IP interface, for example, needs to be told both its own address and the network mask and broadcast address of its subnet. * To configure the IP 192.168.10.12 on the interface eth0, you can use: $ ifconfig eth0 192.168.10.12 netmask 255.255.255.0 broadcast 192.168.10.255 up

* 255.255.255.0 is the subnet mask. * After this, to make the changes permanent so that this IP is activated after every system reboot, a file has to be created called /etc/sysconfig/network-scripts/ifcfg-eth0 which will have contents like below for a static IP address configuration.

DEVICE=eth0 BOOTPROTO=static BROADCAST=192.168.10.255 IPADDR=192.168.10.12 NETMASK=255.255.255.0 NETWORK=192.168.10.0 ONBOOT=yes

* You can also use the commandline above to change the main IP address of a machine.

Adding more IP addresses to a machine * Using ifconfig, you can add more Ips to a machine using the commandline below

$ ifconfig eth0:0 192.168.10.13 netmask 255.255.255.0 broadcast 192.168.10.255 up

* In this case, the file that needs to be created is /etc/sysconfig/networkscripts/ifcfg-eth0:0 so that this IP is activated after system boot up. A sample file is given below.

DEVICE=eth0:0 BOOTPROTO=static BROADCAST=192.168.10.255 IPADDR=192.168.10.13 NETMASK=255.255.255.0 NETWORK=192.168.10.0 ONBOOT=yes

* If you are giving another IP, the file will be ifcfg-eth0:1 and the command line will be : $ ifconfig eth0:1 192.168.10.14 netmask 255.255.255.0 broadcast 192.168.10.255 up

* Note : After making these changes, you need to restart the network daemon using $ /etc/rc.d/init.d/network restart

* The command ‘usernetctl’ can be used to activate or de-activate a network interface. $ usernetctl eth0 up $ usernetctl eth0:1 up $ usernetctl eth0 down 7.2.2.2). Setting up Routing

Routing A routing table is a simple set of rules that tells what will be done with network packets. * The destination address of every outgoing packet is checked against every line of the routing table maintained by the kernel; if a matching line is found then the packet is sent out through the interface listed on that line of the table; if no match is found the system returns the error “Unreachable host.'' * The route command is the tool used to display or modify the routing table. * If you type "route" or “route –n†for a machine having the IP 192.168.2.2 for eth0 , the routing table below will be displayed: $ route Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.2.2 * 255.255.255.255 UH 0 0 0 eth0 192.168.2.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 192.168.0.2 0.0.0.0 UG 0 0 0 eth0

* The last line which has the Genmask 0.0.0.0 is the default route and the default gateway is set to 192.168.0.2. All packets to an unknown network are sent through the default route. *

The routing table looks like a set of instructions, very similar to a case statement which has a "default" at its end and can be described as below for the above routing table setup. if (address=me) then send to me; elseif (address=my network) then send to my network; elseif (address=my local) then send to my local interface; else send to my gateway 192.168.0.2; Iface : Interface to which packets for this route will be sent. Setting Up Routing * The default gateway can be set using the route command using the command line below $ route add -net default gw 192.168.2.0 dev eth0 ( for a network) OR $ route add default gw 192.168.2.0 eth0 (for a machine )

* To setup routing for more than 2 network interfaces, ie if you have both eth0 as well as eth1, you may use the command lines below . $ route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.2 dev eth0 $ route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3 dev eth1 * Note that in the above example the network 192.168.2.0 uses the gateway 192.168.0.2 and 192.168.1.0 is configured to use the gateway 192.168.0.3

* The flags above mean the following: U - Route is up H -Only a single host can be reached through the route. For example, this is the case for the loopback entry 127.0.0.1. G - Use gateway

Deleting a Route

* A route can be removed from a network using the command line below $ route del -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.2 eth0 * For a standalone machine, it can be removed as $ route del default gw 192.168.2.0 eth0 7.2.2.3). Network Monitoring/ Analysis Tools

1. Netstat :

* Displays information about the systems currently active network connections, including port connections, routing tables, and more. * To display the routing table, use the option $ netstat –nr , netstat –r * n will show numerical addresses instead of symbolic hostnames * To get the list of programs or services listening on all the open ports on the system along with their process id or program name, use the option $ netstat –lpn * To display all connected sockets and the foreign Ips from which the connection is coming from, use $ netstat –an * Using the –a flag by itself will display all sockets from all families. *

To see all connections from outside to httpd port 80, you may use $ netstat –an | grep 80 * To display the statistics for the network interfaces currently configured $ netstat –i

2. Traceroute:

* Used to determine the network route from your computer to some other computer on your network or the internet.It can be used with the hostname or the IP address. $ traceroute 216.239.39.99 OR $ traceroute google.com * Traceroute will list the series of hosts/gateways through which your packets travel on their way to a given destination. 3. Ping

* The IP protocol includes control messages called ICMP (Internet Control Message Protocol) packets. * One type of ICMP packet is called an “echo request'' , and the IP rules require its recipient to send back an “ echo reply†. * These are incredibly useful because you can determine o whether the remote host is up and talking to the network, o the time required for a packet to make a round-trip to the host, o

By sending a few dozen echo requests, what fraction of the packets sent between the hosts get lost somewhere along the way. * The ping command sends echo requests to the host you specify on the command line, and lists the responses received in their round trip time. * When you terminate ping (probably by hitting control-C) it summarizes the results, giving the average round trip time and the percent packet loss. * This command is used constantly to determine whether there is a problem with the network connection between two hosts. * The ping command can be called with the hostname or the IP address $ ping google.com $ ping 216.239.39.99

4. arp * The ARP (Address Resolution Protocol) table normally uses an automatic mechanism to find what physical addresses go with which IP addresses. The arp command displays this table, and can be used to modify it, though this necessity is rare. * The commandline to display the arptable and a sample output is given below. $ arp -a IP address HW type HW address 172.16.1.3 10Mbps Ethernet 00:00:C0:5A:42:C1 172.16.1.2 10Mbps Ethernet 00:00:C0:90:B3:42 172.16.2.4 10Mbps Ethernet 00:00:C0:04:69:AA

* The arp -s command can be used to change the IP address of a device. The syntax is: $ arp -s ip_address ethernet_address

$ arp -s 220.0.0.182 00-40-af-36-0c-38 * The column HW address is the Ethernet, or MAC, address. A typical Ethernet address (also known as MAC address - Media Access Control) looks like this: aabb-cc-dd-ee-ff where aa-bb-cc equals a number unique to the manufacturer and ddee-ff equals a serial number.

5. tcpdump * Tcpdump is a command-line tool for monitoring network traffic. * Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. $ tcpdump * To print all packets arriving at or departing from the host educarma.com $ tcpdump host educarma.com 7.2.2.4) Changing the System Hostname * Use the command hostname. Hostname is the program that is used to either set or display the current host, domain or node name of the system. These names are used by many of the networking programs to identify the machine. $ hostname * To change the hostname, use any of the options below $ echo “hostnameâ€

> /proc/sys/kernel/hostname

$ sysctl –w kernel.hostname=educarma.com * Sysctl is used to change kernel parameters at runtime. The parameters available are those listed under /proc/sys/ * To make the change in hostname permanent, the new hostname has to be added to the file /etc/sysconfig/network using the entry below. HOSTNAME=

7.2.2.5). Networking terms ARP - Address resolution protocol. Used to translate hardware addresses (ethernet ports) and IP addresses and vice versa. Uses broadcast messages for resolution. BOOTP - A protocol used to allow client computers to get their IP address from a BOOTP server. DHCP supercedes, though does not replace this protocol. DHCP - Dynamic Host Configuration Protocol, allows clients to get their IP addresses from a DHCP server. This system "leases" IP addresses to clients for limited periods of time. If the client has not used their IP address within the lease time, the IP address is free for re-assignment. ICMP - Internet Control Message Protocol. Part of the IP layer. Communicates error messages and other messages that require attention. IGMP - Internet Group Management Protocol. Protocol used to manage multicasting through routers. IP - Three kinds of IP addresses are unicast, broadcast and multicast. MBONE - Used to refer to a network that supports multicasting. NIS - Network information service, is a name service created by Sun Microsystems. NFS - Network file sharing, allows two Unix style computers to mount and access part or all of a file system on a remote computer. OSPF - Open Shortest Path First dynamic routing protocol intended as a replacement for RIP. PPP - Point to point protocol is a serial protocol commonly used to connect using a modem to the internet RARP - Reverse ARP, used for clients to determine their IP addresses. RIP - Routing Information Protocol, used by almost all TCP/IP implementation to perform dynamic routing. RPC - Remote procedure call is a set of function calls used by a client program to call functions in a remote server program. SLIP - Serial line internet protocol SMTP - Simple mail transport protocol, commonly uset as the mail message transport protocol. SNMP - Simple network management protocol. UDP - User Datagram Protocol, a transport layer protocol UUCP - Unix to Unix copy is a protocol that allows Unix computers to exchange files. 7.2.3. Packet Filtering Using Iptables

* Iptable is a tool for packet filtering – the process of controlling network packets as they enter, move through and exit the network stack within the kernel. * Pre 2.4 kernels relied on ipchains. It is part of the kernelspace netfilter project. * Using Linux and iptables / ipchains one can configure a gateway which will allow all computers on a private network to connect to the internet via the gateway and one external IP address, using a technology called "Network Address Translation" (NAT) or masquerading. * Iptables/ipchains can also be configured so that the Linux computer acts as a firewall, providing protection to the internal network. 7.2.3.1). Network Address Translation (NAT)

* An individual on a computer on the private network may point their web browser to a site on the internet. This request is recognized to be beyond the local network so it is routed to the Linux gateway using the private network address. * The request for the web page is sent to the web site using the external internet IP address of the gateway. * The request is returned to the gateway which then translates the IP address to computer on the private network which made the request. This is often called IP masquerading. * The software interface which enables one to configure the kernel for masquerading is iptables (Linux kernel 2.4) or ipchains (Linux kernel 2.2) 7.2.3.2). Packet filtering tables

The Linux kernel has the built-in ability to filter packets, allowing some of them into the system while stopping others. The 2.4 kernel's netfilter has three built-in tables or rules lists. 1. Filter - The default table for handling network packets. 2.

Nat - Used to alter packets that create a new connection.Used for Network Address Translation. 3. Mangle - Used for specific types of packet alteration. * Each of these tables in turn has a group of built-in chains which correspond to the actions performed on the packet by the netfilter. The built-in chains of different tables are as shown below. 7.2.3.3). Built –In Chains for the different tables

Chains available in Filter table

INPUT — Applies to network packets that are targeted for the host. OUTPUT — Applies to locally-generated network packets. FORWARD — Applies to network packets routed through the host.

Chains available in NAT table PREROUTING — Alters network packets when they arrive. OUTPUT — Alters locally-generated network packets before they are sent out. POSTROUTING — Alters network packets before they are sent out.

Chains available in Mangle table INPUT — Alters network packets targeted for the host. OUTPUT — Alters locally-generated network packets before they are sent out. FORWARD — Alters network packets routed through the host. PREROUTING — Alters incoming network packets before they are routed. POSTROUTING — Alters network packets before they are sent out. * Every packet sent or received by a linux machine is subject to at least one table. Once the incoming packet is found matching to a rule in the chain a target, or action is performed on them.

7.2.3.4). Types of Targets

Target is the action or policy to be taken with the corresponding packet. The types of targets which are available are : * ACCEPT - The packet skips the rest of the rule checks and is allowed to continue to its destination * REJECT - If a rule specifies the optional REJECT target, the packet is dropped, but an error packet is sent to the packet's originator. * DROP - Packet is refused access to the system and nothing is sent back to the host that sent the packet * QUEUE – The packet is passed to the user space where it can be manipulated by the user programs. * RETURN - Handled by default targets * MARK - Used for error response. * MASQUERADE - Used with nat table and DHCP. * LOG - Log to file and specify error message. Every chain has a default policy to ACCEPT, DROP, REJECT, or QUEUE. If none of the rules in the chain apply to the packet, then the packet is dealt with in accordance with the default policy. 7.2.3.5). The Iptables Commandline

* Rules that allow packets to be filtered by the kernel are put in place by running the iptables command

Command structure of Iptables $ iptables [-t ] <parameter-1> <parameter-n> *

- lets the user to select the table ie Filter, NAT or Mangle. * - Commands tell iptables to perform a specific action on the chosen table like Append, Check, Delete, Rename or Flush the table. Commonly used Iptable commands * -A : Appends the iptables rule to the end of the specified chain. This is the command used to simply add a rule when rule order in the chain does not matter. * -C : Checks a particular rule before adding it to the user-specified chain. This command can help you construct complicated iptables rules by prompting you for additional parameters and options. * -D : Deletes a rule in a particular chain by number (such as 5 for the fifth rule in a chain). You can also type the entire rule, and iptables will delete the rule in the chain that matches it. * -E : Renames a user-defined chain. This does not affect the structure of the table. * -F : Flushes the selected chain, which effectively deletes every rule in the the chain. If no chain is specified, this command flushes every rule from every chain. * -h : Provides a list of command structures, as well as a quick summary of command parameters and options. * -I : Inserts a rule in a chain at a point specified by a user-defined integer value. If no number is specified, iptables will place the command at the top of the chain. * -L : Lists all of the rules in the chain specified after the command. To list all rules in all chains in the default filter table, do not specify a chain or table. Otherwise, the following syntax should be used to list the rules in a specific chain in a particular table: $ iptables -L -t $ iptables –L

*

-N : Creates a new chain with a user-specified name. * -P : Sets the default policy for a particular chain, so that when packets traverse an entire chain without matching a rule, they will be sent on to a particular target, such as ACCEPT or DROP. * -R : Replaces a rule in a particular chain. The rule's number must be specified after the chain's name. The first rule in a chain corresponds to rule number one. * -X : Deletes a user-specified chain. Deleting a built-in chain for any table is not allowed. * -Z : Zeros the byte and packet counters in all chains for a particular table. - A name for the table which could be user defined. <parameter-n> - Once certain iptables commands are specified, including those used to add, append, delete, insert, or replace rules within a particular chain, parameters are required to construct a packet filtering rule. For example, * -c command resets the counters for a particular rule. This parameter accepts the PKTS and BYTES options to specify what counter to reset. * -d : Sets the destination hostname, IP address, or network of a packet that will match the rule. When matching a network, the following IP address/netmask formats are supported: o N.N.N.N/M.M.M.M — Where N.N.N.N is the IP address range and M.M.M.M is the netmask. o N.N.N.N/M — Where N.N.N.N is the IP address range and M is the netmask. o -f — Applies this rule only to fragmented packets. o By using the ! option after this parameter, only unfragmented packets will be matched.

* -i : Sets the incoming network interface, such as eth0 or ppp0. With iptables, this optional parameter may only be used with the INPUT and FORWARD chains when used with the filter table and the PREROUTING chain with the nat and mangle tables. This parameter also supports the following special options: o ! — Tells this parameter not to match, meaning that any specified interfaces are specifically excluded from this rule.For eg: -i ! eth0, would match all incoming interfaces, except eth0. o + — A wildcard character used to match all interfaces which match a particular string. For example, the parameter -i eth+ would apply this rule to any Ethernet interfaces but exclude any other interfaces, such as ppp0. o If the -i parameter is used but no interface is specified, then every interface is affected by the rule.

* -j : Tells iptables to jump to a particular target when a packet matches a particular rule. Valid targets to be used after the -j option include the standard options, ACCEPT, DROP, QUEUE, and RETURN, as well as extended options that are available through modules loaded by default with the Red Hat Linux iptables RPM package, such as LOG, MARK, and REJECT, among others. You may also direct a packet matching this rule to a user-defined chain outside of the current chain so that other rules can be applied to the packet. If no target is specified, the packet moves past the rule with no action taken. However, the counter for this rule is still increased by one, as the packet matched the specified rule. * -o : Sets the outgoing network interface for a rule and may only be used with OUTPUT and FORWARD chains in the filter table, and the POSTROUTING chain in the nat and mangle tables. This parameter's options are the same as those of the incoming network interface parameter (-i). * -p : Sets the IP protocol for the rule, which can be either icmp, tcp, udp, or all, to match every supported protocol. In addition, any protocols listed in /etc/protocols may also be used. If this option is omitted when creating a rule, the all option is the default. * -s : Sets the source for a particular packet using the same syntax as the destination (-d) parameter. We could also invert the match with an !. If we

were, in other words, to use a match in the form of --source ! 192.168.0.0/24, we would match all packets with a source address not coming from within the 192.168.0.x range.

Match Options * Different network protocols provide specialized matching options which may be set in specific ways to match a particular packet using that protocol. * The protocol must first be specified in the iptables command, by using -p tcp <protocol-name> (where <protocol-name> is the target protocol), to make the options for that protocol available. * TCP Protocol – TCP Protocol is specified using the option –p tcp and the match options available for tcp is as shown below, * --dport : Sets the destination port for the packet. Use either a network service name (such as www or smtp), port number, or range of port numbers to configure this option. The --destination-port match option is synonymous with -dport. o To specify a specific range of port numbers, separate the two numbers with a colon (:), such as -p tcp --dport 3000:3200. The largest acceptable valid range is 0:65535. o Use an exclamation point character (!) after the --dport option to tell iptables to match all packets which do not use that network service or port, such as -p tcp --dport ! 80.

* --sport : Sets the source port of the packet using the same options as -dport. The --source-port match option is synonymous with --sport. * --syn : Applies to all TCP packets designed to initiate communication, commonly called SYN packets. Any packets that carry a data payload are not touched. Placing an exclamation point character (!) as a flag after the --syn option causes all non-SYN packets to be matched. Eg : iptables -p tcp ! --syn * --tcp-flags — Allows TCP packets with specific bits, or flags, set to be matched with a rule. The --tcp-flags match option accepts two parameters. The

first parameter is the mask, which sets the flags to be examined in the packet. The second parameter refers to the flag that must be set in order to match. The possible flags are: ACK , FIN , PSH, RST, SYN, URG , ALL, NONE o For example, an iptables rule which contains -p tcp --tcp-flags ACK,FIN,SYN SYN will only match TCP packets that have the SYN flag set and the ACK and FIN flags unset. o Using the exclamation point character (!) after --tcp-flags reverses the effect of the match option. o For eg: iptables -p tcp --tcp-flags ! SYN,FIN,ACK

* --tcp-option — Attempts to match with TCP-specific options that can be set within a particular packet. This match option can also be reversed with the exclamation point character (!). A TCP Option is a specific part of the header.

Target Options * Once a packet has matched a particular rule, the rule can direct the packet to a number of different targets that decide its fate and, possibly, take additional actions. * Each chain has a default target, which is used if none of the rules on that chain match a packet or if none of the rules which match the packet specify a target. The following are the standard targets: * <user-defined-chain> : Replace <user-defined-chain> with the name of a user-defined chain within the table. This target passes the packet to the target chain. * ACCEPT — Allows the packet to successfully move on to its destination or another chain. * DROP — Drops the packet without responding to the requester. The system that sent the packet is not notified of the failure. *

QUEUE — The packet is queued for handling by a user-space application. * RETURN — Stops checking the packet against rules in the current chain. If the packet with a RETURN target matches a rule in a chain called from another chain, the packet is returned to the first chain to resume rule checking where it left off. If the RETURN rule is used on a built-in chain and the packet cannot move up to its previous chain, the default target for the current chain decides what action to take. Rules created with the iptables command are stored in memory. If the system is restarted after setting up iptables rules, they will be lost. In order for netfilter rules to persist through system reboot, they need to be saved. To do this, log in as root and type: $ /sbin/service iptables save

* The next time the system boots, the iptables init script will reapply the rules saved in /etc/sysconfig/iptables by using the /sbin/iptables-restore command. * The rules in the iptables can be seen by using $ iptables –L * To flush all the rules in filter or nat tables, use $ iptables --flush $ iptables --table nat –flush

* To stop/start/restart iptables $ /etc/rc.d/init.d/iptables stop/start/restart

* To delete all chains that are not in default filter and nat table. $ iptables --delete-chain $ iptables --table nat --delete-chain

* To deny all connections from a specific host $ iptables -I INPUT -s XXX.XXX.XXX.XXX -j DROP

* For Debugging and Logging add the lines below to iptables and you can see the messages in /var/log/messages. $ iptables -A INPUT -j LOG --log-prefix "INPUT_DROP: " $ iptables -A OUTPUT -j LOG --log-prefix "OUTPUT_DROP: " * To disallow access to port 80 from the IP address 212.160.2.4, you can use $ iptables –A INPUT –p tcp –dp 80 –s 212.160.2.4 –j DROP

Here you are adding a rule to the INPUT chain which is dropping all packets to port 80 on your machine from the IP address 212.160.2.4

* To disallow access to the smtp server from the network 212.160.2.0, you can use $ iptables –A INPUT –p tcp –dp 25 –s 212.160.2.0/24 –j DROP

* To disallow access to the smtp server from the network 212.160.0.0, you can use $ iptables –A INPUT –p tcp –dp 25 –s 212.160.0.0/16 –j DROP

* The -d 0.0.0.0/0 refers to all or any destination address of packet.

*

To view the rules along with the rule numbers so that its easier to delete a rule from the chain $ iptables –L –line-numbers * To delete rule no 2 from the INPUT chain from the default filter table $ iptables –D INPUT 1 * To setup routing so that all packets from the network 192.168.10.0/24 is altered to be routed from the public IP 202.15.20.198, use the commandline below to add a rule to the POSTROUTING table $ iptables –t NAT –A POSTROUTING –s 192.168.10.0/24 –j SNAT –to-source 202.15.20.198

* SNAT or SOURCE NAT : stores internal IP in the NAT table and route to and fro traffic to correct IP on the internal network.

7.3. Network Information Service (NIS)

The Network Information Service (NIS) provides a simple network lookup service consisting of databases and processes. It was formerly known as Sun Yellow Pages (YP).

Its purpose is to provide information, that has to be known throughout the network, to all machines on the network. Information likely to be distributed by NIS are:

* Login names/passwords/home directories (/etc/passwd) * Group information (/etc/group) * Host names and IP numbers (/etc/hosts)

For example, if your password entry is recorded in the NIS password database, you will be able to login on all machines on the net which have the NIS client programs running.

7.3.1. NIS Maps

* NIS client programs query the NIS servers for data which is stored in its databases, which are known as maps.

* NIS maps are stored in DBM format which is a binary format based on simple ASCII files.

* ASCII to DBM conversion can be done by using the makedbm command.

7.3.2. NIS Domain

An NIS domain refers to a group of systems in a network or subnet which use the same NIS Map.

7.3.2.1). NIS Topologies used

1. A single domain with a master server and one or more clients.

2. A single domain with one master server, one or more slave NIS servers and one or more clients.

3. Multiple domains with its own master server, no slave servers and one or more clients.

4. Multiple domains with its own master server, its own slave servers and one or more clients.

7.3.3. NIS Server Installation and Configuration

7.3.3.1). Installing the NIS Server utility

* There are two NIS packages and the portmap server that needs to be installed for the NIS server to work on a machine. o ypserv o yp-tools o portmap (if not already installed).

* The NIS utilities – ypserv and yp-tools can be found at,

Site Directory File Name

ftp.kernel.org /pub/linux/utils/net/NIS ypserv-2.9.tar.gz ftp.kernel.org /pub/linux/utils/net/NIS yp-tools-2.9.tar.gz

* Compile the NIS softwares ( ypserv and yp-tools) to generate the ypserv and makedbm. Makedbm program converts the ascii format database files into dbm format.

* NIS server configuration involves the following steps,

1. Setting up the NIS domain name.

2. Configuring and starting the NIS server deamon ypserv

3. Initializing the NIS Maps

4. Starting the NIS password deamon

5. Starting the NIS transfer deamon ( If you are using slave servers)

6. Modifying the startup process to start the NIS deamon when the system reboots. 7.3.3.2). Setting up the NIS domain name

* To set up the NIS domain name, give the entry below at the shell prompt.

$ nisdomainname <domainname>

eg: $ nisdomainname carmatrain.com

* Next reissue the nisdomainname command to confirm that the nis domain is set. This is a temporary arrangement. To make this permanent, add the entry NISDOMAIN=nisdomainname in the /etc/sysconfig/network file.

7.3.3.3). Configuring and starting the deamon ypserv

* With the NIS domain name set you can start the NIS server deamon. The key configuration files are,

1. /var/yp/securenets

It contains the netmasks and the network number pairs that defines the list of hosts permitted to access the NIS server.

255.255.255.0 192.168.0.0

2. /etc/ypserv.conf ( Configuration for the primary NIS server deamon and the NIS transfer deamon ypxfrd). It contains runtime configuration options called option line, for ypserv, and host access information, called access rules.

Default values in /etc/ypserv.conf is sufficient for most of the NIS server configurations.

dns: no *:shadow.byname:port:yes *:passwd.adjunct.byname:port:yes

* Entries in the file appear one per line. Each line is made up of colon separated fields defining an option line or an access rule with the format,

Option:[yes/no]

* Options can be either dns or xfr_check_port.

* dns controls whether or not the NIS server performs a dns lookup for hosts not listed in the host maps. The default is no.

* xfr_check_port controls whether the ypserv runs on a port numbered less than 1023, a so called privileged port. The default is yes.

* Access rules have a slightly complicated format.

Host:map:security:mangle[:field]

* Host – the ip address to match. Wild cards are also allowed.

* Map – the name of a map to match for . l* for all the maps.

* Security – The type of security to use. Can be one of none, port, deny or des.

o none enables always access to hosts. Mangle the passwd field if so configured, default is not. o Port enables access if the connection is coming from a privileged port (<1024) . If mangle is set to yes, access is enabled, but the password field is mangled. If mangle is set to no, access is denied. o Deny denies the matching host access to this map. o Des requires des authentication.

* Mangle – possible values are "yes" or "no". If "yes", the field entry will be mangled. Mangling means that the field is replaced by 'x' if the port check reveals the request originated from an unpriviliged port. If set to no, field is not mangled if the requesting port is unprivileged.

* Field – the field number is the map to mangle. The default value if the field is not specified is 2, which corresponds to the password field in /etc/group, /etc/shadow, and /etc/passwd.

* Access rules are tried in order, and all rules are evaluated. If no rule matches a connecting host, access to the corresponding map is enabled.

* For NIS to work, port mapper should be running. Port map translates the RPC port numbers and program numbers to TCP/IP port numbers.

You can check the status of port map by running the command,

$ /sbin/service portmap status

Which should show an output like,

Portmap (pid 559) running ….

If its not running you can start the same by issuing the command

$ /sbin/service portmap start

Once the portmap is started you can start the NIS server by issuing the command,

$ /sbin/service ypserv start

Once the ypserv daemon is started, the command

$ rpcinfo -u localhost ypserv

should given an output like below

program 100004 version 1 ready and waiting program 100004 version 2 ready and waiting

7.3.3.4). Initializing the NIS Maps

* Now you need to generate the password database using ypinit, which would generate the complete set of NIS maps and places them in the directory /var/yp named by the nisdomain.

To generate the NIS database issue the command,

$ /usr/lib/yp/ypinit –m

The –m option is used to indicate that its creating maps for the master server.

If you are using a slave server for redundancy then, make sure that ypwhich -m works from each of them. This means, that your slave must be also configured as NIS clients.

To create a slave server using the databases from the master server named masterhost, use

/usr/lib/yp/ypinit -s masterhost 7.3.3.5). Starting the NIS Password Deamon

When new users are added or deleted the NIS clients and slaves should be notified of this change. The deamon that handles this change is yppasswdd.

* Yppasswdd handles password changes and updating other NIS information that depends on user passwords.

* This daemon runs only on the NIS master server.

To start this,

$ /sbin/service yppasswdd start

It runs only on the NIS master server. 7.3.3.6). Starting the Server Transfer deamon

Ypxfrd is used to speed up the transfer of large maps from the NIS master to the slave servers.

$ /sbin/service ypxfrd start

7.3.3.7). Modifying the startup process to start NIS at Boot

*

Firstly, to permanently save the NIS domain name, add the line below to /etc/sysconfig/network. NISDOMAIN=carmatec.com * Run the GUI tool “serviceconf†which is the RedHat service configuration tool to configure the NIS daemons to start at boot time. After starting serviceconf, goto Main Menu -->System Settings ïƒ Server Settings ïƒ Server Settings ïƒ Services. Enable the checkbox for ypserv and yppasswdd services.

7.3.4). Installing and Configuring the NIS Client

7.3.4.1). Installing the ypbind utility

The NIS client requires the ypbind package to be installed on it as well as the portmapper server running.

* The ypbind daemon binds NIS clients to an NIS domain. Ypbind must be running on any machine running NIS client programs.

* The ypbind software is also available from http://ftp.kernel.org/pub/linux/utils/net/NIS/

* Compile and install the software as per the instructions inside.

* Install the portmapper package also if its not already installed on the server.

* After this, the NIS client needs to be configured , the steps for which are given below:

1.

Set up the NIS domain name. 2. Configure and start the NIS client deamon. 3. Test the client deamon. 4. Configure the client startup files to use NIS. 5. Reboot the client.

7.3.4.2). Setting up the NIS domain name

Add the entry in the /etc/sysconfig/network file as NISDOMAIN=

For example, To set the NIS domain as carmatec.com, you may give NISDOMAIN=carmatec.com 7.3.4.3). Configure and start the NIS client deamon * The NIS client deamon ypbind uses the configuration file /etc/yp.conf that specifies which NIS servers’ clients should use and how to locate them.

ypserver

* Valid entries are

+ domain NISDOMAIN server HOSTNAME : Use server HOSTNAME for the domain NISDOMAIN.

+ domain NISDOMAIN broadcast : Use broadcast on the local net for domain NISDOMAIN.

+ ypserver HOSTNAME : Use server HOSTNAME for the local domain. The IP-address of server must be listed in /etc/hosts.

* A sample entry can be

ypserver 192.168.0.2 OR domain educarma.com server 192.168.0.2

* The same thing above can also be done using a GUI tool called authconfig.

Now start the NIS client by issuing the command,

$ /sbin/service ypbind start 7.3.4.4). Test the Client daemon

* The commandline below using rpcinfo will let you confirm that ypbind was able to register its service with the portmapper.

$ rpcinfo –u 192.168.0.2 ypbind

* The commandline below can be used to check if the portmapper is running $ rpcinfo –p 192.168.0.2

* Now edit /etc/host.conf file to use NIS for password lookup, ie change the order to the entry below

order hosts,nis,bind

* The configuration above means that the nameservice lookups will first query /etc/hosts, then NIS and then user BIND, the nameserver.

* Lastly, edit the /etc/nssswitch.conf and add the entries shown below if not already present.

passwd: files nis shadow: files nis group: files nis hosts: files nis

7.3.4.5). Configuring the NIS Client startup files

* After configuring the NIS server, you need to make sure that the client daemon ypbind starts and stops when the system starts and stops. * This can be done by checking the daemon ‘ypbind’ in the Service Configuration Tool which can opened using the command “serviceconf†$ serviceconf * Save the changes after checking ypbind and NIS Client services will be up and running after a system reboot. * Reboot the server to make sure the NIS Client daemon starts. 7.3.4.6). NIS Configuration Files/Commands

NIS File/Command

Description/Usage ypwhich

Displays the name of the master NIS server $ ypwhich ypcat

Prints the entries in an NIS database $ ypcat –x (To check options) $ ypcat passwd ( To see entries from the map “passwd.bynameâ€

)

yppasswd

Changes user passwords and info on the NIS server $ yppasswd carma yppoll

Displays the server and version no of an NIS map $ yppoll -h 192.168.0.2 passwd.byname ypmatch

Prints the value of one or more entries in an NIS map /etc/yp.conf

Configures the NIS client bindings

/etc/nsswitch.conf

Configures the system name database lookup

/etc/host.conf

Configures host name resolution

7.3.5. More about NIS

* Within a network which has NIS setup, there must be at least one machine acting as a NIS server.

*

You can have multiple NIS servers, each serving different NIS "domains" or you can have co operating NIS servers, where one is the master NIS server, and all the other are so-called slave NIS servers (for a certain NIS "domain", that is!) - Or you can have a mix of them.

* To have the NIS work you need to run the program portmap which is available at /sbin/portmap.

* Portmap is a program which converts RPC port numbers to TCP/IP port numbers. To make RPC calls you need to have Portmap running, which is a pre requisite for the NIS clients and servers to work as they rely on RPC method of communication.

* When an RPC server is started, it will tell portmap what port number it is listening to, and what RPC program numbers it is prepared to serve.

* When a client wishes to make an RPC call to a given program number, it will first contact portmap on the server machine to determine the port number where RPC packets should be sent.

7.4. Network File Systems (NFS)

The Network File System (NFS) was developed to allow machines to mount a disk partition on a remote machine as if it were on a local hard drive.

* This allows for fast, seamless sharing of files across a network.

* There are three main configuration files you will need to edit to set up an NFS server:

1. /etc/exports 2. /etc/hosts.allow

3. /etc/hosts.deny 7.4.1. Main Configuration Files 7.4.1.1). /etc/exports file

/etc/exports file contains a list of entries, each entry indicates a volume that is shared and how its shared. An entry in /etc/exports will typically look like this: directory machine1(option11,option12) machine2(option21,option22)]

where directory the directory that you want to share. It may be an entire volume though it need not be. If you share a directory, then all directories under it within the same file system will be shared as well. machine1 and machine2 client machines that will have access to the directory. The machines may be listed by their DNS address or their IP address (e.g., machine.company.com or 192.168.0.8). Using IP addresses is more reliable and more secure. optionxx The option listing for each machine will describe what kind of access that machine will have. Important options are: * ro: The directory is shared read only; the client machine will not be able to write to it. This is the default.

* rw: The client machine will have read and write access to the directory. * no_root_squash: By default, any file request made by user root on the client machine is treated as if it is made by user nobody on the server. * Exactly which UID the request is mapped to depends on the UID of user "nobody" on the server, not the client. *

If no_root_squash is selected, then root on the client machine will have the same level of access to the files on the system as root on the server. * This can have serious security implications, although it may be necessary if you want to perform any administrative work on the client machine that involves the exported directories. You should not specify this option without a good reason. * no_subtree_check: If only part of a volume is exported, a routine called subtree checking verifies that a file that is requested from the client is in the appropriate part of the volume. If the entire volume is exported, disabling this check will speed up transfers.

* sync: By default, all but the most recent version (version 1.11) of exportfs command will use async behavior, telling a client machine that a write is complete - that is, it has been written to stable storage - when has finished handing the write over to the file system. This behavior may data corruption if the server reboots, and the sync option prevents this.

the file NFS cause

Eg entry: /var/tmp 192.168.0.3(async,w) 7.4.1.2). /etc/hosts.allow and /etc/hosts.deny These two files specify which computers on the network can use services on your machine. Each line of the file contains a single entry listing a service and a set of machines. When the server gets a request from a machine, it does the following: * It first checks /etc/hosts.allow to see if the machine matches a description listed in there. If it does, then the machine is allowed access. * If the machine does not match an entry in hosts.allow, the server then checks hosts.deny to see if the client matches a listing in there. If it does then the machine is denied access. * If the client matches no listings in either file, then it is allowed access. Configuring /etc/hosts.allow and /etc/hosts.deny for NFS security * In addition to controlling access to services handled by inetd (such as telnet and FTP), this file can also control access to NFS by restricting

connections to the daemons that provide NFS services. Restrictions are done on a per-service basis. * The first daemon to restrict access to is the portmapper. This daemon essentially just tells requesting clients how to find all the NFS services on the system. * Restricting access to the portmapper is the best defense against someone breaking into your system through NFS because completely unauthorized clients won't know where to find the NFS daemons. * However, there are two things to watch out for. First, restricting portmapper isn't enough if the intruder already knows for some reason how to find those daemons. And second, if you are running NIS, restricting portmapper will also restrict requests to NIS. In general it is a good idea with NFS (as with most internet services) to explicitly deny access to IP addresses that you don't need to allow access to.

* The first step in doing this is to add the followng entry to /etc/hosts.deny: portmap:ALL * If you have a newer version of nfs-utils, add entries for each of the NFS daemons in hosts.deny: lockd:ALL mountd:ALL rquotad:ALL statd:ALL * Some sys admins choose to put the entry ALL:ALL in the file /etc/hosts.deny, which causes any service that looks at these files to deny access to all hosts unless it is explicitly allowed.

*

Next, we need to add an entry to hosts.allow to give any hosts access that we want to have access. (If we just leave the above lines in hosts.deny then nobody will have access to NFS.) Entries in hosts.allow follow the format service: host [or network/netmask] , host [or network/netmask] * Here, host is IP address of a potential client; it may be possible in some versions to use the DNS name of the host, but it is strongly discouraged.

* Suppose we have the setup above and we just want to allow access to 192.168.0.1 and 192.168.0.2, respectively. We could add the following entry to /etc/hosts.allow: portmap: 192.168.0.1 , 192.168.0.2 * For recent nfs-utils versions, we would also add the following (again, these entries are harmless even if they are not supported): lockd: 192.168.0.1 , 192.168.0.2 rquotad: 192.168.0.1 , 192.168.0.2 mountd: 192.168.0.1 , 192.168.0.2 statd: 192.168.0.1 , 192.168.0.2 * If you intend to run NFS on a large number of machines in a local network, /etc/hosts.allow also allows for network/netmask style entries in the same manner as /etc/exports above. 7.4.2. NFS Server Setup 7.4.2.1). Pre-requisites The NFS server should now be configured and firstly, you will need to have the appropriate packages installed. This consists mainly a kernel which supports NFS and the nfs-utils package. * NFS depends on the portmapper daemon, either called portmap or rpc.portmap. It will need to be started using $ /sbin/service portmap start *

Most recent Linux distributions start this daemon in the boot scripts, but it is worth making sure that it is running before you begin working with NFS using $ /sbin/service portmap status

7.4.2.2). The NFS Daemons and starting them Providing NFS services requires the service of six daemons. 1. portmap : Enables NFS clients to discover the NFS services available on a given NFS server. 2. nfsd : Provides all NFS services except file locking and quota management. 3. lockd : Starts the kernels NFS lock manager 4. statd : Implements NFS lock recovery when an NFS server system crashes 5. rquotad : Handles user file quotas on exported volumes to NFS clients. 6. mountd : Processes NFS client mount requests

* The daemons are all part of the nfs-utils package, and may be either in the /sbin directory or the /usr/sbin directory. * If your distribution does not include them in the startup scripts, then , you should add them and configure it to start in the following order: 1. portmap 2. nfsd 3. mountd 4. statd 5.

rquotad ( if necessary)

* lockd is started by nfsd on an as-needed basis so there is no need to invoke it manually. * The nfs-utils package has a sample startup script for RedHat and the script will take care of starting all the NFS server daemons for you except the portmapper. $ /etc/rc.d/init.d/nfs start/stop/status/restart * Hence if you need to restart nfs manually, the order to do so is $ /etc/rc.d/init.d/portmap start $ /etc/rc.d/init.d/nfs start $ /etc/rc.d/init.d/nfslock start

7.4.2.3). Verifying that NFS is running To do this, query the portmapper with the command rpcinfo -p to find out what services it is providing. You should get something like this:

$ rpcinfo –p portmapper program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100011 1 udp 749 rquotad 100011 2 udp 749 rquotad 100005 1 udp 759 mountd 100005 1 tcp 761 mountd 100005 2 udp 764 mountd 100005 2 tcp 766 mountd 100005 3 udp 769 mountd

100005 3 tcp 771 mountd 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 300019 1 tcp 830 amd 300019 1 udp 831 amd 100024 1 udp 944 status 100024 1 tcp 946 status 100021 1 udp 1042 nlockmgr 100021 3 udp 1042 nlockmgr 100021 4 udp 1042 nlockmgr 100021 1 tcp 1629 nlockmgr 100021 3 tcp 1629 nlockmgr 100021 4 tcp 1629 nlockmgr * .name for lockd) versions 1, 3, and 4. There are also different service listings depending on whether NFS is travelling over TCP or UDP. * If you do not at least see a line that says portmapper, a line that says nfs, and a line that says mountd then you will need to backtrack and try again to start up the server. * If you do see these services listed, then you should be ready to set up NFS clients to access files from your server.

7.4.2.4). Making changes to /etc/exports later on * If you come back and change your /etc/exports file, the changes you make may not take effect immediately. * You should therefore run the command exportfs -ra to force nfsd to re-read the /etc/exports file. If you can't find the exportfs command, then you can kill nfsd and restart it. * Exportfs command will also let you manipulate the list of available exports or list the currently exported file systems

$ exportfs –v // List currently exported file systems $ exportfs –v –u 192.168.0.4:/home //Remove an exported file system

7.4.3. Setting up an NFS Client

7.4.3.1). Mounting remote directories * Firstly, the kernel on the client machine needs to be compiled with NFS support. * The portmapper should be running on the client machine machine, and to use NFS file locking, you also need statd and lockd running on both the client and the server. * With portmap, lockd, and statd running, you should now be able to mount the remote directory from your server just the way you mount a local hard drive, with the mount command. * Suppose our NFS server is called master.carma.com,and we want to mount the /home directory on slave.carma.com, use the command line below for mounting on slave.carma.com. $ mount –t nfs master.carma.com:/home /home1 OR

$ mount -t nfs 192.168.0.2:/home /home1 –o –rw,soft * And the directory /home on master will appear as the directory /home1 on slave.carma.com. Note that this assumes we have created the directory /home1 as an empty mount point beforehand on slave.carma.com * You can get rid of the file system mounted via nfs using just like you would for a local file system. $ umount /home1 7.4.3.2). Getting NFS File Systems to Be Mounted at Boot Time * NFS file systems can be added to your /etc/fstab file the same way local file systems can, so that they mount when your system starts up. *

The only difference is that the file system type will be set to nfs and the dump and fsck order (the last two entries) will have to be set to zero. So for our example above, the entry in /etc/fstab would look like: device mountpoint fs-type options dump fsckorder

master.carma.com:/home /home1 nfs rw 0 0

7.4.3.3). Options for Mounting

Soft vs. Hard Mounting

There are some options which govern the way the NFS client handles a server crash or network outage. One of the cool things about NFS is that it can handle this gracefully if you set up the clients right. There are two distinct failure modes: * soft If a file request fails, the NFS client will report an error to the process on the client machine requesting the file access. * hard The program accessing a file on a NFS mounted file system will hang when the server crashes. The process cannot be interrupted or killed (except by a "sure kill") unless you also specify intr. When the NFS server is back online the program will continue undisturbed from where it was. We recommend using hard,intr on all NFS mounted file systems. Picking up from previous example, the fstab entry would now look like: device mountpoint fs-type options dump fsckord ... master.carma.com:/home /home1 nfs rw,hard,intr 0 0 ... Setting Block Size to Optimize Transfer Speeds * The rsize and wsize mount options specify the size of the chunks of data that the client and server pass back and forth to each other. *

rsize=n will set the NFS read buffer size to n bytes ( default is 4096) * wsize=n will set the NFS write buffer size to n bytes ( “ ) * While mounting manually, the mount options can be specified as below $ mount –t nfs 192.168.0.2:/home /home1 –o rsize=8292, wsize=8192, hard,intr,nolock * intr will allow signals such as Ctrl-C to interrupt a failed NFS file operation if the file system is mounted with the hard option and hence its used with the hard option. * nolock disables NFS locking and stops the statd and lockd daemons and lock will enable it.

7.4.4. Using Automount services (Autofs)

* The easiest way for client systems to mount NFS exports is to use autofs, which automatically mounts file systems not already mounted when the file system is first accessed. * Autofs uses the automated daemon to mount and unmount file systems that automount has been configured to control. * The automount daemons automatically mounts filesystems and unmounts them after a period of inactivity thereby saving a lot of resources. * For autofs to work, you need the kernel support for autofs and the autofs package installed on the system. 7.4.4.1). Autofs Setup

* Autofs uses a set of map files to control automounting and a master map file which is called /etc/auto.master which assosciates mount points with secondary map files that control the file systems mounted under the corresponding mount points. * For example, consider the following /etc/auto.master config file:

/home /etc/auto.home /var /etc/auto.var –timeout 600 * This file assosciates the secondary map file /etc/auto.home with the mount point /home and the map file /etc/auto.var with the /var mount point. * Thus, auto.home defines filesystems mounted under /home and auto.var defines file systems mounted under /var. * Hence each file in the master map file has 3 fields : mountpoint, full path to secondary map file and options that control the behaviour of the automount daemon which is optional. * Here , --timeout=600 means after every 600 secs/10 mins of inactivity, the /var mount point will be unmounted automatically.

The Secondary Map Files

The secondary map file has the general syntax below: localdir [-options] remotefs * localdir refers to the directory beneath the mount point where the NFS mount will be mounted. * remotefs is the host and pathname of the NFS mount * options can be anything like rw,ro,soft,hard,intr,rsize,wsize etc

Consider a sample auto.home file which is used to mount /home from the host 192.168.0.2 carma -rw,hard,intr 192.168.0.2:/home/carma

* If /home/carma exist on the local system, it’ll be temporarily replaced by the contents of the NFS mount.

If the entire /home directory needs to be mounted from the NFS server, it can be done using some wild card characters as below. * -rw,hard,intr 192.168.0.2:/home/& o The above line states that any directory a user tries to access under the local /home directory (due to the asterisk character) should result in an NFS mount on the 192.168.0.2 system within its exported /home filesystem.

7.4.4.2). Starting and Stopping Autofs

* The Autofs service can be started by the root user using $ /sbin/service autofs start

* To check the status of autofs, use the option $ /sbin/service autofs status

* After changing a map file, the configuration can be reloaded using $ /sbin/service autofs reload 7.5. TCP Wrappers and Xinetd Services

TCP wrappers provide access control to a variety of services. Most modern network services, such as SSH, Telnet, and FTP, make use of TCP wrappers, which stands guard between an incoming request and the requested service.

The benefits offered by TCP wrappers are enhanced when used in conjunction with xinetd, a super service that provides * additional access * logging

* binding * redirection, and * resource utilization control. 7.5.1. TCP Wrappers

* The TCP wrappers package (tcp_wrappers) is installed by default under Red Hat Linux and provides host-based access control to network services.

* The most important component within the package is the /usr/lib/libwrap.a library. In general terms, a TCP wrapped service is one that has been compiled against the libwrap.a library.

* When a connection attempt is made to a TCP wrapped service, the service first references the hosts access files (/etc/hosts.allow and /etc/hosts.deny) to determine whether or not the client host is allowed to connect.

* It then uses the syslog daemon (syslogd) to write the name of the requesting host and the requested service to /var/log/messages.

* If a client host is allowed to connect, TCP wrappers release control of the connection to the requested service and do not interfere further with communication between the client host and the server.

* In addition to access control and logging, TCP wrappers can activate commands to interact with the client before denying or releasing control of the connection to the requested network service.

*

Because TCP wrappers are a valuable addition to any server administrator's arsenal of security tools, most network services within Red Hat Linux are linked against the libwrap.a library.

* Some such applications include /usr/sbin/sshd, /usr/sbin/sendmail, and /usr/sbin/xinetd.

7.5.1.1). Advantages of TCP Wrappers

TCP wrappers provide the following advantages over other network service control techniques:

1. Transparency to both the client host and the wrapped network service. Both the connecting client and the wrapped network service are unaware that TCP wrappers are in use. Legitimate users are logged and connected to the requested service while connections from banned clients fail.

2. Centralized management of multiple protocols. — TCP wrappers operate separately from the network services they protect, allowing many server applications to share a common set of configuration files for simpler management.

7.5.1.2). TCP Wrappers Configuration Files

To determine if a client machine is allowed to connect to a service, TCP wrappers reference the following two files, which are commonly referred to as hosts access files:

1. /etc/hosts.allow

2. /etc/hosts.deny

When a client request is received by a TCP wrapped service, it takes the following basic steps:

* The service references /etc/hosts.allow. — The TCP wrapped service sequentially parses the /etc/hosts.allow file and applies the first rule

specified for that service. If it finds a matching rule, it allows the connection. If not, it moves on to step 2.

* The service references /etc/hosts.deny. — The TCP wrapped service sequentially parses the /etc/hosts.deny file. If it finds a matching rule is denies the connection. If not, access to the service is granted.

The following are important points to consider when using TCP wrappers to protect network services:

* Because access rules in hosts.allow are applied first, they take precedence over rules specified in hosts.deny.

* Therefore, if access to a service is allowed in hosts.allow, a rule denying access to that same service in hosts.deny is ignored.

* Since the rules in each file are read from the top down and the first matching rule for a given service is the only one applied, the order of the rules is extremely important.

* If no rules for the service are found in either file, or if neither file exists, access to the service is granted.

* TCP wrapped services do not cache the rules from the hosts access files, so any changes to hosts.allow or hosts.deny take effect immediately without restarting network services.

Formatting Access Rules

* The format for both /etc/hosts.allow and /etc/hosts.deny are identical.

*

Any blank lines or lines that start with a hash mark (#) are ignored, and each rule must be on its own line.

* Each rule uses the following basic format to control access to network services:

: [: