Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Can you explain /etc/passwd file format for Linux and UNIX
operating systems?
A. /etc/passwd file stores essential information, which is required
during login i.e. user account information. /etc/passwd is a text
file, that contains a list of the system’s accounts, giving for each
account some useful information like user ID, group ID, [...]
Q. Can you explain /etc/passwd file format for Linux and UNIX
operating systems?
Quote:
1. Username: (Root) -:It is used when user logs in. It should be
between 1 and 32 characters in length.
2. Password:(x) -: An x character indicates that encrypted
password is stored in /etc/shadow file.
3. User ID (UID): (0) -: Each user must be assigned a user ID
(UID). UID 0 (zero) is reserved for root and UIDs 1-99 are
reserved for other predefined accounts. Further UID 100-999 are
reserved by system for administrative and system
accounts/groups.
4. Group ID (GID): (0) :- The primary group ID (stored in
/etc/group file)
5. User ID Info: (root) -: The comment field. It allow you to
add extra information about the users such as user’s full name,
phone number etc. This field use by finger command.
6. Home directory: (/root) -: The absolute path to the directory
the user will be in when they log in. If this directory does
not exists then users directory becomes /
7. Command/shell: (/bin/bash) -: The absolute path of a command
or shell (/bin/bash). Typically, this is a shell. Please note
that it does not have to be a shell.
Q:- Can you explain /etc/shadow file used under Linux or UNIX?
Quote:
1. User name : (root) -: It is your login name
2. Password: ( $1$heLNU7cb$yLf9xPG/8o5LCmqpE.fVG0) -: It your
encrypted password. The password should be minimum 6-8 characters
long including special characters/digits
3. Last password change (lastchanged): (14638 ) -: Days since Jan
1, 1970 that password was last changed
4. Minimum: (0) -: The minimum number of days required between
password changes i.e. the number of days left before the user is
allowed to change his/her password
5. Maximum: (99999) -: The maximum number of days the password is
valid (after that user is forced to change his/her password)
6. Warn : (7) :- The number of days before password is to expire
that user is warned that his/her password must be changed
Note -------- In above example in only 6 field in show. Two next
field in describe 7 & 8 option.
7. Inactive : The number of days after password expires that account
is disabled
8. Expire : days since Jan 1, 1970 that account is disabled i.e. an
absolute date specifying when the login may no longer be used.
FIND COMMAND -:
Find files modified between now and 1 day ago (i.e., within the past
24 hours)
find . -mtime 0
Find files modified less than 1 day ago (i.e., within the past 24
hours, as before)
find . -mtime -1
Find files modified between 24 and 48 hours ago
find . -mtime 1
Find files modified more than 48 hours ago.
find . -mtime +1
Find files modified between 6 and 9 minutes ago
find . -mmin +5 -mmin -10
5. rgmanager (Highavailability Service Management daemon) TCP
Ports 41966, 41967, 41968, 41969:
iptables I INPUT m state state NEW m multiport p \
tcp -s 192.168.5.0/24 -d 192.168.5.0/24 --dports
41966,41967,41968,41969 -j ACCEPT
6. ricci (part of Conga remote agent) TCP Port 11111:
iptables I INPUT m state state NEW p tcp s 192.168.5.0/24
d 192.168.5.0/24 dport 11111 j ACCEPT
7. luci (Conga User Interface server) TCP Port 8084:
iptables I INPUT m state state NEW p tcp s 192.168.5.0/24
d 192.168.5.0/24 dport 8084 j ACCEPT
8. modclusterd (part of Conga remote agent) TCP Port 16851:
9. iptables I INPUT m state state NEW p tcp s 192.168.5.0/24
d 192.168.5.0/24 dport 16851 j ACCEPT
10. gnbd (Global Network Block Device) TCP Port 14567:
iptables I INPUT m state state NEW p tcp s 192.168.5.0/24
d 192.168.5.0/24 dport 14567 j ACCEPT
11. After applying the iptables rules, save the configuration for
the changes to be persistent during reboot.
12. service iptables save
VLAN CONFIGURATION -:
VLAN stands for virtual LAN. A single VLAN-capable switch is able to
participate in multiple LANs at once.
Connect the eth0 interface of your linux machine to the switch.
2. Remove the IP Address information on the eth0 interface
# cd /etc/sysconfig/network-scripts/
Contents of ifcfg-eth0
DEVICE=eth0
ONBOOT=no
TYPE=Ethernet
Contents of ifcfg-eth0.100
DEVICE=eth0.100
IPADDR=xxx.xxx.xxx.xxx
NETMASK=255.255.252.0
VLAN=yes
ONBOOT=yes
BOOTPROTO=none
Contents of ifcfg-eth0.200
DEVICE=eth0.200
IPADDR=yyy.yyy.yyy.yyy
NETMASK=255.255.0.0
VLAN=yes
ONBOOT=yes
BOOTPROTO=none
Linux Crontab Format
MIN HOUR DOM MON DOW CMD
Crontab Fields :
The crontab command is used to schedule jobs to be run in the
future, usually on some regular schedule (such as every
week). The command is run with one of three command line
arguments:
crontab l View crontab file, if any
crontab r Remove crontab file, if any.
crontab e Edit (or create) user's crontab file (starts the
editor automatically)
crontab file Replace existing crontab file (if any) with
file
Field Descriptions:
minute hour dayOfMonth month dayOfWeek command
where: minute values range from 0 to 59,
hour values range from 0 to 23,
dayOfMonth values range from 1 to 31,
month values range from 1 to 12,
dayOfWeek values range from 0 to 6, with 0 meaning Sunday
Examples :
0,30 817 * * 15 cmd > Run cmd on the halfhour from 8:00
AM to 5:30 PM, Monday thru Friday
0 12 1,15 * 5 cmd > Run cmd at noon each Friday AND the
first and fifteenth of every month
17 3 * * 1 cmd > Run cmd at 3:17 AM Monday (a backup
program perhaps).
Scheduling a Job For a Specific Time Every Day.
30 08 10 06 * /home/ramesh/fullbackup
Schedule a Job For More Than One Instance (Twice a Day)
00 11,16 * * * /home/ramesh/bin/incrementalbackup
Schedule a Job for Specific Range of Time (e.g. Only on
Weekdays)
Cron Job everyday during working hours
00 0918 * * * /home/ramesh/bin/checkdbstatus
Cron Job every weekday during working hours
00 0918 * * 15 /home/ramesh/bin/checkdbstatus
HowTo: View Other Linux User’s Crontabs entries
crontab u sathiya l
How to edit Other Linux User’s Crontab File entries
crontab u sathiya e
Schedule a Job for Every Minute Using Cron.
* * * * * CMD
Schedule a Background Cron Job For Every 10 Minutes.
*/10 * * * * /home/ramesh/checkdiskspace
Schedule a Job For First Minute of Every Year using @yearly
@yearly /home/ramesh/redhat/bin/annualmaintenance
Schedule a Cron Job Beginning of Every Month using @monthly
@monthly /home/ramesh/suse/bin/tapebackup
Schedule a Background Job Every Day using @daily
@daily /home/ramesh/archlinux/bin/cleanuplogs "day
started"
finds all the files (under root file system /) that got updated
within the last 24 hours (1 day).
find / -mtime -1
find files in the current directory and sub-directories, which got
accessed within last 1 hour (60 minutes)
find -amin -60
finds all the files (under root file system /) that got accessed
within the last 24 hours (1 day).
find / -atime -1
find files in the current directory and sub-directories, which
changed within last 1 hour (60 minutes)
find . -cmin -60
MYSQL -LINUX
How to change the MySQL root user password?
mysqladmin -u root -ptmppassword password 'newpassword'
How to check whether MySQL Server is up and running?
mysqladmin -u root -p ping
How do I find out what version of MySQL I am running?
mysqladmin -u root -ptmppassword version
What is the current status of MySQL server?
mysqladmin -u root -ptmppassword status
How to view all the MySQL Server status variable and it’s current
value?
mysqladmin -u root -ptmppassword extended-status
How to display all MySQL server system variables and the values?
mysqladmin -u root -ptmppassword variables
How to display all the running process/queries in the mysql database?
mysqladmin -u root -ptmppassword processlist
How to create a MySQL Database?
mysqladmin -u root -ptmppassword create testdb
How to Delete/Drop an existing MySQL database?
mysqladmin -u root -ptmppassword drop testdb
How to reload/refresh the privilege or the grants tables?
mysqladmin -u root -ptmppassword reload;
Refresh command will flush all the tables and close/open log files.
mysqladmin -u root -ptmppassword refresh
What is the safe method to shutdown the MySQL server?
mysqladmin -u root -ptmppassword shutdown
List of all mysqladmin flush commands.
mysqladmin -u root -ptmppassword flush-hosts
mysqladmin -u root -ptmppassword flush-logs
mysqladmin -u root -ptmppassword flush-privileges
mysqladmin -u root -ptmppassword flush-status
mysqladmin -u root -ptmppassword flush-tables
mysqladmin -u root -ptmppassword flush-threads
How to kill a hanging MySQL Client Process?
mysqladmin -u root -ptmppassword processlist
How to start and stop MySQL replication on a slave server?
mysqladmin -u root -ptmppassword stop-slave
How to combine multiple mysqladmin commands together?
mysqladmin -u root -ptmppassword process status version
DNS (DOMAIN NAME SERVICE) IN LINUX
DNS (Domain Name System), is the service which translates between
Internet names and Internet addresses. Internet names are the names
which we use to refer to hosts on the Internet, such as
www.debianhelp.co.uk. Internet addresses are the numbers which
routers use to move traffic across the Internet, such as
211.1.13.115 and
What are DNS Records ?
DNS records or Zone files are used for mapping URLs to an IPs.
Located on servers called the DNS servers, these records are
typically the connection of your website with the outside world.
Requests for your website are forwarded to your DNS servers and then
get pointed to the WebServers that serve the website or to Email
servers that handle the incoming email.
Different Types of DNS Records With Syntax and Examples :
Types of DNS Records :
A
AAAA
CNAME
MX
PTR
NS
SOA
SRV
TXT
NAPTR
The above DNS records are mostly used in all DNS Configurations. Now
we will see each one with examples.
A Record : An A record or address record.
Address Record, assigns an IP address to a domain or subdomain name.
When the domain name system was designed it was recommended that no
two A records refer to the same IP address.
Suppose you have the somedomain.tld domain and want to assign
10.10.0.1 IP address to your web server, then you should create an A
record with "www.somedomain.tld" as Fully Qualified Domain Name and
"10.10.0.1" in the value field.
From now on, all the requests for www.somedomain.tld will be sent to
a server with that IP.
Basically is useful to use an A record when you have subdomains
residing on various systems.
Usefultip: you might use a "*.somedomain.tld" A record to allow
WHATEVER.somedomain.tld to be resolved to your IP, though a wildcard
CNAME record is often better than a wildcard A record.
Example of A Record with Syntax :
example.com. IN A 69.9.64.11
Where :
IN indicates Internet.
A indicates the Address record.
The above example indicate that the IP Address for the domain
example.com is 69.9.64.11
AAAA Record : An AAAA record or IPv6 address record maps a hostname
to a 128bit IPv6 address.
The regular DNS Address resource record is defined for a 32bit IPv4
address, so a new one was created to allow a domain name to be
associated with a 128bit IPv6 address. The four “A”s (“AAAA”) are a
mnemonic to indicate that the IPv6 address is four times the size of
the IPv4 address. The AAAA record is structured in very much the
same way as the A record in both binary and master file formats; it
is just much larger. The DNS resource record Type value for AAAA is
28.
Example of AAAA Record with Syntax :
The AAAA record is to help transition and coexistence between IPv4
and IPv6 networks. An IPv4 nameserver can provide IPv6 addresses:
linux aaaa 3ffe:1900:4545:2:02d0:09ff:fef7:6d2c
CNAME Record :
A CNAME record or canonical name record makes one domain name an
alias of another. The aliased domain gets all the subdomains and DNS
records of the original.
You should use a CNAME record whenever you want associate a new
subdomain to an already existing A record; i.e. you can make
"www.somedomain.tld" to "somedomain.tld", which should already have
been assigned an IP with an A record.
This allows you to have as many subdomains as you wish without
having to specify the IP for every record. Use a CNAME if you have
more services pointing to the same IP. This way you will have to
update only one record in the convenience of a change of IP address.
Example of a CNAME record: "stuff.everybox.com CNAME
www.everybox.com" where 'www.everybox.com' is an A record listing an
IP address, and 'stuff.everybox.com' points to 'www.everybox.com'.
It will NOT allow you to foward a domain to a specific web page. Use
a webhop for that. Port numbers can be changed with webhops, as
well; CNAMEs cannot change the HTTP default of 80 to any other port
number.
Do not use CNAME defined hostnames in MX records. For example, this
is not recommended
Example Of CNAME With syntax
mail.example.com IN CNAME mail.example.net
where
IN indicates Internet
CNAME indicates CNAME record.
MX Record
An MX record or mail exchange record maps a domain name to a list of
mail exchange servers for that domain.
Example with MX Record Syntax Single mail servers
mydomain.com. 14400 IN MX 0 mydomain.com.
The MX record shows that all emails @ mydomain.com should be routed
to the mail server at mydomain.com. The DNS record shows that
mydomain.com is located at 26.34.9.14. This means that email meant
for test@mydomain.com will be routed to the email server at
26.34.9.14. This finishes the task of the MX record. The email
server on that server then takes over, collects the email and then
proceeds to distribute it to the user ``test''.
It is important that there be a dot(``.'') after the domain name in
the MX record. If the dot is absent, it routes to
``mydomain.com.mydomain.com''. The number 0, indicates Preferance
number. Mail is always routed to the server which has the lowest
Preferance number. If there is only one mail server, it is safe to
mark it 0.
Using Multiple mail servers :
If you want to use multiple mail servers you have to use MX record
preferences.The MX record preference values indicate which mail
server to use and in which order to try them when they fail or don't
respond. A larger preference number is less preferred. Thus, a mail
exchanger with a preference of zero (0) is always preferred over all
other mail exchangers. Setting preference values to equal numbers
makes mail servers equally preferred.
Example with MX Record Syntax Multiple mail servers
mydomain.com. 14400 IN MX 0 mydomain.com.
mydomain.com. 14400 IN MX 30 server2.mydomain.com
You can have unlimited MX entries for Fallback or backup purpose.If
all the MX records are equal Preference numbers, the client simply
attempts all equal Preference servers in random order, and then goes
to MX record with the next highest Preference number.
PTR Record
A PTR record or pointer record maps an IPv4 address to the canonical
name for that host. Setting up a PTR record for a hostname in the
inaddr.arpa domain that corresponds to an IP address implements
reverse DNS lookup for that address. For example www.name.net has
the IP address 122.0.3.16, but a PTR record maps 16.3.0.122.in
addr.arpa.
Example of PTR Record with syntax
16.3.0.122.inaddr.arpa. IN PTR name.net
Here as you see the IP Address is reversed and added with in
addr.arpa and this has come to the left side while the actual domain
name has gone to right side of IN PTR.
This is mostly used as a security and an antispam measure wherein
most of the webservers or the email servers do a reverse DNS lookup
to check if the host is actually coming from where it claims to come
from. It is always advisable to have a proper reverse DNS record
(PTR) is been setup for your servers especially when you are running
a mail / smtp server.
NS Record
An NS record or name server record maps a domain name to a list of
DNS servers authoritative for that domain. Delegations depend on NS
records.
NS Record Name Server Record which indicates the Authoritative Name
Servers for a particular Domain. The NS records of the Authoritative
Name Server for any given Domain will be listed on the Parent
Server. These are called as the Delegation Records as these records
on the Parent Server indicates the delegation of the domain to the
Authoritative servers.
The NS record will also be listed in the Zone records of the
Authoritative Name Server itself. These records are called as the
Authoritative Records.
The NS records found on the Parent Server should match the NS
records on the Authoritative Server as well. However, you can have
NS records listed on the Authoritative server that is not listed in
the Parent Server. This arrangement is normally used to configure
Stealth Name Servers.
Example of NS Record With syntax
example.com. IN NS ns1.live.secure.com.
where
IN indicates the Internet
NS indicates the type of record which Name Server record
The above indicates that the ns1.live.secure.com is the
authoritative server for the domain example.com
SOA Record
An SOA record or start of authority record specifies the DNS server
providing authoritative information about an Internet domain, the
email of the domain administrator, the domain serial number, and
several timers relating to refreshing the zone.
An SOA(State of Authority) Record is the most essential part of a
Zone file. The SOA record is a way for the Domain Administrator to
give out simple information about the domain like, how often it is
updated, when it was last updated, when to check back for more info,
what is the admins email address and so on. A Zone file can contain
only one SOA Record.
A properly optimized and updated SOA record can reduce bandwidth
between nameservers, increase the speed of website access and ensure
the site is alive even when the primary DNS server is down.
Example of SOA Record with syntax
Here is the SOA record. Notice the starting bracket ``(``. This has
to be on the same line, otherwise the record gets broken.
; name TTL class rr Nameserver emailaddress
mydomain.com. 14400 IN SOA ns.mynameserver.com.
root.ns.mynameserver.com. (
2004123001 ; Serial number
86000 ; Refresh rate in seconds
7200 ; Update Retry in seconds
3600000 ; Expiry in seconds
600 ; minimum in seconds )
WHERE :
name mydomain.com is the main name in this zone.
TTL 14400 TTL defines the duration in seconds that the record
may be cached by client side programs. If it is set as 0, it
indicates that the record should not be cached. The range is defined
to be between 0 to 2147483647 (close to 68 years !) .
Class IN The class shows the type of record. IN equates to
Internet. Other options are all historic. So as long as your DNS is
on the Internet or Intranet, you must use IN.
Nameserver ns.nameserver.com. The nameserver is the server which
holds the zone files. It can be either an external server in which
case, the entire domain name must be specified followed by a dot. In
case it is defined in this zone file, then it can be written as
``ns'' .
Email address root.ns.nameserver.com. This is the email of the
domain name administrator. Now, this is really confusing, because
people expect an @ to be in an email address. However in this case,
email is sent to root@ns.nameserver.com, but written as
root.ns.nameserver.com . And yes, remember to put the dot behind the
domain name.
Serial number 2004123001 This is a sort of a revision numbering
system to show the changes made to the DNS Zone. This number has to
increment , whenever any change is made to the Zone file. The
standard convention is to use the date of update YYYYMMDDnn, where
nn is a revision number in case more than one updates are done in a
day. So if the first update done today would be 2005301200 and
second update would be 2005301201.
Refresh 86000 This is time(in seconds) when the slave DNS server
will refresh from the master. This value represents how often a
secondary will poll the primary server to see if the serial number
for the zone has increased (so it knows to request a new copy of the
data for the zone). It can be written as ``23h88M'' indicating 23
hours and 88 minutes. If you have a regular Internet server, you can
keep it between 6 to 24 hours.
Retry 7200 Now assume that a slave tried to contact the master
server and failed to contact it because it was down. The Retry value
(time in seconds) will tell it when to get back. This value is not
very important and can be a fraction of the refresh value.
Expiry 3600000 This is the time (in seconds) that a slave server
will keep a cached zone file as valid, if it can't contact the
primary server. If this value were set to say 2 weeks ( in seconds),
what it means is that a slave would still be able to give out domain
information from its cached zone file for 2 weeks, without anyone
knowing the difference. The recommended value is between 2 to 4
weeks.
Minimum 600 This is the default time(in seconds) that the slave
servers should cache the Zone file. This is the most important time
field in the SOA Record. If your DNS information keeps changing,
keep it down to a day or less. Otherwise if your DNS record doesn't
change regularly, step it up between 1 to 5 days. The benefit of
keeping this value high, is that your website speeds increase
drastically as a result of reduced lookups. Caching servers around
the globe would cache your records and this improves site
performance.
SRV Record
The theory behind SRV is that given a known domain name e.g.
example.com, a given service e.g. web (http) which runs on tcp in
this case, a DNS query may be issued to find the host name that
provides such on behalf of the domain and which may or may not be
within the domain.
Example of SRV Record with syntax
srvce.prot.name ttl class rr pri weight port target
_http._tcp.example.com. IN SRV 0 5 80 www.example.com.
Srvce :
Defines the symbolic service name (see IANA portnumbers) prepended
with a '_' (underscore). Case insensitive. Common values are:
_http web service
_ftp file transfer service
_ldap LDAP service
prot :
Defines the protocol name (see IANA servicenames) prepended with a
'_' (underscore). Case insensitive. Common values are
_tcp TCP protocol
_udp UDP protocol
name :
Incomprehensible description in RFC 2782. Leaving the entry blank
(without a dot) will substitute the current zone root (the $ORIGIN),
or you can explicitly add it as in the above _http._tcp.example.com.
(with a dot).
Ttl :
Standard TTL parameter. For more information about TTL values.
Pri :
The relative Priority of this service (range 0 65535). Lowest is
highest priority.
Weight :
Used when more than one service with same priority. A 16 bit
unsigned integer in the range 0 65535. The value 0 indicates no
weighting should be applied. If the weight is 1 or greater it is a
relative number in which the highest is most frequently delivered
i.e. given two SRV records both with Priority = 0, one with weight =
1 the other weight = 6, the one with weight 6 will have its RR
delivered first 6 times out of 7 by the name server.
Port:
Normally the port number assigned to the symbolic service but does
this is not a requirement e.g. it is permissible to define a _http
service with a port number of 8100 rather than the more normal port
80.
target :
The name of the host that will provide this service. Does not have
to be in the same zone (domain).
TXT Record :
A TXT record allows an administrator to insert arbitrary text into a
DNS record. For example, this record is used to implement the Sender
Policy Framework specification.
Example of TXT Record with syntax
SPF domains have to publish at least two directives: a version
identifier and a default mechanism.
mydomain.com. TXT "v=spf1 all"
This is the simplest possible SPF record: it means your domain
mydomain.com never sends mail.
It makes sense to do this when a domain is only used for web
services and doesn't do email.
MX servers send mail, designate them.
mydomain.com. TXT "v=spf1 mx all"
Let's pretend mydomain.com has two MX servers, mx01 and mx02. They
would both be allowed to send mail from mydomain.com.
other machines in the domain also send mail, designate them.
mydomain.com. TXT "v=spf1 mx ptr all"
This designates all the hosts whose PTR hostname match mydomain.com.
any other machines not in the domain also send mail from that
domain, designate them.
mydomain.com. TXT "v=spf1 a:mydomain.com mx ptr all"
mydomain.com's IP address doesn't show up in its list of MX servers.
So we add an "a" mechanism to the directive set to match it.
mydomain.com. TXT "v=spf1 a mx ptr all"
This is shorthand for the same thing.
Each of your mail servers should have an SPF record also.When your
mail servers create a bounce message, they will send it using a
blank envelope sender: <>. When an SPF MTA sees a blank envelope
sender, it will perform the lookup using the HELO domain name
instead. These records take care of that scenario.
amx.mail.net. TXT "v=spf1 a all"
mx.mail.net. TXT "v=spf1 a all"
NAPTR Record
NAPTR records (NAPTR stands for "Naming Authority Pointer") are a
newer type of DNS record that support regular expression based
rewriting.
Example of NAPTR Record with syntax
$ORIGIN 3.8.0.0.6.9.2.3.6.1.4.4.e164.arpa.
NAPTR 10 100 "u" "E2U+sip" "!^.*$!sip:info@example.com!" .
NAPTR 10 101 "u" "E2U+h323" "!^.*$!h323:info@example.com!" .
NAPTR 10 102 "u" "E2U+msg" "!^.*$!mailto:info@example.com!" .
This record set maps the phone number +441632960083 onto three
possible identically ordered URIs, with a preference for SIP, then
H323, and finally email. In each case, the regular expression
matches the full AUS (^.$), and replaces it with a URI (e.g.,
sip:info@example.com). As this is a terminal record, this URI is
returned to the client.Though most NAPTR records replace the full
AUS, it is possible for the regular expression to backreference
part of the AUS, to grab an extension number, say:
$ORIGIN 0.6.9.2.3.6.1.4.4.e164.arpa. *
NAPTR 10 100 "u" "E2U+sip""!^+441632960(.*)$!sip:\1@example.com!" .
Once the client has the URI it must be resolved using DNS, but this
is no longer part of the DDDS algorithm..
wildcard DNS record
A wildcard DNS record is a record in a DNS zone file that will match
all requests for nonexistent domain names, i.e. domain names for
which there are no records at all.
Q: Why does named log the warning message "no TTL specified - using
SOA MINTTL instead"?
A: This may be a clock skew problem. Check that the the clocks on the
client and server are properly synchronised (e.g., using ntp).
Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is
logging error messages like "notify to 10.0.0.1#53 failed: unexpected
end of input". What's wrong?
A:You are most likely running named as a non-root user, and that user
does not have permission to write in /var/run. The common ways of
fixing this are to create a /var/run/named directory owned by the
named user and set pid-file to "/var/run/named/named.pid", or set
pid-file to "named.pid", which will put the file in the directory
specified by the directory option (which, in this case, must be
writable by the named user).
Q: When I do a "dig . ns", many of the A records for the root servers
are missing. Why?
The server does have a complete set of root server addresses cached
at all times, it just may not include all of them as additional data,
depending on whether they were last received as answers or as glue.
You can always look up the addresses with explicit queries like "dig
a.root-servers.net A".
A: This may be caused by a bug in the Windows 2000 DNS server where
DNS messages larger than 16K are not handled properly. This can be
worked around by setting the option "transfer-format one-answer;".
Also check whether your zone contains domain names with embedded
spaces or other special characters, like
"John\032Doe\213s\032Computer", since such names have been known to
cause Windows 2000 slaves to incorrectly reject the zone.
Q: I can query the nameserver from the nameserver but not from other
machines. Why?
A: You will need to give the master and slave multiple IP addresses
and use those to make sure you reach the correct view on the other
machine.
Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
internal:
match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
notify-source 10.0.1.1;
transfer-source 10.0.1.1;
query-source address 10.0.1.1;
external:
match-clients { any; };
recursion no; // don't offer recursion to the world
notify-source 10.0.1.2;
transfer-source 10.0.1.2;
query-source address 10.0.1.2;
You put the external address on the alias so that all the other dns
clients on these boxes see the internal view by default.
A: BIND 9.3 and later: Use TSIG to select the appropriate view.
Master 10.0.1.1:
key "external" {
algorithm hmac-md5;
secret "xxxxxxxx";
};
view "internal" {
match-clients { !key external; 10.0.1/24; };
...
};
view "external" {
match-clients { key external; any; };
server 10.0.1.2 { keys external; };
recursion no;
...
};
Slave 10.0.1.2:
key "external" {
algorithm hmac-md5;
secret "xxxxxxxx";
};
view "internal" {
match-clients { !key external; 10.0.1/24; };
...
};
view "external" {
match-clients { key external; any; };
server 10.0.1.1 { keys external; };
recursion no;
...
};
/etc/rc.conf
rand_irqs="3 14 15"
A CNAME record cannot exist with the same name as another record
except for the DNSSEC records which prove its existence (NSEC).
A: Some text editors (notepad and wordpad) fail to put a line title
indication (e.g. CR/LF) on the last line of a text file. This can be
fixed by "adding" a blank line to the end of the file. Named expects
to see EOF immediately after EOL and treats text files where this is
not met as truncated.
A: Check that you can make UDP queries from the slave to the master
You could be generating queries faster than the slave can cope with.
Lower the serial query rate.
serial-query-rate 5; // default 20
A: You choose one view to be master and the second a slave and
transfer the zone between views.
Master 10.0.1.1:
key "external" {
algorithm hmac-md5;
secret "xxxxxxxx";
};
key "mykey" {
algorithm hmac-md5;
secret "yyyyyyyy";
};
view "internal" {
match-clients { !external; 10.0.1/24; };
server 10.0.1.1 {
/* Deliver notify messages to external view.
*/
keys { external; };
};
zone "example.com" {
type master;
file "internal/example.db";
allow-update { key mykey; };
notify-also { 10.0.1.1; };
};
};
view "external" {
match-clients { external; any; };
zone "example.com" {
type slave;
file "external/example.db";
masters { 10.0.1.1; };
transfer-source { 10.0.1.1; };
// allow-update-forwarding { any; };
// allow-notify { ... };
};
};
A: You are running chrooted (-t) and have not supplied local timezone
information in the chroot area.
FreeBSD: /etc/localtime
Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo
OSF: /etc/zoneinfo/localtime
First ensure that named is running and no errors are being reported
at startup (/var/log/messages or equivalent). Running "named -g "
from a title can help at this point.
A: This is the service manager saying that named exited. You need to
examine the Application log in the EventViewer to find out why.
options {
Directory "C:\windows\dns\etc";
};
options {
directory "/var/named";
};
zone "example.net" {
type slave;
file "sl/example.net";
masters { 192.168.4.12; };
};
http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris
A: No. The rules for glue (copies of the *address* records in the
parent zones) and additional section processing do not allow it to
work.
You would have to add both the CNAME and address records (A/AAAA) as
glue to the parent zone and have CNAMEs be followed when doing
additional section processing to make it work. No nameserver
implementation supports either of these requirements.
If you are not using these private addresses then a client has
queried for them. You can just ignore the messages, get the offending
client to stop sending you these messages as they are most probably
leaking them or setup your own zones empty zones to serve answers to
these queries.
zone "10.IN-ADDR.ARPA" {
type master;
file "empty";
};
zone "16.172.IN-ADDR.ARPA" {
type master;
file "empty";
};
...
zone "31.172.IN-ADDR.ARPA" {
type master;
file "empty";
};
zone "168.192.IN-ADDR.ARPA" {
type master;
file "empty";
};
empty:
@ 10800 IN SOA . . (
1 3600 1200 604800 10800 )
@ 10800 IN NS .
Red Hat have adopted the National Security Agency's SELinux security
policy ( see http://www.nsa.gov/selinux ) and recommendations for
BIND security , which are more secure than running named in a chroot
and make use of the bind-chroot environment unnecessary .
By default, named is not allowed by the SELinux policy to write,
create or delete any files EXCEPT in these directories:
$ROOTDIR/var/named/slaves
$ROOTDIR/var/named/data
$ROOTDIR/var/tmp
The SELinux policy particularly does NOT allow named to modify the
$ROOTDIR/var/named directory, the default location for master zone
database files.
zone "slave.zone." IN {
type slave;
file "slaves/slave.zone.db";
...
};
zone "ddns.zone." IN {
type master;
allow-updates {...};
file "slaves/ddns.zone.db";
};
To allow named to create its cache dump and statistics files, for
example, you could use named.conf options statements such as:
options {
...
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
...
};
You can also tell SELinux to allow named to update any zone database
files, by setting the SELinux tunable boolean parameter
'named_write_master_zones=1', using the system-config-securitylevel
GUI, using the 'setsebool' command, or in
/etc/selinux/targeted/booleans.
You can disable SELinux protection for named entirely by setting the
'named_disable_trans=1' SELinux tunable boolean parameter.
The SELinux named policy defines these SELinux contexts for named:
If you want to retain use of the SELinux policy for named, and put
named files in different locations, you can do so by changing the
context of the custom file locations .
A:
options {
forward only;
forwarders { ; };
};
zone "sbl-xbl.spamhaus.org" {
type forward; forward only;
forwarders { port 530; };
};
zone "list.dsbl.org" {
type forward; forward only;
forwarders { port 530; };
};
For most OS's this change just means that you need to update the
conversion rules from UTC to local time. Normally this involves
updating a file in /etc (which sets the default timezone for the
machine) and possibly a directory which has all the conversion rules
for the world (e.g. /usr/share/zoneinfo).
When updating the OS do not forget to update any chroot areas as
well. See your OS's documentation for more details.
IPTABLES IN LINUX :
Blocking Site in local System:
iptables A INPUT s google.com j DROP
iptables A OUTPUT d google.com j DROP
Unblocking Site in local System -:
iptables -A OUTPUT -d google.com -j ACCEPT
iptables -A INPUT -s google.com -j ACCEPT
Q. PC boot & Linux Booting Sequence process in LINUX?
BIOS: The Basic Input/Output System is the lowest level
interface between the computer and peripherals.
The BIOS performs integrity checks on memory and seeks
instructions on the Master Boor Record (MBR) on the floppy drive
or hard drive.
The MBR points to the boot loader (GRUB or LILO: Linux boot
loader).
Boot loader (GRUB or LILO) will then ask for the OS label which
will identify which kernel to run and where it is located (hard
drive and partition specified). The installation process
requires to creation/identification of partitions and where to
install the OS. GRUB/LILO are also configured during this
process. The boot loader then loads the Linux operating system.
See the YoLinux tutorial on creating a boot disk for more
information on GRUB and LILO and also to learn how to put the
MBR and boot loader on a floppy for system recovery.
The first thing the kernel does is to execute init program. Init
is the root/parent of all processes executing on Linux.
The first processes that init starts is a script
/etc/rc.d/rc.sysinit.
Based on the appropriate runlevel, scripts are executed to
start various processes to run the system and make it
functional.
The Linux Init Processes:
Run /sbin/initlog
Run devfs to generate/manage system devices
Run network scripts: /etc/sysconfig/network
Start graphical boot (If so configured):
rhgb
Start console terminals, load keymap, system fonts and print
console greeting:
mingetty
,
setsysfonts.
The various virtual
console sessions can be viewed with the keystroke: ctrlaltF1
through F6. F7 is reserved for the GUI screen invoked in run
level 5.
Mount /proc and start device controllers.
Done with boot configuration for root drive. (
initrd
) Unmount
root drive.
Remount root file system as read/write
Direct kernel to load kernel parameters and modules:
sysctl
,
depmod
,
modprobe
Set up clock: /etc/sysconfig/clock
Perform disk operations based on fsck configuration
Check/mount/check/enable quotas nonroot file systems:
fsck
,
mount
,
quotacheck
,
quotaon
Initialize logical volume management:
vgscan
, /etc/lvmtab
Activate syslog, write to log files:
dmesg
Configure sound:
sndconfig
Activate PAM
Activate swapping:
swapon
Local system boot processes can be placed in file:
/etc/rc.d/rc.local
The system will then boot to the runlevel set by the directive
initdefault.
RAID :
RAID LEVEL 0
RAID Level 0 requires a minimum of 2 drives to
implement
Characteristics & Advantages :
RAID 0 implements a striped disk array, the data is broken down
into blocks and each block is written to a separate disk drive
I/O performance is greatly improved by spreading the I/O load
across many channels and drives
Best performance is achieved when data is striped across
multiple controllers with only one drive per controller
No parity calculation overhead is involved
Very simple design
Easy to implement
Disadvantages :
Not a "True" RAID because it is NOT faulttolerant
The failure of just one drive will result in all data in an
array being lost
Should never be used in mission critical environments
Recommended Applications :
Video Production and Editing
Image Editing
PrePress Applications
Any application requiring high bandwidth
RAID LEVEL 1 : For Highest performance, the controller must be
able to perform two concurrent separate Reads per mirrored pair or
two duplicate Writes per mirrored pair.
RAID Level 1 requires a minimum of 2 drives to implement
Characteristics & Advantages :
One Write or two Reads possible per mirrored pair
Twice the Read transaction rate of single disks, same Write
transaction rate as single disks
100% redundancy of data means no rebuild is necessary in case of
a disk failure, just a copy to the replacement disk
Transfer rate per block is equal to that of a single disk
Under certain circumstances, RAID 1 can sustain multiple
simultaneous drive failures
Simplest RAID storage subsystem design.
Disadvantages :
Highest disk overhead of all RAID types (100%) inefficient
Typically the RAID function is done by system software, loading
the CPU/Server and possibly degrading throughput at high
activity levels. Hardware implementation is strongly recommended
May not support hot swap of failed disk when implemented in
"software"
Recommended Applications :
Accounting.
Payroll
.
Financial
.
Any application requiring very high availability
.
RAID LEVEL2 : Each bit of data word is written to a data disk
drive (4 in this example: 0 to 3). Each data word has its Hamming
Code ECC word recorded on the ECC disks. On Read, the ECC code
verifies correct data or corrects single disk errors.
Characteristics & Advantages :
"On the fly" data error correction
Extremely high data transfer rates possible
The higher the data transfer rate required, the better the ratio
of data disks to ECC disks
Relatively simple controller design compared to RAID levels 3,4
& 5
.
Disadvantages :
Very high ratio of ECC disks to data disks with smaller word
sizes – inefficient.
Entry level cost very high requires very high transfer rate
requirement to justify
Transaction rate is equal to that of a single disk at best (with
spindle synchronization)
No commercial implementations exist / not commercially viable.
RAID LEVEL 3 :
The data block is subdivided ("striped") and
written on the data disks. Stripe parity is generated on Writes,
recorded on the parity disk and checked on Reads.
RAID Level 3 requires a minimum of 3 drives to implement
Characteristics & Advantages :
Very high Read data transfer rate
.
Very high Write data transfer rate
Disk failure has an insignificant impact on throughput
.
Low ratio of ECC (Parity) disks to data disks means high
efficiency
.
Disadvantages :
Transaction rate equal to that of a single disk drive at best
(if spindles are synchronized)
Controller design is fairly complex
Very difficult and resource intensive to do as a "software" RAID
Recommended Applications :
Video Production and live streaming
Image Editing
Video Editing
Prepress Applications
Any application requiring high throughput
RAID LEVEL 4 :
Each entire block is written onto a data disk. Parity
for same rank blocks is generated on Writes, recorded on the parity
disk and checked on Reads.
RAID Level 4 requires a minimum of 3 drives to implement
Characteristics & Advantages :
Very high Read data transaction rate.
Low ratio of ECC (Parity) disks to data disks means high
efficiency.
High aggregate Read transfer rate.
Disadvantages :
Quite complex controller design
Worst Write transaction rate and Write aggregate transfer rate
Difficult and inefficient data rebuild in the event of disk
failure
Block Read transfer rate equal to that of a single disk
RAID LEVEL 5 :
Each entire data block is written on a data disk;
parity for blocks in the same rank is generated on Writes, recorded
in a distributed location and checked on Reads.
RAID Level 5 requires a minimum of 3 drives to implement
Characteristics & Advantages :
Highest Read data transaction rate
Medium Write data transaction rate
Low ratio of ECC (Parity) disks to data disks means high
efficiency
Good aggregate transfer rate
Disadvantages :
Disk failure has a medium impact on throughput
Most complex controller design
Difficult to rebuild in the event of a disk failure (as compared
to RAID level 1)
Individual block data transfer rate same as single disk
RAIL LEVEL 6 :
Two independent parity computations must be used in
order to provide protection against double disk failure. Two
different algorithms are employed to achieve this purpose.
RAID Level 6 requires a minimum of 4 drives to implement
Characteristics & Advantages :
RAID 6 is essentially an extension of RAID level 5 which allows
for additional fault tolerance by using a second independent
distributed parity scheme (dual parity)
Data is striped on a block level across a set of drives, just
like in RAID 5, and a second set of parity is calculated and
written across all the drives; RAID 6 provides for an extremely
high data fault tolerance and can sustain multiple simultaneous
drive failures
RAID 6 protects against multiple bad block failures while non
degraded
RAID 6 protects against a single bad block failure while
operating in a degraded mode
Perfect solution for mission critical applications
Disadvantages :
More complex controller design
Controller overhead to compute parity addresses is extremely
high
Write performance can be brought on par with RAID Level 5 by
using a custom ASIC for computing ReedSolomon parity
Requires N+2 drives to implement because of dual parity scheme
Recommended Applications :
File and Application servers
Database servers
Web and Email servers
Intranet servers
Excellent faulttolerance with the lowest overhead
RAID LEVEL 10 : RAID Level 10 requires a minimum of 4 drives to
implement
Characteristics & Advantages :
RAID 10 is implemented as a striped array whose segments are
RAID 1 arrays
RAID 10 has the same fault tolerance as RAID level 1
RAID 10 has the same overhead for faulttolerance as mirroring
alone
High I/O rates are achieved by striping RAID 1 segments
Under certain circumstances, RAID 10 array can sustain multiple
simultaneous drive failures
Excellent solution for sites that would have otherwise gone with
RAID 1 but need some additional performance boost
.
Disadvantages :
Very expensive / High overhead
All drives must move in parallel to proper track lowering
sustained performance
Very limited scalability at a very high inherent cost
Recommended Applications :
Database server requiring high performance and fault tolerance.
RAID LEVEL 50 : RAID Level 50 requires a minimum of 6 drives to
implement.
Characteristics & Advantages :
RAID 50 should have been called "RAID 03" because it was
implemented as a striped (RAID level 0) array whose segments
were RAID 3 arrays (during mid90s)
Most current RAID 50 implementation is illustrated above
RAID 50 is more fault tolerant than RAID 5 but has twice the
parity overhead
High data transfer rates are achieved thanks to its RAID 5 array
segments
High I/O rates for small requests are achieved thanks to its
RAID 0 striping
Maybe a good solution for sites who would have otherwise gone
with RAID 5 but need some additional performance boost
.
Disadvantages :
Very expensive to implement
All disk spindles must be synchronized, which limits the choice
of drives
Failure of two drives in one of the RAID 5 segments renders the
whole array unusable.
RAID LEVEL 1+0 :
RAID Level 0+1 requires a minimum of 4 drives to
implement.
Characteristics & Advantages :
RAID 0+1 is implemented as a mirrored array whose segments are
RAID 0 arrays
RAID 0+1 has the same fault tolerance as RAID level 5
RAID 0+1 has the same overhead for faulttolerance as mirroring
alone
High I/O rates are achieved thanks to multiple stripe segments
Excellent solution for sites that need high performance but are
not concerned with achieving maximum reliability
Disadvantages :
RAID 0+1 is NOT to be confused with RAID 10. A single drive
failure will cause the whole array to become, in essence, a RAID
Level 0 array.
Very expensive / High overhead
All drives must move in parallel to proper track lowering
sustained performance
Very limited scalability at a very high inherent cost.
Recommended Applications :
Imaging applications
General fileserver
RAID CONFIGURATION IN LINUX :
You use the mdadm command with the create option to create the RAID
set. In this example we use the level option to specify RAID 5, and
the raiddevices option to define the number of partitions to use.
mdadm create verbose /dev/md0 level=5 \
raiddevices=3 /dev/hde1 /dev/hdf2 /dev/hdg1
Format the new raid set :
mkfs.ext3 /dev/md0
Create the mdadm.conf Configuration File
Your system doesn't automatically remember all the component
partitions of your RAID set. This information has to be kept in the
mdadm.conf file. The formatting can be tricky, but fortunately the
output of the mdadm detail scan verbose command provides you
with it. Here we see the output sent to the screen.
mdadm detail scan verbose
Here we export the screen output to create the configuration file.
mdadm detail scan verbose > /etc/mdadm.conf
Create A Mount Point For The RAID Set
The next step is to create a mount point for /dev/md0. In this case
we'll create one called /mnt/raid
mkdir /mnt/raid
Edit The /etc/fstab File
The /etc/fstab file lists all the partitions that need to mount when
the system boots. Add an Entry for the RAID set, the /dev/md0 device.
/dev/md0 /mnt/raid ext3 defaults 1 2
Check The Status Of The New RAID
raidstart /dev/md0
Check the array out -:
mdadm --detail /dev/mdx
lsraid -a /dev/mdx
raidsetfaulty you can just simulate a drive failure without
unplugging things off
raidsetfaulty /dev/md1 /dev/sdc2
Fail the disk /dev/sdc2 of the array /dev/md1. If you are using
mdadm, just type
mdadm --manage --set-faulty /dev/md1 /dev/sdc2
Fresh utility in newest raidtools is lsraid. Try with
lsraid -a /dev/md1
Users of mdadm can run the command
mdadm --detail /dev/md1
Remove the failed disk from the array. Run the command
raidhotremove /dev/md1 /dev/sdc2
Users of mdadm can run the command
mdadm /dev/md1 -r /dev/sdc2
Add the disk from the array. Run the command
raidhotadd /dev/md1 /dev/sdc2
Users of mdadm can run the command
mdadm /dev/md1 -a /dev/sdc2
Query Check RAID HARD DISK :-
mdadm --query –details /dev/md0
Query ADD THE NEW HARD DISK : -
mdadm --manage /dev/md0 –add /dev/sdb3
Query REMOVE THE HARD DISK :-
mdadm -- manage /dev/md0 –remove /dev/sdb3
Query check fail HARD DISK :-
mdadm – manage /dev/md0 –fail /dev/sdb3
Query check the status :-
cat /proc/mdstat
Query check the partitions :-
cat /proc/partitions
Query swapping the boot process in both hard disk :-
bootlist -m normal -0
dd if= /dev/sda1 of=/dev/sdb1
• Start Nagios
• /etc/init.d/nagios start
• Start Apache
• /etc/init.d/httpd start
Verify Install
• Try logging into your new Nagios installation by going to
http://servername/nagios/ and logging in with nagiosadmin and
the password you set.
PASSWORD COMMAND
List the password and its related details for an user -:
Any user can execute the chage command for himself to identify when
his password is about to expire.
chage -l root
chage --list root
Set Password Expiry Date for an user using chage option -M
Root user (system administrators) can set the password expiry date
for any user. In the following example, user dhinesh password is set
to expire 10 days from the last password change.
Syntax: # chage -M number-of-days username
chage -M 10 dhinesh
NOTE -: -M will update both “Password expires” and “Maximum number of
days between password change” entries as shown below.
To turn off the password expiration for an user account, set the
following:
-m 0 ->will set the minimum number of days between password
change to 0.
-M 99999 -> will set the maximum number of days between password
change to 99999.
-I -1 ->(number minus one) will set the “Password inactive” to
never.
-E -1 (number minus one) will set “Account expires” to never.