RED HAT ENTERPRISE LINUX 4.

0 ES 

Introduction:
Unix is the first Operating system in the world, developed by Kem Thompson and Dennis Ritchie in 1969 at
Bell Lab by AT&T Company
IBM : AIX
SGI : IRIX
HP : HP
Sun : Solaris
FSF:
Free software foundation organization, they start a project by name GNU. The mail aim of this
project is to develop such a O.S that can run on any platform.
In 1991, a student Linus Torvalds developed a kernel named Linus’s Kernel plus GNU application called
Linux O.S
Linux is a open source technology.
Different companies that provide Linux in Market are Redhat, SuSe, Mandrake, Turbo, Knoppix etc.

Features and Advantage:

Features:
a. Linux is the fastest Operating system in the world. It runs 2 to 3 times fast than windows O.S
b. Linux is the very secured O.S because there is no any problem of virus.
c. Linux file format is text format and windows file format is binary format.
d. Linux is very reliable O.S because kernel of linux is very stable as compare to windows kernel not
crashed easily.
e. Kernel of linux is very small, it can be stored in floppy
f. Linux uses the x-Window system which is advanced network windowing system. Using this system
we can display output of any workstation monitor attached in the network
Advantages of Linux:
a. Virus Proof
b. Crash Proof
c. Economical
d. Multiuser, multi desktop and multi tasking

Mode of Login

There are two mode of login

1. Text Mode (Alt+ctrl+F1)
2. Graphical Mode (Alt+Ctrl+F7)
In case of Text Mode
Station2 Login : root
Password : redhat
[root@station2~]#
to switch from one text mode to another
Alt+Ctrl+F1 to Alt+Ctrl+F6
In case of Graphical Mode
Ctrl+Alt+F7

Common Command
Some of the Common system command are as follow:
1. Date : to display date and time
2. Cal : to display the calendar
3. Cal 11 2006 : display the calendar of Month 11 and year 2006
4. Clear : To clear the screen
1
5. ls : to list directory contents
color identification
blue : Directories
White : Files
Green : Executable files
Red ; Zip files, rpm, tar file
Different switches used with “ls” command

ls –l or ll : used for long listing including file and directory permission

(-) : file
(d) : Directory
(l) : Symbolic link

ls –a : shows all hidden files and directory. Any file followed by (.) is hidden file

ls –al : show all hidden files and directory with long listing or whole description

ls –d : shows all the directory

6. pwd: Print working directory

7. who am I : display the information of current terminal

8. who : display all the terminal in a network

9. history : it shows all the command your have used.

By default history stores last 1000 command which u have run. If u want to change
# vi /etc/profile
HIST SIZE =10
Save and exit
# history –c ( to clear all the previous command reside in history)

Creating file and Directory:

a. Creating file:
The ‘cat’ command is used to create a file
Syntax:
# cat > filename
example:
# cat > abc.txt
(Ctrl +D) is used to save the file.

b. View the content of file

Syntax:
# cat filename
Example:
#cat abc.txt
#cat –b abc.txt

c. Creating Directory
The ‘mkdir’ command is used to create directory
Syntax:
Mkdir [directory_name]
Example:
# mkdir raj

2
Option used:
cd : To change directory
cd .. : To come out from directory
cd : to jump to root directory
cd - : to jump to previous directory

Deleting Files and directory:

Syntax:
For file:
rm <filename>
example:
rm abc.txt
for directory
syntax:
rmdir <directory_name>
Note: Only empty directory will be deleted)
If we want to delete the tree structure of directory then we need to use the following command
Syntax:
rm –rf <directory_name>

where
r = recursively
f= force

in order to remove non empty directory

Syntax:
rm –r <directory>

example;
rm –r raj
this will remove directory step by step ,first remove sub directory and then finally main directory.

Another method of creating file :

Touch : this command is used to create a blank file with size zero.
# touch <filename>
Example:
#touch abc

Copying File and Directory:

a. Copy file:
Syntax:
# cp [source]filename [destination]

b. Copy directory
#cp –r [source]directory [destination]
to copy a directory into another directory recursively

c. cp –rf [source]directory [destination]

to copy a directory forcefully

syntax used for copy file or directory:

cp [option] file destination
option:
-I : interactive : ask before overwriting file
-r : Recursive
3
-p : Preserve
-f : forcefully

More than one file can be copied at a time if the destination is directory
Syntax:
cp [option] file1 file2 file 3 Destination

Moving and Renaming File and Directory

Syntax:
# mv : move /rename files and directory

Example:
# mv [option] file destination

example:
# mv t.txt /home/raj/
more than one file can be moved at a time if the destination is a directory

# mv [option] file1 file2 file3 destination

Getting Help:
The command that are used to get the help are discussed as :
a. Whatis
Display a short description of command , it uses a database that is updated nightly. Often not available
immediately after installation.

Syntax:
# Whatis cal

b. Help
Display usage summary and argument list
Syntax:
<command> --help
Example:
#Date –help

c. Man and Info:

Both provide documentation for command. Almost every command has a “man” page. Collection of pages
are called linux manual.
# man date
# info date

Viewing Text Page

Syntax:
#less [option] [filename]
Example:
# less abc.txt
scroll with arrows/PgUp /PgDown

/text : search for text

n : Next Match

Option:

4
-c : Clear before displaying
-s : Squeeze multiple blank lines into a single blank line

Simply we can also use “less” along with pipe | as

# ll |less

File and Directory:

‘ll’ is used to display the information about the files and directory including date, time, users,group, size,
name and permission.
Four symbols are used when displaying permission.
R : Read
W : Write
X : Execute
- : no permission

-rwxrwxrwx : files
drwxrwxrwx : directory
files and directory permission are symbolized by ten character.

If we want to change permission, then there are two methods:

1. symbolic
2. Numeric

1. Symbolic Method:
Syntax:
Chmod mode directory/filename
Mode Option:
1. u,g,o
2. w,r,x
3. +,-
4. =

1. # chmod u+rwx file or directory : in case of user only

2. # chmod ug+rwx file or directoty : in case of user and group
3. # chmod u+w,g+r,o+x directory/file
4. # chmod u+rw,g+rw directory/file
5. # chmod u-r, g-w,o-rw directory/file
6. # chmod ugo+rwx file/directory
7. # chmod ugo-rwx file/directory

• + is used to add permission

• - is used remove permission
chmod ugo=rw directory/file
this command will assign read/write permission to u,g,o
suppose we have one file as
test.txt
permission : -r- - r- -r- -
chmod u=w,g=wx,o=w test.txt
this command will assign write to user, write/execute to group and write to other while remove the
previous permission.
The main difference between +,= are + operator simply add the new permission with previous one and
= assign the new permission while removing old (new permission overwrite an old)

2. Numeric Method:
In this method, calculation are based on following numbers
5
r=4 w=2 x=1 0= no permission

Example:
#chmod 777 file/directory
in this case user get 7 means that user has permission of read/write/execute, group get 7 means
read/write/execute and ame for other

# chmod 531 file/directory

in this case user get 5 means that user has permission of read/execute, group get 3 means write/execute
and other get 1 means that other has permission to execute.

#chmod 742 file/directory

7 : User : rwx
4 :Group : r
2 : Other : w

Linux file system

Figure

Root : it is an home directory of super user (root) administrator

Etc : it is the location of all configuration file and directory used for server
configuration or system configuration
dev : it is a location of the device file
home : it is a location of home directory or regular users
proc : it is a virtual file system or directory not actually store on the disk and
contain system information
# cat /proc/meminfo
# cat /proc/cpuinfo
boot : contain kernel and boot related files
sys : it is also a virtual directory and contain system information
media : it is a mount point of removable disk like cdrom floppy usb drive etc.
tmp : it contain all temporary file
usr : it is used for software installation
lib : it contain all library files
bin : it is the location of all executable files or command or user command
/usr/bin also contain user command
sbin : it contain all system command or super user command /usr/sbin
mnt : it is a mount point for physical hard-disk or partition
opt : optional directory and used for temporary working
var : it is a variable file system or directory and contain all log and error
message

file system type:

Dos : Fat 16
95/Xp/2000 : FAT32
Xp/NT/2000 : NTFS
Linux : EXT2,EXT3
UNIX : VXFS

Representation Of Media Devices:

All the device file are stored in /dev/
Hard disk ; /dev/hdx
Where x is
a : /dev/hda : Primary master
b : /dev/hdb : Primary slave
6
c : /dev/hdc : Secondary master
d : /dev/hdd : Secondary slave

In case of SCSI, Sata or USB we will use : /dev/sda

CD-rom:
/dev/cdrom
/dev/cdrom1
/dev/cdrecorder

Floppy:
/dev/fd0
/dev/fd1

to access partition of windows in linux

#mount –t vfat /dev/hdax /mnt
in order to check the label of any partition
#e2label /dev/hdax
where x is number

Mounting CD Rom
# mount –t auto /dev/hdc /media/cdrom
-t : file type
auto : file type
in order to check where cdrom is attached we can open the file fstab
#vi /etc/fstab
now in case of RHEl 3.0 we have to use command in order to unmount.
# umount /media/cdrom
and then eject the cdrom
in case of RHEL 4.0 we simply type
# eject

Mounting Floppy
#mount –t auto /dev/fd0 /media/floppy
in case of floppy we have to umount first then only we remove floppy otherwise all content of floppy may
be lost or floppy may be physically damaged.
# umount /media/floppy
Mounting USB media :- directed by the kernel as SCSI device
/dev/sdax
Vi Editor:
Using vi , we can create or modify any file

Vi, vim Editor

Vi is the standard file editor for Unix and Vim is the standard file editor for Linux
For Red hat Linux vi and Vim both are same
There are three mode of vi editor
1. command mode
2. insert mode
3. save and Exit Mode
1. Command mode is again divided into 3 mode
a. Cursor movement
b. Copy, paste, delete, undo
c. Text search
a. Cursor Movement
J : Down

7
K : UP
L : RIGHT
H : LEFT

b. Copy, paste delete, undo

dd : delete particular line
yy : copy particular line
u : Undo
p : paste
ndd : n is the number of line to be deleted
nyy : n is the number of line to be copied

c. Text Search
/text
example
/then

2. Insert Mode
Option I, insert, a ,o, O
i : insert mode start at the point where cursor is. Same is used with
insert option
a : insert mode start after one character
o : insert mode start after one line
O : insert mode start before one line

3. Save and Exit

:q : Quiet
:q! : forcely quiet
:wq! : save and forcely quiet
:wq : save and exit

User and Group Administrator

There are three type of user account in Red hat Linux

1. Super user or Administrative account
2. Regular user account
3. service account
1. Super User created automatically at the time of installation
2. Regular user Account;
a. Using command line method ‘useradd’ or ‘adduser’ command
b. Graphical method by using Red hat user manager utility
a.
# adduser user_name (Recommended : minimum 6 character used in password)
# passwd user_name

Example:
#adduser rakesh
#passwd rakesh
Now open the file /etc/passwd to check the entry of user

#vi /etc/passwd
it contain 7 entry of each user
1. Username
2. Password
3. userid

8
 4. groupid
5. blank (User information field ) comment
6. home directory
7. login shell
password entry for each user will be stored in /etc/shadow
# vi /etc/shadow

now in order to check the Userid, Group we use /etc/login.def

# vi /etc/login.def
when any user account is created then user will get userid, groupid automatically from /etc/login.def
5th field is used for user information or comment
6th field is used for home directory. When any user is created its default home directory is created inside
/home
/home/rakesh
7th field is login shell. Default shell for user is /bin/bash
different shells are used
ksh, sh, csh, tcsh,zsh
shell is an user interface between user and O.S. linux command shell is a prompt that allow us to interact
with our system by executing various command.
In order to check the shell available use /etc/shells
# vi /etc/shells
in order to get the information about the group we need /etc/group
#vi /etc/group
it contain four field
1. Group name
2. password
3. GroupId
4. Member of group

# finger : this command is used to get the information about the user

Syntax:
#finger username
#finger rakesh

#id : this command is used to get userid, groupid of the user

syntax:
#id username
#id rakesh

Creating Group:
Syntax:
#groupadd groupname
#groupadd –g gid groupname
Example:
#groupadd raj

Exercise:
Create a user that should have uid=1000 shell=sh description and home directory as /data
Sol:
#useradd –u 1000 –c rakeshpundir –s /bin/sh –d /data rakesh
#passwd rakesh

Grpahically

9
System Setting :-> User & Group
OR
#system-config-user

Every user have two group one is elementary group or primary group and secondary group
-g : Primary Group
-G : Secondary Group

Creating Group
#groupadd g1
#groupadd g2

Steps:
1. adding group to the user
#usermod –g g1 –G g2 rakesh
2. To change id of the user
#usermod –u 1001 rakesh
3. change comment
#usermod –c rakeshsingh
4. change home directory
#usermod –d /rakesh-home rakesh –m
5. change shell
#usermod –s /bin/bash rakesh
6. change user login name
#usermod –l newname oldname
#usermod –l rajesh rakesh
7. Change Group name
#groupmod –n newname oldname
#groupmod –n group1 g1
8. change Group id
#groupmod –g 2005 group1

Redirecting Input /Output

The standard Output of command , which normally display on the terminal can be redirected into a file.
Similarly standard error, which normally display on the terminal can be redirected into a file.
Common redirection operator

> : command>file : output command to file

>> : command>>file : Append output of command to file
< : command>file : receive input from file
2> : command2>file : error from command to file
2>> : command2>>file : append

Example:
#find /etc –name passwd
this command will search for all file name passwd in /etc and its subdirectories
now we can redirtect the standard outpout
#find /etc –name passwd > output
output is a file where command output will be stored. Standard error is still displayed on the screen
#cat output
If the target file of the file redirection with > already exists, the existing file will be overwritten. To append
data to an existing file use >> to redirect instead of >
#find /etc –name passwd >> output

Redirecting standard Error

10
We can redirect standard error with 2>
#find /etc –name passwd 2>errorfile
standard output is displayed on the screen , redirect further standard error, appending to the same file with
2>>
#find /etc/ -name passwd 2>>errorfile
#cat errorfile

Symbolic links:
A symbolic link point to another file. We can display the link name and the referenced file by ‘ls –l’
#ls –l pf
lrwxrwxrwx 1 root root pf->/etc/passwd
file type: l for symbolic link
the content of the symbolic link is the name of the file that is referenced
Syntax:
Ln –s filename [linkname]
Example:
Ln –s /etc/passwd password
There are seven fundamental file type
- : regular file
d : symbolic link
b : block special file
c : character special file
p : named file
s : socket

character special file are used to communicate with hardware one character at a time. Block special file is
used to communicate with hardware a block of data at a time : 512 bytes, 1024 bytes, 2048 bytes
ls –l /dev |less { to check c and b files}
named pipe type of file that passes data between processes. It stores no data itself socket file are used for
inter process communication.

Checking Free Space:

In order to check the free and usage space per file system and directory and each sub directory we have
two command
a. df
b. du
the ‘df’ command reports on a per file system basis. It report total disk space , disk space used , disk space
free
#df –h
-h : used multipliers such as G or M for gigabytes and Megabytes

The ‘du’ command reports the number of kilobytes contained by the items within a directory
#du –s
#du –h
-s : used to request only the summary directory information
#du –s /etc

Aliases:
Aliases are shortcut names for large commands. If we have command that run often, but take a
considerable amount of typing, we can reduce these to an aliases.
Alias c=clear
We can make a permanent entry of alias in .bashrc file
Type:
#vi .bashrc
alias c=`clear`
11
save and exit
Test your change by logging out, logging back and type the following
#alias
#c

Default Permission:
The default permission for files is 666 and directory is 777. umask is used to withhold permission. Default
root’s umask is 022. without a umask in effect, only file created will have 666 permission and directory will
have 777. this means that anyone on the system will have read and write access to any file. A umask of 002
will result in file created with 664 permission and directory with permission 775.
Default umask on Red hat enterprise linux is 002. to change
#umask 022
umask is typically set by script run at login time. The next time you lig in umask will be set bask to your
default unless you add command to one of your startup files such as .bashrc.

Run Level:
To check the run level we need to see the file /etc/inittab
#vi /etc/inittab
defaults run – level used by RHS are
0 : hault ( do not set init default to this)
1 : single user mode
2 : multi user mode without networking
3 : multi-user mode with networking
4 : unused
5 : X11 (Graphical)
6 : reboot

#runlevel : this command shows that in which run level you are at present

in init 3 runlevel, if you type command startx to go to the graphical mode then it will not ask you for
password.
By default we have 6 virtual console (text mode), but we van increase or decrease the number of text mode
simply by editing the file /etc/inittab

#vi /etc/inittab
line No 18 : id:5:initdefault
(we can change this value from 1 to 5 as per our need)

Line No 44 :
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
.
.
.
6:2345:respawn:/sbin/mingetty tty6
in these line if we add one more line the number of virtual console increase and if we remove one line ,
virtual console terminal decrease.
For adding
7:2345:respawn:/sbin/mingetty tty7
after editing this file we need to sane and exit
#init q : this command is used to activate the change made.

Welcome Message at the time of login:

We need to edit the file /etc/motd
#vi /etc/motd
12
type any message which we want to display
“WELCOME TO ICON”
save and exit

INSTALLATION:
Installation can be done either by CDROM , NFS, LAN, FTP
Partition type and its size
/ 10000MB
/boot 128MB
/home 1000MB
swap 256 MB ( 1.5 to 2 times more than RAM Size)

to check the RAM size do the following step

Ctrl+alt+f7
Then type the following
#cat /proc/meminfo
this command will display the size and other information regarding RAM
Ctrl+Alt+F7 to return to the installation mode.

Note:
While installation we have to make sure that firewall option should be disable
1. No firewall
2. Selinux disable
Following Package are needed at the time of installation.
Desktop
1. X Window
2. GNOME
Application
1. Text Editor
2. Graphical Internet
3. Text Based Internet
Server
1. Server configuration tools
2. Web Server
3. Mail server
4. DNS server
5. FTP Server
6. Network Server
7. Legacy Network Server ( in this select Telnet)
System
1. Administrative Tools
2. System tools
3. Printing tools

Max Space Needed : 6132MB

Min Space Needed : 681 MB

While Installing Redhat linux 4.0 WS with the help of NFS and FTP, we have to perform the following step
First we have to check the rpm of ftp/nfs
ftp : vsftp-2.0.1…….
nfs : nfs-utils-1.0.6……
Now copy the disk 1 of the Redhat linux into the folder “/var/ftp/pub”
Now copy RPMS of remaining CD’s (Disk 2,3,and 4) inside /var/ftp/pub/RedHat/RPMS/
Now we need to configure the exports file.
#vi /etc/exports

13
/var/ftp/pub 192.168.0.0/255.255.255.0(rw,sync)
save and exit
now start the service
#service portmap restart
#chkconfig portmap on
#service nfs restart
#chkconfig nfs on

Now Boot the new system from disk 1 of Redhat linux and type
Linux askmethod
Choose language : English
Keyboard Type : U.S
Installation Method : NFS Image
NFS Server name : 192.168.0.254
NFS Dierctory : /var/ftp/pub
And continue the installation
There is slightly change in case of FTP

In case of FTP:
Boot the system from disk 1 of redhat linux and type
Linux askmethod
Choose language : English
Keyboard Type : U.S
Installation Method : FTP
Then first mentioned your system ip address in order to identify itself in network
192.168.0.24
255.255.255.0
then mentioned the FTP server address as
192.168.0.254
255.255.255.0
mount point : pub ( as in case of FTP the default path is /var/ftp)
and continue the installation

Kick Start
Kick start is one of the automatic installation method. Before making kick start file we need to check the
rpm
Rpm : system-config-kickstart
Kick start consist of installation wizard which we can configured for another system like general
information, root password, package , set the language, keyboard type, network, installation type etc. then
save the kick start with any name say nfsks.cfg under /root
Suppose we use NFS type then we have to mentioned
NFS Ip address : 192.168.0.254
Path : /var/ftp/pub
Now we have to edit the file nfsks.cfg by editing one line
Selinux-disable
Now we have to configure the file /etc/exports
#vi /etc/exports
/root 192.168.0.0/255.255.255.0(rw,sync)
/var/ftp/pub 192.168.0.0/255.255.255.0(rw,sync)

Now start the service

#service portmap restart
#chkconfig portmap on
#Service nfs restart
#chkconfig nfs on

14
#service dhcpd restart
#chkconfig dhcpd on

Now boot the new system by Disk 1 of RedHat linux

And type
Linux ks=nfs:192.168.0.254:/root/nfsks.cfg
And continue the installation

RPM (RedHat Package Manager)

RPM package contain the file and directories associated with specific application and program.
RPM namegenerally includes version, release and architecture for which it was build.
Like
Zip-2.3-8.i386.rpm

To install RPM:
#rpm –i rpm_name

To Remove RPM
#rpm –e rpm_name

In order to remove those package which has dependency

#rpm –e rpm_name –nodeps

Switches used with RPM

-i or --install
-e or --erase
-U or--Upgrade
-F or --Freshen
we can install rpm by using
#rpm –ivh rpm_name
-I : Install
-v : Verbose
-h : Human view (Hash Sign)

To Upgrade RPM:
#rpm –U rpm_name

To repair any corrupted rpm package

#rpm –F rpm_name

To make any rpm query

#rpm –q rpm_name

To check all rpm of related pacakes

#rpm –qa |grep rpm_name

To check particular file associated with which rpm

# rpm –qf /etc/passwd
passwd file is associated with setup-2.5 rpm

To check the rpm containing which file

#rpm –ql rpm_name
this command will list all the file associated with particular rpm.

To get the information about the particular rpm.

15
#rpm –qi rpm_name

To Install any rpm forely

#rpm –ivh rpm_name –force

Installing dependent packages:

Suppose we have 4 rpm’s r1,r2,r3 and r4 , we need to install r4 but r4 depends on remaining rpm’s then we
use this command.

To check any rpm’s query

#rpm –qa “sendmail*”

To check rpm’s of related service

#rpm –qa |grep bind

Task Automation and Task Scheduling

It is used to perform the task at particular time
Two command are used
a. at
b. crontab
syntax:
#at time
at>command I
at>command II
ctrl+D

Example:
#at 10:30
at>eject
at>eject –t
ctrl+D

Option used
#at now
#at now+5 minutes
#at now+5 hours
#at now+5 days
#at tomorrow
#at 10:30 july 16 2006
we can also restrict the user not to use the ‘at’ command. Restriction will be provided by root login with
administrator.
#vi /etc/at.deny
inside this file we have to just mentioned the name of the user in order to restrict him not to use ‘at’
command.
Just save and exit form the file
By default all users are allowed to use ‘at’ command. ‘at.deny’ is default in system. We can also create a file
‘at.allow’ file. Once we create this file, now by default all users will be restricted to use ‘at’ command and
only that user which have entry on ‘at.allow’ will allow to use the ‘at’ command.
Another method is to make an entry inside the ‘crontab’ file. Entry will be done by the root. Difference
between these two method is crontab is used to perform the same task many times whereas job through ‘at’
command will be removed after the task has been performed.

Syntax: ( By root login)

#crontab –e
six field are listed

16
1 2 3 4 5 6
minute hour day of Month day of command
month Week
Example:
35 10 31 05 3 eject
36 10 31 05 3 eject –t

Minute : 0-59
Hours : 0-23
Day of Month : 1-31
Month : 1-12
Day of Week : 0-7
0 and 7 are Sunday

#service crond restart

#Whereis eject
this command display the path of the command. It is better to use the full path of the command inside
crontab instead of just the name of the command.
We can also make the entry as
35 10 * * * eject
36 10 * * * eject –t

In this case. These two jobs will be performed at 10:35 in every month.
Some command which are executed with ‘at’ or ‘crontab’ send their output to the user mail box. These
command are executed on background and their output is transferred to the particular user’s mail box. In
order to see the output of the command we use.
#mutt
This command will open the mailbox from where we check the output
Some of the switched used with the ‘crontab’
#crontab –l
List out all the job scheduled in crontab.

#crontab –r
Can remove the job from the crontab.

#atq : list the job number scheduled in at

#atrm jobno : to remove any job

Fdisk:
Representation of Hard disk
/dev/hdx
/dev/hda : Primary Master
/dev/hdb : Primary Slave
/dev/hdc : Secondary Master
/dev/hdd : Secondary slave
Fdisk command is used to create a partition
#fdisk –l
Display the partition Listing
Creating Partition
#fdisk /dev/had
Press(m for help): m
Some important switches are
D : delete partition
N : New

17
L : listing
Q : quit
W : Save and Exit
T : changed type

Press : n
l: Logical (5 or above)
p: Logical partition( 1-4)
Type l
First cylinder (Take as default): Press Enter
Last Cylinder or +size or +sizeM or +sizeK (….) : +100M
Command (m for help) : w
# partprobe
( to update the partition table without restarting the computer)

Now we need to format the partition

#mkfs.ext3 /dev/hdax
Where x is the number of partition that is newly created
Now we mount this partition
#mkdir /partx
#mount –t ext3 /dev/hdax /partx
Or
#mount /dev/hdax /partx
To mount this partition permanently make the entry in fstab
#vi /etc/fstab
/dev/hdax /partx ext3 defaults 12

Increasing the Size of Swap Partition

There are possibilities that any time we can increase the size of RAM, at that time we need to increase the
size of swap partition as per the increased size of the RAM.
There are two method of doing so
a. creating partition
b. Creating file
A. Creating Partition:
i. We have to create one partition of size say 200MB and change its type to 82 (swap type) . save
and exit and then run the command “partprobe”
ii. Format the partition say /dev/hda9
#mkswap /dev/hda9
iii. Make the swap partition active
#swapon /dev/hda9
iv. to check the entry of swap partition
# cat /proc/swaps
If we want to make the permanent entry in fstab then
#vi /etc/fstab
/dev/hda9 swap swap defaults 0 0

B. Creating file
i. first make an empty file
#touch /swp
ii. Now we customize the size of the swap
# dd if=/dev/zero of=/swp bs=1M count=200
iii. Format the newly created swap file
#mkswap /swp
iv. Active the swap file
#swapon /swp

18
To check the entry of swap file
#cat /proc/swaps
If we want that automatically this swap file activate , we need to make the entry in /etc/ec.local
# vi /etc/rc.local
Make the following entry
Swapon /swp
Save and exit

User Quota:
Monitoring and controlling disk space usage is another important part of a system administrator tasks.
User quota is used to restrict the amount of disk space on each partition by each user.
Steps
1. Edit the file /etc/fstab
# vi /etc/fstab
Search the following line
“LABEL=/home /home etx3 defaults 1 2”
Just add ‘usrquota’ after the word ‘defaults” as
“LABEL=/home /home ext3 defaults,usrquota 1 2”

2. Remount the home partrition

# mount –o remount /home
Where –o I used to active comma separator used in fstab
After given a quota we must remount the directory with user quota or if we restart the system , it
automatically remount.

3. Now check the mount quota

# quotacheck –avum
Where
-a : Scan file system with quota enabled
-v : Verbose mode
-u : Scan for user quota
-m : Remount file system with quota enabled

4. Now check the /home

#cd /home
#ls
File aquota.user will created)

5. Now add quota for particular user

# edquota –u username
Output of this command
File System Block soft hard inode soft hard
/dev/hda2 24 0 0 9 0 0
1 block=1Kbyte
Suppose we set the userquota by block size i.e we set the soft limit to 3000 and Hard limit to 4000 i.e. 3M
and 4M
/dev/hda2 25 3000 4000 9 0 0
Block and inode has a grace period of 7 days ( by default)

We can set the quota either by setting blocks soft and hard limit of inode ( Number of maximum file
created)

6. Make the quota on

# quotaon /home
7. We can generate the quota information

19
#repquota /home

Note:
We can generate the file of big size to check the quota
Syntax:
#dd if=/dev/zero of=bigfile bs=1M count=3
To check the quota for particular user after login
#quota
To set the grace period for particular user
#edquota –T username

To assign quota of one user to another user

#edquota –p user1 user2

We can also set the quota for particular user by using following command.
#setquota -u username 2000 3000 20 25 /home

Logical Volume manager(LVM)

LVM is an extensible partitioning tool using which we can modify or resize any partition without changing
our existing data.

/dev/hdax
Figure
/dev/hdax

In order to create LV ( logical volume) we need to create a partition.

#fdisk /dev/had
Press( m for Help): n
l : logical
p : Physical
Type ‘l’
First Cylinder : Press Enter
Last Cylinder (+sizeM or +sizeK) : +100M
Command : t : t for change the type
Partition no : x : x is the number of partititon
Type : 8e : 8e for LVM
Command : w
#partprobe

Now we create a Physical Volume (PV)

#pvcreate /dev/hda8
Display the PV Information
#pvdisplay
Now we create Volume group
#vgcreate Vg00 /dev/hda8
Display the Vg information
#vgdisplay
Finally we create a logical volume
#lvcreate –n lv00 –L+50M vg00
Where
-n : logical name
-L: size
Display the LV information
#lvdisplay

20
After creating the logical volume, we need to format
#mkfs.ext3 /dev/vg00/lv00
Finally we mount it on /lvm
#mkdir /lvm
#mount /dev/vg00/lv00 /lvm

Extending the size of LVM

#lvextend –L+50M /dev/vg00/lv00
After adding we need to run ext2online command in order to assign file system type to the added size
#ext2online /dev/vg00/lv00

Reducing the size of LVM

#lvreduce –L-20M /dev/vg00/lv00
If the size of the logical volume is full and we need more space to store data we need to create new
partition , change its type to LVM by ‘8e’ then create the physical volume and add that with volume group
(vg00)
#vgextend vg00 /dev/hda9
After that extend the size of logical volume
In order to delete the logical volume
#umount /lvm
#lvremove /dev/vg00/lv00
#vgremove vg00
#pvremove /dev/hda9
#pvremove /dev/hda8
Then finally using the fdisk remove hda8 and hda9

RAID(Redundant Array Of Inexpensive Disk)

RAID is a series of disk which can save your data even if there is catastrophic failure on one of the disk
RAID are classified as RAID0, RAID1 and RAID 5
RAID 0 : require minimum 2 HDD and also known as stripping without parity
RAID 1: require minimum 2 HDD and also known as disk mirroring
RAID 5: minimum 3 HDD requirement and also known as stripping with parity

First we create the two partition say each of 100MB and then change its type to (‘fd’) Raid
Now we create a RAID
#mdadm –C /dev/md0 –level=1 –raid-disks=2 /dev/hda8 /dev/hda9
Now check the raid
#cat /proc/mdstat
‘OR’
#mdadm --detail /dev/md0
Format the newly created RAID
#mkfs.ext3 /dev/md0
Now mount it
#mkdir /raid
#mount /dev/md0 /raid
In order to check first we fail any one of the partition
#mdadm --manage /dev/md0 --fail /dev/hda8
Check the status of the RAID
#mdadm --detail /dev/md0
Removing the failure partition
#mdadm --manage /dev/md0 --remove /dev/hda8
To add new disk partition
#mdadm --manage /dev/md0 --add /dev/hda10

Note:

21
In order to add new partition first we create the partition and change its type to ‘fd’

Introduction to System Service

Every computer that connect to network require some IP address assign permanently to a computer host
known as static IP address and some IP address leased by DHCP server for a limited period of time known
as dynamic IP address.
There are 2 standard IP address
1. IPv4
2. IPv6
IPv4 has a 32 bit and are in Octet-doted decimal lists
Example: 192.168.254.254
IPv6 address have 120 bits

To check the connectivity

#ping 172.24.254.254
To check the IP address
#ifconfig
To set the IP address
#netconfig
Or
#vi /etc/sysconfig/network
Or
#vi /etc/sysconfig/network-scriptd/ifcfg-eth0
Device = eth0
Boot Proto = static
Onboot = yes
IPaddr = 172.24.0.2
Netmask = 255.255.0.0
Gateway = 172.24.254.254

To make Network UP and DOWN

#ifdown eth0
#ifup eth0
We can also assign temporary IP address to a LAN card. It will remain until we restart the computer then
after that it will take IP address from ifcfg-eth0
#ifconfig eth0 172.24.0.10

Introduction To System Service

According to the service management, service are divided into three category
1. service which are managed by init command, which are not TCP/IP services
2. service which are managed by service command
3. service which are based on xinetd that is some back ground process services
to check the service whether ON or OFF use
#service service_name status
#chkconfig –list
#chkconfig –list service_name

Example:
#service nfs status
#chkconfig –list
#chkconfig –list nfs

To Make service ON or OFF

#chkconfig nfs on
#chkconfig nfs off

22
To stop the particular service for particular Run level
#chkconfig –level 3 nfs off
#chkconfig –level 3 5 on/off
To make on or off in run level 3 and 5

#ntsysv : will start /stop all the services in a particular run level. It will display the dialog box in which all
the services are mentioned

DHCP(Dynamic Host Configuration Protocol)

DHCP provides IP address to host computer dynamically by the range of addresses or statically or fixed
address by MAC address

Service Profile
Type : System V managed Service
Package : dhcp
Daemon : dhcpd
Script : dhcpd
File : /etc/dhcpd.conf
Port : 67,68
First check the rpm
#rpm –q dhcp
Copy and rename dhcpd.conf.sample to dhcpd.conf in /etc
#cp /usr/share/doc/dhcp-3.0.1/dhcpd.conf.sample /etc/dhcpd.conf
Now open file
#vi /etc/dhcpd.conf

Set the following configuration

Subnet : 172.24.0.0;
Netmask : 255.255.0.0;
Option router : 172.24.254.254;
Option subnet-mask : 255.255.0.0;
Option nis-domain : “RHCE”;
Option domain-name : “example.com”;
Option domain-name-server : 172.24.254.254;

Range dynamic-bootp 172.24.0.1 172.24.0.10

Save and exit
Start the service

#service dhcpd restart

#service portmap retstart

#chkconfig dhcpd on
#chkconfig portmap on

Client Side
#dhclient
Dhclient is used to give the request to dhcp server to assign an address to client
Now if we want to assign the static IP address by their MAC address

#vi /etv/dhcpd.conf
Set the following configuration

host stationX {

23
 hardware Ethernet 00:34:e3:5r:q1:34;
fixd-address 172.24.0.54;
where
x : Station number

NFS(Network File System)

NFS server is used for file sharing and directory sharing between linux to linux machine

Service Profile
Type : System V-managed
Package : nfs-utils
Daemon : rpc.rquotad, rpc.statd.nfsd
Script : nfs
Port : 2048
Configuration File : /etc/exports

Check the rpm

# rpm –q nfs-utils

Server Setting
First make the folder which you want to share
#mkdir /share
#cd /share
#touch a d f
#chmod o+w a b
Now open the configuration file
#vi /etc/exports
Make the following entry

/share 172.24.0.0/255.255.0.0(rw,sync)

Save and exit

/share will be shared by the entire network

Start the service

#service portmap restart
#chkconfig portmap on
#service nfs restart
#chkconfig nfs on
Note:
We need to restart the service portmap before nfs service in order to assign port number.
To check
#showmount –e 172.24.254.254
#showmount –e server1

Client
Mount the /share directory on client machine
#mount –t nfs:172.24.254.254:/share /mnt
Where /mnt is a mount point

For sharing particular IP address

Server:
#vi /etc/exports
/share 172.24.0.3/255.255.0.0(rw,sync)

24
/share 172.24.0.4/255.255.0.0(rw,sync)

For two different network

#vi /etc/exports
/share 172.24.0.0/255.255.0.0(rw,sync)
/share 172.25.0.0/255.255.0.0(rw,sync)

For all world

#vi /etc/exports
/share *(rw,sync)
If we give a space between the network and (rw,sync), then it will mount for everyone
#vi /etc/exports
/share 172.24.0.0/255.255.0.0 (rw,sync)
If we give no permission then it will take (ro,sync)

#export –r
#export –a
#export –ar
If we run this command then there is no need to restart portmap and nfs again and again.

NIS(Network Information Service)

NIS provide simple directory service for system and account information. NIS server is used to manage the
system and account information on multiple system from the central server.

Service Profile
Type : system V manage
Package : Server
Portmap ypserv make
Client
Authconfig authconfig-gtk portmap yp-tools ypbind
Daemon : rpc.ypserv rpc.yppasswddd
Script : ypserv, yppasswdd
Configuration : /etc/sysconfig/network
/var/yp/Makefile

Server Setting:
Steps
1. Check the rpm’s

#rpm –q portmap ypserv make

2. Edit the file

#vi /etc/sysconfig/network
Define the following line
NISDOMAIN=ICON
Save and exit

3. Edit the file

#vi /var/yp/Makefile
Search for “/all: “ line
Remove all the entry except
all: passwd group hosts netid
save and exit

25
 4. Start the service
#service portmap restart
#chkconfig portmap on
#service ypserv restart
#chkconfig ypserv on

5. Now create a database for NIS server

# /usr/lib/yp/ypinit –m
-m : Master

6. Now create a user with home directory /rhome/nisuserX

#mkdir /rhome
#adduser –d /rhome/nisuser1 nisuser1
#passwd nisuser1

7. Make the entry of the home directory of user in /etc/exports file

#vi /etc/exports

/rhome/nisuser1 172.24.0.0/255.255.0.0(rw,sync)

Save and exit

8. start the service

#service portmap restart
#chkconfig portmap on
#service nfs restart
#chkconfig nfs on
#service yppasswdd restart
#chkconfig yppasswdd on

9. Finally Update the database

#cd /var/yp
#make

Client Setting:
1. Check the rpm’s

#rpm –q portmap authconfig authconfig-gtk yp-tools ypbind

2. Run the command

#authconfig
Or
#system-config-authentication

In this enable and write the following option

“Enable NIS option” and Press F12
In NIS Setting
Domain : ICON
Server : 172.24.254.254
3. Edit Two File “auto.master” and “auto.misc”

#vi /etc/auto.master

/rhome /etc/auto.misc --timeout=60

This file define the path of the home directory

26
#vi /etc/auto.misc

Nisuser1 -rw,soft,intr 172.24.254.254:/rhome/nisuser1

Save and exit

4. Start the service

#service autofs restart
#chkconfig autofs on

5. Run the following command to check the password

#ypcat passwd
#getent passwd
ypcat will display the entry of server user information
getent will display the entry of local and server user information

6. Finally login with user as “nisuser1” and passwd

DNS(Domain Name Server)

DNS translate IP address to hostname or vise versa

Service Profile
Type : System V manage
Package : bind, bind-chroot, caching-nameserver, bind-utils
Daemon : named
Script : named
Configuration file : /var/named/chroot/etc/named.conf
/var/named/chroot/var/named/*
Port : 52 (UDP), 53 (TCP)

Server Setting
1. Edit the file named.conf
#vi /var/named/chroot/etc/named.conf
Edit the line after copying line N 37 to line 47
Zone “example.com”{
Type master;
File “example.zone”;
Allow-update {none;} ;
};
Zone “24.172.in-addr.arpa”IN{
Type master;
File “example.local”;
Allow-update {none;};
};

2. Now Enter inside the following directory

#cd /var/named/chroot/var/named
Make two file by copying
#cp localhost.zone example.zone
#cp named.local example.local

3. Edit the file example.zone

$TTL 86400
@ IN SOA server1.example.com. root.server1.example.com. (

27
 ……….
……….
……….
……)
@ IN NS server1.example.com.
254.254IN PTR server1.example.com.
1.0 IN PTR station1.example.com.
2.0 IN PTR station2.example.com.
4.0 IN PTR station3.example.com.
Note:
Like this we can make entry all the stations connected to that network

Save and exit

4. Edit example.local file

#vi example.local
$TTL 86400
@ IN SOA server1.example.com. root.server1.exampler.com (
…………
…………
…………
….)
@ IN NS server1.example.com.
Server1 IN A 172.24.254.254
Station1 IN A 172.24.0.1
Station2 IN A 172.24.0.2
Station3 IN A 172.24.0.3
Station4 IN A 172.24.0.4
www IN CNAME server1
www1 IN CNAME station1
www2 IN CNAME station2
www3 IN CNAME station3
www4 IN CNAME station4

save and exit

5. Start the service

#service named restart
#chkconfig named on

6. Dig the server

#dig server1.example.com
#nslookup server1.example.com
#nslookup 172.24.254.254

7. Check the file /etc/hosts file

DNS Client

Open the file and check the setting

#vi /etc/resolv.conf
Nameserver 172.24.254.254
Search example.com

Save and exit

28
Now finally use the Dig and nslookup command to check the DNS from client side

Term
IN : Internet
SOA : Start Of Authority
TTL : Time to Line
NS : Name server
A : Address Record
PTR : Pointer Record
MX : Mail server
SOA is the first line in the zone file. It identifies the name server as the authoritative source for information
about this domain
TTL indicate how long to hold the data in their cache
NS shows the name of name server
A shows the IP address for name server
MX is a mail Exchange record
PTR is used to point to the name server
CNAME is CONONICAL name shows the real name of the host

Squid Proxy Server

Proxy server is used for Internet Sharing

Server Profile
Type : System V manage
Package : Squid
Daemon : Squid
Script : Squid
Configuration : /etc/squid/squid.conf
Port No : 8080 , 3128
Steps

1. Check the rpm’s

#rpm –q squid

2. Edit the file squid.conf

#vi /etc/squid/squid.conf
Line number 54
http-port 8080

Line number 481

cache-mem 100MB

Line number 1805 (syntax : acl acl_name acl_type network or domain)

acl icon src 172.24.0.0/255.255.0.0

Line number 1865

http-access allow icon

In order to deny we write

http-access deny aclname
Like
http-access deny icon

If we want to restrict any site

29
Syntax : acl aclname acltype Name or domain
Example:
acl icon1 dstdomain .hotmail.com

Start the service

#service squid restart
#chkkconfig squid on

Client Side:
1. Click on Mozilla Web Browser
2. Click editÆPreferences
3. Click on “Connection Setting”
4. Select “ Manual Proxy Configuration”
Http Proxy : 172.24.254.254 Port 8080

Send Mail
Sendmail is used to configure the mail server on the server in order to send and receive the mail.

Service Profile
Type : System V manage
Package : sendmail, sendmail-cf, procmail, mutt , m4
Daemon : sendmail
Port : 25
Configuration File : /etc/mail/sendmail.mc
/etc/mail/sendmail.cf
/etc/mail/access
/etc/aliases
Steps:
1. Edit the file sendmail.mc
Line number 105
DAEMON-OPTION(……………………….)
Disable this line by adding
dnl#
2. Now create a new sendmail.cf file through sendmail.mc
#m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

3. In order to allow / restrict other network or client or any user to send mail we edit file
/etc/mail/access
#vi /etc/mail/access
172.24 OK
172.24.0.4 REJECT
root@station6.example.com DISCARD
OK : Allow
REJECT : restrict and message reply will come
DISCARD : restrict and message reply will not come

4. In order to redirect the mail of any user to another we edit

#vi /etc/aliases
Root : raj,rakesh,root@station6.example.com
After editing this file, we need to run the ‘newaliases command to update the file
#newaliases

5. Start the Service

#service sendmail restart
#chkconfig sendmail on

30
 6. To check the mail
#mutt
If any problem come that /var/spool/mail/root does not exits then create a file by
#touch /var/spool/mail/root

CUPS(Common Unix Printer System)

UPS is the primary printing system under Re Hat Enterprise Linux. CUPS support a new Internet Printing
Protocol (IPP), based on HTTP/1.1

Configuration
Steps:
1. Type the following command
#printconfig
Or
#system-config-printer

Assign
Queue name : xyz
Device name : IPP
Select Printer Driver “ raw printer queue”
Server : server1.example.com
Path for the Queue Directory : /printer/xyz

And finish the Wizard

2. Check the status of the Queue

#lpq

3. To Print any file

#lp <filename>
#lpr <filename>

4. To remove any job

#lprm job_number
Or
#cancel job_number

5. To check status with job number

#lpstat

FTP(File Transfer Protocol)

FTP provides file sharing between linux to linux , linux to Unix and Linux to Windows

Service Profile
Type : System V manage
Package : vsftpd
Daemon : vsftpd
Script : vsftpd
Configuration File : /etc/vsftpd/vsftpd.conf
Port : 21

FTP service provide two level of access

31
 a. Anonymous Access
b. User Access
A
In Anonymous access client machine can connect to target machine via users FTP and anonymous.
In this case we don’t require password. By default these users have only permission to download (get)

B
In user access, client machine connect to Target machine by having username and password on
Target machine

For anonymous user FTP working directory is ‘/’

/ = /var/ftp

We can also provide user level security

We have two files
#vi /etc/vsftpd.ftpuser
#vi /etc/vsftpd.user_list

User entry in these two file are not allowed to access ‘ftp’
If we want that user entry in vsftpd.user_list can only access ftp server then we need a entry in vsftpd.conf
#vi /etc/vsftpd/vsftpd.conf
Add following line

Userlist-deny = No

In order to assign upload permission to ftp and anonymous users

#vi /etc/vsftpd/vsftpd.conf
Anonymous-enable = yes

#uncomment line 27
Anon-upload-enable = yes
#uncomment
Chown-uploads = yes
Chown-username = daemon

Now create a directory inside /var/ftp

#mkdir upload
#chmod 777 upload
Chgrp ftp upload
Assign group owner ship to ftp to ‘upload’ directory

Start the Service

#service vsftpd restart

Access FTP
#ftp 172.24.254.254
For Anonymous user
Username = ftp
Password =`press Enter`

For User Access

Username = rakesh
Password = *****

32
In Graphical
ftp://rakesh@172.24.254.254

To upload: put
To download : get
Example:
#put <filename> to upload any file in user home directory
#get <filename. To download any file from user home directory

We can also open ftp server as

#elinks ftp://172.24.254.254

APACHE WEB SERVER

Apache Web Server is used for Web Hosting. With the help of Apache we can host multiple Website.

Service Profile
Type : System V Manage
Daemon : httpd
Script : httpd
Port : 80
Package : httpd, portmap
Configuration File : /etc/httpd/conf/httpd.conf

Steps:

1. Check the rpm

#rpm –q httpd

2. For multiple Hosting we need to uncomment line number 1003

NameVirtualHost 172.24.254.254:80
Now copy line No 1016 to No. 1022 and paste at last

<VirtualHost 172.24.254.254:80>
ServerAdmin root@server1.example.com
DocumentRoot /www
ServerName server1.example.com
</VirtualHost>

Save and exit

Now create a directory

#mkdir /www
#cd /www
#vi index.html

Now start the service

#service httpd restart
#service portmap restart
#chkconfig httpd on
#chkconfig portmap on

Now dig the site

#dig server1.example.com
#elinks http://server1.example.com
Restriction For User to Access Web site

33
#vi /etc/httpd/conf/httpd.conf
<VirtualHost 172.24.254.254:80>
ServerAdmin root@server1.example.com
DocumentRoot /www
ServerName Server1.example.com
<Directory /www>
Option Indexes Includes
AllowOverride Authconfig
</Directory>
</VirtualHost>

Now create one file .htaccess in /www

#vi /www/.htaccess
AuthName “allow users”
AuthType Basic
AuthUserFile /etc/httpd/ht.access
Require valid-user

Save and Exit

Now create one user

#adduser raj
#htpasswd –c /etc/httpd/ht.access raj
#chgrp apache /etc/httpd/ht.access

Start the Service

#service httpd restart
#chkconfig httpd on

#elinks http://server1.example.com

Open SSH Server

SSH or Secure Shell is used for the purpose of remote login between linux to linux and linux to Unix. The
mail difference between SSH and telnet is that SSH can be used for file transfer.

Service Profile
Type : System V manage
Package : open ssh, open ssh-server, openssh-client
Daemon : sshd
Port : 22
Script : sshd
Configuration File : /etc/ssh/sshd-config

If you want root should not login then

#vi /etc/ssh/sshd-config
Line
PermitRootLogin No
Uncomment line number 13 and 14
Port 22
Protocol 2,1
Save and exit

Start the service

#service sshd restart

34
#chkconfig sshd on

#ssh raj@172.24.254.254 ( by User)

#ssh 172.24.254.254 (By root)
If you want to display any welcome Note at the time of connecting
#Banner
Banner /etc/banner

If you want to copy file from ssh server to client

#scp 172.24.254.254:/root/install.log /mnt

If you want to directory

#scp –r 172.24.254.254:/root/raj /mnt

If you want to copy file from client machine to ssh server

#scp /root/anaconda-ks.cfg 172.24.254.254:/root

Remote shut down

#ssh 172.24.0.6 init 6
Or
Slogin command can also be used

Samba
Samba can be used to share file and printer between linux to linux, linux to Unix and Linux to windows

Service Profile
Type : System V Manage
Package : Samba, samba-common, samba-client
Daemon : smbd, nmbd
Script : smb
Port : 167,168,169
Configuration file : /etc/samba/smb.conf, /etc/samba/smbpasswd.

Edit the file smb.conf

#vi /etc/samba/smb.conf
Workgroup = CORP
Server String = Samba
Host allow = 172.24.254.254/255.255.0.0
Then copy last 8 line
[raj]
Path = /data
Valid users = raj rakesh
Public = no
Writeable = yes
Browse able = yes
Save and exit

Now create a Users

#adduser raj
#adduser rakesh

#smbpasswd –a raj
#smbpasswd –a rakesh

Start the service

35
#service smb restart
#chkconfig smb on

On client side
#smbclient //172.24.254.254/raj –U raj

GUI
Smb://172.24.254.254

Mounting share folder

#smbmount //172.24.254.254/data /mnt –o username=rakesh

IP Forwarding
In Linux, we can’t use a computer with two network interface to route between two or more subnet. To be
able to do this we need to make sure that we enable IP forwarding. We should make sure that module is
loaded. To check type
#cat /proc/sys/net/ipv4/ip-forward
If forwarding is enabled, the number 1 is returned. If forwarding is not enabled, the number 0 is returned.
To enable IP forwarding
#vi /etc/sysctl.conf
Line no.7
Net.ipv4.ip_forward = 1
Save and exit
To activate permanently
#sysctl –p
Or another method is
#echo 1 >/proc/sys/net/ip_forward
This work for temporary use till system is ‘ON’

Now for the first network

#netconfig
IP address : 172.24.254.254
Subnet : 255.255.0.0
Default Gateway : 172.25.254.254
Primary server : 172.24.254.254

Second network
#netconfig –d eth0:1 (-d : virtual)
IP Address : 172.25.254.254
Subnet : 255.255.0.0
Default Gateway : 172.24.254.254
Primary Server : 172.24.254.254

Security Policies
According to the service management, there are three type of security policies
1. Security within a service
2. security provided by TCP wrappers
3. security provided by xinetd

TCP Wrappers
Configuration needed two file
a. Hosts.allow
b. Hosts.deny
By default all are allowed
36
Check the rpm
#rpm –q tcp_wrappers
Syntax
Daemon_list : client_list

Example 1: Network 172.24.0.0 are not allowed to use ftp service

#vi /etc/hosts.deny
Vsftpd : 172.24.0.0/55.255.0.0

Example 2 : allowing 172.24.0.0 and deny outside network (172.25.0.0)

#vi /etc/hosts.allow
Vsftpd : 172.24.0.0/255.255.0.0

#vi /etc/hosts.deny

Vsftpd : 172.25.0.0/255.255.0.0

In order to deny other network

Vsftpd : ALL

Deny other network except 172.24.0.0

In this case just make entry in hosts.deny

#vi /etc/hosts.deny
Vsftpd : ALL EXCEPT 172.24.0.0/255.255.0.0

Similarly we can make entry for SSH, IMAP, and POP3

Example 3: Network 172.26.0.0, 172.24.0.1, 172.24.0.2 allowed to use SSH service

#vi /etc/hosts.allow
Sshd : 172.24.0.1 172.24.0.2 172.26.0.0/255.255.0.0

Example 4: Network example.com, redhat.com allowed to use telnet service

#vi /etc/hosts.allow
In.telnetd : .example.com .redhat.com
Or we can assign station wise
In.telnetd : station1.example.com

Example 5: Allowing 172.24.0.0 except 172.24.0.1 to use ssh service and disallowing all other network
#vi /etc/hosts.deny
Sshd : ALL EXCEPT 172.24.0.0/255.255.0.0 EXCEPT 172.24.0.1
Some of the daemon are
Imapd
Ipop3d
Smbd, nmbd

Telnet
Telnet service is used for the purpose of remote login between linux to linux, linux to unix and linux to
windows
Service Profile
Type : xinetd
Package : telnet-server, telnet
Daemon : based on xinetd
Script : based on xinetd

37
Configuration : /etc/xinetd.d/telnet

Check the rpm

#rpm –q telnet-server telnet

Edit the file

#vi /etc/xinetd.d/telnet
Make
Disable = no
Save and exit

Start the service

#service xinetd restart
#chkconfig xinetd on

Security setting
1. For particular system
#vi /etc/xinetd.d/telnet
Only_from = 172.24.0.6
Save and exit
By default all node in a network can access through telnet

2. For range of node

#vi /etc/xinetd/telnet
Only_from = 172.24.0.{1,2,3,4}

3. Deny particular node

#vi /etc/xinetd/telnet
No_access = 172.24.0.6

Time setting
#vi /etc/xinetd/telnet
Acees_time = 04:15=04:30

If we want to login with username as root and by default we cannot

#vi /etc/securetty
Add two line
Pts/0
Pls/1

Configuration of POP3 and IMAP

IMAP is used for the authentication and POP3 is used for mailing
We need to configure
#vi /etc/dovecot.conf
Uncomment line No. 14
Protocols = imap imaps pop3 pop3s
Save and exit
Start the service
#service dovecot restart
#chkconfig dovecot on
#chkconfig xinetd on
Now in order to provide security
Allowing local network to access the pop3 and imap and disallowing other
#vi /etc/hosts.allow
Ipop3d : 172.24.0.0/255.255.0.0

38
Imapd : 172.24.0.0/255.255.0.0

#vi /etc/hosts.deny
Ipop3d : ALL
Imapd : ALL

These permission are set when host from local network can access pop3 and imap and hosts from other
network does’nt allow

In order to disallow outside network say 172.25.0.0

Ipop3d : 172.25.0.0/255.255.0.0
Imapd : 172.25.0.0/255.255.0.0

To check the status

#nmap stationx
Or
#namp localhost

Digital Certification
Certificate is used for the purpose of authentication
Steps
1. Check for devecot.pem file in
#cd /usr/share/ssl/certs
#rm dovecot.pem
#make dovecot.pem
In this we have to make the following entries
a. country
b. state
c. street
d. company and unit name
e. station name
f. email address
after making all those entry we need to copy this file
#cp dovecot.pem /usr/share/ssl/private/dovecot.pem
Overwrite : yes
To check the status or entry
#openssl x509 –noout-subject </usr/share/ssl/private/dovecot.pem

Low Level Format

The command ‘shred’ is used for low level format 25 times, we can’t recover files after this
#shred /dev/hda

UMask
User Mask
Default value for root = 0022
Default value for users = 0002
When we create any new file. The default value will be 666. in this case Umask means 666-002 = 664 for
normal user and for the root the default value will be 666-022=644
The default value for a directory is 777. in this case umask means that whenever we create new directory,
the default valkue for normal user 777-002 = 775 and for root, the default value 777-022 = 755
Some Important File Settings:
1. GRUB.CONF
GRUB stands for GRand Unified Bootloader. It is the default boot loader used by Red Hat Linux
Grub.conf file found in /boot/grub/grub.conf and its symbolic links found in /etc/grub.conf
39
#vi /etc/grub.conf
Default = 0
Timeout = 5
Splash image=(hd0,0)/grub/splash.xpm.gz
Hidden menu
Title Redhat Linux
Root (hd0,0)
Kernel /vmlinuz-2.6.9-5.EL ro root=LABEL=/ rhgb quiet
Initrd /initrd-2.6.9-5.EL.img

2. INITTAB FILE
Run level setting are done in inittab file. Inittab found in
/etc/inittab
#vi /etc/inittab
id:5:initdefault:
si::sysinit:/etc/rc.d/rc.sysinit
l0:0:wait:/etc/rc.d/rc 0
l1:1:wait:/etc/rc.d/rc 1
l2:2:wait:/etc/rc.d/rc 2
l3:3:wait:/etc/rc.d/rc 3
l4:4:wait:/etc/rc.d/rc 4
l5:5:wait:/etc/rc.d/rc 5
l6:6:wait:/etc/rc.d/rc 6

ca::ctrlaltdel:/sbin/shutdown –t3 –r now *

1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty tty5
6:2345:respawn:/sbin/mingetty tty6

X:5:respawn:/etc/x11/prefdm –nodaemon

Setting Grub Password

Two method are used to set grub password
Method I:
#vi /etc/grub.conf
Below
Hiddenmenu
Password = redhat
This password is not in encrypted form.

Method II: Encrypted form

#grub-md5-crypt >>/etc/grub.conf
Enter two times the password
In this case the password will be encrypted and directed (>>) to file grub.conf
Now open file
#vi /etc/grub.conf
Copy that password line from the bottom most and paste it bellow hidden menu option as
Password –md5 <password>
Save and exit

40