red hat sys admin 1
DESCRIPTION
Red Hat Sys Admin 1TRANSCRIPT
Written by Arthur Berezin 054-2266463
GNOME
● GNOME is default graphical environment● Lets you use your mouse and keyboard● Includes integrated apps
● Nautilus File Manager● Gedit Text Editor● and many more...
Written by Arthur Berezin 054-2266463
GNOME
Switch workspace with keyboard
ctrl + alt + [ Left Arrow | Right Arrow]
or
● SwitchWorkSpace
Written by Arthur Berezin 054-2266463
GNOME
● Linux is knows for it's Command Line● Why graphical Environment ?
● Some things are easier● Useful to understand differences● Support users as Sysadmin
● The command line is very important
Written by Arthur Berezin 054-2266463
Password
● Regular User Requirements: ● Must have 6 chars● Must not be based on dictionary word● Must be complex (Chars, Caps, Nums)
● User root may set any password ● To himself ● Any other user
Written by Arthur Berezin 054-2266463
Password
● Change PasswordUsing GUI
● Or
# passwd in Bash
Written by Arthur Berezin 054-2266463
Text Configuration Files
● Linux basic design principle ● Easier for humans● Simple editor can fix problems● Most programs use text configuration files
Written by Arthur Berezin 054-2266463
gedit
● Graphical tool for editing text files
● CommandLine Editors:● vi● vim● nano
Written by Arthur Berezin 054-2266463
Nautilus
● Gnome file manager● Explore file-system● View file properties● Manipulate files
– Copy, Delete, Move,Cut, Paste..
● Applications > System Tools > File Broser
Written by Arthur Berezin 054-2266463
Nautilus
● Default view: Spatial mode● Open folders in new windows● May be changed to Browser Mode
– System > Preferences > File Managment● Behavior > Always Open In Browser Windows
Written by Arthur Berezin 054-2266463
Nautilus
● Allows access to remote systems● FTP● Windows Shares● SSH (remote login)● NFS (Network File-system)
Written by Arthur Berezin 054-2266463
Nautilus
● Nautilus tips:● List View [ View > List | CTRL + 2 ]● Hidden Files
– Name begins with (.) period– View > Show Hidden Files
● Drag and Drop – Same Partition: Move– Different Partition: Copy
● Command Line: ls(List), mv(Move),cp(Copy), mkdir
Written by Arthur Berezin 054-2266463
Nautilus
● Nfs shares with autofs in /net/host
Written by Arthur Berezin 054-2266463
Unit ThreeGETTING HELP
Local DocumentationOn-Line Red Hat Documentation
Getting most from Support
Written by Arthur Berezin 054-2266463
Local Documentation
● Man pages● Most commonly used● Documenting commands and configuration files● Decided into chapters
● GNU Info● Hypertext books
● Gnome help system● For desktop environment● Hypertext books
Written by Arthur Berezin 054-2266463
GNU Info
● To access open GNOME help browser● Go to > GNU Info Pages● Search info:[node name]
– For example info:GRUB
Written by Arthur Berezin 054-2266463
Man pages
● On GNOME help Brewser● Search man:man-page
● Same items on different pages can appear● Specify chapter
● Man:passwd(5)
● Command Line: man, info● More documentation in /usr/share/doc
Written by Arthur Berezin 054-2266463
On-Line Red Hat Documentation
● Documentation● Http://access.redhat.com/docs
– Release notes– Installation Guide– Migration Planing Guide– Deployment Guide–
● Customer Portal● Bunch of info● Knowledge-base
Written by Arthur Berezin 054-2266463
Getting most from Support
● Define the problem, how to reproduce?● Do your homework
● Documentation● k.bases
● Background info● Software versions
● Diagnostics Info● Sosreprot collects logs and conf. files
Written by Arthur Berezin 054-2266463
Unit FourLOCAL SERVICES
The root UserSystem ClockPrint QueuePrint Jobs
Written by Arthur Berezin 054-2266463
Role of user: root
● User root is the superuser● Has all power over the system● Has power to override normal privileges● install, remove, software, Manage configuration● Most devices controlled by root
● Exeption: USB
Written by Arthur Berezin 054-2266463
Role of user: root
● “With Great Power Comes Great Responsibility” Stan Lee
● Unlimited power to damage the system
● We will use normal user, and gain power when needed● Command: su substitute user● Command: sudo execute command as another
user
Written by Arthur Berezin 054-2266463
System Clock
● Network Time Protocol (NTP)● Time synchronization Protocol● Makes the seconds shorter if it rushes● Reduces time differences between systems● Recomended to have at least three NTP servers
Written by Arthur Berezin 054-2266463
Printers
● Common Unix Priniting System (CUPS)● Locally or network● Supports IPP, LPD(Linux Printer Daemon) and
Microsoft Shared Printers
Written by Arthur Berezin 054-2266463
Printers
● Each printer has one or more queues● Print job is sent to a queue● System Administrator sets a printer● System > Administration > Printing● Web interface TCP port 631
● Http://localhost:631● Http://localhost:631/help
● Man: man system-config-printer(1)
Written by Arthur Berezin 054-2266463
Unit FiveBASH
Bash SyntaxUsing Bash
Launching graphical commands as root
Written by Arthur Berezin 054-2266463
Introduction to Bash
● Shell Command Line Interface● Bash – Red Hat Default Shell● Bash – “bourne again shell” ● Improved version of old unix bourne shell(sh)● Looks like windows cmd.exe
Written by Arthur Berezin 054-2266463
Using Command Line
● Application > system tools > Terminal● right click on the desktop > Open Terminal● Prompt line
● Current user● Short hostname● Directory● $ for normal user● # for superuser
Written by Arthur Berezin 054-2266463
Using Command Line
● Command line usually have three basic parts● Command● Options
– One dash for short (-a) or two for full option name (--all)● Arguments
● # df -h /home
● --help for syntax
Written by Arthur Berezin 054-2266463
Using Command Line
● Conventions● [ ] is optional● ... is N times ● | choose any of the options● <> variable Data
– <FILENAME> for example
● Man is your friend, man bash
Written by Arthur Berezin 054-2266463
Using Bash
● #passwd
● # id
● # su [ - ] username● -c for single command (similar to Run As.)
● # exit
Written by Arthur Berezin 054-2266463
Useful Features
● Tab Completion● Allows quickly complete commands
● History● !<>
Written by Arthur Berezin 054-2266463
Launching Graphical Tools from bash
● Command &
● CTRL + c Cancel
● CTRL + z Background
● # jobs – running commands● # fg - bring to front ground
Written by Arthur Berezin 054-2266463
Unit SixMANAGE STORAGE I
PC Storage ModelDetermine Disk UsageManage Virtual Guests
Create a New File System
Written by Arthur Berezin 054-2266463
Partitions
● Hard disks are split into partitions (IBM)● Each partitions has a file system● Each partitions can be used for a different
purpose● Example: home partition, system partition
Written by Arthur Berezin 054-2266463
Master Boot Record
● RHEL(Red Hat Enterprise Linux) and Windows use Master Boor Record partitioning system
● This backs to IBM PC (early 80's)
Written by Arthur Berezin 054-2266463
Master Boot Record
● MBR is the first Sector of the Hard Disk (512 bytes)
– First 446 is part of the Boot Loader– Last 64 is the Partition Table
Written by Arthur Berezin 054-2266463
Partition Table
● Has room for 4 primary partitions● Contains info on each partition
– first sector– Last sector– Code that indicates information type(fs, lvm..)
● If more needed one is used as extended partition● Divided into logical partitions
Written by Arthur Berezin 054-2266463
Disk Utility
● Graphical utility to easily manage disk partitions● List available devices, Disk Partitions, Info● Allows to re-partition the disk● Application > System Tools > Disk Utility
Written by Arthur Berezin 054-2266463
Disk Utility
● Allows to create new partitions
● Partitions must be formated
● Standard system uses EXT4 filesystem
● To use filesystem we need to mount it
Mount -t <filesystem type> <device> <Mount Point>● Mount point – empty directory● When mounted the filesystem can be view as content of the directory
● This is called “Mounting file-system on mount-point”
Written by Arthur Berezin 054-2266463
/etc/fstab
● Text file lists all mounted partitions on boot● Can be edited only by root● Example line:
● /dev/sda6 /data/ ext4 defaults 1 2
Written by Arthur Berezin 054-2266463
Unit SevenMANAGE LOGICAL VOLUMES
LVM ConceptDisplay LVM Usage
Deploy LVMExtending LVM Storage
Extending File-system on LVMRemove a disk form LVM
Written by Arthur Berezin 054-2266463
Logical Volume Management
● A flexible way to manage disk space● Disk Partitions are pooled together, then
divided into Logical Volumes● This allows :
● creating file-system larger then physical disks● Dividing the disk to unlimited amount● Extend file-systems without re-formatting
Written by Arthur Berezin 054-2266463
Logical Volume Management
● Physical Volume(PV) Physical partition marked with LVM type
● Volume Group(VG) Collection of one or more Pvs(Virtual Disk Drive)
● Logical Volume (LV) virtual partition within the VG, formatted with filesystem.
● Physical Extent chunk size from which LVM is built
Written by Arthur Berezin 054-2266463
Extending a Volume Group
● VGs can be extended by adding additional PVs● Additional VG can be on same disk or on
another disks● Or extending existing LVs
Written by Arthur Berezin 054-2266463
Extending a Logical Volume
● Can be extended with free extents● File-system must be extended after extending
Logical Volume
Written by Arthur Berezin 054-2266463
Removing Physical Volume
● Usually done to replace to newer/larger disks● Data from PV can be migrated to another PV● This can be done without disturbing LVM
Written by Arthur Berezin 054-2266463
Unit EightMONITOR SYSTEM RESOURCES
Process, Priorities and SignalsSystem Monitor
Process ManagementDisk Usage Analyzer
Written by Arthur Berezin 054-2266463
Processes
● Process is running Program● Kernel keeps track of all process● Process has
● Address space memory● Threads● Security context● PID
● Kernel tells this info in /proc/<PID>
Written by Arthur Berezin 054-2266463
Processes
● Child Process - When a process starts another process
● Child prcoess inherits it's parant characteristics● Environment● User● Group
● A child can also have a child● When the parent dies, all it's children die
Written by Arthur Berezin 054-2266463
Signals
● The Kernel communicates with process thought signals
● Signals report events or errors.● Usually Signals result in exiting a process● SIGTERM – terminates a process in a clean
manner● SIGKILL – Kills a process immidiately
Written by Arthur Berezin 054-2266463
Process Scheduling
● Only one process can run each time on a core● Every process has scheduling priority
● Ranking system among running processes
● Linux process scheduler divides cpu time into slices
● Higher priority runs first● The formula is complex but we can effect the
niceness value
Written by Arthur Berezin 054-2266463
Niceness
● Range from -20 to +19 indicates bonus or penalty
● Most processes are 0 nice ● Users can only increase niceness● Root can decrease niceness● All ready processes with equal nicess will share
CPU time equally
Application > System Tooles > System Monitor
Written by Arthur Berezin 054-2266463
Disk Usage
● Disk Usage Analyzer is used to analyze disk space usage
● A visual tool● Shows info as browsable ring charts ● Application > System Tools > Disk Usage
Written by Arthur Berezin 054-2266463
Unit NineMANAGE SYSTEM SOFTWARE
Software InventoryRed Hat Network(RHN)
Manage Packages
Written by Arthur Berezin 054-2266463
RPM – Red Hat Package Manager
● Standard way to package software● Provides all needed tools to install, remove
update and manage software● Ensures all needed libraries installed● All software provided by Red Hat is RPM ● Most vendors provide software to Red Hat
Enterprise Linux via RPM Packages
Written by Arthur Berezin 054-2266463
RPM - Redhat Package Manager
● RPM is an Archive contains● All Software files● Configuration Files● Information about the program● Dependencies – other needed package names (shares
libraries, supporting software etc')● Install / Uninstall scripts
● A system is a collection of RPMs● Packages are installed from a repository● System > Administration > Add/Remove Software
Written by Arthur Berezin 054-2266463
Red Hat Network(RHN)
● centrally managed service for deploying software and updates
● Remotely manage and monitor systems● RHN Satellite is self managed product that can
be installed on local server● rhn_register is graphical/text registration tool
Written by Arthur Berezin 054-2266463
Install, Remove, Update Packages
● System > Administration > Add/Remove Software
● Individual / package collections● System > administration > Software Update
● Updates itself first
Written by Arthur Berezin 054-2266463
Unit tenGET HELP IN TEXTUAL
ENVIRONMENT
Man readerSearching for keywords
pinfo readerAdditional Documentation
Written by Arthur Berezin 054-2266463
Read Man Documentation
● Man is a single book divided into chapters
● Each section contains particular type of info
1 User commands
2 Kernel system calls (entry points to the kernel from userspace)
3 Library functions
4 Special files and devices
5 File formats and conventions
6 Games
7 Conventions, standards and misc. pages
8 System administration commands
9 Linux kernel API (internal kernel calls)
Written by Arthur Berezin 054-2266463
Read Man Documentation
● Two sections may have same name● Section mentioned in man title
● Man (#) passwd > title would be passwd(#)
Written by Arthur Berezin 054-2266463
Navigation Man Pages
● Space Scroll forward one screen
● DownArrow Scroll forward one line
● UpArrow Scroll back one line
● /string Search forward for string in the man page
● n Repeat previous search forward in the man page
● N Repeat previous search backward in the man page
● q Exit man and return to the prompt
● Searches use regular expressions - man 7 regex
● Man uses “less” for viewing text
Written by Arthur Berezin 054-2266463
Man Pages by Keywords
● Search for man pages by keyword● Man -k passwd
● For sysadmins usually relevant sections are● 1 User Commands● 5 File formats● 8 Administration Commands
Written by Arthur Berezin 054-2266463
Man Pages by Keywords
● Keyword search is done on a database generates with “# makewhatis”
● Makewhatis is run automaticlly once an hour● Can be executed manually
Written by Arthur Berezin 054-2266463
pinfo
● GNU Projects use the Info system● Info pages are books with hyperlinks● In some cases there's both man and info● #pinfo has more in-depth documentations
● #man tar● #pinfo tar
Written by Arthur Berezin 054-2266463
/usr/share/doc
● Is everything else that doesn't appear in man/pinfo
● Has complete examples of configuration files● Sometimes comes from a separate package
● Samba-doc● kernel-doc
Written by Arthur Berezin 054-2266463
Unit elevenNETWORK CONECTIVITY
Ipv4 ConceptsLinux Network Configuration
Confirming Network Functionality
Written by Arthur Berezin 054-2266463
Essential Network Concepts
● IP(Internet Protocol) sends traffic between hosts across the internet
● IPv4 – 32bit network address● IPv6 – 128 bit network address
Written by Arthur Berezin 054-2266463
Essential Network Concepts
● Ipv4 normally expressed as● 4 octets ranging in value from 0 to 255
XXX.XXX.XXX.XXX
● Address divided in two parts● Network● Host
● All hosts on same network can talk directly(without a router)
● No two host on same subnet can have same host part
Written by Arthur Berezin 054-2266463
Essential Network Concepts
● Subnet is to know which part of the IP is the network and which is the host
● The more bit available for host part, the more hosts can be on the subnet
● Network Address is the first possible ● Example
● IP 192.168.201.1● Netmask: 255.255.0.0● Network 192.168.0.0● Broadcast 192.168.255.255
Written by Arthur Berezin 054-2266463
Essential Network Concepts
● Network mask(netmask) are expressed in 2 ways:● 24 bits (255.255.255.0)● CIDR(Class Inter-domain routing) notation
(8/16/24)number of bits that are 1
● Both have same meaning ● How many bits of the IP express the network
● 127.0.0.1 with 255.0.0.0 is localhost
Written by Arthur Berezin 054-2266463
IPv6
● 128 bit number● 8 colon separated groups ● Rage from 0000 to ffff● Network is always first 64 bits(first 4 colons)● Leading zeros can be suppressed
– :00d3: is :d3: :0000: is :0:
● ::1 is localhost (127.0.0.1)
Written by Arthur Berezin 054-2266463
Routing
● Network traffic moves from host to host● From network to network● Each host has routing table with all know
networks● If the network is not know, the host forwards the
packet to default gateway
Written by Arthur Berezin 054-2266463
DNS
● Computers love to work with numbers● Human Being love to work with names● Domain Name Server/Service/System is
distributed network of servers● It maps hostnames to IP addresses● The host must point to a DNS server● Doesn't have to be on same subnet, has to be
reachable
Written by Arthur Berezin 054-2266463
Networking Command Line
● # ifconfig / ip addr show● # ethtool <DEVICE >● # ip route – show your routing table● # host <HOST NAME> - DNS Lookup● # nslookup – same as above● # ping <IP / HOST NAME> test conectivity
● Conf file /etc/sysconfig/network-scripts/ifcfg-ethX
Written by Arthur Berezin 054-2266463
Unit twelveUSERS AND GROUPS
Creating Deleting UsersDisabling User AccountsCreating Deleting Groups
Changing Group MembershipsManaging Password Aging
Written by Arthur Berezin 054-2266463
Users / Groups Administration
● User Manager / system-config-users is the graphical tool for managing users● Create delete local users and groups● Assign users to groups● Lock / unlock accounts● Password aging● User expiration
Written by Arthur Berezin 054-2266463
Users / Groups Administration
● System > Administration > Users and Groups
● # useradd/usermod/userdel/groupadd in systems administration II
Written by Arthur Berezin 054-2266463
Unit thirteenMANGE FILES FROM COMMAND
Linux File system hierarchyAbsolute path names
File/directory managementRelative path names
Written by Arthur Berezin 054-2266463
Linux File system hierarchy
● In Linux file-systems are organized by hierarchy● The root of the tree is / (called root)● File-systems are mounted on empty directories● Each file/directory has absolute path from root● Slash(“/”) is the directory separator
● /home/bob/text.txt is the text.txt under bob under home in root(/)
Written by Arthur Berezin 054-2266463
Common Paths
● /etc is usually for configuration● /var is for regularly changing files (logs, etc..)● Commands and executable are under
● /user/bin● /bin● /usr/sbin● /sbin
Written by Arthur Berezin 054-2266463
Common Paths
● /home is for home direcotries of users● /root is user root home directory● /tmp is for temporery data● /media is for removable media● /mnt for manually mounting temp dirs
Written by Arthur Berezin 054-2266463
Common Paths
● In Linux everything is a file● /dev holds files for hardware devices● /proc Virtual filesystem shows kernel data
Written by Arthur Berezin 054-2266463
File/directory management
● Two special paths available
~ is home of the current user
~<user> is home of user
● Comands
# cd – Change directory
# ls – lists files (usually used “ll” which is “ls -l”)
# pwd – prints absolute current path
Written by Arthur Berezin 054-2266463
Absolute / Relative Paths
● All files have absolute path● Begins with /● Unique to every file
● Shell keeps track of current directory ● Files have relative path from your current path
● When using commands in shell <filename> arguments can be absolute or relative
Written by Arthur Berezin 054-2266463
Absolute / Relative Paths
● Absolute:● Pwd – Absolute Path● ~ Current user home directory● ~<USER> USER home directory
● Relative● . Current directory● .. Parent of current directry
Written by Arthur Berezin 054-2266463
Commands
● Cp <from> <to>- Copy● Ln -s <from> <to> - Symbolik Link● Mv <from> <to> Move / Rename
● Rm - Remove● Touch - Create Empty File
● Mkdir - Make Directory● Rmdir - Remove Directory
Written by Arthur Berezin 054-2266463
Scatter / Gather
● Use relative paths when files are “close” to each other● Use “..” to point one directory up● Use “../../” to point two directories up● And so on
● Use Absolute paths when files are all over the file-system● Tab Completion is you friend
Written by Arthur Berezin 054-2266463
Wilecards
● Shell uses * to mach zero or more matches ● rm /tmp/*● mv ~/Music/Radiohead* /media/usb● cp ~reuven/Movies/*.mkv ~arthur/Movies/
Written by Arthur Berezin 054-2266463
Unit fourteenSECURE LINUX FILE ACCESS
User/Group/OtherNautilus File Security
Command Line File Securiy
Written by Arthur Berezin 054-2266463
User / Group / Other
● Access to files is controlled by permissions● Linux file permission is simple yet flexible● Files have just three categories:● File Owned by user – the creator usually● File group of the creator (Primary group)● All others
● Most specific permission applies
Written by Arthur Berezin 054-2266463
Read, Write, Execute
● Just three permissions apply
r(ead), w(rite), (e)x(excute)
● On Files:● Read – view file content
● Write – Edit the file
● Execute – run the file as command
● On Directories:● Read – list content of the direcitry
● Write – Create / Delete files in the Directory
● Execute – Access the directory (cd)
● Everything is a files – the directory is too
Written by Arthur Berezin 054-2266463
Read, Write, Execute
● Read only Directories usually have read and execute
● Execute permission on a directory allows access files if we know the name
● Files can be delete with write permissions of the directory
Written by Arthur Berezin 054-2266463
Read, Write, Execute
● Permissions changes apply only on files and directories they are set on.
● Not automatically inherited to sub-directories
Written by Arthur Berezin 054-2266463
Nautilus Permissions
● Right click on file/folder● Properties● Permissions
Written by Arthur Berezin 054-2266463
Permissions from Command Line
● Command ls -l or ll to list permissions● Command ls -ld <DIR NAME> for directory
permissions● # chmod changes permissions mode
Written by Arthur Berezin 054-2266463
Chmod permissions
● Symbolic Method:● # chmod WhoWhatWhich File | Direcotry
● Who is u, g, o, a (User, Group, Other, all)● What is +, - ,= (Add, Remove, Set)● Which is r, w, x (Read, Write, Execute)
– Example: chmod u+w somefile
Written by Arthur Berezin 054-2266463
Chmod permissions
● Numeric Method● chmod ### File | Directory● Each digit represents an access level:
● User, Group, Other
● # is sum of ● R=4, W=2, X =1● So 7 is rwx● And 5 is rx..
Written by Arthur Berezin 054-2266463
Change Ownership
● Command chown● chown <USER> <FILE|DIRECOTRY>● Option -R changes owner recursively (All sub-
directories)● Only root can change owner
Written by Arthur Berezin 054-2266463
Change Group
● Command chgrp● chgrp <GROUP> <FILE|DIRECTORY>● Group can be set by root and file owner● Non-root can grant access to groups they
belong to.
Written by Arthur Berezin 054-2266463
Special Permissions
● Set User ID (setuid) and set Group ID (setgid) on executable runs process as owner, not file executer● # ls -l /usr/bin/passwd
● Sticky Bit on direcotry allows only the owner of the file to delete a file even than others have permissions on the direcotry● # ls -ld /tmp
setgid on directory makes new files within the directory inherit group from the containing directory
Written by Arthur Berezin 054-2266463
Special Permissions
● Executable:● u + s = file executes as owner, instead of executing
user● g + s = file executes as group owns the file
● Directories:● g + s = new files get inherit group from containing
directory● o + t = Users with write permissions can on
directory can remove only their own files
Written by Arthur Berezin 054-2266463
Unit fifteenREMOTE ADMINISTRATION
Remote shell accessRemote file transfer
Ssh keys
Written by Arthur Berezin 054-2266463
Remote Shell Access
● For remote shell administration use SSH● Allows remote login and command execution● Uses encrypted connection● Enabled by default● OpenSSH (server)Usually doesn't require modifications● The client saves server's identifier on first connection
(~/.ssh/known_hosts)
ssh -X <USER>@<HOST> ● -X indicates X forwarding
Written by Arthur Berezin 054-2266463
Remote File Transfer
● SSH is a useful tool to run commands but also a secure way to copy files
● scp <src> <dest>
● rsync – synchronizes local and remote direcotries● Pull: rsync [USER@]HOST:SRC... [DEST]● Push: rsync SRC... [USER@]HOST:DEST● -r for recursive
Written by Arthur Berezin 054-2266463
Archives and File Compression
● Archive – bundled collection of files and directories● Archive Manager can create/extract many archive
formats (ZIP,TAR..)● Applications > Accessories > Archive Manager
● Compress● Decompress
● # man tar
Written by Arthur Berezin 054-2266463
SSH Keys
● SSH Key Charing allows password-less connection● SSH allows Private-Public key sharing● Public key holder (ssh Server) verifies identity of
Private Key holder (Client) ● This allows secure authentication without password● Generate 2 keys: Private, Public● Can generate a pass-phrase ● Private should be kept Private
Written by Arthur Berezin 054-2266463
SSH Key Sharing
● Command ssh-keygen● Two encription algorithems
● DSA, or RSA
● Ssh version 1 is not recommended● Command ssh-copy-id Copies your public key
to the server
Written by Arthur Berezin 054-2266463
Unit sixteenGENERAL SERVICES
Network ServicesSSH HandlingVNC Server
Remote Desktop Access
Written by Arthur Berezin 054-2266463
Service Deployment
In the server world we deploy Services
● Install (yum or system > Admin > Add software)
● Start (service <NAME> start or System> administrator > Services)
● Enable at boot time● Test the service(ftp, samba, web etc'..)
Written by Arthur Berezin 054-2266463
Securing SSH Access
● Configuring services is a common task
● Add ssh server package (yum list,yum install)● List configuration file (rpm -ql)● Man on .conf file● Disable password login● Disable Root Login
Written by Arthur Berezin 054-2266463
VNC Server
● Virtual Network Computing(VNC)● Allows remote graphical Desktops● Steps
● Install (yum/rpm/add remove)● Configure /etc/sysconfig/vncservers
– VNCSERVERS=”1: visitor 2:student”● Set VNC password
– Vncpasswd● Start Service● Enable Service
Written by Arthur Berezin 054-2266463
Access Remote GNOME Desktop
● Command Line: vncviewer is VNC Client● Allpiactions > Insternet > Tiger VNC Viewer● Found on tigervnc package● VNC is clear-text, We better use tcp tunneling for
security layer based on sshd● On the VNC server
● vncservers[2]=”-localhost”
● Connect● # vncviewer -via sshuser@server localhost:2
Written by Arthur Berezin 054-2266463
Unit SeventeenMANAGE PHYSICAL STORAGE II
File-system ParametersModify File-system Parameters
Remove partitionsSWAP SPACE
SWAP Management
Written by Arthur Berezin 054-2266463
File-system Parameters
● Let's look under the hood (I.E. no Graphics)● On RHEL6 the default file-system is EXT4● EXT4 has many settings(Parameters) we can tune● Command # tune2fs -l <FILE-SYSTEM>
● Note that file-system is not the mount point, usually under /dev/SOME-DEVICE
● -L to change Label ● -j to change Journals● -o the change default mount options
Written by Arthur Berezin 054-2266463
Mount Options
● Default mount options are usually set in ● /etc/fstab
Written by Arthur Berezin 054-2266463
Delete Partition
● Freeing a disk is simpe:● # umount● Remove from /etc/fstab● Remove from LVM● Use Disk Utility ● Or the hard-code way with
command # dd if= of= count= bs=
Written by Arthur Berezin 054-2266463
SWAP Space
● SWAP is disk space that extends system's memory
● Partitions need to be formatted as SWAP● Disk Utility or fdisk/mkswap
● Activate SWAP command # swapon (like mount)
● Dectivate SWAP command # swapoff● Add a line to /etc/fstab
Written by Arthur Berezin 054-2266463
SWAP Utilization
● The Kernel decides what is going to the SWAP● System Monitor: Resources ● SWAP lowers performance significantly● But is better that to run out of memory● Usually the Kernel decides to SWAP out
unused pages, to provide better performance of more frequently used pages
Written by Arthur Berezin 054-2266463
Unit EighteenINSTALL LINUX GRAPHICLY
Anaconda: Red Hat Enterprise Linux InstallerFirst-boot Customization
Written by Arthur Berezin 054-2266463
Anaconda Graphical Installer
● RHEL(Red Hat Enterprise Linux) installer called Anaconda
● Supports variety of installation methods● DVD● USB● Network: PXE,FTP,HTTP
● Easiest method is bootable DVD● Other methods require minimal installation
environment
Written by Arthur Berezin 054-2266463
Anaconda
● Minimal installation environment can come from:
– Minimal bootable CD/DVD/USB– PXE Server
● Minimal image available called “boot.iso”● Provides first stage of Anaconda● Common with network install
Written by Arthur Berezin 054-2266463
Stages of Anaconda
● Stage 1 – Text User Interface(TUI)● Text based menus
– Language– Installation Method(DVD, HDD, URL(HTTP, FTP) or
NFS)– Network Configuration
Written by Arthur Berezin 054-2266463
Stages of Anaconda
● Stage 2 – Graphical Environment● How the machine should be installed and
configured:– Storage Layout
● Partitioning / LVM / Filesystem / SWAP
– Time zone, UTC– Root Password– Boot loader (MBR, GRUB, Password Protect)– Packages
Written by Arthur Berezin 054-2266463
Troubleshooting Anaconda
● Debugging messages on virtual Consoles● Ctrl + alt F1 = Installer Process● Ctrl + alt F2 = Shell Prompt (Stage 2)● Ctrl + alt F3 = Installer Log Messages● Ctrl + alt F4 = Installer Kernel Messages● Ctrl + alt F5 = Other(Partitioning, File-system)
Written by Arthur Berezin 054-2266463
Firstboot Post-Install configuration
● Firstboot runs on first boot (I wonder where it got it's name from..)
● Performs basic configuration on first boot:– Agree to RH licensing terms– Register to RHN for Software Updates– Keyboard Layout– Create User Account (Or network authenticate)– Time/Date (NTP)– Kdump for kernel crash troubleshooting
Written by Arthur Berezin 054-2266463
Unit NineteenMANAGE VIRTUAL MACHINES
KVM VirtualizationVirtual Guest Installation
Auto-start at boot
Written by Arthur Berezin 054-2266463
KVM Virtualization
● Virtualization allows single physical machine to be divided into multiple virtual machines
● Each machine is independent Operating System
● RHEL6 Support KVM, this allows RHEL to function as a hypervisor
Written by Arthur Berezin 054-2266463
KVM Virtualization
● KVM – Kernel Based Virtual Machine● KVM is a kernel Module● KVM is Hardware Assisted Virtualization● VirtIO – paravirtualization modules allowing
guests to obtain maximum possible performance (Storage / Network drivers)
Written by Arthur Berezin 054-2266463
KVM Benefits
● Fast - Takes advantage of Hardware Support● Simple - Design makes it easy to support,
Optimize, Use● We gain by every new feature added to Linux
● Standard – Unmodified Kernel for guest and host, can run windows as well
Written by Arthur Berezin 054-2266463
KVM Requirements
● Intel or AMD 64 bit CPU support(no Itanium, Power, Mainframe, ARM(Yet) )
● Hardware must support Virtualization Extensions (Intel-VTx or AMD-V)
● Enabled at Bios [root@rhel6kvm ~]# grep --color -E 'svm|vmx' /proc/cpuinfo
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm lahf_lm tpr_shadow
Written by Arthur Berezin 054-2266463
KVM Requirements
● lm = Long Mode (64 bit)● Svm (AMD)● Vmx (Intel)
● XEN ?
Written by Arthur Berezin 054-2266463
virt-manager
● Virt-manager as command or from GUI● Virt-install, virt-view, virsh are available● Boot on host start● # etc/sysconfig/libvirt-guest
#ON_BOOT=
Written by Arthur Berezin 054-2266463
Unit TwentyTHE BOOT PROCESS
Boot alternative kernelBoot into a specific runlevel
Overcome bootloader misconfigurations/boot/grub/grub.conf
Kernel boot Parameters/etc/inittab
Written by Arthur Berezin 054-2266463
User Space
Alternative Kernel
● Kernel is the heart of the Operating System● Interface between the applications(User Sapce)
and the hardware● Red Hat Linux Allows
installing MultipleKernel version
● Allows to test new kernel, and easily go Back
● Reboot To Use new Kernel
Kernel Space
Hardware
Written by Arthur Berezin 054-2266463
Linux Boot Process
● Power On >● BIOS >● First Sector >● /boot/ >● GRUB - (/boot/grub/grub.conf) >● Kernel + initial Ram Disk (initrd) ● Switch to /● Start Services
Written by Arthur Berezin 054-2266463
Grand Unified Bootloader(GRUB)
● Can be used to● Boot alternative Kernel● Boot into single user mode
● on boot process stop the autoboot● Select from the menu the kernel to load● Edit kernel line to change default parameters
Written by Arthur Berezin 054-2266463
Runlevels
● We have 3 runlevels:● 1 – Single User Mode, for system maintenance ● 3 – Multiuser, for regular server activity● 5 – Multiuser with Graphical Interface
● On system boot only one runlevel boots
● Command: # runlevel to check current runlevel● Command: # who -r to check current runlevel● Command: # init <1|3|5> to change runlevel● /etc/inittab for default runlevel
Written by Arthur Berezin 054-2266463
The GRUB boot screen
● Menu with list of bootable images● We can protect the grub with a password
● p for typing a password
● Each menu entry has on /boot/grub/grub.conf● root locating of the /boot (root where the grub is)● kernel with kernel location(relative to root above)
and command options● initrd initial RAM Disk location which contains
critical device drivers needed to boot
Written by Arthur Berezin 054-2266463
The GRUB boot screen
● Key: Esc to stop from booting automaticly● Key: e to edit current configuration● Keys UP<>DOWN to select entry● Key: e to edit current entry ● Key: b to boot with changes
● Changes are NOT boot persistent!
Written by Arthur Berezin 054-2266463
Unit Twenty OneDEPLOY FILE SHARING
FTP Server Deployment & ConfigurationWeb Server Deployment & Configuration
Written by Arthur Berezin 054-2266463
FTP Server
● FTP is one of the oldest network protocols● Provides simple way to transfer files● Vsftp – for Very Secure FTP● Default is
● anonymous ● Download-only● Chroot to /var/ftp● User Login: Download readable, upload to writable
Written by Arthur Berezin 054-2266463
Deploy FTP
● As any network service● Install (#rpm -Uvh vsftp, or # yum install vsftp)● Start(service vsftpd start)● Enable(chkconfig vsftpd on)● Test (firefox, nautilus)
Written by Arthur Berezin 054-2266463
FTP Configuration
● How do we find the conf file ?– (rpm -ql Package Name)
● /etc/vsftp/vsftpd.conf● anonymous_enable=YES● local_enable=NO● write_enable=NO
● Where can we find more info on conf file?
Written by Arthur Berezin 054-2266463
Web Server
● Configuration:● /etc/httpd/conf/httpd.conf
● Put HTML documents to:● /var/www/html/
Written by Arthur Berezin 054-2266463
Unit TWENTY TWOSECURE NETWORK SERVICES
Firewall ActivationOpening Firewall ports
SELinux ConseptSELinux Modes
SELinux Managment
Written by Arthur Berezin 054-2266463
Firewall
● The firewall is a kernel module ● System > Administration > Firewall● System-config-firewall● Enabled by default● allow all outbound traffic● Allows inbound traffic for:
● All from localhost device● All traffic that is started by the server itself● Ssh (port 22)
Written by Arthur Berezin 054-2266463
Firewall
● Desktop also allows:● CUPS (631/UDP)● SMB Client (137/UDP and 138/UDP)
● On command 2 separate tools available● # iptables● # ip6tables
● Make sure NOT to block yourself :)
Written by Arthur Berezin 054-2266463
Basic SELinux Concept
● Protect data from compromised services. Even root
● Parallel set of permissions
● Each process has it own cntext
● And each file/directory has it own context
● Process can access only match context process● For example http_t or tmp_t● Command ls -Z to show file context
● To access both local and SELinux must be permitted
Written by Arthur Berezin 054-2266463
SELinux Modes
● SELinux has 3 modes● Enforcing: all SELinux contexts are enforced● Permissive: all SELinux rules are allowd, but logged
to troubleshoot● Disabled: SELinux is NOT enforced
● System > Administration > SELinux Management