Linux for the Systems Administrator

Linux Tips for the System Administrator

Bootup/Shutdown

Starting console in gui mode automatically
/etc/inittab
id:5:initdefault: --> starts gui console
id:3:initdefault: --> starts cli console

reboot
poweroff

Devices

CDROM Burner (CDR/CDRW) Configuration

Configuration of an ATAPI CDR

Setup SCSC Emulation

Modify /etc/rc.d/rc.local

/sbin/insmod ide-scsi

Modify the /etc/grub.conf file

Determine the type of device the IDE Cdrom Burner is

dmesg | grep ATAPI or
grep ATAPI /var/log/messages

After loading the image put the following line
append="hcd=ide=ide-scsi"
Reboot the system
Check for errors

dmesg

Burning a CDR

Make an image file to be burned

mkisofs -r J -o <name of image file> <name of input directory>

mkisofs -r -o latitude.iso cdr
inside of cdr I copy all of the dircectories that I want to be in the root of the burned cd
-r sets permissions of all files to be public readable, and it enables rockridge extensions (long filenames in linux)
-J sets Microsoft Joliet extensions for long filenames under Windows

Test the image

mount -t iso9660 -o ro,loop=/dev/loop0 <image file> /mnt/cdrom
This mounts the image file on a mount point so you can see what the cd will look like before burning it

Determine the device id

cdrecord -scanbus

Burn the image

cdrecord -v dev=1,0,0 -data <image file>

Copying a CD to a file and mounting it as a file/cd on another system:

Mount the cd
Create a directory (at least 700 MB free space) for the CD image

mkdir /<cd_dir>

df -k /<cd _dir> should show at least 700 megabytes free

Create the image

dd if=/dev/dsk/<cdromdevice> of=/<cd_dir>/<filename>.iso

Copy the file to the system on which it needs to be mounted.
Create a mount point for the image

mkdir /<mountpoint>

Mount the image:

mount -t iso9660 /<mount_dir>/NBU45.iso /NBU45 -o loop

USB Memory Stick

mkdir -m 777 /mnt/memstick
manual mount:

mount -t vfat -o rw,exec,auto,umask=000 /dev/sda1 /mnt/memstick

fstab mount:

/dev/sda1 /mnt/memstick vfat rw,exec,auto,umask=000,quiet 0 0
mount /mnt/memstick

Verify access

df -k
ls -l /mnt/memstick

Command Line Interface

<Ctrl><Alt><Fx> will switch back from an X-Windows session to a command line session (where x is the number of the session. For instance <Ctrl><Alt><F1> switches to command line session 1, usually the system console.
<Alt><Fx> will switch between different command line sessions. For instance <Alt><F3> will switch to command line session 3.
<Alt><F7> will switch from a command line session to the XWindows session.

Domain Name Service (DNS)

How do I configure Red Hat Linux 7.2 to be a cache-only DNS server?

To create a cache-only DNS server, all you need to do is install DNS. This is best done during the installation by either selecting all packages (this will install everything), or to do a custom installation and select the DNS Bind package. If you already have Red Hat installed, you add additional packages by using the installation CD and selecting the option to add packages rather than do a full installation.

Why doesn't DNS start after my Red Hat Linux 7.2 installation?

Red Hat Linux 7.2 seems to have a default permissions problem that prevents the named daemon from starting properly. DNS is started by launching the named daemon. This can be done simply by typing "named" at the command prompt when logged in as root. However, as named starts up it tries to create a file in /var/run/named directory. Since it cannot create this file due to a permissions restriction, it fails. The actual error messages can be found in the file /var/log/messages. To correct this problem all that is necessary is to change the permissions to this directory using the linux chmod command. For instance typing "chmod 777 named" from the /var/run directory will give everyone permissions to this directory (probably not the best choice of permissions for security).

How can I get DNS to start automatically during boot up? Using Gnome all that is necessary is to go to Programs->System->Service Configuration and to check the named box.

Filesystems

fdisk -l
Lists the filesystems on the server and their type
fuser -km /dir/file
The fuser command is used to see what processes are using a directory. Most often this is used to identify what the umount command doesn't work. By using the "-km" switches with fuser, then any process that is using the device, for any reason will be killed. This is very useful for umount stubborn devices that insist they are busy.

rm -Rf
Recursively removes files and directories without prompting whether it is ok. BE CAREFUL!!!

lsof
Lists open files (Redhat only??)
-i ipaddress --> lists files whose internet address matches
-n --> convert the ip address to name
-P --> does not convert portnumbers to portnames - used to increase performance

File Transfer Protocol (FTP)

Enabling FTP

Red Hat Linux 7.2 and 7.3 uses wu-ftp. This is enabled by looking at it's configuration file located in /etc/xinetd.d. In that directory are many configuration files. Edit the file /etc/xinetd.d/wu-ftpd and change the value of disable=yes to disable=no. Also make sure that server_args are set to "-1 -a". Make sure that neither of those lines are commented out (line begins with #).

After these changes have been made you must stop and restart the xinetd daemon using the service command:

/sbin/service xinetd stop
/sbin/service xinetd start

IPCHAINS

Turn on routing

Routing is enabled under Red Hat Linux 7.2 in a file called ip_forward. This file is located in the /proc/sys/net/ipv4 directory. If it is disabled the contents will be a 0, if it is enabled then it will contain a 1. You can manually force the contents of this file by typeing the command "echo 1 > /proc/sys/net/ipv4/ip_forward. Finally there is third method to turn it on. In the file /etc/sysconfig/network add the line "FORWARD_IPV4=true".

Clear all pre-existing IPCHAIN rules

Clearing your existing IPCHAINs firewall rules is done by the -F option which "flushes" the rules. You can selectively choose which chain or chains to flush by choosing from these 3 commands which you must type from the command prompt:

ipchains -F input
ipchains -F output
ipchains -F forward

or you can clear all the rules on all of the chains with a single command:

ipchains -F

Allow unrestricted access

Although this is not a recommended final configuration for your firewall, it is necessary to do this before you start adding restrictions. Allowing unrestricted access requires first that you flush all rules (see question above). After flushing any existing rules, issue these 3 commands from the command prompt to configure the fire wall to accept traffic:

ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT

IP Masquerading (Network Address Translation - NAT)

IP Masquerading must be configured for a range of address. Basically you are going to replace a range of internal addresses with the address of the firewall's public interface. For example, let's assume that we are using 192.168.1.0 - 192.168.1.255 as the internal addresses. To Masquerade these addresses issue the following 2 commands from the prompt:

ipchains -F forward
ipchains -A forward -s 192.168.1.0/24 -d ! 192.168.1.0/24 -j MASQ

List rules

Issue this command from the command prompt:

ipchains -L -n

Log Files

/var/log/messages --> main system log

Networking

Network Configuration can be done manually, or with the CLI utility - netconfig, or by using the gui --> system tools --> networking

IP Address/Subnet mask/Default Gatway information goes in: /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=10.212.1.139
NETMASK=255.255.255.0
GATEWAY=10.212.1.254
TYPE=Ethernet
USERCTL=no
PEERDNS=no

Host Name goes in: /etc/hosts and in /etc/sysconfig/network

/etc/hosts:
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 NUSALES2 localhost.localdomain localhost

/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=NUSALES2

DNS goes in: /etc/resolv.conf
search corporate.vox.net vox.net

nameserver 10.212.1.150

To verify network configuration:

ifconfig -a --> this will list all of the interfaces and how they are configured
ping <host> or ping <ipaddress> --> doing this from a different machine will verify that this host is visi
mii-tool - -> view and change media independent interface unit on nic
mii-tool -F 100baseTx-FD eth0 --> forces eth0 to 100MBS Full Duplex (no autonegotiation)
ethtool --> display or change ethernet settings on linux 2.4 or later kernels

To view the speed of a NIC:
[root@SERVER1 root]# mii-tool
eth0: negotiated 100baseTx-FD, link ok

Testing whether a port is open or closed using nmap

nmap -sU -p 137-139 <IP ADDRESS>
-sU = use udp
-p 137-139 = scan port range 137-139

Network Time Protocol (NTP)

Install NTP package
Configure /etc/ntp.conf

server#1 <ipaddress or fqdn>
server#2 <ipaddress or fqdn>
driftfile <location of driftfile>

Touch the driftfile
Set the date with ntp

ntpdate <ipaddress or fqdn>

Start the ntp service (or restart)

/etc/init.d/ntpd start
/etc/init.d/ntpd restart

Set up ntp to autostart on reboot

chkconfig --level 2345 ntpd on

Performance Monitoring

free --> memory
top
vmstat

Processes

R Commands (rsh, rlogin, etc)

How to setup .rhosts

Located in user's home directory
To allow remote access from server1 for root

vi .rhosts

<servername> <username>

server1 root

vi /etc/inetd.d/rsh

disable = no
service inetd.d reload

vi /etc/inetd.d/rlogin

disable = no
service inetd.d reload

vi /etc/pam.d/rsh

add new line

auth sufficient /lib/security/pam_permit.so

rsync - updated copying fucntionality, beyond rcp.

Security

chroot <dir> <command> - executes command with <dir> as the root directory.

Services

service <service> status
This command tells you if a particular service is running or not. If it is running, it will give you additional details such as pids and configuration.

service --status-all
This gives the status of all services on the system, whether they are running or not.

/etc/rc.d/init.d/xinetd reload
This causes the xinetd daemon to reload in order to start services.

chkconfig

List all services that are running on your system.

chkconfig --list

Lists the init level that named is started at

chkconfig --list named

Turns of sendmail from starting at levels 0 - 6

chkconfig --level 0123456 sendmail off

/etc/init.d/<service> stop|start|restart

/etc/init.d/httpd restart
/etc/init.d/sendmail stop

Software/Packages

How to tell what packages are installed

rpm -qa <-- Lists all installed packages
rpm -q squid <-- Lists a specific package, if it is installed

RPMs (NOT source rpms)

rpm -i <rpm package> --> installs an rpm
rpm -e <rpm package> --> removes an rpm
rpm -ivh <kernel package> --> this will install the kernel and keep the old kernel for recovery purposes
rpm -Uvh <kernel package> --> this will remove the older kernel (not recommended)

Installing Source RPMs (src.rpm)

rpmbuild --rebuild cvs-1.11.2-13.src.rpm
cd /usr/src/redhat/BUILD/cvs-1.11.2 --> location of source installation
./noautomake.sh --noautoconf --> directions from README
./configure
make
make install
which cvs --> Check to see if cvs has actually been installed
cvs -? --> Check to see if cvs command works.

apt - Advanced Package Tool

<>apt-get
apt-get install
apt-get -s install

s - show what it will do without doing it

apt-get -s install|tee logfile

Creates a log file

apt-get -s dist-upgrade
apt-get remove

/etc/aps/sources.list

System Information

hostid

The hostid generates a unique host id number. This is often used for software licensing. This number is actually taken from the /etc/hosts file. It takes the ip address of the hostname and reverses the digits and converts the result to hexadecimal. For instance a host with an ip address of 192.168.1.253 will have its address digits switched to 168.192.253.1. Then these digits will be converted to hexadecimal, and the resulting hostid is: a8c0fd01.

How to determine version of Red Hat (often works for other versions of linux also)

cat /etc/redhat-release

How to determine the version of Linux

cat /proc/version

Hardware Information

lsdev - lists device/dma/irq/io port usage
procinfo - lists statistics from /proc filesystem (memory, bootup, load, swapping, irq, etc)
/sbin/lspci - lists pci devices
cat /proc/pci - lists details about devices in the pci hardware tree
cat /var/log/dmesg - boot up log that will list all devices detected during that last boot up
fdisk -l - lists hard disk partioning information

Swap Space

Adding swap space to a running system

Determine memory usage

free -m --> display free and used memory on the system

Check for free space for the swap file

df -h

Use dd to create the file

Assume we want 2 GB => 2048 MB => 2097152 KB
dd if=/dev/zero of=swapfile bs=1024 count=2097152

Set the proper permission

chmod 600 swapfile

make the swapfile a swap area

mkswap swapfile

turn on the swap file

swapon swapfile

verify the swap area is larger

free -m

add the swap area to /etc/fstab

/opt/swapfile swap swap defaults 0 0

Telnet

Enabling Telnet

/etc/xinetd.d/telnet

change "disable = yes" to "disable = no"

stop and restart xinetd

/sbin/service xinetd stop
/sbin/service xinetd start

Tuning Parameters

/proc/sys/kernel

shmmax
shmmni

sem (these 4 parameters in this order)

semmsl
semmns
semopm
semmni

User/Group Management

Process to add a user

As root run the command "useradd"

Process to add a group

As root run the command "groupadd"

Layout of the entries in /etc/passwd

account:password:UID:GID:GECOS Informational:home directory:login shell

Layout of the entries in /etc/group

group:password:GID:members

Identifying idle/active user sessions

Killing idle sessions

w
ps -ef|grep <user> or <command>
kill -9 pid

XWindows

startx --> starts xwindows from the command prompt

<Ctrl> <Alt> <Backspace> --> kills xwindows gui and returns to cli

switchdesk --> changes the default desktop
switchdesk kde
switchdesk gnome
switchdesk configuration:
/usr/share/apps/switchdesk/Xclients.XXXX   <-- XXXX is the name of a gui

XFree86 -configure   --> when run as root this causes re-detection of hardware and reconfiguration xwindows

xdpyinfo --> displays configuration information about an X windows server

X -configure   --> reprobs for video devices and creates a configuration file (may be better than the default provided by distribution??)

Switching from gui to terminal

<Ctrl><Alt><F1> - will switch from the gui console to virtual terminal 1
<Ctrl><Alt><F7> - will switch from a virtual terminal session to the gui console

Change the resolution of XWindows

Files:

/etc/X11/XF86Config
/etc/X11/XF86Config-4

Screen resolution will be found at the end of the file in the "Screen Section".

Change the values for mode.
For example: "800x600"

Starting X Windows Server

Set up the server to send the xwindows to the linux box

DISPLAY=10.1.8.128:0.0
export DISPLAY

Run the xwindows server client on the linux box

/usr/X11R6/bin/xhost +

Back To Main Page For List Of Other Documents