Rh124 Daya

RH124-Day01
Written by Razib Shahriar Rubence

------------------------------------------
01. Introduction and Orientation
---------------------------------------------
02. Linux History and Redhat Certification
---------------------------------------------------------
03. Linux Installation I - Graphical Installation
-------------------------------------------------------------
You'll get a quick overview from screenshot given in following link:

http://www.if-not-true-then-false.com/2010/red-hat-6-installation-guide-rhel-6-install-screenshots

04. Introduction to vi/vim editor
---------------------------------------------
- vi (pronounced vee-EYE, short for visual) provides basic text editing capabilities.
- Two Mode - Insert Mode and Command Mode
- Insert mode by pressing "Insert". Command mode by pressing escape
- You can type whatever you want in Insert Mode
- Command mode by its name indicate you can command the vi editor to perform something -
save,search and replace,move cursor,quit without saving,cut,copy,paste,remove etc
- Being in Command Mode you can switch to Insert mode by simply pressing "i"
- in command mode type:
:q! --> to exit without saving
:wq --> save and exit
:w --> save

More detail about vi will be shown in our LAB Class when we will work with various files.
Students are encouraged to visit:
http://www.washington.edu/computing/unix/vi.html
http://www.eng.hawaii.edu/Tutor/vi.html
http://heather.cs.ucdavis.edu/~matloff/UnixAndC/Editors/ViIntro.html

05. Getting started with Bash
---------------------------------------------------------------
Command = 1st on command line
Option = starts with - or --
1 / 2
RH124-Day01
Argument = additional parameters
For example with the command "yum install httpd* -y"
yum = command
install = argument
httpd* = argument
-y = option (which means my answer is always "yes")
Basic Linux Commands:
- pwd --> print working directory. to know in which directory you are in and the detail path
(Absolute Path of working directory)
- ls --> show the list of files and directories of current directory.
- cd --> change directory
- cat filename--> read a file
- adduser username--> user add
- passwd username --> set/change password for user and root
- suusername --> change user (only su for super user, i.e root)
- mkdir --> make directory
- touch --> create file
- rm --> remove file and directory
- whereis, man and info --> information about command
- cat -> to read a file
- date --> show, edit date and time
- history
- id
- !number
For more Basic commands students are encouraged to visit:
http://cri.ch/linux/docs/cg0007.html
http://linuxlots.com/~jam/guide4.html
http://freeengineer.org/learnUNIXin10minutes.html

2 / 2
RH124-Day02
Change IP, Gateway, Hostname and DNS Information (We need this changing for
client-server communication in LAB)

- File containing IP, Gateway and DNS Information: /etc/sysconfig/network-scripts/ifcfg-eth0
- File containing Hostname Information: /etc/sysconfig/network

LAB Practice:

01. From Terminal

- Change IP, Gateway, DNS Information

# vim /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.0.20
NETMASK=255.255.255.0
GATEWAY=192.168.0.254
DNS1=192.168.0.254 -----------------------> introduced in RHEL6

- Change Hostname Information

# vim /etc/sysconfig/network

1 / 4
RH124-Day02
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=station20.example.com

- Restart the network service to make each of the above information effective. Need to reboot
machine for hostname change

# service network restart (or # /etc/init.d/network restart)

- Check the changes took effect

# ifconfig (for IP Information)
# route -n (for Gateway Information)
# hostname (for hostname information)
# ping server1.example.com (checking your dns is resolving other computers' hostname)
# dig server1.example.com (check the dns records )
02. Graphical Way:

Open "Network Configuration Window" from System->Administration->Network or by typing
following in terminal

# system-config-network

Edit Information from "Devices"
GNOME Graphical Desktop and Editing File with gedit:
------------------------------------------------------------------
- GNOME is the graphical desktop environment which adds menus, icons,panels provided by
the X windows system
- It includes integrated applications - gedit, Nautilus File Manager, Graphical Administration Tool
2 / 4
RH124-Day02
- gedit for file editing
LAB Practice:

- edit file with gedit. /etc/issue (To change the starting message); /etc/grub.conf (Changing the
First boot OS in dual/multipel booting machine)

- edit the same file with vi/vim
# vim /etc/issue
# vim /etc/grub.conf

Change the Default = 0 or 1 to select your starting OS

- Linux File Hierarchy Concepts:
* Files and directories are organized into a single-rooted inverted tree structure
* Filesystem begins at the root directory, represented by a lone / (forward slash) character
* Names are case-sensetive
* Paths are delimited by /
* .. refers to the parent directory of any particular directory - one level up in the file hierarchy
* . refres to the current directory
- Some important directories:
* Home Directories: /root, /home/username
* User Executable (binary file): /bin, /usr/bin, /usr/local/bin (bin = binary)
* System Executatble (system binary file): /sbin, /usr/sbin, /usr/local/sbin (sbin = system binary)
* Other Mountpoings: /media, /mnt
* Configuration: /etc
* Temporary: /tmp
* Kernels and Bootloader: /boot
* Server Data: /var, /srv
* System information: /proc, /sys (proc -> process information pseudo-filesystem
* Shared Library: /lib, /usr/lib, /usr/local/lib
- Absolute Pathnames:
* Begin with a forward slash
3 / 4
RH124-Day02
* Complete "road map" to file location
* can be used anytime you wish to specify a file name
- Relative Pathnames:
* Do not begin with a slash
* Specify location relative to our current workding directory
* Can be used as a shorter way to specify a directory or filename
Relative pathnames of a specific file /usr/share/doc/HTML/index.html relative to particular
directories

Current Directory ---------------------------------------- Relative Path to index.html

/usr/share/doc/HTML ---------------> index.html
/usr/share/doc ----------------> HTML/index.html
/usr/share ----------------> doc/HTML/index.html
/ -----------------> usr/share/doc/HTML/index.html
/usr/share/doc/HTML/en ------------> ../index.html
/usr/share/doc/nautilus-2.1.91 ------------> ../HTML/index.html
/etc --------------> ../usr/share/doc/HTML/index.html

4 / 4
RH124-Day03
Nautilus
-----------
Nutilus is a graphical file manager developed for Redhat. Within this file manager window you
can crate file,folders, view proerties, copy move delete cut paste files and folders

Lab Practice:
01. moving around different folders and create new file and folder with Nautilus and Command
prompt
- Through nautilus create a file (urname_gedit) with gedit in /usr/geditpractice folder which
contain your information
- Through command prompt Create a file (urname_vim) with vim in /log/vimpractice folder which
contain your information
# mkdir /log/vimpractice
# vim urname_vim

02. Managing Remote Files with Nautilus and command prompt
- Select Places -> Connect to Server from the top panel: Server type - Public FTP. put your
urname_gedit file into students folder

# cd /log/vimpractice
# ftp server1.example.com. login with username: anonymous with no password

ftp> get trainer_info
ftp> cd students
ftp> put urname_vim
ftp> quit
# cat trainer_info (To read trainer information)
NTP: Network Time Protocol
----------------------------------------
* Time synchronization makes system logs easier
* Many Application require accurate timing
* Configuration file: /etc/ntp.conf
* Config tool: system-config-date
* Usefull command:
1 / 4
RH124-Day03
# date -s hours:minutes (to change date)
# date (to check date)
# ntpdate (use "man ntpdate" to check its uses)
LAB Practice:
01. How to Configure NTP Client:

- Change the date to differ with NTP Server
# date -s hour:minute
Launch the Date & Time management tool
- system -> Administration -> Date & Time or type in terminal
# system-config-date

Click the Time Zone tab
- Set the timezone Dhaka
- Select System clock uses UTC
Click the Date and Time tab
- Select Synchronize date and time over the network
- Delete the existing NTP Servers
- Speed up initial syncronization
- Add server1.example.com as NTP Server
- Click OK to Sychronize Clock immediately

Check date with the command:
# date
02. How to Configure NTP Server:
This Topic is not covered in RH124. Interested students are encouraged to visit the following
sites
http://www.cyberciti.biz/faq/rhel-fedora-centos-configure-ntp-client-server/
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch24_:_The_NTP_Serv
er
Printer, Print jobs and queues
-------------------------------------
* The Common Unix Printing System (CUPS) supports many advanced features of printing
* Internet Printing Protocol (IPP) is the web based management console of CUPS which can be
2 / 4
RH124-Day03
reached at port 631
* Configuration files:
/etc/cups/cupsd.conf
/etc/cups/printers.conf
* Configuration Tools:
system-config-printer
http://localhost:631
* Usefull command:
# lpr -P printer-name
# lpq -a
LAB Practice:
01. Configuring a Local Printer:
# system-config-printer &

-Click New
-LPD/LPR Host or Printer
- Host: localhost
Queue: dummy
-Choose Driver: Generic
-Choose text-only printer
Short name : stationX-local
- your printer will be shown in the Local Printer Section
- Print a listing of your home directory with following command:
# ls /root | lpr -P stationX-lp
- Review the queue:
# lpq -a
- Review in browser
http://localhost:631
- Share this Local Printer with other stations:
Lunch system-config-printer -> click Server Settings -> Check box "Share publised printers
3 / 4
RH124-Day03
connected..."
02. Configure Remote Printer (i.e printer StationX-lp created in previous LAB) :
# system-config-printer &
-Click New
-Select Internet Printing Protocol Under Network Printer
- Host: server1.example.com
Queue: /printers/server1-lp
-Click on Verify. It'll show the printer is accessible
-Choose Driver : Generic
-Choose text-only printer
-Short name : stationX-remote
-Click Apply
- Print a listing of your home directory with following command:
# ls /root | lpr -P stationX-remote
- review the queue in remote printer machine
# lpq -a
- Review in browser

http://remote_machine_ip:631

4 / 4
RH124-Day04
What is MBR, Primary Partion, Extended Partition and Logial partitions :
*MBR (Master Boot Record)-
The Master Boot Record, the first sector on the disk. Contains the partition tables (a list that
describes the locations of partitions on the disk).
Short for Master Boot Record, a small program that is executed when a computer boots up.
Typically, the MBR resides on the first sector of the hard disk. The program begins the boot
process by looking up the partition table to determine which partition to use for booting. It then
transfers program control to the boot sector of that partition, which continues the boot process.
*The Task of the MBR
The normal job of the MBR program is to search the partition table for the active partition, copy
the boot sector from the active partition into memory, and transfer control over to that program.
If the MBR cannot accomplish this task successfully, it will print one of these error messages:
Invalid partition table
Error loading operating system
Missing operating system
*Primary partition-
is a partition that is needed to store and boot an operating system, In general, you would install
the operating system in a primary partition. A primary partition can be set "active", which allows
the computer to locate the operating system that needs to be started. Only 1 primary partition
can be active, but more primary partitions can exist. If more than 1 primary partition is set
active, the computer will not boot. Also, when no primary partition is set active, the computer will
not boot. Only the partition table in the MBR can contain primary partitions.
*Extended partition -
can be sub-divided into logical drives and is viewed as a container for logical drives, where data
proper is located. An extended partition is not formatted or assigned a drive letter. The extended
partition is used only for creating a desired number of logical partitions..
*Logical partitions -
are the partitions that are created in the extended partition area. A logical partition is a way to
extend the initial limitation of four partitions. An extended partition can contain up to 24 logical
partitions.Logical partitions are used for storing data mainly, they can be formatted and
assigned drive letters; their details are listed in the extended partitions table - EMBR (Extended
Master Boot Record).
1 / 7
RH124-Day04
To get a clear idea about boot sequence interested students are encouraged to visit the
following site:

http://www.dewassoc.com/kbase/hard_drives/master_boot_record.htm

Manage Physical Storage
Key points for PC Partition
01. MBR only permites 4 primary partitions
02. One primary cab be an extended partition, which is a container of other logical partition
03. Partition allow isolation and separation of data (for example system files vs user data)
04. Linux naming scheme - /dev/sda, /dev/sda1
05. /bin, /dev, /etc, /lib and /sbin can not be stored/mounted on other partitions
LAB Practice:
Steps for making a new disk partition that contains a ext4 filesystem that mounts
persistenly in /sample
01. First we need to assess our current configuration and see if there is free spaces for new
partition
- Lunch Disk Utility tool from Applications -> System Tools -> Disk Utility
- In the left pane highlight the hard disk where you want to create new partition
- Under the "Drive" section in the right pane, see the Device name and see how much free
space is available to create new partition
02. Creating partition
- Click on "Free" space
- Click Create Partition
- Mention Size, Type (ext4) and Name
- make sure encrypted "underlying device" is check out
- Click Apply. you'll get a new partition for example /dev/sda10

We can do the above step 02from command line

2 / 7
RH124-Day04
- Check the existing partitions
# fdisk -l
- Start partitioning
# fdisk -cu /dev/sda
Type "n" for new partition
Take the default "First Cylender" by pressing ENTER
Mantion the Size by typing (for example 50Mb Size) "+50M"
Quit from fdisk by typing "q"
- Check the partitions now
# fdisk /dev/sda <--- u'll see a new partition for example /dev/sda10
- format the partition as ext4
# mkfs.ext4 /dev/sda10
- make the kernel recognize this partition
# partprobe /dev/sda
03. Mount the partition
- Create a directory /sample
# mkdir /sample
03. Mounting the /dev/sda10 persistenly by typing following in /etc/fstab
# vim /etc/fstab
(At the last line add followings)
/dev/sda10 /sample ext4 defaults 0 0
04. Reboot and check file system
# df -h
Manage Logical Volume:
Logical Volume (LV) is a flexible storage system then traditional partitioning system. Logical
Volume Management (LVM) is a layer of abstraction that allows easy manipulation of volumes,
including resizing of filesystems. It allows reorganization of filesystems across multiple physical
devices.
- Devices are designated as Physical Volumes
- One or more Physical Volumes are used to create a Volume Group
- Volume Groups are defined with Physical Extents of a fixed size
- Logical Volumes are created on Volume Groups and are composed of Physical Extents
- Filesystems can be created on Logical Volume
3 / 7
RH124-Day04
Steps in creating LV:
- Create Physical Storage (type 08e)
- Create Physical volume (PV) = Disk or partition marked as usable space for LVM
- Create Volume Group (VG) = Collection of PVs, container of Logical Volume
- Create Logical Volume LV = Storage partition which are flexibly made from VG
LAB Practice:
Creating a new physical volume, a new volume group and a new logical volume
01. Create new partition

- Use Disk Utility to create a new empty (select type=empty - it means without file system)
partition (for example /dev/sda11)
- Edit the partition and change its type to Linux LVM (0x8e)

02. Initialize new partition as a PV

- Go to System -> Adminitration -> Logical volume management
- Expand uninitialized entities in the left panel
- Expand disk (i.e /dev/sda) containing new partition (i.e /dev/sda11)
- Select /dev/sda11 (partition created in previous step) . confirm partition type a 0X8e in right
pane
- Click initialize Entity
- Confirm by clicking Yes, data will be erased

03. Create a new VG using the PV just created

- In Logical Volume Management window select "patition 11" under unallocated volumes
- Click on Create new Volume Group
- Specify Volume Group Name (for example vg1) , keep the rest default
- Click OK

4 / 7
RH124-Day04
04. Create a new LV using the VG just created
- Expand the new VG i.e vg1
- Select Logical View
- Click Create New Logical Volume button
- Specify the LV name (for example lv1)
- Specify the LV size, or click Use remaining to uitilize the full vg space
- Specify the file system properties (file system type - example ext4, mount point- example
/data, mount when reboot etc)
- Click OK
- Confirm to create mount point if necessary,

05. varify with following commands

# vgdisplay
# lvdisplay
# df -h
# cat /etc/fstab

LAB Practice:

Increase/ Decrease size of Logical Volume

01. Check the current size of the Logical Volume

# lvdisplay
# df -h

02. Open Logical Volume Management window
03. Under Logical View Select the Logical Volume you want to decrease/increase
04. Click "Edit Properties" . Type your desired new size in LV Size text box. Click OK
05. Check the Logical Volume Size
5 / 7
RH124-Day04

# lvdisplay
# df -h

If there is NO UNUSED space in your Volume Group, first you need to add some space in
your Volume Group then you can increase the size of your Logical Volume. For example
increase the LV at maximum in previous step. Now you need to perform the following
step to increase the LV further.

01. Create new partition

- Use Disk Utility to create a new empty (select type=empty - it means without file system)
partition (for example /dev/sda12)
- Edit the partition and change its type to Linux LVM (0x8e)

02. Initialize new partition as a PV

- Go to System -> Adminitration -> Logical volume management
- Expand uninitialized entities in the left panel
- Expand disk (i.e /dev/sda) containing new partition (i.e /dev/sda12)
- Select /dev/sda12 (partition created in previous step) . confirm partition type a 0X8e in right
pane
- Click initialize Entity
- Confirm by clicking Yes, data will be earsed

03. Now add this PV to existing VG

- Select Partition 12 from Unallocated Volumes
- Click Add to existing volume Group. Select the VG , click Add

6 / 7
RH124-Day04
04. Now click on Logical View, You'll see unused space
05. Click the Logical Volume (lv1), Click Edit Properties and you can extend the size of LV
06. Check the Logical Volume Size

# lvdisplay
# df -h

7 / 7
RH124-Day05
---------------------
Day 05
Date: 1st July, 2011
Time: 19:30 to 22:30
-----------------------------------

Monitor System Resources
-Some key Points :
01. A process is a system or user task
02. Process consumes CPU and Memory resources
03. PID (Process Identification Numnber) is a unique number that lebels a process
04. When a process creates another process, the orginal is parent and the new process is child
05. Signals can be sent to processes to kill them
06. Nice value is used to determine priority (higher nice = less CPU resources)
LAB Practice:
-Launch System Monitor Tool
Application -> System Tools -> System Monitor

Useful command for monitoring system resources
# top

The top portion of the report lists information such as the system time, uptime, CPU usage,
physical ans swap memory usage, and number of processes.
# iostat
The iostat will display the current CPU load average and disk I/O information. This is a great
command to monitor your disk I/O usage.
1 / 6
RH124-Day05
# vmstat
The command vmstat reports information about processes, memory, paging, block IO, traps,
and cpu activity.

# ps
ps command will report a snapshot of the current processes.

# free
The command free displays the total amount of free and used physical and swap memory in the
system, as well as the buffers used by the kernel.
-Launch Disk Analysis Tool
Application -> System Tools -> Disk Usage Analyzer
Usefull Command for analyzing Disk Usages
# df -h
shows statistics about the amount of used and free disk space on the specified file system. -h=
human readable format (mb)

# du /etc
dudisplays the file system block usage. the above example finds out /etc dir disk usage
statistics

Manage System Software
Install = add funcionaliy to your system
Update = plug security holes that could be exploied by crackers
Remove = reclaim disk space
yum is an interactive, rpm based, package manager. It can automatically perform system
updates, including dependency analysis and obsolete processing based on "repository"
metadata. It can also perform installation of new packages, removal of old packages and
perform queries on the installed and/or available packages among many other
commands/services. yum is similar to other high level package managers like apt-get and
smart.
2 / 6
RH124-Day05
LAB Pracice:
01. Create a .repo file in /etc/yum.repos.d/
# cd /etc/yum.repos.d/
# vim rhel6.repo
[base]
name=RHEL6 Server Repository
baseurl=ftp://192.168.0.254/pub/rhel6/Packages
enable=1
gpgcheck=0
02. Some command in using yum
# yum clean all <--- clean yum cache
# yum install package-name <---- Install a package with depandencies
# yum update package-name <------ Update a package with depandencies
# yum list all <----- list of all packages available for install/update
# yum list package-name <--- list the individual package is available for download
# yum remove package-name <--- Remove a installed package
For more information check "man yum"

Administer User and Group

-Users Concept
01. Every user is assigned a unique user ID number (UID). UID 0 identifies root
02. Users' names and UIDs are stored in /etc/passwd
03. Users are assigned a home directory (usually /home/username) and a program that is run
when they log in (usally a shell)
04. Users cannot read, write or eecute each others' files without permission
-Group Concept:
01. Users are assigned to groups
02. Each group is assigned a unique Group ID number (GID)
03. GIDs are stored in /etc/group
04. Each user is given their own private group (primary group, usally the same name of user).
user can be added to other groups (call secondary group for that user)
3 / 6
RH124-Day05
05. All users in a group can share files that belong to that group
In Graphical Interface:
User and Group administration can be done from System -> Administration -> User and Groups
In Command Line:
# adduser username <---- Create User
# passwd username <---- change/set password for user
# cat /etc/passwd <---- Check users' information
# groupadd groupname <---- Create a Group
# cat /etc/group <---- Check groups' information
# usermod -g groupname username <---- change the primary group of a user
# usermod -G groupname username <---- Create Secondary Group for a user
# usermod -L username <---- Lock user
# usermod -U username <---- Unlock user
# usermod -d directory <---- change user home directory
# usermod -s path_of_shell <---- change user's login shell
# usermod -e YY:MM:DD <---- Date after which user's account will be disabled
for more infomration check:
# man adduser
# man groupadd
# man usermod
LAB Practice:
01. Create a user student and a group rhce. set the group rhce as student's Secondary Group
# adduser student
# usermod -G rhce student

# cat /etc/group (or checkin Graphical Administrative Panel)

02. - Create three Users user1, user2,user3 with password "password" for all.
# adduser user1
# passwd user1
# adduser user2
# passwd user2
4 / 6
RH124-Day05
# adduser user3
# passwd user3
- Set Group user1 as user2's Secondary Group
# chgrp -G user1 user2
- Login as user1 and create file1 in his home directory.
# su - user1
$ echo "This line is by user1" > file1
- Login as user2 try to read,modify file1
# su - user2
# cat file1
# echo "This line is by user2" >> file1
- Login as user3 try to read,modify file1
# su - user3
# cat file1
# echo "This line is by user3" >> file1

Manage Files from Command Line:
Recall the following commands
# cd
# cp
# mv
# mkdir
# rmdir (remove emtpy directory)
# rmdir -f (not empty directory)
# touch
# ln -s <--- Create symbolic Link
LAB Practice:
-Create two users: rahim and karim with password "password".
# adduser rahim
# adduser karim
# passwd rahim
# passwd karim
-create two sub-directories (rahimdir and karimdir) in their home directory.
5 / 6
RH124-Day05
# mkdir /home/rahim/rahimdir
# mkdir /home/karim/karimdir
-copy /etc/passwd file to rahimdir .
# cp /etc/passwd /home/rahim/rahimdir
-rename the file as rahimfile .
# cd /home/rahim/rahimdir
# mv passwd rahimile
-make a symbolic link of rahimfile to karimfile in karimdir
# cd /home/karim/karimdir
# ln -s /home/rahim/rahimdir/rahimfile karimfile
-read karimfile
# cat karimfile <----- you'll see the /etc/passwd file writings in karimfile

6 / 6
RH124-Day06
- Secure Linux File Access
01. UGO Cocepts: in respect to a file there are three classs of users: its owner (User), members
of the group it blongs to (Group) and all other users (Other)
02. There bassic permissions for files and directories: read access (r), write access (w) and
execute access (x). a minus (-) means no permission is set
03. File Permissions: r=read,view w=write,update x=execute,run
04. Directory Permissions: r=list contents, w=crate/delete contents, x=access
05. Changing Permission: Symbolic Method
chmod WhoWhatWhich file/directory
Who=u,g,o,a What=+,-,= and Which=r,w,x
06. Changing Permission: Numeric Method
chmod #$% file/directory
where # = sum of owner's permission : r(4)+w(2) +x(1)
$ = sum of group's permission: r(4)+w(2) +x(1)
% = sum of other's permission: r(4)+w(2) +x(1)
07. Manage Ownership
# chown user file/directory
# chgrp group file/directory
08. SGID bit: Normaly files created in a directory belong to the user's default group. When a file
is created in a directory with the SGID bit set, it belongs to the same group as the directory
# chmod g+s directory , or
# chmod 2770 directory
09. Sticky Bit: Normally users with write permissions to a directory can delete any file in that
directory regardless of that file's permissions or ownership. With the sticky bit set to a directory,
only the owner of a file can delete the file
# chmod o+t directory, or

10. SUID bit : If setuid bit is set, when the file will be executed by a user, the process will
1 / 4
RH124-Day06
have the same rights as the owner of the file being executed.
# chmod u+s directory, or

You can set the bits with a numeric mode. but can not clear bits in numeric mode. To clear
sticky bit, SGID and SUID use
# chmod a-st directory
From RHEL6 numeric method can not be used to clear any bit. The reason behind changing
this coreutils chmod command can be found in the following discussion forum:
http://lists.gnu.org/archive/html/bug-coreutils/2011-03/msg00154.html
11. Check the permission and ownership information:
# ls -l file/directory
# stat file/directory
LAB Practice:
01. Create three users curly, larry and moe who are members of a group called stooges.
# groupadd stooges
# adduser -G stooges curly
# adduser -G stooges larry
# adduser -G stooges moe
02. Creae a directory called /home/stooges where these three users can work collaboratively on
files.
# mkdir /home/stooges
# chgrp stooges /home/stooges
03. Modify the permissions on this directory so only they can access, create and delete files in
that directory.
# chmod 775 /home/stooges
# stat /home/stooges
04. Files created in this directory should automatically be assigned to a group ownership of
stooges
# chmod g+s /home/stooges
05. Make sure that only the owner of the file in /home/stooges can delete the file
# chmod o+t /home/stooges
2 / 4
RH124-Day06
06. login as different users and check everything is working as above
[root@station33 Desktop]# su - curly
[curly@station33 ~]$ echo "this file is created by curly" > /home/stooges/filebycurly
[curly@station33 ~]$ exit
logout
[root@station33 Desktop]# su - larry
[larry@station33 ~]$ cat /home/stooges/filebycurly
this file is created by curly
[larry@station33 ~]$ echo "this line is by larry" >> /home/stooges/filebycurly
[larry@station33 ~]$ cat /home/stooges/filebycurly
this file is created by curly
this line is by larry
[larry@station33 ~]$ rm -Rf /home/stooges/filebycurly
rm: cannot remove `/home/stooges/filebycurly': Operation not permitted
Remote GNOME Desktop Access
- Allow access to a runing desktop
System -> Preferences -> Remote desktop
- Access a running desktop
Application -> Internet -> TigerVNC Viewer
Remote SHELL Access
# ssh root@remote_ip_address
Remote File Copy
# rsync orginal_file remote_ip_address:/target/new_file
Using SSH Keys
- Generate a SSH key pair
# ssh-keygen
- Install the ssh public key on a remote server
# ssh-copy-id root@remote.host
Service Enable/Disale/Restart
3 / 4
RH124-Day06
01. In Graphical User Interface
System -> Administration -> Services
02. From Command Line
# service service-name start/stop/restart
# /etc/init.d/service-name start/stop/restart
- Securing SSH access to a server
# vim /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no

4 / 4
RH124-Day07

----------------------------
Day 07
Date July 8. 2011
Time 19:00 - 22:30
------------------------

Manage Physical storage

Some of the most usefull file system attributes used by Linux ext4 filesystem:

01. Journal :

A journaling file system keeps track of the changes that will be made in a journal (usally a
circular log in a dedicated area of the file system) before committing them to the main file
system. ext3 and ext4 file sysems journal the blocks they write to disk. In the event of a system
crash or power failure, such file systems are quicker to bring back online and less likely to
become corrupted. Inerested students are encouraged to visit the following url for more about
journal filesystem:

http://www.ibm.com/developerworks/linux/library/l-journaling-filesystems/

02. Label:

Disks in Linux are assigned special device files. Anytime you replace a drive Linux is liable to
1 / 12
RH124-Day07
change that file based on the order which it sees the new disk. Filesystem labels provide an
alternative way for Linux to identify the partitions and drive and mount them where they belong.

On Red Hat systems partitions are automatically labeled if they are created during install.You
can see this in /etc/fstab:

# cat /etc/fstab

As system administration goes though we create partitions with labels. We then put the path to
the device file in /etc/fstab and point it to the mount point. This could present a problem when
replacing a disk in your machine.

3. Options

- User_xattr: user specified extended attributes (in short user_xattr) is a file system feature that
enables users to associate computer files with metadata not interpreted by the filesystem,
whereas regular attributes have a purpose strictly defined by the filesystem (such as
permissions or records of creation and modification times).

- acl: Access Control List. Traditionally, a file object in Linux is associated with three sets of
permissions. These sets assign read (r), write (w), and execute (x) permissions for the three
user groups file owner, group, and other. Nine bits are used to determine the characteristics of
all objects in a Linux file system. Additionally, the set user id, set group id, and sticky bits can be
set for special cases. ACLs can be used for situations where the traditional file permission
concept does not sufice. They allow the assignment of permissions to individual users or groups
even if these do not correspond to the owner or the owning group.

LAB Practice:

- Create a new 256 MB partition and use ext4 as the file system type
2 / 12
RH124-Day07

Use disk utility to create the partition (say /dev/sda11)

- List the file system attributes

# tune2fs -l /dev/sda11

- Add a lael of /test to the file system

# tune2fs -L test /dev/sda11

- Add user_xattr and acl as default mount options

# tunefss -o user_xattr,acl /dev/sda11

- Mount the file system as /test

# mkdir /test

# mount /dev/sda11 /test

- Set default mount options

3 / 12
RH124-Day07
# tunefs -o user_xattr,acl /dev/sda11

Linux Swap Space

Swap is used in liux to extend system virtual memory. it is used when the system begins to run
out of RAM. Linux has two forms of swap space: the swap partition and the swap file. The swap
partition is an independent section of the hard disk used solely for swapping; no other files can
reside there. The swap file is a special file in the filesystem that resides amongst your system
and data files.

Important Points:

01. Partition ID for swap: 0X82

02. Can reside in a logical volume

03. Access is controlled by swapon and swapoff command

LAB Practice:

01. With disk-utility create 1 GB swap Partition (say /dev/sda13)

02. give the following entry in the end of/etc/fstab

/dev/sda13(keep blank in mount point field) swap defaults 0 0
4 / 12
RH124-Day07

03. Active the swap space

#swapon -a

04. See the swap is activated

# swapon -s

05.To deactivate do the folowing command

# swaoff /dev/sda13

Linux Graphical Installation:

We'll see the graphical installation in our LAB Class

Control the Boot Process:

Bootloader: a program that loads an operating system kernel into memory and eecutes it

GRUB: GRand Unified Bootloader, the bootloader used by Red Hat Enterprise Linux

5 / 12
RH124-Day07
Run Level: is the state of a system that defines which services are available

Common runlevels:

0 - halt (Do NOT set initdefault to this)

1 - Single user mode

2 - Multiuser, without NFS (The same as 3, if you do not have networking)

3 - Full multiuser mode

4 - unused

5 - X11

6 - reboot (Do NOT set initdefault to this)

You can make the default runlevel in /etc/inittab file from last line

id:5:initdefault:

Interested students are encouraged to visit the following sites for more detail about boot
process
6 / 12
RH124-Day07

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch07_:_The_Linux_Boo
t_Process

LAB Practice:

- Get Control of a machine with an uknown root password

01. Interrupt the GRUB countdown by pressing [Esc] key

02. Use arrow keys to select the kernel

03. Press "e" key to edit the kernel

04. type "single" in the last of the kernel line

05. Hit [Enter]

06. press "b" to boot

07. you'll get the shell prompt without asking root password

08. change the root password

7 / 12
RH124-Day07
# passwd

09. reboot the machine

- boot into an older kernel after installing a new kernel

01. install the new kernel through yum

#yum install new-kernel

02. check the new kernel is listed in grub.conf and select old kernel as DEFAULT


change the value of DEFAULT so that older kernel boot

03. reboot the system

# init 6

Deploy File Sharing Service (FTP service)

Steps for Deploying File Transfer Protocol (FTP) Service
8 / 12
RH124-Day07

01. Install vsftpd package

# yum install vsftpd* -y

02. Check and Edit the configuration file

# vim /etc/vsftpd/vsftpd.conf

anonymous_enable = YES <---------- allow login with username anonymous ano no password

local_enable = NO <---------- no other user of this machine can log in

write_enable = NO <---------- loged in user have not the write permission on files/folder

03. place a file in public folder

# cd /var/ftp/pub

#echo "this file is in public folder" > myfile

04. start the vsftpd service

9 / 12
RH124-Day07
# service vsftpd start

05. make vsftpd service persistent

# chkconfig vsftpd on

06. check ftp service

# ftp 192.168.0.253

login with anonymous (if anonymous_enable = YES) or a local username (if anonymous_enable
= ON and local_enable=Yes)

ftp> cd pub <--- change the directory from /var/ftp to /var/ftp/pub

ftp> ls <--- list of files in this folder

ftp> get myfile <--- save the file in local computer

ftp> quit <--- To exit

Deploy Web Service (httpd service)

01. Install httpd package
10 / 12
RH124-Day07

# yum install httpd* -y

02. Check and Edit the configuration file

# vim /etc/httpd/conf/httpd.conf

ServerName station253.example.com

03. create index file in web server

# cd /var/www/html

#echo "this file is index file " > index.html

04. start the httpd service

# service httpd start

05. make httpd service persistent

# chkconfig httpd on

11 / 12
RH124-Day07
06. check web service

Launch firefox internet browser and browse to http://station253.example.com

12 / 12
RH124-Day08
--------------------------------
Day 08
Review Class
--------------------------------

Change the root password of your machine as redhat. Configure your machine to boot into
runlevel 5 by default
Configure network for your machine as per following information:
IP Addrfess: 192.168.0.X/24 <----- ask your instructor for the value of X
Gateway: 192.168.0.254
DNS: 192.168.0.254
Hostname: stationX.example.com
You can get the packages by FTP service using the following information:
Repository Server address: 192.168.0.254
Repository Directory: /var/ftp/pub/rhel6/Packages
01. Configure your station to synchronize with server1.example.com using NTP, set the
timezone to the appropriate for your locale. Make the hardware clock store UTC Time
02. Cnfigure a network printer to send print jobs to an IPP print queue on server1.example.com
called /printers/queue . your print queue should be called remote-test and should be the default
print queue.
03. Create a new partition on your hard disk that is 512MB in size and doesn't render the rest of
disk usable. It should not be encrypted and it should contain an Ext4 filesystem that mounts
under the /extras mount point persistently when the system boots.
04. Create a 2 GB volume group called extra with a logical volume called iso that contains an
ext4 file system and will be mounted as /iso. Allocate the file system so it can be migrated to a
larger device and grown without downtime.
05. Create three accounts curly,larry and moe who are members of a group called stooges who
has a GroupID 4000. Create a directory called /home/stooges where these three users can
work collaboratively on files. Modify the permissions on this directory so only the user and group
access, create and delete files in that directory. Files created in this directory should
automatically be assigned a group ownership of stooges.
06. Create two new physical partitions 512 MB in size each. with the first partition, create swap
1 / 2
RH124-Day08
space and make it persistent. with the second partition create and ext4 filesystem persistently
mounted on /opt with acl as a default mount options
07. Create a folder curlyfolder in curly's home directory. Download "instructor_vim" file from
ftp://192.168.0.254/pub and put it in curlyfolder. archive curlyfolder into /tmp/curlyfolderX.tar.bz2
.
08. Create a user "student" with password "password" in your station. create ssh key for student
and copy student's public key to the student account on server1.example.com . the password of
student account in server1.example.com is also "password"
09. Copy the file curlyfolderX.tar.bz2 created in question 7 to the student's home folder in
server1.example.com
10. Configure your station to provide both FTP and web services. Disable non-anonymous FTP
access. download the index.html file from ftp://192.168.0.254/pub/ . Configure your machine to
server indentical file content to both anonymous FTP and HTTP users. The following URLs
should both display the file you downloaded above:
ftp://stationX.example.com/pub/index.html
http://stationX.example.com/index.html

11. Download and install kernel-debug from ftp://server1.example.com/pub/Packages . make
the older kernel default.

2 / 2
RH124-day09
--------------------------------
Day 09
Solution for the Practice Exam
--------------------------------
Change the root password of your machine as redhat. Configure your machine to boot into
runlevel 5 by default

Solution:
01. Switch ON your station . Interrupt the GRUB countdown with ESC key.
02. use arrow keyes to select the kernel
03. Use "e" to edit the kernel configuration
04. Type "1" at the end of kernel line to boot in Single Mode
05. Hit Enter. Press "b" to boot
06. You'll get the command prompt without asking root password
07. Disable selinux and change the Password to "redhat"

# setenforce 0
# passwd
08. Type "reboot" after changing the password
09. After reboot change the default runlevel "5"
# vim /etc/inittab
id:5:initdefault

##################################################################
Configure network for your machine as per following information:
IP Addrfess: 192.168.0.X/24 <----- ask your instructor for the value of X
Gateway: 192.168.0.254
DNS: 192.168.0.254
Hostname: stationX.example.com

1 / 10
RH124-day09
Solution:
01. right-click on the NetworkManager applet to open its context menu, which is the main point
of entry for interacting with NetworkManager to configure connections.

RH124-day09
# dig server1.example.com
# ping server1.example.com
#########################################################################

You can get the packages by FTP service using the following information:
Repository Server address: 192.168.0.254
Repository Directory: /var/ftp/pub/rhel6/Packages
Solution:
- You need to create a .repo file in /etc/yum.repos.d/ to get access in repository server
# cd /etc/yum.repos.d
# vim server.repo
[base]
name=Server1 Repository
baseurl=ftp://192.168.0.254/pub/rhel6/Packages
gpgcheck=0
- check yum is working nicely
# yum list all
# yum install vim* -y
# yum clean all <-- remove cache data
############################################################
01. Configure your station to synchronize with server1.example.com using NTP, set the
timezone to the appropriate for your locale. Make the hardware clock store UTC Time
Solution:
- Open Date/Time Properties window
# system-config-date &
- Click on Time Zone Tab
- Select Nearest city "dhaka" . click on "System Clock uses UTC"
- On Date and Time Tab click Synchornize date and time....
- Delete existing NTP Servers
- Click Add and add the NTP server server1.example.com
3 / 10
RH124-day09
- Click Advanced Options and click Speed up initial synchronization

- Click OK
############################################################
02. Cnfigure a network printer to send print jobs to an IPP print queue on server1.example.com
called /printers/queue . your print queue should be called remote-test and should be the default
print queue.
Solution:
- Open Printer configuration by clicking System->Administration->Printer or by typing
"system-config-printer" in terminal
- Click New button.
- Click Network Printer
- Select Internet Printing Protocol (ipp) and enter the following
Host: server1.example.com
Queue: /printers/queue
- Click verify button. "Printer Share verified" button should apear
- Click Forward and select Generic
- Click Forward and select Text-only printer
- Click forward . a describe printer screen should appear
- Enter "remote-test" for the printer name.
- Click Apply. If prompted to print test page click NO
- sent a print command to remote-test printer and check if it is successfully sent
# ls /tmp | lpr -P remote-test
# lpq -s

################################################################

03. Create a new partition on your hard disk that is 512MB in size and doesn't render the rest of
disk usable. It should not be encrypted and it should contain an Ext4 filesystem that mounts
under the /extras mount point persistently when the system boots.

- Create a 512 MB partition (say /dev/sda11) from Disk Utility and Select ext4 filesystem and
make sure Encrypted option is NOT SELECTED
- Create a directory /extras
4 / 10
RH124-day09
# mkdir /extras
- make this partition persistently mounted on /opt with acl option by editing /etc/fstab
# vim /etc/fstab
add the following line
/dev/sda11 /extras ext4 defaults 0 0

###################################################################

04. Create a 2 GB volume group called extra with a logical volume called iso that contains an
ext4 file system and will be mounted as /iso. Allocate the file system so it can be migrated to a
larger device and grown without downtime.
Solution:
- Check and install system-config-lvm package
# rpm -q system-config-lvm
# yum install system-config-lvm -y
- Using Disk-Utility create a new partition (say /dev/sda12) of 2 GB with Type=Empty
- In Disk-Utility window click new partition /dev/sda12 . Open Edit window and set Type=Linux
LVM (0X8e)
- Open System->Administration->Logical Volume Management
- Select Partition 12 (/dev/sda12 which is Linux LVM Type). Click Initialize Entry
- In left panel, Under Unallocated Volume Select Partition 12
- Click Create New Volume Group
- New Volume Group Name = Extra. keep the others default. click Create
- In left panel, under Extra click on Logical View
- Click Create New Logical Volume
- Input the following values
LV Name: iso
LV Size: 0.75 GB (so it can be migrated to a larger device)
File System: EXT4
Click on Mount and Mount When Rebooted
Mount point: /iso
- Click OK.
######################################################################
05. Create three accounts curly,larry and moe who are members of a group called stooges who
5 / 10
RH124-day09
has a GroupID 4000. Create a directory called /home/stooges where these three users can
work collaboratively on files. Modify the permissions on this directory so only the user and group
access, create and delete files in that directory. Files created in this directory should
automatically be assigned a group ownership of stooges.
Solution:
# groupadd stooges
# adduser -G stooges curly
# adduser -G stooges larry
# adduser -G stooges moe
# vim /etc/group and change the group id of stooges to 4000
# mkdir /home/stooges
# chgrp stooges /home/stooges
# chmod 2775 /home/stooges

- Checking
# su - curly
# touch /home/stooges/curlyfile
# stat /home/stooges/curlyfile <--- check the group of curlyfile is stooges

#####################################################################
06. Create two new physical partitions 512 MB in size each. with the first partition, create swap
space and make it persistent. with the second partition create and ext4 filesystem persistently
mounted on /opt with acl as a default mount options
Solution:
- check gnome-disk-utility is installed and if not install it
# rpm -q gnome-disk-utility
# yum install gnome-disk-utility* -y
- Create a 512 MB partition (say /dev/sda10) from Disk Utility and Select Type=Linux Swap
(0X82)
- make this swap space persistent by editing /etc/fstab
# vim /etc/fstab
/dev/sda10 (keep the mountpoing blank) swap defaults 0 0
6 / 10
RH124-day09
- Enable swap from /etc/fstab
# swapon -a
- Display all enabled swap space
# swapon -s
- Create a 512 MB partition (say /dev/sda11) from Disk Utility and Select ext4 filesystem
- make this partition persistently mounted on /opt with acl option by editing /etc/fstab
# vim /etc/fstab
/dev/sda11 /opt ext4 defaults,acl 0 0
######################################################################

07. Create a folder curlyfolder in curly's home directory. Download "instructor_vim" file from
ftp://192.168.0.254/pub and put it in curlyfolder. archive curlyfolder into /tmp/curlyfolderX.tar.bz2
.
Solution:
# mkdir /home/curly/curlyfolder
# cd /home/curly/curlyfolder
# ftp server.example.com
ftp> cd pub
ftp> get instructor_vim
# tar -cjf /tmp/curlyfolderX.tar.bz2 /home/curly/curlyfolder
#####################################################################

8. Create a user "student" with password "password" in your station. create ssh key for student
and copy student's public key to the student account on server1.example.com . the password of
student account in server1.example.com is also "password"
Solution:
# adduser student
7 / 10
RH124-day09
# passwd student
# su - student
$ ssh-keygen
(Take the default answer to generate the key)
$ ssh-copy-id student@server1.example.com <---- give the password "password" when asked
##################################################################
09. Copy the file curlyfolderX.tar.bz2 created in question 7 to the student's home folder in
server1.example.com
Solution:
# sync /tmp/curlyfolderX.tar.bz2 server1.example.com:/home/student
####################################################################
10. Configure your station to provide both FTP and web services. Disable non-anonymous FTP
access. download the index.html file from ftp://192.168.0.254/pub/ . Configure your machine to
server indentical file content to both anonymous FTP and HTTP users. The following URLs
should both display the file you downloaded above:
ftp://stationX.example.com/pub/index.html
http://stationX.example.com/index.html
Solution:
-check vsftpd and httpd are installed and if not install them
# rpm -q vsftpd
# rpm -q httpd
# yum install vsftpd httpd -y
-check vsftpd configuration file and make sure ANONYMOUS_ENABLE=YES
# vim /etc/vsftpd.conf
-download index.html in ftp public folder /var/ftp/pub
# cd /var/ftp/pub
# ftp server1.example.com
ftp> cd pub
ftp> get index.html
8 / 10
RH124-day09
-start the ftp server and make sure ftp service automaticaly run at the time of server boot
# service vsftpd restart; chkconfig vsftpd on
-check httpd configuration file and make sure ServerName=stationX.example.com (where X =
your station number)
# vim /etc/httpd/conf/httpd.conf
-Create a softlink of /var/ftp/pub/index.html into httpd public folder /var/www/html
# cd /var/www/html
# ln -s /var/ftp/pub/index.html index.html
-start the httpd server and make sure httpd service automaticaly run at the time of server boot
# service httpd restart; chkconfig httpd on

-Check you can login as anonymous in ftp server and index.html is published in webserver. You
may need to disable selinux and delete (Flash) iptables rule
# setenforce 0
# iptables -F
# ftp stationX.example.com
browse http://stationX.example.com from your mozila firefox browser

Note:
- To disable Selinux permanently you need to make SELINUX=disabled in /etc/selinux.conf file
- To disable Firewall permanently you need to disable firewall from system-config-firewall

###################################################################
11. Download and install kernel-debug from ftp://server1.example.com/pub/Packages . make
the older kernel default.
Solution:
9 / 10
RH124-day09
- download and install kernel-debug
# yum install kernel-debug*
- make the older kernel default in /etc/grub.conf
DEFAULT=1 <------ 1 is the sequence number of older kernel
reboot the machine and press ESC key at the time of grub countdown. you'll see the new kernel
and also the older kernel selected as default.

10 / 10
RH135-Day10
---------
RH135
Day 10
---------
Automated Installation of Red Hat Enterprise Linux
using kickstart, a system administrator can create a single file (.cfg file) which contains the
answers to all the questions typically asked during an installation. this file can be accessed to
the installer (for example RHEL cd/dvd or rhcectg file in our LAB) to automate installation of
RedHat Enterprise Linux.
Steps for kickstart installation
01. Create a kickstart file
- Using system-config-kickstart
- using /root/anaconda-ks.cfg file from a alrady insalled RHEL box
02. Make the Kickstart file available to the Installer
- Network servers: FTP, HTTP, NFS
- DHCP/TFTP server
- USB Disk or CD-ROM
- Local hard disk
03. Boot the installer
- Installation Disks
- PXE Boot
- boot.iso
04. Point the installer to the kickstart file
- ks=http://server/dir/file
- ks=ftp://server/dir/file
- ks=nfs:server:/dir/file
- ks=hd:/device/dir/file
- ks=cdrom:/dir/file
LAB Practice:
1 / 4
RH135-Day10
01. Using Installation Disk do the kickstart nfs installation. The location of kickstart file is
192.168.0.254:/var/ftp/pub/rhel6.cfg
-Step 01. The kickstart file is rhel6.cfg
-Step 02. The kickstart file is availabel through nfs
-Step 03. Put the Redhat Enterprise Linux Installation Disk in your CD/DVD ROM. And boot
from cd/dvd
-Step 04. When Prompt for Choosing Installation Method, Pres ESC. You'll get a black screen
with the prompt "boot:". Type the following
boot: linux ks=nfs:192.168.0.254:/var/ftp/pub/rhel6.cfg . Press Enter . The automatic installation
will begin
Archives and Comperession:
Create Linux tar/gzip/bzip2 Archive
Key tar options:
1. C = Create
2. x = Extract
3. t = List
4. v = Verbose
5. f = use archive File
6. z = gzip
7. j = bzip2
8. C = Extract in specific directory
LAB Practice:
- Create tar file
tar -cvf myarchive.tar /tmp
- View the content of myarchive.tar before extracting
tar -tvf myarchive.tar
- Extract this tar file
tar -xvf myarchive.tar
- Create tar.gzip file
tar -zcvf myarchive.tar.gzip
- View the content
tar -tvfz myarchive.tar
- Extract this tar.gzip file
tar -xvfz myarchive.tar -C /home
Hard Links and Soft Links:
You're probably familiar with shortcuts in Microsoft Windows or aliases on the Mac. Linux has
2 / 4
RH135-Day10
something, or actually some things similar, called hard links and symbolic links. Symbolic links
(also called symlinks or softlinks) most resemble Windows shortcuts. They contain a pathname
to a target file. Hard links are a bit different. They are listings that contain information about the
file. Linux files don't actually live in directories. They are assigned an inode number, which Linux
uses to locate files. So a file can have multiple hardlinks, appearing in multiple directories, but
isn't deleted until there are no remaining hardlinks to it.
Here are some other differences between hardlinks and symlinks:
1. You cannot create a hardlink for a directory.
2. If you remove the original file of a hardlink, the link will still show you the content of the file.
3. A symlink can link to a directory.
4. A symlink, like a Windows shortcut, becomes useless when you remove the original file.

LAB Practice

Hardlinks:

Make a new directory called Test and create FileA into it:
$ mkdir Test
$ cd Test
$ vi FileA
Make a hardlink to FileA. We'll call the hardlink FileB.
$ ln FileA FileB
Then use the "i" argument to list the inodes for both FileA and its hardlink. Type:
$ ls -il FileA FileB
1482256 -rw-r--r-- 2 root root 21 July 20 15:55 FileA
1482256 -rw-r--r-- 2 root root 21 July 20 15:55 FileB
You can see that both FileA and FileB have the same inode number (1482256). Also both files
have the same file permissions and the same size. Because that size is reported for the same
inode, it does not consume any extra space on your HD!
Next, remove the original FileA:
$ rm FileA
And have a look at the content of the "link" FileB:
$ cat FileB
You will still be able to read the text you typed.

Symlink:
Staying in the same test directory as above, let's make a symlink to FileB. Call the symlink
3 / 4
RH135-Day10
FileC:
$ ln -s FileB FileC
Then use the i argument again to list the inodes.
$ ls -il FileB FileC
This is what you'll get:
1482256 -rw-r--r-- 1 bruno bruno 21 July 5 15:55 FileB
1482226 lrwxrwxrwx 1 bruno bruno 5 July 5 16:22 FileC -> FileB
You'll notice the inodes are different and the symlink got a "l" before the rwxrwxrwx. The link
has different permissions than the original file because it is just a symbolic link. Its real content
is just a string pointing to the original file. The size of the symlink (5) is the size of its string. (The
"-> FileB" at the end shows you where the link points to.)
Now list the contents:
$ cat FileB
$ cat FileC
They will show the same text.
Now if we remove the original file:
$ rm FileB
and check the Test directory:
$ ls
You'll see the symlink FileC is still there, but if you try to list the contents:
$ cat FileC
It will tell you that there is no such file or directory. You can still list the inode. Typing:
$ ls -il FileC
will still give you:
1482226 lrwxrwxrwx 1 bruno bruno 5 May 5 16:22 FileC -> FileB
But the symlink is obsolete because the original file was removed, as were all the hard links. So
the file was deleted even though the symlink remains.

4 / 4
RH135-Day11
Regular expressions and grep:
A regular expression is a pattern that describes a set of strings. Regular Expressions is nothing
but a pattern to match for each input line. A pattern is a sequence of characters.
The grep command searches the given files for lines containing a match to a given pattern list.
In other words, use the grep command to search words or strings in a text files. When it finds a
match in a file, it will display those line on screen. the command grep supports extended regular
expression
Examples in Practice LAB:
- Search for 'rhce' in /etc/passswd
# grep -color 'rhce' /etc/passwd
Sample outputs:
rhce:x:1000:1000:rhce Gite,,,:/home/rhce:/bin/bash
rhcegite:x:1001:1001::/home/rhcegite:/bin/sh
giterhce:x:1002:1002::/home/giterhce:/bin/sh
- Search rhce in any case (i.e. case insensitive search)
# grep -i -w rhce /etc/passwd
- Search rhce or datapark in any case
# grep -E -i -w 'rhce|datapark' /etc/passwd
The PATTERN in last example, used as an extended regular expression.
-You can use ^ and $ to force a regex to match only at the start or end of a line, respectively.
The following example displays lines starting with the rhce only:
grep '^rhce' /etc/passwd
Sample outputs:
rhce:x:1000:1000:rhce Gite,,,:/home/rhce:/bin/bash
rhcegite:x:1001:1001::/home/rhcegite:/bin/sh
- You can display only lines starting with the word rhce only i.e. do not display rhcegite, rhceg
etc:
grep -w '^rhce' /etc/passwd
- Find lines ending with word rhce:
grep 'rhce$' filename
- Match line only containing rhce:
grep '^rhce$' filename
1 / 3
RH135-Day11
-You can search for blank lines with the following examples:
grep '^$' filename
-You can search for users who has Shell
grep ':/bin/bash$' /etc/passwd
-Match rhce or Rhce:
grep '[rR]hce' filename
-You can also match digits (i.e match rhce1 or rhce2 etc):
grep -w '[rR]hce[0-9]' filename
-You can match two numeric digits (i.e. match rhce11, rhce12 etc):
grep 'rhce[0-9][0-9]' filename
-Display all the lines containing either a "w" or "n" character:
grep [wn] filename
- How Do I do OR with grep?
grep 'word1|word2' filename
How Do I do AND with grep?
grep 'word1' filename | grep 'word2'
The following will match both "col" and "cool":
egrep 'co{1,2}l' filename
How Do I Show Only The Matches, Not The Lines?
grep -o regex filename
Find Command:
Apart from the basic operation of looking for files under a directory structure, you can also
perform several practical operations using find command that will make your command line
journey easy.
01. Find files using name
This is a basic usage of the find command. This example finds all files with name
MyCProgram.c in the current directory and all its sub-directories.
# find -name "MyCProgram.c"
02. Other options with find commnand
find /home -user datapark
Find every file under the directory /home owned by the user datapark.
2 / 3
RH135-Day11
find /usr -name *park
Find every file under the directory /usr ending in "park".
find /usr -name data*
Find every file under the directory /usr starting with "data".
find /var/spool -mtime +60
Find every file under the directory /var/spool that was modified more than 60 days ago.
Pipelines and Redirection
- ">" is used to redirect Standard Output to a file which will overrite all text (if any) in that file.
grep "root" /etc/passwd > /tmp/newfile
- ">>" is used to redirect Standard Output to a file which will add new lines with this output in
that file
grep "data" /etc/passwd >> /tmp/newfile
- "2>" is used to redirect Standard Error to a file
find /etc -name passwd 2> /tmp/errorfile
find /etc -name passwd > /tmp/outputfile 2> /tmp/errorfile
- "2> /dev/null" is used to discard the error messages by redirecting to /dev/null
find /etc -name passwd > /tmp/outputfile 2>/dev/null
- "2>&1" is used to combine OUTPUT and and ERROR
find /etc -name passwd /tmp/all 2>&1
- | (pipe) is used to send OUTPUT from one command as INPUT of another command
cat /etc/passwd | grep "root"
First command shows all local users information from /etc/passwd the second command (grep
"root") took this information and finaly dispalys only root user.

3 / 3
RH135-Day12
Written by Rajib Shahriar Rubence
------------------
Day 12
------------------

Network Configuration and Troubleshooting:

-Change the IP, Subnet, Gateway and DNS Information from command prompt:

# cd /etc/sysconfig/network-scripts/
# vi ifcfg-eth0

-Change the HOSTNAME Information:

# cd /etc/sysconfig
# vi network

-Add a hostname to IP Address mapping

# vi /etc/hosts

- Check the network information

# ip addr (same as ifconfig)
# ip route
# hostname
# cat /etc/resolve.conf
1 / 5
RH135-Day12

# cat /etc/hosts

Overview of Adding New Filesytem to the Filesystem Tree:
01. Identify device: The first step in adding a new filesystem is to identify the device to be
used. This is usally something lik /dev/hda or /dev/sda. use the following command to check the
devices and the existing partitions created :
# fdisk -l
02. Partition device: We can do the partition with the utility tool fdisk to partition the device and
choose the partition type. Linux-specific partitions would normally one of the following types:
- 5 (or f) -- Extended Partition
- 82 -- Linux Swap
- 83 -- Linux
- 8e -- Linux LVM
While using the "fdisk" tool to partition "/dev/sda" device we need to declare the partition type by
pressing "t" . We'll get a complete list of Partition type by pressing "L"
partprobe: At system bootup, the kernel makes its own in-memroy copy of the partition tables
from the disks. "fdisk" tools edit the on-disk copy of the partition tables. To update the
in-memory copies we need to run partprobe
03. Make filesystem
The filesystem is what organizes files on a device. The filesystem type used on Redhat
Enterprise Linux 6 is ext4. The following command will be used to make the filesystem (Format
the partition /dev/sda11)
04. Label the filesystem
This step is not required. but highly recommended. Filesystem labeling creates a layer of
abstraction that allows you to identify filesystem by a unique label rather then the device name.
labeling is done with the following command:
# e2label /dev/sda11 testlabel
2 / 5
RH135-Day12
05. Create an entry in /etc/fstab
/etc/fstab is referenced each time the system boots to create the desired filesystem hierarchy. It
consists of six fields per line for each filesystem to be connected to the tree as follows:
# cat /etc/fstab
# device mount point FS_type Options dump_freq fsck_order
UUID=5022bbc4-1c7c-420e-81ee-c9567741566b / ext4 defaults 1 1
UUID=ebebbade-25b1-480a-90fc-f46cfbaf392f /boot ext4 defaults 1 2
UUID=811168ec-7439-46ab-bdb2-e19df6fe2b27 swap swap defaults 0
0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
LABEL="testlabel" /newdir ext4 defaults 0 0
In device name we can use either the device name (/dev/sda11) or "LABEL="testlabel" or UUID
(Universal Unique Identifier). to find the UUID run the following command
# blkid (will show all partitions labeling and UUID)
# blkid /dev/sda11 (for specific partition)
06. Mounting the filesystem :
The filesystem cant be used to store and access data unless its not mounted . For mounting to
a new directory the following command should be invoked
# mkdir /newdir
# mount /dev/sda11 /newdir

Managing Simple Partitions and Filesystem:

Creating and Formating Simple Partition from Command Prompt

3 / 5
RH135-Day12

Some questions will be asked after this command. Do the following:

# p --> Print the current partition table

# n --> for new partition

# l --> for logical partition

# First Sector --> Take the default Sector Number

# Last Sector: +2GB ---> This will create 2 GB Partition

# p --> Check if new partition is created

# w --> Write (save) your work in partition table

Now aware the kernel about new partition


Reboot your machine

4 / 5
RH135-Day12
check kernel is aware about the new partition

# cat /proc/partitions

Format the ext4 partition


configure the machine to automatically mount the partition on bootup

# mkdir /mountpoint

# vim /etc/fastab

/dev/sda11 /mountpoint ext4 defaults 0 0

5 / 5
rh135-day13
Managing Swap Space and partition:
01. Creating a partition of swap space is like creating simple partition except declaring swap
partition type "82" when we use fdisk utility. This can be done by pressing "t" and then "82" for
that partition
02. Unlike Formating the simple partition we need to write special signature on partition using
mkswap
# mkswap /dev/sda12
03. Adding appropriate entry in fstab should be done before activating swap space. the entry
should be like this
UUID="The UUID of swap partition which can be found by blkid command" swap swap
defaults 0 0
04. Activating the swap space with "swapon -a" . check the swap space with "swapon -s

Practice LAB:

Check the current swap areas:

# swapon -s

Creating a Partition for Swap Space

1 / 9
rh135-day13

Some questions will be asked after this command. Do the followings:

# p --> print the current partition table

# n --> Create a new partition


# First Sector --> will be default Sector Number

# Last Sector --> +1GB (This will create a 1 GB Partition)

# p --> print and check the newly created partition (say new partition=sda12)

# t --> for changing the system type to Linux swap / solaris

# Partition Number: 12

# Hex Code: 82

# w --> For write and quit fdisk

2 / 9
rh135-day13


Check kernel is aware about the new partition


Initialize the swap partition

# mkswap /dev/sda12

Entry in fstab to identify swap partition

# vim /etc/fstab

/dev/sda12swapswapdefaults0 0

Alternatively, you can use the UUID instead of partition name in swap space (recommended)

# blkid (to identify the UUID)

# vim /etc/stab
3 / 9
rh135-day13

UUID="UUID for swap partition found from blkid command" swap swap 0 0

Active the swap partition

# swapon -a

Check the swap partitions

# swapon -s

Implement LVM Storage with Command-line tools:

In Module 01 (RH124) we've learned about LVM implementation in graphical mode. Now we'll
learn how to do this with command line tools.

What is Logical Volume Manager (LVM):
LVM creates a higher-level layer of abstraction that traditional Linux disks and partitions. This
allows for great flexibility in allocating storage. Logical volumes can be resized and moved
between physical devices easily. Physical devices can be added and removed with relative
ease. LVM managed volumes can also have sensible names linke "database" or "home" rather
than the somewhat cryptic "sda" or "hda" device names.
Steps for creating Logical volume:
4 / 9
rh135-day13
01. Create new partition. Declare this partition type "8e" when we use fdisk utility. This can be
done by pressing "t" and then "8e" for the patition.
02. Device are designated as Physical Volumes
# pvcreate /dev/sda11
03. One or more physical volumes are used to create volume group
# vgcreate vg0 /dev/sda11
04. Logical Volumes are created on Volume Groups and composed of Physical Extents
# lvcreate -L 256M -n data vg0
05. Filesystem may be created on Logical Volumes (format the logical volume)
# mkfs.ext4 /dev/vg0/data
06. Mounting the logical volume:
Logical volume need to mount to be in use. Mounting is as usal
# mount /logicalvolume /dev/vg0/data
07. Entry in fstab
Fstab entry can be done either by name "/dev/vg0/data" or by UUID . the UUID can be found
by blkid command
# vim /etc/fstab
/dev/vg0/data /logicalvolume ext4 defaults 0

Practice LAB for creating a new Logical Volume


5 / 9
rh135-day13
Some questions will be asked after this command. Do the followings:

# p --> print the current partition table

# n --> Create a new partition


# First Sector --> will be default Sector Number

# Last Sector --> +1GB (This will create a 1 GB Partition)

# p --> print and check the newly created partition (say new partition=sda13)

# t --> for changing the system type to Linux LVM

# Partition Number: 13

# Hex Code: 8e

# w --> For write and quit fdisk

6 / 9
rh135-day13


Check kernel is aware about the new partition


Prepare the physical volume

# pvcreate /dev/ sda13

Check the created physical volume

# pvdisplay /dev/sda13

Create the Volume Group

# vgcreate vg0 /dev/sda13

Check the Volume Group

# vgdisplay vg0
7 / 9
rh135-day13
Create the new logical volume from newly created volume group

# lvcreate -n lv0 -L 512M vg0

Check the Logical Volume

# lvdisplay lv0

Format the logical volume

# mkfs.ext4 /dev/vg0/lv0

Mount the logical volume for use

# mkdir /data

# mount /dev/vg0/lv0 /data

Make a entry in fstab

/dev/vg0/lv0 /data ext4defaults0 0

8 / 9
rh135-day13

Growing Logical Volumes (Extending Logical Volumes)
If the volume's filesystem supports resizing (ext2, ext3, ext4 filesystem supports resizing) the
Logical Volumes can be resized dynamically while preserving the data on the volume.
the lvextend command is run first to grow the underlying logical volume
# lvextend -L +500M /dev/vg0/data
But as the filesystem still needs to be made aware of the additional space, resize2fs command
can be used to grow the mounted or unmounted ext4 filesystem
# resize2fs -p /dev/vg0/data
Shrinking Logical Volumes (Reducing Logical Volume)
Reducaing Logical Volume must be done offline. For this we need to umount the logical volume
# umount /logicalvolume
It requires a filesystem (e2fsck) check first
# e2fsck -f /dev/vg0/data
Filesystem then reduce
# resize2fs /dev/vg0/data 512M
Finaly, lvreduce is used to to reduce the volume
# lvreduce -L 512M /dev/vg0/data

9 / 9
RH135-Day14
Mounting NFS Filesystem (Linux-to-Linux) or CIFS Share (Common Internet File Share,
for example Linux-to-Windows)
Mounting NFS Filesystem or CIFS share means to make a remote NFS (Network File Sharing
LINUX-to-LINUX Sharing)
filesystem as though it were a local file system.
Three Basic steps for accesssing a network share (Linux-to-Linux Share)
1. Identify the remote share to access
# showmount -e nfsserver.domain (for NFS file share)
# smbclient -L cifsserver.domain (for CIFS share)
2. Determine the mount point where it should be mounted and create the mount point's
directory
# mkdir /remote1
# mkdir /remote2
3. Mount the network file system with appropriate command
# mount nfsserver.domain:/exported/path /remote1 (for NFS file share)
# mount //cifsserver.domain/sharefolder /remote2 (for CIFS share)
/etc/fstab can be used to specify persistent network mounts
# vim /etc/fstab
nfsserver.domain:/exported/path /remote1 nfs defaults 0 0
cifsserver.domain/sharefolder /remote2 cifs defaults 0 0
Practice LAB:
mount the /var/ftp/pub directory presistently from server1.example.com in /extra directory
- Check the remote share access
# showmount -e server1.example.com
- Create the /extra directory
1 / 4
RH135-Day14
# mkdir /extra
- Mount the nfs share
# mount server1.example.com:/var/ftp/pub /extra
- make fstab entry
# vim /etc/fstab
server1.example.com:/var/ftp/pub /extra nfs defaults 0 0
Automaticaly Mount Network Storage:
Creating entry in /etc/ftab (as mantioned above) will keep connection to network server active
always. Alternatively
, the automounter or autofs service can be configured to mount network shares "on demand"
and unmount after a
certain amount of inactivity. There is two ways to configure the automounter service.
Special Map / Net
By default, with the autofs service running whenever you enter (that means cd) to the
/net/nfsserver.domain
directory you'll get the all NFS exports available from that NFS server. Once the directories
underneath stop being
used, the shares become unmounted and the nfsserver.domain subedirectory in /net is
removed.
Practice LAB:
- Check the remote share access
# showmount -e server1.example.com
- Make sure autofs service is running
# service autofs status
# service autofs restart; checkconfig autofs on
- Check the /net directory
2 / 4
RH135-Day14
# ls /net <-- you'll see the directory is empty. because still we didnt browse into this directory
- Enter into /net/server1.example.com
# cd /net/server1.example.com
# ls <---- you'll see all exported directory from server1.example.com
- change the directory
# cd ~
# ls /mnt/ <--- you'll get nothing in this folder
Indirect Map:
Indirect Maps allow the system administrator to identify a particular network share and
determine the mount point in
any directory as his wish (unlike direct MAP where the mount point is always /net directory)
Indirect maps use a two tier configuration file syntax.
01. /etc/auto.master <-- This file exists
02. /etc/auto.demo <-- This file need to be created
- /etc/auto.master will have one line for each "parent" directory to manage and the name of an
individual second
configuration file (i.e, /etc/auto.demo)
# cat /etc/auto.master
/demo /etc/auto.demo
- /etc/auto.demo file contains the sub-directory (for example public) mount point and network
share with mount
opttions
# cat /etc/auto.demo
public -ro nfsservername.domain:/exported/path
* Students are advised to follow page 101 and 10 for more detail

3 / 4
RH135-Day14
Practice LAB:
nfs server with shares: server1.example.com
the share directory is: /var/ftp/pub
Configure your workstation such that autofs automaticaly mounts that share as: /special/oshu
- Add the following lines to /etc/auto.master
/special /etc/auto.special
- Create /etc/auto.special with following line
# vim /etc/auto.special
oshu -ro server1.example.com:/var/ftp/pub
- Restart the automounter
# service autofs restart; checkconfig autofs on

4 / 4
RH135-Day15
Managing User Accounts:
local users information are stored in a simple file /etc/passwd. Students are advised to follow
page 107 and 108 for detail.
Command to manage users:
# useradd username <-- to add users
# passwd username <-- to change the password of user
# userdel -rf username <-- to delete user with recursively removing their home and mail
directory
# id username <-- Shows user's id
# usermod is used to modify user's information. Some important uses of usermod is as follows:
# usermod -D directoryname username <-- change user's home directory
# usermod -S filename username <--- change user's login shell
# usermod -G Groupname username <-- assign Groupname as supplementary Group of the
user
# usermod -L username <--- Locking user account
# usermod -U username <--- To unlock user account
Managing Password:
Password Aging Policies
By default passwords do not expires. To modify password aging for existing users, use the
chage command
# chage [options] username
-m minimum days between password changes from last change date
-M Maximum days between password changes from last change date
-I Number of days inactive since password expired before locking account
-E Date expire the account on this date (YYYY-MM-DD format)
-W Number of days before a required change to start warnings
-l List of settings
-d Force users to change their password when first loging
LAB Practice:
For the user jack implement the following password aging policy:
1 / 2
RH135-Day15
01. Account will be expired on Dec 31st, 2011
02. Password must be changed within 30 days of last password change
03. If password doesn't change within 30days of last password change, the account will be
inactive for next 7 days.
# change -E 2011-12-31 -M 30 -I 7 jack
# chage -l jack

2 / 2
RH135-Day16
Managing Groups:
Like users, groups have a name and a number (GUID). Local groups are defined in /etc/group
# groupadd -g 601 groupname
This will add a new group with GUID 601
# groupdel groupname <-- for deleting group
# groupmod -n newgroup oldgroup <-- change the groupname
Primary Group:
- Every user has exactly one group.
- Normaly, a primary group of the same name as the user is created and assigned when the
user is created.
Supplementary Group:
- Users may be a member of zero or more supplementary Group
- For local groups, membership is determined by a list of users found in the last field of the
group's entry in /etc/group
- Used to qualify for group access permissions when accessing files
# usermod -aG groupname username
This will add user username to the group groupname. if you dont use -a option the user would
be removed from all other supplementary group
Managing Filesystem Access Control List (ACL)
# getfacl file <-- is used to display ACLs on a file
# setfacl -m u:jack:rw- file1 : grants read write permission to user jack to file1
# setfacl -m g:student:r-- file1 : grants read permission to all members of group student
# setfacl -m d:g:student:rwx directory1 :grants rwx permission to the directory1 and it contents
To set acl on a file, the mounted filesystem (where file exists) should be ACL supported. The
installer configures all ext4 file systems it creates at the time of installation automaticaly turn on
ACL support.
If you manually formated the file system, you need to mount it ith the acl mount option.
1 / 2
RH135-Day16
# tune2fs -o acl,user_xattr /dev/sda11
You may also need to do a entry in /etc/fstab for automaticaly turn on ACL support at boot time
on sda11 patirtion
# vim /etc/fstab
/dev/sda11 /mountpoint ext4 defaults,acl 0 0
LAB Practice:
Create users and group as stated in page 132 and set ACL as stated in page 137
# mkdir /opt/research ; chgrp grads /opt/research
# chmod 2770 /opt/research
# setfacl -m g:profs:rwx /opt/research/
# setfacl -m g:interns:rx /opt/research/
# setfacl -m d:g:profs:rwx /opt/research/
# setfacl -m d:g:interns:rx /opt/research/
# setfacl -m d:grads:rwx /opt/research
Note: The Execute permission (x) is taken as default. because without execute permission no
one can create and file in this directory.

2 / 2
RH135-Day17
what is SELinux:
Security-enhanced Linux (SELinux) is an implementation of Mandatory Access Control
mechanism. A MAC access control framework allowws you to define permissions for how all
processes (called subjects) interact with other parts of the system such as files, devices,
sockets, ports and other processes (called objects in SELinux). This is done through and
administratively-defined security policy over all processes and objects. With this model, a
process can be granted just the permissions it needs to be functional.
Without SELinux, an attacker who gained access through a security hole in a public available
web server whould have more broad access to the system. The attacker would then have a
platform from which to exploit other valunerabilities on the system, perhaps gaining root access,
and the attacker would be able to launch attacks on other systems within the internal network.
With SELinux enabled, an attacker who exploited a security hole in the web server, would only
have access to the files that the web server normally has access to. The Mandatory Access
Control allows the web server only to access files of a certain type. Data from other confined
processes are not accessible.
Selinux has three modes, detrmined in /etc/sysconfig/selinux file:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - SELinux is fully disabled.
Practice LAB:
-------------
01. Make SELinux enabled in Permissive mode
# vim /etc/sysconfig/selinux
SELINUX=permisive
# reboot
02. Check the SELinux current mode
# getenforce
03. Toggles SELinux from enforcing to permissive and vice-versa
# setenforce 1 <-- from permissive to enforcing
1 / 6
RH135-Day17
# getenforce
# setenforce 0 <-- from enforcing to permissive
# getenforce
SElinx Architecture:
01. Security Context:
Typically, the security context is displayed as a colon-separated triplet in this format:
user_identity:role:type:sensitivity:catagory
For example, the following security context is set for web server content:
system_u:object_r:httpd_sys_content_t
Note the sensitivity and catagory elements of the security context may not be displayed.
User identity indicates the SELinux user account associated with an object or subject
A role defines which SELinux user indentities are allowed access to which domains
Processes (subjects) are running in domains. Resources (objects) are associated with a type.
02. Security Policy:
A policy is a set of rules that guide the SELInux engine. Redhat supporst three policies:
targeted, mls and strict. The SELinux default policy is Targeted Policy. Target Policy targets
only specific daemons.
Under the targeted policy, every subject and object runs in the unconfined_t domain except for
the specific targeted domain. The objects that are in unconfined_t domain are allowed by
SELinux to have no restrictions and fall back to using standard linux security. The policy is
defined in /etc/sysconfig/selinux file
# cat /etc/sysconfig/selinux
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
Practice LAB:
-------------
2 / 6
RH135-Day17
To get Security Context Information
# id -Z <-- show what security context does root have
# ps -ZC httpd <--- show what security context does httpd have
# ls -Zd /var/www/html <--- What security context /var/www/html directory has

# ls -Z /etc/resolv.conf <--- What security context /etc/resolv.conf file has
Changing Security Context:
The security context of a given file can be changed with one of the command line tools - chcon,
restorecon or fixfiles. We'll use restorecon in following LAB Practice
Lab Practice:
Facts:
- The web server binary (/usr/sbin/httpd) has a type called httpd_exec_t
# ls -Z /usr/sbin/httpd
-rwxr-xr-x. root root system_u:object_r:httpd_exec_t:s0 /usr/sbin/httpd
- The web server process, belongs to a domain called httpd_t
# ps -ZC httpd
unconfined_u:system_r:httpd_t:s0 2041 ? 00:00:00 httpd
- The web server data is of the type httpd_sys_content_t
# echo "this is index file in web server data directory /var/www/html" > /var/www/html/index.html
A files initial SElinux Context is determined by the directory. thats why with above command
when we create a index.html file in /var/www/html directory the index.html took the SELinux
context of the context of the /var/www/html directory
# ls -Z /var/www/html/index.html
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/index.html
The default policy (targeted policy) allows subjects (the process) in the domain httpd_t to
3 / 6
RH135-Day17
access files with the type httpd_sys_content_t. If it is a different type, the web server will get an
AVC error, and will not be allowed access to those objects (files in /var/www/html)
01. Make sure SELinux is set in enforcing mode
# vim /etc/selinux/config
SELINUX=enforcing
(reboot the system if you need to change SELinux mode from disable/permisive to enforcing)
02. Create a file in /tmp directory and view its security context
# echo " This is tmp.html file created in /tmp directory" > /tmp/testfile.html
# ls -Z /tmp/testfile.html
03. Move /tmp/testfile.html from /tmp directory to /var/www/html direcoty
# mv /tmp/testfile.html /var/www/html
Note that mv (move) command will move the file keeping orginal context
04. Check the security context of files in /var/www/html
# ls -Z /var/www/html/
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html
-rw-r--r--. root root unconfined_u:object_r:user_tmp_t:s0 testfile.html
05. Restart the httpd service
# service httpd restart
The security policy will allow the httpd process (in the domain httpd_t) to access files with the
type httpd_sys_content_t . so we can view http://localhost/index.html file
# elinks -dump http://localhost/index.html
The security policy will not allow the httpd process (in the domain httpd_t) to access files other
then the type httpd_sys_content_t. so we can not viw http://localhost/testfile.html
# elinks -dump http://localhost/testfile.html
Forbidden
You don't have permission to access /testfile.html on this server.
4 / 6
RH135-Day17
--------------------------------------------------------------------------
Apache/2.2.15 (Red Hat) Server at localhost Port 80
With the restorecon command we can change the security context of testfile.html as per the
directory context.
# restorecon -R /var/www/html/
# ls -Z /var/www/html/
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 testfile.html

We can also use chcon command to relabel the testfile.html file

# chcon -t httpd_sys_content_t /var/www/html/testfile.html

Now we can view the testfile.html in our browser
# elinks -dump http://localhost/testfile.html
This is tmp.html file created in /tmp directory
SELInux Booleans:
Booleans allow runtime modification of the security policy. The policy defines a default value for
each boolean. We can change the booleans from true to false and vice versa with setsebool
command.
# getsebool -a <--- will list the current state of all seliunx booleans
# setsebool httpd_enable_cgi 1 <-- will enable httpd_enable_cgi immediately but not
parmanently
# setsebool -P ftp_home_dir 1 <-- will enable ftp_home_dir boolean and makes it parmanent
5 / 6
RH135-Day17

6 / 6
RH135-Day18
Installing and Managing Software:
yum is a powerfull command-line tool that can be used to more flexibly manage software.
Officily Red Hat packages are normally downloaded
from Red hat Network (RHN). When you register your machine with RHN, yum is automatically
configured to use it. We can also configure yum to
get packages from third-party package repositories over the network (which we do in our LAB).
Yum Configuration to get repositories over the network:
Package repository means a yum server which contains all RHEL packages and ready to serve
those packages to RHEL stations. In our LAB the
repository server is server1.example.com . And the packages resides in
/var/ftp/pub/rhel6/Packages folder in machine server1.example.com
computer. the packages are delivered through ftp service. The configuration file (a file with .repo
extansion in /etc/yum.repos.d/ folder)of
stationX.example.com is as followings:
# vim /etc/yum.repos.d/rhel6.repo
[base]
name=RHEL6 Server Repository
baseurl=ftp://server1.example.com/pub/rhel6/Packages
enable=1
gpgcheck=0
Basic Yum commands:
yum install packagename --> obtains and installs a software package including any
dependencies
yum remove packagename --> remove an installed software package including any supported
packages
yum update packagename --> obtains and installs a newer version of the software package,
including any dependencies.
yum list available --> list all packages available to be installed
yum list installed --> list installed packages
yum list all --> list all packages available and installed
Deploying Repository server
1 / 4
RH135-Day18
01. Install vsftpd service and createrepo package
# yum install vsftpd* createrepo*
02. Copy all files from RHEL6 dvd to your /var/ftp/pub/rhel6 folder
03. Run the following command
# createrepo -v /var/ftp/pub/rhel6
RPM quries:
rpm utility is a low level tool that is usefull to get information about the contents of pcakage files
and installed packages.
Basic rpm quries:
rpm -q PACKAGENAME --> currently installed packagename
rpm -qa --> all installed packages
rpm -qa Package* --> all installed packages named started with package
rpm -ql PACKAGENAME --> list all files installed by the PACKAGENAME
rpm -qf filename --> what package provides FILEnAME
Manage Services:
Deploying a new service on a RHEL system involves following steps:
01. Install the software
02. Configure the service related configuration file
03. Start the service
04. Enable the service at bootup
05. Test the service
01. Install the software: First we need to know which packages need to run the service. Then
we'll install the software by yum
# yum install package*
02. Configure the service configuration file: Usally the configuration file found in /etc folder and
end with .conf extension. we need to
change it to meet our requirement
# vim /etc/vsftp/vsftpd.conf
03. Start the service: we need to start the service daemon. daemons are processes that perfor
various task to run and continue service.
2 / 4
RH135-Day18
conventionally, daemon executables aend in the letter "d". daemons are managed by service
scripts which resides in the /etc/rc.d/init.d
directory. service script expect to be called with a signle start, stop, restart, status or reload
argument. service script should be invoked
using the front-end service command.
# service vsftpd restart OR
# /etc/init.d/vsftpd restart
04. Enale the service at bootup: Services are enabled (configured to start automatically at boot
time) or disabled with command
# chkconfig vsftpd off
We can check the list of service status in different runlevel
# chkconfig --list vsftpd
05. Test the service: If the service is properly configured and running, it'll provide you the
service properly. with vsftpd daemon you can
ftp the server , with httpd daemon you can get the web service. still following commands are
usefull to check the service availability:
# ps aux |grep vsftpd --> confirm the vsftpd daemon process is running
# lsof -i -n -P | GREP vsftpd --> confirm the vsftpd daemon is bound with correct port and is in
LISTEN mode
# netstat -tulpn |grep vsftpd
LAB Practice:
01. Install httpd service and list which files are installed with httpd package
# yum install httpd* -y
# rpm -ql httpd
02. Deploy FTP server and check its listenting to the TCP port 21
# rpm -q vsftpd
# yum installed vsftpd* <-- if found not installed from previous command
3 / 4
RH135-Day18
# vim /etc/vsftpd/vsftpd.conf <-- Make suer ANONYMOUS loging is enabled
# service vsftpd restart
# lftp stationX
# ps aux |grep vsftpd
# ntestat -tulpn |grep vsftpd

4 / 4
RH135-Day19
What is syslog ?

syslog is a utility for tracking and logging all manner of system messages from the merely
informational to the extremely critical. Each system message sent to the syslog server has two
descriptive labels associated with it that makes the message easier to handle.

- The first describes the function (facility) of the application that generated it. For example,
applications such as mail and cron generate messages with easily identifiable facilities named
mail and cron.

- The second describes the degree of severity of the message. There are eight in all and
they are listed in following Table:

You can configure syslog's /etc/rsyslog.conf configuration file to place messages of differing
severities and facilities in different files.

Severity Level Keyword Description
0 emergencies System unusable
1 alerts Immediate action required
2 critical Critical condition
3 errors Error conditions
4 warnings Warning conditions
5 notifications Normal but significant conditions
6 informational Informational messages
7 debugging Debugging messages

The /etc/rsyslog.conf File

The files to which syslog writes each type of message received is set in the /etc/rsyslog.conf
configuration file.
1 / 5
RH135-Day19

This file consists of two columns. The first lists the facilities and severities of messages to
expect and the second lists the files to which they should be logged. By default, RedHat
/etc/rsyslog.conf file is configured to put most of the messages in the file /var/log/messages.
Here is a sample:
*.info;mail.none;authpriv.none;cron.none /var/log/messages
In this case, all messages of severity "info" and above are logged, but none from the mail, cron
or authentication facilities/subsystems. You can make this logging even more sensitive by
replacing the line above with one that captures all messages from debug severity and above in
the /var/log/messages file. This example may be more suitable for troubleshooting.
*.debug /var/log/messages
In this example, all debug severity messages; except auth, authpriv, news and mail; are logged
to the /var/log/debug file in caching mode.

Practice LAB:

01. Redirect all debuging level messages to a file named /var/log/debug.log

- Add the following line in /etc/rsyslog.conf

*.debug /var/log/debug.log

- Restart the service and monitor the debug.log file

# service syslogd restart
# tail -f /var/log/debug.log

2 / 5
RH135-Day19
02. Redirect all mail related informative messages to a file named /var/log/mailinfo.log

mail.info /var/log/mailinfo

- Restart the service and monitor the mailinfo.log file

# service syslogd restart
# tail -f /var/log/mailinfo.log

Rotating Logs:

The Linux utility logrotate renames and reuses system error log files on a periodic basis so that
they don't occupy excessive disk space.

The /etc/logrotate.conf File

This is logrotate's general configuration file in which you can specify the frequency with which
the files are reused.

- You can specify either a weekly or daily rotation parameter. In the case below the weekly
option is commented out with a #, allowing for daily updates.
- The rotate parameter specifies the number of copies of log files logrotate will maintain. In
the case below the 4 copy option is commented out with a #, while allowing 7 copies.
- The create parameter creates a new log file after each rotation

Therefore, our sample configuration file will create daily archives of all the logfiles and store
them for seven days. The files will have the following names with, logfile being current active
version:
3 / 5
RH135-Day19
logfile logfile.0 logfile.1 logfile.2 logfile.3 logfile.4 logfile.5 logfile.6
Sample Contents of /etc/logrotate.conf
# rotate log files weekly #weekly # rotate log files daily daily # keep 4 weeks worth of
backlogs #rotate 4 # keep 7 days worth of backlogs rotate 7 # create new (empty) log files
after rotating old ones create

Locate and Analyze Log Summary Report:

A program called logwatch can be installed which will automatically analyze the standard log
files and send a summary email to root. logwatch runs as a daily
cron job to generate its report of interesting log information.

The system wide default settings for logwatch are kept in
/usr/share/logwatch/default.conf/logwatch.conf file.

/etc/logwatch/conf/logwatch.conf is an empty file which contains local logwatch settings.

LAB Practcie:

Configure logwatch to send log summary reports to user student rather than user root

- Modify /etc/logwatch/conf/logwatch.conf file

# vi /etc/logwatch/conf/logwatch.conf

4 / 5
RH135-Day19
MailTo=student

5 / 5
RH135-Day20
Process:
------------
A process is a an instance of a running program. ps command can be used to list processes. By
default only ps command gives you only processes started from this terminal (i.e, terminal from
which we gave the ps command). to view ps all processes running in all terminal and behind
terminals we issue :
# ps aux
where a = for all terminal
x = for processes running behind terminal
u = show the username under which the process is running
You can use the ps command in combination with the grep command to see if a process is
running. For example, to determine if Emacs is running, use the following command:
# ps ax | grep emacs
From the output of "ps aux" one of the very important information is PID (stands for process id) .
reffering with this pid we can kill (terminate) a process sending single 9
# kill 9 1001
The above command will terminate the process containing pid 1001
Use of top
----------------
The top program provides a dynamic real-time view of a running system. It can display system
summary information as well as a list of tasks currently being managed by the Linux kernel.
The top command monitors CPU utilization, process statistics, and memory utilization. The top
section contains information related to overall system status - uptime, load average, process
counts, CPU status, and utilization statistics for both memory and swap space.
By Default the output of "top" is sorted by cpu usages. But it can be interactively as followings:
M = sort by resident memory use
P = sort by CPU Usage
N = sort by pid
A = sort by age (newest first)
You can also kill a process while using top by pressing "k". You'll be prompted for the PID of the
task and the signal to send to it. For killing the process send single "9"
1 / 3
RH135-Day20
Process Scheduling (Niceness)
-----------------------------
A Linux system can have as many process running at the same time as it has CPU cores.
A primary task of the Linux kernel is scheduling processes.
Every process has a niceness value that influences its scheduling.
Niceness is a value which ranges from -20 through default 0 to 19
The higher the niceness the lower the priority
The nice and renice commands can change a process's scheduling priority.
"renice 0 2789" to change the niceness of process 2789 to 0
Practice LAB:
01. Type "tail -f /var/log/messages" in a terminal. Kill the process from another terminal.
- Open a terminal and type "tail -f /var/log/messages"
- Open another terinal
- get the process id (pid) of running process in first terminal
# ps aux |grep tail
- kill the process by sending signal 9
# kill 9 1098 (assuming the process id is 1098)
02. Type "tail -f /var/log/messages" in a terminal. Change the nicessness of this process to 10
- Type "tail -f /var/log/messages" in a terminal.
- open anoter terminal
- get the process id (pid) running with the process
# ps aux |grep tail
- change the nicenss with renice command
# renice 10 1098 (assuming the process id is 1098)

Cron : Managing Periodic Tasks

Linux Crontab Format
2 / 3
RH135-Day20

MIN HOUR DOM MON DOW CMD
MIN : Minute allowed field 0 to 59
HOUR: Hour allowed field 0 to 23
DOM: Day of Month allowed field 1-31
MON: Month of the year. allowed field 1-12
DOW Day Of Week. allowed field 0-6. where 0 =sunday and 6=satarday
CMD Command Any command to be executed.

This will reboot your computer on 10th June 08:30 AM.

30 08 10 06 * reboot

This will reboot your computer in every 5 minute

*/5 * * * * * reboot

3 / 3

Rh124 Daya

Cargado por

Información del documento

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Rh124 Daya

Cargado por

Copyright:

Formatos disponibles

RH124-Day01

Written by Razib Shahriar Rubence

También podría gustarte