Wednesday, October 27, 2010

Server Configuration in Linux

 DHCP [Dynamic Host Configuration Protocol]:

To check package is installed or not :

# rpm -qa |grep dhcp*

if package is installed on your machine it will display you the list. If not inatall it using CD or DVD as mentioned in FTP section.

Search a file “dhcpd.conf.sample
this file is present at '/usr/share/doc/dhcp-*/ ' location. Copy this file into /etc/ location and rename it as 'dhcpd.conf'. i.e.
# cp /usr/share/doc/dhcp-*/dhcpd.conf.sample /etc/dhcpd.conf

goto /etc/ and check it.

Edit that file
Contents of that file are-
# vim /etc/dhcpd.conf

1) ddns-update-style interim;
'dhcp server and DNS server communicate with each other using interim method
2) ignore client-updates;
if client tries to update the information, DHCP will not allow it.
3) Range dynamic-bootup  (range of ip addresses);
    e.g.   172.16.0.50  to   172.16.0.100


The default lease time upto which client can use the connection is 21600 seconds (i.e. 6 Hrs. approx) and the maximum lease time is 43200 seconds (i.e. 12 Hrs. approx). You can increase the max lease time if client request for it.
Server can renew the Ip address if the lease period is 50% over. After 80% lease period done the server frees that ip address for to give to anyone.

# service dhcpd start

if you get [Failed] message the check the ip address of system and server and make them same.

# service network restart
# service dhcpd start


you will get [OK] message

For to give a fix ip address i.e. reservation:

get MAC address of client (using ifconfig command you can get it).

Edit dhcpd.conf file
in that file serach option

 hardware ethernet (give client's MAC address)  
 fixed address (give client's ipaddress)  

# service dhcpd restart

If you want to check the ip addresses of various machines assigned by DHCP server then edit
'/var/lib/dhcp/dhcpd.leases' file





Sunday, October 17, 2010

LINUX   Installation Requirements
For installation of Linux we need to create minimum 3 partitions :-
 1) /boot – 100Mb approx.
 2) /   - 5 GB Minimum (For Full installation).
3) /swap – Double of RAM (swap partition i.e. Virtual Memory)
Difference Between Windows and Linux :-
Windows                                                                                    Linux
1) Not case Sensitive.                                                         1) case sensitive
2)  Drive letters are allowed                                                2) No drive letters used to identify partitions
                                                                                                              Instead names are used. E.g. /, /boot, /swp
3) Hidden files are having special attribute –h           3) Any file name starting with a                                                                                       dot(.) is considered as hidden
          
and there are many more… 
 
Commands :     
1)      Pwd : Publish working directory.
2)      Whoami : Gives Login user name.
3)      ls : similar to dir command in windows.
4)      man : manual pages ( Gives Help of a command) e.g.  $ man ls
5)      cd : change directory
6)      mkdir : create a new directory.
7)      touch : creates a blank file by the name given.
8)      cat : displays the contents of the file.
9)      cp   : copy file from source to destination
10)  rm : to delete files and folders
11)  mv  : to move files or folders from one location to other.      

VI Editor Basics:


To create a file vi editor is used. The command to create 'sample' file is:
$vim sample


When vi editor starts, it starts in read only mode by default. Press 'i' or 'Insert' key to work in read write mode.


commands:

1) esc key: To come out of any mode.


2) :wq - to save file and exit


3) :w - to save file


4) :q - to exit from vi editor without saving


5) :q! - forcefully exit without saving


Screens:   In GUI we get 6 screens to work on command line.


a) ctrl + Alt + F1  :- First screen
b) ctrl + Alt + F2  :- Second screen
c) ctrl + Alt + F3   :- Third screen 
d) ctrl + Alt + F4   :- Fourth screen
e) ctrl + Alt + F5   :- Fifth screen
f) ctrl + Alt + F6    :- Sixth screen
The 7th screen is GUI screen i.e. ctrl + Alt + F7 



How to store XP's Boot Loader in MBR using CD:

1) Boot your system using XP's bootable CD.

2) Choose recovery console by pressing 'r' option when asked.

3) Give path of your XP's installation folder

e.g. C:Windows (Press Enter)

4) Type 'fixmbr' (Press Enter)

5) Type 'fixboot' (Press Enter)

6) Type 'yes' (Press Enter)

7) Type 'exit (Press Enter)

8) Then Restart your system

the XP's Boot loader gets installed.



Creating CHAIN LOADER:

How to Install Linux Boot Loader:

If you Install XP over Linux (Dual Boot) the Linux's Boot Loader gets corrupted.
So to Install again Linux Boot Loader without disturbing XP we need to create a
Chain Loader. For that-

1) Insert Linux Bootable CD or DVD.

2) Type 'linux rescue' (Press Enter)

3) Type 'chroot /mnt/sysimage'

4) Then check partitions by giving command 'fdisk -l'

5) Then copy Linux grub loader on first sector of Linux Partition insted
of MBR. For that give commmand-
#grub-install /dev/hda2         (Press Enter) ---(Here /dev/hda2 is your
                                               linux partition shown in 'fdisk -l' command)

6) Then copy Boot Loader image in a file say 'bootsect.lnx'. for that-
#dd if=/dev/hda2 of=bootsect.lnx bs=512 count=1 (Press Enter)

    (here dd= disk duplicator, if= input file, of=output file,
      bs=block size in bytes)

7) Then mount XP's Partition in a test directory... for that
#mkdir test                                     (Press Enter)
#mount -t auto /dev/hda1 /test (Press Enter)
   (here /dev/hda1 is your XP'x partition shown by 'fdisk -l')

8) Then see contents of /test
#cd /test
#ls

9) Then copy 'bootsect.lnx' file in /test directory i.e.
#cp /bootsect.lnx bootsect.lnx (Press Enter)

10) Edit XP's boot.ini file and make changes i.e.
#vi boot.ini

Press 'Insert' key and make changes at the End of file as...
C:\bootsect.lnx="RedHat Linux EL"

save the file using 'esc' key and ':wq'

11) Unmount that volume using...
#umount /test

Restart your system... You will get chain loader installed




Partition Management in Linux:

To create new partitions or to edit, modify, delete or manage partitions there is command in Linux:
'fdisk'

To check existing partition table give command:
#fdisk -l

For more options of fdisk give 'man fdisk' command.

We can easily manage our partitions using this options. To enter fdisk utility give command:
#fdisk /dev/

After Creating partitions we need to format them. For this 'mke2fs' command is there. This command formats the partitions using ext2 file system by default.

#mke2fs -j /dev/
Here -j option is used to format the partition using ext3 FS.

This Partitioning is not permanent. It losts after logoff or restartint system.

To make the changes permanent or static we need to make entry of that partition in '/etc/fstab' file.
Then only the changes remain permanent.


Run Levels :

The run levels are managed by '/etc/inittab' file
There are total 6 run levels present in this file, in which run level 4 is actually not present.

0 - halt (Do NOT set initdefault to this, otherwise system will not start.)
1 - Single user mode
2 - Multiuser, without NFS (The same as 3, if you do not have networking)
3 - Full multiuser mode
4 - unused
5 - X11
6 - reboot (Do NOT set initdefault to this)

you can set your desired run level to run as default using this file.



User Management in Linux

For managing users in linux there are various commands, we will see them:

1) useradd: This command is used to create new users.
You can see the help of this command by typing 'man useradd' . The some important parameters are:
a) -c : comment: description for the user. e.g. manager, sales representative etc.
b) -d : home directory : assigns the specified directory as the home directory for the user
e.g. -d /sales/pranay
c) -e : expiration date : user account will be expired on that date. i.e. disable on the date specified. Format: yyyy-mm-dd
d) -f : Inactive days : number of days after the password expires, the user can login to system, before his account has been disabled.
e) -g : (gid, froup name) : this is the primary group os the user.
f) -G : group name : secondary group membership.
g) -m : this switch creates home directory for the user if the home directory is not present. It also copies contents from /etc/skel directory into the home directory of user which has been created.
h) -M : No user home directory is created.
i) -n : No group is created by the name of the user.
j) -o : allow create user with duplicate (non-unique) UID.
System considers such users as a single user, but they can login using different user names.
k) -p : accepts passwords as encrypted formats.
For this first give command 'crypt ' and then use it with -p option.
l) -r : allow to accept UID less than 500.
this option is used with -u option. The users having UID less then 500 are treated as system created users.
m) -s : shell : allow user to accept shell
e.g. -s /bin/bash
n) -u : UID : allow user to accept specific UID.
To give UID 400 give command: #useradd -r -u 400

E.g.:
1) to add new user having same group id (member of the same group):
#useradd -n -g 502
2) to change login shell of user:
#useradd -s /bin/csh

If you want multiple users with same settings give command:
first create one home directory: #mkdir /home/home_dir
then,

#useradd -D -g 502 -b /home/home_dir -e 2010-11-11 -f 3 -s /bin/ksh
#useradd -n user1
#useradd -n user2
#useradd -n user3

.
.
.
and so on...
now these users are having same group id (502), same home directory (/home/home_dir), same expiration date [11 Nov 2010], same default inactive says after expiry (3 days) and same login shell (/bin/ksh).

3) to create groups of same GID: #gropuadd -g 400 group1
                                                    #groupadd -o -g 400 group2
(see 'man groupadd')
to delete group: # groupdel
to delete user : #userdel



usermod Command:

used to modify user settings. See 'man usermod'.
E.g. 1) To change UID of existing user: #usermod -u 515

2) To change login name of existing user: #usermod -l

we see membership of PRIMARY GROUP in /etc/passwd file and membership of SECONDARY GROUP in /etc/group file. For that give command
#usermod -G 502
After that user will became member of group having GID 502. It will be displayed in /etc/group file.

chmod Command:

create a directory '/temp' & check permissions for it by,
#ls -all

then change the permissions of other users by
#chmod o-rx /temp

then login by another user & try to gointo that directory by #cd /temp
It will not go.

Using numbers: r=4
w=2
x=1
i.e. rwx=7, rx=5, rw=6

#chmod 755 /temp
it will set permissions for
owner (u) =rwx (7)
group (g) =rx (5)
others (o) =rx (5) on /temp directory.

chgrp command:

#chgrp 301 /temp
or #chgrp /temp
this command is used to change group of particular directory.

Sticky Bit:
If for a directory all users have rwx rights then anyone can delete others files and folders or modify them easily. For that 'sticky bit' is used. It causes only owner of that file can delete or modify that file.
To add = +t
To remove = -t
e.g. #chmod +t /temp

  
Commands related to Networking:

  1. netconfig : command used to setup ip address to a machine.
  2. setup : command used to setup ip address to a machine.
  3. ifconfig : command to check the ip address.
  4. service network restart : to restart network service.
  5. ping : it will continuously ping if network is ok.
    To stop press 'ctrl + c' or 'ctrl + z'


Telnet [ Terminal Network ]

It is used to work on a particular machine remotely. By default telnet is disabled for security purpose. For managing network there is a daemon 'xinetd.d'. the 'xinetd.d' directory is located at /etc folder. In that folder there is a file 'telnet'. We just open '/etc/xinetd.d/telnet' file and make change as...
disable = no
then save and exit vi. Restart the service i.e.
#service xinetd restart
now check #telnet
Telnet does not allow root user login (because of security). We can login as a ordinary user. And then using command 'su' we can switch to root user account.



Rlogin:

there is a file '/etc/xinetd.d/rlogin'. Edit it make changes as...
disable = no
save and exit from vi editor. Restart xinetd service
#service xinetd restart
# rlogin ip_address_of_machine

you will logged in. if you want to switch user root you can do it by
# su

for further help try
# man rlogin

if there is a user 'aaa' on server and user 'bbb' on workstation and you want to login to server then simply login to workstation by 'bbb' user and give command,

#rlogin server's_ip_address  -l aaa

you will get login.



FTP [ File Transfer Protocol ]:

FTP is used to send or receive a file from one machine to other machine. Name of FTP server in Linux is VSFTP i.e. very secure FTP.

Check whether there is package installed on your system, for that-
# rpm -qa | grep vsftpd*
here q – query packages installed on the system
a – all packages
it will list all the installed packages.

If vsftpd package is not installed on system, then insert CD-1 or DVD of o/s and install the RPM by giving command-
# rpm -ivh vsftpd- - - (give tab)

after successful installation vsftpd directory gets created under /etc directory and two files get created in that folder. It indicates ftp gets installed. You need to copy the data which you want to send via ftp in '/etc/var/ftp/pub' directory.

Contents of '/etc/vsftpd/vsftpd.conf ' file :

1) anonymous_enable = yes
here anonymous stands for all users. Login using 'anonymous' user name and blank password. If you dont want to login as anonymous user set this option 'no'.
2) local_enable = yes
if it is 'yes' then local users can also login using ftp.
3) write_enable = yes
if you want uploading allowed then make it 'yes'.
4) local_umask = 022
the value infront of umask gets deducted from previous value (777).
5) #anon_upload_enable = yes
by deafault only local users having file uploading permission on server. If you want it to allow for anonymous user make it 'yes'.
6) #anon_mkdir_write_enable = yes
anonymous user doesnt having permission to create directory on server. If you want to allow him for that make changes here.
7) dirmessage_enable = yes
create a directory '.message' in every sub-directory in /var/ftp directory. Write a message in '.message' directory about what is there in parent directory.
e.g. this directory contains display drivers etc.
8) xferlog_enable = yes
it keeps record of who uploaded data on ftp, who downloaded data in a log file.
9) connect_from_port_20 = yes
for FTP it uses tcp port 20 & 21. one is used for communication (wid client server) and other is used for actual data transfer. Only one port is kept enable at a time for convinience.
10) chown_updates = yes
it is used in case of data entry to change ownership of uploaded file.
11) chown_username = whoever
give the user name by whom you want to create ownership.
12) xferlog_file = /var/log/vsftpd.log
the log record is kept in this file. To change the location of that file this command is used.
13) xferlog_std_format = yes
to store log in standard format
14) idle_session_timeout = 600 (seconds)
if the user using ftp is idle for 600 seconds the session gets terminated.
15) data_connection_timeout = 120 (seconds)
if there is no data transfer for 120 seconds the connection gets disconnected.
16) #nopriv_user = ftpsecure
for first time the ftp gets connected using root user name but later it gets converted to 'ftpsecure' user. It is used for security purpose.
17) #async_abor_enable = yes
while downloading if connection gets losts then it downloads from start again. To avoid it use this option. It will download from where it gets disconnected.
18) ascii_upload_enable = yes
by default it uses binary upload or download. You can make it ascii using this option.
19) ascii_download_enable = yes
try to avoid it coz it gets more memory and less speed.
20) ftp_banner = welcome to blah ftp server
a banner gets displayed at login time.
21) deny_email_enable = yes
used to ban particular email address.
22) #banned_email_file = /etc/vaftpd.banned_emails
the email id's which are banned are stored in this file
23) chroot_list_enable = yes
used to change root directory (i.e. starting point of user home directory) of user.
24) chroot_list_file = /etc/vsftpd.chroot_list
this file includes users who are allowed to run chroot
25) # ls_rescue_enable = yes
used to disable 'ls -R' command.
26) Pam_Service_name = vsftpd
pam is nothing but pluggable authentication module.
27) userlist_enable = yes
enter the user names whom you want to allow ftp or deny ftp in '/etc/vsftpd.user' file.
28) Listen = yes
it decides whether to accepts packets on network card or port.
29) tcp_wrappers = yes
it wraps the ftp packets into tcp protocol and sends, coz transfer layer protocol is tcp.

To start service:
# service vsftpd start

then open a terminal and give command-
#ftp

username = anonymous
password = blank (no password)


ftp> ls
you will see pub directory.
Now to accept a file from other machine (to download a file)
ftp> get
ftp> bye (to exit ftp)
the file gets downloaded at your last working location.

Now tp upload a file on ftp server...
ftp> put
ftp> bye


by default the anonymous user is not having permission for uploading a file. You can give it using vsftpd.conf file.