Ex. No. 11 INSTALLING LINUX AND SOFTWARE Date :

Transcription

1 Ex. No. 11 INSTALLING LINUX AND SOFTWARE Date : Q1. INSTALLING LINUX Now your PC should boot from the CD-ROM or the installation boot floppy. After a few files are opened and decompressed, Linux installation screen should appear, with the following prompt: [F1-Main] [F2-Options] [F3-General] [F4-Kernel] [F5-Rescue] boot: To start the installation process from the boot : prompt, there are three basic options: Graphical mode By default, Linux is installed from the CDs in graphical mode. If you're installing from the CDs, just press the ENTER key at the boot : prompt. Text mode The linux text option starts a low-intensity graphical installation known as text mode that all but the most graphically challenged computers can handle. Network installation You can use the installation CD or boot floppy to install RHEL over a network connection. If you're booting from the installation CD, enter linux askmethod at the boot: prompt. This tells the RHEL installation CD to ask you whether you want to install from the CD or from a network server. The instructions below are based on NFS server based installation. (First configure NFS Server) A. Pre Installation Steps 1. Boot your computer from boot CD 2. When you see the boot : prompt, enter the linux askmethod command. 3. Select your language. English is the default; 4. Select a keyboard type. 5. Choose your installation method. ie.; NFS image option. 6. Configure your IP address information. If you have a DHCP server on your network, the default should be sufficient. Otherwise, deselect the Use Dynamic IP Configuration option, and enter at least an IP address and Netmask. 7. Next, you'll direct your computer to the remote NFS server. You can enter the hostname or IP address of the NFS server, as well as the shared directory. 8. Now you'll see the first Linux graphical installation screen. Click Next to continue. M. Eliazer 68

2 9. Select between automatic and manual partitioning. Always recommended to select the Manually Partition With Disk Druid option and click Next to continue. 10. Basic Partitioning (i) In the Disk Druid Menu, click New. Enter /boot in the Mount Point text box. Enter 100MB in the Size(MB) text box. and click OK. (ii) Repeat the basic process described in step (i) with the other noted partitions: /tmp, /var, and /home. (iii) Now create a swap partition. Click New to open the Add Partition window. Click the File System Type drop-down box and select Swap. As you'll see, the Mount Point text box is now grayed out. Enter the required size (512MB ie; atleast ½ of RAM size) in the Size(MB) text box and click OK. (iv) Allocate the remaining space to the root directory (/) partition. Click New to open the Add Partition window. Enter / in the Mount Point text box. Under Additional Size Options, select Fill To Maximum Allowable Size and click OK. Once you've finished creating the desired partitions, click Next to continue. 11. Configure the boot loader. It can help you configure how your BIOS find Linux and other operating systems on your computer. GRUB is the default. 12. Configure network. You can either configure the IP address information shown manually, or you can leave this task to a DHCP server. Make your selections and click Next to continue. 13. Configure a standard firewall for your computer. Generally, you won't need to configure a firewall for a workstation inside a LAN. Firewalls are generally located on computers that serve as junctions, or routers between networks such as a LAN and the Internet 14. Select additional languages if you need and click Next to continue. 15. Select your time zone. 16. Type password for the root user and click Next to continue. 17. Now you'll see a Package Installation Defaults screen. Select the 'Customize the set of packages to be installed' option and click Next to continue. 18. Select the package groups that you'll need and click Next to continue. Finally, you're taken to a summary screen. You can click Back in this screen to return to a previous step. Otherwise, click Next to start the installation process. M. Eliazer 69

3 B. Post installation steps 1. Once the installation process is complete, you're taken to a screen where you can create a customized boot disk (if you need) 2. Configure your video card. A large number of different manufacturers, models, and generic options are available. You can also set the available memory in your video card 3. Configure your Monitor. You can set the make and model of your monitor. If you don't see your monitor in the list, there are also a large variety of generic CRT and LCD monitors available. 4. Do Graphics Configuration. 5. OS now reboots your computer. Linux is now installed. At first time boot, you'll get to configure a few more components during this process. C. First Boot configuration Steps 1. You'll need to agree to the license agreement. 2. Set the date and time 3. Configure regular login account 4. Click the Play Test Sound button to confirm sound card functioning. 5. If you want to register with the Red Hat Network, select Yes. But the defaults are generally sufficient. 6. If you have additional software to install, insert CD and click Next to continue. 7. You'll now see the Finish Setup screen, which tells you that 'Your system is now set up and ready to use.'. Click Next to finish the process. Congratulations! Installation is now complete. M. Eliazer 70

4 Q2. INSTALLING SOFTWARE The RPM Package Manager The primary functions of the RPM are Querying, installing, and uninstalling software Maintaining a database that stores various items of information about the packages Packaging other software into an RPM form Querying 1. To query all the packages installed in the system # rpm qa This will give you a long listing of software installed. 2. To query for a Specific Package # rpm q bash This is to verify whether the package bash is installed or not 3. To query more information about a package # rpm -qi bash 4. To list the configuration files (if any) that comes with the bash package # rpm -qc bash Installing 5. To install the package # rpm -ivh gcc-4.* This will install gcc packages Here i install v verbose ie; displaying information about installation h displaying # symbol to show the installation progress 6. To upgrade the package # rpm -Uvh gcc-4.* This will upgrade old gcc package with new one 7. To freshen the package # rpm -Fvh gcc-4.* This will remove the existing gcc package and install as a fresh package Uninstalling 8. To remove a particular package from the system # rpm e gcc-4.* M. Eliazer 71

5 Yum Package Yum is one of the newer methods of software management on Linux systems. Yum is an automatic updater and package installer/remover for RPM systems. It automatically computes dependencies and figures out what things should occur to install packages. Yum Package Configuration Step 1: copy all packages from cd's/dvd to any location #mount /dev/cdrom /mnt #cp -vr /mnt/server /var/ftp/pub #eject Step 2: install createrepo rpm #rpm -ivh /var/ftp/pub/server/createrepo noarch.rpm Step 3: create yum database #createrepo g /var/ftp/pub/server/repodata/comps-rhel5-servercore.xml /var/ftp/pub/server/ #rm -rf /var/ftp/pub/server/.olddata #createrepo -g /var/ftp/pub/server/repodata/comps-rhel5- servercore.xml /var/ftp/pub/server/ Step 4: create yum repository file in /etc/yum.repos.d/ directory #vi /etc/yum.repos.d/sample.repo [Server] name=server packages baseurl=file:///var/ftp/pub/server gpgcheck=0 Step 5: clean yum cache and list all packages #yum clean all #yum list all Remote package install configuration for Client Step 1: create yum repository file #vi /etc/yum.repos.d/sample.repo [Server] name=server packages baseurl=ftp:// /pub/server gpgcheck=0 Step 2: clean yum cache and list all packages #yum clean all #yum list all Installing, Removing and listing packages using Yum To install httpd package # yum install httpd To uninstall httpd package # yum remove httpd M. Eliazer 72

6 To list all the installed packages # yum list installed To list all the packages available in the server # yum list available Q3. COMPILE AND INSTALL GNU SOFTWARE In this section, we are going to see the way to install the package from its source file. Step 1. Getting and Unpacking the Package a) First get the source file either from CD or download it from internet. Save the file in the directory /usr/local/src # wget b) Use the tar command to unpack and decompress the file # tar -xvzf hello-2.3.tar.gz c) A new directory, called hello-2.3, should have been created for you during the untarring. Now change to the new directory. # cd hello-2.3 ; ls Step 2. Looking for Documentation Read the documentation files such as README and INSTALL for installation instructions # less INSTALL or # vi INSTALL Step 3. Configuring the Package The configuration scripts will be available in the name configure. Now execute the configuration file. #./configure By default, most packages use /usr/local. Each component in the package will install into the appropriate directory in /usr/local. If you want to change the directory, use the option prefix as below #./configure --prefix /tmp/local Step 4. Compiling the Package Compile the package using the following command # make Step 5. Installing the Package Once the compile completes successfully, install the package as below # make install This will install the package into the default location M. Eliazer 73

7 Step 6. Testing the Software Test the software by running the file # /usr/local/bin/hello Step 7. Cleanup Once the package is installed, you can do some cleanup to get rid of all the temporary files created during the installation. # cd /usr/local/src Now use the rm command to remove the actual directory, like so: # rm -rf hello-2.3 Verified by Staff In-charge Sign : Date : Ex. No. 12 MANAGING USERS Date : What is User? Under Linux, every file and program must be owned by a user. Each user has a unique identifier called a user ID (UID). Each user must also belong to at least one group, a collection of users M. Eliazer 74

8 established by the system administrator. Users may belong to multiple groups. Like users, groups also have unique identifiers, called group IDs (GIDs). Each user s rights can be defined in one of two ways: as those of a normal user or the root user. Normal users can access only what they own or have been given permission to run. The root user is allowed to access all files and programs in the system, whether or not root owns them. The root user is often called a superuser. WHERE USER INFORMATION IS KEPT? Linux keeps all user information in the following files. 1. /etc/passwd file The fields of this file is illustrated below i) User Name: It is also referred as login field or account field ii) Password : This field contains excrypted password for the user. On most modern Linux systems, this field contains a letter x to indicate that shadow passwords are being used on the system iii) User-ID : This field stores a unique number that the operating system and other applications use to identify the user and determine access privileges iv) Group-ID : It is a unique number of the primary group that the user belongs to. v) GECOS : This field can store various pieces of information for a user (Comment field) vi) Directory : This is usually the user s home directory, but it can also be any arbitrary location on the system. Every user who actually logs into the system needs a place for configuration files that are unique to the user. This place is called a home directory. In this directory, users are allowed to keep not only their configuration files, but their regular work files as well. vii) Shell : When users log into the system, they expect an environment that can help them be productive. The first program that users encounter is called a shell. 2. /etc/shadow file This is the encrypted password file. It stores the encrypted password information for user accounts. In addition to the encrypted password, the /etc/shadow file stores optional password aging or expiration information. It is only readable by the root user. M. Eliazer 75

9 Just as in the /etc/passwd file, each line in the /etc/shadow file represents information about a user. The lines are made up of various standard fields, with each field delimited by a colon. The fields are Login name Encrypted password Days since January 1, 1970, that password was last changed Days before password may be changed Days after which password must be changed Days before password is to expire that user is warned Days after password expires that account is disabled Days since January 1, 1970, that account is disabled A reserved field A sample entry from the /etc/shadow file is shown here for the user account judith: judith:$1$hewdpij.$qx/rbb.tpgcyeravdlf4g.:12830:0:99999:7::: 3. /etc/group file The /etc/group file contains a list of groups, with one group per line. Each group entry in the file has four standard fields, with each field colon-delimited. Each user on the system belongs to at least one group, that being the user s default group. Users may then be assigned to additional groups if needed. You will recall that the /etc/passwd file contains each user s default group ID (GID). This GID is mapped to the group s name and other members of the group in the /etc/group file. The fields of each line in the /etc/group file are o Group name : The name of the group o Group password : This is optional, but if set, it allows users who are not part of the group to join o Group ID (GID) : The numerical equivalent of the group name o Group members : A comma-separated list A sample group entry in the /etc/group file is shown here : bin:x:1:root,bin,daemon This entry is for the bin group. The GID for the group is 1, and its members are root, bin, and daemon. USER MANAGEMENT TOOLS The command line tools for the user management are useradd, usermod, userdel, groupadd, groupmod and groupdel. 1. Useradd - User can be added with this tool #useradd options username M. Eliazer 76

10 Some of the options are -c comment : to add comment -d homedir : to change the home directory -e date : to specify the expiry date of a login (format : yyyy mm dd) -s shell : to change the shell -u uid : to specify user defied user-id ex. #useradd d /usr/moses moses - Add user with user name moses with home directory as /usr/moses Note : After adding user, it is mandatory to set a password for the user. ie; #passwd moses 2. Usermod - User information can be modified with this tool #usermod options username - Options are same as useradd but additionally we have one more option -l ie; -l newname : to rename user name. 3. Userdel - Users can be removed from the system #userdel username 4. Groupadd - Adds groups to /etc/group file #groupadd options groupname The options are -g gid : to specify the group-id for the new group -r : to create system group -f : to exit without error if the group is already exists 5. Groupmod - To modify the group information #groupmod options groupname M. Eliazer 77

11 - Options are similar to groupadd tool 6. Groupdel - To remove a group from the system #groupdel groupname GUI Tool for user management #system-config-users - This utility helps us to add, mod and del users with GUI. USERS AND ACCESS PERMISSIONS Linux determines whether a user or group has access to files, programs, or other resources on a system by checking the overall effective permissions on the resource. The traditional permissions model in Linux is simple it is based on four access types, or rules. The possible access types are (r) Read permission (w) Write permission (x) Execute permission (-) No permission or no access In addition, these permissions can be applied to three classes of users. The classes are User The owner of the file or application Group The group that owns the file or application Others Users that are not belonging to the group Understanding SetUID and SetGID Programs Normally, when a program is run by a user, it inherits all of the rights that the user has. If the user can t read the /var/log/messages file, neither can the program. Note that this permission can be different from the permissions of the user who owns the program file. For example, the ls program is owned by the root user. Its permissions are set so that all users of the system can run the program. Thus, if the user judith runs ls, that instance of ls is bound by the permissions granted to the user judith, not root. However, there is an exception. Programs can be tagged with what s called a SetUID bit, which allows a program to be run with permissions from the program s owner, not the user who is running it. Using ls as an example again, setting the SetUID bit on it and having the file owned by root means that if the user judith runs ls, that instance of ls will run with root permissions, not with judith s permissions. The SetGID bit works the same way, except instead of applying the file s owner, it is applied to the file s group setting. To enable the SetUID bit or the SetGID bit, you need to use the chmod command. To make a program SetUID, prefix whatever permission value you are about to assign it with a 4. M. Eliazer 78

12 To make a program SetGID, prefix whatever permission you are about to assignit with a 2. For example, to make /bin/ls a SetUID program, you would use this command : # chmod 4755 /bin/ls Q1. Create user kiruba with user-id 555. # Q2. Create user keerthana with home directory /user/keerthan # Q3. Create user kisanu. The account must be expired on 31-Dec # Q4. Modify the user-id of kiruba as 777. # Q5. Remove the user keerthana from the system. # Q6. Create a group tiger with group-id 555. # Q7. Create a system group lion. # Q8. Remove the group lion from the system. # Q9. Set SUID for the file f1 in your directory. # Q10. Set SGID for the sub directory d1. # Verified by Staff In-charge Sign : Date : Ex. No. 13 PARTITION MANAGEMENT Date : FILE SYSTEM M. Eliazer 79

13 Although all the files in your Linux system are connected into one overall directory tree, parts of that tree may reside on different storage devices such as hard drives or CD-ROMs. Files on a particular storage device are organized into what is referred to as a file system. A file system is a formatted device, with its own tree of directories and files. Your Linux directory tree may encompass several file systems, each on different storage devices. On a hard drive with several partitions, you would have a file system for each partition. The files themselves are organized into one seamless tree of directories, beginning from the root directory. For example, if you attach a CD-ROM to your system, a pathname will lead directly from the root directory on your hard disk partition's file system to the files in the CD-ROM file system. A file system has its files organized into its own directory tree. You can think of this as a subtree that must be attached to the main directory tree. The tree remains separate from your system's directory tree until you specifically connect it. For example, a floppy disk with Linux files has its own tree of directories. You need to attach this subtree to the main tree on your hard drive partition. Until they are attached, you cannot access the files on your floppy disk. i-node The most fundamental building block of many Linux file systems is the i-node. An i-node is a control structure that points either to other i-nodes or to data blocks. The control information in the i-node includes the file s owner, permissions, size, time of last access, creation time, group ID, and so on. Popular Linux File system - ext3 and ReiserFS are the popular file systems used by many linux distributors - ext3 is an enhanced extension of ext2 - Journaling file system included in ext3 but the same is not in ext2 - Journaling file systems work by first creating an entry of sorts in a log (or journal) of changes that are about to be made before actually committing the changes to disk. Once this transaction has been committed to disk, the file system goes ahead and modifies the actual data or metadata. This results in an all-or-nothing situation; that is, either all or none of the file system changes get done. The /etc/fstab File As mentioned earlier, /etc/fstab is a configuration file that mount can use. This file contains a list of all partitions known to the system. During the boot process, this list is read and the items in it are automatically mounted with the options specified therein. Here s the format of entries in the /etc/fstab file: /dev/device /dir/to/mount fstype Parameters fs_freq fs_passno Following is a sample /etc/fstab file: /dev/volgroup00/logvol00 / ext3 defaults 1 1 LABEL=/boot /boot ext3 defaults 1 2 devpts /dev/pts Devpts gid=5,mode= tmpfs /dev/shm tmpfs defaults 0 0 M. Eliazer 80

14 /dev/volgroup00/logvol02 /home ext3 defaults 1 2 proc /proc proc defaults 0 0 sysfs /sys sysfs defaults 0 0 /dev/volgroup00/logvol03 /tmp ext3 defaults 1 2 /dev/volgroup00/logvol01 swap swap defaults 0 0 /dev/sr0 /media/cdrom auto user,noauto,exec 0 0 PARTITION CREATION Step 1: list the partitions # fdisk -l Step 2: create a partition # fdisk /dev/hda Command (m for help): n First cylinder ( ,default 3717): <ENTER> Last cylinder +sizem or +sizek ( , default 4865): +1000M Command (m for help): w Step 3: refresh the kernel partition table #partprobe Step 4: format the partition #mkfs.ext3 /dev/hda7 Step 5: create a mount point mkdir /data # mount /dev/hda7 /data Partition deletion Step 1: #fdisk /dev/hda Command (m for help): p.... Command (m for help): d Partition number (17): 7 Command (m for help): w Step 2: #partprobe LOGICAL VOLUME MANAGEMENT (LVM) For easier hard disk storage management, you can set up your system to use the Logical Volume Manager (LVM), creating LVM partitions that are organized into logical volumes to which free space is automatically allocated. Logical Volumes provide a more flexible and M. Eliazer 81

15 powerful way of dealing with disk storage, organizing physical partitions into logical volumes in which you can easily manage disk space. Disk storage for a logical volume is treated as one pool of memory, though the volume may in fact contain several hard disk partitions spread across different hard disks. Adding a new LVM partition merely increases the pool of storage accessible to the entire system. Following are some important volume management terms. Physical Volume (PV) : This typically refers to the physical hard disk Volume Group (VG) : Volume groups are used to house one or more physical volumes and logical volumes into a single administrative unit. VGs are simply a collection of PVs. Logical Volume (LV) : This perhaps is the trickiest LVM concept to grasp,because logical volumes (LVs) are the equivalent of disk partitions in a non-lvm world. LVs are created out of the space available in VGs. To the administrator, an LV appears as one contiguous partition independent of the actual PVs that make it up. Extents : There are two kinds of extents: physical extents and logical extents. Physical volumes (PVs) are said to be divided into chunks, or units of data, called physical extents. And logical volumes (LVs) are said to be divided into chunks, or units of data, called logical extents. The steps involved with creating a logical volume can be summarized this way: 1. Create a partition of the type Linux LVM. 2. Create physical volumes from the partition. 3. Assign the physical volumes to volume group. (Create volume group if not exists) 4. Create logical volumes within the volume group. 5. Create file system for the logical volume 6. Mount the logical volume to the new directory Logical Volume Creation Step 1: create 2 partitions #fdisk /dev/hda Command (m for help): p Command (m for help): n Command action e extended p primary partition(1-4) p Partition number (1-4) : 3 First cylinder ( ,default 2500): <ENTER> Last cylinder or +sizem or +sizek ( ,default 4865): +1000M Command (m for help): t Partition number (1-4) : 3 M. Eliazer 82

16 Hex code (Type L to list codes) : 8e Command (m for help): n Command action e extended p primary partition(1-4) p Partition number (1-4) : 4 First cylinder ( , default 2623): <ENTER> Last cylinder or +sizem or +sizek ( , default 4865): +500M Command (m for help): t Partition number (1-4) : 4 Hex code (Type L to list codes) : 8e Command (m for help): w #partprobe Step 2: convert the partitions into physical volume #pvcreate /dev/hda7 /dev/hda8 display pv information #pvdisplay /dev/hda7 /dev/hda8 Step 3: create volume group that hold 2 physical volumes #vgcreate vgsample /dev/hda7 /dev/hda8 display vg information #vgdisplay vgsample Step 4: create a logical volume #lvcreate n data L 700M vgsample display lv information #lvdisplay /dev/vgsample/data Step 5: format the logical volume #mkfs.ext3 /dev/vgsample/data Step 6: Mount logical volume to the directory #mkdir /data #mount /dev/vgsample/data /data M. Eliazer 83

17 Extend a Logical Volume Size Step 1: #umount /data #lvextend L +100M /dev/vgsample/data #lvdisplay /dev/vgsample/data Step 2: format only extended portition of lv that is 100MB #e2fsck f /dev/vgsample/data #resize2fs /dev/vgsample/data Reduce a Logical Volume Size #umount /data #lvreduce L 100M /dev/vgsample/data #lvdisplay /dev/vgsample/data Extend a Volume Group Step 1: create a partition using fdisk covert that partition into pv #pvcreate /dev/hda9 Step 2: add created partition into existing volume group #vgextend vgsample /dev/hda9 #vgdisplay Remove Logical volume #umount /dev/vgsample/data #lvremove /dev/vgsample/data Remove a Volume Group Before removing Volume Group, remove all lv in volume group #vgremove vgsample Remove Physical Volumes #pvremove /dev/hda7 /dev/hda8 /dev/hda9 Q1. Create a partition of size 200 MB and mount it with a new directory /test Q2. Create a volume group VG1 of size greater than 400 MB. Also create two logical volumes (namely LV1 and LV2) of size 200 MB each and mount them with the directories /data1 and /data2 respectively. M. Eliazer 84

18 Q3. Reduce the size of logical volume LV1 by 50 MB and extend the logical volume LV2 by 50MB. Q4. Extend the volume group VG1 with another physical volume. Q5. Delete all physical volumes that are used in the volume group VG1. Verified by Staff In-charge Sign : Date : Ex. No. 14 NETWORK CONFIGURATIONS Date : M. Eliazer 85

19 MODULES AND NETWORK INTERFACES Network driver has to be initialized and registered with kernel for accessing network card in Linux. Typically, Ethernet devices register themselves as being eth X, where X is the device number. The first Ethernet device is eth0, the second is eth1, and so on. Depending on how your kernel was compiled, the device drivers for your network interface cards may have been compiled as a module. If the driver is configured as a module and you have auto-loading modules set up, you will need to tell the kernel the mapping between device names and the module to load in the /etc/modprobe.conf file. For example, if your eth0 device is an Intel PRO/1000 card, you would add the following line to your /etc/modprobe.conf file: alias eth0 e1000 where e1000 is the name of the device driver. NETWORK CONFIGURATION Network configuration can be down as below. Method -1 : Using ifconfig program The ifconfig program is primarily responsible for setting up your network interface cards (NICs). The format of the ifconfig command is as follows: ifconfig device address options where device is the name of the Ethernet device (for instance, eth0), address is the IP address you wish to apply to the device, and options are one of the following: Option up down netmask address broadcast address Description Enables the device. This option is implicit. Disables the device. Sets the netmask to this interface to address. If a value is not supplied, ifconfig calculates the netmask from the class of the IP address. A class A address gets a netmask of , class B gets , and class C gets Sets the broadcast address to this interface to address. Example : To list the NIC configuration details : #ifconfig To set the eth0 device to the IP address : #ifconfig eth Because is a class C address, the calculated default netmask will be and the broadcast address will be If the IP address you are setting is a class A or class B address that is subnetted differently, you will need to explicitly set the broadcast and netmask addresses on the command line, like so: M. Eliazer 86

20 # ifconfig dev ip netmask nmask broadcast bcast where dev is the network device you are configuring, ip is the IP address you are setting it to, nmask is the netmask, and bcast is the broadcast address. For example, the following will set the eth0 device to the IP address with a netmask of and a broadcast address of : # ifconfig eth netmask broadcast Method-2 : Setting up NIC at Boot time - It is done through the creation of files in the /etc/sysconfig/network-scripts directory that are read at boot time. - For each network interface, there is an ifcfg file in /etc/sysconfig/networkscripts. This filename is suffixed by the name of the device; thus, ifcfg-eth0 is for the eth0 device, ifcfgeth1 is for the eth1 device, and so on. - If you choose to use a static IP address at installation time, the format for the interface configuration file for eth0 will be as follows: DEVICE=eth0 ONBOOT=yes BOOTPROTO=none NETMASK= IPADDR= GATEWAY= TYPE=Ethernet HWADDR=00:0c:29:ac:5b:cd - If you choose to use Dynamic Host Configuration Protocol (DHCP) at installation time, your file will look as follows: DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes TYPE=Ethernet HWADDR=00:0c:29:ac:5b:cd - To change the configuration information for this device, simply change the information in the ifcfg file, and restart network configuration scripts as follows: #./ifdown eth0 #./ifup eth0 MANAGING ROUTES If your host is connected to a network with multiple subnets, you need a router or gateway. This device sits between networks and redirects packets toward their actual destination. In the case where a host doesn t even have the first clue about where to send a M. Eliazer 87

21 packet, it uses its default route. This path points to a router, which ideally does have an idea of where the packet should go, or at least knows of another router that can make smarter decisions. Following route command is used to add or delete route. # route cmd type addy netmask mask gw gway dev dn Parameter cmd type addy netmask mask gw gway dev dn Description Either add or del, depending on whether you are adding or deleting a route. If you are deleting a route, the only other parameter you need is addy. Either -net or -host, depending on whether addy represents a network address or a router address. The destination network to which you want to offer a route. Sets the netmask of the addy address to mask. Sets the router address for addy to gway. Typically used for the default route. Sends all packets destined to addy through the network device dn as set by ifconfig. Examples To set the default route on a sample host, which has a single Ethernet device and a default gateway at : # route add -net default gw dev eth0 To sets up a host route so that all packets destined for the remote host are sent through the first PPP device: # route add -host netmask dev ppp0 To delete the route destined for : # route del Displaying Routes There are several ways with which you can display your route table: 1. route Using route is one of the easiest ways to display your route table. 2. netstat Normally, the netstat program is used to display the status of all of the network connections on a host. However, with the -r option, it can also display the kernel routing table. 3. ip route As previously mentioned, the iproute package provides advanced IP routing and network device configuration tools. Linux-based system can actually maintain and use M. Eliazer 88

22 several routing tables at the same time. The previous route command that we saw was actually only displaying and managing only one of the default routing tables on the system, i.e., the main table. For example, to view the contents of table main (as displayed by the route command), you would type # ip route show table main To view the contents of all the routing tables on the system, type # ip route show table all Q1. Using ifconfig utility, configure the network card with static IP address Q2. Disable the NIC configuration and edit the network configuration file to configure NIC with dynamic IP. Finally enable NIC configuration. Q3. Set the default route on a sample host, which has a single Ethernet device and a default gateway at Q4. Delete the route destined for Q5. Display all routing tables in the system. Verified by Staff In-charge Sign : Date : Ex. No. 15 FIREWALL Date : M. Eliazer 89

23 NETFILTER Netfilter provide a simple means of making decisions on how a packet should flow. Netfilter is configured by a tool called iptables. The iptables tool makes it easy to list, add, and remove rules as necessary from the system. Netfilter infrastructure can be classified into several types of operations (tables): network address translation (NAT),mangle, raw, and filter. The NAT table is responsible for handling network address translation, that is, making or changing IP addresses to a particular source or destination IP address. The most common use for this is to allow multiple systems to access another network from a single IP address. The mangle table is responsible for altering or marking packets. The raw table is used for configuring exemptions from connection tracking. The rules specified in the raw table operate at a higher priority than the rules in other tables. Finally, the filter table is responsible for providing basic packet filtering. This can be used to selectively allow or block traffic according to whatever rules you apply to the system. NAT NAT can be broken down into three categories: Source NAT (SNAT), Destination NAT(DNAT), and Masquerading. SNAT is responsible for changing what the source IP address and port are so that a packet appears to be coming from an administrator-defined IP. This is most commonly used in the case where a private network needs to use an externally visible IP address. DNAT is responsible for changing the destination IP address and port so that a packet is redirected to another IP address. This is useful for situations where administrators wish to hide servers in a private network. Masquerading is simply a special case of SNAT. This is useful in situations where there are multiple systems inside of a private network that need to share a single dynamically assigned IP address to the outside world. Masquerading will make all of the packets appear as if they have originated from the NAT device s IP address. IP CHAINS For each table, there exists a series of chains that a packet goes through. A chain is simply a list of rules that act on a packet flowing through the system. There are five predefined chains in Netfilter: PREROUTING, FORWARD, POSTROUTING, INPUT, and OUTPUT. Each of the predefined chains can invoke rules that are in one of the predefined tables (NAT, mangle, or filter). Not all chains can invoke any rule in any table; each chain can only invoke rules in a defined list of tables. Following figure shows the relationship between various chains of Netfilter. M. Eliazer 90

24 PREROUTING chain is the first thing a packet hits when entering the system. FORWARD chain is invoked only in the case when IP forwarding is enabled and the packet is destined for a system other than the host itself INPUT chain is invoked only when a packet is destined for the host itself OUTPUT chain is invoked when packets are sent from applications running on the host itself. POSTROUTING chain is used to alter source IP address for the purposes of Source NAT. Following table represents the relationship between the tables and each IP chain. CONFIGURING NETFILTER M. Eliazer 91

25 To list the rules defined in the system # iptables L To save the netfilter configuration # iptables save The iptables Command Syntax : #iptables -t TableName commands rules-spec action - Table name can be Filter, NAT or Mangle Commands Option Function -A chain Appends a rule to a chain. -D chain [ rulenum] Deletes matching rules from a chain. Deletes rule rulenum (1 = first) from chain. -I chain [rulenum] Inserts in chain as rulenum (default 1 = first). -R chain rulenum Replaces rule rulenum (1 = first) in chain. -L [chain] Lists the rules in chain or all chains. -E [chain] Renames a chain. -F [chain] Deletes (flushes) all rules in chain or all chains. -R chain Replaces a rule; rules are numbered from 1. -Z [chain] Zero counters in chain or all chains. -N chain Creates a new user-defined chain. -X chain Deletes a user-defined chain. -P chain target Changes policy on chain to target. Rules Specifications Option Function -p proto Specifies a protocol, such as TCP, UDP, ICMP, or ALL. -s address Source address to match. - -sport port Source port specification. You can specify a range of ports using the colon, port:port. -d address Destination address to match. - -dport port Destination port specification. M. Eliazer 92

26 Option Function -i Specifies an input network interface -o Specifies an output network interface -j target Specifies the target for a rule (specify [port] for REDIRECT target). -n Numeric output of addresses and ports, used with -L. -t table Specifies a table to use, as in -t nat for the NAT table. -v Verbose mode, shows rule details, used with -L. -x Expands numbers (displays exact values), used with -L.! Negates an option or address. Actions Action ACCEPT DROP REJECT QUEUE RETURN Function Allow packet to pass through the firewall. Deny access by the packet. Deny access and notify the sender. Send packets to user space. Jump to the end of the chain and let the default target process it. Q1. Accept all packets except those from the IP address Q2. Accepts messages coming in that are from any host in the network and that are going anywhere at all. (the -d option is left out or could be written as -d 0/0) Q3. Accept all packets destined to TCP port 80 on the INPUT chain. Q4. Drop all packets from the /16 network. M. Eliazer 93

27 Q5. Allow all packets going through the FORWARD chain that are destined for the /24 network. Q6. Accept any packets coming in from eth0 and going out to eth1. Q7. Drop any IP fragments coming in on the INPUT chain. Q8. Save the rules that are added. Q9. List the rules along with rule number. Q10. Remove all the rules from filter table. Verified by Staff In-charge Sign : Date : M. Eliazer 94

28 Ex. No. 16 CONFIGURING DNS Date : Domain Name Service Use to resolve IP address and hostname The /etc/hosts file keeps its information in a simple tabular format in a plain-text file. The IP address is in the first column, and all the related hostnames are in the second column. The third column is typically used to store the short version of the hostname. Only white space separates the fields How DNS Works The DNS structure is like that of an inverted tree (upside-down tree); this, therefore, means that the root of the tree is at the top and its leaves and branches are at the bottom. At the top of the inverted domain tree is the highest level of the DNS structure, called the root domain and represented by the simple dot (.). ex. mail.yahoo.com.. root domain com top level domain yahoo second level domain mail third level domain The in-addr.arpa Domain DNS allows resolution to work in both directions. Forward resolution converts names into IP addresses, and reverse resolution converts IP addresses back into hostnames. The process of reverse resolution relies on the in-addr.arpa domain, where arpa is an acronym for Address Routing and Parameters Area. Types of Servers a) Primary servers are the ones considered authoritative for a particular domain. An authoritative server is the one on which the domain s configuration files reside. b) Secondary servers work as backups and as load distributors for the primary name servers. c) Caching servers contains no configuration files for any particular domain. Rather, when a client host requests a caching server to resolve a name, that server will check its own local cache first. If it cannot find a match, it will find the primary server and ask it. DNS Record Types DNS database files consists of records. Different types of DNS records are listed below. 1. SOA: Start of Authority The SOA record starts the description of a site s DNS entries. The format of this entry is as follows: 1) domain.name. IN SOA ns.domain.name. hostmaster.domain.name. ( 2) ; serial number 3) ; refresh rate in seconds (3 hours) 4) 1800 ; retry in seconds (30 minutes) 5) ; expire in seconds (2 weeks) 6) ; minimum in seconds (1 week) 7) ) M. Eliazer 95

29 2. NS: Name Server The NS record is used for specifying which name servers maintain records for this zone. The format of this record is as follows : IN NS ns1.domain.name. 3. A: Address Record The A record is used to provide a mapping from hostname to IP address. The format of an A address is : Host_name IN A IP-Address 4. PTR: Pointer Record The PTR record is for performing reverse name resolution, thereby allowing someone to specify an IP address and determine the corresponding hostname. The format for this record is similar to the A record, except with the values reversed: IP-Address IN PTR Host_name 5. MX: Mail Exchanger The MX record is in charge of telling other sites about your zone s mail server. The format of the MX record is as follows: domainname. IN MX weight Host_name 6. CNAME: Canonical Name CNAME records allow you to create aliases for hostnames. A CNAME record can be regarded as an alias. DNS Tools a) host : allows you to resolve hostnames into IP addresses b) dig : tool for gathering information about DNS servers c) nslookup : used to query our local name server for information about a host d) whois : used for determining ownership of a domain e) nsupdate : used to submit Dynamic DNS update requests to a DNS server f) rndc : remote name daemon control used for controlling the name server and also debugging problems with the name server. M. Eliazer 96

30 DNS Configuration Server side Step 1: Install the packages #yum install bind bind-chroot bind-utils Step 2: create dns configuration file in /var/named/chroot #vi /var/named/chroot/etc/named.conf options { directory /var/named ; }; zone leena.com { type master; file leena.com.db ; }; zone inaddr.arpa { type master; file db ; }; Step 3: check Syntax of configuration file #namedcheckconf t /var/named/chroot Step 4: create orward lookup zone file under /var/named/chroot #vi /var/named/chroot/var/named/leena.com.db $TTL IN SOA system1.leena.com. root@system1.leena.com. ( 1 ;serial no 10M ;slave refresh interval 10M ;slave retry interval 1W ;expire IN NS IN A system1 IN A sys1 IN A sys2 IN A D) ;Minimum ttl Step 5: check syntax of forward lookup zone file #namedcheckzone leena.com. /var/named/chroot/var/named/leena.com.db M. Eliazer 97

31 Step 6: create reverse lookup zone file under /var/named/chroot #vi /var/named/chroot/var/named/leena.com.db $TTL INADDR.ARPA. IN SOA system1.leena.com. ( 1 ;serial no 10M ;slave refresh interval 10M ;slave retry interval 1W ;expire interval 1D) ;Minimum IN NS system1.leena.com INADDR.ARPA. IN PTR system1.leena.com. 1 IN PTR sys1.leena.com. 2 IN PTR sys2.leena.com. Step 7: check syntax of reverse lookup zone file #namedcheckzone leena.com. /var/named/chroot/var/named/ db Step 8: add the following dns server entry in the file /etc/resolv.conf search leena.com nameserver Step 9: start the named service and load records #chkconfig named on #service named start #rndc reload Step 10: check the dns resolvation Client Side: #nslookup leena.com;nslookup Step 1: add dns server entry in /etc/resolv.conf search leena.com nameserver Step 2: check the dns resolvation #nslookup leena.com;nslookup M. Eliazer 98

32 Verified by Staff In-charge Sign : Date : Ex. No. 17 CONFIGURING FTP and HTTP Date : FILE TRANSFER PROTOCOL (FTP) Service : vsftpd Ports : data port(20), control port(21) Configuration files : /etc/vsftpd/vsftpd.conf Two modes of operation Active mode In this mode, the client connects from an ephemeral port (number greater than 1024) to the FTP server s command port (port 21). When the client is ready to transfer data, the server opens a connection from its data port (port 20) to the Internet Protocol (IP) address and M. Eliazer 99

33 ephemeral port combination provided by the client. The key here is that the client does not make the actual data connection to the server but instead informs the server of its own port by issuing the PORT command; the server then connects back to the specified port. Passive mode The FTP client issues the PASV command to indicate that it wants to access data in the passive mode, and the server then responds with an IP address and an ephemeral port number on itself to which the client can connect in order to do the data transfer. The PASV command issued by the client tells the server to listen on a data port that is not its normal data port (i.e., port 20) and to wait for a connection rather than initiate one. The key difference here is that it is the client that initiates the connection to the port and IP address provided by the server. FTP Configuration Server(ip )Side Step 1: install ftp package #yum install vsftpd Step 2: restart the service #chkconfig vsftpd on #service vsftpd restart Client Side Step 3: User login [root@sys5 ~]# lftp u priya Password: lftp priya@ :~> << use ftp commands here >> Guest login [root@sys5 ~]# lftp lftp :~> Ftp Commands ls list files pwd to see the present working directory bye to quit get filename to get a file from ftp server put filename to transfer a file to ftp server mget / mput to transfer multiple files Deny users login via the ftp Server Side Step 1: edit the configuration file #vi /etc/vsftpd/vsftpd.conf M. Eliazer 100

34 userlist_enable=yes Step 2: add the user entry in user_list file #vi /etc/vsftpd/user_list priya Step 3: restart the ftp service #service vsftpd restart Client Side Step 4: ~]# lftp u priya lftp priya@ :~> ls Login failed lftp priya@ :/> Deny users login via the ftp (another way) Server Side Step 1: add the user entry in ftpusers file #vi /etc/vsftpd/ftpusers priya Step 2: restart the ftp service #service vsftpd restart Client Side Step 3: root@sys5 ~]# lftp u priya lftp priya@ :~> ls Login failed lftp priya@ :/> HTTP SERVER Apache is free software released under the Apache license. It provides web service. It uses HTTP protocol. HTTP (the Hypertext Transfer Protocol) is, of course, a significant portion of the foundation for the World Wide Web, and Apache is the server implementation of the HTTP protocol. Browsers such as Firefox, Opera, and Microsoft Internet Explorer are client implementations of HTTP. VirtualHost One of the most-used features of Apache is its ability to support virtual hosts. This makes it possible for a single web server to host multiple web sites as if each site had its own dedicated hardware. It works by allowing the web server to provide different, autonomous content, based on the hostname, port number, or IP address that is being requested by the client. M. Eliazer 101

35 HTTP Configuration Server Side Step 1: Configure dns Step 2: Install http packages #yum install httpd Step 3: Create html file #vi /var/www/html/main.html <html> <head><title>sample Web Page</title></head> <body> <font size= 40 color= FF0000 > <marquee>this is Home Page of Leena.com</marquee> </font> </body> </html> Step 4: Add html page to http configuration file #vi /etc/httpd/conf/httpd.conf Directory Index main.html index.html index.html.var Step 5: restart the http service #chkconfig httpd on #service httpd restart Client Side Step 6: add dns entries in /etc/resolv.conf #vi /etc/resolv.conf search leena.com nameserver Step 6: open firefox and type the following url in address bar M. Eliazer 102

36 Apache virtual hosting configuration Server Side Step 1: add host the entries in dns #cat>>/var/named/chroot/var/named/leena.com.db www IN CNAME system1.leena.com mail IN CNAME system1.leena.com <control+d> reload the dns entries #rndc reload Step 2: Install http packages #yum install httpd Step 3: Create html files #vi /var/www/html/main.html <html> <head><title>sample Web Page</title></head> <body><font size= 40 color= FF0000 > <marquee>this is Home Page of Leena.com</marquee> </font></body></html> #mkdir /var/www/mail #vi /var/www/mail/mail.html <html> <head><title>sample Web Page</title></head> <body><font size= 40 color= 00FF00 > <marquee>welcome Mail Page of Leena.com</marquee> </font></body></html> Step 4: Add html page to http configuration file #vi /etc/httpd/conf/httpd.conf Directory Index mail.html main.html index.html index.html.var NameVirtualHost :80 <VirtualHost :80> Servername DocumentRoot /var/www/html </VirtualHost> <VirtualHost :80> Servername mail.leena.com. M. Eliazer 103