Transcript Unit - 2

Unit - 2
System
Configuration
Files
/etc
• Most of the system configuration files are
found in /etc.
• The system configuration files can be used to
modify configuration.
• File permissions in this directory is set by root
user and most of the files are owned by the
root user.
• /etc directory is the most usable directory to
the root user after his own home directory.
Files in /etc
• /etc/grub/grub.conf – grub configuration file.
• /etc/shadow – contains sensitive information
like user passwords in hash form.
• /etc/sysconfig – system configuration files
• /etc/sysconfig/network-scripts/ -- network
configuration files
Shell Configuration scripts
•
•
•
•
•
•
•
•
•
Shell configuration scripts are in /etc.
They determine :
1. default environment setting scripts
2. script containing functions
Following are major shell configuration scripts:
1. bashrc – read by shell BASH
2. csh.cshrc – read by TCSH
3. zshrc - read by ZSH
These files determine settings and behavior of
the shell on the system
•
•
•
•
•
•
•
•
•
/etc/profile is the file read by most of the shells.
Bash reads profile of bash_profile
Zsh reads zprofile or profile
/etc/profile is the file to set paths and environment
variables.
System profile can also save the number of user
commands in history file.
The line in file looks as
HISTSIZE = 1000
The above line can be edited
HISTSIZE = 500
Files of BASH shell
•
•
•
•
•
/etc/profile
/etc/profile.d~/
/.bashprofile/
~/.bash_login
~/.profile
Files by tcsh shell
•
•
•
•
•
•
/etc/csh.cshrc
/etc/csh.login
~/.tcshrc
~/.history
~/.login
~/.cshdirs
Files by zsh shell
•
•
•
•
•
•
•
/etc/zshenv
~/.zshenv
/etc/zprofile
~/.zprofile
/etc/zshrc
~/.zshrc
/etc/zlogin
• ~/. Indicates that the configuration files are in
user’s home directory.
System Configuration
Files For Environmental
Settings
/etc/motd
• motd is a plain text file which can be edited through any
text editor.
• It is used to display message to the user when they login.
• If the file is not existing /etc directory, it can be easily
created.
• It’s a good place to communicate messages about system
downtime and other things that users should be aware of.
• The file is used to display some greeting to the users.
• motd contains message like :
• Welcome to RedHat Enterprise Linux System
• This system is monitored. Unauthorized use prohibited.
• System will go a halt hence keep saving your work.
/etc/issue
• Content of this file is displayed as a prelogin banner on your
terminal.
• By default, this file tells which version of Red Hat is running
on the system along with the version of kernel.
• # cat /etc/issue
• Red Hat Linux Server Release 6.0(Santiago)
• Kernel \r or \m
• \r been replaced by kernel version \m as machine hardware
name
• Red Hat Linux Server Release 6.0(Santiago)
• Any changes made in this file needs machine to be
rebooted for effect.
/etc/issue.net
• This file usually contains same thing as /etc/issue.
• Content in file is shown when an attempt is made
to telnet into system.
• Security messages and warnings such as “You are
being monitored. Unauthorized access is
prohibited.” is shown to the people connected via
Internet.
• Prevents intruders into your system.
• Any changes made in this file needs the system to
be rebooted.
/etc/aliases
• Primary purpose of this file is to redirect root’s mail to
some local user’s account.
• By default, it contains many system account aliases eg. bin,
daemon etc.
• Mails from this general system accounts are sent to root’s
mailbox.
• It is used to send all the root’s mail to the user who
commonly acts as root.
• For eg. To redirect root’s mail to the john’s account, make
the following changes :
• root : john
• root : [email protected]
/etc/fstab
• Important file for disk management and when to
mount a new partition.
• fstab contains information about file systems,
partition, mount point, location on hard disk etc.
• The information of this file is read using commands like
mount, fsck, unmount etc.
• fsck checks all the partitions in this file at the time of
booting.
• It then fixes corrupted file systems, usually because
they are were not mounted properly when system
crashed or power failure.
• The line is this file contains six fields :
• 1. file system (partition) : e.g.. /dev/sda1
• 2. mount point : directory which access the data
partition e.g.. /boot
• 3. file system type : e.g.. Ext3
• 4. Default parameters : mount option
• 5. dump information : either 0 or 1 to decide
system backup
• 6. fsck : either 0 or 1 decide file system check to
be done at time of booting or not.
/etc/grub.conf
• Original path :
• /etc/grub/grub.conf
• Assignment
cron files
• cron is a daemon responsible for executing commands
as per schedule(min, hr, month) that is defined by user
in the system configuration file.
• It wakes up every minute to inspect all the cron files to
determine what commands are required to be
executed at the particular time.
• All the cron files can be used by the both system
administrator and the users to decide what programs
to run and when and how oftenly to run.
• Local user’s crontab files are stored in /var/spool/cron/
• System cron files are stored in the following
subdirectories of /etc
• cron.d
• cron.daily
• cron.hourly
• cron.monthly
• cron.monthly
• cron.weekly
/etc/syslog.conf
• Logs several events.
• Logs are stored in file on local machine or sent to
remote server for security.
• Daemon is also capable to accept logs from remote
machine.
• Logs which are of critical severity are stored on
/var/log/ messages file.
• Different types of logs are stored in different files so
that they can be searched easily.
• Any mail, news, private authentication and cron
messages should be stored in their respective log files.
• /var/log/secure – contains authentication
privilege messages of sensitive information.
This file is only accessed by root user.
• /var/log/maillog – mail messages logged
• /var/log/cron – cron messages logged
• All the default files are default read by the
root user.
• mail.* - /var/log/maillog
• ftp.*
- /var/log/ftp
• httpd.* - /var/log/httpd
/etc/logrotate.conf
• Rotating logs delete older log files and
replacing them with the recent ones.
• Logrotate helps periodically rotate, compress,
remove your log files thereby cleaning and
maintaining memory.
• Log files are rotated on timely basis . i.e. daily,
weekly or monthly
•
•
•
•
•
•
•
The logrotate.conf file is as follows :
# rotate log files weekly
Weekly
# keep 4 weeks worth of backlogs
Rotate 4
#create new log files after rotating old ones
create
/etc/ld.so.conf
• Files has list of directories that contains
shared libraries.
• This file is used by dynamic linker runtime
bindings.
How to setup IP address
• To set the IP address on Ethernet interface
eth0, edit the /etc/sysconfig/networkscripts/ifcfg-eth0 file.
• [root#] vi /etc/sysconfig/network-scripts/ifcfgeth0
•
•
•
•
•
•
DEVICE = eth0
BOOTPROTO = static
IPADDR = 192.168.166.0
NETMASK = 255.255.255.0
ONBOOT = yes
Because BOOTPROTO = static it means IP addresses are
given manually.
• To change the IP Address and make it 192.168.166.12
• Edit the following line :
• IPADDR = 192.168.166.12
How to setup hostname
•
•
•
•
•
•
•
•
•
•
•
1. open the file
[root#] vi /etc/sysconfig/network
Hostname = localhost.localdomain
Networking = yes
To set the hostname tyit
Edit as follows :
Hostname = tyit
After changes reboot the system
And then use the following command :
[root#] hostname
tyit
How to setup DNS Name resolution
• Different hostnames are mapped to IP
addresses with the help of DNS servers.
• To resolve the hostname to IP, programs needs
to read the file /etc/resolv.conf
• [root#] vi /etc/resolv.conf
• Nameserver 192.168.166.7
• Tyit.com 192.168.166.7
Making a local file hostname to IP
addresses
• Linux machine is itself capable to store a list of
hostnames along with their corresponding IP
addresses in a local file on system /etc/hosts
• [root#] vi /etc/hosts
• 192.168.144.60 tyit.university.com tyit ty
• IP address hostname alias
/etc/sysconfig
•
•
•
•
1. static-routes
It helps to set static routes on Linux system.
The file for static routes is
/etc/sysconfig/static-routes
•
•
•
•
•
•
•
2. iptables
Standard Red Hat Linux firewall.
Implements ipchains as rules for firewall filtering.
File is /etc/sysconfig/iptables
Lines in file :
A INPUT –p tcp –dport 80 –p tcp -j ACCEPT
This line means it allows tcp requests for port
number 80 which is port for HTTP.
/etc/sysconfig/network-scripts
• 1. ifcfg-networkinterfacename
• For ethernet the network interface name is
eth0 and hence the file will be :
• /etc/sysconfig/network-scripts/ifcfg-eth0
• For loopback device the network interface
name is lo and hence the file will be :
• /etc/sysconfig/network-scripts/ifcfg-lo
•
•
•
•
•
2. ifup and ifdown
To bring the ethernet device up :
[root#] ifup eth0
To bring the ethernet device down :
[root#] ifdown eth0
Managing init scripts
• Managing rc scripts by hand
• To change the services that are started by the default
runlevel the scripts in /etc/rc3.d or /etc/rc5.d can be
edited.
• These directories has files either staring with K or S.
• The files that start with S are startup files and the files that
start with K are kill files.
• When the system starts it runs the scripts in the directory
of that the particular runlevel.
• For eg. If the system started in runlevel 5 it runs the scripts
in /etc/rc5.d
• When the system shuts down the corresponding K or kill
scripts are run to shut down the system from rc directory.
• Managing rc scripts using chkconfig
• Chkconfig utility helps the system
administrator to manage rc scripts .
• chkconfig –list sows all services and whether
they are stopped or started at each runlevel.
• [root#]chkconfig –list sshd
• sshd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
• To turn off or on a service at a particular
runlevel the syntax is :
• Chkconfig –level[0-6] servicename
off|on|reset
• [root#] chkconfig –level 2 nfs off
• To start apache service on all the runlevels,
• [root#] chnconfig httpd on
/etc/sysconfig directories
• 1. /etc/sysconfig/authconfig
• Provides settings for authorization to be
followed on the host.
• USE <servicename>=<value>
• USE MD5 = yes
• Use md5 for authnetication
/etc/sysconfig/il8n
• Use to setup default language
• LANG = “en_us”
/etc/chkconfig/firtsboot
• Very first scrip to be called by /sbininit
program when the system boot.
/etc/sysconfig/grub
• This file pass arguments to GRUB at time of
booting.
• Most important information is passed to grub
is that from where the OS is to be booted.
/etc/sysconfig/hardisks
•
•
•
•
File has configuration to tune hard drive :
Few lines are :
LOOKAHEAD= 1 : on the read head
MULTIPLE_IO = 16
/etc/sysconfig/crond
• Conf file for cron daemon
/etc/sysconfig/desktop
•
•
•
•
Determines desktop as KDE or GNOME
Used by /etc/XI/xinit/Xclients
Following line :
DESKTOP = “GNOME”
/etc/sysconfig/kernel
• Defines the default kernel.
• Uses the date program
/etc/sysconfig/named
• Daemon form DNS that implement the BIND
package.
• ROOTDIR =“filepath”
/etc/sysconfig/kudzu
• Configuration for safe probe of system
hardware at time of booting.
• SAFE = value
• Value can be yes or no
• If yes kudzu does a safe probe.
• If no kudzu does a normal probe.
/etc/sysconfig/mouse
•
•
•
•
•
•
•
•
File is used by /etc/init.d/gpm
Lines are :
FULLNAME = “name of mouse”
DEVICE =mouse
XEMU3 = yes/no
Yes - mouse will work 2 buttons
No-mouse has 3 buttons
MOUSETYPE = value (logitech, iball etc.)
/etc/sysconfig/netdump
• Configuration file for system service netdump.
/etc/sysconfig/irda
•
•
•
•
•
Configuration file for infrared devices.
DEVICE = value
DONGLE = value, specifies dongle used.
DISCOVERY = yes/no
Checks enabled mode
/etc/sysconfig/keyboard
•
•
•
•
Controls keyboard configuration.
KEYBOARD TYPE = sun/pc
KEYTABLE = file (us)
Will understand the keyboard layout from key
table file.
/etc/sysconfig/iptables
• Firewall using GUI
• App – system settings – security level
/etc/sysconfig/init
•
•
•
•
•
•
•
•
•
BOOTUP = value
BOOTUP = verbose/color
verbose - old style display
color – specifies standard color
RES_COL = value (60) specifies number of
columns on screen.
Log_level
Setcolor_success = value
Setcolor_failure = value
Setcolor_normal = value
/etc/sysconfig/hwconf
•
•
•
•
File have :
Drivers used
Vendor ID
Device ID
/etc/sysconfig/apmd
• File is used by apmd and has setup to start,
stop or modify.
• APM(advanced power management) is a
daemon that has power management code.
• It is one who alert for low battery.
• File provides information to daemon apmd
during system startup.
/etc/sysconfig/clock
• has setup for system clock.
• File has following lines :
• UTC = true; sets hardware clock to universal
time.
• Zone = “filename”
• Will identify local file from /etc/localtime
/etc/sysconfig/network
• file for hostname
• Hostname = value
• Networking = yes/no
/etc/sysconfig/samba
• File passes parameters to smbd daemon.
• Smbd- provides cross-platform connectivity
for sharing files between windows and linux.
/etc/sysconfig/sendmail
• File has setup that allows messages to sent to
multiple servers.
• Sendmail daemon checks queue value every
hour
• QUEUE = 1h
• Daemon = yes/no
• Yes – sendmail configured on port 25
• No – sendmail not configured on port 25
/etc/sysconfig/vncservers
• File has configuration for VNC (Virtual
Network Computing).
• VNC is a kind of remote display system that
allows to view desktop across anywhere in the
network.
• communication with the server is
unencrypted.
• Hence its usage on untrusted network should
be avoided
/etc/sysconfig/xinetd
• File passes arguments to xinetd daemon at the
time of booting.
/etc/sysconfig/ntpd
• File passes parameters to ntpd daemon at the
time of booting.
• Responsibility of this daemon is to keep clock
synchronized using timer server.
• Implements NTPv4
/etc/sysconfig/pcmcia
• PCMCIA = value (yes/no)
• Used for sockets.
/etc/sysconfig/selinux
•
•
•
•
Control the setup of linux inbuilt firewall.
Selinux = permissive
Selinux = disabled
Selinux = enabled
TCP/IP
• Transmission Control Protocol/Internet Protocol and
belongs to the family of protocols used for computer
communications.
• TCP and IP are two separate protocols in TCP/IP protocol
suite.
• It also includes
• 1. Address Resolution Protocol(ARP)
• 2.Domain Name System(DNS)
• 3.Internet Control Messaging Protocol(ICMP)
• 4.User Datagram Protocol(UDP)
• 5.Routing Information Protocol(RIP)
• 6.Simple Mail Transfer Protocol(SMTP)
• Each device connected in the network must have
an address to be able to send and receive
information. The device address consists of two
parts :
• 1. the address of the network to which the device
is connected.
• 2. address of the device
• IP address are assigned to the device and MAC
address is the built in into the Ethernet card given
by the manufacturer.
• Data is transferred by breaking it into small pieces called as
data packets(datagrams).
• There are two reasons for this :
• 1. Sharing resources : when two computers are sharing
large data, the communication line will remain busy for
along time. Hence data is broken into packets and sent
individually thereby allowing all others to use the resource.
• 2. Error Correction : to avoid data from corruption,
checksum code is send with the data. On the other hand
receiving device compares the checksum with its total data
reecived.it two are equal data is correct else not.
Network Classes
• IP addresses are 4 bytes long and written in dotted decimal
notation.
• The decimal numbers should be in the range of 0 to 255.
• Each IPv4 address consists of 4 parts.
• Each part will have 1 byte.
• Depending on the value of first byte IP Address are divided into
classes.
• Class A 0 – 127
• Class B 128 – 191
• Class C 192 – 233
– Assigned network numbers are maintained in a database managed in
InterNIC(Network Interface Card) to ensure that each assignment is
unique.
• For data transfer to happen, ARP maps IP
address to the Ethernet address device.
• To enable data transfer between two different
networks, routers are used. These routers are
default gateways.
• The router has an internal program, called a
routing table which it uses to send data to a
host or another program.
Setting up NIC(Network Interface Card)
• 1. Configuring Network Card
• ifconfig command configures the network card
referencing to the Ethernet device ‘eth0’.
• We need to provide IP address, netmask and
broadcast addresses to ifconfig.
Network Class
Netmask
Network
Addresses
A
255.0.0.0
10.0.0.0
10.255.255.255
B
255.255.0.0
172.16.0.0
172.31.255.255
C
255.255.255.0
192.168.0.0
192.168.255.255
• The NIC is detected and configured during
system installation.
• To configure the Ethernet device for an
internal network, following command is
executed :
• [root#] ifconfig eth0 192.168.166.5
netmask 255.255.255.0
broadcast 192.168.166.255
• 2. Configure an Internal network
• To configure an internal network, following
files in /etc directory needs to be configured :
• /etc/nsswitch.conf
• /etc/hosts
• /etc/resov.conf
• /etc/sysconfig/network
•
•
•
•
•
•
•
•
•
•
•
•
/etc/nsswitch.conf
Hosts : files dns
Looks into /etc/hosts file and then dns server
/etc/hosts
192.168.166.6 fyit.com
fyit
192.168.166.7 syit.com
syit
192.168.166.8 tyit.com
tyit
/etc/resolv.conf
Contains IP addresses of DNS servers
/etc/sysconfig/network
Hostname = value
Networking = yes/no
IPv4 addresses
• 1. different formats : dotted decimal and binary
• IP address consists of 4 bytes(32 bits). These
results in large numbers of IP address and they
can be represented in decimal notation to make it
simplify to read : dotted quad format.
• Each of the four groups of numbers can range
from 0 to 255.
• The binary notation of 192.168.1.1 is
• _____________________________
• 2. classes in both the formats
• Class A IP network numbers use left quad to
identify the network, leaving the three quads to
identify the host interfaces on the network.
• Class B IP network numbers use left two quads to
identify the network, leaving the two quads to
identify the host interfaces on the network.
• Class A IP network numbers use left three quads
to identify the network, leaving the one quad to
identify the host interfaces on the network.
•
•
•
•
•
3. Interpretation of IP addresses
For class C
192.168.3.0 class C network address
192.168.3.42 class C host address
192.168.3.234 broadcast address
Subnet
•
•
•
•
•
•
•
The subnet masks for classes are :
Class C
11111111 11111111 11111111 00000000
Class B
11111111 11111111 00000000 00000000
Class A
11111111 00000000 00000000 00000000
• A subnet enables you to use one IP address
and split it up so that it can be used on several
physically connected local network.
• You can have multiple subnetted networks
connected to the outside world with just one
IP address.
• Subnetting also enables increased security by
seperating traffic into local networks.
Subnetting the network
• Subnetworking takes one or more available host
bits and makes them appear as network bits to
local interfaces.
• If we want to divide Class C network into two
subnetworks then change the first bit to one , so
the netmask will be :
• 11111111 11111111 11111111 10000000
• 255.255.255.128
• With this subnet 126 possible IP addresses can be
created
•
•
•
•
•
For 4 subnet : _______
For 8 subnet : _______
For 16 subnet : ________
For 32 subnet : _______
For 64 subnet : _________
Classless Inter Domain Routing
• CIDR (Classless Inter-Domain Routing, sometimes called
supernetting) is a way to allow more flexible allocation of
Internet Protocol (IP) addresses than was possible with the
original system of IP address classes. As a result, the
number of available Internet addresses was greatly
increased,
• To illustrate the problems with the class system, consider
that one of the most commonly used classes was Class B.
An organization that needed more than 254 host machines
would often get a Class B license, even though it would
have far fewer than 65,534 hosts. This resulted in most of
the block of addresses allocated going unused.
• The inflexibility of the class system accelerated
IPv4 address pool exhaustion. With IPv6,
addresses grow to 128 bits, greatly expanding
the number of possible addresses on the
Internet. The transition to IPv6 is slow,
however, so IPv4 address exhaustion
continues to be a significant issue.
• CIDR reduced the problem of wasted address space by
providing a new and more flexible way to specify
network addresses in routers.
• CIDR lets one routing table entry represent an
aggregation of networks that exist in the forward path
that don't need to be specified on that particular
gateway.
• This is much like how the public telephone system
uses area codes to channel calls toward a certain part
of the network. This aggregation of networks in a single
address is sometimes referred to as a supernet.
• Using CIDR, each IP address has a network prefix that
identifies either one or several network gateways. The
length of the network prefix in IPv4 CIDR is also specified as
part of the IP address and varies depending on the number
of bits needed, rather than any arbitrary class assignment
structure.
• A destination IP address or route that describes many
possible destinations has a shorter prefix and is said to be
less specific. A longer prefix describes a destination
gateway more specifically.
• Routers are required to use the most specific, or longest,
network prefix in the routing table when forwarding
packets. (In IPv6, a CIDR block always gets 64 bits for
specifying network addresses.)
• A CIDR network address looks like this under
IPv4:
• 192.30.250.0/18
• The "192.30.250.0" is the network address
itself and the "18" says that the first 18 bits
are the network part of the address, leaving
the last 14 bits for specific host addresses.
IP Masquerading
• Assignment
Configure routers and gateways
• The router connected to each network is called its
gateway.
• To enable IP forwarding use the following command :
• echo “1” > /proc/sys/net/ipv4/ip_forward
• If system has two network interfaces, the network
interfaces would be configured as :
Interface
Address
Mask
Eth0
192.168.1.1.
255.255.255.128
Eth1
192.168.1.129
255.255.255.128
• [root#] route add –net 192.168.1.0
• [root#] route add default gw 192.168.1.129
Configure DHCP – Dynamic Host
Control Protocol
• Helps to assign IP addresses to clients in
distributed manner.
• It is centrally configured server who specifies
range of IP addresses to be allotted to the
clients on request.
Steps to configure DHCP server
•
•
•
•
•
1. Verify software package
[root#] rpmquery –qa | grep dhcp
If not install :
[root#] rpm –ivh dhcp(version)
2. Open the configuration file
/etc/dhcp/dhcpd.conf and perform the following:
• A) edit the line ‘option domain-name’ and write
your domain name :
• Option domain name “example.com”
• B) edit the line option domain name servers and
write your server name :
• Option domain name server “tyit.example.com”
• C) edit the line subnet and provide your subnet
and netmask
• Subnet 192.168.166.9 netmask 255.255.255.0
• D) specify the range in which Ips are to be
assigned to DHCP clients :
• Range 192.168.166.1 192.168.166.254
•
•
•
•
3. restart the service dhcp
[root#] service dhcpd restart
4. enable dhcp on boot
[root#] chkconfig dhcpd on
Configure dhcp client
•
•
•
•
•
•
•
1. open the file
/etc/sysconfig/network-scripts/ifcfg-eth0
Find the line bootproto = static
Change it to dhcp
2. save the changes
3. restart the network
[root#]service network restart