Sunday, November 29, 2009

Using Chkconfig

Using Chkconfig

# chkconfig –list

List All Services status in different run levels

# chkconfig nfs off

Will permanently stop the nfs service.

# chkconfig –level 24 nfs off

Will off the nfs service at runlevel 2 and 4.

# runlevel

Command will display your current runlevel

Friday, November 27, 2009

Package Management With Rpm

Package Management With Rpm

Using RPM

RPM has five basic modes of operation (not counting package building): installing, uninstalling, upgrading, querying, and verifying. This section contains an overview of each mode. For complete details and options try rpm --help, or turn to the Section called Additional Resources for more information on RPM.

Finding RPM Packages

Before using an RPM, you must know where to find them. An Internet search will return many RPM repositories, but if you are looking for RPM packages built by Red Hat, they can be found at the following locations:

• The official Red Hat Linux CD-ROMs

• The Red Hat Errata Page available at http://www.redhat.com/apps/support/errata/

• A Red Hat FTP Mirror Site available at http://www.redhat.com/download/mirror.html

• Red Hat Network — See Chapter 33 for more details on Red Hat Network

Installing

RPM packages typically have file names like foo-1.0-1.i386.rpm. The file name includes the package name (foo), version (1.0), release (1), and architecture (i386). Installing a package is as simple as logging in as root and typing the following command at a shell prompt:

rpm -Uvh foo-1.0-1.i386.rpm

If installation is successful, you will see the following:

Preparing... ########################################### [100%]

1:foo ########################################### [100%]

As you can see, RPM prints out the name of the package and then prints a succession of hash marks as the package is installed as a progress meter.

Starting with version 4.1 of RPM, the signature of a package is checked when installing or upgrading a package. If verifying the signature fails, you will see an error message such as:

error: V3 DSA signature: BAD, key ID 0352860f

If is it a new, header-only, signature, you will see an error message such as:

error: Header V3 DSA signature: BAD, key ID 0352860f

If you do not have the appropriate key installed to verify the signature, the message will contain NOKEY such as:

warning: V3 DSA signature: NOKEY, key ID 0352860f

Refer to the Section called Checking a Package's Signature for more information on checking a package's signature.

Note

If you are installing a kernel package, you should use rpm -ivh instead. Refer to Chapter 29 for details.

Installing packages is designed to be simple, but you may sometimes see errors.

Package Already Installed

If the package of the same version is already installed, you will see:

Preparing... ########################################### [100%]

package foo-1.0-1 is already installed

If you want to install the package anyway and the same version you are trying to install is already installed, you can use the --replacepkgs option, which tells RPM to ignore the error:

rpm -ivh --replacepkgs foo-1.0-1.i386.rpm

This option is helpful if files installed from the RPM were deleted or if you want the original configuration files from the RPM to be installed.

Conflicting Files

If you attempt to install a package that contains a file which has already been installed by another package or an earlier version of the same package, you will see:

Preparing... ########################################### [100%]

file /usr/bin/foo from install of foo-1.0-1 conflicts with file from package bar-2.0.20

To make RPM ignore this error, use the --replacefiles option:

rpm -ivh --replacefiles foo-1.0-1.i386.rpm

Unresolved Dependency

RPM packages can "depend" on other packages, which means that they require other packages to be installed in order to run properly. If you try to install a package which has an unresolved dependency, you will see:

Preparing... ########################################### [100%]

error: Failed dependencies:

bar.so.2 is needed by foo-1.0-1

Suggested resolutions:

bar-2.0.20-3.i386.rpm

If you are installing an official Red Hat, it will usually suggest the package(s) need to resolve the dependency. Find this package on the Red Hat Linux CD-ROMs or from the Red Hat FTP site (or mirror), and add it to the command:

rpm -ivh foo-1.0-1.i386.rpm bar-2.0.20-3.i386.rpm

If installation of both packages is successful, you will see:

Preparing... ########################################### [100%]

1:foo ########################################### [ 50%]

2:bar ########################################### [100%]

If it does not suggest a package to resolve the dependency, you can try the --redhatprovides option to determine which package contains the required file. You need the rpmdb-redhat package installed to use this options.

rpm -q --redhatprovides bar.so.2

If the package that contains bar.so.2 is in the installed database from the rpmdb-redhat package, the name of the package will be displayed:

bar-2.0.20-3.i386.rpm

If you want to force the installation anyway (a bad idea since the package probably will not run correctly), use the --nodeps option.

Uninstalling

Uninstalling a package is just as simple as installing one. Type the following command at a shell prompt:

rpm -e foo

Note

Notice that we used the package name foo, not the name of the original package file foo-1.0-1.i386.rpm. To uninstall a package, you will need to replace foo with the actual package name of the original package.

You can encounter a dependency error when uninstalling a package if another installed package depends on the one you are trying to remove. For example:

Preparing... ########################################### [100%]

error: removing these packages would break dependencies:

foo is needed by bar-2.0.20-3.i386.rpm

To cause RPM to ignore this error and uninstall the package anyway (which is also a bad idea since the package that depends on it will probably fail to work properly), use the --nodeps option.

Upgrading

Upgrading a package is similar to installing one. Type the following command at a shell prompt:

rpm -Uvh foo-2.0-1.i386.rpm

What you do not see above is that RPM automatically uninstalled any old versions of the foo package. In fact, you may want to always use -U to install packages, since it will work even when there are no previous versions of the package installed.

Since RPM performs intelligent upgrading of packages with configuration files, you may see a message like the following:

saving /etc/foo.conf as /etc/foo.conf.rpmsave

This message means that your changes to the configuration file may not be "forward compatible" with the new configuration file in the package, so RPM saved your original file, and installed a new one. You should investigate the differences between the two configuration files and resolve them as soon as possible, to ensure that your system continues to function properly.

Upgrading is really a combination of uninstalling and installing, so during an RPM upgrade you can encounter uninstalling and installing errors, plus one more. If RPM thinks you are trying to upgrade to a package with an older version number, you will see:

package foo-2.0-1 (which is newer than foo-1.0-1) is already installed

To cause RPM to "upgrade" anyway, use the --oldpackage option:

rpm -Uvh --oldpackage foo-1.0-1.i386.rpm

Freshening

Freshening a package is similar to upgrading one. Type the following command at a shell prompt:

rpm -Fvh foo-1.2-1.i386.rpm

RPM's freshen option checks the versions of the packages specified on the command line against the versions of packages that have already been installed on your system. When a newer version of an already-installed package is processed by RPM's freshen option, it will be upgraded to the newer version. However, RPM's freshen option will not install a package if no previously-installed package of the same name exists. This differs from RPM's upgrade option, as an upgrade will install packages, whether or not an older version of the package was already installed.

RPM's freshen option works for single packages or a group of packages. If you have just downloaded a large number of different packages, and you only want to upgrade those packages that are already installed on your system, freshening will do the job. If you use freshening, you will not have to delete any unwanted packages from the group that you downloaded before using RPM.

In this case, you can simply issue the following command:

rpm -Fvh *.rpm

RPM will automatically upgrade only those packages that are already installed.

Querying

Use the rpm -q command to query the database of installed packages. The rpm -q foo command will print the package name, version, and release number of the installed package foo:

foo-2.0-1

Note

Notice that we used the package name foo. To query a package, you will need to replace foo with the actual package name.

Instead of specifying the package name, you can use the following options with -q to specify the package(s) you want to query. These are called Package Specification Options.

• -a queries all currently installed packages.

• -f will query the package which owns . When specifying a file, you must specify the full path of the file (for example, /usr/bin/ls).
• -p queries the package .
There are a number of ways to specify what information to display about queried packages. The following options are used to select the type of information for which you are searching. These are called Information Selection Options.
• -i displays package information including name, description, release, size, build date, install date, vendor, and other miscellaneous information.
• -l displays the list of files that the package contains.
• -s displays the state of all the files in the package.
• -d displays a list of files marked as documentation (man pages, info pages, READMEs, etc.).
• -c displays a list of files marked as configuration files. These are the files you change after installation to adapt the package to your system (for example, sendmail.cf, passwd, inittab, etc.).
For the options that display lists of files, you can add -v to the command to display the lists in a familiar ls -l format.
Verifying
Verifying a package compares information about files installed from a package with the same information from the original package. Among other things, verifying compares the size, MD5 sum, permissions, type, owner, and group of each file.
The command rpm -V verifies a package. You can use any of the Package Selection Options listed for querying to specify the packages you wish to verify. A simple use of verifying is rpm -V foo, which verifies that all the files in the foo package are as they were when they were originally installed. For example:
• To verify a package containing a particular file:
rpm -Vf /bin/vi
• To verify ALL installed packages:
rpm -Va
• To verify an installed package against an RPM package file:
rpm -Vp foo-1.0-1.i386.rpm
• This command can be useful if you suspect that your RPM databases are corrupt.
If everything verified properly, there will be no output. If there are any discrepancies they will be displayed. The format of the output is a string of eight characters (a c denotes a configuration file) and then the file name. Each of the eight characters denotes the result of a comparison of one attribute of the file to the value of that attribute recorded in the RPM database. A single . (a period) means the test passed. The following characters denote failure of certain tests:
• 5 — MD5 checksum
• S — file size
• L — symbolic link
• T — file modification time
• D — device
• U — user
• G — group
• M — mode (includes permissions and file type)
• ? — unreadable file
If you see any output, use your best judgment to determine if you should remove or reinstall the package, or fix the problem in another way.

Wednesday, November 25, 2009

Acl (Access Control List)

Acl (Access Control List)

# vi /etc/fstab

LABEL=/ / ext3 defaults,acl 1 1

:wq (save and exit)

# mount -o remount,rw /

# mkdir test

# cd test

# cat >acltest.txt

Ctrl + D

Login with other user and open the file.

# getfacl /root/test/acltest.txt (Command will show the permission on the file.)

# setfacl -m u:user1:r-x /root/test/acltest.txt (Will set the permission on the file.)

# getfacl /root/test/acltest.txt

Login with user1 and try to open the file.

# setfacl -x u:user1 /root/test/acltest.txt (command will remove the acl permission from the file).

Monday, November 23, 2009

Quick Guide to Red Hat's Package Manager (RPM)

Quick Guide to Red Hat's Package Manager (RPM)

Introduction

RPM is a powerful software manager. It can install, remove, query, and verify the software on your system. Rpm is more than a Red Hat specific tool. Many other modern distributions, such as Caldera and SuSe, use rpm too. This document will by no means provide comprehensive coverage of rpm. Instead, it will highlight the subset of options I've found useful in the real world.

For simplicity, I will assume all software on your system has been installed via rpm packages.

Querying Your System

The first thing you should do is look and see what software you have installed on your system. Here is the command to use:

rpm -qa | more

In case you are unfamiliar with the command line, let me break this command down. rpm is the command name. It tells the computer you want to run the rpm program. In unix, the set of letters following a dash (-) is called an option or switch. The -q tells rpm you want the query operation. The following a in the -qa is a modifier for the query option which tells rpm you want to list all the packages. The | more part of the above command is not a feature of rpm at all. It is a standard unix way to show output one page at a time. If this seems confusing, don't worry about it. It'll become second nature soon.

The package info is split into three pieces. The first piece is the package name. The second is the software version number. And, the third is the package build number. All three are seperated by dashes. The package build number is important incase if there is a more recent rpm build of a program with the same version. This happens a lot with the kernel. If you see a package with more than two dashes, like glibc-devel-2.0.6-9, I've found it is easiest to start on the right and work left. The package name in this case is glibc-devel.

Lets work with an example. Suppose you query all the packages in your system and see faq-5.0-2. What is it and how can you find out more info? We can query individual packages like this:

rpm -qi faq

The i query option requires a package name. Notice that I used faq and not faq-5.0-2. Rpm is smart enough to use the package name without the version info. Supplying the version info will cause an error (but will not harm your system).

Now that you know what the faq package is, can you see which files it installed on your system? Absolutely!

rpm -ql faq

This command should look similar to the previous one. All we did was replace the i with an l to get a listing of files installed by the faq package.

Installing New Software

Lets look at the command to add new software:

rpm -ivh xsnow-1.40-5.i386.rpm

The -i is the install switch. I like to use the v for verbose messages in case if the installation fails. The h option shows our progress with hash marks. If nothing else, it entertains you while your package is installed.

A variation on an install is an upgrade. An upgrade is used when you want to put a more recent package in place of something that is currently installed (aka upgrade). The upgrade syntax is exactly the same as an install, but you replace the -i with a -U. (Notice it is a capital U) If a new version of xsnow comes out, rpm will take care of removing all the old pieces when you upgrade.

rpm -Uvh xsnow-2.0-1.i386.rpm

One last thing that I should mention is that we are installing binary packages. My Intel chip is not binary compatible with an Alpha and so on. The convention for rpm files is to have the architecture preceding the .rpm extention. Some packages, like man pages, will have noarch in the file name. It means that the package is not dependant on the kind of CPU you have.

Removing Unwanted Software

A major advantage to a packaging system like rpm is its ease to erase software. Here is how you do it:

rpm -e faq

There isn't much more to it. Occationally there may be an error that the package cannot be removed because other software depends on it. We can avoid the dependency check with the --nodeps option.

rpm -e --nodeps faq

I should warn you to think before you do this. Rpm has been smarter than me many times. If you break something, all I can say is you were told so. :-)

Verifying Installed Packages

Package verification is something that I don't use a lot, but its good to know that it exists. Verifying a package compares information about the installed files in the package with information about the files taken from the original package and stored in the rpm database. Among other things, verifying compares the size, MD5 sum, permissions, type, owner, and group of each file. Only the discrepencies are displayed. See the man page for more information (Thats where I pulled most of this info).

Why verify at all? If you're up too late and go on a random file deleting spree, it might help you when things don't work. Another more serious use is if you're system has been hacked into. Rpm can verify all of your files to see if you were left backdoors or other surprises. Here is how:

rpm -Va

This command will verify all of the files on your system. The syntax should remind you of how you queried your software. Some of the files it reports will be normal. For example, almost everyone will add a nameserver into /etc/resolv.conf. The file has changed since it was originally installed, but it is not a bad change.

(Disclaimer: If your system security has been compromised, rpm is only one tool to help you. It is not sufficient to only use rpm's verification.)

Advanced Queries

What if you find a file and have no idea what it is or where it came from? Rpm can query that file and show you the package it originated from like this:

rpm -qf /usr/bin/uptime

This command is a little different because it requires the full pathname. Rpm cannot follow symbolic links to a file.

You have looked at files that are already installed, but can you see into a rpm archive? Yes, query with the p option.

rpm -qlp doom-1.8-9.i386.rpm

Notice the -ql is the same as the first section. The third arguement to the command is a little different than before. We used the filename instead of the shorter package name. That is because we are looking into a file, not something that has already been installed.

Common Errors

Sometimes a package is not removed cleanly. Here is the situation, you try to install something and rpm says its already installed. You then try to remove it, and rpm says that is not installed. What can you do?

rpm -ivh --force package-1.0-5.i386.rpm

The --force option is your solution.

Dependencies are generally regarded as a good thing. Rpm has the capability to know if software has such prerequisites. In the real world, not everything on your system can always be from an rpm. If I install the new libxxx without rpm, then I install a rpm which depends on libxxx, it might cause an error and stop. I can use the --nodeps to tell rpm that I don't need it to look out for me.

rpm -ivh --nodeps package-1.0-5.i386.rpm

Now you may be thinking that it sucks that not all software comes in rpm format. The good news is that you can build your own rpms. The bad new is it is beyond the scope of this document. :-) You can find that info in the official RPM HOWTO.

Saturday, November 21, 2009

Swap Partition And Swap File In RHEL 4

Swap Partition And Swap File In RHEL 4

#swapoff –a

# fdisk /dev/hda

Create a new partition of 2*RAM and assign the id 82 which is allocated for swap partition.

#mkswap –v1 /dev/hda15

-v1 switch is used for version number.

Add an entry in /etc/fstab file

# vi /etc/fstab

/dev/hda15 swap swap defaults 0 0

Activate the swap partition using

#swapon –a (which reads /etc/fstab and turns on all the swap entries in the list.

# swapon –s (is used to check the status of swap partition.)

Creating a swap file

#swapoff –a

#dd if=/dev/zero of=swapfile bs=512M count=1

#mkswap –v1 /root/swapfile

Add an entry in the /etc/rc.local

#vi /etc/rc.local

Swapon /root/swapfile

Thursday, November 19, 2009

How can I find out if my Ethernet card (NIC) is being recognized or not?

Ethernet card is lifeline of any Linux server. So if you need to find out find out if your Ethernet card is being recognized or not then use dmesg, ifconfig, or netstat command. Command ifconfig can be use to configure a network interface card as well as to find out information about Ethernet card. If you want find out NIC Ethernet chip set then you can use lspci command (see below for an example of lspci).

# /sbin/ifconfig

Output:

eth0      Link encap:Ethernet  HWaddr 00:0F:EA:91:04:07
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20f:eaff:fe91:407/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64874 errors:0 dropped:0 overruns:0 frame:0
TX packets:65189 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:50448703 (48.1 MiB) TX bytes:13648924 (13.0 MiB)
Interrupt:18 Base address:0xc000


Note If you get output eth0 then your card is being recognized.

The dmesg program helps users to print out their bootup messages. Messages are stored in /var/log/dmesg (Debian Linux):


# cat /var/log/dmesg |grep -i eth0



Output:



eth0: RealTek RTL8139 at 0xc000, 00:0f:ea:91:04:07, IRQ 18
eth0: Identified 8139 chip type 'RTL-8100B/8139D'
eth0: link up, 100Mbps, full-duplex, lpa 0x45E1


OR



# dmesg | grep -i eth0



Display a table of all network interfaces:

# netstat -i



Output:



Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 64858 0 0 0 65172 0 0 0 BMRU
eth0: 1500 0 - no statistics available - BMRU
lo 16436 0 8133 0 0 0 8133 0 0 0 LRU


Find out NIC chipset


For further troubleshooting of your Ethernet card (NIC) I recommend to use lspci command. lspci is a utility for displaying information about all PCI buses in the system and all devices connected to them.


lspci | less


OR


lspci | grep Ethernet



Output:



0000:01:05.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)


In above example I have "Realtek Semiconductor" NIC with RTL-8139/8139C/8139C chip set.

Wednesday, November 18, 2009

How do I find out if my Lan (NIC) card working at full or halt duplex mode / speed under Linux?

11

Aug

How do I find out if my Lan (NIC) card working at full or halt duplex mode / speed under Linux?

Posted by Deja vu

How do I find out if my Lan (NIC) card working at full or halt duplex mode / speed under Linux?
LAN card or NIC is use to send and receive data. Technically, we use word Duplex for this functionality. Full duplex means you are able to send and receive data (files) simultaneously. In half duplex, you can either send or receive data at a time (i.e. you cannot send receive data (files) simultaneously). Obviously, full duplex gives you best user experience. However, how can I find out whether I am using full duplex/half duplex speed/mode?

To Find full or half duplex speed

You can use dmesg command to find out your duplex mode:
# dmesg | grep -i duplex
Output:

eth0: link up, 100Mbps, full-duplex, lpa 0x45E1


ethtool command



Uss ethtool to display or change ethernet card settings. To display duplex speed, enter:

# ethtool eth1


Output:



Settings for eth1:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 10Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: umbg
Wake-on: g
Current message level: 0x00000007 (7)
Link detected: yes


mii-tool command



You can also use mii-tool to find out your duplex mode. Type following command at shell prompt:

# mii-tool



Output:



eth0: negotiated 100baseTx-FD flow-control, link ok


Remember,




  1. 100baseTx-FD: 100Mbps full duplex (FD)


  2. 100baseTx-HD: 100Mbps half duplex (HD)


  3. 10baseT-FD: 10Mbps full duplex (FD)


  4. 10baseT-HD: 10Mbps half duplex (HD)



mii-tool utility checks or sets the status of a network interface̢۪s Media Independent Interface (MII) unit. Most fast ethernet adapters use an MII to autonegotiate link speed and duplex setting. If you are using old card then this utility may not work (use dmesg command).



This utility is useful for forcing specific Ethernet speed and duplex settings too, setup 100Mbps full duplex speed under Linux:

# mii-tool -F 100baseTx-FD



Setup 10Mbps half duplex:

# mii-tool -F 10baseT-HD

Thursday, November 12, 2009

Packet Processing In iptables ..

All packets inspected by iptables pass through a sequence of built-in tables (queues) for processing. Each of these queues is dedicated to a particular type of packet activity and is controlled by an associated packet transformation/filtering chain.
There are three tables in total. The first is the mangle table which is responsible for the alteration of quality of service bits in the TCP header. This is hardly used in a home or SOHO environment.
The second table is the filter queue which is responsible for packet filtering. It has three built-in chains in which you can place your firewall policy rules. These are the:
* Forward chain: Filters packets to servers protected by the firewall.
* Input chain: Filters packets destined for the firewall.
* Output chain: Filters packets originating from the firewall.
The third table is the nat queue which is responsible for network address translation. It has two built-in chains; these are:
* Pre-routing chain: NATs packets when the destination address of the packet needs to be changed.
* Post-routing chain: NATs packets when the source address of the packet needs to be changed

Wednesday, November 11, 2009

What is iptables?

Originally, the most popular firewall/NAT package running on Linux was ipchains, but it had a number of shortcomings. To rectify this, the Netfilter organization decided to create a new product called iptables, giving it such improvements as:
* Better integration with the Linux kernel with the capability of loading iptables-specific kernel modules designed for improved speed and reliability.
* Stateful packet inspection. This means that the firewall keeps track of each connection passing through it and in certain cases will view the contents of data flows in an attempt to anticipate the next action of certain protocols. This is an important feature in the support of active FTP and DNS, as well as many other network services.
* Filtering packets based on a MAC address and the values of the flags in the TCP header. This is helpful in preventing attacks using malformed packets and in restricting access from locally attached servers to other networks in spite of their IP addresses.
* System logging that provides the option of adjusting the level of detail of the reporting.
* Better network address translation.
* Support for transparent integration with such Web proxy programs as Squid.
* A rate limiting feature that helps iptables block some types of denial of service (DoS) attacks.
Considered a faster and more secure alternative to ipchains, iptables has become the default firewall package installed under RedHat and Fedora Linux.
How To Start iptables?
You can start, stop, and restart iptables after booting by using the commands:
[root@bigboy tmp]# service iptables start
[root@bigboy tmp]# service iptables stop
[root@bigboy tmp]# service iptables restart
To get iptables configured to start at boot, use the chkconfig command:.
[root@bigboy tmp]# chkconfig iptables on
Determining The Status of iptables
You can determine whether iptables is running or not via the service iptables status command. Fedora Core will give a simple status message. For example
[root@bigboy tmp]# service iptables status
Firewall is stopped.
[root@bigboy tmp]#

Monday, November 9, 2009

Understanding DNS

Understanding DNS


When you're browsing mega creations, your computer doesn't send data to www.megacreations.com It sends to 64.179.4.146. You don't have to remember the numerical address - DNS servers do it for you.
This text was written to tell you what DNS is, how it works and how you can use it. It doesn't describe configuration of your own DNS server.
Before I describe how the DNS system works, you need to know about IP adresses and domains.
IP Addresses
64.179.4.146 is an example. IP (Internet protocol) address has a form of four numbers (between 0 and 255), separated by dots. Each machine in the Internet must have an unique IP address. It works as a postal address - no message can reach the machine without a correct address.
Numbers are friendly for machines, but hard to remember for humans. That's why we have hostnames and domains (there are more reasons, for example names allow you to easily change IP addresses of servers - only the DNS entry must be changed).
Hostnames, domains, zones
An example of a hostname: www.megacreations.com It's a part of mega creations.com domain. Last portion of the address (.com) refers to a toplevel domain where the host belongs. Other toplevel domains are: .org, .net, .gov etc. Every country has its own toplevel domain. For example: .fr (France), .de (Germany), .jp (Japan) or .br (Brazilia).
Zone and domain mean nearly the same. There's one difference: zone is delegated to one server. A domain can be diveded into different zones.
How it works?
When you connect to LQ, you send a query to your DNS resolver (more about it later). The server checks if it has needed information cached. If it does, it sends it back to you. The server that stores data from previous queries is called a caching nameserver.
If it doesn't have the information you're searching for, it asks one of the root servers. Root servers are on the top of DNS servers tree (the structure looks like a tree). They contain pointers to name servers for each top level domain.
Now the toplevel domain server for .com is asked about mega creations.com domain, it knows the address of the server containing detailed information about all hosts in the mega creations.com domain.
The last server is asked about the host www.megacreations.com hosts. When your resolver server gets the reply, it sends the result back to you.
Types of DNS servers:
A caching nameserver finds answers to queries and then remembers them. This not only speeds up your response time but helps to keep the load on the root nameservers (which handle thousands of queries per second) as low as possible.
An Authoritative server is a server that can answer queries about a zone without help from any other server. Both primary and secondary servers are authoritative.
Primary server(in terms of specific zone) is a server that reads zone data from its local configuration.
Secondary server(in terms of a specific zone) gets zone data from outside sources (usually from master server).
How to use DNS servers?
The file with IP addresses of your nameservers is /etc/resolv.conf. When the machine is correctly configured, it should look like this:
nameserver 192.168.1.1
nameserver 192.168.1.3
DNS servers are listed in lines beginning with 'nameserver' (there are more things to configure in that file). In the example above there are two DNS servers: 192.168.1.1 and 192.168.1.3 (don't copy them, local addresses are used and it may not work in your network).
There's one more important file - /etc/host.conf. It should look like below:
Quote:
order hosts,bind
multi on
When the file is filled properly, everything should work fine.
Where to get the addresses from?
Your ISP is the best source. Most ISPs have their own DNS servers. They're closest to you (so should be the fastest).
If you're using DHCP (many ADSL connections) or modem, your ISP may pass the information to you when you connect. In such case, you don't need to edit /etc/resolv.conf manually.
How to test it?
You can use 'nslookup' or 'dig'.
First example, using nslookup:
sh-2.05b$ nslookup www.megacreations.com
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: www.megacreations.com
Address: 64.179.4.146
As you can see it gives the same answer as we got when ping was used.
Next example, using 'dig'. The command format is:
dig @DNS_server host
It returns more information, so may be harder to read. I'm asking the server 192.168.1.1 about www.linuxquestions.org. You don't need to give the DNS server. If you simply use 'dig.linuxquestions.org', your default DNS server will be used. In the 'ANSWER SECTION' you can see that www.linuxquestions.org is 64.179.4.146. In the line 'Query time' you can see how much time it takes to get an answer. In the example below the time is very short, because I use caching nameserver.
sh-2.05b$ dig @192.168.1.1 www.linuxquestions.org
; <<>> DiG 9.2.2 <<>> @192.168.1.1 www.linuxquestions.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28312
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0

Sunday, November 8, 2009

Linux Servers configuration: (Squid Server)

After hearing the word "SQUID” Are you thinking about a marine creature with a distinct head, having eight arms and two longer tentacles arranged in pairs?

clip_image002

Nope I’m not talking about that Squid :)

                             Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Squid also supports a wide variety of caching protocols, such as Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol. (WCCP).

clip_image004

                            Figure Showing squid server layout.

clip_image005

                                  My Experimentation Setup Layout.

clip_image006

                               Figure Showing Squid-Hierarchy-Schema.

#SQUID CONFIGURATION

NOTE: In this case 192.168.8.x is a squid server, port is 8080 in order to share internet throughout the network.

Requirements:

1) One host station.

2) One free port.

3) Package squid.

Task 1: Setup a Squid proxy server.

Step1: install package

# yum install -y squid

Step2: edit main configuration file

# vim /etc/squid/squid.conf

#(line 73) http_port 8080

Step3: service start

# service squid restart

# chkconfig squid on

Step4: go to url for checkup

#URL->edit->preference->general->connection settings->manual proxy->

http proxy-> 192.168.8.x port-> 8080

Step5: check yahoo.com first it will be blocked by stationX which u can conform from down line

Check for server1 it will come.

Task 2: INSERTING RULES:

Go to configuration file & search for INSERT (line 2517). Write down rules according to ur requirement. Few cases are here, for more cases go through file, u can give any ACL name & can deny-allow by ip/hostname.

Step1: To deny one site

#acl block url_regex .yahoo.com

#http_access deny block

Step2: To allow one network

#acl ournetworks src 192.168.8.0/24

#http_access allow ournetworks

Step3: To deny by time

#acl mytime time SMTWHFA 10:00-20:00

#http_access deny mytime

Step4: To deny one site by time

#acl block url_regex .google.com

#acl mytime time SMTWHFA 10:00-20:00

#http_access deny block mytime

Step5: Start service

# service squid restart

Step6: Go to url check for yahoo.com. It will show u access denied from 192.168.8.X, you can find it in last line and all other sites will be blocked by server1.

Task 3: Setting up "Child Proxy"

In order to make 192.168.8.x as child proxy we need one parent, here server1 is my parent and 3128 is parent proxy port.

Step1: Go to file & search for cache_peer(304 line) & edit like following

# cache_peer server1.example.com parent 3128 3130 default

Step2: start service

# service squid restart

Step3: Go to url & check.

check for yahoo.com it will be blocked & other sites will be accessed.

NOTE: For Exploring more on the acl options refer to the site: http://www.visolve.com/squid/squid24s1/access_controls.php

In case of any problem or queries or suggestions feel free to leave a comment here.. :)

Friday, November 6, 2009

Linux Servers configuration: (Web Server)

A computer that delivers (serves up) Web pages. Every Web server has an IP address and possibly a domain name.

For example, if you enter the URL http://www.redhat.com/index.html in your browser, this sends a request to the server whose domain name is redhat.com. The server then fetches the page named index.html and sends it to your browser.

Any computer can be turned into a Web server by installing server software and connecting the machine to the Internet. There are many Web server software applications, including public domain software from NCSA and Apache, and commercial packages from Microsoft, Netscape and others.

clip_image001

                                   Fig : Layout of a web server

# Web Server Configuration:

NOTE: In my case 192.168.8.X is http server. I have Jack and Jill with password as password for web page access. 192.168.8.Y acting as a client to server 192.168.8.X

Task 1: To host a web site with name station8.example.com

Step 1: Install http package

# yum install http

Step 2: keep required html file with a name index.html in /var/www/html directory

# echo "This is my first web page" > /var/www/html/index.html

Step 3: start the service

# service httpd start (or)

# /etc/init.d/httpd start

Step 4: make the service persistent across reboot.

# chkconfig httpd on

Task 2: To do name based virtual hosting (to host 2 sites stationX.example.com and wwwX.example.com)

Step 1: Append this data into main configuration file.

cat >> /etc/httpd/conf/httpd.conf

NameVirtualHost 192.168.8.X

<VirtualHost 192.168.8.X>

ServerName stationX.example.com

DocumentRoot /var/www/html

</VirtualHost>

<VirtualHost 192.168.8.X>

ServerName wwwX.example.com

DocumentRoot /var/www/virtual

</VirtualHost>

NOTE: stationX.example.com and wwwX.example.com should resolve to 192.168.8.X

# mkdir /var/www/virtual

# echo "testing name based virtual hosting" > /var/www/virtual/index.html

NOTE: /var/www/html and /var/www/virtual directories must present with related index.html!!!!

Step 2: reload service

# service httpd reload

Step 3: check it

# elinks -dump http://stationX.example.com

# elinks -dump http://wwwX.example.com

Task 3: To host a CGI script.

Step 1: modify configuration file.

Now the configuration file has the below content:

<VirtualHost 192.168.8.X>

ServerName wwwX.example.com

DocumentRoot /var/www/virtual

</VirtualHost>

Modify it and now it should look like as below:

<VirtualHost 192.168.8.X>

ServerName wwwX.example.com

DocumentRoot /var/www/virtual

ScriptAlias /cgi-bin/ /var/www/virtual/wwwX.example.com/cgi-bin/

</VirtualHost>

Step 2: create the directory and keep the required cgi script and make it executable

# mkdir -p /var/www/virtual/wwwX.example.com/cgi-bin

# cd /var/www/virtual/wwwX.example.com/cgi-bin

# wget ftp://192.168.8.254/pub/gls/test.sh

# chmod 755 /var/www/virtual/wwwX.example.com/cgi-bin/test.sh

Step 3: reload service

# service httpd reload

Step 4: check it

# elinks -dump http://wwwX.example.com/cgi-bin/test.sh

It should show u by executing test.sh!!!

In case of any problem or queries or suggestions feel free to leave a comment here.. :)

Wednesday, November 4, 2009

Linux Servers configuration: (FTP Server)

Today I’m going to tell you the basic configuration steps of some of the servers used in Linux like FTP, HTTP and SQUID. These configurations are important in the prospective of your RHCE exam also. Hope these Posts will be informative and help you to crack your RHCE exam.

FTP (File Transfer Protocol) Configuration:

The objectives of FTP are:

1) To promote sharing of files (computer programs and/or data),

2) To encourage indirect or implicit (via programs) use of remote computers,

3) To shield a user from variations in file storage systems among hosts, and

4) To transfer data reliably and efficiently.

FTP, though usable directly by a user at a terminal, is designed mainly for use by programs.

clip_image001

                                   Figure showing FTP Schema

clip_image002

       Figure showing the transfer of files from a FTP Server to a FTP Client.

 

# VSFTPD Configuration.

NOTE : In my case 192.168.8.1 is ftp server i have Jack and Jill with password as password in server. 192.168.8.2 and 192.168.8.3 is acting as ftp client to ftp server 192.168.8.1.

Task 1: To Allow ftp user to download files

IN 192.168.8.1:

--------------

Step 1: install vsftpd package

# yum install vsftpd

Step 2: keep the required files in /var/ftp

# touch /var/ftp/f{1..5}

Step 3: start vsftpd service.

# service vsftpd restart

Step 4: make the service persistent across the reboot.

# chkconfig vsftpd on

IN 192.168.8.2:

--------------

Step 1: check whether ftp user is allowed to download files or not.

# ftp 192.168.8.1

ftp> get f1

ftp> bye

Task 2: To Allow ftp user to upload files

IN 192.168.8.1:

---------------

Step 1: create a directory may be /var/ftp/upload which is writeable by ftp user.

# mkdir /var/ftp/upload

# chgrp ftp /var/ftp/upload

# chmod g+w /var/ftp/upload

Step 2: Allow anonymous user to upload the files in configuration file.

line 27 looks like:

#anon_upload_enable=YES

it should be uncommented and now it should look like:

anon_upload_enable=YES

Step 3: restart vsftpd service.

# service vsftpd restart

Step 4: make changes in SELinux policy to allow anonymous user to upload files

# setsebool -P allow_ftpd_anon_write=1

Step 5: change context of directory to allow anonymous user to upload files

# chcon -t public_content_rw_t /var/ftp/upload

IN 192.168.8.2:

--------------

Step 1: create the file which you want to upload.

# touch /root/client1

Step 2: check whether ftp user is allowed to upload files or not.

# ftp 192.168.8.1

ftp> cd upload

ftp> put /root/client1

ftp> by

Task 3: To Allow normal user Jack with password as password to download and upload files.

IN 192.168.8.1:

----------------

Step 1: Create user Jack with password as password

# useradd Jack

# echo "password" | passwd --stdin Jack

( NOTE: Use the above mentioned technique to assign password for the user instead of the traditional method "passwd <username>", coz here there is no need to type the password 2 times so it saves some time in RHCE exam and you can also know what password you are providing so it reduces the probability of assigning a wrong password to the user).

Step 2: keep some files in Jack user’s home directory.

# touch /home/Jack/b{1..5}

Step 3: change SElinux policy so that normal users can get access to their home directories.

# setsebool -P ftp_home_dir=1

IN 192.168.8.2:

--------------

Step 1: create the file which you want to upload.

# touch /root/client2

Step 2: check whether Jack user is allowed to upload files or not.

# ftp 192.168.8.1 -u Jack

Password:

ftp> get b1

ftp> put /root/client2

ftp> bye

In case of any problem or queries or suggestions feel free to leave a comment here..:)

Sunday, November 1, 2009

How to set services to start & stop automatically.

Red Hat and Red Hat based Linux distributions make use of the script called chkconfig to enable and disable the system services running in Linux.

For example, to enable the apache webserver to start in certain run levels, you use the chkconfig script to enable it in the desired run levels as follows:

# chkconfig httpd --add
# chkconfig httpd on --level 2,3,5

This will enable the apache webserver to automatically start in the run levels 2, 3 and 5. You can check this by running the command:

# chkconfig --list httpd

One can also disable the service by using the off flag as shown below:

# chkconfig httpd off
# chkconfig httpd --del

Red Hat also has a useful script called service which can be used to start or stop any service. Taking the previous example, to start apache webserver, you execute the command:

# service httpd start

and to stop the service…

# service httpd stop

The options being start, stop and restart which are self explanatory.

 
Things You Should Know About Linux !!!