Tuesday, August 31, 2010

Rhce Notes By Suresh Kumar Pakalapati

RH253
=====

Pam :- As linked to, and configured in /etc/pam.d/programname.

libwrap :- As linked to libwrap so or managed by so linked.

Uid:-

Gid:-

Service:
Chkconfig:
Xinetd:
system-config-services

Network:-

chkconfig --level 35 httpd on
chkconfig --list httpd

service httpd start
service httpd stop
service httpd lists

/etc/sysconfig/network-scripts/ifcfg-*  for network interfaces
/etc/sysconfig/*   for most others
/usr/share/doc/initscripts-*/sysconfig.txt

system-config-network [Device,Gateway,StaticRoute,DNS,Hostname]
system-config-network-tui[Device,Gateway]

ifup
ifdown

Virtual:-

libvirt
virt-manager
virt-install
virsh start domain
virsh shutdown/reboot/destroy domain
virsh suspend/resume   domain
virsh shave domain state-file
virsh autostart  domain
virsh  console domain
virsh list

xm create -c domain
xentop

Yum: -

/var/ftp/pub/gls/server.repo
cd /etc/yum.repos.d/
cp rhel-debuginfo.repo  errata.repo
vi  errata.repo
[errata]
name = updates repository
baseurl = ftp://instructor.example.com/pub/errata
enabled=1
gpgcheck=0

Yum Commads:-

yum list updates
yum install firefox
yum localinstall firefox.rpm
yum groupinstall packagegroup
yum remove package
yum update package
yum list all
yum list (installed,available,update)
yum grouplist
yum groupinfo packagegroup
yum info package
yum search searchterm
yum provides filename [ yum provides /usr/sbin/sendmail]

/dev/random
/dev/urandom
cat /dev/random

Open SSL:-

keypair: -  openssl genrsa -out server1.key.pem 1024
                 openssl req -new -key server1.key.pem -out server1.csr.pem

Selfsigned: -  openssl req -new -key server1.key.pem -out server1.crt.pem  -x509


Ssh:-

ssh-keygen  -t  dsa
ssh-keygen  -t  rsa

/etc/hosts.allow
/etc/hosts.deny

vi  /etc/hosts.allow
sshd:  192.168.0.114

openssh-client, openssh-server

/usr/sbin/sshd
/etc/init.d/sshd
/etc/ssh/sshd-config ,  /etc/ssh/* ,  ~/.ssh/*

openssh-ashpass,  tcp-wrappers

Client:- /etc/ssh/ssh-config   /usr/bin/ssh

Server:- /etc/ssh/sshd-config
               protocol 2
               Listenaddress 22 [192.168.0.114:22]
               permitRootLogin
               Banner  /etc/issue.net
               AllowTCPForwarding=Yes
               Gatewayports=Yes

ssh -L 3000:192.168.0.114:25  -N 192.168.0.5
ssh -R 3001:192.168.0.114:25  -N 192.168.0.5

ssh-copy-id  user@host
.ssh/authorized_keys

rpm  --verify packagename
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat*
rpm --checksig pkgname

gpg --import  RPM-GPG-KEY
rpm --checksig package-file-name

vnc-server
vncserver
vncviewer localhost:9901

ssh-keygen  -t  dsa
ssh-copy-id  -i  ~/.ssh/id_dsa.pub  serverX

ssh student@serverX id
ssh-keygen -p -f ~/.ssh/id_dsa

yum -y install vnc vnc-server

/etc/termcap
gpg -c /tmp/termcap

openssl x509  -in example-ca.crt  -text | less


Selinux:-

Enforcing, Permissive, Disabled

/etc/sysconfig/selinux

system-config-securitylevel
getenforce  & setenforce  0|1
kernel  selinux=0|1  or  enforcing=0|1

Permissive:- mode is used for trouble shooting or development it logs policy violations but does not prevent
                   programs from running [0].

Enforcing:-  is the default mode [1].

user:role:type:sensitivity:category

ps -z
ls -z
ps -zc  syslogd,bash
ls -zd /etc/   /etc/aliases

chcon -R -t public_content_t/mydata/html
semanage  fcontext  -a-t
restorecon  -vvFR  /html/
ls -z  anakondaks.cfg

getsebool  -a | grep named
getsebool named_write_master_zones

setsebool  named_write_master_zones on
getsebool  named_write_master_zones

setsebool -P named_write_master_zones on

setrouble shootd
sealert  -a
sealert  -b
sealert  -l

Selinux Modes :   genenforce , setenforce
Security Contexts :  ps -z , ls -z , semanage, restorecon
Selinux Booleans :   getsebool, Setsebool
Troubleshooting tools :  settroubleshootd, sealert

NTP :-

ntpq -c pe
vi /etc/ntp.conf

ps -zc  ntpd
getsebool -a | grep ntp
setsebool  -p ntpd_disable_trans off
ntpq  -c  pe
rpm  -ql  ntp | grep ntp conf
restorecon  -v  /etc/ntp.conf

IPTABLES :-

system-config-securitylevel-tui

filtering in the kernel   network(3)(4) & (2) (data-link) layer

filter: the main packet filtering is performed in this table
nat:
mangle:    special effects
conntrack: stateful  prerouting & output

                                                      Filter      Nat        Mangle
INPUT                                           X                        X
FORWARD                                   X                        X
OUTPUT                                       X            X         X
PREROUTING                                            X          X
POSTROUTING                                         X           X

* Prerouting :- forward --> input --> output --> postrouting
   echo "1" > /proc/sys/net/ipv4/ip_forward

* DROP,ACCEPT,LOG,REJECT

Iptables  -t filter -AINPUT  -s 192.168.0.1  -J  DROP
                                |                   |                          |
                               V                 V                        V
                            Chain         Part of the rule     Target part of the rule
iptables -t filter -nvl --line-numbers
iptales -A INPUT -s 192.168.0.114  -J DROP

ip & network   {  -s 192.168.0/24
                               {  -d 192.168.0.1

network interface {  -i lo
                            {  -o eth1

Criteria canbe inverted with '!'   { -i eth0 -s '!'  192.168.0.0/24

iptables -I INPUT  -s 192.168.0.0/24  -J ACCEPT
iptables -I OUTPUT -o eth0 -d 192.168.0.0/24  -J ACCEPT
iptables -I  INPUT  -i lo -J ACCEPT

-p tcp  --dport 80
-p udp --sport 53
-p icmp  --icmp-type  host-unreachable

iptables -I INPUT -p tcp -s 192.168.0.1  --sport 123 -d 192.168.0.2  --dport 1024: -J ACCEPT

iptables -I INPUT -p icmp --icmp-type  echo-request -J DROP

iptables  -I INPUT  -p icmp  --icmp-type  -J  destination-unreachable  -J ACCEPT

ACCEPT, DROP, REJECT, Flush (-F)
Zero byte packet counter (-z [chain])
-N  (adds chain)
-X  (delets chain)

iptables -t nat -F POSTROUTING
iptables  -P INPUT      DROP
iptables  -A INPUT -J DROP
iptables  -A INPUT -J REJECT

NEW, ESTABLISHED, RELARED, INVALID

/proc/net/ip_conntrack
/proc/sys/net/ipv4/ip_conntrack
/proc/sys/net/ipv4/netfilter/ip_conntrack_*
ip_conntrack_ftp
ip_conntrack_tftp
ip_nat_ftp
ip_nat_tftp

/etc/sysconfig/iptables-config

iptables_modules = "ip_con---tftp  ip_nat_ftp"

iptables -A INPUT -m state --state  ESTABLISHED, RELATED -J ACCEPT

iptables  -A INPUT -m state --state NEW -p tcp  --dprot 25  -J ACCEPT
iptables  -A INPUT -m state --state NEW -J DROP


DNAT

Inbond: -   iptables -t NAT -A PREROUTING -p tcp --dport  80 -J DNAT  --to-dest 192.168.0.114
       
Outbond:- iptables -t NAT -A OUTPUT -p tcp --dport 80 -J DNAT --to-dest 192.168.0.200:3128

iptables -t NAT -A PREROUTING -i eth1 -p tcp  --dport 80 -J DNAT --to-dest 192.168.0.114  --to-dest
192.168.0.115  --to-dest 192.168.0.116

iptables -t NAT -A PREROUTING -i -p tcp  --dport  2201 -J DNAT --to-dest  192.168.0.1:22

iptables -t NAT -A OUTPUT -p tcp --dport 80 -J DNAT --to-dest 192.168.0.200:3128


SNAT

iptables  -t NAT -A POSTROUTING -o  eth0 -J MASQUERADE
iptables  -t NAT -A POSTROUTING -J SNAT --to-source  1.2.3.45
iptables  -t NAT -A POSTROUTING -J SNAT --to-source  1.2.3.45-1.2.3.55
iptables  -t NAT -A POSTROUTING -J SNAT --to-source  1.2.3.45:1234-1334

iptables-save
iptables-restore
service iptables save

vi  /etc/sysconfig/iptables

*filter
: INPUT DROP [573:46163]
: FORWARD ACCEPT [0:0]
: OUTPUT  ACCEPT [641:68532]
-A INPUT  -i lo -J  ACCEPT
-A INPUT  -p tcp  -m tcp  --dport  143   -J  ACCEPT
-A INPUT  -p tcp  -m tcp  --dport    22   -J  ACCEPT
-A INPUT  -p tcp  -m tcp  --dport    25   -S 192.168.0.114  -J ACCEPT
-A INPUT  -p tcp  -m tcp  --dport    53   -J  ACCEPT
-A INPUT  -p udp -m udp  --dport   53   -J  ACCEPT
-A INPUT  -p udp -m udp  --dport 123   -S  192.168.0.114  -J ACCEPT
-A INPUT  -p icmp -J ACCEPT
-A INPUT -p tcp -m tcp --dport 113 -J REJECT --reject-with tcp-reset
COMMIT

vi   /etc/modprobe.conf
alias  net-pf-log off
alias  ipv6 off

iptables  -N class-rules
iptables -A input -J call-rules

service iptables save
-A class-rules -i lo -j accept
                      -p icmp  -j  accept 
                      -p udp  --dport 631  -j accept
                      -p tcp   --dport 631  -j accept
                      -m state --state Established,related -j accept
                      -p tcp  --dport 22 -j accept
                      -j LOG
                      -j  reject  --reject-with  icmp-host-prohibited

TCP-WRAPPERS

libwrap.so
ldd   $(which  sshd)  |  grep  libwrap

vi  /etc/hosts.allow
vi  /etc/hosts.deny
ALL
EXCEPT

vi  /etc/hosts.allow
sshd:  ALL  EXCEPT   192.168.0.114

vi /etc/hosts.deny
sshd:  ALL

vi  /etc/hosts.allow
vsftpd:  192.168.0.1
in.telnetd, portmap: 192.168.0.8

vi  /etc/hosts.deny
ALL: nkindia.com EXCEPT  mail.nkindia.com
vsftpd,  portmap: ALL
sshd:  192.168.0.   EXCEPT  192.168.0.4

vi  /etc/xinetd.conf

defaults
{
enabled  = yes
instances = 50
per-source = 10
v6only  = no
log-type = syslog daemon  info
log-on-failure = host
log-on-success = PID   Host Duration Exit
CPS  =  50 10
banner  =  /some/file
}
includedir    /etc/xinetd.d


NSS

vi   /etc/nsswitch.conf
getent
passwd: files  nis ldap

PAM
/lib/security/pam  modules
/etc/security
/etc/pam.d/
/etc/securitty

vi /etc/pam.d/login
auth  required  pam-securetty.so

pam_unix.so
pam_securetty.so
pam_deny.so
pam_permit.so

vi  /etc/pam.d/system-auth
auth  required  pam_env.so
auth  sufficient pam_unix.so  nullok  try_first_pass
auth  requisite pam_succeed.so  uid>=500 quit
auth  required  pam_deny.so

pam_krb5.so
pam_ldap.so
pam_smb_auth.so
pam_winbind.so

vi /etc/security/limits.conf


HTTP

httpd,  httpd-level,  httpd-manual
/usr/sbin/httpd
/etc/init.d/httpd                    
80/tcp   443/tcp (https)
/etc/httpd/*    ,    /var/www/*
system-config-httpd   ,   mod_ssl

Min & Max   Spare Servers
Logfile  Configuration
Host name lookup in  logs
Loaded  modules
Virtual hosts
user and group.

UserDir  public_html

Mimetype
Add type   application/x-httpd-php  .phtml
AddType  text/html  .htm

DirectoryIndex  index.html  default.htm

restorecon -R  /home/
/sbin/restorecon   ~/public_html

Virtual Host

Name Virtual Host  192.168.0.100:80

Servername Virtl.com
DocumentRoot  /virtl


ServerAlias  www.virt2.com   www2.virt2.com


Options Followsymlinks
Allowoverride  None



Options -Indexes
Allowoverride   AuthConfig



Order  Allow,Deny
Allow  from  example.com
Deny from   station2.example.com  station3.example.com


* service  httpd  configtest
* apachectl  configtest
* httpd -t

/etc/httpd/conf/httpd.conf
/etc/httpd/conf/ssl.conf

AuthName  "Bob's Secret Stuff"
AuthType    basic
AuthUserFile  /home/bob/.htpasswd
require  user    bob

AuthName "Bob's Secret  Stuff"
AuthType   basic
AuthUserFile  /etc/httpd/conf/.htpasswd
AuthGroupFile /etc/httpd/conf/.htgroup


require group staff



require  user bob


ScriptAlias   /cgi-bin/    /path/cgi-bin/

mod_perl
mod_php
mod_speling

ssl : -  /etc/httpd/confd/ssl.conf
certificate : -  /etc/pki/tls/certs/your_host.crt
private key: -  /etc/pki/tls/private/your_host.key

/etc/pki/tls/certs/makefile
make testcert
make certreq

SQUID

Monday, August 30, 2010

25+ Ways to Download Youtube Videos Easilyt


Youtube one of Biggest and Best video files sharing websitewhich has giant collection of videos library. So you can get almost any song, music video or even movies to watch or better, download.
Web Services / Bookmarklets for Downloading Youtube Videos
  1. SaveVid: with this service online, download videos from YouTube is a real snap. You type the address of the movie to download, you click on the "Download" button and you’re done. Can also be used via bookmarklet (a bookmark special) and allows you to download the video in HD.
  2. KeepVid : Download and save videos directly from Youtube, Google, Metacafe, Putfile and more. Simply copy and paste.
  3. KeepHD.Com to Download High Definition Videos from Youtube.
  4. Vixy: Another very practical service on the Web that lets you download videos from YouTube and convert on the fly them. It can create AVI with audio to mp3, mov for Mac, MP4 for portable players and 3GP cell phones.
  5. Kick YouTube: here you can search and download YouTube videos in various formats, audio /video. Also works by simply adding the prefix "kick" before "youtube" in the URL of the videoyou want to download.
  6. AbcYoutube : Free and very easy to use online YouTube downloader that literally makes YouTube video conversion and download as easy as abc. You simply need to enter “abc” in front of the URL of any YouTube video
  7. All-in-one video Bookmarklet: you drag it into your browser bookmarks bar, select it while watching the movie to download and you’re done.
  8. Zamzar is an online file format conversion site which can do a lot more than just converting YouTube videos to another format and downloading them to your hard drive thus doing a great job so, highly recommended.

Youtube Video Download Applications (Windows)

  1. Orbit Downloader: popular download manager for free. Among its many features is also the one that lets you download videos from YouTube with just one click. It performs its job very well and integrates with all major browsers.
  2. Real Player: the historian multimedia player in the latest versions can also download videos from YouTube quickly and easily, directly from your browser.
  3. Keepv is a desktop downloader as well as a converter, which can convert the downloaded videos from flv to avi, mov, mp4, or 3gp formats.
  4. VideoSlurp: very practical program with built-in browser that allows you to download movies from YouTube with just one click.
  5. VideoGet boasts being able to download video clips from more than 100 video sharing websites. We haven’t tested all of them, so we’re just going to take their word for it. It’s a deskop application with a nice, simple interface, and a solid number of options.
  6. Tube Sucker lets you batch download 1000′s of videos of your favorite artist from youtube.com. It also includes a batch converter to convert files to the format of your choice.

Firefox Addon Extensions to Download Videos from Youtube

  1. Video Download Helper: a must-have. Not only allows you to download videos from YouTube but also to convert them to flight and to download any media item on the webpage you visit.
  2. 1-Click YouTube Video Download: The name is eloquent enough, no?
  3. Fast downloads YouTube: very practical for downloading videos from YouTube, including by the results of research and when videos are embedded on other sites.
  4. Easy YouTube Video Downloader: brings up a couple of extra buttons in the view page of the YouTube video so you can download them with one single click.
  5. NetVideoHunter – Download videos and music from almost any Youtube-like video sharing site.

Youtube Downloader Extensions for Chrome

  1. Easy YouTube Video Downloader
  2. YouTube Get
  3. Another YouTube Downloader:
Three best chrome extensions with the same functionality. They allow you to download YouTube videos in various formats, including HD.

UserScript (Greasemonkey) for Downloading From Youtube

  1. YouTube Enhancer: script that allows you to not only download videos from youtube, but also to change the size of the player online, to disable the Autoplay and very Grim.
  2. YouTube Video Download: script in Italian, as its official description says, will get any videos from YouTube.com, including people with 1080p (high quality ‘) and is designed to be lightweight and unobtrusive. It works without contacting any external site.
  3. YouTube Video Download: allows you to download videos from youtube in various qualities, up to HD (when available), with a single click.

Friday, August 27, 2010

System File Checker ( SFC) at Windows

SFC is System File Checker. SFC is running in system to protect system files. All the system files are located in C:\Windows and C:\Windows\System32 folders. These files are important for Windows Operating to work effeciently. If any of the files is deleted accidently the file gets restored from the DLLCache folder automatically with the help of SFC. 


Sometimes, you might need to disable the SFC for development and testing purpose. This article explains the registry keys you can play with to disable the SFC and various options.



  • KEY Name:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
  • Entry Name: SFCDisable
  • Date Type: REG_DWORD
  • Value: 0,1,2,3,4
  • 0 = enabled. This is the default option. The SFC is enabled by default on Windows Systems.
  • 1 = disable the SFC. The value 1 disable the SFC but prompt the user at the boot to re-enable the SFC.
  • 2 = This is to disable the SFC completely and users are not prompted to re-enable it.
  • 4 = SFC is enabled but the popups are disabled.



At the same location at registry, you can configure one more registry entry: SFCScan. Data type for this is REG_DWORD and values could be 0,1,2. This entry can be useful to perform the scan of protected files of the systems.



  • 0 = do not scan protected files at boot (default)
  • 1 = scan protected files at every boot
  • 2 = scan protected files once

Thursday, August 26, 2010

First Computer Mouse


OÕÂ¹× Åç©Õ²Ä?: „çá{d-„çá-Ÿ¿šË ¹¢X¾Üu-{ªý «Õø®ýÊÕ 1964©ð Æ„çÕ-J-ÂÃÂ¹× Íç¢CÊ Doug Engelbart Â¹©-X¾Åî ª½Ö¤ñ¢-C¢-Íê½Õ. “’ÃX¶Ï-¹©ü §Œâ•ªý ƒ¢{-êªp´®ý (°§Œâ‰) N¢œî-®ý©ð «Õø®ýÊÕ „ÜĪ½Õ.

Tuesday, August 24, 2010

Basic file permitions

*The linux file has 8 attributes which are listed with (ls -l or ll) commands.
-rw-r--r--1 root root 1230 Feb 12 15:20 raj.doc

1st field

Types

- files
d directories
l links
p processfile
s socket files
b block devices
c character devices

2nd field.
rwx  owner

3rd field.
rwx group

4th field.
rwx others

Ex.  -     rwx    rwx    rwx   1 root root 1230 Feb 12 15:20 raj.doc
   (type)(owner)(group)(others)


Permition access mode.

             File                              Directory

r --> To display contents of a file.      To list contents of a dir.(Read only)

w --> To create or append a file.         To create file’s & directories.(Read & Write)

x --> To execute a file.                  To execute to a directory.


File Permition Mode.

Permitions
1) Symbolic mode -- rwx
2) Absolute mode -- 421

*Defoults file permition.

1) When a file created with the help of cat, touch, vi will get the permissions as 644.
EX.-->  - rw- r-- r--

2)Actually in the basic UNIX system when a file is created it gets the permission as 666.

3)But this lapses in security, so when ever a file is created in UNIX system it masks some
  bits,with a mask value of 022.

4)After masking we get the default value of a file as
  644. [666 – 022 = 644]

5) 022 is as the UMASK value.



*Default directory permitions.

1)When a directory is created with the help of mkdir will get the permissions as 755.
  d rwx r-x r-x


2)Actually in the basic UNIX system when a directory is created it gets the permission as 777.
  But this lapses in security,so whenever a directory is created in UNIX system it masks some
  bits,with a mask value of 022.


3)After masking we get the default value of a file as
  777. [777 – 022 = 755]

4)022 is as the UMASK value.


###############################################################

1)To view the umask value.
#umask

2)To view the umask value into file.
#vim /etc/bashrc

3)To create file.
#touch 123
#ll 123
-rw-r--r-- 1 root root 0 Feb 12 08:18 123
 (6  4  4) After umask value.

4)To create Directory
#mkdir ram
#ll
drwxr-xr-x 2 root root  4096 Feb 12 08:21 ram
 (7  5  5) After umask value.

##############################################################


chmod Command

1)chmod command is used to change the permissions of a file/directory.

2)chmod can be used by the owner of the file or by root.

3)With chmod command we can assign permission’s or remove permissions as required.

4)Permission parameters used with chmod command

Category    u g o
Operators   + - =
Permissions r w x
Weight      4 2 1

Applying permission to Owner (u), Group (g) & Others (o) for File1

Applying permission to File or Directory

#chmod (permitions) (file/derectory)

################################################################

*Example of Permission - Absolute.

#touch 123
#ll
-rw-r--r-- 1 root root     0 Feb 12 08:18 123

*To change the value.

#chmod 777 123
-rwxrwxrwx 1 root root     0 Feb 12 08:18 123

#chmod 766 123
#ll
-rw-rwxrwx 1 root root     0 Feb 12 08:18 123

##############################################################

*Example of Permission - Symbolic

#touch text
-rw-r--r-- 1 root root     0 Feb 12 08:31 text

1)change group permition.(+)
#chmod g+w text
-rw-rw-r-- 1 root root     0 Feb 12 08:31 text

2)change user permition.(-)
#chmod u-w text
-r--rw-r-- 1 root root     0 Feb 12 08:31 text

3)change others permition.(=)
before.
-r--rw-r-- 1 root root     0 Feb 12 08:31 text
After = permition.
#chmod o=rx text
-r--rw-r-x 1 root root     0 Feb 12 08:31 text

Advanced File Permitions

1)SUID

2)SGID

3)STICKY BIT



###################### SUID. #############################



1)SUID stands for Set User ID.



2)SUID allows applications to run by normal user with privileges of root user.



3)That means in case I have an application (eg.ping) whose owner is 'root' and it has its SUID bit

set, then when I run this application as a normal user, that application would still run as root.



4)By default the SUID will be applied on ping so that the normal users will also can ping to other

systems.





Implement SUID.



1)Impliment the SUID on ping.

#chmod 4755 /bin/ping



By this command we stop the normal users to ping the other machines.

-rwsr-xr-x 1 root root 35864 Dec 21 2006 ping



2)To remove the SUID.

#chmod 0755 /bin/ping

-rwsr-xr-x 1 root root 35864 Dec 21 2006 ping



EX.



1)To create directory.

#mkdir /vikas



2)To implement the SUID on /vikas directory.

#chmod 4755 /vikas

#ll /

drwsr-xr-x 2 root root 4096 Feb 12 12:15 vikas



3)create users.

#useradd u1

#useradd u2

#passwd u1

#passwd u2



4)login by the users & go to /vikas directory.

#su - u1

u1$cd /vikas

u1$touch 11

touch: cannot touch `11': Permission denied



"That mince normal users can not create the file into /vikas directory."



5)To remove the SUID.

#chmod 0755 /vikas



######################## SGID ###########################



*SGID is used for group inheritance.

when SGID is applied to a directory, all sub directories & files created by any user in that particular directory would be owned by the specified group, regardless of user’s group.



1)To create directory.

#mkdir /sales



2)To implement the SGID on /vikas directory.

#chmod 2755 /sales

#ll /

drwxr-sr-x 2 root root 4096 Feb 12 12:32 sales



3)create users.

#useradd u1

#useradd u2

#passwd u1

#passwd u2



4)create group.

#groupadd sales



5)Add users into the group.

#gpasswd -a u1 sales

Adding user u1 to group sales



#gpasswd -a u2 sales

Adding user u2 to group sales



6)To check.

#tail /etc/group

sales:x:502:u1,u2



7)To login by user.

# su - u1

u1$cd /sales

u1$touch 22

touch: cannot touch `22': Permission denied



*That mince users can not create the files in /sales directory because they are in sales group.

we apply the SGID on /sales directory. If users are not in the sales group so he can create the files into the sales directory.



####################### STICKY BIT ##########################


sticky bit :- It is used to secure files. The files from the sticke bit

directory can be deleted by the owner of the file only.



# chmod o+t /test # chmod 1777 /test



# chmod o-t /test # chmod 777 /test



How to do :->



# mkdir /test

# chmod 777 /test

# chmod 1777 /test

Disk Managment (Partitioning)



1) Partition is a part of hard disk which is to be utilized for a different

cause than it's neighbouring partition.



2) Partition is "Hardware" since it comes from a hard disk which is a

hardware . Basically anything can be holded in hands is a hardware

, and as hard disk could be , hard disk and hence partition is a h/w.



3) Partitions could be further subdidvided into two types -:



i) Primary Partitions -> It is an actual partition which can be given a

label and can be used for some purpose. There can be max 4 primary

partitions on a hard disk ( limitations of BIOS which was first

inroduced by IBM and all other personal computers are it's clones.



ii) Extended Partition -> This is ideally not a partition but a concept

that can be further divided into logical partitions which can be

further given labels and used for some purpose.



4) Only 1 extended partition can be created from a hard disk which can be

further sub divided to 64 logical volumes ( partitions ) . Windows

allows only 21 logical partitions.



Max. Number of logical volumes also depends on motherboard . In some

cases only 16 logical volumes are allowed from an extended partition.



5) Windows can oly be installed on an primary , active partition.



6) Drive in Windows = Filesystem in Linux



7) Normally the important directories which if filled could hamper the

functioning of system are made a totally different filesystem on a

different partition in linux.



Normally , the various directories which are given different partitions

are /boot , / , /home , /tmp , /var , /usr .



For eg. -> /home is the directory in which all users have their home

directories , if there is no quota policy for users in place , in

case they dump more and more data in their home directories and if

/home is not in another partition , all data will be going into the

"/" directory and ultimately it gets filled up . This will make the

system slow and ultimately system may hang and will give problems

later while booting.Even the root user will not be able to login

because his home directory ( /root ) is in / directory which is

already full.



To slove above problem , root user can login from linux rescue mode

and try to do the cleanup.



8) 'df' is command used to see all filesystems present on the system and

being used by linux kernel and their current usage.



df -h gives the output in human readable form ( in MB's )



For eg. -> df -h

Filesystem Size Used Avail Use% Mounted on

/dev/hda7 950M 116M 786M 13% /

/dev/hda6 99M 9.2M 85M 10% /boot

none 109M 0 109M 0% /dev/shm

/dev/hda10 950M 17M 885M 2% /tmp

/dev/hda12 8.3G 4.5G 3.5G 57% /usr

/dev/hda11 950M 263M 639M 30% /var

/dev/vg/lv 465M 8.1M 433M 2% /home



9) Minimum 3 partitions required for a successful installation
/boot , / , swap



10) 7 Partitions required for a successful and efficient linux installation
/boot , / , /home , swap , /tmp , /var , /usr



11) For getting an optimum performance from a system , no partition should

be filled more than 82% of it's size.



12) Partition can be done in order to use the free space, to install

multiple OS, to format HDD with multiple file systems etc



13) LOGICAL FILE SYSTEM:

for windows - FAT16, FAT32 and NTFS

Linux - ext2 and ext3

################################################################

How to Partitioning,Formating & Mounting. 
How to create swap partition?




1. To view partition table

# fdisk -l



2.To create new partition

# fdisk

Suppose we have created /dev/hda9 partition.



3.To update partition table to kernel without rebooting

# partprobe



4.To format partition table with file system ext2 and ext3



# mkfs.ext2

# mkfs.ext3

eg.

# mkfs.ext3 /dev/hda9



5.To mount partition table on mount point(on created directory)

# mount

eg.

# mount /dev/hda9 /linux



MOUNTING : Means creating a link between physical and logical file system

in order to access partitions through mount point.



6.To umount partition

# umount

eg.

# umount /linux



7.To mouint file system permentatly # vi /etc/fstab



/dev/hda9 /linux ext3 defaults 0 0

8.Convertiting file system from ext2 -> ext3

# tune2fs -j

eg.

# tune2fs -j /dev/hda9



9.Converting file system from ext3 -> ext2
# tune2fs -O^has_journal

eg.

# tune2fs -O^has_journal /dev/hda9



10.To assign a lable

# e2lable

eg.

# e2lable /dev/hda9 /songs



11.To view existion lable

# e2lable

eg.

# e2lable /dev/hda9

/songs



================= SWAP PARTITION ===============

We create a swap partition for a support to ram. In case If ram is a full that time
the swap partition is active.

12.TO make partition a swap partition

# mkswap



13. To enable swap partition

# swapon /dev/hda9



14.To view status of swap partition

# swapon -s



15.To disable partition

# swapoff

#################################################

LVM

1. Logical Volume Manager is the esier way to manage hard disk by resizing

logical volumes.

2. The LVM2 packge is used for kernel 2.6.

3. In LVM structure there are three levels of organisation :-

physical volume - volume group - logical volume

4. Linux LVM partition has 8e code.

5. The physical partitions i.e. physical volumes turns into volume groups

that then turns into logical volumes.

This logical volumes are assigned mount points and file system types

like ext2, ext3.

When "partitions" reach their full capacity, free space from the volume

group can be added to the logical volume to increase the size of the

partition. When a new hard drive is added to the system, it can be added

to the volume group,and partitions that are logical volumes can be

increased in size.



#############################################



STEPS TO CONFIGURE LVM :



# Creating Physical Volumes

# Creating Volume Groups

# Creating Logical Volumes and assigning mount points.

# Resizing VG and LVs.

# Removing PV, VG and LVs.

# Monitoring PV, VG and LVS.





######## LOGICAL VOLUME MANAGER CONFIGURETION #######



1)To create the partition.

#fdisk /dev/sda

#partprobe /dev/sda



2)To create the PV (physical volume)

# pvcreate /dev/sda9 /dev/sda10 /dev/sda11

Physical volume "/dev/sda9" successfully created

Physical volume "/dev/sda10" successfully created

Physical volume "/dev/sda11" successfully created



3)To check PV

#pvdisplay



4)To create the VG (volume group)

#vgcreate india /dev/sda9 /dev/sda10 /dev/sda11

Volume group "india" successfully created



5)To check VG

#vgdisplay



6)To create the LV (logical volume).

#lvcreate -L 20m india -n mumbai

#lvcreate -L 20m india -n chennai

#lvcreate -L 20m india -n dehli



7)To check LV.

#lvdisplay



8)To extend the VG.

#fdisk -l

#fdisk /dev/sda

#partprobe /dev/sda

#pvcreate /dev/sda12

Physical volume "/dev/sda12" successfully created

#vgextend india /dev/sda12

Volume group "india" successfully extended



9)To resize the LV.

#lvresize -L +50m /dev/india/mumbai

Rounding up size to full physical extent 52.00 MB

Extending logical volume mumbai to 72.00 MB

Logical volume mumbai successfully resized



10)To check the LV by mounting.



1)To create mount point.

#mkdir /mumbai

#mkdir /chennai

#mkdir /delhi



2)To format the LV.

#mkfs.ext3 /dev/india/mumbai

#mkfs.ext3 /dev/india/chennai

#mkfs.ext3 /dev/india/delhi



3)To mount on mount point.

#mount /dev/india/mumbai /mumbai

#mount /dev/india/mumbai /chennai

#mount /dev/india/mumbai /delhi



4)To check.

#mount

/dev/mapper/india-mumbai on /mumbai type ext3 (rw)

#umount



11)LV Remove.

#lvremove /dev/india/mumbai

Do you really want to remove active logical volume "mumbai"? [y/n]: y

Logical volume "mumbai" successfully removed

#lvremove /dev/india/chennai

#lvremove /dev/india/delhi



12)VG Remove.

#vgremove india

Volume group "india" successfully removed



13)PV Remove.

#pvremove /dev/sda9 /dev/sda10 /dev/sda11 /dev/sda12

Labels on physical volume "/dev/sda9" successfully wiped

Labels on physical volume "/dev/sda10" successfully wiped

Labels on physical volume "/dev/sda11" successfully wiped

Labels on physical volume "/dev/sda12" successfully wiped



14)To update the logical volume with kernel.

#resize2fs /dev/share/mkt

Yum Configuretion

Why to use YUM ? Why not RPM ?
The rpm command-line utility has many functions for working with
individual RPM packages. You may use it to manually install and remove packages from your system. If you install software with the rpm utility, you must
manually check and install any dependencies. For this reason, pirut and yum are the recommended methods for installing software.
#####################################################

What YUM does ?
Use the yum utility to modify the software on your system in four ways:
· To install new software from package repositories
· To install new software from an individual package file
· To update existing software on your system
· To remove unwanted software from your system
####################################################
/etc/yum.conf <----- Configuration File
/etc/repos.d/ <----- Repository directory
####################################################


How to setUP local YUM repository ?

1. Mount rhel5 DVD
# mount /dev/hdb /mnt

2. Install vsftpd package
# rpm -ivh vsftpd-2.0.5-10.el5* --force --aid

3. Copy complete DVD into /var/ftp/pub directory.
# cd /mnt
# cp -rf * /var/ftp/pub

# mv /var/ftp/pub/Server/repodata /tmp

# mkdir /tmp/VT
# mv /var/ftp/pub/VT/repodata /tmp/VT

4. To Create repomd (xml-rpm-metadata) repository
# cd /mnt
# rpm -ivh createrepo-0.4.4-2.fc6.noarch.rpm --force --aid
# createrepo -g /tmp/repodata/comps-rhel5-server-core.xml /var/ftp/pub/Server
# createrepo -g /tmp/VT/repodata/comps-rhel5-vt.xml /var/ftp/pub/VT
# createrepo /var/ftp/pub/images

5. Start the ftp service
# service vsftpd restart

6. To configure repo file.
# cd /etc/yum.repos.d/
# cp rhel-debuginfo.repo base.repo

7. To configure base.repo file
# vi base.repo
[base]
name=server data
baseurl=ftp://192.168.0.254/pub/Server
gpgcheck=0

8. # cp base.repo base1.repo base2.repo
# vi base1.repo
[base1]
name=server data
baseurl=ftp://192.168.0.254/pub/VT
gpgcheck=0

# vi base2.repo
[base2]
name=server data
baseurl=ftp://192.168.0.254/pub/images
gpgcheck=0

IPTABLES (Firewall)

###################### IPTABLES ########################

*NATING = network address translation.

*PATING = port address translation.

*What is Routing
ANS :- forwarding the packet from 1 interface to another interface.

Postrouting - After routing change the source ip address.
              To hide the internel network (Dnat).

Prerouting - Before routing change the destination ip address.(Snat)

INPUT Chain - To configure in filter tables.

Targets --> ACCEPT,DROP,REJECT.
            drop - no acknoledgement
            reject - get acknoledgement.

icmp - internet control messege protocol.

#######################################################

1)To Configure the iptables command is.
#iptabls

                            Filter               NAT                            Mangle

                        INPUT           PREROUTING                 INPUT

CHAINS:-      OUTPUT        POSTROUTING              OUTPUT

                       FORWARD        OUTPUT                  PREROUTING

                                                                                    POSTROUTING
  
                                                                                    FORWARD

########################################################

1)To apply the rules.
ACCEPT,DROP,REJECT.

-L --> To listening
-A --> To append
-p --> Protocol
-j --> To jump
-F --> To flush

2)To check whether the rule is applied or not.
#iptables -L

3)To remove the previous rules.
#iptables -F

4)To remove the rule.
#iptables -D

5)To insert a rule.
#iptables -I


6)To install the rules.

1)(ping)input traficc block.
#iptables -A INPUT -p icmp -j DROP/reject

2)To block perticuler matchine.    
#iptables -A INPUT -p icmp -s 10.0.0.1 -j DROP/reject

3)To allow 1 matchine & block other all traffic.
#iptables -A INPUT -p icmp -s ! 10.0.0.1 -j DROP/reject

4)To block http service.
#iptables -A INPUT -p tcp --dport 80 -j DROP/reject

7)To set the iptables rules Permanent.
first set the rules.
#service iptables save

8)To delet the set rules.
#rm /etc/sysconfig/iptables

9)To remove a rule from the chain.
#iptables -D INPUT 1 -t filter

################### END #########################