%% $Header: /cvsroot/lcdp/lpic/general-linux-2/notes/gl2.notes.tex,v 1.10 2003/12/01 12:57:24 waratah Exp $ \documentclass[a4paper,10pt,fullpage]{book} %\usepackage{draftcopy} \usepackage{palatino} \usepackage{pifont} \usepackage{pstricks} \usepackage{graphicx} \usepackage{alltt} \usepackage{rotating} \usepackage{rotate} \usepackage{boxedminipage} \setlength{\columnsep}{30mm} \newcommand{\cmd}[1]{% \texttt{\$ \textbf{#1 \(\hookleftarrow\)}} } \newcommand{\rootcmd}[1]{% \texttt{\# \textbf{#1 \(\hookleftarrow\)}} } \newcommand{\opt}[1]{% {\bf\texttt{#1}} } %% Use \topic instead of \part \newcounter{topic} \newcommand{\topic}[2]{% \setcounter{topic}{#1}% \part*{\underline{\textsf{Topic \arabic{topic}}}\\[3ex]#2}% \addcontentsline{toc}{part}{\textsf{Topic \arabic{topic}:} #2} } %% Use \objective to replace \chapter \newcounter{objective}[topic] \newcommand{\objective}[2]{% \setcounter{objective}{#1}% \setcounter{chapter}{#1}% \setcounter{section}{0}% %\chapter*{#2}% \chapter*{\underline{\textsf{Objective \arabic{topic}.\arabic{objective}}}% \\[3ex]#2}% \addcontentsline{toc}{chapter}% {\textsf{Objective \arabic{topic}.\arabic{objective}:} #2}% } %\title{ LPIC General Linux 2 } \title{--- {\huge LPI Certification ---\\[3mm] --- General Linux 2} --- \\[3mm]\Large{\textsf{(Study Notes)} \footnote{Copyright \copyright 2002 Geoffrey Robertson. Permission is granted to make and distribute verbatim copies or modified versions of this document provided that this copyright notice and this permission notice are preserved on all copies under the terms of the GNU General Public License as published by the Free Software Foundation---either version 2 of the License or (at your option) any later version.} \footnote{ {\scriptsize RCS Id = $ $Id: gl2.notes.tex,v 1.10 2003/12/01 12:57:24 waratah Exp $ $} }}} \author{geoffrey hector robertson \\geoffrey@zip.com.au} %============================================================================= \begin{document}%============================================================= %============================================================================= %----10->|-----20->|-----30->|-----40->|-----50->|-----60->|-----70->|-----80-> \maketitle % \begin{abstract} % The % \end{abstract} \tableofcontents \noindent \setcounter{part}{1} \setcounter{chapter}{1} %****************************************************************************** %****************************************************************************** \topic{105}{Kernel} %****************************************************************************** %****************************************************************************** %****************************************************************************** \objective{1}{Manage/Query kernel and kernel modules at runtime} %============================================================================== \section{Overview} \label{sec:over102.1} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidates should be able to manage and/or query a kernel and kernel loadable modules. This objective includes using command-line utilities to get information about the currently running kernel and kernel modules. It also includes manually loading and unloading modules as appropriate. It also includes being able to determine when modules can be unloaded and what parameters a module accepts. Candidates should be able to configure the system to load modules by names other than their file name. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} /lib/modules/kernel-version/modules.dep /etc/modules.conf & /etc/conf.modules depmod insmod lsmod rmmod modinfo modprobe uname \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes102.1} %============================================================================== \section{Lab} \label{sec:lab102.1} %============================================================================== \section{Questions} \label{sec:questions102.1} %****************************************************************************** \objective{2}{Reconfigure, build, and install a custom kernel and kernel modules} %============================================================================== \section{Overview} \label{sec:over102.1} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidates should be able to customise, build, and install a kernel and kernel loadable modules from source This objective includes customising the current kernel configuration, building a new kernel, and building kernel modules as appropriate. It also includes installing the new kernel as well as any modules, and ensuring that the boot manager can locate the new kernel and associated files (generally located under /boot, see objective 1.102.2 for more details about boot manager configuration). %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities:} \begin{alltt} /usr/src/linux/* /usr/src/linux/.config /lib/modules/kernel-version/* /boot/* make make targets: config, menuconfig, xconfig, oldconfig, modules, install, modules_install, depmod \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes102.1} %============================================================================== \section{Lab} \label{sec:lab102.1} %------------------------------------------------------------------------------ \subsection{Build a Debian Kernel} \label{sec:deb_kern} %.............................................................................. \subsubsection{Catch a fresh kernel} \begin{itemize} \item Kernel sources are large so if you already have a recent kernel it is best to obtain patches to bring it up to date. \item Fresh kernels are to be had from \begin{alltt} http://www.kernel.org \end{alltt} be sure to use a mirror near you. \item Place your kernel in a suitable place: \begin{itemize} \item Under \texttt{/usr/src/} Note that this directory has group owner of \texttt{src}, so make yourself a member of the \texttt{src} group: \begin{alltt} \rootcmd{usermod -G src fred} \end{alltt} \item \texttt{/tmp} \item \texttt{/home/fred} \end{itemize} \end{itemize} %.............................................................................. \subsubsection{\texttt{apt-get} the Necessary Tools} \begin{alltt} \rootcmd{apt-get install debhelper modutils libncurses5-dev build-essential fakeroot} \end{alltt} %.............................................................................. \subsubsection{Edit \texttt{/etc/pkg-source.conf}} \begin{alltt} \rootcmd{ vi /etc/kernel-pkg.conf} \end{alltt} %.............................................................................. \subsubsection{Unarchive the Source} \begin{alltt} \cmd{cd /usr/src/} \cmd{tar zxvf linux-2.5.34.tar.gz} \cmd{cd linux-2.5.34} \end{alltt} %.............................................................................. \subsubsection{Use Your Existing \texttt{.config} as a Starting Place} \begin{alltt} \cmd{cp /boot/config-2.4.18-386 .config} \#YMMV \end{alltt} %.............................................................................. \subsubsection{Configure Your Kernel} \begin{alltt} \cmd{make oldconfig} \cmd{make xconfig} \#or menuconfig or config \end{alltt} %.............................................................................. \subsubsection{} %.............................................................................. \subsubsection{} %.............................................................................. \subsubsection{} %============================================================================== \section{Questions} \label{sec:questions102.1} %****************************************************************************** %****************************************************************************** \topic{106}{Boot, Initialisation, Shutdown and Runlevels} %****************************************************************************** %****************************************************************************** %****************************************************************************** \objective{1}{Boot the system} %============================================================================== \section{Overview} \label{sec:over106.1} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidates should be able to guide the system through the booting process. This includes giving commands to the boot loader and giving options to the kernel at boot time, and checking the events in the log files. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} dmesg /var/log/messages /etc/conf.modules or /etc/modules.conf LILO GRUB \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes106.1} %============================================================================== \section{Lab} \label{sec:lab106.1} %============================================================================== \section{Questions} \label{sec:questions106.1} %****************************************************************************** \objective{2}{Change runlevels and shutdown or reboot system} %============================================================================== \section{Overview} \label{sec:over1} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidates should be able to manage the runlevel of the system. This objective includes changing to single user mode, shutdown or rebooting the system. Candidates should be able to alert users before switching runlevel, and properly terminate processes. This objective also includes setting the default runlevel. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} shutdown init /etc/inittab \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes1} %============================================================================== \section{Lab} \label{sec:lab1} %============================================================================== \section{Questions} \label{sec:questions1} %****************************************************************************** %****************************************************************************** \topic{107}{Printing} %****************************************************************************** %****************************************************************************** %****************************************************************************** \objective{1}{Manage Printers and Print Queues} %============================================================================== \section{Overview} \label{sec:over107.2} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} The candidate should be able to manage print queues and user print jobs. This objective includes monitoring print server and user print queues and troubleshooting general printing problems %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} lpc lpq lprm lpr /etc/printcap \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[Printing-HOWTO] \begin{alltt} \end{alltt} \item[Printing-Usage-HOWTO] \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes1} %------------------------------------------------------------------------------ \subsection{\texttt{lpc} - Printer Control} \begin{itemize} \item \texttt{lpc} Is used to control a printer or print job \item Can be run interactively. \item Usage is: \texttt{lpc [command [argument]]} \end{itemize} %------------------------------------------------------------------------------ \subsection{\texttt{lpc} - Printer Control} \subsubsection{Example 1 - Non Interactive:} \begin{alltt} \rootcmd{lpc status} Printer Printing Spooling Jobs Server Subserver lp@Node4 enabled enabled 0 none none \end{alltt} \subsubsection{Example 2 - Interactive} \begin{alltt} \rootcmd{lpc} lpc> status Printer Printing Spooling Jobs Server Subserver lp@Node4 enabled enabled 0 none none lpc> quit \end{alltt} %------------------------------------------------------------------------------ \subsection{\texttt{lpc} Commands} For a complete list of commands, use the command \texttt{lpc help}. Some of the more important commands to know are: \begin{description} \item[\opt{abort}] - Immediately terminate active spool \& disable printing \item[\opt{disable}] - Stop spooling for this printer \item[\opt{enable}] - Start spooling for this printer \item[\opt{down}] - Disable spooling \& printing \item[\opt{up}] - Enable spooling \& printing \item[\opt{stop}] - Stop printing after current job is complete \item[\opt{start}] - Enable spooling \& start printing \item[\opt{quit}] - Exit from interactive mode \item[\opt{help}] - Show all commands \end{description} %------------------------------------------------------------------------------ \subsection{\texttt{lpq} - Display Printer Queue} \begin{itemize} \item Every print job is assigned a \textit{job-id} \item You need the job-id to remove or reorder a job in the queue \item lpq shows the job-id along with information about the job. \end{itemize} Usage is: \begin{alltt} # lpq [-P \textit{printer}] [\textit{Job-id}] \end{alltt} %------------------------------------------------------------------------------ \subsection{\texttt{lpq} - Example} \bf{Example - Show all jobs on default Queue} \begin{alltt} \small { # lpq Printer: lp@Node4 'lp0' (dest HPLjet@node10.aes) Queue: 2 printable jobs Server: pid 27354 active Unspooler: pid 27356 active Status: waiting for subserver to exit at 12:22:58.553 Rank Owner/ID Class Job Files .... 1 root@Node4+353 A 353 /etc/hosts .... 2 root@Node4+357 A 357 /etc/ntp.conf .... Printer: HPLjet@Node10 'lp0' (printing disabled ... } \end{alltt} %------------------------------------------------------------------------------ \subsection{\texttt{lprm} - Remove job(s) from Queue} \begin{itemize} \item lprm is used to remove jobs from a queue \item jobs can be removed by: \begin{itemize} \item by job-id (use lpq to find out) \item by user \end{itemize} \end{itemize} Usage is: \begin{alltt} # lprm [-P \textit{printer}] [\textit{Job-id} ...] [\textit{user} ...] \end{alltt} %------------------------------------------------------------------------------ \subsection{\texttt{lprm} - Example} \bf{Example - Remove all jobs owned by root} \begin{alltt} \small { # lprm root Printer lp@Node4: checking perms 'root@Node4+353' dequeued 'root@Node4+353' checking perms 'root@Node4+357' dequeued 'root@Node4+357' Printer HPLjet@Node10: # lpq } \end{alltt} %============================================================================== \section{Lab} \label{sec:lab1} \begin{enumerate} \item Use a GUI printer configuration tool such as Red Hat's \texttt{printtool} to set up a local generic postscript printer. Make it the default. \item Login as at least 2 different users. Have each user print some documents. As there is no printer attached these should remained queued. \item View the queue as a normal user and try to dequeue your own print jobs and the print jobs belonging to others. \item Login as root: \begin{enumerate} \item View the queue with \texttt{lpq}. \item Use \texttt{lpc} to reorder the queue. \item Use \texttt{lprm} to remove some items from the queue. \end{enumerate} \item Delete all print jobs from the print queue. \item Restart \texttt{lpd}. \end{enumerate} %============================================================================== \section{Questions} \label{sec:questions1} %****************************************************************************** \objective{3}{Print files} %============================================================================== \section{Overview} \label{sec:over107.3} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidates should be able to manage print queues and manipulate print jobs. This objective includes adding and removing jobs from configured printer queues and converting text files to postscript for printing. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} lpr lpq mpage \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[Printing-HOWTO] \begin{alltt} \end{alltt} \item[Printing-Usage-HOWTO] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes107.3} %------------------------------------------------------------------------------ \subsection{\texttt{lpr} - Submit job to Print Queue} \begin{itemize} \item lpr is used to submit a job to the print queue \item lpr can be run from the command line \item lpr assumes text is to be printed by default \item lpr uses \texttt{/etc/printcap} for printer settings \end{itemize} \subsubsection{Usage of lpr is:} \begin{alltt} \texttt{lpr [-P\textit{printer}] [-\#\textit{num}] filename ...} \end{alltt} \subsubsection{Example:- Print /etc/hosts file to spool lp0} \begin{alltt} \cmd{lpr -Plp0 /etc/hosts} \end{alltt} %------------------------------------------------------------------------------ \subsection{\texttt{a2ps} - Convert ASCII to Postscript} \begin{itemize} \item Most Unix sites use postscript printers \item You can not send an ASCII file directly to a postscript printer \item To convert from ASCII to ps, use \texttt{a2ps} \end{itemize} \subsubsection{Usage:} \begin{alltt} \texttt{a2ps [-o \textit{out-file}] in-file} \end{alltt} \subsubsection{Example:} \begin{alltt} \cmd{a2ps -o myfile.ps myfile.txt} \cmd{cat myfile.ps > /dev/lp0} \end{alltt} %------------------------------------------------------------------------------ \subsection{\texttt{mpage} - Print multiple pages per page} \begin{itemize} \item mpage will print multiple pages per physical page \item Input can be either text or postscript \item 1, 2, 4 or 8 pages can be printed per page \item Output can be directed to printer or stdout \end{itemize} Usage: \begin{alltt} \texttt{mpage [-1248] [options] input-file ...} \end{alltt} \subsubsection{Example: Print 4 pages per page on A4} \begin{alltt} \cmd{mpage -4 -b A4 bigfile.ps | lpr} \end{alltt} %============================================================================== \section{Lab} \label{sec:lab107.3} %============================================================================== \section{Questions} \label{sec:questions107.3} %****************************************************************************** \objective{4}{Install and Configure Local and Remote Printers} %============================================================================== \section{Overview} \label{sec:over107.4} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidate should be able to install a printer daemon, install and configure a print filter (e.g.: apsfilter, magicfilter). This objective includes making local and remote printers accessible for a Linux system, including postscript, non-postscript, and Samba printers. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} lpd /etc/printcap /etc/apsfilter/* /var/lib/apsfilter/*/ /etc/magicfilter/*/ /var/spool/lpd/*/ \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[Printing-HOWTO] \begin{alltt} \end{alltt} \item[Printing-Usage-HOWTO] \begin{alltt} \end{alltt} \item[] \begin{alltt} www.linuxprinting.org \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes107.4} %------------------------------------------------------------------------------ \subsection{Linux Printing} \begin{itemize} \item There are several packages available for linux printing: \begin{itemize} \item LPR \item LPRng \item Cups \end{itemize} \item LPR (or LPRng) is the default on most Linux distros \item Major components of the LPR subsystem are: \begin{description} \item[\texttt{lpd}] - The printing daemon \item[\texttt{lpr}] - A tool to submit jobs into the queue \item[\texttt{lprm}] - A tool to remove jobs from the queue \item[\texttt{lpq}] - A tool to view jobs in the queue \item[\texttt{lpc}] - An administration tool for printers \& queues \end{description} \end{itemize} %------------------------------------------------------------------------------ \subsection{Installing a Printer} \begin{itemize} \item There are two ways to install a printer under Linux: \item The easy way! - Use a GUI like \texttt{printtool} \item The hard way: \begin{itemize} \item Edit \texttt{/etc/printcap} \item Create the spool directory \item Touch the log file \item Restart \texttt{lpd} \end{itemize} \end{itemize} %------------------------------------------------------------------------------ \subsection{\texttt{/etc/printcap} - The configuration file} \texttt{/etc/printcap} contains information about {\it all} printers on the system (including remote printers) An example looks like: \begin{verbatim} HPLjet|lp|lp0:\ :ml=0:\ :mx=0:\ :sd=/var/spool/lpd/HPLjet:\ :sh:\ :lp=/dev/lp0:\ :lf=/var/spool/lpd/HPLjet/log:\ :if=/usr/share/printconf/util/mf_wrapper: \end{verbatim} %------------------------------------------------------------------------------ \subsection{\texttt{/etc/printcap} - The configuration file} Key points to note about \texttt{printcap} format: \begin{itemize} \item Comments start with a '\#' \item Any line not starting with a colon or pipe is the start of a printer definition \item Each line of a definition ends in a backslash except the last line \item lpd must be restarted each time \texttt{/etc/printcap} is edited \item Spool directory \& log file must be created manually \end{itemize} \begin{description} \item[\texttt{if}] Define the input filter \item[\texttt{lf}] Define the printer log file \item[\texttt{lo}] Define the lock file created when printer is in use \item[\texttt{mx}] Define the maximum size of a print job \item[\texttt{rm}] Specify printer is on remote machine. Eg \texttt{:rm=192.168.222.254:} \item[\texttt{rp}] Define remote printer name. Eg \texttt{:rp=HPLjet:} \item[\texttt{sh}] Tell lpd not to print banner pages \item[\texttt{sd}] Specify spool directory \end{description} %------------------------------------------------------------------------------ \subsection{Creating spool directory \& log file} The spool directory should be owned by \texttt{lp} and have permissions set to 700: \begin{itemize} \item \rootcmd{mkdir /var/spool/lpd/HPLjet} \item \rootcmd{chown lp:lp /var/spool/lpd/HPLjet} \item \rootcmd{chmod 0700 /var/spool/lpd/HPLjet} \end{itemize} The log file should have permissions set to 666 and have the same ownership as the spool directory: \begin{itemize} \item \rootcmd{touch /var/spool/lpd/HPLjet/log} \item \rootcmd{chown lp:lp /var/spool/lpd/HPLjet/log} \item \rootcmd{chmod 0666 /var/spool/lpd/HPLjet/log} \end{itemize} %------------------------------------------------------------------------------ \subsection{Controlling printer access} \begin{itemize} \item Printer access is controlled through \texttt{/etc/hosts.lpd} \item If the file does not exist, all access is granted \item If the file exists, only those in the list will be granted access \item The format is: \texttt{[host [user]]} \end{itemize} Example: All access from \texttt{box2.c222}, only greg from \texttt{box3.c222} \begin{alltt} box2.c222 box3.c222 greg \end{alltt} %------------------------------------------------------------------------------ \subsection{Print Filters} \begin{itemize} \item A print filter converts data to be printed into a language that your printer understands \item There are several print filter packages: \begin{itemize} \item Apsfilter \item Magicfilter \item Red Hat's PrintTool \item Foomatic \end{itemize} \end{itemize} %------------------------------------------------------------------------------ \subsection{Key Point Summary} \begin{itemize} \item Most Linux Systems use LPR (or LPRng) \item Local \& remote printer configs are stored in \texttt{/etc/printcap} \item The print spool directory \& log file must be created manually \item Print access is controlled using \texttt{/etc/hosts.lpd} \item Print filters convert different data types to a language understood by the printer \item The \texttt{lpd} daemon is responsible for getting jobs from the user, putting them through the filter and delivering them to the spool directory. \item The \texttt{lpc} program is used to control the printer and print spools \item The \texttt{lpq} program is used to view the print queues \item The \texttt{lprm} program is used to remove jobs from the queues \item The \texttt{lpr} program is used to submit jobs into the queue. \end{itemize} %============================================================================== \section{Lab} \label{sec:lab107.4} %============================================================================== \section{Questions} \label{sec:questions107.4} %****************************************************************************** %****************************************************************************** \topic{108}{Documentation} %****************************************************************************** %****************************************************************************** %****************************************************************************** \objective{1}{Use and manage local system documentation} %============================================================================== \section{Overview} \label{sec:over108.1} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidates should be able to use and administer the man facility and the material in \texttt{/usr/share/doc/}. This objective includes finding relevant man pages, searching man page sections, finding commands and man pages related to them, and configuring access to man sources and the man system. It also includes using system documentation stored in \texttt{/usr/share/doc/} and determining what documentation to keep in \texttt{/usr/share/doc/}. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes108.1} %============================================================================== \section{Lab} \label{sec:lab108.1} %============================================================================== \section{Questions} \label{sec:questions108.1} %****************************************************************************** \objective{2}{Find Linux documentation on the Internet} %============================================================================== \section{Overview} \label{sec:over108.2} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidates should be able to find and use Linux documentation. This objective includes using Linux documentation at sources such as the Linux Documentation Project (LDP), vendor and third-party websites, newsgroups, newsgroup archives, and mailing lists. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes108.2} %============================================================================== \section{Lab} \label{sec:lab108.2} %============================================================================== \section{Questions} \label{sec:questions108.2} %****************************************************************************** \objective{5}{Notify Users on System-Related Issues} %============================================================================== \section{Overview} \label{sec:over108.5} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidates should be able to notify the users about current issues related to the system. This objective includes automating the communication process, e.g. through logon messages. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} /etc/issue /etc/issue.net /etc/motd \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes on \texttt{/etc/issue} and \texttt{/etc/motd}} \label{sec:notes108.5} %------------------------------------------------------------------------------ \subsection{Customise the Local Login screen with \texttt{/etc/issue}} \begin{itemize} \item The login screen for RH73 looks like this: \begin{alltt} Red Hat Linux release 7.3 (Valhalla) Kernel 2.4.18-3 on an i686 login: \end{alltt} \item The \texttt{getty} process spawned by \textsf{init} presents the contents of the file \texttt{/etc/issue} and provides a \texttt{login:} prompt for the user. \item The file \texttt{/etc/issue} \begin{alltt} \cmd{cat /etc/issue} Red Hat Linux release 7.3 (Valhalla) Kernel \textbackslash{}r on an \textbackslash{}m \end{alltt} \end{itemize} %------------------------------------------------------------------------------ \subsection{{man issue}} {\scriptsize \begin{alltt} ISSUE(5) Linux Programmer's Manual ISSUE(5) NAME issue - pre-login message and identification file DESCRIPTION The file /etc/issue is a text file which contains a message or system identification to be printed before the login prompt. It may contain various @char and \textbackslash{}char sequences, if supported by getty(1). FILES /etc/issue SEE ALSO getty(1), motd(5) Linux 1993-07-24 ISSUE(5) \end{alltt} } %------------------------------------------------------------------------------ \subsection{{man getty}---embedded in the \texttt{/etc/issue}} {\scriptsize \begin{alltt} \textbackslash{}d insert current day (localtime), \textbackslash{}l insert line on which mingetty is running, \textbackslash{}m inserts machine architecture (uname -m), \textbackslash{}n inserts machine's network node hostname (uname -n), \textbackslash{}o inserts domain name, \textbackslash{}r inserts operating system release (uname -r), \textbackslash{}t insert current time (localtime), \textbackslash{}s inserts operating system name, \textbackslash{}u resp. \textbackslash{}U the current number of users which are currently logged in. \textbackslash{}U inserts "n users", where as \textbackslash{}u only inserts "n". \textbackslash{}v inserts operating system version (uname -v). \end{alltt} %------------------------------------------------------------------------------ \subsection{Telnet uses \texttt{/etc/issue.net}} {\scriptsize \begin{alltt} The following sequences are supported by telnetd: %l - show the current tty %h, %n - show the system node name (FQDN) %D, %o - show the name of the NIS domain %d, %t - show the current time and date %s - show the name of the operating system %m - show the machine (hardware) type %r - show the operating system release %v - show the operating system version %% - display a single '%' character \end{alltt} } %------------------------------------------------------------------------------ \subsection{Message of the Day---\texttt{motd}} \subsubsection{Login Sequence} \begin{itemize} \item Contents of \texttt{/etc/issue} is displayed. \item \texttt{getty} displays the login prompt. \item \texttt{/bin/login} handles the login process. \begin{itemize} \item User is authorised. \item Contents of \texttt{/etc/motd} is displayed. \item The login shell is executed. \end{itemize} \end{itemize} %------------------------------------------------------------------------------ \subsection{Manpage for \texttt{motd}} {\scriptsize \begin{alltt} MOTD(5) Linux Programmer's Manual MOTD(5) NAME motd - message of the day DESCRIPTION The contents of /etc/motd are displayed by login(1) after a suc­ cessful login but just before it executes the login shell. The abbreviation "motd" stands for "message of the day", and this file has been traditionally used for exactly that (it requires much less disk space than mail to all users). FILES /etc/motd SEE ALSO login(1), issue(5) Linux 1992-12-29 MOTD(5) \end{alltt} } \newpage %============================================================================== \section{Lab on \texttt{/etc/issue} and \texttt{/etc/motd}}} \label{sec:lab108.5} \begin{enumerate} \item Before altering any of the system files back them up: \begin{alltt} \rootcmd{cp issue issue.orig} \rootcmd{cp issue.net issue.net.orig} \rootcmd{cp motd motd.orig} \end{alltt} \item Edit \texttt{/etc/issue} and place a suitable message there. Try out some of the embedded codes from the man page such as \texttt{\textbackslash{}t}. Login from another virtual terminal and check your results. \item Edit \texttt{/etc/issue.net} and place a suitable message there. Try out some of the embedded codes from the man page such as \texttt{\%{}t}. Telnet to you host from another system and check your results. \item Edit \texttt{/etc/motd} and place a suitable message there. Login from another virtual terminal and check your results. \item Replace the system files with the original versions: \begin{alltt} \rootcmd{cp issue.orig issue} \rootcmd{cp issue.net.orig issue.net} \rootcmd{cp motd.orig motd} \end{alltt} \item Login and check that the systems are ``as installed''. \end{enumerate} %============================================================================== \section{Questions} \label{sec:questions108.5} %****************************************************************************** %****************************************************************************** \topic{109}{Shells, Scripting, Programming, Compiling} %****************************************************************************** %****************************************************************************** %****************************************************************************** \objective{1}{Customise and use the shell environment} %============================================================================== \section{Overview} \label{sec:over109} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidate should be able to customise shell environments to meet users' needs. This objective includes setting environment variables (e.g. PATH) at login or when spawning a new shell. It also includes writing bash functions for frequently used sequences of commands. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} ~/.bash_profile ~/.bash_login ~/.profile ~/.bashrc ~/.bash_logout ~/.inputrc function (Bash built-in command) export env set (Bash built-in command) unset (Bash built-in command) \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes109.1} %------------------------------------------------------------------------------ \subsection{Bash Configuration Files} \begin{itemize} \item When a user logs in to a \texttt{bash} shell the following configuration files are usually executed: \begin{description} \item[\texttt{/etc/profile}] System wide profile, common to all users and shells \item[\texttt{\~{}/.bash\_profile}] Executed after \texttt{/etc/profile} at login \item[\texttt{\~{}/.bashrc}] Executed after \texttt{~/.bash\_profile} at login \end{description} \item Note \texttt{~/.bashrc} is executed when any new \texttt{bash} shell is spawned \end{itemize} %------------------------------------------------------------------------------ \subsection{Bash Aliases} \begin{itemize} \item \end{itemize} %------------------------------------------------------------------------------ \subsection{Bash Functions} \begin{itemize} \item Functions work similarly to aliases but allow more complex constructions. \item They have the following syntax: \begin{alltt} \cmd{[ function ] NAME() \{ COMMAND_LIST;\}} \end{alltt} \item Where \begin{description} \item[\texttt{function}] Optional tag \item[\texttt{NAME()}] The name of the function \item[\texttt{COMMAND\_{}LIST}] The body of the function \end{description} \item Functions may be stored in \texttt{\~{}/.bashrc} \end{itemize} %------------------------------------------------------------------------------ \subsection{Function Example} \begin{itemize} \item This simple function prints the current working directory and the list of files in it: \begin{alltt} \cmd{function look() \{ pwd; ls;\}} \end{alltt} \item This function would be used like this: \begin{alltt} \cmd{look} /home/geoffrey/lpic/general-linux-2/notes CVS _whizzy_gl2.notes.fmt _whizzy_gl2.notes.pag \end{alltt} \end{itemize} %------------------------------------------------------------------------------ \subsection{Valid Function Definitions} \begin{itemize} \item \verb+$ function look() { pwd; ls;}+ \item \verb+$ function look { pwd; ls; }+ \item \verb+$ look() { pwd; ls;} +%$ \item \begin{verbatim} $ look() > { > pwd; > ls; > } \end{verbatim} \end{itemize} %------------------------------------------------------------------------------ \subsection{Invalid Function Definitions} \begin{itemize} \item \verb+$ function look() pwd; ls; + \item \verb+$ look() { pwd; ls } + \item \verb+$ function look() {pwd; ls;}+%$ \end{itemize} %------------------------------------------------------------------------------ \subsection{Invalid Function Definitions} \begin{itemize} \item \verb+$ function look() pwd; ls; + \item \verb+$ look() { pwd; ls } + \item \verb+$ function look() {pwd; ls;}+%$ \end{itemize} %------------------------------------------------------------------------------ \subsection{Example from Jeffrey Dean's Nutshell Book} \begin{itemize} \item \begin{alltt} \cmd{laps () \{} > ls -l \$1 > ps aux | grep `/usr/bin/basename \$1` > \} \end{alltt} \item Use the \texttt{laps()} function: {\scriptsize \begin{alltt} \cmd{laps /usr/sbin/sshd} -rwxr-xr-x 1 root root 276200 Jun 29 01:28 /usr/sbin/sshd root 255 0.0 0.3 2792 1216 ? S Aug31 0:00 /usr/sbin/sshd geoffrey 1187 0.0 0.1 1332 424 pts/1 R 14:39 0:00 grep sshd \end{alltt} } \end{itemize} %============================================================================== \section{Lab} \label{sec:lab109.1} %------------------------------------------------------------------------------ \subsection{Exercise} %============================================================================== \section{Questions} \label{sec:questions109.1} %****************************************************************************** \objective{2}{Customise or write simple scripts} %============================================================================== \section{Overview} \label{sec:over109.2} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidate should be able to customise existing scripts, or write simple new (ba)sh scripts. This objective includes using standard sh syntax (loops, tests), using command substitution, testing command return values, testing of file status, and conditional mailing to the superuser. This objective also includes making sure the correct interpreter is called on the first (\#!) line of scripts. This objective also includes managing location, ownership, execution and suid-rights of scripts. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities:} \begin{alltt} while for test chmod \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{enumerate} \item Bash Programming Introduction (LDP HOWTO) \begin{alltt} http://www.linux.org/docs/ldp/howto/Bash-Prog-Intro-HOWTO.html \end{alltt} \item Linux Shells by Example\\ \textit{by Ellie Quigley}\\ \textsf{ISBN 0-13-0141711-7}\\ Prentice Hall \item LINUX \& UNIX Shell Programming\\ \textit{David Tansley}\\ \textsf{ISBN 0-201-67472-6}\\ ADDISON-WESLEY \end{enumerate} %============================================================================== \newpage \section{Notes} \label{sec:notes109.2} %============================================================================== \section{Lab} \label{sec:lab109.2} %============================================================================== \section{Questions} \label{sec:questions109.2} %****************************************************************************** %****************************************************************************** \topic{111}{Administrative Tasks} %****************************************************************************** %****************************************************************************** %****************************************************************************** \objective{1}{Manage users and group accounts and related system files} %============================================================================== \section{Overview} \label{sec:over111.1} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidate should be able to add, remove, suspend and change user accounts. Tasks include to add and remove groups, to change user/group info in passwd/group databases. The objective also includes creating special purpose and limited accounts. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} chageg passwd groupadd groupdel groupmod grpconv grpunconv passwd pwconv pwunconv useradd userdel usermod /etc/passwd /etc/shadow /etc/group /etc/gshadow \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[The Linux System Administrators' Guide] Chapter 9 - Managing User Accounts \item[Manpages] useradd usermod userdel groupadd groupmod groupdel useradd passwd chage \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes111.1} %============================================================================== \section{Lab} \label{sec:lab111.1} %============================================================================== \section{Questions} \label{sec:questions111.1} %****************************************************************************** \objective{2}{Tune the user environment and system environment variables} %============================================================================== \section{Overview} \label{sec:over111.2} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidate should be able to modify global and user profiles. This includes setting environment variables, maintaining skel directories for new user accounts and setting command search path with the proper directory. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} env export set unset /etc/profile /etc/skel \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes111.2} %============================================================================== \section{Lab} \label{sec:lab111.2} %============================================================================== \section{Questions} \label{sec:questions111.2} %****************************************************************************** \objective{3}{Configure and use system log files to meet administrative and security needs} %============================================================================== \section{Overview} \label{sec:over111.3} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidate should be able to configure system logs. This objective includes managing the type and level of information logged, manually scanning log files for notable activity, monitoring log files, arranging for automatic rotation and archiving of logs and tracking down problems noted in logs. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} logrotate tail -f /etc/syslog.conf /var/log/* \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes111.3} %============================================================================== \section{Lab} \label{sec:lab111.3} %============================================================================== \section{Questions} \label{sec:questions111.3} %****************************************************************************** \objective{4}{Automate system administration tasks by scheduling jobs to run in the future} %============================================================================== \section{Overview} \label{sec:over111.4} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidate should be able to use \texttt{cron} or \texttt{anacron} to run jobs at regular intervals and to use at to run jobs at a specific time. Task include managing cron and at jobs and configuring user access to cron and at services. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} at atq crontab /etc/anacrontab /etc/at.deny /etc/at.allow /etc/crontab /etc/cron.allow /etc/cron.deny /var/spool/cron/* \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes on Using \texttt{at}and \texttt{cron} } \label{sec:notes111.4} Notes from a talk by Angus Lees %------------------------------------------------------------------------------ \subsection{The \texttt{at} command} \texttt{at} takes a time and a list of commands to run. Any output to \textsc{STDOUT} or \textsc{STDERR} will be mailed to the user running \texttt{at}. \begin{alltt} \cmd{at 2pm} warning: commands will be executed using /bin/sh at> date \(\hookleftarrow\) at> ^D \(\hookleftarrow\) job 3 at 2002-05-08 14:00 \end{alltt} The current umask, working directory and environment (except for \textsc{TERM}, \textsc{DISPLAY} and \textsc{\_}) are saved and restored before running the job (unlike \texttt{cron}). The commands to run will be read from \textsc{STDIN} or from a file given with \opt{-f}. %------------------------------------------------------------------------------ \subsection{Example \texttt{at} time specifications} \texttt{at} allows a \emph{very} flexible time format. \begin{description} \item[\texttt{17:36}] Run at 5:36pm today or tomorrow. \item[\texttt{9pm May 8}] Run at 9pm on May 8th. \item[\texttt{noon tomorrow}] Run at 12pm tomorrow. \item[\texttt{now + 2 hours}] Run in 2 hours. \end{description} See~\underline{at}(1) for more details. %------------------------------------------------------------------------------ \subsection{Queued jobs} \texttt{atq} lists a user's pending jobs. \begin{alltt} \cmd{atq} \underline{3} 2002-05-08 14:00 a gus \end{alltt} \cmd{atrm \underline{3}} removes the queued job. \cmd{at -c \underline{3}} dumps the job on \textsc{STDOUT}. %------------------------------------------------------------------------------ \subsection{\texttt{crontab}} \texttt{cron} is a daemon that reads everyone's \texttt{crontab} information, spawning new tasks at the appropriate times. \begin{description} \item[\texttt{crontab \textit{file}}] Replace your crontab file with \textit{file}. \item[\texttt{crontab -l}] List your crontab. \item[\texttt{crontab -r}] Remove your crontab. \item[\texttt{crontab -e}] Edit your crontab (with \textsc{\$EDITOR}). \end{description} %------------------------------------------------------------------------------ \subsection{\texttt{crontab} file format} A sample \texttt{crontab} file: \begin{alltt} 0 7 1 mon jan * echo "sleep in, you dont feel so good" # gratuitous noise 0 17 * * mon,wed,fri wall\%meeting in 5 minutes\% 0 9-18 * * mon-fri \$HOME/bin/cron.bihourly \end{alltt} %------------------------------------------------------------------------------ \subsection{\texttt{cron} from root} A few extra issues arise when editing \texttt{/etc/crontab} (and similar ``system'' crontab files): \begin{itemize} \item Don't use \texttt{crontab -e}, edit \texttt{/etc/crontab} directly. \item A new column (after timespec, before command) gives the user to the command run as. \item Distributions often create directories for ``common'' frequencies. It usually makes much more sense to place a script in there, rather than adding your own crontab lines. Debian (for example) runs any scripts in \texttt{/etc/cron.\{daily,weekly,monthly\}} -- but these are triggered from normal entries in \texttt{/etc/crontab}, so there's no real mystery here. \item \emph{(Debian specific?)} \texttt{/etc/cron.d/*} is read in addition to \texttt{/etc/crontab} (they also have the extra user field). \end{itemize} %------------------------------------------------------------------------------ \subsection{\texttt{anacron}} Apparently some people turn their machines off. If your computer is always turned off at night (for example), then daily jobs which are usually scheduled to run in the wee hours, will never be run. This is a problem. \texttt{anacron} fixes this by running any missed jobs after a reboot (or other times, like AC-on for laptops). Since anacron can't use the crontab files, it has its own simplified \texttt{/etc/anacrontab}. If you only use the standard \texttt{/etc/cron.{daily,monthly,weekly}}, then no further configuration will be necessary. Otherwise, see~\underline{anacrontab}(5). \emph{Note that the frequency of anacron jobs can only be specified in days.} \newpage %============================================================================== \section{Exercises Using \texttt{at} and \texttt{cron} } \label{sec:exercises111.4} \subsubsection{(Contributed by Angus Lees)} Solve the following problems using either \texttt{at} or \texttt{cron}. \subsection{Backups} Backup your home directory every Saturday night. A simple \texttt{tar} to a fixed filename is fine. \subsection{Merry Christmas} Send a ``Merry Christmas'' email to yourself at midday every Christmas day. \subsection{Happy Easter} Send a ``Happy Easter'' email to yourself at 10am on the next Easter Sunday. (\texttt{ncal -e} will give you the date of Easter Sunday) \subsection{Backups again} Backup your home directory at 10pm every week night. \subsection{Watch for Evil Longhairs} Every 5 minutes during business hours, check the process list for any processes named ``crack''. Email yourself the appropriate lines. \subsection{Every Easter} Send yourself an email at midday on \emph{every} Easter Sunday. \vfill \begin{flushright} \emph{(Answers on next page. No peeking)} \end{flushright} \pagebreak \section{Solutions for Exercises Using \texttt{at} and \texttt{cron}} \subsection{Backups} \begin{verbatim} # backup home directory at 10pm every saturday 0 20 * * sat tar czf /tmp/$USER.tar.gz $HOME \end{verbatim} Don't be that predictable in real life though, since people could create a \texttt{/tmp/\$yourusername.tar.gz} symlink pointing to your carefully archived email, and your cronjob would overwrite your email every night! Presumably in real life, you would be backing up to somewhere safer than \texttt{/tmp} anyway. \subsection{Merry Christmas} \begin{verbatim} # email cards are so much cheaper.. 0 12 25 12 * echo "Merry Christmas" \end{verbatim} Note that there's no need to call \texttt{mail} (or similar), since cron will mail us the command output anyway. \subsection{Happy Easter} Next Easter Sunday is 20th April, 2003. \begin{verbatim} $ at 10am April 20 at> echo "Happy Easter" at> ^D \end{verbatim} Again, note that \texttt{at} itself will mail us any output from the command. \subsection{Backups again} \begin{verbatim} # backup home directory at 10pm every week night 0 20 * * mon-fri tar czf /tmp/$USER.tar.gz $HOME \end{verbatim} Note the earlier warning about writing to predictable filenames in \texttt{/tmp}. \subsection{Watch for Evil Longhairs} \begin{verbatim} # check every 5 minutes, 9-5 week days */5 9-17 * * mon-fri ps aux | grep crack \end{verbatim} \subsection{Every Easter} Easter Sunday keeps moving, hence we can't just set a cron job. What we \emph{can} do is create an \texttt{at} job that will reschedule itself automatically. Create a shell script somewhere, lets call it \texttt{\$HOME/easter.sh}, containing: \begin{verbatim} #!/bin/sh # payload echo "Happy Easter" # date of *next* easter sunday nextyear=$(expr $(date '+%Y') + 1) nexteaster=$(ncal -e $nextyear) # massage "20 April 2003" into "April 20 2003" atdate=$(echo $nexteaster | awk '{print $2,$1,$3}') # reschedule ourselves echo $0 | at $atdate \end{verbatim} Note that this is fairly fragile: if something goes wrong, it will not reschedule and you'll never know. It would be arguably better to just write a simple shell loop that will schedule ``echo Happy Easter'' for the next 100 Easter Sundays. %============================================================================== \section{Lab} \label{sec:lab111.4} %============================================================================== \section{Questions} \label{sec:questions111.4} %****************************************************************************** \objective{5}{Maintain an effective data backup strategy} %============================================================================== \section{Overview} \label{sec:over111.5} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidate should be able to plan a backup strategy and backup filesystems automatically to various media. Tasks include dumping a raw device to a file or vice versa, performing partial and manual backups, verifying the integrity of backup files and partially or fully restoring backups. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} cpio dd dump restore tar \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes111.5} %------------------------------------------------------------------------------ \subsection{Backup Overview} Prepared by Grant Parnell \bigskip Decide what data is important and how long you can do without it. \begin{itemize} \item Is this used 24 x 7 or just business hours? \item During business hours how long can you do without it? 4 hours, 30 minutes, 5 minutes? \item How up-to-date is it required to get you running in an emergency? \item Are you backing up for archival or high availability or espionage? \end{itemize} %------------------------------------------------------------------------------ \subsubsection{Examples of Data} \begin{description} \item[Static:] Configurations of running servers. You need these 24x7 but they don't change much. \item[Databases / Transactions - financial \& otherwise:] These are updated frequently and need to balance. Associated with these are logs and duplication and other means of rollback and integrity checking. With databases it's often a good idea to dump them in a good portable format, especially if the inbuilt format is not cross platform or cross version compatible. EG 'mysqldump mydata >mydata.dump' will give you a text file which can be used on most mysql versions and possibly adapted to other database packages. \item[Logs:] People don't tend to read them unless something goes wrong in which case they're valuable. These need to be kept but don't need to be restored in a hurry. \item[Home directories:] This is a mixed bag of everything but some policies could be instated to make the admin's life easier. EG Making specific sub-directories for things and assigning them different backup/restore priorities. Often the existence of a home directory is more important than the rest of the contents as it may make a user unable to login without it. \item[Code repositories:] Programmers should be accustomed to doing regular backups anyway, they often need to revert to an old version to figure out what they broke. Any tools used such as CVS that have a central repository should be backed up almost as often as programmers commit code, at least once a day but they could probably cope with it being missing for half a day. \item[High availability - read only:] Websites frequently used by your clients. They can contain dynamic data but customers don't update it. This sort of scenario lends itself to frequent replication to a backup server. \item[High availability - interactive:] Taking a website again, this one might allow the customer to do such things as place orders. The website maintains some state information to allow building of an order. This is the most difficult, the state information can be stored in a replicated database. In the event of web server failure the other one comes into play and the customer may have to login again but the information is kept. (Otherwise complex designs and expensive hardware can be used to seamlessly migrate the state to the other webserver). \end{description} %------------------------------------------------------------------------------ \subsubsection{Important Linux directories} \footnotesize \begin{verbatim} /var/spool/mail - daily backup /var/lib/mysql - databases - backup the dumps, and possibly the binary. /var/log ? - from "don't care" to "backup daily" /etc - backup config changes /home - be selective, but if you can't backup daily. /home//mail - contains the user's mail folders (may also be 'Mail' or 'Maildir') /home//.ssh - If you login using ssh keys only, this is a must have. /usr/local - locally installed apps & data Application specifics \end{verbatim} \normalsize %------------------------------------------------------------------------------ \subsection{Backup \& Restore methods} %------------------------------------------------------------------------------ \subsubsection{Copy the files to another directory} This is the poor mans backup and does not offer much peace of mind. It does protect against accidental deletion and corruption by users. One advantage is that it can be very quick for things such as log files. You can also keep multiple copies, one for every day of the week for example. See /etc/logrotate.conf. %------------------------------------------------------------------------------ \subsubsection{Backup to a standby partition} This has about the same level of peace of mind as the above. The backup partition can be left un-mounted after the backup. The backup is slower than the above but the restore operation can be quick. See also "Broken Mirror" method below. %------------------------------------------------------------------------------ \subsubsection{Backup to tape} This is probably the most common backup used in the commercial world. It's easy to backup the lot every day provided you have the tape capacity. If you don't, you become more selective as to what to backup. There's a variety of software to do this but there's 3 main basic systems. Tar, cpio and dump. Often commercial software uses these basic systems and provide for labelling and indexing as well as multi-server capability from a simple GUI. The reason for using the basic systems is you can restore from them if you have to. %------------------------------------------------------------------------------ \subsubsection{Backup to standby disk} This can offer peace of mind and a fairly cheap backup for people that don't require 24x7 service. Basically a removable drive bay houses another hard disk of similar capacity and the entire system is backed up. This can be done partition by partition or file by file using dd, cpio or rsync. Additional steps can be taken to ensure that the backup is also bootable. The backup drive should be removed once done and treated like a tape. The disadvantage here is that you most likely will need to power down the system twice for one backup. Alternately, if you have an external USB or fire-wire storage medium it becomes possible to do this without downtime. %------------------------------------------------------------------------------ \subsubsection{Backup to CDROM/DVD} Under Linux (as far as I know) there's no software to directly write data without creating an image first. This means there must be sufficient space available. It would be possible to create a bootable CD with restore software and a compressed filesystem but I haven't seen this. It may be OK if you don't have a large filesystem or you have a DVD writer or you're not backing up everything. %------------------------------------------------------------------------------ \subsubsection{RAID System} Not strictly a backup but a RAID system can protect against hard drive failure by providing redundancy. Data is written simultaneously to 2 or more hard drives and can include parity information. It does not protect against corrupt databases and people removing files. It will corrupt and remove files equally well on all disks. Linux can do RAID in software very well but the ideal is a hardware solution involving hot swappable disks so they can be replaced while the system is fully running. A RAID system can mean the difference between going on-site at 3am and saying "Oh dear, we'll replace that first thing in the morning". Just ensure that you do have a replacement readily available and do not have to wait a week. %------------------------------------------------------------------------------ \subsubsection{RAID Tape array} In a similar manner to RAID 5 disks, data is written in parallel to 5 tape drives which increases throughput and data integrity. %------------------------------------------------------------------------------ \subsubsection{Backup Server} All of the methods discussed so far involve direct transfer from server to backup medium. If you have a number of servers it may not be practical to install backup devices on each. Another way is to remotely access the required medium directly (/dev/rmt0) but arbitration of access can be an issue. An increasingly popular way is to provide a super-server with a huge amount of disk space capable of holding everything required by the other servers. Transferring the data can happen at any time in either a batch or continuous process. A batch would be say backup a whole directory at once whereas a continuous operation might be transmitting log information or database updates. The backup server itself may then employ any one or more methods to perform backups of itself, possibly based on some statistical analysis. An example of this is a system called ADSM which employs RAID arrays, multiple tape drives, a tape robot with barcode reader and intelligent software that tells the operators which tapes are to go off-site and which ones it wants back. It essentially is a huge cache that stores frequently changing data locally and stores old data off-site. %------------------------------------------------------------------------------ \subsubsection{Broken Mirror} If you've got about 100Gb of data on a mirrored pair of disks and only have a 10 minute backup window this may be for you. Basically you bring the system down, unhook one of the mirrors and replace it with another set of drives and bring the system up again. Mirroring starts from scratch during quiet time and should be finished before load picks up again. With the drive set you just un-hooked this can then be loaded into the standby server and backed up to tape over the course of many hours. Some high end servers can perform this operation without downtime as the hooking up can be done using inbuilt hardware or such things as dual-port fire-wire drive bays. All that is required in this case is an application shutdown, sync, dismount, remount, application start type operation. %============================================================================== \subsection{Software} dd - can be used to copy raw disk blocks, even to tape (yuk). eg dd if=/dev/hda1 of=/dev/hdb1 tar - Tape ARchive - you all know how to unpack tgz files, and maybe even create them. Just remove the 'f' option. It also can be an advantage not to use compression as some drives have this built in. Also, a portion of the tape being corrupt can ruin the rest of the data, whereas you can skip corrupt bits and pickup the next file if not compressed. eg tar -c /home cd /tmp; tar -x cpio - cp I/O - Similar capabilities of tar but different methodology. EG find /home | cpio -oB >/dev/tape cd /tmp; cpio -idB pe remote refid ... delay offset jitter =========================================================== localhost.local 0.0.0.0 ... 0.000 0.000 4000.00 xmurgon.cs.mu.OZ .GPS. ... 526.202 -206.43 208.270 +apphys16.mst.cs .ATOM. ... 169.956 -5.576 87.828 *tictoc.tip.CSIR .ATOM. ... 149.988 -24.328 6.761 ntpq> q # \end{alltt} } %============================================================================== \section{Lab} \label{sec:lab111.6} You should check that \texttt{ntp} is installed your system, if not, install the source, deb or rpm for ntp. %------------------------------------------------------------------------------ \subsection{Explore the \texttt{ntp} documentation} \label{sec:ntp doc} \begin{enumerate} \item See what commands are available: \cmd{ntp} \item Check the info and man pages for the available commands. \item Have a look at the homepage for \texttt{ntp} \texttt{http://www.ntp.org} \item Have a look at the local documentation: \begin{itemize} \item Debian3.0r1: \texttt{file:///usr/share/doc/ntp-doc/html/index.htm} \item RedHat9.0: \texttt{file:///usr/share/doc/ntp-4.1.2/index.htm} \end{itemize} \end{enumerate} %------------------------------------------------------------------------------ \subsection{Use the \texttt{date} command} \label{sec:ntp date} \begin{enumerate} \item Scan the info and man pages for \texttt{date}. \item Try out some of the options described in these notes. \item Set the System Time using \texttt{date} if it is not correct. \end{enumerate} %----------------------------------------------------------------------------- \subsection{Use the \texttt{hwclock} command} \label{sec:ntp hwclock} \begin{enumerate} \item Scan the info and man pages for \texttt{hwclock}. \item Try out some of the options described in these notes. \end{enumerate} %------------------------------------------------------------------------------ \subsection{Explore the \texttt{ntp} family of commands} \label{sec:ntp ntp} \begin{enumerate} \item Scan the info and man pages for \texttt{ntp*}. \item Try out some of the options described in these notes. \end{enumerate} %------------------------------------------------------------------------------ \subsection{Setup \texttt{ntp}} \label{sec:ntp ntp} Find a suitable \textit{Secondary Time Server} near you. \\ \texttt{http://www.eeds.udel.edu/~mills/ntp/} \begin{enumerate} \item Scan the info and man pages for \texttt{ntp*}. \item Edit \texttt{/etc/ntp.conf} as described in these notes. \item Set up a cron job as described in these notes. \end{enumerate} %============================================================================== \section{Questions} \label{sec:questions111.6} %****************************************************************************** %****************************************************************************** \topic{112}{Networking Fundamentals} %****************************************************************************** %****************************************************************************** %****************************************************************************** \objective{1}{Fundamentals of TCP/IP} %============================================================================== \section{Overview} \label{sec:over112.1} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidates should demonstrate a proper understanding of network fundamentals. This objective includes the understanding of IP-addresses, network masks and what they mean (i.e. determine a network and broadcast address for a host based on its subnet mask in "dotted quad" or abbreviated notation or determine the network address, broadcast address and netmask when given an IP-address and number of bits). It also covers the understanding of the network classes and classless subnets (CIDR) and the reserved addresses for private network use. It includes the understanding of the function and application of a default route. It also includes the understanding of basic Internet protocols (IP, ICMP, TCP, UDP) and the more common TCP and UDP ports (20, 21, 23, 25, 53, 80, 110, 119, 139, 143, 161). %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} /etc/services ftp telnet host ping dig traceroute whois \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[Linux Networking HOWTO - Joshua Drake]: \begin{alltt} http://www.linuxdoc.org/HOWTO/Net-HOWTO/index.html \end{alltt} \item[The Linux Networking Overview HOWTO by Daniel Lopez Ridruejo]: \begin{alltt} http://www.linuxdoc.org/HOWTO/Networking-Overview-HOWTO.html \end{alltt} \item[Linux Network Administrators Guide]: \begin{alltt} http://www.linuxdoc.org/LDP/nag2/index.html \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes112.1} %============================================================================== \section{Lab} \label{sec:lab112.1} %============================================================================== \section{Questions} \label{sec:questions112.1} %****************************************************************************** \objective{3}{TCP/IP configuration and troubleshooting} %============================================================================== \section{Overview} \label{sec:over112.3} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidates should be able to view, change and verify configuration settings and operational status for various network interfaces. This objective includes manual and automatic configuration of interfaces and routing tables. This especially means to add, start, stop, restart, delete or reconfigure network interfaces. It also means to change, view or configure the routing table and to correct an improperly set default route manually. Candidates should be able to configure Linux as a DHCP client and a TCP/IP host and to debug problems associated with the network configuration. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} /etc/HOSTNAME or /etc/hostname /etc/hosts /etc/networks /etc/host.conf /etc/resolv.conf /etc/nsswitch.conf ifconfig route dhcpcd, dhcpclient, pump host hostname (domainname, dnsdomainname) netstat ping traceroute tcpdump the network scripts run during system initialisation. \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[Linux Networking HOWTO by Joshua Drake]: \begin{alltt} http://www.linuxdoc.org/HOWTO/Net-HOWTO/index.html \end{alltt} \item[Linux Ethernet-Howto by Paul Gortmaker]: \begin{alltt} http://www.linuxdoc.org/HOWTO/Ethernet-HOWTO.html \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes112.3} %============================================================================== \section{Lab} \label{sec:lab112.3} %============================================================================== \section{Questions} \label{sec:questions112.3} %****************************************************************************** \objective{4}{Configure Linux as a PPP client} %============================================================================== \section{Overview} \label{sec:over112.4} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidates should understand the basics of the PPP protocol and be able to configure and use PPP for outbound connections. This objective includes the definition of the chat sequence to connect (given a login example) and the setup commands to be run automatically when a PPP connection is made. It also includes initialisation and termination of a PPP connection, with a modem, ISDN or ADSL and setting PPP to automatically reconnect if disconnected. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} /etc/ppp/options.* /etc/ppp/peers/* /etc/wvdial.conf /etc/ppp/ip-up /etc/ppp/ip-down wvdial pppd \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[Linux PPP HOWTO Corwin Light-Williams and Joshua Drake]: \begin{alltt} http://www.linuxdoc.org/HOWTO/PPP-HOWTO/index.html \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes112.4} %============================================================================== \section{Lab} \label{sec:lab112.4} %============================================================================== \section{Questions} \label{sec:questions112.4} %****************************************************************************** %****************************************************************************** \topic{113}{Networking Services} %****************************************************************************** %****************************************************************************** %****************************************************************************** \objective{1}{Configure and manage inetd, xinetd, and related services} %============================================================================== \section{Overview} \label{sec:over113.1} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidates should be able to configure which services are available through inetd, use tcpwrappers to allow or deny services on a host-by-host basis, manually start, stop, and restart Internet services, configure basic network services including telnet and ftp. Set a service to run as another user instead of the default in inetd.conf. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} /etc/inetd.conf /etc/hosts.allow /etc/hosts.deny /etc/services /etc/xinetd.conf /etc/xinetd.log \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes113.1} %============================================================================== \section{Lab} \label{sec:lab113.1} %============================================================================== \section{Questions} \label{sec:questions113.1} %****************************************************************************** \objective{2}{Operate and perform basic configuration of sendmail} %============================================================================== \section{Overview} \label{sec:over113.2} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidate should be able to modify simple parameters in sendmail configuration files (including the "Smart Host" parameter, if necessary), create mail aliases, manage the mail queue, start and stop sendmail, configure mail forwarding and perform basic troubleshooting of sendmail. The objective includes checking for and closing open relay on the mailserver. It does not include advanced custom configuration of Sendmail. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} /etc/sendmail.cf /etc/aliases or /etc/mail/aliases /etc/mail/* ~/.forward mailq sendmail newaliases \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes113.2} %============================================================================== \section{Lab} \label{sec:lab113.2} %============================================================================== \section{Questions} \label{sec:questions113.2} %****************************************************************************** \objective{3}{Operate and perform basic configuration of Apache} \normalsize %============================================================================== \section{Overview} \label{sec:over113.3} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidates should be able to modify simple parameters in Apache configuration files, start, stop, and restart httpd, arrange for automatic restarting of httpd upon boot. Does not include advanced custom configuration of Apache. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} apachectl httpd httpd.conf \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[Apache home page]: \begin{alltt} http://www.apache.org \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes113.3} %------------------------------------------------------------------------------ \subsection{Apache} \begin{itemize} \item Apache is a web server (http daemon) \item Default on all Linux distros \item Most popular web server on the Internet \item Named after the number of patches to original source code. \item Provides both HTTP and HTTPS (SSL) as standard \item Other features added with modules (eg cgi) \end{itemize} %------------------------------------------------------------------------------ \subsection{Starting \& Stopping Apache} \begin{itemize} \item Apache can be started: \begin{itemize} \item On demand through inetd or xinetd \item As a daemon \end{itemize} \item Normally started as daemon to reduce connect delay \item Uses standard SysV start/stop semantics Debian: \texttt{/etc/init.d/apache} RedHat: \texttt{/etc/rc.d/init.d/httpd} \item An alternative is \texttt{apachectl} \end{itemize} %------------------------------------------------------------------------------ \subsection{\texttt{apachectl}} \texttt{apachectl} is a management utility. To use it: \begin{alltt} \rootcmd{apachectl } \end{alltt} \begin{tabular}{|c|c|} \hline \textit{command} & \textit{Function}\\ \hline start & Start the daemon\\ \hline stop & Stop the daemon\\ \hline restart & Restart or start the daemon\\ \hline fullstatus & Report status of server (requires lynx)\\ \hline graceful & Gracefully restart the serve\\ \hline configtest & Test config file syntax\\ \hline help & Display commands\\ \hline \end{tabular} %------------------------------------------------------------------------------ \subsection{HTTPD Parameters} The \texttt{httpd} daemon can be run directly if needed. On Debian the daemon is called \texttt{apache}. \begin{tabular}{|c|l|} \hline \textit{Parameter} & \textit{Function}\\ \hline -v & Shows version\\ \hline -V & Shows compile configuration\\ \hline -h & List all cmd line parameters\\ \hline -l & List compiled in modules\\ \hline -L & List config directives\\ \hline -S & Shows parsed settings (virtual hosts only)\\ \hline -t & Test config file \& doc root\\ \hline -T & Test config file only\\ \hline \end{tabular} %------------------------------------------------------------------------------ \subsection{HTTPD Parameters} The following options take parameters: \begin{tabular}{|l|l|} \hline \textit{Parameter} & \textit{Function}\\ \hline -D \textit{name} & Defines a name for use in \texttt{IfDefine \textit{name}}\\ \hline -d \textit{directory} & Defines an alternate server root\\ \hline -f \textit{file} & Set a new configuration file\\ \hline -C \textit{"directive"} & Process directive before reading config file\\ \hline -c \textit{"directive"} & Process directive after reading config file\\ \hline \end{tabular} %------------------------------------------------------------------------------ \subsection{Configuring Apache} \begin{itemize} \item Apache originally used 3 configuration files: \begin{itemize} \item \texttt{httpd.conf} - Server settings \item \texttt{srm.conf} - File types \& doc specs \item \texttt{access.conf} - Security settings \end{itemize} \item All configuration is now done in \texttt{httpd.conf} \item Normally located in \texttt{/etc/httpd/conf} \end{itemize} %------------------------------------------------------------------------------ \subsection{Site-wide Directives} \begin{tabular}{|l|l|} \hline \textit{Directive} & \textit{Function}\\ \hline ServerAdmin & Sets email address for admin\\ \hline ServerName & Sets the name of the server\\ \hline DocumentRoot & Sets the root for content served\\ \hline ServerRoot & Sets root for server files\\ \hline ServerType & \texttt{standalone} or \texttt{inetd}\\ \hline MinSpareServers & No of free httpd's before starting more\\ \hline MaxSpareServers & No of free httpd's before killing some\\ \hline StartServers & No of httpd's to start\\ \hline MaxClients & Maximum no of httpd's to run at once.\\ \hline \end{tabular} %------------------------------------------------------------------------------ \subsection{Directory block Directives} You can set directives so that they only apply to a particular part of the content directory tree. For example: \begin{verbatim} AllowOverride None \end{verbatim} This says that the \texttt{.htaccess} file can not override settings for this directory %------------------------------------------------------------------------------ \subsection{Access Control} This directive controls who can access what directories on your site. This is about the only directive that needs to be changed from an 'off-the-shelf' configuration if you don't want external users to access your site. \begin{verbatim} order deny,allow deny from all allow from 127.0.0.0/255.0.0.0 allow from .c222 \end{verbatim} This says to deny first then allow. The result is that only users in the .c222 domain and the localhost will be able to access the server. %------------------------------------------------------------------------------ \subsection{Other Directives} There are a large number of configuration directives. These are grouped as follows: \begin{itemize} \item Aliases \& Redirects \item Default pages \item User Web Directories (site content in a users home) \item MIME types \item CGI files \item Directory Browsing \item Authentication \item Virtual hosts (multiple sites on one host) \item Logging directives \end{itemize} %============================================================================== \section{Lab} \label{sec:lab113.3} \begin{enumerate} \item Confirm that you have apache installed on the system: \rootcmd{rpm -q apache} \item If it doesn't exist, install it: \rootcmd{rpm -Uvh apache-*.rpm} \item Setup apache so that only those in the .c222 domain can access the server. (See notes) \item Startup apache: \rootcmd{service httpd start} \item Start up your browser and point it to your host \texttt{http://boxXX.c222}, where XX is your box number. You should see a default web page \item Now make a symbolic link in \texttt{/var/www/html} called \texttt{homes} that points to the system home directory: \rootcmd{ln -s /home /var/www/html/homes} \item Point your browser to it: \texttt{http://boxXX.c222/homes/} \item What happens when you try to browse the directories under homes? \item Make a directory that is owned by \texttt{apache} called public with 0700 permissions: \rootcmd{mkdir /home/public} \rootcmd{chown apache:apache /home/public} \rootcmd{chmod 0700 /home/public} \item Put something in the directory: \rootcmd{cp /etc/hosts /home/public} \item Use the browser to view \& download the hosts file located in /home/public. \item Make a backup of the index.html file located in /var/www/html and then remove the file index.html \rootcmd{cd /var/www/html} \rootcmd{cp index.html index.bak} \rootcmd{rm index.html} \item What do you see if you try to browse \texttt{http://boxXX.c222}? \item Copy back the original index.html file removed in the previous step. \item Have a look at index.html to see what HTML looks like. \end{enumerate} %============================================================================== \section{Questions} \label{sec:questions113.3} %****************************************************************************** \objective{4}{Properly manage the NFS, smb, and nmb daemons} %============================================================================== \section{Overview} \label{sec:over113.4} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidate should know how to mount remote filesystems using NFS, configure NFS for exporting local filesystems, start, stop, and restart the NFS server. Install and configure Samba using the included GUI tools or direct edit of the /etc/smb.conf file (Note: this deliberately excludes advanced NT domain issues but includes simple sharing of home directories and printers, as well as correctly setting the nmbd as a WINS client). %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} /etc/exports /etc/fstab /etc/smb.conf mount umount \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes113.4} %============================================================================== \section{Lab} \label{sec:lab113.4} %============================================================================== \section{Questions} \label{sec:questions113.4} \normalsize %****************************************************************************** \objective{5}{Setup and Configure Basic DNS Services} %============================================================================== \section{Overview} \label{sec:over113.5} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidate should be able to configure hostname lookups and troubleshoot problems with local caching-only name server. Requires an understanding of the domain registration and DNS translation process. Requires understanding key differences in configuration files for bind 4 and bind 8. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} /etc/hosts /etc/resolv.conf /etc/nsswitch.conf /etc/named.boot (v.4) or /etc/named.conf (v.8) named \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes113.5} %============================================================================== \subsection{Setup and Configure basic DNS services} \subsubsection{Objective} Candidate should be able to configure hostname lookups and troubleshoot problems with local caching-only name server. Requires an understanding of the domain registration and DNS translation process. Requires understanding key differences in configuration files for bind 4 and bind 8. \subsection{Setup and Configure basic DNS services} \subsubsection{Key files, terms, and utilities} \begin{alltt} /etc/hosts /etc/resolv.conf /etc/nsswitch.conf /etc/named.boot (v.4) or /etc/named.conf (v.8) (In Debian /etc/bind/named.conf) named \end{alltt} %============================================================================== \subsection{DNS - DOMAIN NAME SERVICE} \begin{itemize} \item The Internet works with numbers not names. \begin{alltt} www.abc.gov.au is really 203.2.218.61 \end{alltt} \begin{itemize} \item DNS namespace is made up of a tree of domain names. \item At the top is root (.) \item Below this is the Top Level Domain (TLD) \item Below the TLD is the Second Level Domain. \item The Second level domain is handled by whoever 'owns' that domain \item Third \& lower level domains are handled by the domain owner. \end{itemize} \end{itemize} %============================================================================== \subsection{DNS - DOMAIN NAME SERVICE} \begin{itemize} \item Example: \begin{verbatim} node1.office.my-domain.com ^ ^ ^ ^ | | | | | | | -- Top level domain | | -- Second level domain | - Subdomain -- Hostname \end{verbatim} \item Domain names are fully qualified (FQDN) when a name is specified all the way down to the hostname. \end{itemize} %============================================================================== \subsection{RESOLVING A NAME} \begin{itemize} \item A name is resolved using the following steps: \begin{itemize} \item \texttt{/etc/nsswitch.conf} is checked to see what resolution method to use (eg: read \texttt{/etc/hosts}, use dns, use nis...) \item nsswitch says USE DNS: \begin{itemize} \item Read \texttt{resolv.conf} to see what nameserver to use \item Send request to nameserver and wait for response \end{itemize} \item \texttt{nsswitch} says USE HOSTS \begin{itemize} \item Lookup /etc/hosts for a matching hostname \end{itemize} \end{itemize} \end{itemize} %============================================================================== \subsection{The \texttt{nsswitch.conf} file} \begin{itemize} \item This is a file that determines what mechanisms are used by the hostname library calls to resolve names. \item The file contains lines with an identifier followed by a list of methods to use for name lookups. \item An example: \begin{description} \item[passwd:] files nisplus nis \item[shadow:] files nisplus nis \item[group:] files nisplus nis \end{description} \textbf{hosts: db files dns} \item Note that the other entries like passwd, shadow and group are used for other applications like login and have nothing to do with DNS. \end{itemize} %============================================================================== \subsection{The \texttt{nsswitch.conf} file} \begin{itemize} \item In the hosts line, we see that any hostname to be looked up will be done in the following order: \begin{enumerate} \item Use local databases file (.db files in /var/db) \item Read /etc/hosts \item Search DNS \end{enumerate} \item The Search options can be one of: \begin{alltt} nisplus (or nis+) - Consult NIS+ (Yellow Pages) nis (or yp) - Consult NIS dns - Use a DNS server files - Use local files like /etc/hosts db - Use local database files compat - Use NIS in compat mode [NOTFOUND=return] - Stop searching and return host notfound \end{alltt} \end{itemize} %============================================================================== \subsection{An example \texttt{nsswitch} file:} {\scriptsize \begin{alltt} nisplus (or nis passwd: db files nisplus nis shadow: nisplus group db files nisplus nis hosts: db files nis dns # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files nis protocols: files nisplus rpc: files services: files nisplus netgroup: files nisplus publickey: nisplus automount: files nisplus aliases: files nisplus \end{alltt} } %============================================================================== \subsection{The resolv.conf file} \begin{itemize} \item This file configures how the system uses DNS. An example: \begin{alltt} search aes nameserver 10.27.1.10 nameserver 10.27.1.254 \end{alltt} \item The 'search' line says what to append to a non-fully qualified name:\\ eg: ping node10 --> ping node10.aes \item The nameserver lines tell the hostname routines which dns server to send requests to. (If first lookup fails, use the second, third etc) \end{itemize} %============================================================================== \subsection{BIND - Berkley Internet Name Domain} \begin{itemize} \item Bind is just one implementation of a DNS. Bind is to DNS what Apache is to http. \item Bind is configured with: \begin{alltt} /etc/named.conf - For BIND V8 /etc/named.boot - For BIND V4 \end{alltt} \item Know that there is a difference between V4 \& V8. \item Know how to configure V8 but not V4. (Different syntax) \end{itemize} %============================================================================== \subsection{BIND Configuration} \begin{itemize} \item The configuration file contains subsections as follows: \begin{itemize} \item Options \(\rightarrow{}\) How named will operate \item logging \(\rightarrow{}\) What/how named will log information \item Access Lists \(\rightarrow{}\) Who can use named \& what they can do \item Remote Servers \(\rightarrow{}\) Characteristics of remote servers \item zones \(\rightarrow{}\) Information about our defined domains \end{itemize} \end{itemize} %============================================================================== \subsection{An Example Config file:} {\scriptsize \begin{verbatim} options { directory "/var/named/"; forward only; forwarders { 203.2.75.132; 203.2.75.108; }; query-source address * port 53; listen-on { 10.27.1.10; 127.0.0.1; }; notify no; }; #### The root zone ### zone "." { type hint; file "named.ca"; }; #### A zone for localhost ### zone "0.0.127.in-addr.arpa" { type master; file "0.0.127.in-addr.arpa.zone"; }; zone "localhost" { type master; file "localhost.zone"; }; ### A local domain ### zone "1.27.10.in-addr.arpa" { type master; file "1.27.10.in-addr.arpa.zone"; }; zone "aes" { type master; file "aes.zone"; }; key "key" { algorithm hmac-md5; secret "JoqlFqtncqurkhMOrrbQLYRcxSYXoNROvNTZBqWJFumleNkzOvEvTAbqpbMV"; }; \end{verbatim} } %============================================================================== \subsection{Zone files:} \begin{itemize} \item Each zone uses a file for: \begin{itemize} \item Hostname to IP address translations (Forward lookups) \item IP to Hostname translations (Reverse lookups) \end{itemize} \item The names can be anything, but usually: \begin{itemize} \item Forward file --> .zone \item Reverse file --> .in-addr.arpa \end{itemize} \item Where the Net-IP is the network part of the IP address. \end{itemize} %============================================================================== \subsection{Zone Records:} \begin{description} \item[SOA record] Marks the start of a zone. \item[NS record] Defines the name server for a zone or subdomain \item[MX record] Define mail servers for domain \item[CNAME record] Defines an alias for a hostname \item[LOC record] Defines the physical location of the server \item[SRV record] Defines what services are found where (eg ftp, http etc) \item[A record] Defines hostname to IP address translations (forward file) \item[PTR record] Defines IP address to hostname translations (reverse file) \end{description} %============================================================================== \subsection{Example Forward file \texttt{/var/named/aes.zone}} {\scriptsize \begin{verbatim} @ IN SOA node10.aes. root.localhost ( 2 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttl ) @ IN NS node10.aes. node5 IN MX 10 mail node6 IN MX 10 mail node4 IN MX 10 mail node2 IN MX 10 mail node10 IN MX 10 mail gw IN MX 10 mail node10 IN A 10.27.1.10 node2 IN A 10.27.1.2 node4 IN A 10.27.1.4 node5 IN A 10.27.1.5 node6 IN A 10.27.1.6 cds IN A 10.27.1.99 gw IN A 10.27.1.254 ns IN CNAME node10 mail IN CNAME node10 node-4 IN CNAME node4 \end{verbatim} } %============================================================================== \subsection{Example reverse file \texttt{/var/named/1.27.10.in-addr.arpa.zone}} {\scriptsize \begin{verbatim} @ IN SOA @ root.localhost ( 2 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttk ) @ IN NS ns.aes. 2 IN PTR node2.aes. 4 IN PTR node4.aes. 5 IN PTR node5.aes. 6 IN PTR node6.aes. 10 IN PTR node10.aes. 99 IN PTR cds.aes. 254 IN PTR gw.aes. \end{verbatim} } %============================================================================== \subsection{Configuring a Caching only Nameserver} \begin{itemize} \item A caching only nameserver is simple to setup.\\ The first time a name is needed, a normal lookup occurs (Authorative)\\ The next time that name is needed, it is returned from cache (Non-authorative) \item Under /etc/named.conf in the options section, just make sure you have the following directives set: \begin{verbatim} options { directory "/var/named/"; forward only; forwarders { ; ; }; listen-on { ; 127.0.0.1; }; \end{verbatim} \item Leave the root zone (.) and localhost entries as they are. \end{itemize} %============================================================================== \subsection{Testing DNS} \begin{itemize} \item To test DNS, use one of the following tools: \begin{itemize} \item nslookup (deprecated) \item dig \item host \end{itemize} \item To use in their simplest form, just add the hostname you wish to query as the first option to the command: \begin{alltt} nslookup node16.c222 dig node16.c222 host node16.c222 \end{alltt} \end{itemize} %============================================================================== \subsection{\texttt{nslookup}} \begin{itemize} \item Usage: \texttt{nslookup [option] host-to-find [-name-server]} \\ Example: \begin{alltt} \cmd{nslookup node2.aes -10.27.1.10} \end{alltt} \item Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the \texttt{-sil[ent]} option to prevent this message from appearing. \begin{alltt} Server: 10.27.1.10 Address: 10.27.1.10#53 Name: node2.aes Address: 10.27.1.2 \end{alltt} \end{itemize} \normalsize %============================================================================== \subsection{\texttt{dig}} \begin{itemize} \item Usage: \texttt{dig [@name-server] host-to-find [query-type]} \item Example: {\scriptsize \begin{alltt} \cmd{dig @10.27.1.10 node2.aes} ; <<>> DiG 9.2.0 <<>> @10.27.1.10 node2.aes ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43860 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;node2.aes. IN A ;; ANSWER SECTION: node2.aes. 86400 IN A 10.27.1.2 ;; AUTHORITY SECTION: aes. 86400 IN NS node10.aes. ;; ADDITIONAL SECTION: node10.aes. 86400 IN A 10.27.1.10 ;; Query time: 5 msec ;; SERVER: 10.27.1.10#53(10.27.1.10) ;; WHEN: Mon Sep 2 13:48:38 2002 ;; MSG SIZE rcvd: 80 \end{alltt} } \end{itemize} %============================================================================== \subsection{\texttt{host}} \begin{itemize} \item Usage: \texttt{host [option] host-to-find [name-server]} \item Example: \begin{alltt} \cmd{host node2.aes} node2.aes has address 10.27.1.2 \end{alltt} \end{itemize} %============================================================================== \subsection{Exercise:} \begin{enumerate} \item Install bind on your machine: \begin{alltt} # rpm -Uvh bind-9*.rpm \end{alltt} \item Configure a Caching only nameserver on your machine. (Make all queries forward to 192.168.222.254) \item Make changes to resolv.conf \& nsswitch.conf as required (Default domain to use is c222) \item Start the named. \begin{alltt} # service named start \end{alltt} \item Test it out with the host node16.c222 using: \begin{itemize} \item nslookup \item dig \item host \end{itemize} \item Test again this time with the host box16 \item (For those who want a DNS challenge) \begin{enumerate} \item Setup a set of zones for the .c222 domain. \item Insert the new zone into the main configuration file \item Restart the named and test it. \end{enumerate} \end{enumerate} %============================================================================== \section{Lab} \label{sec:lab113.5} %============================================================================== \section{Questions} \label{sec:questions113.5} %****************************************************************************** \objective{7}{Set up secure shell (OpenSSH)} %============================================================================== \section{Overview} \label{sec:over113.7} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} The candidate should be able to obtain and configure OpenSSH. This objective includes basic OpenSSH installation and troubleshooting, as well as configuring sshd to start at system boot. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} /etc/hosts.allow /etc/hosts.deny /etc/nologin /etc/ssh/sshd_config /etc/ssh_known_hosts /etc/sshrc sshd ssh-keygen \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes on \texttt{ssh}} \label{sec:notes113.7} \emph{Notes from a talk by Angus Lees} \subsubsection{``Secure SHell''} A functional replacement of the ancient \texttt{rsh} command, except with encryption and authentication. %------------------------------------------------------------------------------ \subsection{Versions} \begin{description} \item[Commercial SSH] Finish company. Original authors of SSH. \item[OpenSSH] Split from last free version of commercial SSH. Development led by OpenBSD team. \end{description} Draft ``secsh'' RFC. Alternative implementations exist (Putty, Net::SSH::Perl, etc) %------------------------------------------------------------------------------ \subsection{Commands} \begin{description} \item[ssh] Run a shell command on a remote host \item[sshd] SSH server daemon \item[scp] Copy files using SSH \item[sftp] An ftp-like interface into \texttt{scp} \item[ssh-keygen] Generate an SSH key pair \item[ssh-agent, ssh-add] SSH key forwarding \end{description} %------------------------------------------------------------------------------ \subsection{\texttt{ssh} Commands} \begin{verbatim} ssh [options] host [command] \end{verbatim} Run a shell command on a remote host. Acts like a normal shell command. ie: \textsc{STDIN}, \textsc{STDOUT} work as normal. Without a \textit{command}, ssh runs an interactive login. %------------------------------------------------------------------------------ \subsection{\texttt{scp} Commands} \begin{verbatim} scp user@host:path/file user2@host2:path/file2 \end{verbatim} Copy a file over ssh. \textit{user} defaults to current login, \textit{user@host} maybe omitted for local files, \textit{path} is relative to \$HOME %------------------------------------------------------------------------------ \subsection{\texttt{sftp} Commands} \begin{verbatim} sftp user@host:path \end{verbatim} \texttt{ftp}-like command line interface to scp. Only provided with more recent ssh versions. %------------------------------------------------------------------------------ \subsection{Advanced Usage} Remember that \textsc{STDIN} and \textsc{STDOUT} still work as normal (unlike \texttt{telnet}): \begin{verbatim} ssh tar zcf - /remotepath > localfile.tar.gz \end{verbatim} %------------------------------------------------------------------------------ \subsubsection{X Forwarding} \begin{verbatim} ssh -X host \end{verbatim} Login to \textit{host} and ``forward'' X11 connections back to the local Xserver. A ``fake'' \$DISPLAY and \texttt{xauth} environment are created, and the X11 data is passed back over the same SSH connection. Forwarding X over SSH is secure and easy, but slower than not doing it. On a local LAN, the encryption is probably unnecessary---use normal X methods such as rstart instead (rstart can use ssh for authentication anyway). Specialised X11 caching methods (eg: LBX) can get better performance than ssh compression over slow links. There are concerns over connecting to a hostile remote machine and forwarding X back again, so don't forward X by default. %------------------------------------------------------------------------------ \subsubsection{Port Forwarding} Arbitrary ports can also be forwarded over the SSH connection, to add security to other protocols (or bypass poor firewall policies\dots) \begin{verbatim} # .fetchmailrc example poll localhost protocol pop3 port 11110: preconnect "ssh -C -f user@host.com \ -L 11110:host.com:110 sleep 10" \end{verbatim} %------------------------------------------------------------------------------ \subsubsection{SSH Keys} Public key authentication. More secure alternative to password login. Generate a public/private ``key pair'' with \texttt{ssh-keygen}. \textbf{Keep the private key secret}. Append the public key into your (remote) \texttt{\~/.ssh/authorized\_keys} to allow access. More powerful automation (scripting) possibilities. %------------------------------------------------------------------------------ \subsubsection{SSH Authentication Agent} \texttt{ssh-agent} allows key information to be ``forwarded'' between its child processes---even across nested ssh sessions. Start \texttt{ssh-agent} in your X-session or login scripts, and run \texttt{ssh-add} to add keys. \texttt{ssh-askpass} is (basically) an X11 version of \texttt{ssh-add}. %------------------------------------------------------------------------------ \subsubsection{SSH from win32} \begin{description} \item[Putty] Includes command line ``pscp.exe'' scp clone too. {\small \texttt{http://www.chiark.greenend.org.uk/~sgtatham/putty/}} \item[Winscp] Graphical SCP client. \texttt{http://winscp.vse.cz/eng} \end{description} %------------------------------------------------------------------------------ \subsubsection{Other ``frontends''} \begin{description} \item[KDE kio\_fish] Provides \texttt{ssh://} konquerer paths. \item[tramp.el] Transparent access to remote files for emacs. \item[rsh-compatible] Anything that can use rsh (eg: CVS) \end{description} %============================================================================== \section{Lab} \label{sec:lab113.7} %============================================================================== \section{Questions} \label{sec:questions113.7} %****************************************************************************** %****************************************************************************** \topic{114}{Security} %****************************************************************************** %****************************************************************************** %****************************************************************************** \objective{1}{Perform security administration tasks} %============================================================================== \section{Overview} \label{sec:over114.1} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidates should know how to review system configuration to ensure host security in accordance with local security policies. This objective includes how to configure TCP wrappers, find files with SUID/SGID bit set, verify packages, set or change user passwords and password aging information, update binaries as recommended by CERT, BUGTRAQ, and/or distribution's security alerts. Includes basic knowledge of ipchains and iptables. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} /proc/net/ip_fwchains /proc/net/ip_fwnames /proc/net/ip_masquerade find ipchains passwd socket iptables \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes114.1} %============================================================================== \section{Lab} \label{sec:lab114.1} %============================================================================== \section{Questions} \label{sec:questions114.1} %****************************************************************************** \objective{2}{Setup host security} %============================================================================== \section{Overview} \label{sec:over114.2} %------------------------------------------------------------------------------ \subsection{Weight: []} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidate should know how to set up a basic level of host security. Tasks include syslog configuration, shadowed passwords, set up of a mail alias for root's mail and turning of all network services not in use. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} /etc/inetd.conf or /etc/inet.d/* /etc/nologin /etc/passwd /etc/shadow /etc/syslog.conf \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Notes} \label{sec:notes114.2} %============================================================================== \section{Lab} \label{sec:lab114.2} %============================================================================== \section{Questions} \label{sec:questions114.2} %****************************************************************************** \objective{3}{Setup user level security} %============================================================================== \section{Overview} \label{sec:over114.3} %------------------------------------------------------------------------------ \subsection{Weight: [2]} %------------------------------------------------------------------------------ \subsection{Statement of Objective:} Candidate should be able to configure user level security. Tasks include limits on user logins, processes, and memory usage. %------------------------------------------------------------------------------ \subsection{Key files, terms, and utilities include:} \begin{alltt} quota usermod \end{alltt} %------------------------------------------------------------------------------ \subsection{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================== \newpage \section{Set and View Disk Quotas} \label{sec:notes.quota.114.3} Section prepared by Pia Smith To achieve a general understanding of quotas. In particular the functions of each command, keeping in mind quotas are set on a per-filesystem basis. %------------------------------------------------------------------------------ \subsection{Enabling Quotas} \label{sec:enable} In order to use quotas they must first be enabled. To do this there are a few steps: \begin{enumerate} \item Firstly add the userquota and grpquota options to the relevant filesystems in \texttt{/etc/fstab}, as shown: \begin{alltt} /dev/hda2 /home ext3 defaults,usrquota,grpquota 1 2 \end{alltt} \item Then create the quota.user and quota.group files at the top of the filesystem, in this case, /home. Ensure that only root can read these files, like so: \begin{alltt} fehung:~# touch /home/quota.user /home/quota.group fehung:~# chmod 600 /home/quota.user /home/quota.group \end{alltt} \item We then initialise the \texttt{quota.*} files as databases by running \texttt{quotacheck}. \begin{alltt} fehung:/home# quotacheck -augv Cannot get exact used space... Results might be inaccurate. quotacheck: Scanning /dev/hda2 [/home] done quotacheck: Checked 143 directories and 689 files \end{alltt} \item Confirm that the databases have actually been initialised by making sure that the quota.* files are larger than 0. \item Run quotaon to enable the quota system: \begin{alltt} fehung:/home# quotaon -a \end{alltt} \item There are two further things to ensure quota is turned on when boots, and that the database is checked regularly: \begin{enumerate} \item To ensure quota is turned on upon system boot, add the following to the system's initialisation script (/etc/rc.d/rc.sysinit or similar): \begin{alltt} if [ -x /sbin/quotacheck ] then echo "Checking quotas." /sbin/quotacheck -auvg echo "Done." fi if [ -x /sbin/quotaon ] then echo "Enabling quotas." /sbin/quotaon -avug fi \end{alltt} \item To ensure that the databases are checked regularly, add a script to one of the crontab system directories, (such as /etc/cron.weekly/) to run quotacheck: \begin{alltt} #!/bin/bash /sbin/quotacheck -auvg \end{alltt} or a job in crontab to achieve the same thing. \end{enumerate} \end{enumerate} The filesystem (in this case /home) is now ready to accept quotas on a per user or group basis. %------------------------------------------------------------------------------ \subsection{Quota Limits} \label{sec:limits} There are five types of quota limits that can be enforced: \begin{description} \item[Per-user hard limit] this is the absolute maximum of a users allocated space, once reached the user cannot write anything else to the filesystem, and the currently worked upon file if saved is truncated and useless. The user doesn't lose what is in the current shell, so they can free up some space and then save the file. \item[Per-group hard limit] this is the absolute maximum of a groups allocated space, once reached the group cannot write anything else to the filesystem, and the currently worked upon file if saved is truncated and useless. Users in the group don't lose what is in the current shell, so they can free up some space and then save the file. \item[Per-user soft limit] an abstract limit enforced on users that is less than the hard limit, and once reached, the user enters the grace period. After the soft limit has been reached the user starts getting warnings printed on the terminal that the quota has been exceeded. \item[Per-group soft limit] an abstract limit enforced on groups that is less than the hard limit, and once reached, the group enters the grace period. After the soft limit has been reached the group starts getting warnings printed on the terminal that the quota has been exceeded. \item[Grace Period] Once a soft limit has been reached the user/group enters the grace period which is an abstract time before the hard limit is enforced, regardless of whether the hard limit is reached (assuming the user doesn't get their quota down below the soft limit in that time). \end{description} %------------------------------------------------------------------------------ \subsection{Setting up and configuring quotas.} \label{sec:quota config} The next move is to edit the quota reference for each user. We can get around this with scripts, but essentially this is not nice :) We can actually edit the quota of a typical user on our system and then copy the attributes of that users quota to other users, as follows: \begin{alltt} fehung:/home/greebo# edquota greebo \end{alltt} This edits the quota for user greebo, in this file we change the soft and hard limits to whatever we choose, example: \begin{alltt} Disk quotas for user greebo (uid 1000): Filesystem blocks soft hard inodes soft hard /dev/hda2 538 29000 30000 689 0 0 \end{alltt} The first first soft and hard values are relevant to blocks and the second to inodes, here the user has a block soft and hard limit but no limit on inodes used. We can then attribute these settings to the rest of the users on our system like so: \begin{verbatim} fehung:/home/greebo# edquota -p greebo $(awk -F: '$3 > \ 999 { print $1 }' /etc/passwd) \end{verbatim}%$ and can confirm this worked by running \texttt{edquota } to see whether the new settings copied across. We can only modify the grace limit system wide. We do this by running \texttt{edquota -tu}, and changing the value. %------------------------------------------------------------------------------ \subsection{Quota commands} \label{sec:} %.............................................................................. \subsubsection{\texttt{quota(1)}} \texttt{quota(1)} is used to display quotas on users and groups, using the -u switch for users and -g switch for groups: \begin{alltt} fehung:/home\rootcmd{quota -uv greebo} Disk quotas for user greebo (uid 1000): Filesystem blocks quota limit grace files quota limit grace /dev/hda2 538 29000 30000 689 0 0 \end{alltt} \subsubsection{\texttt{quotaon(1)}} \texttt{quotaon(1)} turns on the quota system, quotaoff turns it off. Easy! \subsubsection{\texttt{repquota(1)}} \texttt{repquota(1)} reports on the status on quotas. Common options are as follows: \begin{alltt} -a reports on all quotas -g reports on group quotas -u reports on user quotas -v verbose mode \end{alltt} Examples: \begin{alltt} \rootcmd{repquota -v /home} \end{alltt} or \begin{alltt} \rootcmd{repquota -a} \end{alltt} %------------------------------------------------------------------------------ \subsection{} \label{sec:} %------------------------------------------------------------------------------ \subsection{} \label{sec:} %------------------------------------------------------------------------------ \subsection{} \label{sec:} %------------------------------------------------------------------------------ \subsection{} \label{sec:} %============================================================================== \section{Lab} \label{sec:lab114.3} %============================================================================== \section{Questions} \label{sec:questions114.3} \backmatter %****************************************************************************** \appendix%********************************************************************* %****************************************************************************** \chapter{List of topics} \begin{itemize} \item 105 Kernel \begin{itemize} \item Manage/Query kernel and kernel modules at runtime \item Reconfigure, build, and install a custom kernel and kernel modules \end{itemize} \item 106 Boot, Initialization, Shutdown and Runlevels \begin{itemize} \item Boot the system \item Change runlevels and shutdown or reboot system \end{itemize} \item 107 Printing \begin{itemize} \item Manage printers and print queues \item Print files \item Install and configure local and remote printers \end{itemize} \item 108 Documentation \begin{itemize} \item Use and manage local system documentation \item Find Linux documentation on the Interne \item Notify users on system-related issues \end{itemize} \item 109 Shells, Scripting, Programming, Compiling \begin{itemize} \item Customize and use the shell environment \item Customize or write simple scripts \end{itemize} \item 111 Administrative Tasks \begin{itemize} \item Manage users and group accounts and related system files \item Tune the user environment and system environment variables \item Configure and use system log files to meet administrative and security needs \item Automate system administration tasks by scheduling jobs to run in the future \item Maintain an effective data backup strategy \item Maintain system time \end{itemize} \item 112 Networking Fundamentals \begin{itemize} \item Fundamentals of TCP/IP \item TCP/IP configuration and troubleshooting \item Configure Linux as a PPP client \item \end{itemize} \item 113 Networking Services \begin{itemize} \item Configure and manage inetd, xinetd, and related services \item Operate and perform basic configuration of sendmail \item Operate and perform basic configuration of Apache \item Properly manage the NFS, smb, and nmb daemons \item Setup and configure basic DNS services \item Configure ntp.conf and ntp.drift to be used by xntpd \end{itemize} \item Security \begin{itemize} \item Perform security administration tasks \item Setup host security \item Setup user level security \end{itemize} \item \end{itemize} \section{Topics moved to General Linux 1} \begin{itemize} \item \begin{itemize} \item \end{itemize} \item \begin{itemize} \item \end{itemize} \item \begin{itemize} \item \end{itemize} \item \begin{itemize} \item \end{itemize} \item \item \end{itemize} %****************************************************************************** \end{document}%**************************************************************** %****************************************************************************** %------------------------------------------------------------------------------ \subsection{Customize and use the shell environment [4]} \subsubsection*{Statement of Objective:} Candidate should be able to customize shell environments to meet users' needs. This objective includes setting environment variables (e.g. PATH) at login or when spawning a new shell. It also includes writing bash functions for frequently used sequences of commands. \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} ~/.bash_profile ~/.bash_login ~/.profile ~/.bashrc ~/.bash_logout ~/.inputrc function (Bash built-in command) export env set (Bash built-in command) unset (Bash built-in command) \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %------------------------------------------------------------------------------ \subsection{Customize or write simple scripts [5]} \subsubsection*{Statement of Objective:} Candidate should be able to customize existing scripts, or write simple new (ba)sh scripts. This objective includes using standard sh syntax (loops, tests), using command substitution, testing command return values, testing of file status, and conditional mailing to the superuser. This objective also includes making sure the correct interpreter is called on the first (\#!) line of scripts. This objective also includes managing location, ownership, execution and suid-rights of scripts. \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} while for test chmod \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[Bash Programming Introduction (LDP HOWTO)]: \begin{alltt} http://www.linux.org/docs/ldp/howto/Bash-Prog-Intro-HOWTO.html \end{alltt} \end{description} %============================================================================= \setcounter{section}{109} \section{(2.10) X [10]} %------------------------------------------------------------------------------ \subsection{Install \& Configure XFree86 [4]} \subsubsection*{Statement of Objective:} Candidate should be able to configure and install X and an X font server. This objective includes verifying that the video card and monitor are supported by an X server, as well as customizing and tuning X for the videocard and monitor. It also includes installing an X font server, installing fonts, and configuring X to use the font server (may require a manual edit of /etc/X11/XF86Config in the "Files" section). \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} XF86Setup xf86config xvidtune /etc/X11/XF86Config .Xresources \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[XWindow-User HOWTO (LDP)]: \begin{alltt} \end{alltt} \end{description} %------------------------------------------------------------------------------ \subsection{Setup a display manager [1]} \subsubsection*{Statement of Objective:} Candidate should be able setup and customize a Display manager. This objective includes turning the display manager on or off and changing the display manager greeting. This objective includes changing default bitplanes for the display manager. It also includes configuring display managers for use by X-stations. This objective covers the display managers XDM (X Display Manger), GDM (Gnome Display Manager) and KDM (KDE Display Manager). \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[XDM and XDMCP HOWTO (LDP)]: \begin{alltt} http://www.linux.org/docs/ldp/howto/XDMCP-HOWTO/index.html \end{alltt} \item[The Linux Gazette]: \begin{alltt} http://www.linuxgazette.com/search.html xdm, gdm, kdm \end{alltt} \end{description} %------------------------------------------------------------------------------ \subsection{Install \& Customize a Window Manager Environment [4]} \subsubsection*{Statement of Objective:} Candidate should be able to customize a system-wide desktop environment and/or window manager, to demonstrate an understanding of customization procedures for window manager menus and/or desktop panel menus. this objective includes selecting and configuring the desired x-terminal (xterm, rxvt, aterm etc.), verifing and resolving library dependency issues for X applications, exporting X-display to a client workstation. \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} .xinitrc .Xdefaults xhost DISPLAY environment variable \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================= \setcounter{section}{111} \section{(1.12) Networking Fundamentals [18]} %------------------------------------------------------------------------------ \subsection{Fundamentals of TCP/IP [4]} \subsubsection*{Statement of Objective:} Candidates should demonstrate a proper understanding of network fundamentals. This objective includes the understanding of IP-addresses, network masks and what they mean (i.e. determine a network and broadcast address for a host based on its subnet mask in "dotted quad" or abbreviated notation or determine the network address, broadcast address and netmask when given an IP-address and number of bits). It also covers the understanding of the network classes and classless subnets (CIDR) and the reserved addresses for private network use. It includes the understanding of the function and application of a default route. It also includes the understanding of basic Internet protocols (IP, ICMP, TCP, UDP) and the more common TCP and UDP ports (20, 21, 23, 25, 53, 80, 110, 119, 139, 143, 161). \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} /etc/services ftp telnet host ping dig traceroute whois \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[Linux Networking HOWTO - Joshua Drake]: \begin{alltt} http://www.linuxdoc.org/HOWTO/Net-HOWTO/index.html \end{alltt} \item[The Linux Networking Overview HOWTO by Daniel Lopez Ridruejo]: \begin{alltt} http://www.linuxdoc.org/HOWTO/Networking-Overview-HOWTO.html \end{alltt} \item[Linux Network Administrators Guide]: \begin{alltt} http://www.linuxdoc.org/LDP/nag2/index.html \end{alltt} \end{description} %------------------------------------------------------------------------------ \subsection{TCP/IP configuration and troubleshooting [10]} \subsubsection*{Statement of Objective:} Candidates should be able to view, change and verify configuration settings and operational status for various network interfaces. This objective includes manual and automatic configuration of interfaces and routing tables. This especially means to add, start, stop, restart, delete or reconfigure network interfaces. It also means to change, view or configure the routing table and to correct an improperly set default route manually. Candidates should be able to configure Linux as a DHCP client and a TCP/IP host and to debug problems associated with the network configuration. \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} /etc/HOSTNAME or /etc/hostname /etc/hosts /etc/networks /etc/host.conf /etc/resolv.conf /etc/nsswitch.conf ifconfig route dhcpcd, dhcpclient, pump host hostname (domainname, dnsdomainname) netstat ping traceroute tcpdump the network scripts run during system initialization. \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[Linux Networking HOWTO by Joshua Drake]: \begin{alltt} http://www.linuxdoc.org/HOWTO/Net-HOWTO/index.html \end{alltt} \item[Linux Ethernet-Howto by Paul Gortmaker]: \begin{alltt} http://www.linuxdoc.org/HOWTO/Ethernet-HOWTO.html \end{alltt} \end{description} %------------------------------------------------------------------------------ \subsection{Configure Linux as a PPP client [4]} \subsubsection*{Statement of Objective:} Candidates should understand the basics of the PPP protocol and be able to configure and use PPP for outbound connections. This objective includes the definition of the chat sequence to connect (given a login example) and the setup commands to be run automatically when a PPP connection is made. It also includes initialisation and termination of a PPP connection, with a modem, ISDN or ADSL and setting PPP to automatically reconnect if disconnected. \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} /etc/ppp/options.* /etc/ppp/peers/* /etc/wvdial.conf /etc/ppp/ip-up /etc/ppp/ip-down wvdial pppd \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[Linux PPP HOWTO Corwin Light-Williams and Joshua Drake]: \begin{alltt} http://www.linuxdoc.org/HOWTO/PPP-HOWTO/index.html \end{alltt} \end{description} %============================================================================= \setcounter{section}{112} \section{(1.13) Networking Services [20]} %------------------------------------------------------------------------------ \subsection{Configure and manage inetd, xinetd, and related services [5]} \subsubsection*{Statement of Objective:} Candidates should be able to configure which services are available through inetd, use tcpwrappers to allow or deny services on a host-by-host basis, manually start, stop, and restart Internet services, configure basic network services including telnet and ftp. Set a service to run as another user instead of the default in inetd.conf. \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} /etc/inetd.conf /etc/hosts.allow /etc/hosts.deny /etc/services /etc/xinetd.conf /etc/xinetd.log \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %------------------------------------------------------------------------------ \subsection{Operate and perform basic configuration of sendmail [5]} \subsubsection*{Statement of Objective:} Candidate should be able to modify simple parameters in sendmail configuration files (including the "Smart Host" parameter, if necessary), create mail aliases, manage the mail queue, start and stop sendmail, configure mail forwarding and perform basic troubleshooting of sendmail. The objective includes checking for and closing open relay on the mailserver. It does not include advanced custom configuration of Sendmail. \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} /etc/sendmail.cf /etc/aliases or /etc/mail/aliases /etc/mail/* ~/.forward mailq sendmail newaliases \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %------------------------------------------------------------------------------ \subsection{Operate and perform basic configuration of Apache [3]} \subsubsection*{Statement of Objective:} Candidates should be able to modify simple parameters in Apache configuration files, start, stop, and restart httpd, arrange for automatic restarting of httpd upon boot. Does not include advanced custom configuration of Apache. \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} apachectl httpd httpd.conf \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[Apache home page]: \begin{alltt} http://www.apache.org \end{alltt} \end{description} %------------------------------------------------------------------------------ \subsection{Properly manage the NFS, smb, and nmb daemons [4]} \subsubsection*{Statement of Objective:} Candidate should know how to mount remote filesystems using NFS, configure NFS for exporting local filesystems, start, stop, and restart the NFS server. Install and configure Samba using the included GUI tools or direct edit of the /etc/smb.conf file (Note: this deliberately excludes advanced NT domain issues but includes simple sharing of home directories and printers, as well as correctly setting the nmbd as a WINS client). \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} /etc/exports /etc/fstab /etc/smb.conf mount umount \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %------------------------------------------------------------------------------ \subsection{Setup and configure basic DNS services [3]} \subsubsection*{Statement of Objective:} Candidate should be able to configure hostname lookups and troubleshoot problems with local caching-only name server. Requires an understanding of the domain registration and DNS translation process. Requires understanding key differences in configuration files for bind 4 and bind 8. \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} /etc/hosts /etc/resolv.conf /etc/nsswitch.conf /etc/named.boot (v.4) or /etc/named.conf (v.8) named \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %------------------------------------------------------------------------------ \subsection{Configure ntp.conf and ntp.drift to be used by xntpd [2]} \subsubsection*{Statement of Objective:} Candiate should be able to set up the system to synchronize the clock over NTP. Configure it to correct clock drift to match NTP clock. \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} /etc/ntp.conf /etc/ntp.drift ntpd ntpdate \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %------------------------------------------------------------------------------ \subsection{Set up secure shell (OpenSSH) [2]} \subsubsection*{Statement of Objective:} The candidate should be able to obtain and configure OpenSSH. This objective includes basic OpenSSH installation and troubleshooting, as well as configuring sshd to start at system boot.. \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} /etc/hosts.allow /etc/hosts.deny /etc/nologin /etc/ssh/sshd_config /etc/ssh_known_hosts /etc/sshrc sshd ssh-keygen \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================= \setcounter{section}{113} \section{(1.14) Security [10]} %------------------------------------------------------------------------------ \subsection{Perform security administration tasks [4]} \subsubsection*{Statement of Objective:} Candidates should know how to review system configuration to ensure host security in accordance with local security policies. This objective includes how to configure TCP wrappers, find files with SUID/SGID bit set, verify packages, set or change user passwords and password aging information, update binaries as recommended by CERT, BUGTRAQ, and/or distribution's security alerts. Includes basic knowledge of ipchains and iptables. \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} /proc/net/ip_fwchains /proc/net/ip_fwnames /proc/net/ip_masquerade find ipchains passwd socket iptables \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %------------------------------------------------------------------------------ \subsection{Setup host security [4]} \subsubsection*{Statement of Objective:} Candidate should know how to set up a basic level of host security. Tasks include syslog configuration, shadowed passwords, set up of a mail alias for root's mail and turning of all network services not in use. \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} /etc/inetd.conf or /etc/inet.d/* /etc/nologin /etc/passwd /etc/shadow /ets/syslog.conf \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %------------------------------------------------------------------------------ \subsection{Setup user level security [2]} \subsubsection*{Statement of Objective:} Candidate should be able to configure user level security. Tasks include limits on user logins, processes, and memory usage. \subsubsection*{Key files, terms, and utilities include:} \begin{alltt} quota usermod \end{alltt} \subsubsection*{Resources of Interest:} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} %============================================================================= %============================================================================= %============================================================================= \part{Resources} %============================================================================= %============================================================================= \setcounter{chapter}{0} \chapter{(1.1) Hardware \& Architecture [11]} {\Large Old number: ()}\\[2mm] {\Large Weight: []} \section*{Configure Fundamental BIOS Settings [3]} \section*{Setup SCSI devices [2]} \section*{Setup different PC expansion cards [2]} \section*{Configure communication devices [2]} \section*{Set Up USB devices [2]} \newpage %------------------------------------------------------------------------------ \section{Configure Fundamental BIOS Settings [3]} \label{sec:101.1.re} \newpage %------------------------------------------------------------------------------ \section{Set Up USB devices [2]} \label{sec:101.5.re} \subsection{Statement of Objective:} Candidates should be able to activate USB support, use and configure different USB devices. This objective includes the correct selection of the USB chipset and the corresponding module. It also includes the knowledge of the basic architecture of the layer model of USB as well as the different modules used in the different layers. Key files, terms, and utilities include: \begin{alltt} lspci(8) usb-uhci.o usb-ohci.o /etc/usbmgr/ \textrm{(A directory)} usbmodules /etc/hotplug \end{alltt} \subsection{The Universal Serial Bus} \begin{itemize} \item A serial transmission scheme \item Two versions of USB Version 1 \& Version 2 \item Version \begin{itemize} \item 1 released January 1996 \item supports speeds up to 12MBit/s (8.5Mbit/s in practice) \item supports up to 127 devices connected to the bus \end{itemize} Version 2: \begin{itemize} \item announced 1999 \item supports speeds up to 480Mbit/s \end{itemize} \item Devices can be self or bus powered \end{itemize} \subsection{USB Topology} The system unit contains the host controller and one virtual root hub with at least one (and normally two) USB interfaces. These interfaces can then be connected directly to a USB device or to another HUB. \subsection{USB Device Driver Layers} The Device drivers used for the USB sub-system are split into two distinct layers: Hardware Layer - usbcore \& usb-uhci / usb-ohci API Layer - Application / Product specific \subsection{USB Controllers} There are two categories of USB controller: usb-uhci - For Intel, PIIX4, Via controllers usb-ohci - For Compaq, iMacs, OPTi, SiS, ALi controllers To determine your controller type, examine /proc/pci for a clue: \begin{alltt} [root@Node4] root]\# cat /proc/pci PCI devices found: ......... Bus 0, device 7, function 2: USB Controller: VIA Technologies, Inc. UHCI USB (rev 17). IRQ 10. Master Capable. Latency=32. I/O at 0xe400 [0xe41f]. ......... \end{alltt} The UHCI controllers use a 16 bit IO address: \begin{alltt} I/O at 0xHHHH eg: I/O at 0xe400 \end{alltt} The OHCI controllers use a 32 bit memory address: \begin{alltt} memory at 0xHH000000 eg memory at 0xee000000 \end{alltt} \subsection{USB Modules} Assuming you have a modular kernel, the following modules will be required: usbcore - The base usb kernel module plus one of the controller specific modules: usb-uhci - For Intel, PIIX4, Via controllers usb-ohci - For Compaq, iMacs, OPTi, SiS, ALi controllers Configuration: An entry in /etc/modules.conf aliases the specific controller to usb-controller as follows: alias usb-controller usb-uhci Starting up the USB sub-system To have the usb sub-sytem startup automatically at boot time, all you need to do is ensure that the above alias line is present in /etc/modules.conf. To startup manually, do the following steps: insmod usbcore insmod usb-uhci (or usb-ohci) mount the usbdevfs filesystem (optional but highly recommended) Example: [root@Node4] root]\# insmod usbcore Using /lib/modules/2.4.18-4/kernel/drivers/usb/usbcore.o [root@Node4] root]\# insmod usb-uhci Using /lib/modules/2.4.18-4/kernel/drivers/usb/usb-uhci.o [root@Node4] root]\# mount -t usbdevfs usbdevfs /proc/bus/usb Once this is done, you should see the following entries in /proc/bus/usb: [root@Node4] root]\# ls /proc/bus/usb 001 devices drivers \subsection{USB Interrogation Utilities} \subsubsection{LSUSB - A console view of USB devices} Lsusb is a text utility contained in the usbutils package. Use 'rpm -Uvh usbutils.xxx.rpm' to install. \begin{alltt} [root@node4]\# lsusb Bus 001 Device 001: ID 0000:0000 Virtual Hub Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 1.00 bDeviceClass 9 Hub iProduct 2 USB UHCI Root Hub .......... Bus 001 Device 002: ID 03f0:0601 Hewlett-Packard ScanJet 6300c Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 1.00 bDeviceClass 0 Interface bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 8 idVendor 0x03f0 Hewlett-Packard idProduct 0x0601 ScanJet 6300c bcdDevice 1.00 iManufacturer 1 iProduct 2 HP ScanJet 6300C iSerial 3 SG9941706SPE ........ Bus 001 Device 003: ID 1189:6000 Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 1.00 bDeviceClass 0 Interface bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 8 idVendor 0x1189 idProduct 0x6000 bcdDevice a.03 iManufacturer 0 iProduct 1 USB Optical Storage Device iSerial 0 \end{alltt} \subsubsection{USBVIEW - An X view of USB devices} Usbview is a gui utility contained in the usbview package. Use 'rpm -Uvh usbview.rpm' to install. Usbview parses /proc/bus/usb/devices for connected USB devices. Any device that has a problem will be printed in red. \subsection{Hotplugging Usb Devices} When a device is plugged into a USB port, it will automatically register itself with the USB subsystem. The upper API drivers will not however automatically 'insmod' themselves unless the hotplug package has been installed. With the hotplug package installed, an entry in /proc/sys/kernel/hotplug will be created which will contain the name of an executable to be called whenever a new device is detected on the bus. \begin{alltt} $ ls /proc/sys/kernel/hotplug /sbin/hotplug \end{alltt} For example, when a USB scanner is plugged in, hotplug will automatically load the module 'scanner.o'. The xsane application can then be run directly without any user intervention. /sbin/hotplug is an executable which is called by the kernel (kernel space to user space interface) /etc/hotplug is a directory containing configuration information for hotplug (which drivers to load when a device is plugged in) \subsection{Resources} \begin{itemize} \item The Linux USB Sub System by Brad Hards, Sigma Bravo Pty Ltd \item \texttt{www.linux-usb.org} \end{itemize} %============================================================================= %============================================================================= \chapter{Linux Installation \& Package Management} {\Large Old number: (2.2)}\\[2mm] {\Large Weight: [24]} \section*{Design hard disk layout [2]} \section*{Install a boot manager [3]} \section*{Make and install programs from source [5]} \section*{Manage shared libraries [3]} \section*{Use Debian package management [5]} \section*{Use Red Hat Package Manager (RPM) [6]} \newpage %------------------------------------------------------------------------------ \section{Design hard disk layout [2]} \label{sec:102.1.re} \newpage %------------------------------------------------------------------------------ \section{Install a boot manager [3]} \label{sec:102.2.re} \newpage %------------------------------------------------------------------------------ \section{Make and install programs from source [5]} \label{sec:102.3.re} \subsection{Objective} Candidates should be able to build and install an executable program from source. This objective includes being able to unpack a file of sources. Candidates should be able to make simple customisations to the Makefile, for example changing paths or adding extra include directories. \subsubsection{Key files, terms, and utilities include:} \begin{alltt} gunzip gzip bzip2 tar configure make \end{alltt} \subsubsection{Resources of interest} \begin{itemize} \item LPI Linux Certification in a Nutshell \\ \texttt{by Jeffrey Dean}\\ \textsf{O'Reilly} \item LPIC 1 Certification Bible\\ \textit{Angie Nash and Jason Nash}\\ \textsf{Hungry Minds} \end{itemize} %.............................................................................. \subsection{Source Code Distribution} To distribute software in the form of source code a \textsf{source tree} is archived into one file using the tar command and then compressed. The resulting file is called a \textsf{tarball}. Source code may also be distributed using the package management tools of a particular distribution. \begin{description} \item[Debian] apt-get install kernel-source-2.2.27 \item[Redhat] rpm -Uhv at-3.1.8-23.src.rpm \item[Tarball] tdb-1.0.6.tar.gz \end{description} %.............................................................................. \subsection{Steps to Install a package from \textsf{tarball}} \begin{itemize} \item Unpack the \textsf{tarball}: \begin{alltt} \cmd{tar zxvf my-prog.tar.gz} \end{alltt} \item Change directory into the source tree: \begin{alltt} \cmd{cd my-prog} \end{alltt} \item Configure the \texttt{Makefile}: \begin{alltt} \cmd{./configure} \end{alltt} \item Make: \begin{alltt} \cmd{make} \end{alltt} \item Install: \begin{alltt} \cmd{su -c 'make install'} \end{alltt} \end{itemize} %.............................................................................. \subsection{Installing the trivial database \texttt{tdb}} \subsubsection{Download} Locate and download the \texttt{tarball} \begin{itemize} \item \textsf{googling} for it: \texttt{http://google.com} \item search on \textsf{freshmeat}: \texttt{http://freshmeat.net} \item see if it lives on \textsf{sourceforge}: \texttt{http://www.sf.net} \end{itemize} Download the tarball to a suitable directory such as \texttt{/tmp}. \subsubsection{Unpack} The \textsf{tarball} file is a compressed archived source tree. Most commonly the file will be compressed using either \texttt{gzip} or \texttt{bzip2} \textsf{GNU} \texttt{tar} can uncompress and unpack the archive: \begin{alltt} \cmd{tar zxvf tdb-1.0.6.tar.gz} \end{alltt} or \begin{alltt} \cmd{tar jxvf tdb-1.0.6.tar.bz2} \end{alltt} \subsubsection{\texttt{cd} into the tree} The unpacked \textsf{tarball} creates a source tree. The base of which is the name of the program \begin{alltt} \cmd{ls} tdb-1.0.6 tdb-1.0.6.tar.gz \cmd{cd tdb-1.0.6} \cmd{ls} configure tdb.c tdb.h README INSTALL COPYING ... \end{alltt} \subsubsection{\texttt{cd} into the tree} \small \begin{alltt} \cmd{ls -w 70} acconfig.h install-sh stamp-h.in tdb.h aclocal.m4 ltconfig tdb.3 tdbiterate.c AUTHORS ltmain.sh tdb.c tdb_open.3 ChangeLog Makefile.am tdb_chainlock.3 tdb.spec config.guess Makefile.in tdb_close.3 tdbspeed.c config.h.in missing tdb_delete.3 tdb_store.3 config.sub mkinstalldirs tdbdump.c tdbtest.c configure NEWS tdb_error.3 tdbtool.c configure.in README tdb_exists.3 tdbtorture.c COPYING spinlock.c tdb_fetch.3 tdb_traverse.3 INSTALL spinlock.h tdb_firstkey.3 TODO \end{alltt} \subsubsection{\texttt{./configure}} \small \begin{alltt} \cmd{file configure} configure: Bourne shell script text executable \cmd{head -5 configure} #! /bin/sh # Guess values for system-dependent variables # Create Makefiles. # Generated automatically using autoconf version 2.13 \end{alltt} \subsubsection{\texttt{./configure}} \small \begin{alltt} \cmd{./configure} creating cache ./config.cache checking for a BSD compat install... /usr/bin/install -c checking whether build environment is sane... yes checking whether make sets ${MAKE}... yes checking for working aclocal... found ... creating ./config.status creating Makefile creating config.h \end{alltt} \subsubsection{The \texttt{Makefile}} \small \begin{alltt} SHELL = /bin/sh CC = gcc CFLAGS = -g -O2 prefix = /usr/local includedir = ${prefix}/include ... tdbtool: $(tdbtool_OBJECTS) $(tdbtool_DEPENDENCIES) @rm -f tdbtool $(LINK) $(tdbtool_LDFLAGS) $(tdbtool_OBJECTS) \ $(tdbtool_LDADD) $(LIBS) ... distclean: distclean-am -rm -f config.status \end{alltt} \subsubsection{\texttt{make}} \small \begin{alltt} \cmd{make} /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -c tdb.c mkdir .libs gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -c -fPIC -DPIC tdb.c -o .libs/tdb.lo gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -c tdb.c -o tdb.o >/dev/null 2>&1 mv -f .libs/tdb.lo tdb.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -c spinlock.c ... \end{alltt} \subsubsection{\texttt{make install}} \small \begin{alltt} su -c 'make install' Password: make[1]: Entering directory `/tmp/tdb-1.0.6' /bin/sh ./mkinstalldirs /usr/local/lib /bin/sh ./libtool --mode=install /usr/bin/install -c libtdb.la /usr/local/lib/libtdb.la ... chmod 644 /usr/local/lib/libtdb.a PATH="$PATH:/sbin" ldconfig -n /usr/local/lib \end{alltt} %.............................................................................. \subsection{Play with the trivial database \texttt{tdb}} The utility \texttt{tdbtool} may be used to have a play with \texttt{tdb}. \begin{itemize} \item Start it and display the help by typing something random: \begin{alltt} \cmd{tdbtool} tdb> ? tdbtool: create dbname : create a database open dbname : open an existing database erase : erase the database dump dumpname : dump the database as strings insert key data : insert a record store key data : store a record (replace) show key : show a record by key delete key : delete a record by key list : print the database hash table and freelist free : print the database freelist 1 | first : print the first record n | next : print the next record q | quit : terminate \(\setminus\)n : repeat 'next' command tdb> \end{alltt} \item Create a database: \begin{alltt} tdb> create test.tdb \end{alltt} \item Add some data: \begin{alltt} tdb> insert 1 thing tdb> insert 2 foo tdb> insert 3 bar tdb> insert 55 whizz \end{alltt} \item Have a look at an entry: \begin{alltt} tdb> show 3 key 2 bytes 3 data 4 bytes [000] 62 61 72 00 bar \end{alltt} \item Experiment. \end{itemize} \newpage %------------------------------------------------------------------------------ \section{Manage shared libraries [3]} \label{sec:102.4.re} \newpage %------------------------------------------------------------------------------ \section{Use Debian package management [5]} \label{sec:102.5.re} \newpage %------------------------------------------------------------------------------ \section{Use Red Hat Package Manager (RPM) [6]} \label{sec:102.6.re} %============================================================================= %============================================================================= \setcounter{chapter}{0} \chapter{} \label{ch:104.ex} {\Large Old number: ()}\\[2mm] {\Large Weight: []} \section*{Create partitions and filesystems []} \section*{Maintain the integrity of filesystems []} \section*{Control mounting and unmounting filesystems []} \section*{Managing disk quota []} \section*{Use file permissions to control access to files []} \section*{Manage file ownership []} \section*{Create and change hard and symbolic links []} \section*{Find system files and place files in the correct location []} \newpage %============================================================================= \section{Create partitions and filesystems [3]} \label{sec:104.1.re} %============================================================================= %============================================================================= %============================================================================= \part{Practical Exercises} %============================================================================= %============================================================================= \setcounter{chapter}{102} \chapter{} {\Large Old number: (1.3)}\\[2mm] {\Large Weight: [30]} \section*{Work on the command line [4]} \section*{Process text streams using filters [7]} \section*{Perform basic file management [2]} \section*{Use streams, pipes, and redirects [3]} \section*{Create, monitor, and kill processes [7]} \section*{Modify process execution priorities [2]} \section*{Search text files using regular expressions [3]} \section*{Perform basic file editing using vi [2]} \newpage %============================================================================= \section{Work on the command line [4]} \label{sec:103.1.ex} \newpage %============================================================================= \section{Find system files and place files in the correct location [2]} \label{sec:104.8.ex} %============================================================================= %============================================================================= %============================================================================= \part{Questions} %============================================================================= %============================================================================= % \setcounter{chapter}{0} % \chapter{General Linux Part 1 [89]} %============================================================================= \setcounter{section}{102} \section{(1.3) GNU \& Unix Commands [30]} %\newpage %------------------------------------------------------------------------------ \subsection{Work on the command line [4]} \label{sec:1.103.1.q} \apendix %============================================================================= \end{document}%=============================================================== %============================================================================= \begin{alltt} \$ \(\hookleftarrow\) \end{alltt} %============================================================================== %++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ %------------------------------------------------------------------------------ %..............................................................................