A Linux 1-day
 workshop
Presented by Peter Dalmaris
About this workshop

• No prior knowledge of Linux necessary
• Lots of Linux flavours, we concentrate on
  Ubuntu
• Server,...
About this workshop
About this workshop
๏   Start with some history and
    architecture

๏   Virtual Machines, installation

๏   Remote acces...
About this workshop
๏   Start with some history and
    architecture
                                     ๏ Software manag...
About me
• Working with Linux for over 10 years
• Administrator for two public web applications
  running on Ubuntu Linux ...
History - UNIX and
         GNU
• UNIX dominated the OS space since 1960.
  It was efficient, effective, but expensive.
• A...
History - GNU is not
       an OS

• ...but there were no complete kernel,
  device drivers, daemons etc.
• Without these ...
History - Linux fills the
             gap
• In 1991 Linus Trovalds developed a replacement of
  MINIX teaching OS develope...
The cost of developing
   Linux Fedora 9
The cost of developing
       Linux Fedora 9


Linux kernel
NCAR's newest supercomputer: On 12 July
     2004, SCD took delivery of lightning, a new
     Linux cluster manufactured b...
Ubuntu Linux
• A good choice for both server and desktop
  distribution.
• Free and well updated - new release every
  six...
Ubuntu Linux server
• Build on Debian, with reputation for robust
  server implementations.
• Latest version is 9.04, base...
Ubuntu Linux server

• Kernel-based virtual machine (KVM).
• Microsoft Exchange support.
• Simplified firewall.
• etc. etc.
Desktop vs server
Getting started:
             installation on virtual
•   It makes sense to install servers
    machines:
    • Better use...
Virtualisation
Option 1: Ubuntu server
on VMware on any host
 • Download the server image from http://
   www.ubuntu.com/getubuntu/downlo...
Vodcast: Installing Ubuntu 9.04 on
                VMWare Fusion

http://blog.futureshock-ed.com/2009/08/installing-
     ...
Option 2: Linux guests to an
Ubuntu host running KVM

  • KVM is the default virtualisation technology
    that ships with...
One host, many guests

               Ubuntu guest

               Windows guest



 Ubuntu host
Install a guest #1
           Can your hardware support KVM?
Inspect the cpuinfo
         virtual file:

                  ...
Install guest #2
         Add your user name to the libvirtd group
 More about user
management later.
                    ...
Install KVM #3
             Run the KVM command as root to reveal
             problems, such as lack of hardware


kvm co...
Setup the virtual
      network #1
To enable network services to the VM and
VM access to the outside world, we must
configu...
Setup the virtual
network #2
  3. Edit /etc/network/
  interfaces and add
  the br0 section:

         Content of /etc/
  ...
Setup the virtual
      network #3
4. Restart networking services:
Remote administration
Remote administration
   with SSH #1
• Ubuntu comes with an open source
  implementation of the SSH standard, called
  Ope...
Remote administration
   with SSH #2
Install the sshd component:


Install the client component:
          Some OS’s, like...
Remote administration
      with SSH #3
Connect:




 Local machine




Remote machine
Remote administration
           with SSH #4
  You can authenticate the client using its public key;
  then, you will not ...
Remote administration
      with SSH #5
Take the contents of the file in ~/.ssh/id_dsa.pub on
the client, and paste it in t...
Remote administration
        with SSH #6
Connect just like before, there
should be no request for your
password:




   L...
Upgrading
Upgrading
To upgrade to the latest version of Ubuntu
server, use the so-release-upgrade utility.
     First, update apt-ge...
Updating installed
             packaged
Use the apt-get tool:

To automate package updates, use unattended-
upgrades:
   ...
User management
User management
๏ A critical aspect of server management.
๏In Ubuntu, the root user is disabled for safety.
๏Management ta...
Adding and deleting
            users
To add a user:


To delete a user (will retain the home directory):


To disable a u...
Creating and deleting
           groups
To create a group:


To delete a group:


To add a user to a group:
User profiles
By default, all new home directories are accessible
by everyone.You can enforce non-default access
rights to ...
Password policy
You can enforce strong user passwords by editing the
password policy file /etc/pam.d/common-password.


For...
Password expiration
 To see the password expiry value for a user, use the
 “chage” command:
The chage tool is for
  changi...
File system
File system
A filesystem is responsible for managing data stored
on a non-volatile storage device like hard disks, USB
driv...
Ext3
A journaling filesystem: logs changes in a journal to
increase reliability in case of power failure or system
crash.
Ext3

Not as fast as others, like JFS, ReiserFS and XFS,
but wins in CPU utilization, reliability, and testing
base.
Ext3 file limits




^ 8 KiB block size is only available on architectures which allow 8 KiB pages, such as Alpha.
Ext3 levels of journaling
❖Journal
 ❖Lowest risk, slowest
 ❖Metadata and files are written to the journal before being
  co...
Ext4
❖Adds 64-bit storage limits.
❖Volumes up to 1 exabyte. Files up to 16 terabytes.
❖Improved large file performence and ...
Files and directories
Filesystems store data in files and directories.
Filesystems are stored in disk partitions.
You can c...
fstab: static fs info
fstab is a text file that
   contains filesystem
            information
df: Partition utilization
df stands for “disk
              free”
Mount points
The mount command attaches a
    filesystem to a mount point




  Remount /usr in read only:

   Mount all fs...
File & directory
           commands
Command                         Description
   ls     Lists the contents of a directo...
Repartitioning a live
      system
  Vodcast: Repartitioning a live system

 http://blog.futureshock-ed.com/2009/06/
repar...
Networking
Networking
Most networking is configured by editing two files:
❖/etc/network/interfaces
 ❖Ethernet, TCP/IP, bridging
❖/etc/r...
/etc/network/interfaces
Typical default contents:
Directive   Description

            Indicates the device should be setu...
/etc/network/interfaces
Good practice: fix your server’s IP address.
Directive    Description

             Indicates the a...
/etc/hosts
Ubuntu refers to this file to resolve host names
before contacting a DNS. Good for frequently used
hostnames, or...
Network useful
     commands
Command                           Description

      ping          Test that an internet host...
Backup
Backup
“Failing to plan is planning to fail”
It is a matter of time before you experience system
failure on your server. W...
What is a backup?

... to keep multiple historical versions of your data
going back far enough in time to enable recovery
...
Types of backup
❖Full - Backup the complete data set
❖Incremental - Backup only changes since last
backup

Periodic backup...
Backup using a shell script
#!/bin/sh
####################################
#
# Backup to NFS mount script.
               ...
Automating with cron
 Cron is used to schedule the execution of scripts. We
 will look at it in more detail later.


To en...
Restoring
   Use tar to test the integrity of an archive, or to
   extract its contents.

       To list the contents of t...
...or, specialised backup
          utilities
                          Such as Bacula,
                       still open-...
Server software
Servers, servers,
            servers
Most useful work on a server is done by some
kind of server software:

❖Web (i.e. Ap...
Web servers
Web server
Lot’s of choices for open source web servers.
         ❖Apache
         ❖LightTPD (YouTube,
         Meebo, Wik...
Apache:
   history and
Apache has been around for ever (at least since the
begining of the known time, when the web was
in...
Installing Apache
Apache is installed in /etc/apache2.
Installing Apache
                     Apache is installed in /etc/apache2.
File/Directory                                ...
Works immediately
/etc/apache2/sites-
available/site_name
/etc/apache2/sites-
available/site_name
                      <VirtualHost *:80>
                      
       ServerAdmin...
/etc/apache2/sites-
available/site_name
                             <VirtualHost *:80>
                             
    ...
/etc/apache2/sites-
available/site_name
                             <VirtualHost *:80>
                             
    ...
/etc/apache2/sites-
available/site_name
                                  <VirtualHost *:80>
                             ...
/etc/apache2/sites-
available/site_name
                                  <VirtualHost *:80>
                             ...
/etc/apache2/sites-
available/site_name
                                  <VirtualHost *:80>
                             ...
/etc/apache2/sites-
available/site_name
                                  <VirtualHost *:80>
                             ...
/etc/apache2/sites-
available/site_name
                                  <VirtualHost *:80>
                             ...
Multiple sites
 Apache supports multiple sites on the same machine.
 Assign sites by port number, sub-domain, directory
 n...
Modules
There are many modules that provide additional
functionality.

These modules can be installed and loaded
dynamical...
Apache: depth and
    breadth
Databases
Database server: mySQL

   “The world’s most popular open-source database”*
                       *http://www.mysql.com/
...
MySQL features
❖Cross-platform compatible
❖Libraries for all major      ❖Selection of storage engines
programming language...
Mysql installation
          Installs the MySQL
       authentication module
After installation, check mysql
            d...
Create a new database
           and user
        Log on as root (asks for
                                    mysql -u ro...
LAMP
LAMP
Linux    A popular configuration for
Apache   Linux servers.
MySQL
Php      LAMP applications are packaged
         in...
LAMP example: Moin Moin
 Moin Moin is a Python-based wiki engine.
   Install Moin Moin (expects
  Apache 2 already install...
Configure Moin Moin
            Edit /etc/moin/mywiki.py      data_dir = '/usr/share/moin/mywiki/data'



                 ...
Test it...   Browse to http://localhost/mywiki
FTP
FTP
A simple way to transfer files between computers.
Many open source FTP servers available on Linux:
❖ vsftp
❖ Filezilla
...
Install vsftp
“Probably the most secure and fastest FTP server for UNIX-like systems.”
                                   ...
Install vsftp
“Probably the most secure and fastest FTP server for UNIX-like systems.”
                                   ...
Connect to the FTP
     server
Connect to the FTP
     server
              Anonymous
              connection
Connect to the FTP
     server
              Anonymous
              connection



               Download
               ...
Connect to the FTP
     server
              Anonymous
              connection



               Download
               ...
Secure FTP
 Edit /etc/vsftpd.conf:




Now vsftpd will ask for the user’s password
and will start at their home directorie...
NFS
Allows for server files and directories to be
available to remote clients as if they were local.

           Install it:
NFS
  Allows for server files and directories to be
  available to remote clients as if they were local.

                 ...
Export a directory
Export a directory
Export the /home directory to
client with IP 192.168.178.20:




Connect to the
NSF export:



Use as i...
Email
Email services: Postfix


    The default Mail Transfer Agent (MTA) for Ubuntu
  Rich set of features:
❖Protocols:         ...
Postfix installation
                      Install it:


  The configuration screens will come up as part of
  the installat...
Postfix configuration
                                       Check sources such as
Sample values:
                          ...
SMTP authentication
Allows a client to identify itself. Once authenticated,
the SMTP server will allow the client to relay...
Test by sending yourself
        an email
      Install nail, a
    command line
          emailer:
Firewall
Firewall
The Linux kernel includes the Netfilter subsystem:
controls network traffic in/out your server.


Linux firewalls ut...
ufw
    “the friendly way to create a firewall”
    ufw: Ucomplicated firewall

                          Install ufw:



En...
ufw, examples of rules
                   Delete a rule:

Allow access from a host to port
22 of any IP address on this ho...
ufw, examples of rules
                    Disable the firewall:


                              See status:


            ...
Software management
Package management
Over 24,000 software packages for Ubuntu. It is a
good idea to use a package manager to maintain
those ...
apt
A collection of tools, not a single tool.

apt-get is the most important tool. Used for
tasks like:
❖Update the index ...
Using apt-get
             Already installed, ready to use.

 Install a package named “nmap”:


Remove a package named “nm...
Automatic updates
     The “unattended-upgrades” package can
     automatically install updated packages.
             Ins...
Windows connectivity
Windows connectivity
Works as:
❖File server
❖Printer server (including PDF)
❖Domain controller in Windows networks
❖Authen...
Samba installation
For Windows XP and later clients, there is nothing
to install.
For the Linux server:

              Ins...
Samba configuration
To define a share (in this example, the home
folders), edit the /etc/samba/smb.cnf file:
                ...
Access share from
   Windows
Other Samba
              capabilities
We just saw the most basic capability of Samba.
Other things you can do:
❖Sharing C...
Scheduling
Scheduling with cron
Cron is the standard job scheduler for Unix.
Cron stands for “cronograph”.


Every user can specify s...
Example crontab file
           Access/edit crontab file:




Schedule         Redirect output      Script to run
Example crontab file
           Access/edit crontab file:




Schedule         Redirect output      Script to run
Example crontab file
           Access/edit crontab file:




Schedule         Redirect output      Script to run
cron job definition
*   *   *   *   * command to execute
cron job definition
*   *   *   *   * command to execute
cron job definition
*   *   *   *   * command to execute
cron job definition
*   *   *   *   * command to execute
cron job definition
*   *   *   *   * command to execute
cron job definition
*   *   *   *   * command to execute
cron shortcuts
Entry   Description   Equivalent
Web-based
administration
Webmin: web
    based server
Open source interface for system administration
based on modules:
❖User management
❖Apache
❖M...
Webmin installation
          and configuration
                                         sudo apt-get install perl5 libnet-...
Access Webmin
          https://serverIP:10000
       Webmin modules              Statistics
Access Webmin
          https://serverIP:10000
       Webmin modules              Statistics
Access Webmin
          https://serverIP:10000
       Webmin modules              Statistics
Access Webmin
          https://serverIP:10000
       Webmin modules              Statistics
Vim
Vim: universal Unix
      editor
Vim and vi
Vim is an improved version of vi, the stock-standard
text editor for Unix and Linux systems.

          Install...
Vim cheat sheet
Go on and build your server.

Notes and videos available at http://
blog.futureshock-ed.com.

A discussion group available...
Linux beginner's Workshop
Linux beginner's Workshop
Linux beginner's Workshop
Linux beginner's Workshop
Linux beginner's Workshop
Linux beginner's Workshop
Linux beginner's Workshop
Upcoming SlideShare
Loading in...5
×

Linux beginner's Workshop

18,111

Published on

This is a slideshow used in an introductory Linux workshop. The workshop typically goes for one day, depending how many exercises we run in the lab.

Published in: Technology, News & Politics
14 Comments
98 Likes
Statistics
Notes
  • how can download it..
    pls send it to shree0linux@gmail.com. i need to improve my knowledge. Please help me on this this is awesome presentation.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • how can download it.......
    pls send it to k23raj@gmail.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • @ futureshocked: can you please share your slide and send to boluele@gmail.com.

    Thanks,
    Fernando
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Please let me know if the download will be made available soon
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Since last 3 years author is saying final version of will be produce. But still it is not available for download this is useless till it is not downloadable, because it is not possible to read and follow it online as it is 168 slides.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
18,111
On Slideshare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
0
Comments
14
Likes
98
Embeds 0
No embeds

No notes for slide

Linux beginner's Workshop

  1. 1. A Linux 1-day workshop Presented by Peter Dalmaris
  2. 2. About this workshop • No prior knowledge of Linux necessary • Lots of Linux flavours, we concentrate on Ubuntu • Server, not desktop edition • 9am to 5pm with a couple of breaks
  3. 3. About this workshop
  4. 4. About this workshop ๏ Start with some history and architecture ๏ Virtual Machines, installation ๏ Remote access ๏ User management ๏ File system ๏ Networking (including Samba) ๏ Backing up ๏ Server software
  5. 5. About this workshop ๏ Start with some history and architecture ๏ Software management: installing, removing, updating ๏ Virtual Machines, installation ๏ Scheduling jobs through cron ๏ Remote access ๏ Vim ๏ User management ๏ Webmin ๏ File system ๏ Rsync ๏ Networking (including Samba) ๏ Backing up ๏ ...and anything else we can fit in ๏ Server software
  6. 6. About me • Working with Linux for over 10 years • Administrator for two public web applications running on Ubuntu Linux 8.10 and 9.04 (www.trackscentral.com, www.gitcentral.com) • Delivering IT services through my company, Futureshock Research (BPM, Ruby on Rails, .NET, Linux,VoiP etc.) • Teaching at CSU since 2002. • Undergraduate degree in Electrical and Computer Engineering, Masters in Information Systems, Masters in Knowlegde Management, PhD in Business Process Management and Knowledge Management. • Contact me at peter.dalmaris@gmail.com
  7. 7. History - UNIX and GNU • UNIX dominated the OS space since 1960. It was efficient, effective, but expensive. • An effort to produce an open-source UNIX-like OS begun by Richard Stallman in 1994, this was the GNU project beginnings. • A lot of software was written as part of the GNU project by the Free Software Foundation: compilers, text editors, a shell...
  8. 8. History - GNU is not an OS • ...but there were no complete kernel, device drivers, daemons etc. • Without these subsystems, GNU could not be completed as intended.
  9. 9. History - Linux fills the gap • In 1991 Linus Trovalds developed a replacement of MINIX teaching OS developed by Andrew S. Tanenbaum and released by Prentice-Hall. • This replacement became the Linux kernel.Version 0.12 of Linux was release in 1992. • At first, it operated in the Minix user space. • Linux kernel became the missing GNU kernel.
  10. 10. The cost of developing Linux Fedora 9
  11. 11. The cost of developing Linux Fedora 9 Linux kernel
  12. 12. NCAR's newest supercomputer: On 12 July 2004, SCD took delivery of lightning, a new Linux cluster manufactured by IBM. The 1.1- teraflop system is now installed in the NCAR Computer Room Motorola RAZR², an advanced embedded system using embedded Linux The Nokia N810 features the Maemo Linux distribution,[2] based on Maemo 4.0, which features MicroB (a Mozilla-based mobile browser), a GPS navigation application, new media player, and a refreshed interface. The WRT54G is notable for Ubuntu Linux on being the first consumer- Macbook Pro level network device that had its firmware source code released to satisfy the obligations of the GNU GPL.
  13. 13. Ubuntu Linux • A good choice for both server and desktop distribution. • Free and well updated - new release every six months. • Security updates for 18 months - after that just upgrade to the latest version. • There are LTS versions with extended
  14. 14. Ubuntu Linux server • Build on Debian, with reputation for robust server implementations. • Latest version is 9.04, based on kernel 2.6.28-11.37. • Out of the box support for cloud computing (Eucalyptus). • Mail server stack: SMTP, POP3, IMAP with
  15. 15. Ubuntu Linux server • Kernel-based virtual machine (KVM). • Microsoft Exchange support. • Simplified firewall. • etc. etc.
  16. 16. Desktop vs server
  17. 17. Getting started: installation on virtual • It makes sense to install servers machines: • Better use of existing hardware • Ease of maintenance and disaster You can assign a Linux virtual machine to a single service, like a web server, email server etc. Keep things simple. Maintain a single Linux host and multiple guests.
  18. 18. Virtualisation
  19. 19. Option 1: Ubuntu server on VMware on any host • Download the server image from http:// www.ubuntu.com/getubuntu/download- server • Start Vmware • Create a new virtual machine using the image you just downloaded • (Link to video tute, or show in lab)
  20. 20. Vodcast: Installing Ubuntu 9.04 on VMWare Fusion http://blog.futureshock-ed.com/2009/08/installing- ubuntu-904-on-vmware-fusion.html
  21. 21. Option 2: Linux guests to an Ubuntu host running KVM • KVM is the default virtualisation technology that ships with current versions of Ubuntu • Requires hardware with virtualisation extensions
  22. 22. One host, many guests Ubuntu guest Windows guest Ubuntu host
  23. 23. Install a guest #1 Can your hardware support KVM? Inspect the cpuinfo virtual file: No output means no KVM support. Try checking virtualization settings in the BIOS. If there is support, install the required packages: Use the apt-get package manager: • libvirt-bin provides libvirtd which you need to administer qemu and kvm instances using libvirt • kvm is the backend • ubuntu-vm-builder powerful command line tool for building virtual machines • bridge-utils provides a bridge from your network to the virtual machines
  24. 24. Install guest #2 Add your user name to the libvirtd group More about user management later. This will give you access to the system-wide libvirtd instance. Log out and in to make this effective. Test the installation is valid: virsh is the main interface for managing guest domains
  25. 25. Install KVM #3 Run the KVM command as root to reveal problems, such as lack of hardware kvm command can be used to start guest machines directly.
  26. 26. Setup the virtual network #1 To enable network services to the VM and VM access to the outside world, we must configure bridge networking; The VM will access the network through the host’s 1. Install the bridge utility 2. Stop networking services
  27. 27. Setup the virtual network #2 3. Edit /etc/network/ interfaces and add the br0 section: Content of /etc/ network/ You may use DHCP instead of fixed values.
  28. 28. Setup the virtual network #3 4. Restart networking services:
  29. 29. Remote administration
  30. 30. Remote administration with SSH #1 • Ubuntu comes with an open source implementation of the SSH standard, called OpenSSH. • OpenSSH makes it possible to securely control a remote computer, and to transfer files. • To make this possible, we must install the sshd component on the server.
  31. 31. Remote administration with SSH #2 Install the sshd component: Install the client component: Some OS’s, like Mac OS X, come with an SSH client build-in. In Windows, use Putty.
  32. 32. Remote administration with SSH #3 Connect: Local machine Remote machine
  33. 33. Remote administration with SSH #4 You can authenticate the client using its public key; then, you will not need to provide a password every Create the client’s public key if one doesn’t exist already: ssh-keygen is a key pair generator This creates your key pair and stores it in ~/.ssh/.
  34. 34. Remote administration with SSH #5 Take the contents of the file in ~/.ssh/id_dsa.pub on the client, and paste it in the file ~/.ssh/ authorized_keys on the server. If the target file does
  35. 35. Remote administration with SSH #6 Connect just like before, there should be no request for your password: Local machine Remote machine
  36. 36. Upgrading
  37. 37. Upgrading To upgrade to the latest version of Ubuntu server, use the so-release-upgrade utility. First, update apt-get to acquire the latest package information: Then, install the upgrade utility: Finally, do the upgrade:
  38. 38. Updating installed packaged Use the apt-get tool: To automate package updates, use unattended- upgrades: Install the package: ... and configure it:
  39. 39. User management
  40. 40. User management ๏ A critical aspect of server management. ๏In Ubuntu, the root user is disabled for safety. ๏Management tasks requiring root access can be completed by using the sudo command by a user who is in the “admin” group. ๏The user created during the installation process is added automatically to the admin group.
  41. 41. Adding and deleting users To add a user: To delete a user (will retain the home directory): To disable a user: To enable a user:
  42. 42. Creating and deleting groups To create a group: To delete a group: To add a user to a group:
  43. 43. User profiles By default, all new home directories are accessible by everyone.You can enforce non-default access rights to new home directories by editing /etc/ adduser.conf: The contents of this directory are modeled after the contents of /etc/skel.
  44. 44. Password policy You can enforce strong user passwords by editing the password policy file /etc/pam.d/common-password. For example, to enforce a password with minimum 6 characters, edit the password line to look like this:
  45. 45. Password expiration To see the password expiry value for a user, use the “chage” command: The chage tool is for changing password expiration date. To make changes:
  46. 46. File system
  47. 47. File system A filesystem is responsible for managing data stored on a non-volatile storage device like hard disks, USB drives, DVDs etc. Most linux distros, including Ubuntu, use ext3 (“third extended filesystem”). Ubuntu 9.04 introduces experimental support for ext4.
  48. 48. Ext3 A journaling filesystem: logs changes in a journal to increase reliability in case of power failure or system crash.
  49. 49. Ext3 Not as fast as others, like JFS, ReiserFS and XFS, but wins in CPU utilization, reliability, and testing base.
  50. 50. Ext3 file limits ^ 8 KiB block size is only available on architectures which allow 8 KiB pages, such as Alpha.
  51. 51. Ext3 levels of journaling ❖Journal ❖Lowest risk, slowest ❖Metadata and files are written to the journal before being committed. ❖Ordered (default) ❖Medium risk, medium speed ❖Metadata are written to the journal only - ext3 guarantees file contents are written to disk before marked as committed in the journal. Beware of “intermediate state” problem! ❖Writeback ❖Highest risk, fastest ❖Metadata written in journal, no guarantee for file contents.
  52. 52. Ext4 ❖Adds 64-bit storage limits. ❖Volumes up to 1 exabyte. Files up to 16 terabytes. ❖Improved large file performence and reduced fragmentation. ❖Backwards compatible with ext2 and 3. ❖Journal cheksumming (not present in ext3). ❖Online defragmentation. ❖Timestamps in nanoseconds.
  53. 53. Files and directories Filesystems store data in files and directories. Filesystems are stored in disk partitions. You can configure partitions any way you like, but something like this is advisable:
  54. 54. fstab: static fs info fstab is a text file that contains filesystem information
  55. 55. df: Partition utilization df stands for “disk free”
  56. 56. Mount points The mount command attaches a filesystem to a mount point Remount /usr in read only: Mount all fs in /etc/fstab:
  57. 57. File & directory commands Command Description ls Lists the contents of a directory cd Change directory mkdir Create directory rmdir Remove directory cp Copy file mv Move file rm Remove file pwd Print the present working directory file Print the presumed type of a file chmod Change the permission attributes of a file
  58. 58. Repartitioning a live system Vodcast: Repartitioning a live system http://blog.futureshock-ed.com/2009/06/ repartitioning-live-ubuntu-linux-hard.html
  59. 59. Networking
  60. 60. Networking Most networking is configured by editing two files: ❖/etc/network/interfaces ❖Ethernet, TCP/IP, bridging ❖/etc/resolv.conf ❖DNS Other networking files: ❖/etc/hosts ❖/etc/dhcp3/dhcpd.conf
  61. 61. /etc/network/interfaces Typical default contents: Directive Description Indicates the device should be setup at boot auto time. lo Loopback interface. iface “Interface”. Ethernet device 0, typically the primary eth0 network adaptor. Indicates network adaptor has an IPv4 inet address space. Network adaptor gets its configuration from dhcp a DHCP server.
  62. 62. /etc/network/interfaces Good practice: fix your server’s IP address. Directive Description Indicates the adaptor uses fixed IP static configuration. address The IP address of the host. netmask Network subnet mask. gateway Gateway address. network The network portion of the IP address. nameserver The IP of a DNS. For static interfaces, you may also need to edit /etc/resolv.conf to specify DNS servers.
  63. 63. /etc/hosts Ubuntu refers to this file to resolve host names before contacting a DNS. Good for frequently used hostnames, or internal network hosts.
  64. 64. Network useful commands Command Description ping Test that an internet host is reachable. ifconfig Administer a TCP/IP network interface. sudo /etc/init.d/ stop, start, restart as arguments; controls networking network status. Examine and configure the host’s routing route table.
  65. 65. Backup
  66. 66. Backup “Failing to plan is planning to fail” It is a matter of time before you experience system failure on your server. When that happens, it is nice to have a backup.
  67. 67. What is a backup? ... to keep multiple historical versions of your data going back far enough in time to enable recovery from a small or big disaster.
  68. 68. Types of backup ❖Full - Backup the complete data set ❖Incremental - Backup only changes since last backup Periodic backup ❖Daily - Hold for the short term ❖Weekly - Hold for the medium term ❖Monthly - Hold for the long term
  69. 69. Backup using a shell script #!/bin/sh #################################### # # Backup to NFS mount script. This script rotates # #################################### through 7 backups # What to backup. backup_files="/home /var/spool/mail /etc /root /boot /opt" # Where to backup to. - one for each day. dest="/mnt/backup" # Create archive filename. day=$(date +%A) hostname=$(hostname -s) archive_file="$hostname-$day.tgz" # Print start status message. echo "Backing up $backup_files to $dest/$archive_file" date echo A modification can # Backup the files using tar. tar czf $dest/$archive_file $backup_files allow for rotation # Print end status message. echo echo "Backup finished" of daily, weekly, and date # Long listing of files in $dest to check file sizes. monthly backups. ls -lh $dest
  70. 70. Automating with cron Cron is used to schedule the execution of scripts. We will look at it in more detail later. To enter the cron job editor To run the backup script every # m h dom mon dow command day of every month of every 0 0 * * * bash /usr/local/bin/backup.sh year, at midnight
  71. 71. Restoring Use tar to test the integrity of an archive, or to extract its contents. To list the contents of the archive To extract a file from the archive To extract the full contents of the archive
  72. 72. ...or, specialised backup utilities Such as Bacula, still open-source.
  73. 73. Server software
  74. 74. Servers, servers, servers Most useful work on a server is done by some kind of server software: ❖Web (i.e. Apache) ❖Database (MySQL) ❖Application (LAMP - i.e Moin Moin) ❖FTP (i.e. vsftpd) ❖Network File System ❖Email (i.e. Postfix) ❖Etc.
  75. 75. Web servers
  76. 76. Web server Lot’s of choices for open source web servers. ❖Apache ❖LightTPD (YouTube, Meebo, Wikipedia) ❖Nginx ❖Roxen
  77. 77. Apache: history and Apache has been around for ever (at least since the begining of the known time, when the web was invented): ❖powers 100 million websites (early 2009), over 46% of total ❖Most popular web server since 1996 ❖Lineage going back to NCSA HTTPd ❖Comprehensive set of features - you want it, it has it.
  78. 78. Installing Apache Apache is installed in /etc/apache2.
  79. 79. Installing Apache Apache is installed in /etc/apache2. File/Directory Description apache2.conf The main Apache2 configuration file. Contains settings that are global to Apache2. Contains configuration files which apply globally to Apache. Other packages that use Apache2 to serve content conf.d may add files, or symlinks, to this directory. envars File where Apache2 environment variables are set. Historically the main Apache2 configuration file, named after the httpd daemon.The file httpd.conf can be used for user specific configuration options that globally effect Apache2. mods-available This directory contains configuration files to both load modules and configure them. mods-enabled Holds symlinks to the files in /etc/apache2/mods-available. ports.conf Houses the directives that determine which TCP ports Apache2 is listening on. This directory has configuration files for Apache Virtual Hosts.Virtual Hosts allow sites-available Apache2 to be configured for multiple sites that have separate configurations. Like mods-enabled, sites-enabled contains symlinks to the /etc/apache2/sites-available directory. Similarly when a sites-enabled configuration file in sites-available is symlinked it will beactive once Apache is restarted.
  80. 80. Works immediately
  81. 81. /etc/apache2/sites- available/site_name
  82. 82. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost>
  83. 83. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www Port number of site <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost>
  84. 84. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www Port number of site <Directory /> Options FollowSymLinks AllowOverride None </Directory> Email of webmaster <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost>
  85. 85. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www Port number of site <Directory /> Options FollowSymLinks AllowOverride None </Directory> Email of webmaster <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Root directory of site files Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost>
  86. 86. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www Port number of site <Directory /> Options FollowSymLinks AllowOverride None </Directory> Email of webmaster <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Root directory of site files Order allow,deny allow from all </Directory> Static files block ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost>
  87. 87. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www Port number of site <Directory /> Options FollowSymLinks AllowOverride None </Directory> Email of webmaster <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Root directory of site files Order allow,deny allow from all </Directory> Static files block ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Static files block Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost>
  88. 88. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www Port number of site <Directory /> Options FollowSymLinks AllowOverride None </Directory> Email of webmaster <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Root directory of site files Order allow,deny allow from all </Directory> Static files block ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Static files block Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log Error log file # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost>
  89. 89. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www Port number of site <Directory /> Options FollowSymLinks AllowOverride None </Directory> Email of webmaster <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Root directory of site files Order allow,deny allow from all </Directory> Static files block ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Static files block Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log Error log file # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn Access log file CustomLog /var/log/apache2/access.log combined </VirtualHost>
  90. 90. Multiple sites Apache supports multiple sites on the same machine. Assign sites by port number, sub-domain, directory name, or any combination of the above. After any configuration changes, restart Apache
  91. 91. Modules There are many modules that provide additional functionality. These modules can be installed and loaded dynamically. Installs the MySQL authentication module Enables the new module and restarts apache
  92. 92. Apache: depth and breadth
  93. 93. Databases
  94. 94. Database server: mySQL “The world’s most popular open-source database”* *http://www.mysql.com/ Yahoo, Google, Alcatel, Nokia, Youtube 25% market share (EDC research)
  95. 95. MySQL features ❖Cross-platform compatible ❖Libraries for all major ❖Selection of storage engines programming languages (innoDB, Berkeley, etc.) ❖Many administration ❖Replication choices, command line, web- ❖ACID compliance with based, GUIs innoDB, DBD, Cluster engines. ❖Stored procedures ❖Full-text indexing ❖Triggers ❖Open-source! ❖Cursors
  96. 96. Mysql installation Installs the MySQL authentication module After installation, check mysql deamon is running To restart: To configure:
  97. 97. Create a new database and user Log on as root (asks for mysql -u root -p password): Create a new database: create database myDB; grant all privileges on myDB.* to Create a new user for the new ‘newuser’@‘localhost’identified by database: ‘newpassword’with grant option; To verify this worked, exit and exit; logon as the new user (no error mysql -u newuser -p #asks for password messages mean all good): use myDB;
  98. 98. LAMP
  99. 99. LAMP Linux A popular configuration for Apache Linux servers. MySQL Php LAMP applications are packaged in a way that makes it easy to install and manage.
  100. 100. LAMP example: Moin Moin Moin Moin is a Python-based wiki engine. Install Moin Moin (expects Apache 2 already installed): cd /usr/share/moin Prepare the Moin Moin sudo mkdir mywiki directory: sudo cp -R data mywiki sudo cp -R underlay mywiki sudo cp server/moin.cgi mywiki sudo chown -R www-data.www-data mywiki sudo chmod -R ug+rwX mywiki sudo chmod -R o-rwx mywiki
  101. 101. Configure Moin Moin Edit /etc/moin/mywiki.py data_dir = '/usr/share/moin/mywiki/data' data_underlay_dir='/usr/share/moin/mywiki/ In the next line, insert: underlay' ### moin ScriptAlias /mywiki "/usr/share/moin/mywiki/moin.cgi" Configure Apache; add the alias /moin_static181 "/usr/share/moin/htdocs" following lines in /etc/apache2/ <Directory /usr/share/moin/htdocs> sites-available/default file inside the Order allow,deny allow from all “<VirtualHost *>” tag: </Directory> ### end moin Restart: sudo /etc/init.d/mysql restart
  102. 102. Test it... Browse to http://localhost/mywiki
  103. 103. FTP
  104. 104. FTP A simple way to transfer files between computers. Many open source FTP servers available on Linux: ❖ vsftp ❖ Filezilla ❖ Pure-ftpd ❖ NASLite ❖ wu-ftpd ❖ etc.
  105. 105. Install vsftp “Probably the most secure and fastest FTP server for UNIX-like systems.” http://vsftpd.beasts.org/ Install it:
  106. 106. Install vsftp “Probably the most secure and fastest FTP server for UNIX-like systems.” http://vsftpd.beasts.org/ Install it: Put your files here to make them available to FTP clients
  107. 107. Connect to the FTP server
  108. 108. Connect to the FTP server Anonymous connection
  109. 109. Connect to the FTP server Anonymous connection Download to local machine
  110. 110. Connect to the FTP server Anonymous connection Download to local machine Download completed
  111. 111. Secure FTP Edit /etc/vsftpd.conf: Now vsftpd will ask for the user’s password and will start at their home directories.
  112. 112. NFS Allows for server files and directories to be available to remote clients as if they were local. Install it:
  113. 113. NFS Allows for server files and directories to be available to remote clients as if they were local. Install it: Set directories to be exported here:
  114. 114. Export a directory
  115. 115. Export a directory Export the /home directory to client with IP 192.168.178.20: Connect to the NSF export: Use as if it is local
  116. 116. Email
  117. 117. Email services: Postfix The default Mail Transfer Agent (MTA) for Ubuntu Rich set of features: ❖Protocols: ❖Address masquarading ❖SMTP ❖Junk mail control ❖Databases: ❖Selective address rewritting ❖DKIM ❖VERP envelope return ❖DSN status ❖Berkley ❖CDB address ❖ETRN ❖IPv6 ❖LDAP ❖SASL authentication ❖MySQL ❖TLS encryption/authoentication ❖PostgreSQL ❖QMQP ❖Mailbox and Maildir formats ❖Virtual domains
  118. 118. Postfix installation Install it: The configuration screens will come up as part of the installation. To reconfigure at a later time: Or, you can edit the Postfix configuration file /etc/ postfix/main.cf. After editing, restart: Install it:
  119. 119. Postfix configuration Check sources such as Sample values: these for details on ❖Internet Site configuration: ❖mail.example.com ❖http://flurdy.com/docs/postfix/ ❖peter ❖http://ubuntuforums.org/ showthread.php?t=780509 ❖mail.example.com, ❖http://en.wikipedia.org/wiki/ localhost.localdomain, localhost Email#Workings ❖No ❖127.0.0.0/8 [::ffff:127.0.0.0]/104 [:: 1]/128 192.168.0/24 ❖0 ❖+ ❖all
  120. 120. SMTP authentication Allows a client to identify itself. Once authenticated, the SMTP server will allow the client to relay mail. Configuration for SMTP-AUTH is done with the Dovecot package: Install it: In production, you will need to configure the SSL certificate and key to be used with authentication and encryption.
  121. 121. Test by sending yourself an email Install nail, a command line emailer:
  122. 122. Firewall
  123. 123. Firewall The Linux kernel includes the Netfilter subsystem: controls network traffic in/out your server. Linux firewalls utilise Netfilter. The administrator tells Netfilter how to treat data packets by configuring rules in iptables, a configuration file. In Ubuntu, we use ufw as a configuration tool for iptables.
  124. 124. ufw “the friendly way to create a firewall” ufw: Ucomplicated firewall Install ufw: Enable ufw and restart the server to take effect: You will not be able to restore the SSH connection until you or configure ufw to allow SSH traffic:
  125. 125. ufw, examples of rules Delete a rule: Allow access from a host to port 22 of any IP address on this host: Allow all HTTP traffic: Use --dry-run to show the rule corresponding to a directive:
  126. 126. ufw, examples of rules Disable the firewall: See status: See detailed status: Application integration, predefined rules. Apply like this “sudo ufw allow Postfix” and “sudo ufw app info Postfix” to view rule details:
  127. 127. Software management
  128. 128. Package management Over 24,000 software packages for Ubuntu. It is a good idea to use a package manager to maintain those installed on your server.: ❖Install ❖Remove ❖Resolve dependencies ❖Compile ❖Upgrade Ubuntu is supported by apt-get, aptitude. Most packages are supported by both, so your choice.
  129. 129. apt A collection of tools, not a single tool. apt-get is the most important tool. Used for tasks like: ❖Update the index files from their source ❖Upgrade all installed packages ❖Install a package ❖Remove installed package ❖Source code fetching ❖Build dependencies ❖Checks for broken dependencies ❖Clean the local repository ❖Autoclean only files in the local repository that can no longer be downloaded and are considered useless.
  130. 130. Using apt-get Already installed, ready to use. Install a package named “nmap”: Remove a package named “nmap”: Update the apt index (the repositories are listed in /etc/apt/ sources.list): Upgrade all packages installed: All actions are recorded in /var/log/dpkg.log
  131. 131. Automatic updates The “unattended-upgrades” package can automatically install updated packages. Install it: Define the type of upgrades in / etc/apt/apt.conf.d/50unattended- upgrades All actions are recorded in /var/log/unattended- upgrades
  132. 132. Windows connectivity
  133. 133. Windows connectivity Works as: ❖File server ❖Printer server (including PDF) ❖Domain controller in Windows networks ❖Authentication ... for Windows clients
  134. 134. Samba installation For Windows XP and later clients, there is nothing to install. For the Linux server: Install Samba:
  135. 135. Samba configuration To define a share (in this example, the home folders), edit the /etc/samba/smb.cnf file: [homes] Make home directories shared, comment = Home Directories browseable = yes browsable, read-write: read only =no create mask = 0775 directory mask = 0775 valid users = %S Define the password for a share user: Reload Samba configuration:
  136. 136. Access share from Windows
  137. 137. Other Samba capabilities We just saw the most basic capability of Samba. Other things you can do: ❖Sharing CUPS printers ❖Various security issues ❖Active Directory integration, including Kerberos authentication ❖Database integration for user information ❖LDAP integration ❖Domain controller or client ❖WINS ❖Remote and local management
  138. 138. Scheduling
  139. 139. Scheduling with cron Cron is the standard job scheduler for Unix. Cron stands for “cronograph”. Every user can specify scripts or programs to run at specific time intervals in a text file called “crontab”.
  140. 140. Example crontab file Access/edit crontab file: Schedule Redirect output Script to run
  141. 141. Example crontab file Access/edit crontab file: Schedule Redirect output Script to run
  142. 142. Example crontab file Access/edit crontab file: Schedule Redirect output Script to run
  143. 143. cron job definition * * * * * command to execute
  144. 144. cron job definition * * * * * command to execute
  145. 145. cron job definition * * * * * command to execute
  146. 146. cron job definition * * * * * command to execute
  147. 147. cron job definition * * * * * command to execute
  148. 148. cron job definition * * * * * command to execute
  149. 149. cron shortcuts Entry Description Equivalent
  150. 150. Web-based administration
  151. 151. Webmin: web based server Open source interface for system administration based on modules: ❖User management ❖Apache ❖MySQL ❖OpenSSH ❖DNS ❖File sharing ❖etc.
  152. 152. Webmin installation and configuration sudo apt-get install perl5 libnet-ssleay-perl sudo apt-get install wget Get required libraries, webmin wget http://prdownloads.sourceforge.net/ archive, and run the setup utility. webadmin/webmin-1.480.tar.gz You can safely accept all setup script defaults. tar xzvf webmin-1.480.tar.gz cd webmin-1.480 sudo ./setup.sh
  153. 153. Access Webmin https://serverIP:10000 Webmin modules Statistics
  154. 154. Access Webmin https://serverIP:10000 Webmin modules Statistics
  155. 155. Access Webmin https://serverIP:10000 Webmin modules Statistics
  156. 156. Access Webmin https://serverIP:10000 Webmin modules Statistics
  157. 157. Vim
  158. 158. Vim: universal Unix editor
  159. 159. Vim and vi Vim is an improved version of vi, the stock-standard text editor for Unix and Linux systems. Install vim start vim Use commands expressed by keystrokes to control vim (see cheat sheet in next slide).
  160. 160. Vim cheat sheet
  161. 161. Go on and build your server. Notes and videos available at http:// blog.futureshock-ed.com. A discussion group available at http:// groups.google.com/group/linux-alumni Have fun and stay in touch!

×