• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
LINUX Admin Quick Reference
 

LINUX Admin Quick Reference

on

  • 1,296 views

 

Statistics

Views

Total Views
1,296
Views on SlideShare
1,278
Embed Views
18

Actions

Likes
0
Downloads
41
Comments
0

2 Embeds 18

http://gtconsultants.org 17
http://linuxinternetworks.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    LINUX Admin Quick Reference LINUX Admin Quick Reference Presentation Transcript

    • boot and the name is read from these files. HOSTNAME=hostname.domain.com LINUX Admin Quick Reference /etc/NETWORKING (Slackware) May change manually. Jialong He Jialong_he@bigfoot.com /etc/sysconfig/network NFS File Sharing http://www.bigfoot.com/~jialong_he (Redhat) Files specify name server, DNS domain and User Management search order. For Example: /etc/fstab file systems mounted during boot. etc/resolv.conf search la.asu.edu Files nameserver 129.219.17.200 /etc/exports NFS server export list. /etc/group /etc/auto.master auto mount master file. /etc/hosts host name to IP mapping file. /etc/passwd User account information. /etc/shadow host name information look up order. Commands Example: /etc/bashrc /etc/host.conf mount mount a file system or all entries in fstab. order hosts, bind /etc/profile bash system wide and per user init files. multi on exportfs export file system listed in exports $HOME/.bashrc $HOME/.bash_profile /etc/nsswitch.conf new way to specify information source. showmount –e show file systems exported hostname /etc/csh.cshrc /etc/networks /etc/csh.login /etc/protocols TCP/IP services and ports mapping. $HOME/.cshrc tcsh system wide and per user init files. /etc/services Printer Configuration $HOME/.tcshrc /etc/rpc RPC service name to their program numbers $HOME/.login mapping. Files /etc/skel template files for new users. /etc/printcap Commands Printer capabilities data base. /etc/default default for certain commands. /etc/printcap.local netconfig menu driven Ethernet setup program. /etc/redhat-release Redhat/Slackware version info (Linux kernel /etc/lpd.conf LPRng configuration file. /etc/slackware-version version with “uname –a”) pppsetup setup PPP connection (Slackware). permissions control file for the LPRng line /etc/lpd.perms printer spooler setup Ethernet during boot, for example Commands /etc/hosts.lpd Access control (BSD lpd). script to create an new user interactively /sbin/ifconfig eth0 ${IPADDR} broadcast adduser (slackware) or link to useradd (Redhat). ${BROADCAST} netmask ${NETMASK} /etc/hosts.equiv trusted hosts. useradd, userdel, create, delete, modify an new user or update ifconfig PRINTER Environment variable of default printer. /sbin/route add -net ${NETWORK} netmask usermod default new user information.. ${NETMASK} eth0 /dev/lp0 parallel port. newusers update and create new users (batch mode). /sbin/route add default gw ${GATEWAY} netmask Commands groupadd, groupdel, add, delete or modify group. 0.0.0.0 metric 1 groupmod line printer control program, print queue lpc, lpq, lprm maintain host lookup host name or IP (similar to nslookup). modify account policy (password length, expire data etc.) or finger information (full dnsdomainname show DNS domain name. chage. ch fn, chsh name, phone number etc.) change default login arping; arp find out Ethernet address by first arping then arp. Sendmail shell. ipchains firewall and NAT (/etc/sysconfig/ipchains on Redhat) Files gain root access during boot prompt without linux init=/bin/sh rw iptables firewall and NAT (/etc/sysconfig/iptables on Redhat) password, can be used to fix some problems. “sendmail.cf” is the configuration file. “sendmail.mc” is mount –w -n –o remount / sendmail.cf a macro file which can be used to generate “sendmail.cf” sendmail.mc by: m4 sendmail.mc > sendmail.cf Redhat files in /etc/sysconfig mail aliases, must run “newaliases” after change. use Network Configuration Configuration Files aliases :include: to include external list in a file. Files keyboard map, e.g., mail access control, FEATURE(access_db) should be set keyboard KEYBOARD=”/usr/lib/kdb/keytables/us.map” in sendmail.mc. For example, in /etc/mail/access /etc/rc.d/rc.inet1 (Slackware) IP address, Network mask, Default gateway cyberpromo.com REJECT Mouse type, e.g., /etc/sysconfig/nework- are in these files. May edit manually to access mydomain.com RELAY mouse MOUSETYPE=Microsoft spam@somewhere.com DISCARD scripts/ifcfg-eth0 (Redhat) modify network parameters. XEMU3=yes network settings, contains makemap hash /etc/mail/access < /etc/mail/access /etc/HOSTNAME hostname is set by “/bin/hostname” during network NETWORKING=yes /etc/mail/relay- list all host/domain accepted for relaying.
    • domains Manage Modules crontab show or edit cron jobs. Commands sys-unconfig unconfigure system insmod, lsmod, modinfo, modprobe, rmmod, Manage loadable modules. chkconfig --list list services started at different run level. newaliases rebuild the data base for the mail aliases file. depmod probe for new hardware (Redhat). build access database, e.g, kudzu makemap rpm -i INSTALL a package makemap hash access.db<access Miscellaneous rpm rpm -e UNINSTALL a package rpm -q QUERY a package Useful Configuration Files Files rpm -U UPDATE a package Files /etc/shells allowed login shells save a man page as a text file and remove control man cmd | col –b characters. /etc/ftpusers user names NOT allowed to use ftp. >cmd.txt httpd.conf Apache web server configuration file. /etc/host.allow smb.conf Samba server (file and print for Windows). /etc/host.deny TCP wrapper host control files. Configure Apache 2.0 with SSL lilo.conf LILO boot loder configuration file. mod_ssl /etc/sysconfig contains system configuration files. syslog.conf System log daemon (syslogd) configuration. (redhat) (1) when compile apache, specify –enable-ssl for configure script. ssh_config SSH client and server configuration files. /dev/fd0 floppy drive A By default, ssl is not enabled. After compiling, use “httpd –l” sshd_config to list the modules. “mod_ssl” should be in them. /etc/inittab system run level control file. (2) generate private key with command: ld.so.conf default dynamic library search path (run /etc/init.d openssl genrsa -out server.key 1024 ldconfig). mtool configuration file (access DOS file). Commands (3) generate certificate request mtools.conf fromdos, todos openssl req -new -key server.key -out server.csr named.conf DNS name server (BIND). (Slackware) sysctl.conf kernel parameters by sysctl (Redhat). dos2unix, convert text file from/to linux format. (4) generate self-signed certificate unix2dos openssl x509 -req -days 60 -in server.csr -signkey server.key -out ntp.conf net time server. server.crt (Redhat) inetd.conf Internet super server. pwck, grpck verify integrity of password and group files. (5) modify “ssl.conf” which is included in “httpd.conf”. Note, Xinetd.conf, Xinet.d Extended inetd configuration. specify “httpd –DSSL”, otherwise, commented out <IfDefine SSL> pwconv, directory in ssl.conf. pwunconv, convert to and from shadow passwords and groups. proftpd.conf proftpd FTP server. grpconv, amanda.conf network backup server. grpuncov shadowconfig toggle shadow passwords on and off. Syslog.conf /etc/pine.conf PINE mail client system wide settings. /etc/pine.conf.fixed quota, Each line consists of a selector and an action. A selector has two parts: edquota, facilities and priorites, separated by a period (.),You may precede every quotacheck, priority with an equation sign (``='') to specify only this single priority Manage disk quota. Rebuild Kernel quotaon, and not any of the above. You may also (both is valid, too) precede the quotaoff, priority with an exclamation mark (``!'') to ignore all that priorities, either Configure Kernel Parameters repquota, exact this one or this and any higher priority. make config Configuring the kernel with interactive, menu lilo -D dos set LILO default OS (default=dos in lilo.conf) Example: make menuconfig mail.notice /var/log/mail # log to a file or X window interface. ldd find out shared library dependencies. *.emerg @myhost.mydomain.org # log to remote host make xconfig lsof list opened files. Compile Kernel Source auth, auth-priv, cron, daemon, kern, lpr, mail, mark, fuser filename show processes that using the file. facilities news, syslog, user, uucp, local0 – local7. make dep ifdown bring up/down a network interface (Redhat) make zImage priorities debug, info, notice, warning, err, crit, alert, emerg. Building and installing a new kernel. ifup make zdisk make zlilo sysctl configure kernel parameters (Redhat). Regular File: action File with full pathname beginning with “/”. make bzImage list opened socked. socklist Compile Modules Terminal and Console: shutdown [–r|h] Specify a tty, same with /dev/console. now reboot / halt computer make modules Building and installing modules. Remote Machine: make modules_install @myhost.mydomain.org nmap scan a host for opened ports.
    • IPtables (Netfilter) -insert | -I Inserts a rule in a chain at a particular point. X Window (XFree86) Command Syntax Other commands: Files (1) --new | -N (2) --delete | -D (3) --replace | -D (4) --zero | -Z To set screen resolution, in “Screen” section and Subsection “Display”, iptables [-t <table >] <command > <chain > <parameters> (5) –check | -C (6) delete-chain | -X (7) rename-chain | -E specify a mode. For example: Modes “1024x768” Save and Restore rules /sbin/iptables-save > /etc/sysconfig/iptables Parameters To specify screen refresh rate, in “Monitor” section, specify vertical rate. /sbin/iptables-restore < /etc/sysconfig/iptables For example: VertRefresh 70-120 --proto | -p [!] name protocol: by number or name, including tcp, Firewall script sample udp, icmp or all. /etc/X11/xinit/xinitrc clients to run after X server started http://tiger.la.asu.edu/iptables_examples.htm $HOME/.xinitrc --source | -s [!] addr/mask source IP address. /etc/X11/fs/config configure X11 font path (font server). Build-in Table --destination | -d addr/mask destination IP address. filter This is the default table for handling network packets. Build- --in-interface | -i incoming interface name, e.g. eth0 or ppp0. Commands in chains are: outgoing interface name. startx start X window system. --out-interface | -o 1. INPUT — This chain applies to packets received via a network interface. --jump | -j jump to a particular target when matching a Xconfigurator 2. OUTPUT — This chain applies to packets sent rule. Standard options: ACCEPT, DROP, (Redhat) out via the same network interface which received QUEUE, RETURN, REJECT. May jump xfree86setup setup X server and generate XF86config. the packets. to a user defined chain. (Slackware) 3. FORWARD — This chain applies to packets xf86config --fragment | -f match second or further fragments only. received on one network interface and sent out on XFreee86 auto configuration (Plug-n-Play), XFree86 -configure Options for TCP and UDP protocol another. generate a template named “XF86Config.new” nat This table used to alter packets that create a new connection. Ctrl+Alt+Del stop X server (on some system Ctrl+Alt+ESC). Build-in chains: --sport | --source-port source and/or destination port. Can specify a 1. PREROUTING — This chain alters packets Ctrl+Alt+F1 F1 temporary switch to text mode, F7 switch --dport | destination-port range like 0:65535, use exclamation back to graphic mode. received via a network interface when they arrive. Ctrl+Alt+F7 character (!) to NOT match ports. 2. OUTPUT — This chain alters locally -generated SuperProbe detect graphic hardware. packets before they are routed via a network interface. Options for TCP only xvidtune adjust X server origin and size. 3. POSTROUTING — This chain alters packets --syn Match SYN packets. xmodmap modifying key map and mouse button map. before they are sent out via a network interface. xhost server access control program for X. ## Masquerade everything out ppp0. --tcp-flags Match TCP packets with specific bits set. For example, -p iptables -t nat -A POSTROUTING -o ppp0 -j tcp –tcp-flags ACK,FIN,SYN SYN will only match TCP xsetroot root window parameter setting utility for X. MASQUERADE packets that have the SYN flag set and the ACK and FIN flags unset. xlsfonts server font list displayer for X. ## Change source addresses to 1.2.3.4. xset ser preference utility for X. iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to Options for ICMP only 1.2.3.4 --icmp-type [!] type Match specified ICMP type. Valid ICMP type can be XF86Config mangle This table is used for specific types of packet alteration. list by Build-in chains: iptables –p icmp -h 1. PREROUTING — This chain alters packets Option for state module (-m state --state) received via a network interface before they are routed. 2. OUTPUT — This chain alters locally-generated The matching packet is associated with other ESTABLISHED packets before they are routed via a network packets in an established connection. interface. RELATED The matching packet is starting a new connection Commands related in some way to an existing connection. NEW The matching packet is either creating a new --flush | -F Flush (delete) rules in the selected chain. connection or is part of a two-way connection not previously seen. --policy | -P Set default policy for a particular chain. List all rules in filter table, use [–t tablename] to INVALID The matching packet cannot be tied to a known --list | -L specify other tables. connection. --append | -A A appends a rule to the end of the specified chain.
    • XFree86 uses a configuration file called XF86Config for its initial setup. Option "OffTime" "time" EXAMPLE This file is normally located in “/etc/X11” or “/etc” directory. The Sets the inactivity timeout for the "off" phase of DPMS mode, default 40 Section "InputDevice" XF86Config file is composed of a number of sections which may be min. Identifier "Generic Keyboard" present in any order. Each section has the form: Driver "keyboard" Option "DefaultServerLayout" "layout_id" Option "AutoRepeat" "500 30" Specify the default ServerLayout section to use. Default is the first Section "SectionName" Option "CoreKeyboard" ServerLayout section. SectionEntry EndSection ... EXAMPLE EndSection Section "ServerFlags" Section "InputDevice" Option "BlankTime" "99999" Identifier "PS2 Mouse" The graphics boards are described in the Device sections, and the monitors Option "StandbyTime" "99999" Driver "mouse" are described in the Monitor sections. They are bound toget her by a Screen Option "SuspendTime" "99999" Option "CorePointer" section. Keyboard and Mouse are described in InputDevice sections, Option "OffTime" "99999" Option "Device" "/dev/mouse" although Keyboard and Pointer are still recognized. ServerLayout section EndSection Option "Protocol" "PS/2" is at the highest level and bind together the InputDevice and Screen Option "Emulate3Buttons" "true" sections. EndSection Module Section A special keyword called Option may be used to provide free-form data to various components of the server. The Option keyword takes either one or Load "modulename" two string arguments. The first is the option name, and the optional second Load a module. The module name given should be the module's standard Device Section argument is the option value. All Option values must be enclosed in quotes. name, not the module file name. Specifies information about the video card used by the system. You must EXAMPLE have at least one Device section in your configuration file. The active device File Section Section "Module" is in ServerLayout->Screen. FontPath "path" Load "extmod" Identifier Font path elements may be either absolute directory paths, or a font server Load "type1" Specify an unique name for this graphics card. identifier EndSection Driver RGBPath "path" Specify the name of the driver to use for this graphics card. Sets the path name for the RGB color database. InputDevice Section EXAMPLE ModulePath "path" Section "Device" Allows you to set up multiple directories to use for storing modules loaded There are normally at least two InputDevice sections, one for Keyboard and Identifier "ATI Mach64" by the XFree86 server. one for Mouse. VendorName "ATI MACH64" EXAMPLE Identifier VideoRam 2048 Section "Files" Specify an unique name for this input device. EndSection RgbPath "/usr/X11R6/lib/X11/rgb" FontPath "unix/:7100" Drive r Specify the name of the driver to use for this input device.. EndSection Monitor Section Option "CorePointer" Serverflags Section This input device is installed as the primary pointer device. Monitor section describes a monitor. There must be at least one monitor section and the active one is used in ServerLayout ->Screen. Option "DontZap" "boolean" Option "CoreKeyboard" Disable use Ctrl+Alt+Backspace to termin ate X server. This input device is the primary Keyboard. Identifier Specify an unique name for this monitor. Option "DontZoom" "boolean" Disable use ‘Ctrl+Alt +Keypad +’ and ‘Ctrl+Alt +Keypad -’ to switch video HorizSync horizsync-range mode. Gives the range(s) of horizontal sync frequencies of this monitor in kHz. Option "BlankTime" "time" VertRefresh vertrefresh-range Sets the inactivity timeout for the blanking phase of the screensaver in Gives the range(s) of vertical sync frequencies of this monitor in Hz. minutes. Default 10 min. EXAMPLE Option "StandbyTime" "time" Section "Monitor" Sets the inactivity timeout for the "standby" phase of DPMS mode in Identifier "Generic Monitor " minutes. Default 20 min. VendorName "Monitor Vendor" ModelName "Monitor Model" Option "SuspendTime" "time" HorizSync 31.5-56.6 Sets the inactivity timeout for the "suspend" phase of DPMS mode, default VertRefresh 40-70 30 min. EndSection
    • Screen Section Identifier An unique name for this ServerLayout Section. Screen Section binds Device and Monitor sections. There must be at least one Screen Section. The active one is in ServerLayout section. Screen screen-num "screen-id" position-information The screen-id field is mandatory, and specifies the Screen section being Identifier referenced. Specify an unique name for this Screen Section. InputDevice "idev-id" "option" ... Device "device-id" Normally at least two are required, one for the core pointer and the other for This specifies the Identifier of Device section to be used for this screen. the primary keyboard devices. Monitor "monitor-id" EXAMPLE This specifies the Identifier of Monitor section to be used for this screen. Section "ServerLayout" Identifier "Default Layout" DefaultDepth depth Screen "My Screen" Default color depth, like 8, 16 or 24. InputDevice "Generic Keyboard" Option "Accel" InputDevice "PS/2 Mouse" Enables XAA (X Acceleration Architecture), default is ON. EndSection DISPLAY SUBSECTION Each Screen section must have at least one Display Subsection which matches the depth values in DefaultDepth. Depth depth This entry specifies what color depth of this Display Subsection. Virtual xdim ydim Specifies the virtual screen resolution to be used. ViewPort x0 y0 Sets the upper left corner of the initial display. Modes "mode-name" ... Secifies the list of video modes to use. Each mode-name specified must be in double quotes. They must correspond to those specified in the appropriate Monitor section (including implicitly referenced built -in ESA standard modes). mode can be switched with Ctrl+Alt+Keypad-Plus or Ctrl+Alt+Keypad-Minus. EXAMPLE Section "Screen" Identifier "My Screen” Device " ATI Mach64" Monitor " Generic Monitor" DefaultDepth 16 SubSection "Display" Depth 16 Modes "1024x768" "800x600" "640x480" EndSubSection SubSection "Display" Depth 24 Modes "1024x768" "800x600" "640x480" EndSubSection EndSection ServerLayout Section ServerLayout section binds a Screen section and one or more InputSection to form a complete configuration. The active ServerLayout section is specified in ServerFlags. If not, the first ServerLayout section is active. If no ServerLayout sections are present, the single active screen and two active (core) input devices are selected as described in the relevant sections.