RHCE administration ii book by Moamen Hany

RHCE
RHCE ~
Red Hat Certified Engineer
Red Hat Administration II Book Author :
Mo’men Hany ©
2012 Copyright © May 2012 ,
Engineer Mo’men Hany Mohamed

RH 135 - Red Hat Administration II
RHCE
N P
F
L
Welcome in
Copyright © May 2012 ,

RHCE
Contents
Copyright
Unit1:Introducation
Unit2:Startup and Shutdown
Unit3:System Administration Tools
Unit4:Packaging Tools
Unit5:File System
Unit6:Rescue Mode
Unit7:Partitioning and Disk Management
Unit8:Kernel
Unit9:Memory Management
Unit10:Sheduling
Unit11:Backup and Restore
Unit12:User Administration
Unit13:User Level Security
Unit14:Special Permission
N P
F
L
By Eng Mo’men Hany ©

Copyright
N P
F
L
The contents of this book are copyright © May 2012 ,
Engineer Mo’men Hany Mohamed.
Does not allow the amendment in this book , A free copy
of any one.
The Instructors also have the right to be assisted
in this book in their own explanations and labs.
Been used to create this book with Eng.M-Hany
Experience , IBM, red hat and general books.
Contact book owner : -
Mobil: (Egypt) +2 011 437 395 45
Email: IT.momenhany@hotmail.com
http://www.facebook.com/MomenHanyFP
By Eng Mo’men Hany ©

By Eng Mo’men Hany © Mobil: 01143739545 ^ Email: IT.momenhany@hotmail.com
RHCE
N P
F
L

Unit1:
Introduction
N P
F
L

Module Overview
o RHCSA Overview
o RHCE – Certified Engineer Overview
o Book Overview
o Copyright
o Course Requirements
N P
F
L

N P
F
L
RHCSA Overview
http://www.redhat.com/training/certifications/rhcsa/
RHCE Overview
http://www.redhat.com/training/certifications/rhce/
Book Overview
Copyright
Course Requirements

N P
F
LRed Hat Certified System Administrator — RHCSA
An RHCSA certification is earned when an IT professional demonstrates the core system administration
skills required in Red Hat® Enterprise Linux® environments.
Prerequisites
The RHCSA is Red Hat's core system administration certification and represents the common core of skills
every Red Hat Enterprise Linux system administrator should have. An IT professional that has earned an
RHCSA certification has demonstrated skills in areas of system administration common across a wide range
of environments and deployment scenarios.
An RHCSA is able to perform the following tasks:
• Understand and use essential tools for handling files, directories, command-line environments, and
documentation.
• Operate running systems, including booting into different run levels, identifying processes, starting and
stopping virtual machines, and controlling services.
• Configure local storage using partitions and logical volumes.
• Create and configure file systems and file system attributes, such as permissions, encryption, access
control lists, and network file systems.
• Deploy, configure, and maintain systems, including software installation, update, and core services.
• Manage users and groups, including use of a centralized directory for authentication.
• Manage security, including basic firewall and SELinux configuration.

N P
F
L

Unit2:
Startup and Shutdown
N P
F
L

Module Overview
o Describe the Linux startup flow
o Boot Linux in single-user mode
o Configure auto starting services
N P
F
L

N P
F
L
Linux Startup Flow

N P
F
L
Linux Startup Flow
Basic Input Output System
 Checks memory and hardware (POST)
 Loads options from nonvolatile memory
Memory timings
Order of boot devices
 Checks for boot devices
Floppy disks
CD-ROM
Hard disks
Loads Master Boot Record of boot device and executes it

N P
F
L
Linux Startup Flow
 Size: 512 bytes (first sector of hd)
 Addressed by BIOS
 Content:
 446 bytes program code (to boot an
operating system)
 64 bytes partition table with max. 4
entries
 2 bytes "magic number"

N P
F
L
Linux Startup Flow
Boot Loader
GRUB
Grand Unified Boot loader
LILO
Linux Loader
• LILO has no interactive command interface, whereas GRUB does.
• LILO does not support booting from a network, whereas GRUB does.
• LILO does not support Boot Encryption.
• GRUP support MD5 Encryption.

N P
F
L
Linux Startup Flow
Access Grub configuration File
# vi /boot/grub/grub.conf
Default=0  System number 0
Timeout=5  Wait for auto boot to default option
Splashimage=(hd0,0)/grub/splash.xpm.gz Sys logo
Title CentOS (2.6.18-92.el5)  System name
root (hd0,0)
kernel /vmlinuz-2.6.18-92.el5 ro root=LABEL=/ rhgb
quiet
initrd /initrd-2.6.18-92.el5.img

N P
F
L
Linux Startup Flow
init
• init is started by the kernel after the root fs is mounted
• init reads configuration file /etc/inittab
• Decides on default runlevel if no runlevel is given
• Runlevels have different meaning:
0: halt
1: single user mode
2: multiuser without NFS
3: full multiuser mode
4: unused
5: multiuser with graphical login
6: reboot
init will start all programs for that runlevel

N P
F
L
Boot Linux in single-user mode
init
Lab :
# init 0  shutdown system
# init 5  go to GUI
# init 3  Multi Mode
# init 6  reboot system
Login by 1 mode level
Restart System  edit in boot level (1)

N P
F
L
Boot Linux in single-user mode
init
# vi /etc/inittab
Id:5  Start level mode number

N P
F
L
Managing Service’s
# ls –l /etc/rc.d/rc3.d

N P
F
L
Configuring Services per Runlevel
# chkconfig --list
# chkconfig atd on
# chkconfig --level 35 atd on
# chkconfig --level 35 atd off
# chkconfig --list atd
# chkconfig --level 12356 atd reset
# chkconfig --level 12356 atd | grep :on
# chkconfig --level 12356 atd | grep :off
# chkconfig --del atd
# chkconfig --add atd

N P
F
L
Starting and Stopping Services Manually
# service atd restart
Stopping atd: [ OK ]
Starting atd: [ OK ]
# service atd stop
# service atd start
# service atd status
Or
# /etc/init.d/servicename (start,stop,restart,status)
# service --status-all

Unit3:
System Administration Tools
N P
F
L

Module Overview
o List the order of login scripts
o Discuss System Management tools
o Install and uninstall additional software
o Configure a printer
o Configure a Network and sound card
N P
F
L

N P
F
L
List the order of login scripts
Customizing User Environment
Bash Initialization
/etc/profile  Contain system administrator processes
$ HOME/.bash_profile  Contain User processes
$ HOME/.bash_login  Contain Login User Configuration
$ HOME/.profile
$ HOME/.bash_logout  Contain Logout User Configuration
$ HOME/.bash_history  Save all Command history.
$ HOME/.bashrc  Contain Alias Command
# cat .bash_history

N P
F
L
Discuss System Management tools
List setup command (TUI Tool)
# setup
List system-config-<tab> command (GUI Tool)
# system-config-<press tab>
GUI  System Administration

N P
F
L
Install and uninstall additional software
Adding/Removing Software Using RPM
Use rpm to install or upgrade software packages
Common options:
-i : installing new packages
-U : upgrading existing packages
-e : removing packages
-h : Shows a progress bar
$ rpm -ihv momenpro.i386.rpm
momenpro ###############....
$ rpm -Uhv momenpro.i386.rpm
momenpro ###############.....
$ rpm -e momenpro
RPM
Red hat Package Management

N P
F
L
You can Donwload any RPM pachage using Linux Tools such as , wget :
# wget <download link>
#wget http://www.download.org/rpmpackages/webmin.rpm
30% Webmin.rpm ###############.... 70kbp/s Total Size 16MB
Use rpm Command
# rpm –i packagename
# rpm –ivh packagename  install package with show information and progress
# rpm –Uvh Packagename  upgradeing with show info and progress
# rpm –q packagename  Quarry about packagename

N P
F
L
Install tar package and compressed file:
# tar –zxf packagename.tar.gz
 ( z ) for gzip
 ( x ) for tar package extension
 ( f ) for file

N P
F
L
X
Install and access webmin
To access webmin interface
http://localhost.localdomain:10000

N P
F
L
Configure a printer
To access Printer Manager Console
http://localhost:631
Add New Printer ?
Add New Class ?
Manage Permission ?
….

N P
F
L
Configure a Network and
Sound card
Configure Network Card :
# ifconfig  for show ethernet configuration in tur
# neat  for show ethernet configuration in GUI
# ifconfig eth0  select and edite in eth0
# system-config-network -()()()()()()-

N P
F
L
Configure a Network and
Sound card
Configure Sound card :
# system-config-soundcard
-GUI System Administration Sound card detection

Unit4:
Packaging Tools
N P
F
L

Module Overview
o Installing Package
o Describe the RPM build process
o Using wget tool
o Using YUM
N P
F
L

N P
F
L
Install tar package and compressed file:
# tar –zxf packagename.tar.gz
 ( z ) for gzip
 ( x ) for tar package extension
 ( f ) for file
Find Install ways in either files
Install
README

N P
F
L
Describe the RPM build process
# rpmbuild -ba /usr/src/redhat/SPECS/hello.spec
# rpmbuild -bb /usr/src/redhat/SPECS/hello.src
... tons of messages ...
Wrote /usr/src/redhat/RPMS/i386/hello-1.2-1.i386.rpm
Wrote /usr/src/redhat/SRPMS/hello.1.2-1.src.rpm
rpm -bp Will only execute the %prep stage
rpm -bc Will execute %prep and %build
rpm -bi Will execute %prep, %build and %install
rpm -bb Will execute %prep, %build, %install and create a binary RPM
rpm -bs Will create a source RPM
rpm -ba Will create a binary and source RPM
*.SPEC
*.BIN

N P
F
L
Wget
You can Donwload any RPM pachage using Linux Tools such as , wget :
# wget <download link>
#wget http://www.download.org/rpmpackages/webmin.rpm
30% Webmin.rpm ###############.... 70kbp/s Total Size 16MB
Use rpm Command
# rpm –i packagename
# rpm –ivh packagename  install package with show information and progress
# rpm –Uvh Packagename  upgradeing with show info and progress
# rpm –q packagename  Quarry about packagename

N P
F
L
Using YUM
Yum is powerful command-line tool that can be used to more
flexibly manage (install,update,remove,and query) software
packages.
You can configure YUM to get packages from third-party
package repositories over the network.

N P
F
L
Using YUM
To update system. Update of the system with all the dependencies that are necessary:
# yum update
Searches. To make a search of some package or term in the data base in some of the
formed deposits yum in the system:
# yum search any-package
Installation of packages. Installation with automatic resolution of dependencies:
# yum install any-package
Uninstalling packages. packages along with everything what it depends
on these:
# yum remove any-package

N P
F
L
Using YUM
Listing Packages. The following thing will list all the packages available in the YUM data
base:
# yum list|less
The following thing will list all the packages installed in the system:
# yum list installed|less
The following thing will list all the packages installed in the system and that can (they
must) be updated:
# yum list updates|less
The following thing will list information about specific package:
# yum info any-package
The following thing will Search about specific package:
# yum search any-package

N P
F
L
Using YUM
Install Package group:
# yum groupinstall ―GNOME Desktop Environment‖
YUM File in System
# cat /etc/yum.repos.d/rhel-source.repo
# cat /etc/yum.repos.d/centos-base.repo

Unit5:
File System
N P
F
L

Module Overview
o File System Types
o H.D Blocks
o File system Features
o Creating a File system
o Mounting a File system
o Using Quota
N P
F
L

N P
F
L
File System Types
Ext2
Ext3
Ext4
• Place to store files and refer to them
• Hierarchical structure through use of directories
• A file system can be stored on any block device
 Floppy disk
 Hard disk
 Partition
 RAID, LVM volume
 RAM disk

N P
F
L
H.D Blocks
• Partition divided into blocks of 1024, 2048 or 4096 bytes
- Blocksize depends on size of fs and expected usage
• Blocks can have different usage:
I node
Block
Data
Block
Super
Block

N P
F
L
H.D Blocks
• First block of filesystem, several copies (at 8193,
16385, ...)
• Contains general info on filesystem
• Last mounted time/place
• Block size
• Pointers to free inodes
• Pointers to free blocks
• Pointer to root of filesystem

N P
F
L
H.D Blocks
• 128 bytes (8 per block of 1024 bytes)
• Contains information about a file: owner,
• group, type, size, permissions, ctime,atime, mtime, ...
• Contains pointers to data blocks
• Contains pointers to an indirect block, a
• double indirect block and a triple indirect
• block
# ls –i

N P
F
L
H.D Blocks
• Contain file data.
• File may be a directory, in which case the data is the list of
file
• names and inodes in that directory.
• So multiple file names may point to the same inode! (Or files
may
• have multiple names)

N P
F
L
File system Features
Filesystems can have other features that can be useful:
Access Control Lists (ACL)
Allow more extended permissions, not just rwxrwxrwx
Not yet supported by VFS abstraction layer
Journaling
Keeps a journal of operations that are going to take place, and
operations that were successfully committed
Should make recovery from a crash faster
Slight performance decrease
Extended file attributes
Examples: immutable, auto compression, undeletable
Labels
Allow mounting based on label instead of device name

N P
F
L
Creating a File system
(1) Using fdisk command to create new partitions:
# fdisk /dev/sda
m for help
(2) Creating a filesystem is done with an mkfs variant
mke2fs, mke2fs -j
mkreiserfs
mkjfs
Typical options:
-b blocksize sets blocksize
-i bytes-per-inode sets number of inodes
-c checks disk for bad blocks
-j create journal file

N P
F
L
Creating a File system
# mkfs –t ext4 /dev/sdb8  Formatting Partition
# mke2fs -j -b 1024 -i 4096 -c /dev/sdb8
# mkfs.ext3 -j /dev/sdb8
# mkswap /dev/sdb8  Make partition swap
# mke2fs -b 1025 /dev/sdb8  Change block to 1025
# mke2fs -i 1656 /dev/sdb8  Change I node to 1656
# tune2fs -l /dev/sdb8  update file system to latest version on system

N P
F
L
Mounting a File system
Temporary :
1- Create empty directory
# mkdir /mnt/mydata
2- Mount partition
# mount /dev/sdb7 /mnt/mydata

N P
F
L
Mounting a File system
Permit:
1- Set a new row in /etc/fstab
# vi /etc/fstab
:wq
Show mounted point
# df -h
# mount -l

N P
F
L
Using Quota
1- Set a new row in /etc/fstab
# vi /etc/fstab
:wq
2- Remount partition
# mount -o remount /mnt/mydata
3- Create quota file db
# touch /mnt/mydata/quota.user
# touch /mnt/mydata/quota.group

N P
F
L
Using Quota
4- Check disk quota
# quotacheck -cug /mnt/mydata
5- Set quota
user
# edquota -u username
6- Show quota applied
# repquota –a
Or
# setquota -u username 200 250 15 20
# quotaon /mnt/mydata
# quotaoff /mnt/mydata

Unit6:
Rescue Mode
N P
F
L

Module Overview
o What is The Rescue Mode
o Booting Rescue Mode
N P
F
L

N P
F
L
What Is Rescue Mode ??
Rescue mode is a term used to describe a method
of booting a small Linux environment completely
from diskettes.

N P
F
L
Booting Rescue Mode
To boot your system in rescue mode, boot off of a Red Hat Linux boot disk
or Red Hat Linux CD-ROM , and enter the following command at the
installation boot prompt:
Boot : Linux rescue

Unit7:
Partitioning and Disk Management
N P
F
L

Module Overview
o LVM
o RAID Level
N P
F
L

N P
F
L
LVM
Logical Volume Management
• Traditional disk partitioning scheme has several disadvantages:
 Virtually impossible to resize or move a partition
 Partition size is limited by disk size
• Logical Volume Management solves these disadvantages:
 One or more Physical Volumes (hard disks, partitions) are assigned to a
Volume Group (VG).
 All Physical Volumes (PV) are split into Physical Extents (PE) of identical
size (default 4 MB).
 PE's in a VG can be combined into Logical Volumes (LV), which can be
used like any block device.
• An LV can span multiple disks
• To increase the size of an LV, add PEs
• To increase the size of a VG, add PVs

N P
F
L
LVM
sdbsda
PE PE
PE PE
PE PE
PE PE
Physical Volume
(PV)
Physical Volume
(PV)
Volume Group
(VG)
Logical Volume
(LV)

N P
F
L
LVM
1- Create Partitions on either 1 Disk or Separated Disks
# disk /dev/sd**
2- Create journal file on each partition
# mke2s -j /dev/sd**
3- Create Physical Volume or each partition
# pvcreate /dev/sd**
4- Create Volume Group
# vgcreate <vgname> /dev/sdb1 /dev/sdc1 /dev/sbb5

N P
F
L
LVM
5- Create Logical Volume
# lvcreate -L 1024m -n <lvname> <vgname>
6- Create Journaling File
# mkfs -j /dev/vgname/lvname
7- Mount lv under any empty directory such as /mnt/lv1
# mount /dev/vgname/lvname /mnt/lv1
Or Set mount point in /etc/fstab
Display LVM
# pvdisplay
# vgdisplay
# lvdisplay

N P
F
L
LVM
Manage VG & LV after installation :-
If any pv have failure in your VG , you must first add new pv
and transfer all data to new pv and remove failure pv.
1-Create a new partition .
2-Create journal file to partition using mke2s -j .
3-Create PV
# pvcreate /dev/sdb7
4-Extend PV to you VG
# vgextend <vgname> /dev/sdb7
5-Resize LV After add PV
# lvextend -L +100M /dev/vgname/lvname

N P
F
L
LVM
6-Move all data from failure pv to new pv
# pvmove /dev/sdb5 /dev/sdb7
7-Remove /dev/sdb5 that have a failure
# vgreduce <vgname> /dev/sdb5
8-Resize LV after remove /dev/sdb5 that have a failure
# lvreduce -L -100M /dev/vgname/lvname

N P
F
L
RAID Linear
sdbsda
Spanned

N P
F
L
RAID 0
Random Read Performance: Very good;
better if using larger stripe sizes if the
controller supports independent reads to
different disks in the array.
Random Write Performance: Very good;
again, best if using a larger stripe size and a
controller supporting independent writes.
Sequential Read Performance: Very good to
excellent.
Sequential Write Performance: Very good.
Cost: Lowest of all RAID levels.
sdbsda
Striped

N P
F
L
RAID 1
Storage Efficiency: 50% if drives of the same size are
used, otherwise (Size of Smaller Drive / (Size of
Smaller Drive + Size of Larger Drive)
Fault Tolerance: Very good; duplexing even better.
Availability: Very good. Most RAID controllers, even
low-end ones, will support hot sparing and automatic
rebuilding of RAID 1 arrays.
Random Read Performance: Good. Better than a
single drive but worse than many other RAID levels.
Random Write Performance: Good. Worse than a
single drive, but better than many other RAID levels.
sdbsda
=
Mirror

N P
F
L
RAID 3
Hard Disk Requirements: Minimum of three standard hard disks;
maximum set by controller. Should be of identical size and type
Fault Tolerance: Good. Can tolerate loss of one drive, none
parity.
Random Read Performance: Very good to excellent.
Random Write Performance: Only fair, due to parity overhead.
Sequential Read Performance: Good to very good; generally
better for smaller stripe sizes.
Sequential Write Performance: Fair to good.
1
2
3
sdb
1
2
3
sdc
P
2
3
sda
RAID 3

N P
F
L
RAID 5
Hard Disk Requirements: Minimum of three standard hard disks;
maximum set by controller. Should be of identical size and type
Fault Tolerance: Good. Can tolerate loss of one drive.
Random Read Performance: Very good to excellent.
Random Write Performance: Only fair, due to parity overhead.
Sequential Read Performance: Good to very good; generally
better for smaller stripe sizes.
Sequential Write Performance: Fair to good.
Recommended Uses: RAID 5
1
P
3
sdb
1
2
P
sdc
P
2
3
sda
RAID 5

N P
F
L
RAID 6
Hard Disk Requirements: Minimum of four
hard disks; maximum set by controller.
Should be of identical size and type.
Fault Tolerance: Very good to excellent.
Availability: Excellent.
Random Read Performance: Very good to excellent; generally better for
larger stripe sizes.
Random Write Performance: Poor, due to dual parity overhead and
complexity.
Sequential Read Performance: Good to very good; generally better for
smaller stripe sizes.
Sequential Write Performance: Fair.
Cost: High.
1
P
3
sdb
1
2
P
sdc
P
2
3
sda
RAID 6
P
2
3
sdd

N P
F
L
RAID 10 or 01

N P
F
L
RAID
Implementing RAID :-
1-Create Multiple Partition
2-Collect Partitions to create RAID[0-10].
3-Format {md*}.
4-Mount {md*}.

N P
F
L
RAID
Lab:
1-Create RAID With Installation.
2-Create RAID Using Disk Management.

N P
F
L
RAID
Create Multiple Partition’s
# fdisk /dev/sdb
# m for help menu
Collect Partitions to create RAID[0-10]
# mdadm --create /dev/md0 --level=0 --raid-devices=2 /dev/sdb5
/dev/sdc6
Format {md*}
# mke2fs -t ext4 -j /dev/md0

N P
F
L
RAID
Mount {md*}
# mkdir /mnt/raid0
# mount /dev/md0 /mnt/raid0
Test
# mount
# df -h

Unit8:
Kernel
N P
F
L

Module Overview
o Kernel Concept
o Kernel Modules
o kernel Compilation
N P
F
L

Kernel
• kernel is the central core of operating system.
• it does not interact with user , rather it interact with shell as well as with
hardware devices.
http://www.kernel.org/
N P
F
L

N P
F
L
Kernel
Kind of Kernel
Symmetric
Multiprocessing
(SMP)
Support in (X86):
32Processor
16GB RAM
Support in (X64):
64Processor
512GB RAM
Kernel (K86)
Support in (X86):
32Processor
4GB RAM
Support in (X64):
64Processor
64GB RAM
Kernel-Xen
Support in (X86):
32Processor
16GB RAM
Support in (X64):
128Processor
512GB RAM
Virtualization
# uname -a  Show Kernel Version

N P
F
L
Kernel Modules
Modules are pieces of code that can be loaded and unloaded into the kernel upon demand.
They extend the functionality of the kernel without the need to reboot the system. For
example, one type of module is the device driver, which allows the kernel to access hardware
connected to the system.
# lsmod  Show Kernel Modules
# lsmod usb_storage
# modprobe usb_storage  insert Module
# insmod usb_storage  insert Module
# modprobe -r usb_storage  Remove Module
# rmmod usb_storage  Remove Module

N P
F
L
Kernel Modules
Kernel
Modules
Dynamic
Modules
Static
Modules
-Initial RAM Disk -Hard Disk Device
-USB Storage

N P
F
L
kernel Compilation
Installing Kernel Source
From SLES distribution: use rpm to install the kernel sources package
# rpm -ivh kernel-source-version.rpm
From Internet: Download linux-version.tar.gz or linux-version.tar.bz2 and unpack
in /usr/src
# cd /usr/src
# tar -zxvf /root/linux-version.tar.gz
# tar -jxvf /root/linux-version.tar.bz2
After installation, clean the tree really well to remove all
configurations changes made by the distribution builder
# cd /usr/src/linux-version
# make mrproper
# make oldconfig

N P
F
L
kernel Compilation
Configuring the Kernel Compile
Configure all kernel compilation options Configuration stored in .config file
Editing .config is hard...
Use the make utility instead:
# make config (command line)
# make menuconfig (ncurses based - much easier)
# make xconfig (QT-based GUI)

N P
F
L
kernel Compilation
Compiling the Kernel Most important targets:
# make clean
Cleans up old .o, .a files, and so forth
# make dep
Checks dependencies
# make bzImage
Compiles kernel
May take 5-60 minutes
Creates kernel image (bzImage) in
/usr/src/linux-<VERSION>/arch/<CPUTYPE>/boot
# make modules
Compiles modules
May take 2-60 minutes
Can be combined:
# make clean dep bzImage modules

N P
F
L
kernel Compilation
Copy kernel image to /boot
cp arch/i386/boot/bzImage /boot/vmlinuz-version
All kernel path to grub file to show when boot
/boot/grub/grub.conf
Reboot System
# init 6

Unit9:
Memory Management
N P
F
L

Module Overview
o Describe Memory Management
o Create a paging Space Partition
N P
F
L

N P
F
L
Describe Memory Management

N P
F
L
Create a paging Space Partition
We need an empty partition/LV/RAID volume or a regular file (not
recommended, poor performance)
-Partition type 82 (Linux swap)
Create paging space in that partition
# mkswap /dev/sda3
Activate paging space
# swapon -p 42 /dev/sda3
Deactivating paging space is done using
# swapoff /dev/sda3
Check swap space in procfs
# cat /proc/swaps

N P
F
L
Paging Space
top displays memory, CPU and process statistics continuously
uptime displays system uptime + load
free displays memory statistics
sync flushes the cache to disk
xosview graphically displays a system overview
xload graphically displays system load
xsysinfo graphically displays system information
vmstat displays memory and other statistics every second
procinfo displays processor statistics

Unit10:
Scheduling
N P
F
L

Module Overview
o Use crontab
o Use anacron
o Use the at
N P
F
L

N P
F
L
Minute Hours Days Month Week Command
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
crontab files are stored:
In /var/spool/cron
Three usage methods:
crontab -l List your crontab file
crontab -r Remove your crontab file
crontab -e Edit your crontab file
*/1 * * * * . /root/script
*/1 * * * * ls -l
crontab
/etc/crontabNote:
If Server shutdown before
run cron task and turn on
after cron schedule , task
passive in this case.

N P
F
L
crontab
The solution: Anacron
Runs commands periodically
At night if the system is on
At startup to catch up on any missed jobs
Jobs specified in /etc/anacrontab
Anacron is called by the boot scripts and by cron
Job execution information stored in /var/spool/anacron
# vi /var/spool/anacron/filename
Note: Anacron is not supported on SUSE
Service Manager
# service crond status

N P
F
L
at
Run a command once in the future
# at 4am
>date
>ls -l
<ctrl+d>
Or
# at 19:22
# at -d job number  Show jobs
# at -f /root/script 16:00 + 3 days

Unit11:
Backup and Restore
N P
F
L

Module Overview
o Backup Schemes
o Backup Devices
o Default Backup Tools
N P
F
L

N P
F
L
Backup Schemes
• Full backup
 Preserves the whole system
• System backup
 Preserves system directories and files
 Must include backup/restore tools
 Usually on bootable media (floppy, CD-Writable)
• Data backup
 Preserves user data
• Incremental or differential backup
 Only backup files that changed
 Very fast, but takes more time to restore
 Must be used carefully
 Needs more media

N P
F
L
Incremental and differential backup

N P
F
L
Backup Devices
• Tape drive
• CD-R, CD-RW, DVD
• (Removable) Hard disk
• Zip, Jaz drive
• Network (SAN)

N P
F
L
Default Backup Tools
tar
Backs up individual files
Widely available
Excellent for transferring data between platforms
cpio
Backs up individual files
Widely available
Difficulties with many symbolic links
dump
Backs up whole filesystems
Can handle incremental backups (9 levels)

N P
F
L
Tar
Backup with tar:
# tar -cvf home.tar /home
Restore with tar:
# tar -xvf home.tar < files to extract >
List contents of a tar backup:
# tar -tvf home.tar
Compression: use z option (gzip) or j option (bzip2)
# tar -zcvf home.tar.gz /home
# tar -jcvf home.tar.bz2 /home
---------------------------------------------
# tar -zcvf /backup/boot.tar.gz /boot
# tar -xvf boot.tar.gz <file to extract>

N P
F
L
CPIO
Backup with cpio:
# cpio -ov <files> > <device>
# find /home | cpio -ov > /dev/fd0
Restore with cpio:
# cpio -iv[-dum] [files] < <device>
# cpio -ivdum "/home/j*" < /dev/fd0
List contents of a cpio backup:
# cpio -itv < <device>
# cpio -itv < /dev/fd0

N P
F
L
dump
To backup a complete filesystem use the dump command
 Can handle incremental backups up to 9 levels
 Information is stored in /etc/dumpdates
# dump -0 -u -a -f /backupdir/home.dump /home
# dump -1 -u -f backup@remhost:/tux.dump /
To restore a dumped filesystem:
# cd /home
# restore -xvf /backupdir/home.dump
....
set owner/mode for .? [y/n]
-------------------------------------
# dump -0 -u -a -f /root/backup/boot.dump /boot
# restore -xvf /boot.dump

Unit12:
User Administration
N P
F
L

Module Overview
o Add, change and delete user accounts
o Add, change and delete groups
o Configuration & DB Files
o Change Owner
N P
F
L

N P
F
L
User Hierarchy
root
Super User
File permissions do not apply for root
Can do anything except the obvious
Account for the system administrator
bin, daemon, lp, sync, news, ftp, ap ..
User accounts used by different applications and daemons
Cannot (and should not) be used to log in
Ordinary user accounts

N P
F
L
Groups
• A group is a set of users, all of whom need access to a given set of
files
• Every user is a member of at least one group and can be a member
of several groups
• Primary group: used for file/directory creation
• Group set: used to determine access permissions
• The user has access to files in all of the groups in its groupset.

N P
F
L
Configuration File
/etc/login.defs
User and Group Data Base
/etc/shadow
/etc/gshadow
/etc/passwd
/etc/shadow
/etc/group
DB
Userneme:Encpassword:UID:GID:Comment:HomeDir:ShellType

N P
F
L
Add,Remove,Change User’s
Add a user account:
# useradd momen
# passwd P@ssW0rd
Delete user account:
# userdel momen
# userdel -r momen  Delete user account with home directory
Add user account to group <hrgroup>:
# usermod momen -G hrgroup
Chanage user id:
# usermod -u 666 momen

N P
F
L
Lock user account:
# usermod -L momen
Unlock user account:
# usermod -U momen
Set expiration date to user account:
# usermod -e yyy-mmm-dd momen
User account never expire:
# usermod -e 0 momen
Change user account:
# usermod -g momen koko

N P
F
L
Change Group ID: -g
Add Comment: -C
Change Home Dir: -d
Change Shell type: -s
Remove User: -r
# usermod -u 600 -g 700 -d /usr/test -s /bin/ksh -C ―Eng Momen Hany‖ momen
# useradd -u 600 -g 700 -d /usr/test -s /bin/ksh -C ―Eng Momen Hany‖ momen

N P
F
L
Add,Remove,Change Group’s
Create a group:
# groupadd hrgroup
Delete a group:
# groupdel hrgroup
Change group name:
# groupmod -n oldname newname
Add user to group:
# usermod -G hrgroup momen
# usermod momen -G hrgroup

N P
F
L
/etc/passwd
Fields are separated by ":"
1) login name
2) password field (x means: encrypted password available)
3) UID
4) GID
5) GECOS field (user information)
6) home directory
7) login shell
Userneme:Encpassword:UID:GID:Comment:HomeDir:ShellType

N P
F
L
/etc/shadow
1) Login name
2) Encrypted password (md5)
3) Last change of credentials (days since Jan 1, 1970)
4) Days before password may be changed
5) Days after which password must be changed
6) Days before password is to expire that user is warned
7) Days after password expires that account is disabled
8) Days since Jan 1, 1970 that account is disabled

N P
F
L
/etc/group and /etc/gshadow

N P
F
L
/etc/login.defs
?Mail directory : __________
Passwd : _______
UID : __________
GID : __________
Umask : ________
Home Directory : _________
…..

N P
F
L
Login Scripts
# Ls -a /etc/skel/.
If the administrator modify in login scripts .profile , .bashrc .. And you
need to create anew user with this modification enter this command:
# useradd -m momen

N P
F
L
# chsh –s /bin/ksh momen  change shell login
# chage -E yyy-mm-dd momen  Expiration date
# chage -m 10 momen  Minimum password age
# chage -M momen  Maximum password age
# chage -w 5 momen  Worming – password will expire

N P
F
L
Change Owner
# ls -l
# chown momen /root/data  Change user owner
# chgrp hrgroup /root/data  Change group owner
# chown momen:hrgroup /root/data

Unit13:
User Level Security
N P
F
L

Module Overview
o Security Logs
o UserFul Command
o Privilege Escalation <Sudo>
N P
F
L

N P
F
L
Security Logs
• /var/log/lastlog - Last successful login
• /var/log/messages - General log file
• /var/log/secure - Failed logins
• /var/log/wtmp - Successful logins
• /var/run/utmp - Currently logged in users
Notes:
/var/log/lastlog
Records the last time a user logged in. This file can be examined with the lastlog
command.
/var/log/messages
This is the general log file. Most applications and daemons will write log information to this
file. The messages file is an ASCII file which can be viewed with tail -f or more.
/var/log/secure
Keeps track of the failed login attempts. Use more /var/log/secure to view the contents of
this file.
/var/log/wtmp
All successful logins are saved in this file. This file can also be examined with the who
command. Another tool for viewing this file is the last command.
/var/run/umtp
Logs the users currently logged in the system. The default output of the who command is
the contents of this file.

N P
F
L
UserFul Command
# w Who is logged in and doing what?
# who Who is logged in and examine the contents of /var/log/wtmp and /var/log/utmp
# id Show information about a user
# last Show the last time a user logged in or the last time a tty was used to log in
# lastlog Show the last login time of all users

N P
F
L
Privilege Escalation
<Sudo>
Allows users to execute specific commands another user without requiring that
users password
/etc/sudoers file list which users are allowed to execute which commands on
which host as which user Edit this file with visudo only or ( vi /etc/sudores ) .
# vi /etc/sudores
User1 ALL=/sbin/fdisk
User1 ALL=/sbin/useradd
:wq
$ sudo /sbin/fdisk -l
# su user1  Switch user

Unit14:
Special Permission
N P
F
L

Module Overview
o Authentication & Authorization
o Pluggable Authentication Modules (PAM)
o File Permissions (Authorization)
N P
F
L

N P
F
L
Authentication & Authorization
Authentication: Verifying that you are who you say you are
Can be based on:
Something you only know (for example, password, PIN)
Something you only have (for example, smartcard, token, key)
Something you only are (for example, fingerprints, retina scan)
Authorization: Determining your level of access
File permissions
Account restrictions (login times, login tty, and so forth)

N P
F
L
PAM

N P
F
L
PAM
PAM Configuration File
# cat /etc/pam.d/login
Some commonly used PAM modules are:
pam_unix.so: Regular UNIX authentication (passwords)
pam_env.so: Set environment variables
pam_cracklib.so: Check passwords for strength
pam_pwdb.so: Enforce password aging rules
pam_pwcheck.so: Check passwords (SUSE only)
pam_nologin.so: Deny login if /etc/nologin exists
pam_listfile.so: Allow/deny login if user listed in file
pam_securetty.so: Allow login for root only from secure ttys
pam_stack.so: Include another PAM config file (RH only)
pam_limits.so: Set limits on CPU and memory usage
pam_console.so: Set permissions for console users
pam_deny.so: Always gives an error
Several PAM modules have additional configuration files in /etc/security

N P
F
L
File Permission - Authorization

N P
F
L
SUID SGID Sticky Bit
4 2 1
u+s g+s o+t
Changing Permission
# chmod 1755 (or o+t) commondir
# ls -l
drwxrwxr-t 3 root proj11 4096 2003-05-13 08:53 commondir
# chmod 4755 (or u+s) commondir
# ls -l
-rwsr-xr-x 3 root proj11 73680 2003-03-17 16:39 commondir
Such as
# ls -l /bin/su

N P
F
L
LAB:-
# mkdir momendata
# chmod 775 momendata
# groupadd sales
# usermod -G sales momen
# chown momen:sales momendata
# chmod u+s,g+s,o+t momendata
# ls -l
??

White Board
Last Viewed

RHCE administration ii book by Moamen Hany

Recommended

Recommended

More Related Content

What's hot

What's hot (14)

Similar to RHCE administration ii book by Moamen Hany

Similar to RHCE administration ii book by Moamen Hany (20)

Recently uploaded

Recently uploaded (20)

RHCE administration ii book by Moamen Hany