Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

Published in: Education, Technology
  • Be the first to comment


  1. 1.
  2. 2.   In mid-September of 1991, a Finnish computer science student by the name of Linus Torvalds released Linux version 0.01, the first one ever. Torvalds claimed that he was inspired to write the Linux kernel because buying Unix or Minix systems was too expensive, especially for a college student. One of his most famous emails which advertised his project to other interested developers mentioned that the kernel project would be “nothing professional” and more of a hobby project rather than a serious attempt at creating a brand new operating system. Little did he know that his kernel would gain a large amount of support, and over the years the kernel would be greatly expanded to be capable of much more than what it originally was.
  3. 3.   The term "open source" refers to something that can be modified because its design is publicly accessible. While it originated in the context of computer software development, today the term "open source" designates a set of values—what we call the open source way.In general, open source projects, products, or initiatives are those that embrace and celebrate open exchange, collaborative participation, rapid prototyping, transparency, meritocracy, and community development.
  4. 4.  Red Hat Linux : One of the original Linux distribution.  The commercial, nonfree version is Red Hat Enterprise Linux, which is aimed at big companies using Linux servers and desktops in a big way.  Free version: Fedora Project.  Debian GNU/Linux : A free software distribution. Popular for use on servers. However, Debian is not what many would consider a distribution for beginners, as it's not designed with ease of use in mind.  SuSE Linux : SuSE was recently purchased by Novell. This distribution is primarily available for pay because it contains many commercial programs, although there's a stripped-down free version that you can download.  Mandrake Linux : Mandrake is perhaps strongest on the desktop. Originally based off of Red Hat Linux.  Gentoo Linux : Gentoo is a specialty distribution meant for programmers.
  5. 5. ◦ Linux has been used for many computing platforms – ◦ ◦ PC, PDA, Supercomputer,… Not only character user interface but graphical user interface is available Commercial vendors moved in Linux itself to provide freely distributed code. They make their money by compiling up various software and gathering them in a distributable format – Red Hat, Slackware, etc
  6. 6.  Everything is a file. ( Including hardware )  Small, single-purpose programs.  Ability to chain programs together to perform complex tasks.  Avoid captive user interfaces.  Configuration data stored in text.
  7. 7.
  8. 8.    Hardware Devices : The lower most layer is the hardware components (i.e. physical components like your motherboard, hard disk drive, floppy drive, memory, etc…) Kernel : When your system is booted, the Linux kernel will be loaded into the memory of your system and after that the kernel will control the entire operating system. Shell : Shell is an interpreter through which a user can interact with kernel. Shell is program or command. An application program may be a image editor, word processor, music player, Games, and etc…..
  9. 9. man(manual) pages:  #man <command> - shows all information about the command #<command> --help - shows the available options for that command File Handling commands: • mkdir – make directories Usage: mkdir [OPTION] DIRECTORY... eg. mkdir prabhat • ls – list directory contents Usage: ls [OPTION]... [FILE]... eg. ls, ls -l, ls prabhat • cd – changes directories Usage: cd [DIRECTORY] eg. cd prabhat
  10. 10. • rm - remove files or directories Usage: rm [OPTION]... FILE... eg. rm file1.txt , rm -rf some_dir • find – search for files in a directory hierarchy Usage: find [OPTION] [path] [pattern] eg. find file1.txt, find -name file1.txt • history – prints recently used commands Usage: history • pwd - print name of current working directory Usage: pwd • vim – Vi Improved, a programmers text editor Usage: vim [OPTION] [file]... eg. vim file1.txt
  11. 11. • cp – copy files and directories Usage: cp [OPTION]... SOURCE DEST eg. cp sample.txt sample_copy.txt cp sample_copy.txt target_dir • mv – move (rename) files Usage: mv [OPTION]... SOURCE DEST eg. mv source.txt target_dir mv old.txt new.txt Text Processing: • cat – concatenate files and print on the standard output Usage: cat [OPTION] [FILE]... eg. cat file1.txt file2.txt cat -n file1.txt
  12. 12. • echo – display a line of text Usage: echo [OPTION] [string] ... eg. echo I love India echo $HOME • grep - print lines matching a pattern Usage: grep [OPTION] PATTERN [FILE]... eg. grep -i apple sample.txt • wc - print the number of newlines, words, and bytes in files Usage: wc [OPTION]... [FILE]... eg. wc file1.txt wc -L file1.txt • sort – sort lines of text files Usage: sort [OPTION]... [FILE]... eg. sort file1.txt sort -r file1.txt
  13. 13. Red Hat 6 RHEL Installation: Standard installation: 1. Select Install or upgrade an existing system option on Grub Menu 2. Choose a language 3. Choose a keyboard type 4. Choose a installation media 5. Skip DVD media test (or select media test, if you want to test installation media before installation) 6. Red Hat 6 graphical installer starts, select next 7. Accepct Pre-Release Installation 8. Select storage devices 9. Insert computer name 10. Select time zone 11. Enter a password for root user 12. Select type of installation
  14. 14. 13. Review partition layout 14. Accept write changes to disc 15. Writing changes (creating partitions) to disc 16. Configure boot loader options 17. Select softwares to install and enable repositories 18. Customize package selection 19. Checking dependencies for installation 20. Starting installation process 21. Installing packages 22. Installation is complete 23. Selecting RHEL 6 from grub 24. Booting Red Hat 6 25. Red Hat 6 Welcome screen 26. Create normal user 27. Setup date and time and keep up-to-date with NTP 28. Login Red Hat 6 Gnome Desktop 29. Red Hat (RHEL) 6 Gnome Desktop, empty and default look
  15. 15. Kickstart Installations:  What are Kickstart Installations?  Many system administrators would prefer to use an automated installation method to install Red Hat Enterprise Linux on their machines. To answer this need, Red Hat created the kickstart installation method. Using kickstart, a system administrator can create a single file containing the answers to all the questions that would normally be asked during a typical installation.  Kickstart files can be kept on a single server system and read by individual computers during the installation. This installation method can support the use of a single kickstart file to install Red Hat Enterprise Linux on multiple machines, making it ideal for network and system administrators.  Kickstart provides a way for users to automate a Red Hat Enterprise Linux installation. How Do You Perform a Kickstart Installation?  Kickstart installations can be performed using a local CD-ROM, a local hard drive, or via NFS, FTP, or HTTP.  To use kickstart, you must:  Create a kickstart file.  Create a boot media with the kickstart file or make the kickstart file available on the network.  Make the installation tree available.  Start the kickstart installation.
  16. 16. RHEL Boot process: The following are the 6 high level stages of a typical Linux boot process.
  17. 17. 1. BIOS BIOS loads and executes the MBR boot loader. 2. MBR MBR loads and executes the GRUB boot loader. 3. GRUB GRUB just loads and executes Kernel and initrd images. 4. Kernel Mounts the root file system as specified in the “root=” in grub.conf Kernel executes the /sbin/init program initrd is used by kernel as temporary root file system until kernel is booted and the real root file system is mounted. It also contains necessary drivers compiled inside, which helps it to access the hard drive partitions, and other hardware.
  18. 18. 5. Init Looks at the /etc/inittab file to decide the Linux run level. Following are the available run levels ◦ 0 – halt ◦ 1 – Single user mode ◦ 2 – Multiuser, without NFS ◦ 3 – Full multiuser mode ◦ 4 – unused ◦ 5 – X11 ◦ 6 – reboot Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program. 6. Runlevel programs When the Linux system is booting up, you might see various services getting started. For example, it might say “starting sendmail …. OK”. Those are the runlevel programs, executed from the run level directory as defined by your run level.
  19. 19. 1.Boot the system and when you see the following message "Press any key to  enter the menu",press any key. (You will see the list of available kernel versions.) 2. Press e in order to edit commands before booting. 3. Highlight the list item with vmlinuz in it by using the arrow keys and press e. 4. Now type single or init 1 at the end of the line. 5. Then press enter and b to boot the system with the new argument. (The system will boot into single user mode and you will see bash prompt) Now it's time to change the password: 6. Type passwd 7. Type reboot to restart the system.
  20. 20. Encrypt the grub password using grub-crypt # grub-crypt Password: GrbPwd4SysAd$ Retype password: GrbPwd4SysAd$ ^9^32kwzzX./3WISQ0C Copy the ciphertext and Modify the grub.conf file password --encrypted ^9^32kwzzX./3WISQ0C Save the file and restart to check
  21. 21. GNOME is a desktop environment and graphical user interface that runs on top of a computer operating system. It is composed entirely of free and open source software and is developed by both volunteers and paid contributors, the largest corporate contributor being Red Hat. It is an international project that includes creating software development frameworks, selecting application software for the desktop, and working on the programs that manage application launching, file handling, and window and task management.
  22. 22. Network Configuration Files  Before delving into the interface configuration files, let us first itemize the primary configuration files used in network configuration. Understanding the role these files play in setting up the network stack can be helpful when customizing a Red Hat Enterprise Linux system.  The primary network configuration files are as follows: /etc/hosts The main purpose of this file is to resolve hostnames that cannot be resolved any other way. It can also be used to resolve hostnames on small networks with no DNS server. Regardless of the type of network the computer is on, this file should contain a line specifying the IP address of the loopback device ( as localhost.localdomain.
  23. 23.  /etc/resolv.conf This file specifies the IP addresses of DNS servers and the search domain. Unless configured to do otherwise, the network initialization scripts populate this file.  /etc/sysconfig/network This file specifies routing and host information for all network interfaces.  /etc/sysconfig/network-scripts/ifcfg-<interface-name> For each network interface, there is a corresponding interface configuration script. Each of these files provide information specific to a particular network interface.  To list or display more information about network interface type command: # ifconfig | less  To assign an IP address type following command: # ifconfig eth0 up
  24. 24.  To take down network interface type following command: # ifconfig eth0 down  You can also type command setup and select network configuration from menu: # setup  If you wish to configure network interface manually then you need to edit files stored in /etc/sysconfig/network-scripts/ directory. For example here is my sample /etc/sysconfig/network-scripts/ifcfg-eth0 file for eth0 network interface: DEVICE=eth0 BOOTPROTO=static BROADCAST= HWADDR=00:0F:EA:91:04:07 IPADDR= NETMASK= NETWORK= ONBOOT=yes TYPE=Ethernet
  25. 25.   RPM: The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Each software package consists of an archive of files along with information about the package like its version, a description, and the like. There is also a library API, permitting advanced developers to manage such transactions from programming languages such as C or Python.       There are five basic modes for RPM command Install : It is used to install any RPM package. Remove : It is used to erase, remove or un-install any RPM package. Upgrade : It is used to update the existing RPM package. Verify : It is used to query about different RPM packages. Query : It is used for the verification of any RPM package.
  26. 26. Check an RPM Signature Package # rpm --checksig pidgin-2.7.9-5.el6.2.i686.rpm Install an RPM Package #rpm -ivh pidgin-2.7.9-5.el6.2.i686.rpm check dependencies of RPM Package before Installing # rpm -qpR BitTorrent-5.2.2-1-Python2.4.noarch.rpm    -q : Query a package -p : List capabilities this package provides. -R: List capabilities on which this package depends.. Install a RPM Package Without Dependencies #rpm -ivh --nodeps BitTorrent-5.2.2-1-Python2.4.noarch.rpm
  27. 27. Remove a RPM Package # rpm -e nx Upgrade a RPM Package # rpm -Uvh nx-3.5.0-2.el6.centos.i686.rpm List All Installed RPM Packages # rpm –qa Query a Information of Installed RPM Package # rpm -qi vsftpd Verify a RPM Package # rpm -Vp sqlbuddy-1.3.3-1.noarch.rpm
  28. 28. Yum or Yellow dog Update, Modified is a package manager that was developed by Duke University to improve the installation of RPMs. Yum searches numerous repositories for packages and their dependencies so they may be installed together in an effort to alleviate dependency issues. Red Hat Enterprise Linux 5 uses Yum to fetch packages and install RPMs. Yum uses a configuration file at /etc/yum.conf. 1) Install a package: yum install package 2) Remove a package: yum remove package 3) Update a package: yum update package
  29. 29. 4) Search for a package: yum search package 5) Find information about a package: yum info package 6) List packages containing a certain term: yum list term 7) Find what package provides a particular file: yum whatprovides 'path/filename' 8) Update all installed packages with kernel package : yum update 9) To update a specific package: yum update <package-name>
  30. 30.  The RHN Package Manager is a command line tool that allows an organization to serve local packages associated with a private RHN channel through the RHN Proxy Server. If you want the RHN Proxy Server to update only official Red Hat packages, do not install the RHN Package Manager.  To use the RHN Package Manager, install the rhns-proxy-packagemanager package and its dependencies.  Only the header information for packages is uploaded to the RHN Servers. The headers are required so that RHN can resolve package dependencies for the client systems. The actual package files (*.rpm) are stored on the RHN Proxy Server.  The RHN Package Manager uses the same settings as the Proxy, defined in the /etc/rhn/rhn.conf configuration file.
  31. 31. Kernel A kernel is the lowest level of easily replaceable software that interfaces with the hardware in your computer. It is responsible for interfacing all of your applications that are running in “user mode” down to the physical hardware, and allowing processes, known as servers, to get information from each other using inter-process communication (IPC). Monolithic Kernel Monolithic kernels are the opposite of microkernels because they encompass not only the CPU, memory, and IPC, but they also include things like device drivers, file system management, and system server calls. Monolithic kernels tend to be better at accessing hardware and multitasking because if a program needs to get information from memory or another process running it has a more direct line to access it and doesn’t have to wait in a queue to get things done. This however can cause problems because the more things that run in supervisor mode, the more things that can bring down your system if one doesn’t behave properly.
  32. 32. Kernel Module Modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. For example, one type of module is the device driver, which allows the kernel to access hardware connected to the system. Without modules, we would have to build monolithic kernels and add new functionality directly into the kernel image. Besides having larger kernels, this has the disadvantage of requiring us to rebuild and reboot the kernel every time we want new functionality. The kernel configuration file The kernel configuration file of Debian Official kernel are available in /boot, named after the kernel release, like /boot/config-2.6.18-6-486, or/boot/config-$(uname -r). The proc File System  The Linux kernel has two primary functions: to control access to physical devices on the computer and to schedule when and how processes interact with these devices. The /proc/ directory — also called the proc file system — contains a hierarchy of special files which represent the current state of the kernel — allowing applications and users to peer into the kernel's view of the system.
  33. 33.  Within the /proc/ directory, one can find a wealth of information detailing the system hardware and any processes currently running. In addition, some of the files within the /proc/ directory tree can be manipulated by users and applications to communicate configuration changes to the kernel. sysctl : Persistent Kernel Configuration  sysctl adds persistence to /proc/sys settings  Statements added to /etc/sysctl.conf automatically reflected under /proc after a reboot.  Configuration maintained or monitored using the sysctl command:  List all current settings: sysctl -a  Reload settings from sysctl.conf: sysctl -p  Set a /proc value dynamically: sysctl -w net.ipv4.ip_forward=1
  34. 34. GNOME System Monitor: Unlike bandwidth, monitoring CPU utilization is much more straightforward. From a single percentage of CPU utilization in GNOME System Monitor, to the more in-depth statistics reported by sar, it is possible to accurately determine how much CPU power is being consumed and by what.
  35. 35. top : top is the first resource monitoring tool While free displays only memory-related information, the top command does a little bit of everything. CPU utilization, process statistics, memory utilization -- top monitors it all. In addition, unlike the free command, top's default behavior is to run continuously; there is no need to use the watch command. Here is a sample display:
  36. 36. /proc/meminfo The /proc/meminfo file stores statistics about memory usage on the Linux based system. The same file is used by free and other utilities to report the amount of free and used memory (both physical and swap) on the system as well as the shared memory and buffers used by the kernel. #cat /proc/meminfo free command To display free memory size in MB (megabytes): #free –m vmstat command vmstat reports information about processes, memory, paging, block IO, traps, and cpu activity. #vmstat
  37. 37. Identify and Terminate Processes: ps Command The ps command allows you to display information about running processes. It produces a static list, that is, a snapshot of what is running when you execute the command. If you want a constantly updated list of running processes, use the top command or the System Monitor application instead. #ps ax -To display the owner alongside each process #ps aux -ps aux displays the effective username of the process owner (USER), the percentage of the CPU (%CPU) and memory (%MEM) usage, the virtual memory size in kilobytes (VSZ), the non-swapped physical memory size in kilobytes (RSS), and the time or date the process was started. What is a PID? A Linux or Unix process is running instance of a program. For example, Firefox is a running process if you are browsing the Internet. Each time you start Firefox browser, the system is automatically assigned a unique process identification number (PID). A PID is automatically assigned to each process when it is created on the system. #pidof httpd
  38. 38. Kill Command Use the kill command to send a signal to each process specified by a pid (process identifier). The default signal is SIGTERM (terminate the process). #kill PID #kill -s signalName PID #kill -9 PID Number Name Description Used for 0 SIGNULL Null Check access to pid 1 SIGHUP Hangup Terminate; can be trapped 2 SIGINT Interrupt Terminate; can be trapped 3 SIGQUIT Quit Terminate with core dump; can be 9 SIGKILL Kill Forced termination; cannot be trapped 15 SIGTERM Terminate Terminate; can be trapped 24 SIGSTOP Stop Pause the process; cannot be trapped 25 SIGTSTP Terminal stop Pause the process; can be 26 SIGCONT Continue Run a stopped process
  39. 39. Nice command: Run Process With Modified Scheduling Priority #nice +n command Renice command: Change the Priority of a Already Running Process #renice {priority} pid The following will change nice value of process 2243 to 19, enter: # renice 19 2243
  40. 40. cron is a Linux system process that will execute a program at a preset time. To use cron you must prepare a text file that describes the program that you want executed and the times that cron should execute them. Then you use the crontab program to load the text file that describes the cron jobs into cron. Global configuration file /etc/crontab To view the current state of a crontab you need to specify the -loption. You can view another users crontab by specifying -u username #user$ crontab -l [-u username] To edit the state of a crontab you need to use the -e flag: #user$ crontab -e [-u username] 30 12 * * * echo "hello world!"
  41. 41. The ssh command is a secure replacement for the rlogin, rsh, and telnet commands. It allows you to log in to a remote machine as well as execute commands on a remote machine. To log in to a remote machine named #ssh specify a different username #ssh If you want to execute the commandls /usr/share/doc on the remote machine #ssh ls /usr/share/doc
  42. 42. Rsync (Remote Sync) is a most commonly used command for copying and synchronizingfiles and directories remotely as well as locally in Linux/Unix systems. With the help of rsynccommand you can copy and synchronize your data remotely and locally across directories, across disks and networks, perform data backups and mirroring between two Linux machines. # rsync options source destination VNC VNC is a technology for remote desktop sharing. VNC enables the desktop display of one computer to be remotely viewed and controlled over a network connection. This technology is useful on home computers, allowing someone to access their desktops from another part of the house or while traveling. It is also useful for network administrators in business environments.
  43. 43. When your systems are running smoothly, take some time to learn and understand the content of various log files, which will help you when there is a crisis and you have to look though the log files to identify the issue. /etc/rsyslog.conf controls what goes inside some of the log files. For example, following is the entry in rsyslog.conf for /var/log/messages. # grep "/var/log/messages" /etc/rsyslog.conf *.info;mail.none;authpriv.none;cron.none /var/log/messages /var/log/messages – Contains global system messages, including the messages that are logged during system startup. There are several things that are logged in /var/log/messages including mail, cron, daemon, kern, auth, etc.
  44. 44. logrotate is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large. #logrotate /etc/logrotate.conf The configuration file for log rotation begins with a number global directives that control how log rotation is applied globally. Most configuration of log rotation does not occur in the /etc/logrotate.conf file, but rather in files located in the /etc/logrotate.d directory. Every daemon process or log file will have its own file for configuration in this directory
  45. 45. A network file system is a network abstraction over a file system that allows a remote client to access it over a network in a similar way to a local file system. Although not the first such system, NFS has grown and evolved into the most powerful and widely used network file system in UNIX®. NFS permits sharing of a common file system among a multitude of users and provides the benefit of centralizing data to minimize needed storage.
  46. 46. Install NFS in Server system # yum install nfs* -y Create shared directories in server  Create a shared directory named ‘/var/unixmen_share’ in server and let the client users to read and write files in that directory.  # mkdir /var/unixmen_share  # chmod 755 /var/unixmen_share/ Export shared directory on NFS Server  Open /etc/exports file and add the entry as shown below  # vi /etc/exports /var/unixmen_share/,sync,no_root_squash,no_all_squash) Restart the services In client machice to mount the directory mount -t nfs /var/nfs_share/
  47. 47. Samba is an Open Source/Free Software suite that has, since 1992, provided file and print services to all manner of SMB/CIFS clients, including the numerous versions of Microsoft Windows operating systems. Samba is freely available under the GNU General Public License. Installing Samba on an RHEL 6 System Configuring the smb.conf File workgroup = workgroup [tmp] path = /tmp writeable = yes browseable = yes valid users = demo Creating a Samba User Starting samba services
  48. 48. The primary configuration file for the automounter is /etc/auto.master, The master map lists autofs-controlled mount points on the system, and their corresponding configuration files or network sources known as automount maps configuration file /etc/auto.master file /etc/auto.misc Start the services
  49. 49.   File Transfer Protocol (FTP) is one of the oldest and most commonly used protocols found on the Internet today. Its purpose is to reliably transfer files between computer hosts on a network without requiring the user to log directly into the remote host or have knowledge of how to use the remote system. It allows users to access files on remote systems using a standard set of simple commands. The Very Secure FTP Daemon (vsftpd) is designed from the ground up to be fast, stable, and, most importantly, secure. Its ability to handle large numbers of connections efficiently and securely is why vsftpd is the only stand-alone FTP distributed with Red Hat Enterprise Linux. Install FTP /etc/vsftpd/vsftpd.conf edit the configuration file /var/ftp/pub share the file through the default document root Start the services
  50. 50.  Partitioning a hard drive allows one to logically divide the available space into sections that can be accessed independently of one another. An entire hard drive may be allocated to a single partition, or one may divide the available storage space across multiple partitions. A number of scenarios require creation multiple partitions: dual- or multi-booting, for example, or maintaining a swap partition. In other cases, partitioning is used as a means of logically separating data, such as creating separate partitions for audio and video files Three types of partitions Primary Partitions  Extended partition Logical Partitions
  51. 51. Finding the New Hard Drive in RHEL 6 # ls /dev/sd* /dev/sda /dev/sda1 /dev/sda2 Creating Linux Partitions using fdisk # fdisk /dev/sda After creating , alter the partition table Using mkfs command make filesystem for the created partition Mount,umount – using this command mount and unmount the partition temporarily permanent mount configuration file /etc/fstab
  52. 52.  Computer systems have a finite amount of physical memory that is made available to the operating system. When the operating system begins to approach the limit of the available memory it frees up space by writing memory pages to disk. When any of those pages are required by the operating system they are subsequently read back into memory. The area of the disk allocated for this task is referred to as swap space.  The current amount of swap used by an RHEL 6 system may be identified in a number of ways. One option is to cat the /proc/swaps file  Create a normal partition and change to swap pratition using #mkswap  Permanently mount in /etc/fstab file then #swapon -a
  53. 53. Purpose of Users in Linux - Security - Own work space - Processes belonging to users /etc/passwd -This file contains the users account info /etc/shadow -If the shadow password system is installed, this file contains the encrypted passwords for each user and their expiry parameters. /etc/group -It stores group information or defines the user groups i.e. it defines the groups to which users belong /etc/gshadow-/etc/gshadow contains the shadowed information for group accounts
  54. 54.         To create a user ◦ #useradd user_name To define a password for the user: ◦ #passwd user_name Create a user with specific UID: ◦ #useradd -u 802 user_name To create a group ◦ #groupadd group_name To delete a group #groupdel group_name To modify user ◦ #Usermod username To modify group ◦ #Groupmod groupnamre To delete a user ◦ #userdel user_name
  55. 55. Identities u — the user who owns the file (that is, the owner) g — the group to which the user belongs o — others (not the owner or the owner's group) a — everyone or all (u, g, and o) Permissions r — read access w — write access x — execute access eg.chmod a-rwx foo.txt Actions + — adds the permission - — removes the permission = — makes it the only permission
  56. 56. r =4 w =2 x =1 #chmod 664 foo.txt Special permissions in Linux (SUID, SGID, Sticky Bit) SUID (Set User ID) => When a SUID bit is set on a command then that command always executes with the User ID of its own user owner (who created it) instead of the user who is executing it. #chmod u+s "/path/to/command/binary"
  57. 57. SGID (Set Group ID)(on command binary) => When SGID permission is set on any command, then that command runs with the Group ID of group owner of the command's binary instead of GID of the user who is executing it. To set SGID on a program, run: #chmod g+s "/path/to/command/binary“ Sticky Bit => The new files created under the directory having Sticky Bit on it can be only deleted by root or the user who created that file. No other user can delete that file even if they have write permission on the parent directory. EXAMPLE: /tmp directory is having Sticky Bit permission on it, that is why the content under this can be only deleted by root or the user owner of the content/file. To set Sticky Bit on a directory, run: #chmod o+t /path/to/directory
  58. 58. When user create a file or directory under Linux or UNIX, she create it with a default set of permissions. In most case the system defaults may be open or relaxed for file sharing purpose. For example, if a text file has 666 permissions, it grants read and write permission to everyone. Similarly a directory with 777 permissions, grants read, write, and execute permission to everyone. You can setup umask in /etc/bashrc or /etc/profile file for all users. By default most Linux distro set it to 0022 (022) or 0002 (002). Open /etc/profile or ~/.bashrc file #umask 022 Calculating The Final Permission For FILES  File base permissions : 666  umask value : 022  subtract to get permissions of new file (666-022) : 644 (rw-r--r--) Calculating The Final Permission For DIRECTORIES  Directory base permissions : 777  umask value : 022  Subtract to get permissions of new directory (777-022) : 755 (rwxr-xr-x)
  59. 59.    Files and directories have permission sets for the owner of the file, the group associated with the file, and all other users for the system. However, these permission sets have limitations. For example, different permissions cannot be configured for different users. Thus, Access Control Lists (ACLs) were implemented. The Red Hat Enterprise Linux kernel provides ACL support for the ext3 file system and NFS-exported file systems. ACLs are also recognized on ext3 file systems accessed via Samba. Along with support in the kernel, the acl package is required to implement ACLs. It contains the utilities used to add, modify, remove, and retrieve ACL information. # setfacl -m u:mark:rwx /etc/fstab where as rwx is the permission given to the user mark to the file /etc/fstab. # getfacl /etc This will give the information about the permissions given to the file . # setfacl -X g:facebook:--- /etc This will remove the permission given to the group face-book to /etc. -x to remove.
  60. 60. The Linux “tar” stands for tape archive, which is used by large number of Linux/Unix system administrators to deal with tape drives backup. The tar command used to rip a collection of files and directories into highly compressed archive file commonly called tarball or tar, gzip andbzip in Linux. The tar is most widely used command to create compressed archive files and that can be moved easily from one disk to anther disk or machine to machine. Create tar Archive File # tar -cvf tecmint-14-09-12.tar /home/tecmint/ Create tar.gz Archive File # tar cvzf MyImages-14-09-12.tar.gz /home/MyImages Create tar.bz2 Archive File # tar cvfj Phpfiles-org.tar.bz2 /home/php Untar tar Archive File # tar -xvf public_html-14-09-12.tar
  61. 61.   LVM stands for Logical Volume Manager. With LVM, we can create logical partitions that can span across one or more physical hard drives. First, the hard drives are divided into physical volumes, then those physical volumes are combined together to create the volume group and finally the logical volumes are created from volume group. Use fdisk command to create and manage partions. Create Physical Volumes #pvcreate /dev/sdb1 To verify the newly created physical volumes use the command pvdisplay. Create Volume Groups #vgcreate vg1 /dev/sdb1 To verify the volume group has been created or not use the command vgdisplay.
  62. 62. Create Logical Volume #lvcreate -L 200M vg1 -n lv1 Verify the logical volume is created or not using command lvdisplay. Format and Mount the logical volume Now format the newly created logical volume and mount it in the /mnt directory or wherever you want. #mkfs.ext4 /dev/vg1/lv1 #mount /dev/vg1/lv1 /mnt/ Extend Volume Group Size #Vgextend vg1 /dev/sdb1 Resize the logical vloume lv1 lvresize -L +100M /dev/vg1/lv1 Resize the filesystem of logical volume lv1 resize2fs /dev/vg1/lv1
  63. 63. Remove Logical Volume Come out of the /mnt mount point, unmount the logical volume lv1 and remove it using commandlvremove. #umount /mnt/ # lvremove /dev/vg1/lv1 Remove Volume Group #vgremove /dev/vg1 Remove Physical Volume #pvremove /dev/sdb1
  64. 64. What Is SELinux? SELinux is an acronym for Security-enhanced Linux. It is a security feature of the Linux kernel. It is designed to protect the server against misconfigurations and/or compromised daemons. It put limits and instructs server daemons or programs what files they can access and what actions they can take by defining a security policy Setting of SELinux SELinux is set in three modes. Enforcing - SELinux security policy is enforced. IF this is set SELinux is enabled and will try to enforce the SELinux policies strictly Permissive – SELinux prints warnings instead of enforcing. This setting will just give warning when any SELinux policy setting is breached Disabled – No SELinux policy is loaded. This will totally disable SELinux policies.
  65. 65. And SELinux is set in two levels Targeted – Targeted processes are protected, Mls - Multi Level Security protection. Get SELinux Status Example1:Is SELinux enabled or not on your box? use below command to get the status. #getenforce The output will be either “Enabled” or “Disabled” Example2: To see SELinux status in simplified way you can use sestatus #sestatus Sample output: SElinux status : enabled SELinux mount : /selinux Current mode : enforcing Mode from config file : enforcing Policy version : 21 Policy from config file : targeted
  66. 66. Example3:To get elobrated info on difference status of SELinux on different services use -b option along sestatus #sestatus -b Sample output: # sestatus -b SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 24 Policy from config file: targeted Policy booleans: abrt_anon_write off allow_console_login on allow_corosync_rw_tmpfs off allow_cvs_read_shadow off allow_daemons_dump_core on allow_daemons_use_tty on allow_domain_fd_use on
  67. 67. We can do it in two ways 1)Permanent way : edit /etc/selinux/config change the status of SELINUX from enforcing to disabled SELINUX=enforcing to SELINUX=disabled Save the file and exit. 2)Temporary way : Execute below command echo 0 > /selinux/enforce or setenforce 0
  68. 68. iptables is an application used to configure tables provided by the Linux kernel firewall. The application is run by system administrators and must be run with elevated privileges. It must also be executed by user root or it will not function. Typically the iptables application is installed in /usr/sbin/iptables, but may also be installed in /sbin/iptables. Documentation on the installation can be found in the man page, opened by executing the command "man iptables".       iptables contains five tables, which are areas where a chain of rules can apply: raw filters packets before any of the other table. It is used mainly for configuring exemptions from connection tracking in combination with the NOTRACK target. filter is the default table (if no -t option is passed). nat is used for network address translation (e.g. port forwarding). Because of limitations in iptables, filtering should not be done here. mangle is used for specialized packet alteration (see Mangles packet). security is used for Mandatory Access Control networking rules.
  69. 69. Chains Tables contain chains, which are lists of rules for packets that are followed in order. The default table filter contains three built-in chains: INPUT, OUTPUT and FORWARD. Inbound traffic addressed to the machine itself hits the INPUT chain. Outbound, locally-generated traffic hits the OUTPUT chain. Routed traffic which should not be delivered locally hits the FORWARD chain. See man 8 iptables for a description of built-in chains in other tables. User-defined chains can be added to make rulesets more efficient. Built-in chains have a default target, which is used if no rules are hit. Neither built-in nor user-defined chains can be a default target. Rules The packet filtering is based on rules, which are specified by multiple matches (conditions the packet must satisfy so that the rule can be applied), and one target (action taken when the packet matches all condition). While individual conditions are usually very simple, the full rule specification can be very complex.
  70. 70. Targets are specified using the -j or --jump option. Targets can be either user-defined chains, one of the special built-in targets, or a target extension. Built-in targets are ACCEPT, DROP, QUEUE and RETURN, target extensions are for example REJECT and LOG. If the target is a built-in target, the fate of the packet is decided immediately and processing of the packet in current table is stopped. If the target is a user-defined chain and the packet passes successfully through this second chain, it will move to the next rule in the original chain. Target extensions can be either terminating (as built-in targets) or non-terminating (as user-defined chains), see man 8 iptables-extensions for details. Showing the current rules You can check the current ruleset and the number of hits per rule by using the command: # iptables -nvLChain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0K packets, 0 bytes) pkts bytes target prot opt in out source destination
  71. 71. Editing rules Rules can be added either by appending a rule to a chain or inserting them at a specific position on the chain. We will explore both methods here. First of all, our computer is not a router (unless, of course, it is a router). We want to change the default policy on the FORWARD chain from ACCEPT to DROP. # iptables -P FORWARD DROP       Configuration file Iptables rules are by default stored in /etc/iptables/iptables.rules. This file is read by iptables.service: # systemctl enable iptables.service # systemctl start iptables.service Iptables rules for ipv6 are by default stored in /etc/iptables/ip6tables.rules, this file is read by ip6tables.service. You can start it the same way as above. After adding rules via command-line, the configuration file is not changed automatically - you have to save it manually: # iptables-save > /etc/iptables/iptables.rules If you edit the configuration file manually, you have to reload it: # systemctl reload iptables
  72. 72.     Xen is an open source virtual machine monitor for x86-compatible computers. XenSource Inc. and Virtual Iron Software Inc. promoted Xen as the primary open source competitor to commercial virtualization products such as VMWare. Xen makes it possible for multiple guest operating systems to run on a single computer by using a software layer called a hypervisor to mediate access to the real hardware. The hypervisor acts like a traffic cop, directing hardware access and coordinating requests from the guest operating systems. Red Hat Inc. includes the Xen hypervisor as part of Red Hat Enterprise Linux (RHEL) software, describing this combination as "integrated virtualization." Sun Microsystems provides support for Xen virtualization on Solaris 10, its version of the Unix operating system. Other mainstream Linux distributions, including Debian and SuSE, have the necessary kernel extensions available to serve as the base OS for Xen. Xen, which was released under the GNU General Public License, was originally a research project at the University of Cambridge. XenSource, Inc., a company that supported the development of the open source project and enterprise applications of the software, was acquired by Citrix Systems in October 2007.
  73. 73.