Linux is an open-source operating system that can run on various hardware. The document discusses various Linux commands and concepts related to directories, files, permissions, users, groups, text editors like vi and vim, process management, disk partitioning and more. It also covers Linux installation, package management, shell scripting and configuring network and services like SSH, web servers and more. Exercises are included to help understand concepts like mount points, journaling and file attributes.

1. In the name of god
LINUX
red hat(centos)
Abolfazl Hashemi

2. Title
•
•
•
•
•
•
•
•
•
•
•
What’s Linux?
working with directories, files
Using text editors like vi, vim
Control on mount & un-mounting
process
File permissions & ownerships
Linux installation & package
management (yum, rpm, wget )
process & threads
Configure disk partitions
Manage disk quota & create quota
report
Symbolic links, FHS
Writing shell script
•
•
•
•
•
•
•
•
•
•
•
Working with archive files
System resource management
Working with debuggers in Linux
gpg command
Introduction to network
Security in linux
Do automate tasks in Linux, cron job
Configure & working with OpenSSH
Working with tcpdump
Configure web server
Network configuration

3. Summary of Linux
•
•
•
•
Linux clone of unix os
Linux can run on small computer
Open source os
Distributed of Linux
–
–
–
–
–
–
–
Debian GNU/Linux
Fedora Linux
Gentoo Linux
Libranet GNU/Linux
Red Hat Linux
Yellow Dog Linux
bash
…….
tsh
zsh
x86_64
i386
User
Shell
Kernel
Graphic User Interface(GUI)

4. Installation
Requirements
Customize installation
X configuration
GUI: graphical user interface
Install
What is shell, terminal, virtual terminal,
super terminal, konsole, tty.
• man, --help
•
•
•
•
•
•

5. working with directories, files, …
• Command line for directories
pwd: current working directory-> /root
cd: change working directory -> cd /etc/init.d
ls: list of directory, files, ... .
• ls –a: list of all directory,… .
• ls –l : list of all directory,... With details
mkdir: make directories -> mkdir test

6. working with directories, files, …(cont’d)
rm: remove file, directory, … .
 rm –r: remove recursive ->rm –r file
mv: move file, directory, … .
 mv /etc/test /var
cp: copy file, directory, … .
 cp /etc/test /var

7. working with directories, files, …(cont’d)
 echo: display a line of text
 date: print or set the system date and time
 date –s: set time and date
 more: filter and show text
 less: opposite of more
 head: output the first part of file
 Head –n 5 /etc/init.d/netfs
 tail: output the last part of file
 tail–n 5 /etc/init.d/netfs
 alias: summary of commands that you now it
 alias ll=“ls –l”
 : -> arg out to arg in

8. working with directories, files, …(cont’d)
Important files:







/
/etc
/var
/sbin
/bin
/dev
/usr
 /home
 /root
 /proc
Exercise1
 What is . ?
 What is .. ?

9. Using text editors like vi, vim
vi & vim -> vi test.txt
vim: vi improved
command for vi:




i -> insert
:w -> save
:q ->quit
:! ->force
 :wq! ->save and quit with force

10. ‫)‪Using text editors like vi, vim(cont’d‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫میسيد.‬
‫‪ J‬باال بشدن خطَای پاییه محل مًسد وظش.‬
‫‪ H‬بٍ ايلیه خط میسيد ‪ L‬بٍ آخشیه خط میسيد.‬
‫‪ R‬بٍ مذ جایگزاسی میسيد.‬
‫‪ :s/search-text/replace-text/g‬فقط دس‬
‫خط مًسد وظش جایگزاسی میکىذ. ‪ /gci‬میپشسذ‬
‫کٍ میخًاَی تغییش دَی یا خیش.‪ :%s‬بشای کل‬
‫خطَا اوجام میشًد. ‪:g/start/s/text/rep‬‬
‫َشجایی کٍ ‪َtext‬ست‪ rep‬قشاس میدَذ بٍ ششط‬
‫ششيع خط با ‪:5,10s/search- .start‬‬
‫‪ text/replace-text/g‬جایگزاصی میکىذ اص‬
‫خط 5 تا 21.‬
‫‪ :3,9d‬اص خط 3 تا خط 9 سا پاک میکىذ.‬
‫#: سفته بٍ خط #‬
‫‪ :5,10w filename‬اص خط 5 تا 01 سا دس فایل‬
‫مًسد وظش کپی میکىذ.‬
‫‪ :v‬سفته بٍ محیط يیژيیال‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪ u‬بٍ حالت قبل بش میگشدد معادل ‪Ctrl+z‬‬
‫‪ Ctrl+r‬بٍ حالت بعذ میسيد معادل ‪Ctrl+y‬‬
‫‪ :r‬تمام مته سا کپی ي بعذ بٍ مکان دلخًاٌ اضافٍ‬
‫میکىذ.‬
‫‪x‬پاک کشدن کاساکتش.‬
‫‪dw‬پاک کشدن کلمٍ.‬
‫‪ZZ‬رخیشٌ کشدن ي خشيج.‬
‫‪:e‬باصکشدن فایل جذیذ.‬
‫‪:n‬سفته بٍ فایل بعذی کٍ دس حال تغییش است..‬
‫‪ Ctrl+u‬باال بشدن مته ي ‪Ctrl+e‬باال بشدن‬
‫صفحٍ.‬
‫‪ Ctrl+d‬پاییه بشدن مته ي ‪Ctrl+y‬پاییه بشدن‬
‫صفحٍ.‬
‫‪ :e filename‬يیشایش فایل مًسد وظش.‬
‫‪ Ctrl+g‬اطالعاتی دس مًسد فایلی کٍ داخل آن‬
‫َستیذ میدَذ.‬
‫}+‪ Ctrl‬ي {+‪ Ctrl‬بٍ ابتذا ي اوتُای پاساگشاف‬

11. Using text editors like vi, vim(cont’d)
•
•
•
•
•
•
•
•
•
•
•
:set remap Accept macros within macros
:set report Indicates largest size of changes
reported on status line
:set ro Changes file type to "read only"
:set scroll=n set n lines for CTRL-d and z
:set sh=shell_path set shell escape (default
is /bin/sh) to shell_path
:set showmode Indicates input or replace
mode at bottom
:set slow Postpone display updates during
inserts
:set sm Show matching { or ( as ) or } is
typed
:set sw=n Sets shift width to n characters
:set tags=x Path for files checked for tags
(current directory included in default)
:set term Prints terminal type
•
•
•
•
•
•
•
•
•
•
:set terse Shorten messages with terse
:set timeout Eliminates one-second time
limit for macros
:set tl=n Sets significance of tags
beyond n characters (0 means all)
:set ts=n Sets tab stops to n for text input
:set wa Inhibits normal checks before write
commands
:set warn
warn
:set window=n Sets number of lines in a
text window to n
:set wm=n Sets automatic
wraparound n spaces from right margin.
:set ws Sets automatic
wraparound n spaces from right margin.

12. Using text editors like vi, vim(cont’d)
•
•
•
•
•
•
•
•
•
•
•
:set ai Turns on auto indentation
:set all Prints all options to the screen
:set ap Prints line after d c J m :s t u
commands
:set aw Automatic write on :n ! e# ^^
:rew ^} :tag
:set bf Discards control characters from
input
:set dir=tmp Sets tmp to directory or
buffer file
:set eb Precedes error messages with a
bell
:set ed Precedes error messages with a
bell
:set ht= Sets terminal hardware tabs
:set ic Ignores case when searching
:set lisp Modifies brackets for Lisp
•
•
•
•
•
•
•
•
•
compatibility.
:set list Shows tabs (^l) and end of line
($)
:set magic Allows pattern matching with
special characters
:set mesg Allows others to send
messages
:set nooption Turns off option
:set nu Shows line numbers
:set opt Speeds output; eliminates
automatic RETURN
:set para= macro names that start
paragraphs for { and } operators
:set prompt Prompts for command input
with :
:set re Simulates smart terminal on dumb
terminal

13. Using text editors like vi, vim(cont’d)
Exercise2
 How to search word in text?
 How to save output command in text?
 What are grep and find command?

14. Using text editors like vi, vim(cont’d)










od: octal and other format
export: show variables
env: environments variable
wc: show word, char, … .
sort: sort text
uniq: delete repeated lines
pr: print text
touch: change file timestamps
cpio: copy files to and from archives
dd: convert and copy a file

15. Control on mount & un-mounting process
• mount: verify hardware(device) to Linux
• umount: unmount
• command for mount:
 mount -> show devices mounted
 mount /dev/cdrom /mnt->mount cd rom
 mount /dev/sda1 /mnt ->mount sda(storage
device type a number1
 mount –l –t <type> -> list and type of devices
 /etc/udev/rules.d -> verify devices

16. Control on mount & un-mounting process(cont’d)
Important file:
 /etc/fstab
 /etc/mtab
 /proc/mounts
Exercise3
 What is mount point?
 What is journaling?

17. File permissions & ownerships
d r-- r-- r-- = d 4 4 4 -> directory &
permission is 444
- --- --- --- rwx rwx rwx -> read, write, execute
ll -> - --- --- --types are directory, link, … .

18. File permissions & ownerships(cont’d)
 - Normal data file; may be text, an
executable program, graphics,
compressed data, or just about any
other type of data.
 d Directory; disk directories are files
just like any others, but they contain
filenames and pointers to disk in
odes. Controlling Access to Files 195
 l Symbolic link; the file contains the
name of another file or directory.
When Linux accesses the symbolic
link, it tries to read the linked-to file.
 p Named pipe; a pipe enables two
running Linux programs to
communicate with each other. One
opens the pipe for reading, and the
other opens it for writing, enabling
data to be transferred between the
programs.
 s Socket; a socket is similar to a
named pipe, but it permits network
and bidirectional links.
 b Block device; a file that
corresponds to a hardware device to
and from which data is transferred in
blocks of more than one byte. Disk
devices (hard disks, floppies, CDROMs, and so on) are common block
devices.
 c Character device; a file that
corresponds to a hardware device to
and from which data is transferred in
units of one byte. Examples include
parallel port, RS-232 serial port, and
audio devices.

19. File permissions & ownerships(cont’d)
command for permission
 chmod: change file mode -> chmod 777
filename
 chown: change file owner and group-> chown
user1 filename -> chown –R
 Set User ID (SUID)
 Set Group ID (SGID)

20. File permissions & ownerships(cont’d)

21. File permissions & ownerships(cont’d)

22. File permissions & ownerships(cont’d)

23. File permissions & ownerships(cont’d)
Command line:
 groupadd: create new group -> groupadd test
-p test
 groupadd –r: create system group
 groupdel: delete group
 groupmems: add members to group
->groupmems –g test [-l] [-a] [-d]
 groupmod: groupmod test –g 777

24. File permissions & ownerships(cont’d)
find / [-group name] [-user name]
newgrp: login to new group
useradd: create new user
Userdell: delete user
passwd: change password

25. File permissions & ownerships(cont’d)
 Important directory:





/etc/shadow
/etc/group
/etc/gshadow
/etc/login.defs
/etc/passwd
 Exercise4
 What is umask ?
 What is file attributes?
 What is sudoedit ?

26. symbol
• > Creates a new file containing standard output. If the specified file exists,
it’s overwritten.
• >> Appends standard output to the existing file. If the specified file
doesn’t exist, it’s created.
• 2> Creates a new file containing standard error. If the specified file exists,
it’s overwritten.
• 2>> Appends standard error to the existing file. If the specified file doesn’t
exist, it’s created.
• &> Creates a new file containing both standard output and standard error.
If the specified file exists, it’s overwritten.
• < Sends the contents of the specified file to be used as standard input.
• << Accepts text on the following lines as standard input.
• <> Causes the specified file to be used for both standard input and
standard output.

27. Linux installation & package management
 Install: some time you should install packages(program)
for example MySQL packages.
 Type of packages are URL, .rpm, name, … .
 yum install package1 [package2] …
 Upgrade: some time you should upgrade program for
example change MySQL 4 to 5.
 yum upgrade [package1] [package2]
 Update: some time you should update program for
example MySQL 5 to 5.1.
 yum update [package1] [package2] …
 Uninstall: some time you should uninstall program for
example erase MySQL.
 remove | erase [package1] [package2] ….

28. Linux installation & package management(cont’d)
 Another command for package management:
rpm just manage .rpm packages
rpm –i -> install
rpm –U -> upgrade
rpm –v -> print verbose information
rpm –h -> print 50 hash marks as the package
archive is unpacked. Use with –v
 rpm –e -> erase or uninstall
rpm –Uvh package.rpm






29. Linux installation & package management(cont’d)
 Another command for package management:
 wget: download from network and support
http, https and ftp.
 wget –c -> continue
 wget –d ->debug
For install all packages you need make file
that and compile and copy configure. For
example ./configure -> make -> make install

30. Linux installation & package management(cont’d)
Important file:
 /etc/yum
 /etc/yum.conf
 /etc/yum.repos.d
Exercise5
 install mc packages from local use yum
 go to /usr/share/doc and find mc files
 Work by mc command

31. Configure disk partitions
LVM(Logical Volume Manager) partition
Standard partition
Extended : same as primary but don’t have
file system and create logical partition on it
and their have fs LVM
active
sda1
Primary[4]
sda2
Extended[5->]
Sda(n)

32. Configure disk partitions(cont’d)

33. Configure disk partitions(cont’d)
 A partition can be primary, extended and active
 Just 1 active, 4 primary
 Name of hard: sda or hda
 Name of partition: sda1, sda2, … .
 Name of device: cdrw, cdrom, sdb, … .
 fdisk: partition table in linux
 fdisk –l : list of all partition->fdisk –l name: details
for name
 fdisk [name of disk] -> fdisk /dev/sda : manage sda
 Interactive area
 m for help

34. Configure disk partitions(cont’d)





a : bootable flag
n : new partition
q : exit with out save
w : write and exit
d : delete a partition
parted : same as fdisk
partx : show number of partition for sda

35. Configure disk partitions(cont’d)
Create file system on partition




mke2fs : create ext2,ext3,ext4 fs
resize2fs : resize ext2,ext3,ext4 fs
mkfs: build a linux fs
mkswap : set up a linux swap area

36. Configure disk partitions(cont’d)
Logical Volume Manager, or LVM, is a
storage management solution that allows
administrators to divide hard drive space
into physical volumes (PV), which can then
be combined into logical volume groups
(VG), which are then divided into logical
volumes (LV) on which the file system and
mount point are created.

37. Configure disk partitions(cont’d)

38. Configure disk partitions(cont’d)
 Example: lvm>
 pvcreate pv1
 vgcreate vg1
 lvcraete –L 10g -n lv1 vg1
 Mkfs.ext4 /dev/vg1/lv1
 Important files:
 /dev/*
 /sbin/vg*
 /etc/fstab
 Exercise6
 Create lvm disk and vg and pv
 Create ext4 file system on lvm

39. Manage disk quota & create quota report
 File system base disk quota allocation
 User or group based disk quota allocation
 Hard limit – For example, if you specify 2GB as hard
limit, user will not be able to create new files after 2GB
 Soft limit – For example, if you specify 1GB as soft limit,
user will get a warning message “disk quota exceeded”,
once they reach 1GB limit. But, they’ll still be able to
create new files until they reach the hard limit
 Grace Period – For example, if you specify 10 days as a
grace period, after user reach their hard limit, they
would be allowed additional 10 days to create new files.
In that time period, they should try to get back to the
quota limit.

40. Manage disk quota & create quota report(cont’d)
 Create user and group for disk quota
 Enable disk quota check : ->go fstab
 LABEL=/home /home ext2 defaults,usrquota,grpquota 1 2
 mount -n -o remount /
 Reboot server
 Show disk quota:





quotacheck –avug
a: Check all quota-enabled file system
v: Verbose mode
u: Check for user disk quota
g: Check for group disk quota
 Assigned disk quota:
 edquota username

41. Manage disk quota & create quota report(cont’d)
 Report disk quota:
 Repquota /home
 Add quota check daily:
 Create cron -> next session
 Example: go fastab
 /dev/VolGroup1/LogVol1 /home ext3
defaults,usrquota 1 2

42. Symbolic links, FHS
Link : connection between 2 files. For
example /var/spool/mail -> /var/mail
Soft link (symbolic link) : point to file
Hard link : pointer of file in directory so if
delete file link is exist
ln : make links between files
 ln –s : create soft link
 ln –p : hard link to soft link
FHS(Filesystem Hierarchy System)

43. Writing shell script
What is shell script : Shell scripts are plaintext files, so you create them in text editors.
A shell script begins with a line that
identifies the shell that’s used to run it.
The execute text file begin with #!/bin and if
you want use bash commands you insert
#!/bin/bash ->sharp bang
For execute that you should set execute
permission and enter ./filename.

44. Writing shell script(cont’d)

45. Writing shell script(cont’d)
 Commands for shell script:
 set: for see system variables












BASH=
Our shell name
BASH_VERSION=
Our shell version name
COLUMNS=
No. of columns for our screen
HOME=
Our home directory
LINES=
No. of columns for our screen
LOGNAME= Our logging name
OSTYPE=
Our OS type
PATH=
Our path settings
PS1=
Our prompt settings
PWD=
Our current working directory
SHELL=
Our shell name
USERNAME= User name who is currently login to this PC

46. Writing shell script(cont’d)
 export: definition variable -> export var=10
 echo: show quantity of variable -> echo $var
 -n
 -e







a
b
c
n
r
t
Do not output the trailing new line.
Enable interpretation of the following backslash escaped
characters in the strings:
alert (bell)
backspace
suppress trailing new line
new line
carriage return
horizontal tab
backslash
 if [ -n "$var" ]; then
echo "not empty"
else
echo "empty"

47. Writing shell script(cont’d)
How to use and create function:
 What is function?
 Example: function today {
echo “today is”
date +”%A,%B,%D,%Y”
}
Run today
type: show type of command

48. Writing shell script(cont’d)
 Conditions and loops: what is condition and loop?
 if: what is .bashrc->directory of store information of user bash and
variable and etc.
if [ condition]; then
commands
elif
commands
else
commands
fi
 while: for like while
while [condition ]
do
commands
done

49. Writing shell script(cont’d)
• Example:
#!/bin/bash
x=“welcome”
y=“welcome to linux”
z=15
if [ $z –gt 10];
then
echo “z=“$z;
else
if [ $x –eq $y ];
then
echo “x=y”;
fi
echo “var=n” $x ”n” $y “n” $z
fi

50. Writing shell script(cont’d)
 for: for { variable name } in { list }
 Condition:
 Exercise7
 Input 2 number and compare their. so calculate a*b,
a+b, a/b, a10.

51. Working with archive files
tar: extract, archive, … .
 tar –cvf filename.tar filetoarchive
 tar –xzf filename –C directory->extract & zip
gzip: compress a file -> gunzip: expand a file
zip & unzip: similar to gzip

52. System resource management
 Run level: 0 – 6 -> /etc/grub.conf
 0: turn on
 6: turn off
 pstree: Shows the Parent-Child Relation Between Processes
 gstack: print a stack trace of a running process -> gstack [PID]
 more /proc/cpuinfo
 top: display Linux task
 s -> change delay
 z -> change color
 h -> help
 b -> bold
 q -> exit

53. System resource management(cont’d)
 ps: report a snapshot of current process -> ps aux
 USER: The name of the user who started the process.
 PID: The PID of the process. The command ps aux sorts the
processes by their PID.
 %CPU: The percentage of CPU time the process has used since
startup.
 %MEM: The percentage of memory the process is currently using.
 VSZ: The virtual memory size, which is the total amount of memory
claimed by this process.
 RSS: The resident memory size, which is the amount of memory the
process currently has in use.
 TTY: The terminal (TTY) from which the process was started. A
question mark indicates a daemon process that is not associated to
any TTY.

54. System resource management(cont’d)
 STAT: The current status of the process.
 START: The time at which the process was started.
 TIME: The total amount of system time this process has
been using since it started.
 COMMAND: The command that was used to start this
process. If the name of this command is between square
brackets (you can see quite a few examples of this in
(Listing 9-5), the process is not started with a command
at the command line, but is a kernel thread.

55. System resource management(cont’d)
 Use limited system resource use ulimit command:
 Core File Limits The -c option limits the size of core dumps, which are
fi les created for
 debugging purposes in certain types of program crashes.
 File Limits The -f option limits the size of fi les that may be created by
the shell, and –n limits the number of open fi le descriptors. (Most
systems don’t honor the -n limits, though.)
 Process Limits The -u option limits the number of processes a user
may run, and -t limits the total CPU time in seconds.
 Memory Limits The -v option sets the total amount of virtual memory
available to the shell, -s sets the maximum stack size, -m sets the
maximum resident set size, -d limits programs’ data set size, and -l sets
the maximum size that may be locked into memory.

56. System resource management(cont’d)
 Hard and Soft Limits The -H and -S options modify other options,
causing them to be set as hard or soft limits, respectively. Hard
limits may not be subsequently increased, but soft limits may be. If
neither option is provided, ulimit sets both the hard and soft limits
for the feature specified.
 Current Settings Passing -a causes ulimit to report its current
settings.
 Important directories:
 /proc/*
 /boot/System.map –
 Exercise8
 Read command : pgrep, pkill, free, kill,

57. Working with debuggers in Linux
After you write shell script you need debug
it and some time you need debug software
for this problem we use gdb command.
gdb: GNU debugger
 In shell script use (gdb) commands……(gdb)
 For software use gdb (option) [ pid or name of
software]
 Some option of gdb

58. Working with debuggers in Linux(cont’d)
 h: for help
 q: quit
 run: run [program name]
 bt: print call stack = where




up: move up one stack frame
down: != up
frame: frame n ->go to frame n
info: info frame ->information current frame
 Exercise9
 If you need Debugger command see Debugging with gdb
Tenth Edition, for gdb version 7.6.1.2013, Richard
Stallman, Roland Pesch, Stan Shebs, 658paper

59. gpg command
Checksum: when we transfer or storage data
between computers maybe information
destroyed and we don’t understand or
understand not solve their so we use a
method to solve it problem. For example
CRC checksum. You Consider, checksum
different with encrypt. In data encryption
goal is encrypt and in checksum goal is
solve and understand mistake. For best data
transfer we encrypt and checksum methods.

60. gpg command(cont’d)
MD5: is a hashing method. First get
checksum of data then get hash their.

61. gpg command(cont’d)
 Encryption (gpg GNU Privacy Guard) : 2 way for
encryption
 signature file: just who make file can access it
 gpg --output file.sig --detach-sign file
 Primary and public key: just who Possessing primary key
can access it and other just encrypt file with public key.





gpg --gen-key->generate private and public key
gpg --list-key->list of key
gpg --edit-key keyID->edit key
gpg --output [fileforsendkey.gpg] --export->create export key
gpg --armor --output [fileforsendkey.gpg] --export-> Creates
ASCII armored output

62. Security in linux
 Physical Access Problems
 Set bios password
 Set grub password
 [grub-crypt --sha-256] or [grub-crypt --md5]
 Copy to /etc/grub.conf -> password –md5 ………………….
 Stolen Passwords
 Local Program Bugs
 Set SUID and SGID bit for program
 find / -perm +6000 -type f
 Server Bugs
 Denial-of-Service Attacks
 Encryption Issues

63. Security in linux(cont’d)
 Creating Firewall Rules: iptable
 /etc/services: see the services run on linux and more
details about them.
 netstat -> netstat –ap : see active internet connection

64. Security in linux(cont’d)

65. Security in linux(cont’d)
 The iptables program is the utility that
manages firewall.
 First you should know about packet and packet
filtering.
 iptables -L -t filter






Chain
target
Chain
target
Chain
target
INPUT
prot opt
FORWARD
prot opt
OUTPUT
prot opt
(policy ACCEPT)
source
destination
(policy ACCEPT)
source
destination
(policy ACCEPT)
source
destination

66. Security in linux(cont’d)

67. Security in linux(cont’d)
#!/bin/bash
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# Let traffic on the loopback interface pass
iptables -A OUTPUT -d 127.0.0.1 -o lo -j
ACCEPT
iptables -A INPUT -s 127.0.0.1 -i lo -j
ACCEPT
# Let DNS traffic pass
iptables -A OUTPUT -p udp --dport 53 -j
ACCEPT
iptables -A INPUT -p udp --sport 53 -j
ACCEPT
# Let clients' TCP traffic pass
iptables -A OUTPUT -p tcp --sport
1024:65535 -m state
--state NEW,ESTABLISHED,RELATED -j
ACCEPT
iptables -A INPUT -p tcp --dport
1024:65535 -m state
--state ESTABLISHED,RELATED -j ACCEPT
# Let local connections to local SSH server
pass
iptables -A OUTPUT -p tcp --sport 22 -d
172.24.1.0/24 -m state
--state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s
172.24.1.0/24 -m state
--state NEW,ESTABLISHED,RELATED -j
ACCEPT

68. Do automate tasks in Linux, cron job
 What is automate task ?
 When use automate task?
 Some system maintenance tasks should be
performed at regular intervals and are highly
automated
 Automate task in linux?
 at
 cron: cron is a daemon
 at & cron: at just run once and cron run ongoing
 Command for cron job:

69. Do automate tasks in Linux, cron job
 crontab: execute program to configuration cron
 crontab –l : see cron job
 crontab [-u user] [-l | -e | -r] [file]
 /etc/cron.d: configuration directory -> sysstat
 /var/spool/cron: cron job
 Create cron job:
 02 4 * * *
root
run-parts
/etc/cron.daily
 This line begins with five fields that specify the time. The fields
are, in order, the minute
 (0–59), the hour (0–23), the day of the month (1–31), the month
(1–12), and the day of the
 week (0–7; both 0 and 7 correspond to Sunday)

70. Do automate tasks in Linux, cron job
 In all cases, you can specify multiple values in several ways:
 An asterisk (*) matches all possible values.
 A list separated by commas (such as 0,6,12,18) matches any of the
specified values.
 Two values separated by a dash (-) indicate a range, inclusive of
the end points. For instance, 9-17 in the hour field specifies a time
of from 9:00 a.m. to 5:00 p.m.
 A slash, when used in conjunction with some other multi value
option, specifies stepped values /a range in which some members
are skipped. For instance, */10 in the minute field indicates a job
that’s run every 10 minutes
 at: at -f commands.txt noon

71. Working with tcpdump
 Capture packets from a particular Ethernet interface
using tcpdump -i
 Capture only N number of packets using tcpdump -c
 Display Captured Packets in ASCII using tcpdump -A

72. Working with tcpdump
 Display Captured Packets in HEX and ASCII using
tcpdump -XX
 Capture the packets and write into a file using
tcpdump -w
 Reading the packets from a saved file using tcpdump -r
 Capture packets with IP address using tcpdump -n
 Capture packets with proper readable timestamp
using tcpdump -tttt
 Read packets longer than N bytes
 tcpdump -w g_1024.pcap greater 1024
 Receive only the packets of a specific protocol type
 tcpdump -i eth0 arp

73. Working with tcpdump
 Receive packets flows on a particular port
using tcpdump port
 tcpdump -i eth0 port 22
 Capture packets for particular destination IP
and Port
 tcpdump -w comm.pcap -i eth0 dst 16.181.170.246
and port 22
 tcpdump Filter Packets – Capture all the
packets other than arp and rarp
 tcpdump -i eth0 not arp and not rarp

74. Introduction to network
 tcp/ip and osi model:







physical layer
data link layer
network layer
transport layer
session layer
presentation layer
application layer
 Topology of network
 Ring
 Star
 bus
 protocol

75. Introduction to network (cont’d)
 IP
 DNS
 DHCP
 Port
 telnet and ssh
 ftp
 http and https
 Arp and rarp
 icmp

76. Network configuration
 Ifconfig
 Setup
 DNS
 Forward
 Primary
 Secondary
 Stub
 Reverse
 /etc/resolv.conf
 /etc/hosts

77. Network configuration(cont’d)
 DHCP
 How to work dhcp ?
 /etc/dhcp/dhcpd.conf
 Telnet & SSH
 how to work telnet or ssh?
 ssh 192.168.1.100
 telnet 192.168.1.100

78. Network configuration(cont’d)
icmp
 Ping
 tracepath
ftp
 How to work ftp?
 scp