Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 RHCE Red Hat Certified Engineer Session 1 Asif Raza.

Similar presentations


Presentation on theme: "1 RHCE Red Hat Certified Engineer Session 1 Asif Raza."— Presentation transcript:

1 1 RHCE Red Hat Certified Engineer Session 1 Asif Raza

2 2 History Of UNIX & Linux 1957: Bell Labs found they needed an operating system which at the time was running various batch jobs. 1957: Bell Labs found they needed an operating system which at the time was running various batch jobs. 1965: Bell Labs create Multics (Multiplexed Information and Computing Service) 1965: Bell Labs create Multics (Multiplexed Information and Computing Service) 1969: Summer 1969 UNIX was developed by AT&T 1969: Summer 1969 UNIX was developed by AT&T 1975: Sixth edition of UNIX released May : Sixth edition of UNIX released May GNU project started 1985: GNU project started 1991Linux is introduced by Linus Benedict Torvalds who was a second year student of Computer Science at the University of Helsinki 1991: Linux is introduced by Linus Benedict Torvalds who was a second year student of Computer Science at the University of Helsinki 1993NetBSD & FreeBSD released 1993: NetBSD & FreeBSD released 1994Red Hat Linux is introduced 1994: Red Hat Linux is introduced

3 3 First Article About Linux From: (Linus Benedict Torvalds) Newsgroups: comp.os.minix Subject: What would you like to see most in minix? Summary: small poll for my new operating system Message-ID: Date: 25 Aug 91 20:57:08 GMT Organization: University of Helsinki Hello everybody out there using minix - I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I'd like any feedback on things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) among other things). I've currently ported bash(1.08) and gcc(1.40),and things seem to work.This implies that I'll get something practical within a few months, andI'd like to know what features most people would want.a Any suggestions are welcome, but I won't promise I'll implement them :-) Linus PS. Yes - it's free of any minix code, and it has a multi-threaded fs. It is NOT protable (uses 386 task switching etc), and it probably never will support anything other than AT-harddisks, as that's all I have :-(.

4 4 GNU & GPL GNU Project: Focused on creating a Unix like operating systemthat could be freely distributed GPL: Global Public license(Copyleft)

5 5 Major Linux Distributors Mandrake Linux Mandrake Linux Slackware Linux Slackware Linux SuSE Linux SuSE Linux Turbo Linux Turbo Linux Vector Linux Vector Linux Caldera Linux Caldera Linux Corel Linux Corel Linux Debian Linux Debian Linux Kondara Linux Kondara Linux Red Hat Linux Red Hat Linux

6 6 The Advantage of Linux Low purchase cost Low purchase cost Open Source Software (OSS) Open Source Software (OSS) UNIX heritage UNIX heritage Multi User Multi User Scalability Scalability Vendor support Vendor support Reliable uptime Reliable uptime Security Security Logging System Logging System …

7 7 The Disadvantage of Linux Steep learning curve Steep learning curve Hardware support Hardware support End-user applications End-user applications

8 8 A Comparison Of Win 9x, NT, and Linux Linux Win NT Win 9x Feature GoodGoodPoorScalability GoodGoodExcellent Desktop App. Support GoodGoodNone Enterprise App. Support GoodGoodExcellent Hardware Support ExcellentPoorGood Licensing Cost ExcellentGoodGood Network Performance GoodGoodPoorSecurity

9 9 Linux Filesystem Hierarchy Essential Binary Files Essential Binary Files/bin Boot Loader Files Boot Loader Files/boot Device Files Device Files/dev Configuration Files Configuration Files/etc User Home Directories User Home Directories/home Shared Libraries and Kernel Modules Shared Libraries and Kernel Modules/lib Mount Point for Temporarily Mounted FS Mount Point for Temporarily Mounted FS/mnt System Information Virtual File System System Information Virtual File System/proc root User Home Directory root User Home Directory/root Essential System Binaries Essential System Binaries/sbin Temporary Files Temporary Files/tmp Shareable Files Shareable Files/usr Non-Shareable Files Non-Shareable Files/var

10 10 RHCE Red Hat Certified Engineer Session 2 Asif Raza

11 11 Installing Linux Hardware Requirements Hardware Requirements Harddisk Partitioning Harddisk Partitioning Boot Loader Boot Loader Install Packages Install Packages X Configuration X Configuration

12 12 Overview of the Installation Process 1. Starting the installation process Installation Mode Installation Mode Language Language Keyboard Keyboard Mouse Mouse 2. Partitioning 3. Boot Loader Installation 4. Network Configuration 5. Setting the time zone

13 13 5. Firewall Configuration 6. Specifying authentication options (optional) 7. Specifying user accounts 8. Selecting packages 9. Installing packages 10. Creating a boot disk 11. Configuration the X Windows system (optional) Overview of the Installation Process

14 14 Installing Linux: Consoles & Message Logs ContentsKeystrokesConsole Text-based installation procedure Ctrl+Alt+F11 Shell prompt Ctrl+Alt+F22 Messages from installation program Ctrl+Alt+F33 Kernel messages Ctrl+Alt+F44 Other messages, including file system creation messages Ctrl+Alt+F55 Graphical installation procedure Ctrl+Alt+F77

15 15 Configuring InstallTime Options after Installation authconfig authconfig ntsysv ntsysv setup setup redhat-config- … redhat-config- … kbdconfig kbdconfig mouseconfig mouseconfig timeconfig timeconfig sndconfig sndconfig netconfig netconfig

16 16 RHCE Red Hat Certified Engineer Session 3 Asif Raza

17 17 SHELL Some of Important BASH Variables PATHSHELLPS1PS2 bash (Bourne Again Shell) bash (Bourne Again Shell) ash ash sach sach tcsh tcsh mc mc PS1, PS2 Switches \u, \h, \W, \d, \t, \s, \$, $

18 18 Some of Linux Commands (1) ls ls info info help help man man echo echo rm rm mv mv cp cp tac tac cat cat rmdir rmdir mkdir mkdir pwd pwd touch touch cd cd logout logout date date less less alias alias clear clear halt halt reboot reboot exit exit

19 19 RHCE Red Hat Certified Engineer Session 4 Asif Raza

20 20 BASH TAB key Features TAB key Features Review Pages & Commands Review Pages & Commands Quoting in BASH: Quoting in BASH: value value `value` value value `value` Redirection Operators: >>>| >>|<<< Standard Input & Standard Output: Standard Input & Standard Output: stdin0 stdout1 stderr2

21 21 Important Command Forms cmd cmd & (fg, ctrl+z, bg) cmd1 ; cmd2 (cmd1 ; cmd2) cmd1 `cmd2` cmd1 | cmd2 cmd1 && cmd2 cmd1 || cmd2 { cmd1 ; cmd2 }

22 22 Linux File Types Normal file -Normal Normal directory dDirectories - Hard link Shortcut to a file or directory l Symbolic link Pass data between 2 process sSocket Like sockets, user can t work directly with p Named pipe Processes character hw communication c Character device Major & minor numbers for controling dev. b Block device

23 23 Bash Special Variables Specifies number of arguments given to the command $# Returns value of the last program to be used $? Processes number of the current shell $$ Processes number of the last child process $! Specifies individually quoted arguments Specifies all arguments quoted as whole $* Specifies positional argument value, where n is the position $n Specifies name of the current shell $0

24 24 Process Text Streams Process Text Streams sort, cut, head, tail, split, wc, uniq, grep Redirecting Command s output Redirecting Command s outputtee Create, Monitor & Kill Processes Create, Monitor & Kill Processes ps, pstree, top, kill, killall Modify Process Priority( renice ) Modify Process Priority( renice ) Some of Linux Commands (2)

25 25 RHCE Red Hat Certified Engineer Asif Raza Session 5

26 26 Create Partitions and Filesystem Create Partitions and Filesystem fdisk, mke2fs, mkfs.* Maintain the Integrity of Filesystem Maintain the Integrity of Filesystem e2fsck, fsck.*, du, df Filesystem Mounting & Umounting Filesystem Mounting & Umounting mount, umount, /etc/fstab Some of Linux Commands (3)

27 27 Use File Permissions Use File Permissions chmod, chown, chgrp, su Create Hard & Symbolic Links ( ln ) Create Hard & Symbolic Links ( ln ) Find System Files ( find, locate, which ) Find System Files ( find, locate, which ) Using Emergency & Single User Mode Using Emergency & Single User Mode Some of Linux Commands (4)

28 28 Insert Mode Insert Mode Normal Mode Normal Mode Command Mode Command Mode vi Powerful Text Editor vi Powerful Text Editor dd n+dd(Delete) yy n+yy(Copy) p(paste) P(Paste) /(Search) v (Visual)(Text Selection) Insert Text Delete w q wq = x q! r s///

29 29 RHCE Red Hat Certified Engineer Session 6

30 30 Run Levels DefinitionRun Levels This runlevel halts the system0 This runlevel sets single-user mode1 Multiuser mode without networking2 Multiuser mode with networking3 Not used4 X-based log in5 This runlevel reboot the system6 init & chkconfig Commands init & chkconfig Commands /etc/inittab /etc/inittab /etc/rc.d/init.d & /etc/rc[ ].d/ /etc/rc.d/init.d & /etc/rc[ ].d/

31 31 Configuring Boot loader LILO LILO Edit /etc/lilo.conf & execute lilo command Edit /etc/lilo.conf & execute lilo command GRUB GRUB Edit /boot/grub/grub.conf Edit /boot/grub/grub.conf

32 32 Manage Users, Groups & Related Files Manage Users, Groups & Related Files useradd, userdel, groupadd, groupdel, passwd, vipw, vigr /etc/passwd, /etc/shadow, /etc/skel, /etc/profile, … Configure and use system log files Configure and use system log files /etc/syslog.conf, /etc/logrotate.conf Scheduling Jobs (at & crontab commands) Scheduling Jobs (at & crontab commands) Backup & Restore Tools Backup & Restore Tools tar, bzip2, gzip Administrative Tasks

33 33 RHCE Red Hat Certified Engineer Session 7

34 34 Linux Installation and Package Management Make and Install Programs from Source Make and Install Programs from Source RPM RPM (Redhat Package Manager)

35 35 Kernel About Kernel and Loadable Modules About Kernel and Loadable Modules Manage Kernel Modules at Runtime ( /etc/modules.conf ) Manage Kernel Modules at Runtime ( /etc/modules.conf ) Reconfigure, Build and Install a Custom Kernel Reconfigure, Build and Install a Custom Kernel

36 36 Configuring Modems redhat-config-network-tui Command in Text Mode redhat-config-network-tui Command in Text Mode Modem Configuration Files Modem Configuration Files kppp Command in X window kppp Command in X window

37 37 RHCE Red Hat Certified Engineer Session 8

38 38 Shell Scripts # Comments # Comments #! Special Comments #! Special Comments Assign a Value Assign a Value x=yx= $y x=yx= $y x=${y}x=\$y x=$yexport x,y,z x=${y}esexport x=$y x=$yes

39 39 Shell Scripts Control Constructs Control Constructs read command read command test command ( [ ] ) test command ( [ ] ) if … ; then … ; else … ; fi if … ; then … ; else … ; fi case...; in pattern) … ;; esac case...; in pattern) … ;; esac while … ; do … ; done while … ; do … ; done until … ; do … ; done until … ; do … ; done for x in … ; do … ; done for x in … ; do … ; done break, continue, exit (for, while, until) break, continue, exit (for, while, until)

40 40 RHCE Red Hat Certified Engineer Asif Raza Session 9

41 41 Installing and Configuring X

42 42 Basic X Concepts X Client X Client X Server X Server X Protocol X Protocol

43 43 Basic X Concepts X Window Manager X Window Manager X Desktop Manager X Desktop Manager X Display Manager X Display Manager

44 44 Installing X 1. Determine the proper X server 2. Install the proper packages

45 45 X Server Selection XFree86-* XFree86-* Installation the Packages freetype freetype gtk+ gtk+ XFree86-libs XFree86-libs XFree86-75dpi-fonts XFree86-75dpi-fonts redhat-config-xfree86 redhat-config-xfree86 XFree86-xfs XFree86-xfs XFree86-xdm XFree86-xdm XFree86-twm XFree86-twm XFree86-tools XFree86-tools xinitrc xinitrc

46 46 Configuring X redhat-config-xfree86 redhat-config-xfree86 xvidtune xvidtune

47 47 Important X Directories & Files /usr/X11R6/bin /usr/X11R6/bin /etc/X11 /etc/X11 /etc/X11/XF86Config /etc/X11/XF86Config

48 48 Configure and Use PPP redhat-config-network-tui Command in Text Mode redhat-config-network-tui Command in Text Mode Modem Configuration Files Modem Configuration Files kppp Command in X window kppp Command in X window

49 49 RHCE Red Hat Certified Engineer Session 10

50 50 IP (network & host portion) IP (network & host portion) : Static IP Dynamic IP Static IP Dynamic IP Netmask Address Netmask Address : Network Address Network Address : Broadcast Address Broadcast Address : Network Basics

51 51 Classfull Addressing System Network Classes Network Classes Class A (8 bits) Class A (8 bits) Class B (16 bits) Class B (16 bits) Class C (24 bits) Class C (24 bits) Reserved IP Reserved IP (Loop back Addr.) (Loop back Addr.) (Multicast Protocols) (Multicast Protocols) (do not used) (do not used) Public & Private Networks (Valid & Invalid IPes) Public & Private Networks (Valid & Invalid IPes)

52 52 Net. Addr.: = Netmasks: (*/24) : (*/25) : (*/26) : (*/27) : (*/28) : (*/29) : (*/30) : (*/31) : Classless Addressing System (Subnet)

53 53 TCP/IP Model (1)

54 54 TCP/IP Model (2) Network Access Protocols Network Access Protocols All functions necessary to access the physical network All functions necessary to access the physical network Internet Protocols Internet Protocols IP( Internet Protocol – Connectionless ) IP( Internet Protocol – Connectionless ) ICMP( Internet Control Message Protocol ) ICMP( Internet Control Message Protocol )

55 55 TCP/IP Model (3) Transport Protocols Transport Protocols TCP (Transmission Control Protocol) TCP (Transmission Control Protocol) Connection-based Connection-based UDP (User Datagram Protocol) UDP (User Datagram Protocol) Connectionless Connectionless Application Protocols Application Protocols Previlage Ports (0-1023) Previlage Ports (0-1023) /etc/services /etc/services

56 56 Types of TCP/IP Services Stand-alone Stand-alone xinetd (and its config) xinetd (and its config)

57 57 Related TCP/IP Commands ps x ps x netstat -ap --inet | grep LISTEN netstat -ap --inet | grep LISTEN Start the daemon Start the daemon Stop the daemon Stop the daemon Restart the daemon Restart the daemon Status the daemon Status the daemon Controlling TCP/IP Daemons

58 58 RHCE Red Hat Certified Engineer Asif Raza Session 11

59 59 Configuration Network Initializing Network Hardware Initializing Network Hardware Load related module Load related module Network Configuration Tools Network Configuration Tools netconfig netconfig redhat-config-network redhat-config-network

60 60 Configuration Network Other Network Tools Other Network Tools tcpdump tcpdump nmap nmap tethereal tethereal iptraff iptraff ifconfig ifconfig ping ping traceroute traceroute netstat netstat

61 61 Configuration Network Network Configuration Files Network Configuration Files /etc/hosts /etc/hosts /etc/host.conf /etc/host.conf /etc/services /etc/services /etc/resolv.conf /etc/resolv.conf /etc/sysconfig/network /etc/sysconfig/network /etc/sysconfig/network-scripts/* /etc/sysconfig/network-scripts/* IP Aliasing IP Aliasing

62 62 RHCE Red Hat Certified Engineer Asif Raza Session 12

63 63 DHCP Advantage & disadvantage of DHCP Advantage & disadvantage of DHCP DHCP Server Configuration DHCP Server Configuration /etc/dhcpd.conf /etc/dhcpd.conf /var/lib/dhcp/dhcpd.leases /var/lib/dhcp/dhcpd.leases DHCP Client Configuration DHCP Client Configuration netconfig command netconfig command

64 64 An Example of dhcpd.conf ddns-update-style ad-hoc; subnet netmask { range ; option routers ; option subnet-mask ; option domain-name"domain.com"; option domain-name-servers ; default-lease-time 21600; max-lease-time 43200; # we want the nameserver to appear at a fixed address host dns1 { hardware ethernet 12:34:56:78:AB:CD; fixed-address ; }}

65 65 dhcpd.leases Format lease { starts /04/12 09:34:12 ends /07/15 23:49:57 hardware ethernet 00:09:e6:88:0a:05 }...

66 2004 Agust 66 NFS Related Daemons Related Daemons rpc.nfsd rpc.nfsd rpc.portmap rpc.portmap rpc.mountd rpc.mountd Installation Installation nfs-utils nfs-utils portmap portmap

67 67 NFS Configuration Server Side Server Side Edit /etc/exports file Edit /etc/exports file PATHhost_lists(options) Run exportfs – r command Run exportfs – r command redhat-config-nfs Command redhat-config-nfs Command Client Side Client Side mount – t nfs server:PATH Mountpoint mount – t nfs server:PATH Mountpoint Edit /etc/fstab file Edit /etc/fstab file server:PATH M.P.nfsro00

68 68 SAMBA (1) Related Services Related Services smbd smbd nmbd nmbd Related Packages Related Packages samba samba samba-common samba-common samba-client samba-client

69 69 SAMBA (2) Server Configuration Server Configuration Global Directives Global Directives Service Directives Service Directives Client Configuration Client Configuration smbmount //server/share /m.p. smbmount //server/share /m.p. smbclient //server/share smbclient //server/share Configuration with SWAT Configuration with SWAT

70 70 RHCE Red Hat Certified Engineer Asif Raza Session 13

71 71 TCP/IP Services Client Server Process Port Process 2. Client binds to port 1. server binds to port and listens 4. Server designates port 3. Client connects to server 5. Client and server communicate

72 72 Remote Login Telnet Telnet Server & Client Server & Client SSH SSH Server & Client Server & Client

73 73 The Apache Web Server Modules Modules mod_auth mod_auth mod_info mod_info mod_php mod_php mod_include mod_include mod_perl mod_perl mod_ssl mod_ssl

74 74 Installation Apache rpm – Uvh httpd-[^d]*.rpm rpm – Uvh httpd-[^d]*.rpm rpm – Uvh httpd-devel*.rpm rpm – Uvh httpd-devel*.rpm (for support apache modules)

75 75 Basic Configuration httpd.conf httpd.conf Section 1: Section 1: The Global Environment The Global Environment Section 2: Section 2: The Main Configuration The Main Configuration Section 3: Section 3: The Virtual Host Configuration The Virtual Host Configuration

76 76 Apache Advanced Configuration Authentication in Apache Authentication in Apache Configure with PHP Configure with PHP Configure with SSL Configure with SSL Configure Virtual Host Configure Virtual Host

77 77 Authentication in Apache AuthTypeBasic AuthName NAME AuthName NAME AuthUserFile.htpasswd AuthUserFile.htpasswd Requirevalid-user Create /etc/httpd/.htpasswd file Create /etc/httpd/.htpasswd file Configuring httpd.conf file Configuring httpd.conf file

78 78 Configure Apache with PHP rpm – Uvh php-4*.rpm rpm – Uvh php-4*.rpm Configure Apache with SSL rpm – Uvh mod_ssl*.rpm rpm – Uvh mod_ssl*.rpm

79 79 Configure Virtual Host DocumentRoot/var/www/html/vh/ ServerNamewww.vh.com Configuring /etc/hosts file Configuring /etc/hosts file Configuring httpd.conf file Configuring httpd.conf file

80 80 Start Start Stop Stop Restart Restart Reload Reload Status Status Apache Administration

81 81 Troubleshooting the Apache /var/log/messages /var/log/messages /var/log/httpd/ /var/log/httpd/ /usr/sbin/httpd – S /usr/sbin/httpd – S (for virtual host)

82 82 Securing Your Network Using lokkit or redhat-config- securitylevel Command Using lokkit or redhat-config- securitylevel Command Password & Physical Security Password & Physical Security Securing TCP/IP Securing TCP/IP Using Tripwire Using Tripwire Keeping Up-to-Date on Linux Security Issues Keeping Up-to-Date on Linux Security Issues

83 83 RHCE Red Hat Certified Engineer Asif Raza Session 14

84 84 FTP Installation Installation rpm – ivh vsftp*.rpm rpm – ivh vsftp*.rpm Config File Config File /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf Access Levels Access Levels Anonymouse Access ( anonymouse_enable ) Anonymouse Access ( anonymouse_enable ) User Access ( tcp_wrappers needs ) User Access ( tcp_wrappers needs )

85 85 Cache Server (Squid) Install squid Install squid rpm – ivh squid*.rpm rpm – ivh squid*.rpm Managing squid Managing squid start, stop, restart, status, reload start, stop, restart, status, reload

86 86 Squid Log Files /var/log/squid/access.log ( cache_access_log ) /var/log/squid/access.log ( cache_access_log ) /var/log/squid/cache.log ( cache_log ) /var/log/squid/cache.log ( cache_log ) /var/log/squid/store.log ( cache_store_log ) /var/log/squid/store.log ( cache_store_log )

87 87 An Example of squid.conf http_port 8081 cache_effective_user squid cache_effective_group squid acl all src / http_access allow all cache_dir ufs /cache visible_hostname ws1

88 88 Running Squid service squid start service squid start squid – d1 – z squid – d1 – f /etc/squid/squid.conf

89 89 The Kind of Proxies Upstream Proxy Upstream Proxy cache_peer yourproxy.com parent prefer_direct off Transparent Proxy Transparent Proxy httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on

90 90 RHCE Red Hat Certified Engineer Asif Raza Session 15

91 91 Configuring a Linux Router Configuring Kernel Configuring Kernel IP: advanced router IP: advanced router Enable IP Forwading Enable IP Forwading Add net.ipv4.ip_forward=1 to /etc/sysctl.conf Add net.ipv4.ip_forward=1 to /etc/sysctl.conf echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward

92 92 Type of Routes Static route Static route Dynamic route Dynamic route

93 93 Components of Routing Rules Destination IP Address Destination IP Address An Interface An Interface An Optional Gateway IP Address An Optional Gateway IP Address

94 94 Routing Command route add – net net_addr netmask mask_addr interface route add – net net_addr netmask mask_addr interface route add – host ip_addr interface route add – host ip_addr interface route add default gateway ip_addr interface route add default gateway ip_addr interface

95 95 A B C D E F G H Gateway Router Internet eth0eth1 eth2 An Example

96 96 Related Rules route add – net netmask eth0 route add – net netmask eth0 route add – net netmask eth1 route add – net netmask eth1 route add – net netmask eth2 route add – net netmask eth2 route add default gateway eth2 route add default gateway eth2

97 97 Result IfaceUseRefMetricFlagsGenmaskGatewayDestination eth0000UH * Eth1000UH * Eth2000UH * eth0000U * Eth1000U * Eth2000U * eth2000UG lo000U * U: Network link is upH: Dest. Addr. Refers to a hostG: Gateway

98 98 Electronic Mail (Sendmail)

99 99 How Is Sent and Received mail2 MTA mail1 MTA ? ?

100 100 Concepts MTA : Mail Transport Agent MTA : Mail Transport Agent SMTP (server-to-server) SMTP (server-to-server) Simple Mail Transport Protocol POP (Mail Access) POP (Mail Access) Post Office Protocol IMAP (Mail Access) IMAP (Mail Access) Interim Mail Access Protocol MDA : Mail Delivery Agent MDA : Mail Delivery Agent MUA : Mail User Agent MUA : Mail User Agent

101 101 Advantage of Sendmail Older MTA Older MTA Powerful MTA Powerful MTA Disadvantage of Sendmail Slow Slow High Load Environment High Load Environment Crypto Configuration Crypto Configuration

102 102 MTAs Sendmail Sendmail Postfix Postfix Exim Exim Qmail Qmail MUAs Evolution, Kmail(KDE) Evolution, Kmail(KDE) Balsa(GNOME) Balsa(GNOME) Mozilla Mail Mozilla Mail

103 103 Required Packages sendmail sendmail sendmail-cf sendmail-cf imap (Config xinetd) imap (Config xinetd) (contains IMAP & POP3)

104 104 Sendmail Configuration Config /etc/mail/sendmail.mc file Config /etc/mail/sendmail.mc file LOCAL_DOMAIN( example.com )dnl LOCAL_DOMAIN( example.com )dnl Run make – C /etc/mail/ Run make – C /etc/mail/ Config DNS Config DNS

105 105 Aliases Edit /etc/aliases file Edit /etc/aliases file postmaster: joseph Run newaliases Command Run newaliases Command

106 106 Rejecting Edit /etc/mail/access file Edit /etc/mail/access file spam.comREJECT yahoo.comOK service sendmail restart service sendmail restart

107 107 RHCE Red Hat Certified Engineer Asif Raza Session 16

108 108 DNS

109 109 Where do I look? /etc/nsswitch.conf /etc/nsswitch.conf (nameservice switch) (nameservice switch) cat /etc/nsswitch.conf hosts: files dns

110 110 Files Search order determined by nsswitch.conf Search order determined by nsswitch.conf It is polite to have /etc/hosts first! It is polite to have /etc/hosts first! cat /etc/hosts localhost mccoy.tardis.ed.ac.uk mccoy baker.tardis.ed.ac.uk baker packages.tardis.ed.ac.uk packages

111 111 DNS Traversal 1. Local files 2. Dns server locally 3. Item in cache? 4. Root server, work your way down …

112 112 Resolving Names Configuration Files for the Local Host Name Resolution (important for testing) /etc/resolv.conf /etc/resolv.conf /etc/nsswitch.conf /etc/nsswitch.conf /etc/host.conf /etc/host.conf

113 113 DNS BIND – Berkley Internet Name Daemon BIND – Berkley Internet Name Daemon Dents – buggy as hell (still in alpha?) Dents – buggy as hell (still in alpha?) Djbdns – Dan Bernstein s DNS server Djbdns – Dan Bernstein s DNS server Banyan VINES – don t go there! Banyan VINES – don t go there!

114 114 Named (name dee) /etc/named.conf: /etc/named.conf: this defines a directory to store the DNS config files this defines a directory to store the DNS config files Contains info about what zones we serve, and where to find config files! Contains info about what zones we serve, and where to find config files! Config file for named – tells us if we are master / slave, allow or deny zone transfers, what the IPs of other master / slave servers are, etc. Config file for named – tells us if we are master / slave, allow or deny zone transfers, what the IPs of other master / slave servers are, etc. /root.hints: /root.hints: Contains "pointers" to the Root Servers Contains "pointers" to the Root Servers / : / : Config for reverse-lookup to the local host/subnet Config for reverse-lookup to the local host/subnet / : / : Config for zone Config for zone / / Config for reverse lookup for your zone Config for reverse lookup for your zone

115 115 A simple named.conf ## named.custom - custom configuration for bind zone "." { type hint; type hint; file "root.lists"; file "root.lists";}; options { directory "/var/named/"; directory "/var/named/";}; zone " in-addr.arpa" { type master; type master; file " "; file " ";}; zone "hq.alim.ir" { type master; type master; file "hq.alim.ir"; file "hq.alim.ir";}; zone " in-addr.arpa" { type master; type master; file " "; file " ";};

116 116 DNS Data DNS databases contain more than just hostname-to-address records: SOA – Start Of Authority – it is the daddy! SOA – Start Of Authority – it is the daddy! IN NS – Name Server IN NS – Name Server IN MX – Mail eXchanger IN MX – Mail eXchanger IN A – A record (Address record) IN A – A record (Address record) IN CNAME – Canonical NAME IN CNAME – Canonical NAME

117 117 A simple zone IN SOA hq.alim.ir. root.hq.alim.ir. ( ; serial, todays date + todays serial # ; serial, todays date + todays serial # 8H ; refresh, seconds 8H ; refresh, seconds 2H ; retry, seconds 2H ; retry, seconds 4W ; expire, seconds 4W ; expire, seconds 1D ) ; minimum, seconds 1D ) ; minimum, seconds NShq.alim.ir. MX10 hq.alim.ir. ; Primary Mail Exchanger TXT"Alim IT Center" localhostA routerA hq.alim.ir.A nsA wwwA ftpCNAMEhq.alim.ir. mailCNAMEhq.alim.ir. newsCNAMEhq.alim.ir.

118 118 A simple in-addr.arpa file $TTL IN SOA hq.alim.ir. root.hq.alim.ir. ( ; Serial ; Serial ; Refresh ; Refresh 7200 ; Retry 7200 ; Retry ; Expire ; Expire 86400) ; Minimum TTL 86400) ; Minimum TTL NS hq.alim.ir. NS hq.alim.ir. ; Servers 1 PTR router.hq.alim.ir. 2 PTR hq.alim.ir. 2 PTR funn.hq.alim.ir. ; Workstations 200 PTR ws hq.alim.ir. 201 PTR ws hq.alim.ir. 202 PTR ws hq.alim.ir.

119 119 Forward DNS hq.alim.ir (as per /etc/named.conf) hq.alim.ir (as per /etc/named.conf) SOA – Start Of Authority – it is the daddy! SOA – Start Of Authority – it is the daddy! IN NS – Name Server IN NS – Name Server IN MX – Mail eXchanger IN MX – Mail eXchanger IN A – A record (Address record) IN A – A record (Address record) IN CNAME – Canonical NAME IN CNAME – Canonical NAME

120 120 Reverse DNS ( as per /etc/named.conf ) ( as per /etc/named.conf ) SOA SOA IN NS IN NS IN PTR – Pointer IN PTR – Pointer

121 121 DNS Round Robin Fault tolerance? Through nifty DNS hacks Fault tolerance? Through nifty DNS hacks

122 122 Common Mistakes Forgetting to increment the Serial Number! Forgetting to increment the Serial Number! CNAME pointing at another CNAME! CNAME pointing at another CNAME! Forgetting the. In appropriate places! Forgetting the. In appropriate places! Underscores in hostnames! Underscores in hostnames! Forgetting to reload the daemon! Forgetting to reload the daemon! Version control issues – clobber changes! Version control issues – clobber changes! TTL Issues TTL Issues

123 123 Test Tools nslookup nslookup dig dig dig mail.hq.alim.ir dig mail.hq.alim.ir dig -x dig -x dig in-addr.arpa. AXFR dig in-addr.arpa. AXFR whois whois James Ponder s DNS check web page James Ponder s DNS check web page

124 124 RHCE Red Hat Certified Engineer Asif Raza Session 17

125 125 Firewall Control Control Allow only those packets that you are interested to pass through. Security Security Reject packets from malicious outsiders Watchfulness Watchfulness Log packets to/from outside world Required Properties:

126 126 Firewall Types Packet Filtering Packet Filtering Proxy-Based Firewall Proxy-Based Firewall Statefull Stateless

127 127 Packet Filter under Linux 1st generation 1st generation ipfw (from BSD) 2nd generation 2nd generation ipfwadm (Linux 2.0) 3rd generation 3rd generation ipchains (Linux 2.2) 4th generation 4th generation iptable (Linux 2.4 & 2.6)

128 128 Installing Iptables Kernel Supports Iptables Kernel Supports Iptables Networking Options -> TCP/IP Networking ->Network Packet Filtering Networking Options -> TCP/IP Networking ->Network Packet Filtering Networking Options -> TCP/IP Networking ->IP: advanced router -> * Networking Options -> TCP/IP Networking ->IP: advanced router -> * Networking Options -> IP: NetfilterNetworking Options -> IP: Netfilter Networking Options -> IP: NetfilterNetworking Options -> IP: Netfilter For Packets Traffic Control : Networking Options> QoS and/or fair queueing -> * Networking Options> QoS and/or fair queueing -> * # rpm -ivh \ # rpm -ivh \iptables-1.2.6a-2.i386.rpm

129 129 INPUT INPUT Controls packets entering your system Controls packets entering your system OUTPUT OUTPUT Controls packets leaving your system Controls packets leaving your system FORWARD FORWARD Controls what packets can move from one network to another through your system Controls what packets can move from one network to another through your system Chains of Tables

130 130 Forward Input Output Local Process Routing Decision

131 When a packet comes in, the kernel first looks at the destination of the packet: this is called routing. 2. If it s destined for this box Passes downwards in the diagram Passes downwards in the diagram To INPUT chain To INPUT chain If it passes, any processes waiting for that packet will receive it. Otherwise go to step 3 Continue…

132 132 3.If forwarding is not enabled The packet will be dropped If forwarding is enable and the packet is destined for another network interface. The packet goes rightwards on our diagram to the FORWARD chain. If it is accepted, it will be sent out. 4.Packets generated from local process pass to the OUPUT chain immediately. If its says accept, the packet will be sent out.

133 133 Packet Status in Iptables Established Established New New Related Related Invalid Invalid

134 134 Results of Packet Checking ACCEPT ACCEPT DROP DROP REJECT REJECT …

135 135 Tables of Iptables Filter Filter NAT NAT Mangle Mangle

136 136 Network Mangle Table PREROUTING Chain NAT Table PREROUTING Chain Destination NAT Mangle INPUT Filter INPUT Local process Routing decision Mangle OUTPUT Mangle FORWARD Mangle POSTROUTING NAT POSTROUTING Chain Network Source NAT Based on routing Routing decision The Path of Packet in Iptables NAT OUTPUT Filter OUTPUT Filter FORWARD

137 137 Tables of Chains POSTROUTI NG PREROUTINGFORWARDOUTPUTINPUTChaintable *****MANGLE **-*-NAT --***FILTER

138 138 Building a Rule source/destination iptables – s iptables – s Refers to packet from a specific IP address Refers to packet from a specific IP address The -s refers to the source of the packet, where the packet is coming from. The -s refers to the source of the packet, where the packet is coming from. A corresponding -d refers to the destination, where the packet is going to. A corresponding -d refers to the destination, where the packet is going to.

139 139 Building a Rule Action iptables – s j DROP iptables – s j DROP The -j determines what happens to the The -j determines what happens to the Building a Rule IP address ranges iptables – s /24 -j DROP iptables – s /24 -j DROP IPs that match * IPs that match * The /24 refers to the number of bits that are fixed, counting from the left. The /24 refers to the number of bits that are fixed, counting from the left.

140 140 Other Actions REDIRECT REDIRECT Sends packets to a proxy Sends packets to a proxy LOG LOG Tracks packets as they match rules Tracks packets as they match rules RETURN RETURN Terminates user defined chains Terminates user defined chains

141 141 Building a Rule appending rules to tables iptables – A INPUT – s j DROP iptables – A INPUT – s j DROP The -A appends the rule to an iptable The -A appends the rule to an iptable The INPUT specifies the iptable The INPUT specifies the iptable This command makes your system to ignore all packets from This command makes your system to ignore all packets from iptables – A OUTPUT – d – j DROP iptables – A OUTPUT – d – j DROP This command does not allow your system to sent packets to This command does not allow your system to sent packets to

142 142 Building a Rule only blocking some packets iptables – A INPUT – s – p tcp --destination-port telenet – j DROP iptables – A INPUT – s – p tcp --destination-port telenet – j DROP The -p specifies a specific protocol: tcp, udp, or icmp The -p specifies a specific protocol: tcp, udp, or icmp The -destination-port is where the packet is going The -destination-port is where the packet is going You can user the service name or the port number You can user the service name or the port number Could use 23 in this example Could use 23 in this example Keep in mind that the source-port is very different from the destination-port. In this example the inbound message is going to your telenet server. The telenet client that is sending you the message could be running on any port. Keep in mind that the source-port is very different from the destination-port. In this example the inbound message is going to your telenet server. The telenet client that is sending you the message could be running on any port. --dport == --destination-port --dport == --destination-port --sport == --source-port --sport == --source-port

143 143 Building a Rule multiple network interfaces Assume your machine has two interface cards. One to a LAN named eth0 and the other to the Internet named ppp0 Assume your machine has two interface cards. One to a LAN named eth0 and the other to the Internet named ppp0 iptables – A INPUT – p tcp --dport telnet – i ppp0 – j DROP iptables – A INPUT – p tcp --dport telnet – i ppp0 – j DROP The -i option specifies the input interface The -i option specifies the input interface The is also a -o option for the output interface The is also a -o option for the output interface iptables – A INPUT – p tcp --dport telnet – i eth0 – j ACCEPT iptables – A INPUT – p tcp --dport telnet – i eth0 – j ACCEPT Together these rules would accept telnet requests from the LAN but block telnet requests from the Internet. Together these rules would accept telnet requests from the LAN but block telnet requests from the Internet.

144 144 Building a Rule Table Policies iptables – P FORWARD ACCEPT iptables – P FORWARD ACCEPT The -P option followed by a table name and action determines the default policy of the table. If no rule in the table matches this default action is taken. The -P option followed by a table name and action determines the default policy of the table. If no rule in the table matches this default action is taken. The usual policies are The usual policies are INPUT = ACCEPT INPUT = ACCEPT OUTPUT = ACCEPT OUTPUT = ACCEPT FORWARD = DENY FORWARD = DENY

145 145 Building a Rule Adding Rules to Tables iptables – A INPUT – s j DROP iptables – A INPUT – s j DROP Appends the rule to the end of the table Appends the rule to the end of the table iptables – I INPUT 3 – s j DROP iptables – I INPUT 3 – s j DROP Inserts the rule as rule 3 in the table, moving all other rules down 1. Inserts the rule as rule 3 in the table, moving all other rules down 1. iptables – R INPUT 3 – s j DROP iptables – R INPUT 3 – s j DROP Replaces rule 3 in the table Replaces rule 3 in the table iptables – D INPUT 3 iptables – D INPUT 3 Deletes rule 3 in the table Deletes rule 3 in the table

146 146 Operations to manage whole chains Operations to manage whole chains -N-N-N-N Create a new chain -X-X-X-X Delete an empty chain -P-P-P-P Change the policy for a built-in chain -L-L-L-L List the rules in a chain -F-F-F-F Flush the rules out of a chain -Z-Z-Z-Z Zero the packet and byte counters on all rules in a chain

147 147 Manipulate rules inside a chain -A-A-A-A Append a new rule to a chain -I-I-I-I Insert a new rule at some position in a chain -R-R-R-R Replace a rule at some position in a chain -D-D-D-D Delete a rule at some position in a chain -D-D-D-D Delete the first rule that matches in a chain

148 148 An Example GW: GW: GW: Internet Firewall eth0 eth1 Web Server SSH Server Accessible ONLY via LAN

149 149 RHCE Red Hat Certified Engineer Asif Raza Session 18 Advanced

150 150 Traffic Shaping (CBQ) /etc/rc.d/init.d/cbq.init /etc/rc.d/init.d/cbq.init ( ) Install shapecfg RPM Install shapecfg RPM /etc/sysconfig/cbq/* (0002-FFFF) /etc/sysconfig/cbq/* (0002-FFFF) /etc/rc.d/init.d/cbq.init start /etc/rc.d/init.d/cbq.init start

151 151 Sample of CBQ Configuration DEVICE=eth0,10Mbit,1Mbit RATE=10 Kbit PRIO=5RULE=:21, /24

152 152 The End Good Luck


Download ppt "1 RHCE Red Hat Certified Engineer Session 1 Asif Raza."

Similar presentations


Ads by Google