Introduction to Linux (Unix)
The Hardware the CPU, memory, and I/O devices The Operating System controls and coordinates the use of hardware among the various application programs for the various users The Application Programs defines the ways in which resources, such as word processors, spreadsheets, and compiles, are used to solve the computing problems of the users. The Users you and me
It provides an environment within which other programs can do useful work The OS is a resource allocator by managing the system resources and allocating them to programs and users as needed The OS is a control program by controlling the execution of user programs to prevent errors and improper use of the computer
ALL reasonably sophisticated operating systems are the same in that they all provide "standard" features that more or less define the purpose of an OS: Hardware-level I/O Job control Memory management Task switching Utilities for management
In 1965 Bell Labs joined with General Electric and MIT to create a new operating system to be called “Multics” (Multiplexed Information and Computing Service) In 1969 AT&T, the parent to Bell Labs, withdrew from the Multics project and went with an existing GE OS called “GECOS” The researchers decided to fashion their own version of the Multics and that summer introduced “Unics” (UNiplexed Information and Computing Service) and then finally called “Unix”
From 1969 to 1991 Unix went thru many revisions Other companies and universities introduced their own versions of the operating system such as HP-UX, BSD, AIX, IRIX, and Solaris In 1987 Professor Andrew S. Tanenbaum invents Minix, an open-source operating system that's a clone of Unix
In 1991 Linux is introduced by Linus Torvald, a student in Finland The project that started as a hobby, became a full-fledged OS when Linus posted the source code at a bulletin board asking people for suggestions and improvements, which received an overwhelming response!
Linux is an implementation of UNIX. Linux is completely Free under GPL (GNU Public License). First stable release: Linux kernel v1.0 in March 1994. Stable kernel versions have even sub-version numbers (1.2, 1.4, 2.0, 2.2, 2.4). Experimental versions have odd numbers (1.1, 1.3, 2.1, 2.3, 2.5).
User Shells UNIX OS kernel Hardware Access through user mode Access through kernel mode
Can run on 386 with 4MB RAM. Users don't have to upgrade hardware as often. “Obsolete" machines can be productive as terminals or even servers. (A 486 with 16MB RAM makes an excellent server or internet firewall for a home or small office.)
Linux Support many File Systems e.g autofs, ext, ext2, ext3, iso9660, minix, msdos, nfs, vfat, xenix, etc. Easy to mount all the file systems in different paths.
A file is the basic component for data storage UNIX considers everything it interacts with as a file, even devices such as monitors A directory can contain other files and directories The tree-like structure for UNIX file systems starts at the root level -Root is the file at this level, denoted by character “/”
/ class etc dev 51223 daws3489 mart2345 newfile myfile
Red Hat Mandrake SuSE Caldera Turbo Linux VaLinux
Several hardware platforms Support (Intel, Mac (68K and PPC), Alpha, MIPS, ...) Several users (or the same person more than once) can Work on the same machine at the same time. Each user can run several tasks. A secure file permission system. Users cannot be allowed to affect each other or the OS. User(s) must log in (id/password) before use. Programs compiled to run on Linux do not run on DOS/Windows. Some DOS and Windows programs can be run under Linux using emulators.
Graphical Environment - KDE/Gnome/IceWM, Others Browsers - Mozilla/Konqueror/ Netscape E-Mail - Kmail/Evolution Ftp Client - gftp Multimedia - XMMS/Xine/Cdparanoia/Cdrecord Security - iptables/ipchains Office Suite - OpenOffice/StarOffice/KOffice File Browser - Konqueror Editors - Joe, VI, Kwrite, Gedit, OpenOffice Writer Languages - C++, FORTRAN, Perl, Emacs, Php etc are build in Linux and can be upgraded with latest release available on net.
File and print serving in heterogeneous environments (Samba, Netatalk, NFS). Web serving (Apache). Proxy Server (Squid) Network infrastructure (DNS/DHCP, LDAP). Network security (fire walling, IP masquerading, NAT). EMAIL and NEWS SERVER (Internet Exchange, Sendmail, NNTP, list servers).
Flexibility can be intimidating: Complex installation - no "turnkey", minimal PnP. Most vendors won't pre-install onto a new computer. Many command options (but you can use a GUI instead). Never originally designed to be user-friendly. Can have significant learning curve moving from another OS: User must learn new commands and vocabulary. Different "look and feel" for both OS and some applications although current window managers can now emulate Windows “look and feel” if you wish. All file and command names are case-sensitive.
LINUX INSTALLATION
A computer to install Linux on Minimum: Pentium 166 MHz with 8MB RAM Minimum 1GB Disk Space A 8x speed CD-ROM A Linux Distribution (RedHat, Debian, Shackware etc..) One 3.5” Floppy Disk
Before installing Linux you need to have detailed information about your hardware. e.g. Mouse, Hard Drive, VGA Card, Monitor, Sound, Modem In Windows go to Control Panel > System > Deice Manager and record the information for each of the relevant device. Linux compatibility lists are available on the Distributor’s web site.
Creating a partition with enough free disk space for Linux installation How data is stored on hard disk Partitions FIPS / Partition Magic to split a Windows partition.
Remove Hard Disk compression if present Norton’s Speeddisk is known to cause problems. Turn it off / uninstall it. Turn it on after linux installation. Remove windows Swapfile
Insert bootable CD or bootable Floppy Start computer Select Installation Mode Graphic (800x600x16-bit) Text LowRes Graphic Linux rescue Linux dd (to install third party driver) expert
Select mouse type and options Select installation type Select Language Select Keyboard type Select mouse type and options emulate 3-button? Select installation type new install upgrade existing system
8. Type of install Workstation Laptop Server Custom
Workstation Typically single user "client" system Automatic partitioning GUI Login (GNOME default) All free space dedicated to Linux Preserves any Windows install, multiboots No server daemons installed
Server Multiuser, networked Typical server daemons installed by default No GUI installed Takes ALL hard disk space (erases existing partitions) No multiboot
Laptop Similar to Workstation, but with PCMCIA support Multiboot supported
Custom Mixed use, server and client if desired Select any or all packages Most flexible, but requires knowledge of package choices Single or multiboot
9. Partitioning Strategy Automatic Partitions are / swap Manual, with Disk Druid Manual, with fdisk
Choose partitioning method Remove all Linux partitions Remove all partitions Use existing free space, preserve existing non-Linux partitions RAID?
Apply partitioning design (set up partitions) Minimum partitions are / - for the root file system swap - should be 2X RAM size Setting up multiple file systems in separate partitions permits greater control over use of available space
/boot 250MB swap should be 2X RAM size / 5GB for RH-9 complete instllation /home For users data (Optional) /var For logs, mails etc (Optional)
Choose boot loader method MBR (GRUB controls boot selection) First sector of boot partition (lets other boot loader manage choices) GRUB may optionally be protected with a password of your choice.
Configure Networking (LAN only) DHCP (localhost.localdomain) No further configuration needed Static IP Intranet (e.g., 172.16.0.1) Routable (e.g., 198.168.49.214 is sonic) Host name and domain name
Static IP configuration IP address Netmask Network address Broadcast address Hostname Gateway Primary DNS (maybe secondary, tertiary)
Firewall configuration None Medium High Customize all ports open in either direction Medium inbound DNS, HTTP High outbound only Customize Choose port and packet type (TCP/UDP) e.g., nntp:tcp
Configure user accounts Language support Choose additional languages for documentation, etc. Choose Time zone Clock may be set to GMT, with offset for local time If you wish to change your time zone configuration after you have booted your Red Hat Linux system, become root and use the /usr/sbin/timeconfig command. Configure user accounts Choose password for "root" account Create at least one "ordinary" user so that typical tasks need not be done as root To become root from an ordinary user login, type su - at the shell prompt in a terminal window and then press [Enter]. Then, enter the root password and press [Enter]. Type "exit" to return to original login.
Enable authentication Make sure "shadow" and "MD5" are selected. Enable MD5 passwords — allows a long password to be used (up to 256 characters), instead of the standard eight characters or less. Enable shadow passwords — provides a secure method for retaining passwords. The passwords are stored in /etc/shadow, which can only be read by root. NIS is for networked Linux systems to share file systems SMB is for file-sharing with Windows NT, 2000, XP network systems Kerberos and LDAP are additional authentication systems that require appropriate server software.
Select packages Carefully review and study package choices before proceeding Pick the minimum package set for your purposes for a production server Some server packages open up security holes in the system
Configure video hardware Begin install Copying installation packages from CD's. May take up to two hours Configure video hardware Automatic probing may provide choices for you Have monitor information handy at this point
Select monitor configuration Choose custom X configuration Create boot disk Label the floppy "Red Hat Linux 7.3 Custom Boot Disk" Select monitor configuration Choose custom X configuration Color depth Resolution Select default boot mode (text or GUI) Finish installing, reboot system
Basic Linux Commands
/ - root directory ./ - current directory ./command_name - run a command in the current directory ../ - parent directory ~ - home directory $ - typical prompt when logged in as ordinary user # - typical prompt when logged in as root or superuser & - run a program in background mode [Tab][Tab] - prints a list of all available commands. x[Tab][Tab] - prints a list of all available completions for a command, where the beginning is ``x'' [Alt][Ctrl][F1] - switch to the first virtual text console [Alt][Ctrl][Fn] - switch to the nth virtual text console. Typically, there are six on a Linux PC system. [Alt][Ctrl][F7] - switch to the first GUI console, [ArrowUp] - scroll through the command history (in bash) [Shift][PageUp] - scroll terminal output up. This also works at the login prompt, so you can scroll through your boot messages.
[Shift][PageDown] - scroll terminal output down [Ctrl][Alt][+] - switch to next X server resolution (if the server is set up for more than one resolution) [Ctrl][Alt][-] - change to previous X server resolution [Ctrl][Alt][Del] - shut down the system and reboot [Ctrl]c - kill the current process [Ctrl]d logout from the current terminal [Ctrl]z - send current process to the background
cd to change directory ls To get a file list ls –a to list hidden files ls –l to list files permissions ls –al to list perm & hidden files ls –i to get I node no touch to create file mkdir to create Directory rm to delete a file Rmdir to delete a Directory cp tp copy files mv to move or rename files & Directories cat to see the content of a file more to see the content of a file less same as more
command --help Display help of command man Manual date Display or change the date & time cal Display a calendar pwd Print Working Directory df Report filesystem disk space usage echo Display message on screen mount Mount a file system eject Eject CD-ROM fdformat Low-level format a floppy disk locate Search for files
free Display memory usage ps Process status kill Kill a process top Show top Process shutdown shutdown –h now To shutdown system shutdown –r now to restart system shutdown –h t15 shutdown after 15 sec adduser to add a new user passwd change password su switch user who Print all usernames currently logged in tail Output the last part of files
last Display the last users logged on and how long. bg start a suspend process in background fg start a suspend process in foreground & At the end of the command makes it run in the background. kill Kill a process pstree Display the tree of running processes fsck Used to repair a filesystem. Must not be run on a mounted file system mke2fs Create a Linux second extended filesystem. mkswap Sets up a Linux swap area on a device or file. hostname Used to show or set the name of the computer Pine E-mail Client lynx Internet Browser
Input / Output Redirector Wildcard Input / Output Redirector & Pipes
* matches any character and any number of characters. Another way that bash makes typing commands easier is by enabling users to use wildcards in their commands. The bash shell supports three kinds of wildcards: * matches any character and any number of characters. ? matches any single character. […] matches any single character contained within the brackets
The * wildcard can be used in a manner similar to command-line completion. For example, assume the current directory contains the following files /etc/hosts /etc/host.conf /etc/hosts.allow … ls /etc/h<tab><tab> Or ls /etc/h*
The ? wildcard functions in an identical way to the * wildcard except that the ? wildcard only matches a single character. For example, a directory contains the following files ch1.doc ch2.doc ch3.doc ch4.doc chimp config ls ch?.doc
The […] wildcard enables you to specify certain characters or ranges of characters to match. To print all of the files in the example with the .doc extension using the […] wildcard, enter one of the following two commands: ch1.doc ch2.doc ch3.doc ch4.doc chimp config ls ch[123].doc ls ch[1-3].doc
Input redirection changes the source of input for a command. When a command is entered in bash, the command is expecting some kind of input in order to do its job The input for these commands can be found in a file wc test 11 2 1 or wc < test
Output redirection is more commonly used than input redirection. Output redirection enables you to redirect the output from a command into a file, as opposed to having the output displayed onscreen. The input for these commands can be found in a file ls /etc > list.txt
Pipes (often called pipelines) are a way to string together a series of commands 1. Output from the first command in the pipeline is used as the input to the second command in the pipeline. 2. The output from the second command in the pipeline is used as input to the third command in the pipeline 3. The output from the last command in the pipeline is the output that actually displays onscreen (or is put into a file) cat sample.text | grep “High” | wc -l This pipeline takes the output from the cat command (which lists the contents of a file) and sends it into the grep command. The grep command searches for each occurrence of the word “High” in its input. The grep command’s output then consists
of each line in the file that contains the word “High.” This output is then sent to the wc command. The wc command with the -l option prints the number of lines contained in its input. To show the results on a real file, suppose the contents of sample.text appeared as follows: Things to do today: Low: Go grocery shopping High: Return movie High: Clear level 3 in Alien vs. Predator Medium: Pick up clothes from dry cleaner The pipeline then returns the result 2 cat sample.text | grep “High” | wc -l 2
Linux Text Editors
Most bioinformatics work involves messing around with text files. DNA and protein sequences, databases, results of similarity searches and multiple alignments are all stored on the computer as ordinary ASCII text files. To read, write, and edit these text files you must get familiar with a Text Editor program
A text editor is like a word processor on a personal computer, except that it does not apply formatting styles (bold, italics, different fonts etc.). Unix has line editors (view and edit one line at a time) and full screen editors. A screen editor loads an entire document into a buffer - allows you to jump to any point in the document.
There are many different text editors available for Unix computers Graphical (X-Windows) Text Editors gedit (click on Gnome-footprint > programs > applications > gedit) kedit (click on Gnome-footprint > KDE menus > applications > Text Editor) kwrite (click on Gnome-footprint > KDE menus > applications > Advanced Editor)
emacs - screen based (but not X-windows) editor vi - visual editor (screen based but not X-windows) editor pico - screen based (but not X-windows) editor ed - basic/crude line editor,
The full name of the Emacs program is: "GNU emacs, the Extensible, Customizable, Self-Documenting, Real-time Display Editor.” Emacs is free software produced by the Free Software Foundation (Boston, MA) and distributed under the GNU General Public License.
To start Emacs, at the > command prompt, just type: emacs To use Emacs to edit a file, type: emacs filename (where filename is the name of your file) When Emacs is launched, it opens either a blank text window or a window containing the text of an existing file.
The display in Emacs is divided into three basic areas. The top area is called the text window. The text window takes up most of the screen, and is where the document being edited appears. Below the text window, there is a single mode line (in reverse type). The mode line gives information about the document, and about the Emacs session. The bottom line of the Emacs display is called the minibuffer. The minibuffer holds space for commands that you give to Emacs, and displays status information.
Emacs uses Control and Escape characters to distinguish editor commands from text to be inserted in the buffer. Control-x means to hold down the control key, and type the letter x. (You don't need to capitalize the x, or any other control character) [ESCAPE] x means to press the escape key down, release it, and then type x.
To save a file as you are working on it, type: Control-x » Control-s To exit emacs and return to the Unix shell, type: Control-x » Control-c If you have made any changes to the file, Emacs will ask you if you want to save: Save file /u/browns02/nrdc.msf? (y,n,!,.,q,C-r or C-h) Type “y” to save your changes and exit If you type “n”, then it will ask again: Modified buffers exist; exit anyway? (yes or no) If you answer “no”, then it will return you to the file, you must answer “yes” to exit without saving changes
Once you move the cursor to the location in the file where you want to do some editing, you can just start typing - just like in an ordinary word processor. The delete key should work to remove characters and inserted text will push existing text over.
You can delete or move blocks of text. First move the cursor to the beginning (or end) of the block of text. Then set a mark with: Ctrl-spacebar Now move to the other end of the block of text and Delete or Copy the block: Delete: Ctrl-w Copy: [Esc] w To Paste a copied block, move to the new location and insert with : Ctrl-y
Emacs has a built in help feature Just type: Ctrl-h To get help with a specific command, type: Ctrl-h k keys (where “keys” are the command keys that you type for that command) Emacs has a built in tutorial: Ctrl-h t this will be the primary exercise for this week’s computer lab.
vi is pronounced "vee-eye." It is found on almost all Unix and Linux systems. vi has two basic modes: Command Mode Text Insert Mode To run vi just type on command prompt vi or vi filename
KEY EFFECT Left Arrow Move one character left Down Arrow Move down one line Up Arrow Move up one line Right Arrow Move one character right or h Move one character left j Move down one line k Move up one line l Move one character right 0 Move to beginning of current line (Note: this is “zero” key) $ Move to end of current line
KEY EFFECT i Insert text o Insert line below cursor A Append at end of line esc Command mode : Invoke “ex” command r Replace character cw Change word x Delete character dw Delete word dd Delete line
Command format is normally [count] command [where] count number of times to repeat a command (optional) command the actual command where how much to act on or where to take the cursor depending on the command (optional) Examples 23x Delete 23 characters 25dd Delete 25 lines d$ Delete from current position to the end of the line
You access these command by hitting “:” in command mode ex commands provide one way of getting out of vi :wq Write any changes and quit :q Quit (will only do so if no changes) :q! Quit without saving changes
KEY EFFECT p Put (paste) contents of buffer yw Yank (copy) word yy Yank (copy) line u Undo last command . Repeat last command U Undo all changes to line d$ Delete to end of line C Change text to end of line J Join lines
KEY EFFECT / pattern Search forward for pattern ? pattern Search backward for pattern n Repeat search in same direction N Repeat search in opposite direction
^B Scroll backwards one page. A count scrolls that many pages. ^D Scroll forwards half a window. A count scrolls that many lines. ^F Scroll forwards one page. A count scrolls that many pages. ^H Move the cursor one space to the left. A count moves that many spaces. ^J Move the cursor down one line in the same column. A count moves that many lines down. ^M Move to the first character on the next line. ^N ^P Move the cursor up one line in the same column. A count moves that many lines up. ^U Scroll backwards half a window. A count scrolls that many lines. $ Move the cursor to the end of the current line. A count moves to the end of the following lines.
% Move the cursor to the matching parenthesis or brace. ^ Move the cursor to the first non-whitespace character. ( Move the cursor to the beginning of a sentence. ) Move the cursor to the beginning of the next sentence. { Move the cursor to the preceding paragraph. } Move the cursor to the next paragraph. | Move the cursor to the column specified by the count. + Move the cursor to the first non-whitespace character in the next line. - Move the cursor to the first non-whitespace character in the previous line. _ Move the cursor to the first non-whitespace character in the current line. (Zero) Move the cursor to the first column of the current line. B Move the cursor back one word, skipping over punctuation. E Move forward to the end of a word, skipping over punctuation. G Go to the line number specified as the count. If no count is given, then go to the end of the file.
H Move the cursor to the first non-whitespace character on the top of the screen. L Move the cursor to the first non-whitespace character on the bottom of the screen. M Move the cursor to the first non-whitespace character on the middle of the screen. W Move forward to the beginning of a word, skipping over punctuation. b Move the cursor back one word. If the cursor is in the middle of a word, move the cursor to the first character of that word. e Move the cursor forward one word. If the cursor is in the middle of a word, move the cursor to the last character of that word. h Move the cursor to the left one character position. j Move the cursor down one line.
k Move the cursor up one line. l Move the cursor to the right one character position. w Move the cursor forward one word. If the cursor is in the middle of a word, move the cursor to the first character of the next word. ~ Switch the case of the character under the cursor. < Shift the lines up to where to the left by one shiftwidth. "<<" shifts the current line to the left, and can be specified with a count > Shift the lines up to where to the right by one shiftwidth. ">>" shifts the current line to the right, and can be specified with a count J Join the current line with the next one. A count joins that many lines.
LINUX FILE SYSTEM
File System is developed for create/store/load/delete/seek file on media Media example Magnetic Media Tape Floppy disk Hard disk Optical Media Cdrom Dvd
File system of Windows OS Windows 98 and Windows ME Support FAT16, FAT32 Windows 2000 Support FAT16,FAT32, NTFS Windows XP Support FAT32, NTFS
Directories - organize files Files - store the data Directories - organize files Partitions - separate collections of directories (also called “volumes”) all directory information kept in partition mount file system to access
Characteristic Windows Linux File System NTFS, FAT ext2,ext3 Reference Root of each partition point Each partition is mount under a drive letter Ex. C:, D:, F: Each partitions is mounted under / File Extensions Files are recognized by file extensions. Ex. Abc.txt, tmp.exe No File Ext Case Sensitive No Yes
File System in Linux is divided into 2 type Linux Swap is used in virtual memory system Linux File System is used to store file there is various type of file system ext2 ( is first introduced in kernel 2.0.x ) ext3 ( is first introduced in kernel 2.4.x )
Every Linux filesystem implements a basic set of common concepts derived from the Unix operating system Files are represented by inodes (information nodes) Directories are simply files containing a list of entries, so a directory is represented by an inode as well
Each file is represented by a structure, called an inode An ``inode'' (information node) contains all the information about a file (except file data), Each inode contains the description of the file: file type access rights owners timestamps size pointers to data blocks
The inode also contains the locations of all the data that make up a file so the operating system can collect it all when needed. The only information the inode does not contain is the name of the file and the contents. Directories contain the actual filenames. Blocks pointed to by the inode contain the actual data
Directories are implemented as a special type of file A directory is a file containing a list of entries Each entry contains an inode number and a file name When a process uses a pathname, the kernel code searches in the directories to find the corresponding inode number After the name has been converted to an inode number, the inode is loaded into memory and is used by subsequent requests
Anatomy of an inode Data blocks i-node
The ext fs supports standard Unix file types: regular files Directories device special files symbolic links (Shortcuts) Ext fs is able to manage filesystems created on really big partitions up to 4 TB Ext fs provides long file names. The maximum file name size is 255 characters Ext fs reserves some blocks for the super user (root) This allows the administrator to recover easily from situations where user processes fill up filesystems
One special data block, the ``superblock'', contains overall information about the filesystem, just as the inode contains information about a specific file. The superblock contains the information necessary to mount a filesystem and access its data, including the size of the filesystem, the number of free inodes, and information about free space available.
When a filesystem such as ext fs is mounted it checks a flag in the superblock to determine the consistency of the filesystem When an ext fs system boots it sets this consistency flag to Not Clean When an ext fs system shuts down normally it sets the consistency flag to Clean If the system boots and discovers the consistency flag is Not Clean, as could happen in a system crash, it runs fsck (file system check) to search for errors in the files system
In the root directory there are a number of folders In the root directory there are a number of folders. The names of these folders, what they are expected to contain / (root) bin sbin home etc boot root usr var dev lib scott alice bob bin sbin local lib tmp n321 mail public_html bin man lib share src
The /bin directory contains commands that may be used by users or system administrators A command is a small executable file This directory is available when the system starts up
This is the directory where the Linux kernel is stored It contains everything that is required for the boot process except configuration files
To Linux all devices are considered to be files For any device, such as a CDROM or a Video display Card, there must be a corresponding file in this directory Examples of device files would be: /dev/cdrom for the CDROM /dev/fd0 for the first floppy disk /dev/hda1 for the first IDE hard disk /dev/sda1 for the first SCSI hard disk Some devices are mounted when the system boots and some must be manually mounted
This directory contains configuration files and directories for the current system Linux is well known for the fact that its configuration files are plain text files (rather than the bizarre registry database of Windows) Every Linux program is expected to store its configuration in this directory or a subdirectory of this directory
This directory stores all files belonging to the multiple users who have accounts on the system If user name is “abc” then the home directory of this will be /home/abc
Stands for initial ram disk A ram disk is an area of memory that acts as if it is a disk device (very fast, but not very permanent!) During the boot process a ram disk is created and mounted in this directory The kernel can then use this ram disk which usually contains device drivers needed during the boot process Without this directory RedHat Linux will not boot Once the boot process is complete the ram disk is unmounted
The system libraries needed for the following are found in this directory: to boot the system for commands found in /bin For commands found in /sbin Libraries for user applications are likely to be found in /usr/lib
If Linux system crash, the program fsck (file system check) will be run when the system reboots If any files are found to be corrupted or damaged in some way then they are placed in this directory
This is the default directory to which temporary filesystems (such as CD-ROMs and Floppy Disks) are mounted To mount a CDROM you would give the command: mount /mnt/cdrom The result will be a directory called cdrom in the mnt directory This cdrom directory will contain the filesystem of the CDROM
This directory is inherited from early versions of UNIX Applications that did not come with the operating system were installed here (they are optional applications)
This is a virtual filesystem, containing process information The files in this directory or its sub-directories are neither text or binary Most of the files have a length of zero (0) Yet when the file is viewed, it can contain quite a bit of information. Both applications and system administrators can use /proc as a method of accessing information about the state of the kernel, the attributes of the machine, the state of individual processes, and so on. For example, cat /proc/meminfo will present information on the memory used by Linux
The root user does not get a home directory (/home/root) Instead, a directory in the root filesystem is created as the home directory for the system administrator
Root-only commands and utilities used for system administration are stored in /sbin, /usr/sbin, and /usr/local/sbin /sbin also contains binaries essential for booting, restoring, recovering, and/or repairing the system Root-only commands that are run after /usr is mounted are placed in one of the /usr/sbin directories
This directory contains variable data files This includes spool directories, administrative and logging data, and transient and temporary files The directory /var/log contains log files generated by the web server, ftp server, and boot process along with any other application that creates a log file /var can be located on other partitions or filesystems
This directory contains user binary files such as the applications you would use This directory contains shareable, read-only data /usr can be located on other partitions or filesystems
This is the primary directory for executable commnads on the system /usr/bin This is the primary directory for executable commnads on the system /usr/include This is where all of the system’s general-use include files for the C programming language are placed /usr/lib Object files, libraries, and internal binaries that would be linked into C programs are placed here /usr/sbin Non-essential binaries used exclusively by the system administrator are stored here
Network File System (NFS)
When an application accesses a file that resides on a remote machine, the program’s operating system invokes client software that contacts a file server on the remote machine and performs the requested operations on the file. Unlike a file transfer, the application’s system does not retrieve or store an entire file at once; instead, it requests transfer of one small block of data at a time.
In addition to the basic mechanisms for reading file protections, and translate information among the presentations used on various computers. Because a remote file access service connects two machines, it must handle differences in the way the client and server systems name files, denote paths through directories, and store information about files. The files access software must accommodate differences and writing files, a file access service must provide ways to create and destroy files, peruse directories, authenticates requests, honor in the semantics interpretation of file operations.
The NFS design stores state information at the client site, allowing servers to remain stateless. Because the server is stateless, disruption in service will not affect client operation. A client will be able to continue file access after a stateless server crashes and reboots; the application program, which runs on the client system, can remain unaware of the server reboot. Because a stateless server does not need to allocate resources for each client, a stateless design can scale to handle more clients than a stateful design.
The NFS designers adopted UNIX file system semantics when defining the meaning of individual operations. Understanding the UNIX file system is essential to understanding NFS because NFS uses the UNIX file systems terminologies and semantics. It honors the same open-read-write-close paradigm as UNIX, and offers most of the same services. Like UNIX, NFS assumes a hierarchical naming system. It considers the file hierarchy to be composed of directories and files. +
NFS assumes that file or directory has a mode that specifies its type and access protection. The definitions and meaning of bits in the NFS mode integer is very similar to that of UNIX. Although NFS defines file types for devices, it does not permit remote device access (e.g., a client may not read or write a remote device)
An NFS file server runs on a machine (which has large disks) that has a local file system. An NFS client runs on an ordinary machine and access the files on machines that run NFS servers. When an application program calls open to obtain access to a file, the OS uses the syntax of the path name to choose between local and remote file access procedures. If the path refers to a local file, the system uses the computer’s standard file system software to access the file; If the path refers to a remote file, the system uses NFS client software to access the remote file.
In UNIX, the mount mechanism construct a single, unified naming hierarchy from individual file systems on multiple disks. UNIX implementation of NFS client code use an extended version of the mount mechanism to integrate remote file systems into the naming hierarchy along with local file systems. The main advantage of using the mount mechanism is consistency: all file names have the same form. An application program cannot tell whether a file is local or remote from the name syntax alone.
When a user is accessing a file, the kernel determines whether the file is a local file or an NFS file. The kernel passes all references to local files to the local file access module and all references to the NFS files to the NFS client module The NFS client sends RPC requests to the NFS server through its TCP/TP module, Normally, NFS is used with UDP, but newer implementations can use TCP. Then the NFS server receives the requests on port 2049. Next, the NFS server passes the request through its local file access routines,
which access the file on server’s local disk which access the file on server’s local disk. After the server gets the results back from the local file access routines, the NFS server sends back the reply in the RPC reply format to the client. while the NFS server is handling the client’s request, the local file system needs some amount of time to return the results to the server. During this time the server does not want to block other incoming client requests. To handle multiple client requests, NFS servers are multithreaded or there are multiple servers running at the same time. Second, the same situation occurs in the client’s side. Some Unix systems often use a technique similar to the NFS server: there are multiple biod’s running on the client side to provide more concurrency of NFS requests.
Client wants to access a file from server
NFS is a protocol in the application layer NFS is a protocol in the application layer. It works with some protocols. The mount protocol provides the method of validation and permission checking and initiates the root file handle for client. The port mapper protocol provides the current server port number to the client that needs to access the specific server program. NIS is usually implemented with NFS. It provides a convenient way User can login with the same user name and password to all the
NFS and RPC requests can be used with both UDP and TCP, machines in the same NIS group. NFS and all related protocols are using the service provided by RPC. All NFS requests and replies are in the format specified by RPC. XDR is the standard for encoding data in RPC. NFS and RPC requests can be used with both UDP and TCP, NFS was designed to be independent from transport layer. That means NFS can use on top of many transport protocols. However, in this class we interested in TCP and UDP only.
How does a server know which file/directory the client needs to access? There is a data structure that is called the File Handle. The File handle is created by the NFS server and it is a unique reference to the specific file or directory on the NFS server itself. This FH is passed to the client at the first time the NFS client contacts the NFS server. The process of first contact is called the Mounting process. The top directory of the NFS server file system is called the root of the mounted file system. So, when the client mounts the server file system, the client will get a file handle of the root file system from the server.
FH is opaque to the client. This means the client does not do anything with the FH. The client only sends it back to the server when it wants to access that file/directory. And the server can know from the file handle which file/dir the client needs to access. With the FH, the client does not need to know how the NFS server specifies the path name. And the other important point is that the server doesn’t need to keep track of what is the current access point of the client. volume ID inode # generation #
Suppose : client needs to cat the file sub2/myname.txt under the current directory
Suppose : client needs to remove the file sub2/myname.txt
Can be executed more than once by the server and still return the same result Stateless protocol requires idempotent operation How to makes all NFS requests idempotent: Server records recently performed operations in cache Server checks in cache for duplicate requests Server returns the previous result if it is a duplicate
From the beginning, NFS used UDP Most NFS systems were on LAN High overhead if using TCP Currently, NFS across WAN needs TCP Reliability and congestion control Both sides set TCP’s keep alive option If server crashes, client opens new TCP connection If client crashes, server will terminate the connection after the next keep alive probe
Error handling: Performance: Authentication: failures of the server or network must be handled Performance: slower than local procedure calls Authentication: RPC can be transported over insecure networks
Port Mapper/RPCBIND
Files Permissions
We're going to look at file types UNIX recognizes a number of types. magic numbers How different normal files can be distinguished file attributes Information stored about files file protection How access to files is restricted.
UNIX stores information in byte-oriented files. UNIX recognizes a number of different file types. You can view the different types of files with ls -l [root@lab1 home]# ls -l /home /dev/null /etc/passwd drwxr-xr-x 11 root root 1024 Feb 7 1996 /home crw-rw-rw- 1 root root 1, 3 May 6 1998 /dev/null -rw-r--r-- 1 root root 669 Dec 30 15:49 /etc/passwd [root@lab1 home]# ls -l /dev/hda1 brw-rw---- 1 root disk 3, 1 May 6 1998 /dev/hda1 [root@lab1 home]# ls -l /etc/X11/X lrwxrwxrwx 1 root root 29 Jan 26 1998 /etc/X11/X -> ../../usr/X11R6/bin/XF86_SVGA
The first letter indicates file type. Meaning Example - a normal file /etc/passwd d a directory / l symbolic link /dev/modem b block device file /dev/hda c character device file /dev/tty1
Consequences of Unauthorized Access: Limiting unauthorized access to your directories and files is a very important concern for ALL Linux (Unix) users. Consequences of Unauthorized Access: Copying your assignments (cheating) Using your account for illegal activity Using your account to send obscene messages Tampering with files
UNIX achieve this by specifying three valid file operations Read, write and execute dividing users into three groups user - person who owns the file group - group who owns the file other - everybody else allow the owner to specify valid operations for each group
The meaning of a file operation is different if applied to a file or a directory. Effect on a file Effect on a directory read read the contents of the file find out what files are in the directory, e.g. ls write delete the file or add something to the file be able to create or remove a file from the directory execute be able to run a file/program be able to access a file within a directory
Every file has file permissions [root@lab1]# ls -l / /etc/passwd /home/test/teaching drwxr-xr-x 19 root root 1024 Dec 8 15:54 / -rw-r--r-- 1 root root 669 Dec 30 15:49 /etc/passwd drwxrwxrwx 10 test test 1024 Dec 24 23:18 /home/test/teaching They specify which operations each group can perform.
/home/test/teaching/ File Permissions Description / drwxr-xr-x file type => directory user/owner (root) => read, write and execute group (root) => read and execute other => read and execute /etc/passwd -rw-r--r-- file type => normal file user/owner (root) => read and write group (root) => read other => read /home/test/teaching/ drwxrwxrwx file type => directory user/owner (test) => read, write and execute group (test) => read, write and execute other => read, write and execute
UNIX actually stores permissions as numbers. But humans generally don't do numbers well. The nice commands (like ls, stat) change them to symbolic. A Systems Administrator needs to be able to translate from one to the other.
Following table summarizes the valid symbols. Meaning r read w write x execute
Each symbolic permission has a numeric equivalent. Summarized in the following table. These are actually octal numbers Symbol Numeric equivalent r 4 w 2 x 1
Doing a conversion from symbolic to numeric (e.g. rwxr--r-x) split symbols into three user groups user - rwx group - r-- other - r-x replace symbols with numeric equivalent and add user - rwx = 4 + 2 + 1 = 7 group - r-- = 4 other - r-x = 4 + 1 = 5
bring them together to form the numeric permissions rwxr--r-x = 745
Command Purpose chmod Change the file permissions for a file. Only the owner of a file can use it. chgrp Change the group owner of a file. You can only change it to a group you belong to. chown Change the user owner of a file. Only root can use this.
Introduction to Linux Shells
Computers do not understand a thing we type The language of computers is a language consisting exclusively of numbers What these numbers mean are determined by the manufacturer of the CPU The instruction set for a Pentium CPU is not the same as the set for an IBM PowerPC CPU
One of the features of Unix is that it can and has been ported to many different types of CPU Linux is a clone of Unix that works on Intel CPUs (i386) and beyond Regardless of the flavor of Unix you are using, once you are logged into the system in console mode, you are using a shell or command interpreter The shell is a program that responds to user commands either typed at the keyboard or read from a file These commands will work on most every version of Unix regardless of the CPU In the history of Unix there have been and still are a number of shells a user can choose from
It performs the following tasks Wait for the user to enter a command Parse the command line, Find the executable file for the command This can be a a shell function, a built-in shell command or an executable program. 4. If the command can't be found generate an error message 5. If it is found, fork off a child process to execute the command 6. Wait until the command is finished 7. Return to step 1
The Most Common Linux Shell The Bourne Shell The Bash Shell The C Shell The TC Shell The Korn Shell The A Shell The Z Shell
Bourse shell is the first Unix shell, its the grandfather of all modern shells It was written by Steve Bourne at AT&T It is installed as /bin/sh This is the only shell guaranteed to be on any Unix system you might encounter In many cases, however, you'll find that /bin/sh is not a real Bourne shell Instead it is a symbolic link to a more modern shell that has backward compatibility with the Bourne shell.
You won't find the Bourne shell being used much interactively these days It doesn't contain any of the fancy interactive features of newer shells But it remains immensely popular for scripts for two reasons: it's a pretty fair scripting language, it's available on every Unix box a script might find itself being executed upon Where the Bourne shell falls short scripting-wise, other widely available utilities such as the AWK language interpreter (awk) and the stream editor (sed) are used within Bourne shell scripts.
The Bourne Again Shell (bash) is a product of the Free Software Foundation's GNU project It is backward compatible with the Bourne shell and contains all of the nicer features of both csh and ksh, This is the default Linux shell and is usually installed as /bin/bash with a symbolic link to /bin/sh (typing /bin/sh will invoke bash) On commercial Unix systems you may find that someone has installed it as /usr/local/bin/bash.
The C shell was written by Bill Joy at the University of California at Berkeley His main intent for writing the C shell was to create a shell with C language-like syntax Its major enhancement over the original Bourne shell is its command history facility Despite the C language heritage, csh proved to be unsuitable for high-powered script programming The C Shell is usually installed as /bin/csh
A later effort, also involving William Joy, improved on C Shell by adding command line editing The result was the TC Shell (tcsh) You can configure the editing for vi-like or emacs-like modes TC Shell is usually installed as /bin/tcsh and sometimes symbolically linked to /bin/csh.
The Korn Shell (ksh), a product of AT&T, was a successful attempt to provide the functionality of C Shell while using a Bourne Shell syntax and maintaining Bourne Shell backward compatibility
A Shell (ash) by Kenneth Almquist of Berkely is a lightweight Bourne Shell clone which you may find suitable for use on machines that are very tight on memory It's usually installed as /bin/ash and it may also have symbolic links to /bin/bsh and /bin/sh. The Z Shell (zsh) by Paul Falstad resembles the Korn Shell in many respects but has some extra features, including built-in spell checking It's usually installed as /bin/zsh. Both ash and zsh are included with most Linux distributions.
When a command is entered into a shell it is compared to an internal (to the shell) set of commands If it is found then the shell executes the command If it is not found then a search is conducted in the user’s PATH for an executable file with the same name as the command Commands, either internal or external, can be stored in a (text) file A file of commands is called a shell script The file /etc/shells contains a list of valid shells.
Secure Shell (SSH)
Two version of Secure Shell (Not Compatible with each other) 1. Secure Shell (SSH) 2. Secure Shell version 2 (SSH2 or SecSh) Solve two acute problem in Internet - Secure remote tunnel logins - Secure file transfer Tunnel TCP Session over encrypted Secure Shell Connection Secure the communication of other applications and protocols without modifying the application
Encrypted SSH2 Tunnel Internet SSH Client Mail Server SSH Server
SSH’s first use was as a replacement for rsh, the Unix remote shell application. This tool allowed one to connect to a shell on a remote machine. The tool suffered from two major shortcomings. 1. Like telnet it sent all traffic in cleartext, 2. Secondly, the /etc/hosts.equiv and ~/.rhosts files listed trusted machines and users; these could make rsh connections without any further authentication. If an attacker compromised any of these trusted hosts, they would immediately get access to the rsh server with no more effort. SSH encrypts all traffic, including the password or key authentication.
Strong authentication. Closes several security holes (e.g., IP, routing, and DNS spoofing). New authentication methods: .rhosts together with RSA based host authentication, and pure RSA authentication. Improved privacy. All communications are automatically and transparently encrypted. RSA is used for key exchange, and a conventional cipher (normally IDEA, DES, or triple-DES) for encrypting the session. Encryption is started before authentication, and no passwords or other information is transmitted in the clear. Encryption is also used to protect against spoofed packets.
Shield against Spoofing: Port Forwarding: Arbitrary TCP/IP ports can be redirected through the encrypted channel in both directions (e.g., for e-cash transactions). Host Authentication: Never trusts the network. Minimal trust on the remote side of the connection. Minimal trust on domain name servers. Pure RSA authentication never trusts anything but the private key. Shield against Spoofing: Client RSA-authenticates the server machine in the beginning of every connection to prevent trojan horses (by routing or DNS spoofing) and man-in-the-middle attacks, and the server RSA-authenticates the client machine before accepting .rhosts or /etc/hosts.equiv authentication (to prevent DNS, routing, or IP-spoofing). .
Server Key The server program has its own server RSA key which is automatically regenerated every hour. This key is never saved in any file. Exchanged session keys are encrypted using both the server key and the server host key. The purpose of the separate server key is to make it impossible to decipher a captured session by breaking into the server machine at a later time; one hour from the connection even the server machine cannot decipher the session key. The server key is normally 768 bits. Flexible Any user can create any number of user authentication RSA keys for his own use. Each user has a file which lists the RSA public keys for which proof of possession of the corresponding private key is accepted as authentication. User authentication keys are typically 1024 bits.
Easier to Use: No retraining needed for normal users; everything happens automatically, and old .rhosts files will work with strong authentication if administration installs host key files Replacement of “R” Complete replacement for rlogin, rsh, and rcp
Currently, almost all communications on computer networks are done without encryption. As a consequence, anyone who has access to any machine connected to the network can listen in on any communication. This is being done by hackers, curious administrators, employers, criminals, industrial spies, and governments. Some networks leak off enough electromagnetic radiation that data may be captured even from a distance. When you log in, your password goes in the network in plain text. Thus, any listener can then use your account to do any evil he likes. Many incidents have been encountered worldwide where crackers have started programs on workstations without the owner’s knowledge just to listen to the network and collect passwords.
Encryption and cryptographic authentication and integrity protection are required to secure networks and computer systems. SSH uses strong cryptographic algorithms to achieve these goals. Ease of use is critical to the acceptance of a piece of software. SSH attempts to be *easier* to use than its insecure counterparts. SSH is available for almost all Unix platforms, and commercial versions are available for Windows (3.1, 95, NT) and Macintosh
SSH version string exchange client server TCP connection setup SSH version string exchange SSH key exchange (includes algorithm negotiation) SSH data exchange termination of the TCP connection
only, can be used to get into a server with the public key. Old way: password stored on server, user supplied password compared to stored version New way: private key kept on client, public key stored on server. The serious problem with the password approach, whether used with telnet or with ssh, is that the password you need to enter at the client end is stored on the server. Even though it’s stored in an encoded form in /etc/passwd or /etc/shadow, this password can be cracked with brute force once one has access to that file. The difference with the public/private key split is that if an attacker gets the public key stored on the server, that public key cannot be used to get back into the server! Only the private key, kept on the client only, can be used to get into a server with the public key.
When the user tries to log in, the client tells the server the public key that the user wishes to use for authentication. The server then checks if this public key is admissible. If so, it generates a 256 bit random number, encrypts it with the public key, and sends the value to the client. The client then decrypts the number with its private key, computes a 128 bit MD5 checksum from the resulting data, and sends the checksum back to the server. (Only a checksum is sent to prevent chosen-plaintext attacks against RSA.) The server checks computes a checksum from the correct data, and compares the checksums. Authentication is accepted if the checksums match.
The software consists of a number of programs. sshd Server program run on the server machine. This listens for connections from client machines, and whenever it receives a connection, it performs authentication and starts serving the client. ssh This is the client program used to log into another machine or to execute commands on the other machine. "slogin" is another name for this program. scp Securely copies files from one machine to another. ssh-keygen Used to create RSA keys (host keys and user authentication keys).
ssh-agent Authentication agent. This can be used to hold RSA keys for authentication. ssh-add Used to register new keys with the agent. make-ssh-known-hosts Used to create the /etc/ssh_known_hosts file.
Two Entirely Different Protocols SSH1 uses Server and Host Keys to Authenticate SSH2 only uses Host keys. SSH2 encrypt different parts of the packet SSH2 is more secure
Download the latest version follow the following steps. Decompress and unarcheve the software with the command. tar –zxf ssh-1.2.27.tar.gz Change your working directory so that you are in the root level of the Source code distribution. cd ssh-1.2.27 Run the configure program ./configure Use the make command to compile the software. make
When the process is finished, you will need to install the newly created binaries. During the installation process, the software will generate random keys to be used in the encryption process. make install Start new service by typing service sshd start or /etc/rc.d/init.d/sshd start service sshd stop or /etc/rc.d/init.d/sshd stop service sshd status or /etc/rc.d/init.d/sshd status
[root@lab1]# slogin -l aamir localhost or ssh –l aamir localhost aamir@127.0.0.1's password: Last login: Wed Aug 1 19:25:02 2001 from 202.133.64.67
If there is a message "connection refused," you may need to make a small change in your local tcpwrapper configuration files. Check to see if you have an /etc/hosts.deny file. Make a entry in this file that looks like this: ALL: ALL In /etc/hosts.allow file make following entry: sshd: ALL or IP addresses of allowed machines
The SSH configuration file is called /etc/ssh/sshd_config. By default SSH listens on all your NICs and uses TCP port 22. #Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress To prevent from people trying to hack in on a well known TCP port, then you can change port 22 to something else that won't interfere with other applications on your system, such as port 435 First make sure your system isn't listening on port 435 [root@bigboy root]# netstat -an | grep 435 [root@bigboy root]#
Change the Port line in /etc/ssh/sshd_config to mention 435 and remove the "#" at the beginning of the line. If port 435 is being used, pick another port and try again. Port 435 Restart SSH [root@lab1]# service sshd restart Check to ensure SSH is running on the new port [root@lab1]# netstat -an | grep 435 tcp 0 0 192.168.1.100:435 0.0.0.0:* LISTEN
Port 22 ListenAddress 192.168.1.1 HostKey /etc/ssh/ssh_host_key ServerKeyBits 1024 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin no IgnoreRhosts yes IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no PrintMotd yes SyslogFacility AUTH LogLevel INFOR
RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication yes PermitEmptyPasswords no AllowUsers admin
Port 22 The option Port specifies on which port number ssh daemon listens for incoming connections. The default port is 22. ListenAddress 192.168.1.1 The option ListenAddress specifies the IP address of the interface network on which the ssh daemon server socket is bind. The default is 0.0.0.0; to improve security you may specify only the required ones to limit possible addresses. HostKey /etc/ssh/ssh_host_key The option HostKey specifies the location containing the private host key. ServerKeyBits 1024 The option ServerKeyBits specifies how many bits to use in the server key. These bits are used when the daemon starts to generate its RSA key
LoginGraceTime 600 The option LoginGraceTime specifies how long in seconds after a connection request the server will wait before disconnecting if the user has not successfully logged in. KeyRegenerationInterval 3600 The option KeyRegenerationInterval specifies how long in seconds the server should wait before automatically regenerated its key. This is a security feature to prevent decrypting captured sessions. PermitRootLogin no The option PermitRootLogin specifies whether root can log in using ssh. Never say yes to this option. IgnoreRhosts yes The option IgnoreRhosts specifies whether rhosts or shosts files should not be used in authentication.
IgnoreUserKnownHosts yes The option IgnoreUserKnownHosts specifies whether the ssh daemon should ignore the user's $HOME/.ssh/known_hosts during RhostsRSAAuthentication. StrictModes yes The option StrictModes specifies whether ssh should check user's permissions in their home directory and rhosts files before accepting login. This option must always be set to yes because sometimes users may accidentally leave their directory or files world-writable. X11Forwarding no The option X11Forwarding specifies whether X11 forwarding should be enabled or not on this server. Since we setup a server without GUI installed on it, we can safely turn this option off.
PrintMotd yes The option PrintMotd specifies whether the ssh daemon should print the contents of the /etc/motd file when a user logs in interactively. The /etc/motd file is also known as the message of the day. SyslogFacility AUTH The option SyslogFacility specifies the facility code used when logging messages from sshd. The facility specifies the subsystem that produced the message--in our case, AUTH. LogLevel INFO The option LogLevel specifies the level that is used when logging messages from sshd. INFO is a good choice. See the man page for sshd for more information on other possibilities. RhostsAuthentication no The option RhostsAuthentication specifies whether sshd can try to use rhosts based authentication. Because rhosts authentication is insecure you shouldn't use this option.
RhostsRSAAuthentication no The option RhostsRSAAuthentication specifies whether to try rhosts authentication in concert with RSA host authentication. RSAAuthentication yes The option RSAAuthentication specifies whether to try RSA authentication. This option must be set to yes for better security in your sessions. RSA use public and private key pairs created with the ssh-keygen utility for authentication purposes. PasswordAuthentication yes The option PasswordAuthentication specifies whether we should use password-based authentication. For strong security, this option must always be set to yes.
PermitEmptyPasswords no The option PermitEmptyPasswords specifies whether the server allows logging in to accounts with a null password. If you intend to use the scp utility to make automatic backups over the network, you must set this option to yes. AllowUsers admin The option AllowUsers specifies and controls which users can access ssh services. Multiple users can be specified, separated by spaces.
[root@lab1]# ssh -l abc -p 435 192.168.2.1 Using SSH is similar to Telnet. To login from another Linux box use the "ssh" command with a "-l" to specify the username you wish to login as. If you leave out the "-l", your username will not change. User “root” Logs In To smallfry As User “root” [root@lab1]# ssh 192.168.2.1 User “root” Logs In To testsrv As User “abc” Using default port 22 [root@lab1]# ssh -l abc 192.168.2.1 Using port 435 [root@lab1]# ssh -l abc -p 435 192.168.2.1
Copying Files To The Local Linux Box Command Format: scp username@address:remotefile localdir Examples: Copy file /tmp/software.rpm on the remote machine to the local directory /home [root@lab1]# scp root@192.168.2.1:/tmp/software.rpm /home Copy file /tmp/software.rpm on the remote machine to the local directory /home using TCP port 435 [root@lab1]# scp –p 435 root@192.168.2.1:/tmp/software.rpm /home
[xyz@lab1]$ ssh-keygen Generating public/private rsa1 key pair.Enter file in which to save the key (/home/xyz/.ssh/identity): /home/xyz/.ssh/identity Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/xyz/.ssh/identity. Your public key has been saved in /home/xyz/.ssh/identity.pub. The key fingerprint is:22:bc:0b:fe:f5:06:1d:c0:05:ea:59:09:e3:07:8a:8c xyz@lab1 cd ~.ssh; ls –l -rw------- 1 xyz xyz 526 Nov 2 01:33 identity -rw-r--r-- 1 xyz xyz 330 Nov 2 01:33 identity.pub
The file identity contains your private key. This key is used to gain access on systems which have your private key listed in their authorized keys file. Also, make sure your private key always is chmod 600, so other users on the system won't have access to it. The file identity.pub contains your public key, which can be added to other system's authorized keys files. We will get to adding keys later
[xyz@lab1]$ ssh-keygen –t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/xyz/.ssh/id_dsa) Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/xyz/.ssh/id_dsa Your public key has been saved in /home/xyz/.ssh/id_dsa.pub The key fingerprint is:22:bc:0b:fe:f5:06:1d:c0:05:ea:59:09:e3:07:8a:8c xyz@lab1 cd ~.ssh; ls –l -rw------- 1 xyz xyz 526 Nov 2 01:33 id_dsa -rw-r--r-- 1 xyz xyz 330 Nov 2 01:33 id_dsa.pub The file id_dsa contains your version 2 private key The file id_dsa.pub contains your version 2 public key
To be able to log in to remote systems using your pair of keys, you will first have to add your public key on the remote server to the authorized_keys (for version 1) file, and the authorized_keys2 (for version2) file in the .ssh/ directory in your home directory on the remote machine. [xyz@lab1]$ cd .ssh/ For SSH1 $ scp identity.pub xyz@192.168.1.3:/home/identity.pub For SSH2 $ scp id_dsa.pub xyz@192.168.1.3:/home/id_dsa.pub
This will place your keys in your home directory on the remote server. After that we will login on the remote server using ssh or telnet the conventional way... with a password. [xyz@tmpsrv xyz]$ mkdir .ssh [xyz@tmpsrv xyz]$ chmod 700 .ssh [xyz@tmpsrv xyz]$ cd .ssh [xyz@tmpsrv.ssh]$ touch authorized_keys [xyz@tmpsrv.ssh]$ chmod 600 authorized_keys [xyz@tmpsrv .ssh]$ cat ../identity.pub >> authorized_keys
Placing the key for version 2 works about the same : [xyz@tmpsrv xyz]$ mkdir .ssh [xyz@tmpsrv xyz]$ chmod 700 .ssh [xyz@tmpsrv xyz]$ cd .ssh [xyz@tmpsrv.ssh]$ touch authorized_keys2 [xyz@tmpsrv.ssh]$ chmod 600 authorized_keys2 [xyz@tmpsrv .ssh]$ cat ../id_dsa.pub >> authorized_keys2 Now logout from the remote server and connect again with ssh ssh –i ./.ssh/identity 192.168.2.11 (for ssh1) ssh –i ./.ssh/id_dsa 192.168.2.11 (for ssh2)
Software Management
A package is a software collection written in a particular format to achieve a specific goal. It makes installation easier. Redhat linux has over 450 packages available of which about 270 are installed originally on the server.
Executables Data Files Configuration Files Documentation Managing Programs Executables Data Files Configuration Files Documentation
Examples of Packages Applications, eg. a word processor or a programming language A part of the Operating System, eg. an FTP server Advantages One easily managed "chunk" Packages are "intelligent"
Package operations: Installing packages Upgrading packages Removing packages Keeping track of packages: Finding out what packages are installed Get information on a specific package Is a package still installed correctly?
In Red Hat Linux there are two most common types of Packages RPM Packages Tarball Packages
RPM stands for Redhat Package Manager. This utility was originally developed by Redhat but is now found in other Linux distributions. It is an easy method for installing, upgrading, deleting, or quering a software package. RPM is a significant enhancement over the tar utility that is used to install tarballs
Make it easy to get packages on and off the system Make it easy to verify a package was installed correctly Make it easy for the package builder Make it start with the original source code Make it work on different computer architectures
For the end user, RPM provides many features that make maintaining a system far easier than it has ever been. One command : Installing, uninstalling, and upgrading of RPM packages Package Database: Maintain database of installed packages and their files, which allows you to perform powerful queries and verification of your system. During upgrades, RPM handles configuration files specially, so that you never lose your customizations -- a feature that is impossible with straight .tar.gz files.
For the developer, RPM allows to take source code for software and package it into source and binary packages for end users. This process is quite simple and is driven from a single file and optional patches that you create
RPP Used in Red Hat Linux versions before 2.0 Supported one-command installation and uninstallation Package verification Powerful querying No support for multiple architectures
PMS Developed at the same time as RPP Used in the BOGUS distribution No package verification Weak querying No support for multiple architectures
PM Produced by the developers of PMS under contract to Red Hat Software Combined the best features of RPP and PMS Weak database design No support for multiple architectures
RPM Version 1 Produced by Marc Ewing and Erik Troan Automatic Handling of Configuration Files Easy to rebuild many packages Slow and big (written in Perl) Poor support for multiple architectures
RPM Version 2 Rewritten in C - much faster and didn't require Perl New database design improved speed and reliability Enhanced multiple architecture support
RPM Packages usually have a file extension eg. eject- 1.4-3. i386 .rpm Some packages have “noarch” in file name, it means the package is not dependent on the architecture of the system. Package Name Ext Ver Platform
rpm –i file1.rpm ... eg. rpm –i eject-1.4-3.i386.rpm Performs dependency checks Checks for conflicts Performs any tasks required before the install Decides what to do with config files Unpacks files from the package Performs any tasks required after the install
Additional options Overwriting packages: --replacepkgs Overwriting files: --replacefiles Overwriting packages and files: --force Ignoring dependencies: --nodeps Don't install documentation: --excludedocs
rpm -e pkg1 ... Checks that no other packages require the one being removed Performs any tasks required before uninstalling Check if any config files were changed Deletes any files belonging to the package Performs any tasks required after uninstalling Keeps track of what it did rpm -e eject
rpm -U file1.rpm ... Installs the new version Erases any older versions if they exist Configuration file handling rpm -U eject-1.2-2.i386.rpm "Upgrade" to an older version: --oldpackage
Example Queries: Where did this file come from? What is in this package I received? What version of this package do I have installed? Is there any documentation for this package? Parts to a query: What packages to query What information is wanted
To Check All installed packages rpm –qa Use "less" or "grep“ rpm -qa | grep -i ssh openssh-server-3.4p1-2 openssh-clients-3.4p1-2 openssh-askpass-gnome-3.4p1-2 openssh-3.4p1-2 openssh-askpass-3.4p1-2
Query a package file: You can use the “-ql” qualifier to list all the files associated with an installed RPM. In this example we test to make sure that the NTP package is installed using the”-qa” qualifier, then we use the “-ql” qualifier to get the file listing [root@lab tmp]# rpm -qa ntp ntp-4.1.2-0.rc1.2 [root@lab tmp]# rpm -ql ntp /etc/ntp /etc/ntp.conf /etc/ntp/drift /etc/ntp/keys
You can use the “-qpl” qualifier to list all the files in a RPM file [root@lab tmp]# rpm -qpl dhcp-3.0pl1-23.i386.rpm /etc/rc.d/init.d/dhcpd /etc/rc.d/init.d/dhcrelay /etc/sysconfig/dhcpd /etc/sysconfig/dhcrelay … /usr/share/man/man8/dhcrelay.8.gz /var/lib/dhcp /var/lib/dhcp/dhcpd.leases [root@lab tmp]#
The rpm –e command will erase an installed package. The package name given must match that listed in the rpm –qa command as the version of the package is important. [root@lab tmp]# rpm -e dhcp-3.0pl1-23.i386.rpm
Sometimes the packages you want to install need to be compiled in order to match your kernel version. This requires you to use source RPM files. Download the source RPMs or locate them on CD They usually have a file extension ending with (.src.rpm) Run the following commands as root: rpmbuild --rebuild filename.src.rpm
One of the most convenient package manipulation tools available is Gnome-RPM, a graphical tool which runs under the X Window System.
LINUX NETWORKING
Network Standalone computer Group of computers and other devices connected by some type of transmission media Networks enable users to share devices and data, collectively called a network’s resources Standalone computer Uses programs and data only from its local disks and is not connected to a network
Local computer Remote computer Computer on which user is working Computer that user controls or works on via network connection
Network of computers and other devices confined to relatively small space LAN Modules - Peer to Peer Module - Client / Server Module
Computers communicate on single segment of cable and share each other’s data and devices Simple example of a local area network (LAN) Not Secure and not scalable
Network operating system Network based on client/server architecture Clients do not communicate directly to each other in a client/server architecture but use the server as an intermediate step in comm Network operating system Special software designed to manage data, network security and sharing other resources on a server for a number of clients
Figure 1-3: LAN with a file server
User login accounts and passwords can be assigned in one place Access to multiple shared resources can be centrally granted Servers are optimized to handle heavy processing loads and dedicated to handling requests from clients Servers can connect more than a handful of computers
Metropolitan area network (MAN) Network connecting clients and servers in multiple buildings within limited geographic area Wide area network (WAN) Network that spans large distance and connects two or more LANs The Internet is an example of a very intricate and extensive WAN that spans the globe
Local Area Network Wide Area Network
Server Workstation Node Client, server, or other device that can communicate over a network and that is identified by a unique identifying number, known as its network address
Network operating system (NOS) Network interface card (NIC) Linux, Solaris, Windows 2000 etc.. Network interface card (NIC) Enables workstation to connect to the network and communicate with other computers
Bus Topology Star Topology Ring Topology Mesh Topology Hybrid Topologies
Terminator Segment
Hub
Star-Bus Bus Star-Ring
Repeaters and Hubs Bridges Switches Routers Gateways Remote Access Connectivity Types Public Switched Telephone Network (PSTN) Integrated Services Digital Network (ISDN) X.25 Asymmetric Digital Subscriber Line (ADSL)
Repeater Hub Transmits data to all connected computers Repeater computers in a star topology Hub
Bridge
Switch
Router Router Router Router
Ethernet Token Ring Gateway
Virtual Private Network Dial-up Remote Access Remote Access Client Remote Access Server Virtual Private Network Remote Access Client Linux VPN Server Corporate Intranet Internet Tunnel
PSTN Analog Voice Data Worldwide Availability Analog Modem 56 Kbps Telephone Wires Client Analog Modem Analog Modem Server Analog Voice Data Worldwide Availability Analog Modem 56 Kbps PSTN
Digital Telephone Lines or Telephone Wires Client ISDN Modem ISDN Modem Server International Communication Standard Digital Transmission Extends over Local Telephone Exchange ISDN Modem 64 Kbps or Faster ISDN
X.25 Based on Packet Switching Modem Based on Packet Switching X.25 Packet Assembler/Disassembler (PAD) Client Configuration Server Configuration X.25 X.25 Smart Card Client Server PAD Service
ADSL Copper Telephone Lines Simultaneous Voice and Data Transmission LAN Adapter Copper Telephone Lines Simultaneous Voice and Data Transmission 1.5 to 9 Mbps Downstream Rate 16 to 640 Kbps Upstream Rate LAN Interface or Dial-up Interface ADSL ATM Client Server ADSL Wires
Transmission media Transmission Media Twisted-Pair Means through which data are transmitted and received Twisted-Pair Unshielded (UTP) Shielded (STP) 10/100 Coaxial ThinNet ThickNet 10Base2, 10Base5 Fiber-Optic
Protocol Data Packets Rules network uses to transfer data e.g TCP/IP, IPX/SPX, AppleTalk …. Data Packets The distinct units of data transmitted from one computer to another on a network
TCP/IP is a universal standard suite of protocols used to provide connectivity between networked devices. One component of TCP/IP is the Internet Protocol (IP) which is responsible for ensuring that data is transferred between two addresses without being corrupted. For manageability, the data is usually split into multiple pieces or “packets” The two most popular transportation mechanisms used on the Internet are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).
TCP is a connection oriented protocol. It opens up a connection between client and server programs running on separate computers so that multiple and/or sporadic streams of data can be sent over an indefinite period of time. TCP keeps track of the packets sent by giving each one a sequence number with the remote server sending back “acknowledgement” packets confirming correct delivery.
UDP is a connectionless protocol. the machine that sends the data having no means of verifying whether the data was correctly received by the remote machine TCP / UDP Ports While in data transmission both the UDP and the TCP segment headers track the “port” being used. The source/destination port and the source/ destination IP addresses of the client & server computers are then combined to uniquely identify each data flow
All devices connected to the Internet have an Internet Protocol (IP) address. Just like a telephone number, it helps to uniquely identify a user of the system. IP addresses are in reality a string of binary digits or "bits". Each bit is either a 1 or a 0. IP addresses have 32 bits in total. For ease of use, IP addresses are written in what is called a "dotted decimal" format, four numbers with dots in between. None of the numbers between the dots may be greater than 255. An example of an IP address would be 192.168.0.1 The numbers between the dots are frequently referred to as "octets"
Class 1st Byte Format Total Hosts A 0 – 126 N.H.H.H 16 Million B 128 – 191 N.N.H.H 64 Thousand C 192 – 239 N.N.N.H 254 D 224 – 239 - (Multicast) E 240 – 254 (Experimental)
Splits networks into subnetworks Separates address into 2 parts 1’s – Network Portion 0’s – Host Portion Example: Class C Network Address: N.N.N.H Mask: 255.255.255.0 (255 = 11111111) CIDR Notation: N.N.N.H/24
Some groups of IP addresses are reserved for use only in private networks and are not routed over the Internet. These are 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 Home networking equipment / devices usually are configured in the factory with an IP address in the range 192.168.1.1 to 192.168.1.255
Whether or not your computer has a network interface card it will have a “built in” IP address with which network aware applications can communicate with one another. This IP address is defined as 127.0.0.1 and is frequently referred to as “localhost”
MAC Address also known as Physical address of hardware. Assigned by manufacturer (hardware) Must be absolutely unique Address format 6 octets in hex (#:#:#:#:#:#) First 3 octets: Manufacturer Identifier Last 3 octets: Card serial number Used for local network communication
Translates IP addresses to Ethernet (MAC) addresses Who is 10.0.0.3? I am (1:2:3:7:8:9) 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 arp –a: View the cache
Connects Networks together If destination not on local network, packets sent through gateway route: Display/configure routing
Hostname and IP Address assignment Configuration of hardware Default route (gateway) assignment Name Service Configuration Testing and troubleshooting
Uniquely identifies each system Fully Qualified Domain Name hostname.site.domain[.country] Country: 2 letter identifier for country Domain: Type of site (edu, com, org) Site: Unique name of organization Hostname: Unique name of system hostname: Display or set system name
Most modern PCs come with an ethernet port. When Linux is installed, this device is called "eth0". You can determine the IP address of this device with the "ifconfig" command To assign or unassign the eth0 interface an IP address use the ifconfig command ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up or ifconfig eth0 10.0.0.1 netmask 255.255.255.0 down To make this permanent each time you boot up you'll have to add this command in your /etc/sysconfig/network-scripts Directory. Interface eth0 has a file called ifcfg-eth0, eth1 uses ifcfg-eth1…etc
Typical format of Ifcfg-eth0 file. DEVICE=eth0 IPADDR=192.168.1.100 NETMASK=255.255.255.0 ONBOOT= yes Or in case of DHCP server. DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes
You can assign multiple IP Address on a single NIC with Ifconfig command or by creating a file. A virtual sub-interface also known as an "IP alias". IP aliasing is one of the most common ways of creating multiple IP addresses associated with a single NIC. Aliases have the name format "parent-interface-name:X", where "X" is the sub-interface number of your choice.
1. First ensure the "parent" real interface exists 2. Verify that no other IP aliases with the same name exists 3. with the name you plan to use. Create the virtual interface with the ifconfig command ifconfig eth0:0 192.168.1.99 netmask 255.255.255.0 up You then have the choice of creating a file in with the name of /etc/sysconfig/network-scripts/ifcfg-eth0:0
Default gateway is the address of the router / firewall connected to the Internet or the other network. Command to check the route is route To add the default route use the following command route add default gw 192.168.1.1 In this case, make sure that the router / firewall with IP address 192.168.1.1 is connected to the same network the “/etc/sysconfig/network” file is used to configure default gateway each time Linux boots
Following is the sample of /etc/sysconfig/network NETWORKING=yes HOSTNAME=lab2-3 GATEWAY=192.168.1.1 To delete default route use route del default gw 192.168.1.1
A linux server can act as router for this there is need of Two NIC cards Enable Packet Forwarding - In simple terms packet forwarding lets packets flow through the Linux box from one network to another The configuration parameter to activate this is found in the file /etc/sysctl.conf. Remove the "#" from the line related to packet forwarding Before # Disables packet forwarding #net.ipv4.ip_forward=1
After # Enables packet forwarding net.ipv4.ip_forward=1 Restart the machine or use the following command to activate it immediately. echo 1 > /proc/sys/net/ipv4/ip_forward
Following files are need to be configured for name service /etc/hosts Local configuration /etc/resolv.conf Domain Name Service (DNS) lookup search: domains to search if not FQDN
The /etc/hosts lists the name and IP address of local hosts Linux will typically check this file before referencing DNS, if the name is found with a corresponding IP address then DNS won't be queried. The /etc/hosts file has the following format ip-address fully-qualified-domain-name alias1 alias2 The very first line should always look like this with "localhost" being the only alias 127.0.0.1 localhost.localdomain localhost
If you have a NIC card in the server, then you have to add another entry in this file. First determine whats your true hostname is: [root@test /]# hostname test Add the corresponding entry in the /etc/hosts file for the NIC's IP address Host test with an IP address of 192.168.1.100 isn't part of any DNS domain 192.168.1.100 test.my-site.com test mail
The file /etc/resolv.conf is used to determined the name server of DNS server. Following is the sample of resolv.conf nameserver 202.133.76.51 nameserver 192.168.2.1
ping – Reachability test arp –a - To check the MAC address ifconfig - To check the IP Address traceroute – Routing performance Netstat –a – Network performance stats nslookup/dig – DNS Queries
Domain Name Service (DNS)
Addresses are used to locate objects Names are easier to remember than numbers You would like to get to the address or other objects using a name DNS provides a mapping from names to resources of several types
An address is how you get to an endpoint Typically, hierarchical (for scaling): 950 Milton Street, Brisbane City, QLD 4064 204.152.187.11, +617-3858-3188 A “name” is how an endpoint is referenced Typically, no structurally significant hierarchy “David”, “Tokyo”, “apnic.net”
DNS is the Domain Name System, which converts/maps symbolic machine names to the Internet addresses. It translates (maps) from name to address and from address to name. A Distributed, Hierarchical database of the Names of hosts on the Internet and their associated IP addresses.
Host names were mapped to IP addresses using 'hosts' files. This is the '/etc/hosts' file found on your Linux system. It still exists today to provide basic information to your networking system before any of the major networking services start. These files were then copied around the ARPANET using 9600Baud UUCP connections. UUCP -- Unix to Unix CoPy; Still used in some places today. Problems traffic and load Name collisions Consistency
A mapping is simply an association between two things, easy-to-remember machine name, like ftp.linux.org, and the machine's IP address (199.249.150.4). DNS also contains mappings the other way, from the IP number to the machine name; this is called a "reverse mapping".
Maps domain name to IP address. Application calls resolver Resolver sends UDP packet to local DNS server DNS server returns IP address to resolver Resolver returns IP address to application
Data is maintained locally, but retrievable globally No single computer has all DNS data DNS lookups can be performed by any device Remote DNS data is locally cacheable to improve performance
The database is always internally consistent Each version of a subset of the database (a zone) has a serial number The serial number is incremented on each database change Changes to the master copy of the database are replicated according to timing set by the zone administrator Cached data expires according to timeout set by zone administrator
No limit to the size of the database One server has over 20,000,000 names Not a particularly good idea No limit to the number of queries 24,000 queries per second handled easily Queries distributed among masters, slaves, and caches
Clients will typically query local caches Data is replicated Data from master is copied to multiple slaves Clients can query Master server Any of the copies at slave servers Clients will typically query local caches
Database can be updated dynamically Add/delete/modify of any record Modification of the master database triggers replication Only master can be dynamically updated Creates a single point of failure
The namespace needs to be made hierarchical to be able to scale. The idea is to name objects based on location (within country, set of organizations, set of companies, etc) unit within that location (company within set of company, etc) object within unit (name of person in company)
How names appear in the DNS Fully Qualified Domain Name (FQDN) WWW.APNIC.NET. labels separated by dots DNS provides a mapping from FQDNs to resources of several types Names are used as a key when fetching data in the DNS
Root DNS Domain names can be mapped to a tree Dot used as a separator dots Root DNS net org com gov iana apnic www whois whois ftp
The DNS maps names into data using Resource Records. www.apnic.net. … A 10.10.10.2 Address Resource
Domains are “namespaces” Everything below .com is in the com domain Everything below apnic.net is in the apnic.net domain and in the net domain
• com domain com net edu net domain apnic.net domain • • • google sun tislabs isi • moon • • training www www ftp • ns2 ns1
Administrators can create subdomains to group hosts According to geography, organizational affiliation or any other criterion An administrator of a domain can delegate responsibility for managing a subdomain to someone else The parent domain retains links to the delegated subdomain The parent domain “remembers” who it delegated the subdomain to
Zones are “administrative spaces” Zone administrators are responsible for portion of a domain’s name space Authority is delegated from a parent and to a child
net net zone domain apnic.net zone training.apnic.net zone • com net edu • • • google apnic.net zone apnic sun tislabs isi • moon • • training.apnic.net zone training www www ftp • ns2 ns1
It has two parts... the Name Server the Resolver
Primary: Contains the writable authoritative copy for the zones that it is primary for Secondary: Contains mirror copy of the data from a primary nameserver. No updates take place here, used to provide redundancy Caching-only: relies on other name servers for authoritative answers Note: BIND -- Berkley Internet Name Daemon This is the most common name server..
Primary Secondary Data loaded from a file. One primary server per zone. Secondary Data transferred from a primary server. Data may be stored in a file. Checks every refresh period with the primary, looking for changes. Might have many secondaries per zone
;; domain.edu (use your favorite naming scheme) $TTL 86400 @ IN SOA ns1.domain.edu. root.domain.edu. ( 2002093000 ; serial - YYYYMMDDXX 21600 ; refresh - 6 hours 1200 ; retry - 20 minutes 3600000 ; expire - long time 86400) ; minimum TTL - 24 hours ;; Nameservers IN NS ns1.domain.edu. IN NS ns2.domain.edu. ;; Hosts with just A records host1 IN A 1.0.0.1
TTL is a timing parameter IN class is widest used Resource records consist of it’s name, it’s TTL, it’s class, it’s type and it’s RDATA TTL is a timing parameter IN class is widest used There are multiple types of RR records Everything behind the type identifier is called rdata www.ibadat.edu.pk. 3600 IN A 10.10.10.2 ttl Label type rdata class
apnic.net. 7200 IN SOA ns.apnic.net. admin.apnic.net. ( 2001061501 ; Serial 43200 ; Refresh 12 hours 14400 ; Retry 4 hours 345600 ; Expire 4 days 7200 ; Negative cache 2 hours ) apnic.net. 7200 IN NS ns.apnic.net. apnic.net. 7200 IN NS ns.ripe.net. Label ttl class type rdata host25.apnic.net. 2600 IN A 193.0.3.25
The main DNS configuration is kept in the file /etc/named The main DNS configuration is kept in the file /etc/named.conf which is used to tell BIND where to find the configuration files for each domain you own. There are usually two zone areas in this file: Forward zone file definitions which list files to map domains to IP addresses Reverse zone file definitions which list files to map IP addresses to domains In this example the forward zone for www.my-site.com is being set up by placing the following entries at the bottom of the /etc/named.conf file. The zone file is named my-site.zone zone "my-site.com" { type master; notify no; allow-query { any; }; file "my-site.zone"; };
You can also insert additional entries in the /etc/named.conf file zone "my-other-site.com" { type master; notify no; allow-query { any; }; file "my-other-site.zone"; };
DNS databases contain more than just hostname-to-address records: Name server records NS Hostname aliases CNAME Mail Exchangers MX Host Information HINFO
The SOA and NS records are used to provide information about the zone itself The NS indicates where information about a given zone can be found The SOA record provides information about the Start Of Authority, i.e. the top of the zone, also called the APEX
Contact address Master server Version number Timing parameter net. 3600 IN SOA A.GTLD-SERVERS.net. nstld.verisign-grs.com. ( 2002021301 ; serial 30M ; refresh 15M ; retry 1W ; expiry 1D ) ; neg.answ.ttl Version number Timing parameter
TTL is a timer used in caches An indication for how long the data may be reused Data that is expected to be ‘stable’ can have high TTLs SOA timers are used for maintaining consistency between primary and secondary servers
Zone file is written by the zone administrator Zone file is read by the master server and it’s content is replicated to slave servers What is in the zone file will end up in the database Because of timing issues it might take some time before the data is actually visible at the client side
The ‘header’ of the zone file Start with a SOA record Include authoritative name servers and Add other information Add other RRs Delegate to other zones
admin.email@apnic.net admin\.email.apnic.net apnic.net. 3600 IN SOA ns.apnic.net. admin\.email.apnic.net. ( 2002021301 ; serial 1h ; refresh 30M ; retry 1W ; expiry 3600 ) ; neg. answ. ttl admin.email@apnic.net admin\.email.apnic.net Serial number: 32bit circular arithmetic People often use date format To be increased after editing The timers above qualify as reasonable
NS record for all the authoritative servers They need to carry the zone at the moment you publish A records only for “in-zone” name servers Delegating NS records might have glue associated apnic.net. 3600 IN NS NS1.apnic.net. apnic.net. 3600 IN NS NS2.apnic.net. NS1.apnic.net. 3600 IN A 203.0.0.4 NS2.apnic.net. 3600 IN A 193.0.0.202
Add all the other data to your zone file Some notes on notation Note the fully qualified domain name including trailing dot Note TTL and CLASS localhost.apnic.net. 3600 IN A 127.0.0.1 NS1.apnic.net. 4500 IN A 203.0.0.4 www.apnic.net. 3600 IN CNAME wasabi.apnic.net. apnic.net. 3600 IN MX 50 mail.apnic.net.
apnic.net. 3600 IN SOA NS1.apnic.net. admin\.email.apnic.net. ( 2002021301 ; serial 1h ; refresh 30M ; retry 1W ; expiry 3600 ) ; neg. answ. Ttl apnic.net. 3600 IN NS NS1.apnic.net. apnic.net. 3600 IN NS NS2.apnic.net. apnic.net. 3600 IN MX 50 mail.apnic.net. apnic.net. 3600 IN MX 150 mailhost2.apnic.net. NS1.apnic.net. 4500 IN A 203.0.0.4 NS2.apnic.net. 3600 IN A 193.0.0.202 localhost.apnic.net. 3600 IN A 127.0.0.1 NS1.apnic.net. 3600 IN A 193.0.0.4 www.apnic.net. 3600 IN CNAME IN. apnic.net.
; Zone file for my-site.com ; The full zone file $TTL 3D @ IN SOA www.my-site.com. hostmaster.my-site.com. ( 200211152 ; serial# 3600 ; refresh, seconds 3600 ; retry, seconds 3600 ; expire, seconds 3600 ) ; minimum, seconds NS www ; Inet Address of nameserver my-site.com. MX 10 mail ; Primary Mail Exchanger localhost A 127.0.0.1 www A 97.158.253.26 mail CNAME www
; Filename: 192-168-1.zone ; ; Zone file for 192.168.1.x $TTL 3D @ IN SOA www.my-site.com. hostmaster.my-site.com. ( 200303301 ; serial number 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ) ; minimum, seconds NS www ; Nameserver Address 100 PTR bigboy.my-site.com. 103 PTR smallfry.my-site.com. 32 PTR dhcp-32.my-site.com. 33 PTR dhcp-33.my-site.com
HEADER QUERIES Response RESOURCE RECORDS Response AUTHORITY RECORDS Response ADDITIONAL INFORMATION
} query identifier flags # of questions 16 bit fields # of RRs # of authority RRs # of additional RRs 16 bit fields } Response
QR: Query=0, Response=1 AA: Authoritative Answer TC: response truncated (> 512 bytes) RD: recursion desired RA: recursion available rcode: return code
A request can indicate that recursion is desired - this tells the server to find out the answer (possibly by contacting other servers). If recursion is not requested - the response may be a list of other name servers to contact.
Domain Name Response type Class (IP) Time to live (in seconds) Length of resource data Resource data
Both UDP and TCP are used: TCP for transfers of entire database to secondary servers (replication). UDP for lookups If more than 512 bytes in response - requestor resubmits request using TCP.
WEB Server
A Web server is the server software behind the World Wide Web. It listens for requests from a client, such as a browser like Netscape or Microsoft's Internet Explorer. When it gets one, it processes that request and returns some data. This data usually takes the form of a formatted page with text and graphics. The browser then renders this data to the best of its ability and presents it to the user. Web servers are in concept very simple programs. They await for requests and fulfill them when received.
URL The Web is based on the client/server paradigm. DNS Server Typical Transaction on the Web 1. DNS Lookup DNS Server URL 2. TCP connection 3. HTTP request 4. HTTP response Web Server Web Client
Web servers communicate with browsers or other clients using the Hypertext Transfer Protocol (HTTP), which is a simple protocol that standardizes the way requests are sent and processed. This allows a variety of clients to communicate with any vendor's server without compatibility problems. Most of the documents requested are formatted using Hypertext Markup Language (HTML). HTML is a small subset of another markup language called Standard General Markup Language (SGML), which is in wide use by many organizations and the U.S. Government.
The protocol, designed by Tim Berners-Lee as early as 1989 Application-level protocol client (browser) makes request - server responds support for: use of URL’s Internet media types (MIME types: RFC2045-RFC2049) allows access to different data formats standards: HTTP 1.0 (RFC 1945), HTTP 1.1 (RFC 2616, a formal on 07.99) http://www.apache.kr.net:8080/directory/file.html protocol server name port directory/file name on the server
Simple client request Server reply GET /index.html HTTP/1.1 Host: orange.kr.psi.net HTTP/1.1 200 OK Date: Tue, 09 Jan 2001 10:49:14 GMT Server: Apache/1.3.14 (Unix) Last-Modified: Tue, 09 Jan 2001 01:11:02 GMT ETag: "131e-a074-3a5a6526" Accept-Ranges: bytes Content-Length: 41076 Content-Type: text/html <!--Copyright (c) 1997-2001 by Kwan-jin,Jung --> <!--All Rights Reserved --> <html> Simple client request Server reply
Status codes are three digit numbers grouped as follows: 1xx - informational 2xx - client request successful 200 - OK 3xx - request redirected 4xx - client errors (request incomplete) 403 - Forbidden 404 - Not found 5xx - server errors
A common Goal To provide an open-source, secure, efficient and extensible server that provides HTTP services in sync with non-proprietary World Wide Web standards Apache Group Non-Profit Organization Develop bug fixes and software additions Approve and implement any bug fixes and software additions submitted by non-core developers Test new releases Document new features
Freely Available : source code binaries for many platforms (version 1.3.x includes also the Windows NT) Web server orginally based on NCSA server(in 1995) Over 60% of Internet Web servers run Apache or an Apache derivative(In the December 2000 survey) very configurable, lots of directives... optional modules provide extra functionality Powerful performance and Continually upgrade
'modular' architecture makes is possible for anyone to add new functions to the server There are a large number of modules now written for Apache A way to extend the Web server’s request processing It is easy to add a module to Apache Can be statically or dynamically loaded
Support for Windows NT systems (Available on Windows 95/98/2000) Better configuration and building process Support for dynamic modules Better performance Better security Enhanced virtual host configurations
If you have a pre-built package Otherwise, Install it and runs Otherwise, download and unpack in suitable directory (ftp, uncompress, gunzip, tar...) initial configuration(Choose your modules) Compile the server install executable in system further configuration files to reflect your environment Run httpd
bin cgi-bin conf www libexec logs some important directories: cgi-bin/ - CGI scripts directory conf/ - configuration files for httpd server htdocs/ - main directory for documents logs/ - directory with log files other stuff (bin/, icons/, include/,proxy/, man/…) bin cgi-bin conf www libexec logs default location is ‘/usr/local/apache’ ab httpd htpasswd
How ? (It’s basic configuration) ServerType standalone Port 80 User apache Group apache ServerAdmin your_e-mail_address ServerRoot "/etc/httpd" ErrorLog /var/log/httpd/logs/error_log TransferLog /var/log/httpd/access_log DocumentRoot /var/www/html DirectoryIndex index.html ScriptAlias /cgi-bin/ /var/www/cgi-bin/ More Directives : StartServers, Min/MaxSpareServers, MaxClients, …
Alias /home /var/www/html/mail/ </Directory “/home/mail”> Opetions Indexes Multiviews AllowOverride None Order allow,deny Allow from all </Directory> CGI, PHP Scripts ScriptAlias /passwd "/home/httpd/cgi-bin/chpasswd.cgi" <Directory "/home/httpd/cgi-bin/chpasswd.cgi"> AllowOverride AuthConfig Options ExecCGI
The term Virtual Host refers to the practice of maintaining more than one server on one machine, as differentiated by their apparent hostname. ISPs do this a lot Allows additional Web presence without accompanying hardware or software investment required each of the virtual server may have totally different content, configuration, separate log and error files, … alternative is to run another server on a different port part of basic server configuration (httpd.conf)
<VirtualHost comsats.edu.pk> ServerAdmin aamir@ibadat.com DocumentRoot /home/httpd/cgi-bin/nwebmail ServerName ibadat.com ServerAlias www.ibadat.com </VirtualHost>