RHEL

1. FEATURE OF RHE.
2. DIFFRENCE BETWEEN RHEL
AND WINDOWS.
3. SECURITY OF RHEL.
*IPTABLES
*TCP-WRAPPER
*PAM

*IPTABLES

Iinput
Aappend
-pprotocol
--dportdestinition port
--sportsource port
-D delete a rule
-Fdelete al rules
-Jjump
-Llist all rules
-Ssource address
-ddistination address.

telnet server telnet server

192.168.0.1 192.168.0.2

install telnet-server*.rpm
#yum install telnet-server*
#chkconfig telnet on
#iptables –F
Any telnet packet coming form 192.168.0.2
system will be rejected from 192.168.0.1
system.
#iptables –I INPUT –P tcp –s 192.168.0.2 –
d 192.168.0.1 –dport 23 –j REJECT
(ACCEPT) (DROP)
#iptables –L
#iptables –D INPUT 1
#service iptables save

*TCP – WRAPPER:

/etc/hosts.allow /etc/hosts.deny

I want to deny 192.168.0.0 network but

want to allow 192.168.0.1 the telnet service.
S
#vi /etc/hosts.deny
in.telnetd : 192.168.0.0/24 EXCEPT
192.168.0.1
vsftpd : craker.org

{*I want to deny the ftp service for

craker.org domain}

{* I want to allow (sshd) service for all

network except cracker.org }
sshd : ALL EXCEPT craker.org

:wq (save and exit)

 PAM:(Pluggable Authentication
Module)
Login root /etc/passwd
Password: /etc/shadow
/etc/securetty
#cd /etc/pam.d
#ls login
#ls system-auth
#vi login
*1. The first column specified what type
of test is specified by this particular
modules.

Auth: Authentication

Account : Authorigation

Password : Control the password changes

Session : Opening and closing of the

session

 The second column is called flag

The flag: (The second column)

Include : it is use for pointing other files

Required : must pass , keep testing even if

fail.

Requisits : if we particular modules fail ,

It will not check other modules.

Sufficient : sufficient check all the

modules , if any modules fail the result
will pass.

Optional : optional not check any

modules whether it pass or fail, will be
pass.
  The Thired Column is basically is
modules.

#su – ram
#cd /etc/pam.d
#vi –su
auth required sufficient pam_rootok.so
accout required sufficient

# cd /usr/share/doc/pam-0.99.6.2
#vi README_Pam
#vi /etc/pam.d/login
@account required pamtimestamp_so
add new line
account required pam_timestamp_so

:wq
#vi /etc/security/time.conf
go to last line

login;tty*;ram;!AL1200-1400
0000-0200
:wq (save and exit)

4. BOOTING PROCESS.
Booting Sequence
IPLinitial program loader.
Grub :IPL
Bootloader two type
First stage bootloader
Second stage bootloader
When you loading linux(os) then you
should mention where the grub boot loader
loading that is it means that it is loading in
MBR or first sector of boot partition. You
select the MBR.
If you select the MBR then IPL loading in
MBR. The size of MBR is 512 byte ,the IPL
occupied 446 byte. The reset 64 byte use for
partition information, rest 2 byte use for
magic NO.
When the m/c booting , the POST checking
all the Hardware devices & received the
acknowledgement from them. After that
the post transfer the control to CMOS, the
CMOS check the boot priority.

The MBR read

 IPL --boot loader
Stage2 grub boot loader
Root (hd0,5)
Kernel vimlinuz …………………..
Initrd ………………………….
Initrd &grub hold the image of rc.sysinit
which alias with the directory of
/etc/rc.d/rc.sysinit
rc.sysinit supplies the system variable &
parameter to the kernel.
Then kernel initialize the hardware,local
time,udev,kb,etc.
Then mount the root file system and after
that other partition.
After that the control goes to /etc/inittab.
 5. BASIC COMMANDS AND
EDITORS.

How you make a bootable cd.

#cd /var/ftp/pub/images
or
#mount /dev/hdc /mnt/cdrom
#cd /mnt/cdrom/images
#cdrecord dev=/dev/hdc boot.iso
now insert cd to client m/c boot the m/c.
This will give network installation option.
*nfs
*dhcp enable
*server name-----------
*path --------------------
6. LINUX FILESYSTEM AND REPAIR
.
7. X-DESKTOP AND CUPS.
8. BACKUP.
9. AT AND CRON JOBS.

TABLE 1 6 . 1 Date Fields in the crontab File

Field Description
Minute A value from 0 to 59, or *

Hour A value from 0 to 23, or *

day_of_month A value from 1 to 31, or *

month A value from 1 to 12, where 1 denotes January, or *

day_of_week A value from 0 to 7, where either 0 or 7 denotes

Sunday, or
 Time Specification
Meaning
5 12 * * * Run at 5 minutes after noon, every day.

5**** Run at 5 minutes after each hour.

15 17 1 * * Run at 5:15 P.M. on the first of each month.

45 16 * * 5 Run at 4:45 P.M. on each Friday.

00 15 * 12 5 Run at 3:00 P.M. on each Friday in December.

10. BASIC NETWOKING

#ifconfig
#setup  network configuration
#system-config-network-tui
#neat
To activate
#service network restart

*icmp  internet control messaging

protocol responsible for ping pack
internet gripper.
#vi /etc/sysconfig/network-scripts/ifcfg-
eth0
To setup global gateway
#vi /etc/sysconfig/network
GATEWAY=192.168.1.254
#ifdown eth0
#ifup eth0

11. NETWORK AND KICKSTART

INSTALATION
12. PARTITION AND LVM

13. SUDO

14. PERMISSION

15. REMOTE DESKTOP

16. RPM AND YUM

17. BASH SHELL

18. X-ORG SYSTEM.

19. GRUB AND LILO.

 20. INODE

21. FTP SERVER

vsftpd IS THE DAMON OF FTP SERVER.

The vsftp is the very secure file transfer
protocol.
Vsftpd* .rpm is the RPM for ftp.
Vsftpd is the damon for ftp.
Configuration file /etc/vsftpd/ftpuser,user-
list,vsftpd.conf

#yum install vsftpd*

#chkconfig vsftpd on;service vsftpd restart
 22. TELNET SERVER.

23. SQUID PROXY SERVER

24. SENDMAIL , POSTFIX AND

Sendmail configuration
#cd /etc/mail
#vi sendmail.mc
line no 116
edit the line
dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1,
Name=MTA')dnl
#mv sendmail.mc>sendmail.cf
#yum install dovecot
#chkconfig dovecot on
#vim /etc/dovecot.conf

line no17
edit the line
remove the #
#service dovecot restart
#service sendmail restart
#arp –a
#vi /etc/aliases
edit at last
acctmgr: pulak
pulak :ram
#new aliases

At the client end

#mail acctmgr@station18.accel.com
subject: test mail
ctrl+D
cc:shyam@station30.accel.com
#cd /var/spool/mail/ram (see this at server
site)

25. QMAIL MAIL SERVER.

26. DNS AND DHCP SERVER.

DNS
Domain Naming System
RICofficial document of request for
comment
IETFInternet Engineering Task Force
Developed in 1985
Arpanet maitatai total network Advance
Research Project Agency.
Name to ipresolution and IP to Name
resolution done by DNS server.

200.0.0.1DNS server
yahoo.com 200.0.0.2

200.0.0.2 200.0.0.3 200.0.0.4 (client

server)

Server are called host

Client never being a host.
RPM required
/var/named/chroot/var/named/*
/var/named/chroot/etc/*
Daemon required named
Port no:53
#vi /etc/sysconfig/network

HOSTNAME=SERVER2
:wq (save and exit
#yum install bind*
#yum install caching-nameserver*
#netconfig  200.0.0.1 [set the server IP]
(Reboot the Server)
#cd /var/named/chroot/etc
#cp name.caching-nameserver.conf
named.conf
**It consist of Forword Lookup Zone
&Reverse lookup zone means IP to name and
name to ip lookup.
#vi named.conf

go to line no15
listen on port 53{127.0.0.1;200.0.0.1}
line no 23
allow_query{localhost;200.0.0.0/24;};
line no31
view yahoo.com_resolver.

Line no 32+33

matchclient {200.0.0.0/24;};
matchdestination{200.0.0.0/24;};
recursion yes;
zone “yahoo.com” IN {
type master;
file “yahoo.zone”;
forwarders{};
 };
#chgrp named named.conf
#service named configtest (For DNS file test)
#cd /var/named/chroot/var/named (for sone
file)
#cp named.local rev.zone
#cp named.zero yahoo.zone
#vi yahoo.zone (Forward lookup zone file)
yahoo.com IN SOA server2.yahoo.com
root.server2.yahoo.com(
)

@ IN NS server2.yahoo.com.
server2 IN A 200.0.0.1
www IN A 200.0.0.2
www3 IN A 200.0.0.3
www4 IN A 200.0.0.4
#vi rev.zone
0.0.200.IN-ADDR.ARPA. IN SOA
server2.yahoo.com. root.server2.yahoo.com.

14400 Retry
36000000; Expairy
86400 ; minimum

@ IN NS server2.yahoo.com.
1 IN PTR server2.yahoo.com.
2 IN PTR www.yahoo.com.
3 IN PTR www3.yahoo.com.
4 IN PRT www4.yahoo.com.

:wq (save and exit)

LOGOUT AND LOGIN

#tail –f /var/log/message (for any problem)
#service named restart
#vi /etc/resolv.conf
nameserver 200.0.0.1

:wq (save and exit)

# nslookup 200.0.0.1
#dig server2.yahoo.com
#host 200.0.0.1
#host server2.yahoo.com

At the client end:

#vi /etc/resolv.conf
nameserver 200.0.0.1
:wq (save and exit)

Slave Server
#yum install bind*
#yum install caching-nameserver*
Set a network ip 200.0.0.4
#cd /var/named/chroot/etc
#cp named-caching-nameserver.conf
namd.conf
#vi named.conf
line no 15 and 23 same edit

; 200.0.0.1;200.0.0.4;};

allow {localhost; 200.0.0./24;};

allow {localhost;200.0.0.0/24};

line no 32

match- client {200.0.0.0/24;};

match-destination {200.0.0.0/24;};
recursion yes;
zone “yahoo.com” IN {
type slave;
masters {200.0.0.1;};
file “slaves /slave-yahoo.zone”;
forwarder {};
};

zone “0.0.200. in-addr.arpa “IN {

type slave;
masters {200.0.0.1;};
file “slavers / slave-rev.zone”;
forwarders {};
};
#chgrp named named.conf
#cd /var/named/chroot/var/named/slaves/
#service named restart
#vi /etc/resolv.con
 nameserver 200.0.0.4

nameserver 200.0.0.1

:wq (save and exit)

DHCP
DYNAMIC HOST COFIGURATION
PROTOCOL ,it is also RFCRequest for
comment.

Client send DHCP discover and DHCP send a

DHCP offer, it consists of server address,
MAC address, free IP and Broadcast, after
that client send DHCP REQUEST, consists of
MAC,IP and Broadcast address.

#vi /var/lib/dhcpd/dhcpd.leases (this file

maintain DHCP client address)
RPM required DHCP*
Configuration /etc/dhcpd.conf
Daemon dhcpd
#yum install dhcpd*
#cp /usr/share/doc/dhcp-
(version)/dhcpd.conf.sample /etc/dhcpd.conf

#vi /etc/dhcpd.conf

default gateway
option 192.168.0.1
option subnet 255.255.255.0
option nis-domain-name “rehdat”
option domain-name “yahoo.com”
option domain name-server “200.0.0.1”;
option ntp-server 192.168.1.1;
option netbios-name-server 192.168.1.1;

range dynamic bootp 200.0.0.2 200.0.0.5;

default-lease-time 21600;
 we want the name server to appear at a
fixed addres
host ns {
hardware Ethernet 00:13:8f:66:81:72;
fixed address 200.0.0.20;
}
27. APPACHE SERVER.
Tim bernal invent the http
RPM http
Configuration file
/etc/httpd/conf/httpd.conf
Document root directory is /var/www/html
Copy any *.html file and put it
/var/www/html directory

#ls –lz /var/www/html

type should be similar/
#chcon –R – reference = /var/www/html
/var/www/html/index.html
#vi /etc/httpd/conf/httpd.conf
line no 134
Listen 192.168.1.50:80
Line no 264
Server name station50.accel.com:80

Line no 971

Name virtual host 192.168.1.50:80
Line no 984 – 990
<virtual Host 192.168.1.50:80>
server admin root@station50.accel.com
Document root /var/www/html

Server name station50.accel.com

Errorlog log/station50.accel.com-error_log
Customlog log/station50.accel.com-
access_log common
<virtual Host>

#chkconfig httpd on
#service httpd restart
#iptables –F

#wget ftp :\\192.168.1.254\pub\www.html

#mv www.html index.html
#mkdir /var/www/html/virtual
#mv index.html /var/www/html/virtual
#chon –R –regerence=/var/www/html/
/var/www/html/virtual/index.html

#vi /etc/httpd/conf/httpd.conf

go to line no 984 to 990 and change the

station50 to www50 and document root
directory /virtual.

<virtual Host 192.168.1.50:80>

server admin root@www50.accel.com
document root /var/www/html/virtual
server name www50.accel.com
errorlog log/www50.accel.com-error_log
customlog log/www50.accel.com-
access_log common log
 <Virtual Host>
#service httpd restart

28. NFS AND NIS SERVER.

NFS—Network file sharing.

Configuration file/etc/exports
#vi /etc/exports
/data 192.168.1.0/24(rw,sync)
:wq
#chkconfig portmap on
#service portmap restart
#chkconfig nfs on
#service nfs restart
#exportfs
At the Client end
#showmount –e 192.168.1.18
#mount 192.168.1.18:/data /mnt
for permanent mounting
#vi /etc/fstab
192.168.1.18:/data /mnt default nfs 0 0

:wq (save and exit)

NIS  Network Information Service

Network Information Service. Formerly known as
Yellow Pages or YP. NIS is used
to provide login authentication to *nix machines. It is
NOT used to provide login
Authentication for windows clients, for that we use
SAMBA.
RPM required are yp*.
Daemon ypserv,ypbind,yppasswdd.
NIS is available /var/yp/*.
At Client endypbind*,yp-tools*

At the server end

#yum install yp*
To configure NIS domain
name follow the below step.
#authconfig-tui
or
#setup authentication
*use
NISnextdomain(accel)

Server(192.168.1.50)

#nisdomainname
you can see the domain name
at this location.
#vi /etc/sysconfig/network
#chkconfig ypserv on
#chkconfig yppasswdd on
#service ypserv restart
#service yppasswdd restart
#/usr/lib/yp/ypinit –m (To
create master server)
Master server hold the userlist.
(ctrl+D)yes
#service ypserv restart
#service yppasswdd restart
create a user
#useradd partha
#cd /var/yp
#make (it will add all the user
at /var/yp/accel)
AT THE CLIENT ENDRPM REQUIRED IS
(ypbind*.rpm,yptools*.rpm)
DAEMON REQUIRED IS (ypbind)
#rpm –qa |grep yp*
#authconfig-tui
*use Nis->nest->
domain:accel
server :192.168.1.50 [ok]
#chkconfig ypbind on
#service ypbind restart
#ypcat passwd (show server and user list)

CREATE USER AT THE SERVER END

# mkdir –p /rhome/partha
#chown partha.partha /rhome/partha
#usermod –d /rhome/partha/ partha
#cp –R /etc/skel/.[!]* /rhome/partha
This will copy the profile for partha
#cp –preserve=all /home/partha/.* /rhome/partha
#cd /var/yp
#make
#vi /etc/exports
/rhome 192.168.1.50/24(rw,sync)

:wq (save and exit)

#exportfs –r
#service nfs restart
#chown –R partha.partha /rhome/partha

AT THE CLIENT END:

To configure auto mounting
#vi /etc/auto.master
/rhome /etc/auto.misc
wq: (save and exit)

#vi /etc/auto.misc
type below the last line
* -rw,soft,intr 192.168.1.50:/rhome/&
:wq (save&exit)

*to all
softsoftlink
intrwithout interrupt
#service autofs restart

29. FIREWALL AND ROUTING.

30. SELINUX AND PAM

31. SAMBA
Share file and directory from different os.
SAMBA is derived from SMB, which stands for
Session Message Block. It is a
protocol used to exchange data between windows and
*nix computers. SMB was
built on Microsoft's NetBIOS protocol, which can be
run over TCP/IP.
Rpm required samba*
Configuration file /etc/samba/*
Daemon smb
#yum install samba
#vi /etc/samba/smb.conf (edit the file)
go to line no. 26

workgroup = workgroup (for window

workgroup)
go to line no. 41

host allow=192.168.0 172.16.10. 10. 127.

[now copy the last 8 line and paste it at the

bottom and edit]

[ HOLDIA]
comment = Share folder for holdia
path = /document
valid user = joe, jitendra
public = no
writable = yes
browsable = yes
printable = no
create mask = 0765
:wq (save and exit)
#mkdir /document
#chmod 777 /document
#useradd jitendra
#usermod –s /sbin/nologin jitendra
#smbpasswd –a jitendra
[ /etc/samba/smbpasswd will be jitendra passwd file]
#chkconfig smb on
#service smb restart
#iptables –F
#restorecon –R /etc/samba
#restorecon –R /document
#ls –lZd /document/ /etc/samba/
#chcon –R --reference=/etc/samba /document
#getsebool –p samba_share_nfs=1
#setenforce 0

AT THE CLIENT LINUX PC

#yum install smb*

#smbclient –L 192.168.1.50 –U jitendra
passwd:
 #mount –t cifs –o
username=jitendra,passwd=xyx123 //192.168.1
.50:/document /misc

Test your smb.conf file by running testparm

command which is only
available for SAMBA. This command should
show all the shares without any errors.
[root@mainserver /]# testparm | less

If no shares are visible, then WINS server

may not be responding. To check this use:
[root@mainserver /]# nmblookup -B
192.168.1.50 __SAMBA__

#smbclient -L comp3 –N
#smbclient -L comp3 -U guest
#smbclient //comp3/ -U administrator
 #smbclient -L comp3

Windows 2000 registry settings:

Method 1:
Under windows 2000 this can be done doing: Start -> Settings ->
ControlPanel -> Administrative Tools -> Local Security
Policy. In the Local Security Settings dialog box, select Local
Policies -> Security Options, double click on Send unencrypted
password to connect to third party SMB servers and enable it.
Reboot the machine.
Method 2:
Locate the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanm
anWorkStation\Parameters
Select Edit -> New and choose to create a new REG_DWORD value.
www.geocities.com/mk_azeem
94 Linux pocket reference for system administrators
Regedit will insert a new REG_DWORD value called New Value #1 in the registry.
Rename this new bvalue EnablePlainTextPassword and double click this
new name. In the dialog box, enter 1 as the value and close regedit program. Restart
windows.

32. SSH CONFIGUREATION

# Ssh-keygen –t dsa
Hit enter to accept the default file location
Hit enter twice for no passphrase
#cd /root/.ssh
#cat id_dsa.pub>>authorized_keys

Then copy the .ssh directory to all other nodes

under /root, make sure to do a chmod 700
/root/.ssh/ on all the nodes if those permission
are not already set. Verify that you can now
ssh between any of the nodes without
password.

#scp –r /root/.ssh/ 192.168.1.40:/root/

(192.168.1.40) is other m/c.
*************************************
SSH-KEYGEN FOR SERVERA AND
SERVERB
SERVERA SERVERB
1.Loging ServerA, here you will create your
authentication key pair.
#ssh-keygen –t rsa

2. #cat .ssh/id_rsa.pub!ssh userB@serverB

‘cat>.ssh/authorized_keys’

Append the serverA’s public key to serverB’s

authorized keys. You will of course be
prompted for your password for the last time.

3. Sign into ServerB, because you have to se

the permissions correctly on the
authorized_keys file.

#ssh userB@serverB
(enter password)
#userB@serverB>chmod 640
./.ssh/authorized_keys
#chmod 640 .ssh/authorized_keys

4.You should be good to go,Try to simple test

(from serverA)
#userA@serverA>ssh userB@serverB
#pwd
/home/userB
33. TROUBLE SHOOTING