Beruflich Dokumente
Kultur Dokumente
Network Basics:
To set IP address
#setup
network configuration
select ethernet
give IP address, subnet mask, gateway
close
quit
quit
#service network restart
#vi /etc/sysconfig/network
edit as follows
hostname=<fqdn>
ex:
hostname=station1.redhat.com
ifdown <eth0>:
this command is used to down the device
ifup <eth0>:
this command is used to bring the interface up device
Service profile:
SECOND METHOD:
#vi /etc/vsftpd/user_list
type username
save&quit
(without asking password it will deny access)
To provide banner:
#vi /etc/vsftpd/vsftpd.conf
(line no.83)#ftpd_banner=welcome to blah ftpservice(remove # and
matter type your own matter)
save&quit
#!ser
CLIENT SIDE:
#ftp <server IP>
(it will prompt you for user name and password if you are login as
an anonymous user type ftp at username and nopassword is
required. If you are login as a local user name and password)
commands used at ftp
get:to download from server
syn:get <file name>
put:to upload to server
syn:put <file name>
!:to close ftp session temporarly
exit:to return to ftp
bye:to close session permanently
?:to view all commands
Service profile:
type:system V-managed service
package:nfs-utils
Daemons:rpc.nfsd,rpc.lockd,rpciod,rpc.mountd,rpc.rquotad,rpc.stat
d
Scripts:/etc/init.d/nfs,/etc/init.d/nfslock
Ports:2049(nfsd),Others assigned by portmap(111)
Configuration:/etc/exports
Related:portmap (mandatory),tcp_wrappers
nfs client:
A system that mounts the file resources shared over the network
and presents the file resource as if they were local(having same
range of IP address).
Benifits of nfs:
Centralized file access
Common software access
Easy to use
Requirements:
Packages:nfs-*
#vi /etc/exports
/data *.redhat.com(rw,sync,no_root_squash)
save&quit
#chmod 750 /data
#service nfs restart
#showmount -e
(this is the command to check which directories are exported)
#exportfs -v
(to check exported directories permissions)
#exportfs -r
(to replicate changes without logout session from client)
Drawbacks of nfs:
For using nfs like this we have to mount server for a long time at
that time if any user wants to connect with server it will take a long
time (network traffic).
Wastage of bandwidth
To overcome this drawbacks we use automounting
AUTOMOUNTING
Automounting:
Automounting is used to save the bandwidth and helps
administrator for easy administration of nfs mounts.
We can mount server uploaded directory on a nested directory
only.
Note: Automounting has to implement only in client
Steps to configure automounting:
(now we are trying to mount server exported /data on /sun/moon in
client)
#vi /etc/auto.master
(this file contains information about nfs mount directory and second
maping file and time out session)
Edit at last line:
/sun /etc/auto.misc --timeout=5
(default timeout is 1 minute here in configuration file timeout
identifies as seconds)
save&quit
#vi /etc/auto.misc
this file contains information aboout hidden directory filesystem
type and location of server and share directory.
syn: <directory> <permissions> <server IP>:<shared directory>
ex:moon -rw,soft,intr 192.168.0.1:/data
save&quit
(here soft means whenever we are trying to edit into /sun/moon it
will automatically create a soft link between server and client)
intr is used to break the soft link whenever we comes out from the
nested directory by reading timeout
To check:
#cd /sun/moon
SAMBA Server Configuration in Linux (Redhat or CentOS 6)
SAMBA SERVER
SAMBA SERVICES:
Four main services of samba
1)Authentication and authorization of users
2)File and printer sharing
3)Name resolution
4)Browsing(service announcements)
Related:
smbclient command line access
linux can mount a samba share using cifs and smbfs filesystem
File and printer sharing is probably the most attractive samba
feature for most users. With this functions users can easily retrive
files or print to any printer over the network.
SERVICE PROFILE:
Type: System V-managed service
Packages: Samba,samba-common,samba-client
Daemons: /usr/sbin/nmbd,/usr/sbin/smbd
Script: /etc/init.d/smb
Ports: <netbios> 137(-ns),138(-dgm),139(-ssh),<smb over tcp>
445(-ds)
Configuration file: /etc/samba/smb.conf
Related: system-config-samba,testparm
here we are sharing /exam directory to sam and john they can read
write /exam from any of 192.168.0. network system by using a share
name linux
Note: we have to provide samba password for both users
#smbpasswd -a <username>
samba passwords will store under /etc/samba/smbpasswd
To check syntax of configuration file:
#testparm
#service smb restart
#mkdir /exam
#chmod 777 /exam
(here we have to set selinux context )
#chcon -t samba_share_t /exam
#setsebool -P allow_smbd_anon_write=1
to disconnect
smb> (type exit)
to disconnect
IInd Method
start---run ----
\\<serverip>\<sharedirectory>
provide username and password
vi /etc/samba/smb.conf
[<sharename>]
path=<exported directory>
write list=@<group name>
ex:
[linux]
path=/exam
write list=@sales
MASTER DNS :
Steps:
#yum install bind-* caching-nameserver*-y
#service named start
#chkconfig named on
#cd /var/named/chroot/etc
#ls
#cp named-caching-nameserver named.conf
#vi named.conf
delete ipv6 lines (line nos. 16 &22)
# vi /etc/rfc1912.zones
copy ten lines from 21 to 31 and paste under 31
change as follows
zone "redhat.com" IN {
type master;
file "redhat.for"
allow-update { none; };
};
zone "0.168.192.IN-addr-arpa IN {
type master;
file "redhat.rev"
allow-update { none; };
};
IN NS server1.redhat.com.
server1.redhat.com. IN A 192.168.0.254
www254.redhat.com. IN CNAME server1.redhat.com.
station1.redhat.com. IN A 192.168.0.1
www1.redhat.com. IN CNAME station1.redhat.com.
station2.redhat.com. IN A 192.168.0.2
www2.redhat.com. IN CNAME station2.redhat.com.
xxx2.redhat.com. IN CNAME station2.redhat.com.
yyy2.redhat.com. IN CNAME station2.redhat.com.
station3.redhat.com. IN A 192.168.0.3
www3.redhat.com. IN CNAME station3.redhat.com.
station4.redhat.com. IN A 192.168.0.4
www4.redhat.com. IN CNAME station4.redhat.com.
station5.redhat.com. IN A 192.168.0.5
www5.redhat.com. IN CNAME station5.redhat.com.
station6.redhat.com. IN A 192.168.0.6
www6.redhat.com. IN CNAME station6.redhat.com.
types of records:
SOA : sort of authority the first record in any zone it indicates who
is authority for this domain
NS :nameserver it identifies the dns server for each zone
A record : resolves hostname to ip address
CNAME record : resolves an alias name to a hostname
PTR record : resolves an ipaddress to a hostname
MX record : resolves mail server ip (used by mail server)
TTL :time to live)
save & quit
#vi redhat.rev
(change as follows)
$TTL 86400
@ IN SOA redhat.com. root.redhat.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS server1.redhat.com.
254 IN PTR server1.redhat.com.
1 IN PTR station1.redhat.com.
2 IN PTR station2.redhat.com.
3 IN PTR station3.redhat.com.
4 IN PTR station4.redhat.com.
5 IN PTR station5.redhat.com.
6 IN PTR station6.redhat.com.
to check:
#dig server1.redhat.com
#dig -x 192.168.0.1
(if answer is 1 server is ready if answer is 0 server has some error)
if any error may occur to your dns server at the time the entir
network will stop.sometimes it may cause huge damage.for that one
we are createing slave dns for faulttolerance and load balancing.
steps
(change as follows)
copy 10 lines from 21 to 31 paste under 31
zone "redhat.com"
type slave;
file "redhat.for"
masters {192.168.0.254:};
save& quit
go to client
#i /etc/resolv.conf
nameserver 192.168.0.254
nameserver 192.168.0.1 (slave dns ip)
FORWARDERS
steps
in master dns server
# vi /var/named/chroot/etc/named.conf
add aline
forwarders {192.168.10.254:};
forward only ;
};
(here 192.168.10.254 is trusted companies dns)
save & quit
what is apache?
service profile:
type: System V-managed service
packages: httpd,httpd-devel,httpd-manual
Daemon: /usr/sbin/httpd
script:/etc/init.d/httpd
ports: 80(http).443(https)
configuration file: /etc/httpd/conf/httpd.conf
related: system-config-httpd,mod_ssl
default selinux daemon : /var/www
cd /var/www/html
vi index.html
(type as follows)
<head>
<body bgcolor=red>
<h1> " welcome to cyber web services" <h1>
</body>
</head>
save & quit
#service httpd restart
open firefox and type in url
http://station17.redhat.com(now the website will appear)
to launch virtual websites using virtual hostnames
#vi /etc/httpd/conf/http.conf
(line no 971) # name vitual host *: 80 (remove # and *:80) type ur
system ip
(namevirtualhost 192.168.0.17 )
copy last five lines and paste under it
VirtualHost 192.168.0.17>
ServerAdmin root@www17.redhat.com
DocumentRoot /var/www/virtual
serverName www17.redhat.com
</VirtualHost>
to check
open mozilla
type http://www17.redhat.com
ex:
# vi /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.0.17>
ServerAdmin root@xxx17.redhat.com
DocumentRoot /cyber
serverName xxx17.redhat.com
</VirtualHost>
save&quit
#mkdir /cyber
#cd /cyber
#vi index.html
<html>
<body bgcolor=blue>
<h1> "welcome to cyber'+'technologies" <h1>
</body>
</html>
save & quit
#chcon -R --reference=/var/www/html /cyber
#service httpd restart
to check :
open mozilla
type in url box as follows
http://xxx17.redhat.com(u will get website)
##############################################
################################
TRY THINGS AFTER PRACTICING EXAM ESSENTIALS
#vi /etc/httpd/httpd.conf
<VirtualHost 192.168.0.17>
ServerAdmin root@www17.redhat.com
DocumentRoot /var/www/virtual
serverName www17.redhat.com
Alias /training /var/www/training (add this line in that website)
</VirtualHost>
to check :
go to mozilla
type www17.redhat.com/training
<Directory /var/www/html>
AllowOverride AuthConfig
</Directory>
save & quit
# cd /var/www/html
#vi .htaccess
AuthName "it"
AuthType Basic
AuthUserfile /etc/httpd/conf/passwd
require valid-user
we have to provide http password for an user to view this website
#htpasswd -mc /etc/httpd/conf/passwd sam
(type password 2 times)
to check :
#vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
Order Allow,deny
Allow from all
deny station12.redhat.com
</Directory>
( here we are denying station12.redhat.com)
# vi /etc/httpd/conf.d/ssl.conf
(line no134) #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
(remove #)
save&quit
#cd /etc/pki/tls/certs
make genkey
provide passphrase
#make testcert
passphrase(create with samepassword)
provide country,city,office,mailaddress
#service httpd restart
to run scripts
#vi test.sh
#!/bin/bash
echo Content-Type:text/html
echo
--
date
ls -l
echo welcome to cyber services
save&quit
#mkdir -p /var/www/hml/cgi-bin
#cp -rf test.sh /var/www/html/cgi-bin/
#cd /var/www/html/cgi-bin/
#cd ..
#chown -R apache.apache cgi-bin
#cd cgi-bin
#chmod 755 test.sh
#vi /etc/httpd/conf/httpd.conf
add a line in website data
ScriptAlias /cgi-bin "/var/www/html/cgi-bin"
save&quit
#service httpd restart
#setsebool -P httpd_tty_comm on
#setsebool -P httpd_enable_cgi 1
#setsebool -P httpd_sys_script_exec_t rw
to check:
open mozilla
type http://station17.redhat.com/cgi-bin
service profile:
ddns-update-style interim;
ignore client-updates;
host station1
{ hardware ethernet 00:a0:cc:3d:45:3e
fixed address 192.168.0.10;
}
}
(here in this example we are providing 192.168.0.10 for a
specific system we have to type mac address of that system at
hardware ethernet)
Both NIS and LDAP allows to manage all users &computer centrally.
it works with the help of sunrpc
here passwords are in clear text format. we normally use nfs along
wuth nis to share users home directories from server to client for
security purpose
KICKSTART SERVER
steps :
keep rhel or centOS 5 or 6 dvd in cdrom
#mount /dev/cdrom /mnt
#cd /mnt
#cd Server
#rpm -ivh pykickstart-0.43-1.el5.noarch.rpm --force --aid
#system-config-kickstart-2.6.19.1-1.el5.noarch.rpm --force --aid
enter below command
#system-config-kickstart
open screen like below screen shots..
we have provided screen shots for this
save this file under /var/ftp/pub(with a name with .ks extension)
client side:
MAIL SERVER
Sendmail
Postfix
Qmail:
The Qmail MTA is another alternative to sendmail.
It is used by an impressive list of Internet sites.
Smail:
It is reportedly easier to configure than sendmail.
It also includes support for blocking messages.
Exim:
The Exim MTA was developed at Cambridge (U.K.) and is licensed
under the GPL. While based on an older MTAknown as Smail
to check:
add 2users login as one user & send mail to another user
then login as second user type mail
2nd method
#vi /etc/aliases
go to last line add as follows
mahesh: john (here in this example we are redirecting mahesh
mails to john)
save&quit
#newaliases (to update /etc/aliases file)
tocheck :
send a mail to sam from remote system
you have to get mail in john mailbox
###################################
to check:
add an user send mail to that user from remote system
#############################################
#vi /etc/dovecot.conf
(line no 87 & 88)
#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem (remove # for
two lines)
save&quit
#make -C /etc/pki/tls/certs dovecot.pem
provide country,state,city,organization,server,user info (user must
not root)
#cp /etc/pki/tls/certs/dovecot.pem /etc/pki/tls/private
#service sendmail restart
#service dovecot restart
Pre-Configuration Requirements
On node02
#uname -n
must return node02.
Configuration:
heartbeat-2.08
heartbeat-pils-2.08
heartbeat-stonith-2.08
authkeys
ha.cf
haresources
#vi /etc/ha.d/authkeys
auth 2
2 sha1 test-ha
#uname -n
#vi /etc/ha.d/haresources
Add the following line:
#vi /etc/httpd/conf/httpd.conf
Add this line in httpd.conf:
Listen 192.168.0.22:80
10. Create the file index.html on both nodes (node01 & node02):
On node01:
11. Now start heartbeat on the primary node01 and slave node02:
#/etc/init.d/heartbeat start
http://192.168.0.22
It will show node01 apache test server.
#/etc/init.d/heartbeat stop
In your browser type in the URL http://192.168.0.22 and press enter.