Basic Network Concepts on Linux RHEL / CentOS 5&6

Network Basics:

Here we are providing some idea about network and network

commands

To check IP address and IP information

#ifconfig

To set IP address
#setup

network configuration
select ethernet
give IP address, subnet mask, gateway
close
quit
quit
#service network restart

To provide DNS information:

#vi /etc/resolv.conf
(type as follows)
nameserver (DNS IP)
ex: nameserver 202.138.103.100
save&quit

To check network connectivity:

Ping: packet internet gropher
#ping server IP

To check LAN card status:

#ping 127.0.0.1

To check host name:

#hostname

To change host name:

#hostname (fqdn)
ex: #hostname station1.redhat.com

To assign new hostname permanently

#vi /etc/hosts
add a new line
<IP> <fqdn> <hostname>
ex:
192.168.0.1 station1.redhat.com station1
save&quit

#vi /etc/sysconfig/network
edit as follows
hostname=<fqdn>
ex:
hostname=station1.redhat.com

To view current version of kernel

#uname -r

To view current run level:

#runlevel

we have 6 run levels:

runlevel 0=shutdown
runlevel 1=single user mode
runlevel 2=multi user without nfs
runlevel 3=multi user with network(only text mode)
runlevel 4=un used
runlevel 5=multi user with graphics & network
runlevel 6=reboot

#netstat -ant it will gives network statistics(which port number of

the server is connected to which port number of client)
#vi /etc/sysconfig/network-scripts
this is the directory stores networking information
#ifcfg-eth0
this command gives gateway, boot protocol, netmask details
this is the file which stores IP addresses and networking details

ifdown <eth0>:
this command is used to down the device
ifup <eth0>:
this command is used to bring the interface up device

Job Scheduling Concept on Linux (Redhat or CentOS 6)

AUTOMATIC JOBS :
 As a system administrator some tasks are respective like backup,
monitoring, log files.
To automate them with the help of
1)at
2)batch
3)crontab
Crontab:to run some tasks automatically
to set a crontab for an user
#crontab -e -u <user name>
* * * * * /bin/echo "hello"
A crontab file contains instructions to the cron deamon of the
general form
"run this command at this time on this date"
Cron examines entries once every minute

field allowed values

-----
--------------
minute 0-59
hour 0-23
day of month 1-31
month 1-12 (or names, see below)
day of week 0-7 (0 or 7 is Sun, or use names)

A field may be an asterisk (*), which always stands for ‘‘first-

last’’.

Ranges of numbers are allowed. Ranges are two numbers

separated with a
hyphen. The specified range is inclusive. For example, 8-11
for an
‘‘hours’’ entry specifies execution at hours 8, 9, 10 and 11.

Lists are allowed. A list is a set of numbers (or ranges)

separated by
commas. Examples: ‘‘1,2,5,9’’, ‘‘0-4,8-12’’.

EXAMPLE CRON FILE

# use /bin/sh to run commands, no matter what /etc/passwd
says
SHELL=/bin/sh
# mail any output to ‘paul’, no matter whose crontab this is
MAILTO=paul
#
# run five minutes after midnight, every day
 50*** $HOME/bin/daily.job >> $HOME/tmp/out 2>&1
# run at 2:15pm on the first of every month -- output mailed to
paul
15 14 1 * * $HOME/bin/monthly
# run at 10 pm on weekdays, annoy Joe
0 22 * * 1-5 mail -s "It’s 10pm" joe%Joe,%%Where are your
kids?%
23 0-23/2 * * * echo "run 23 minutes after midn, 2am, 4am ...,
everyday"
5 4 * * sun echo "run at 5 after 4 every sunday"

To set a crontab for an user

#crontab -e -u <user name>
ex:crontab -e -u alex

To remove a crontab for an user

#crontab -r -u <user name>
ex:crontab -r -u alex

FTP Server Configuration on Linux (Redhat or CentOS 5&6)

FTP (FILE TRANSFER PROTOCOL)

Service profile:

Type:System V-managed service

Package:vsftpd
Daemon:/usr/sbin/vsftpd
Script:/etc/init.d/vsftpd
Ports:21(ftp),20(ftp-data)
Configuration
files:/etc/vsftpd/vsftpd.conf,/etc/vsftpd/ftpusers,/etc/pam.d/vsftpd
Log:/var/log/xferlog
Related:tcp_wrappers,ip_conntrack_ftp,ip_nat_ftp
default selinux daemon= /var/ftp

vsftpd--the default redhat enterprise linux ftp server

(very secure ftp daemon)

this is designed to be a secure,stabled,fast & scalable ftp daemon.

it provides two types of access

1)ANONYMOUS ACCESS:User can login as anonymous user (without

having any account in server) to get access to ftp site. By default
anonymous users are chrooted in /var/ftp for security.

2)LOCAL USERS:Users with accounts on the target system can

connect via ftp and login using their username and password. They
can download any file they can read and upload to any directory
which they have write access.

STEPS TO CONFIGURE FTP SERVER:

#yum install vsftpd-* -y

#service vsftpd start
#chkconfig vsftpd on
#service vsftpd restart
(try to login from a client as anonymous user)
By default anonymous user can login and he can download

1)To restrict anonymous user login:

#vi /etc/vsftpd/vsftpd.conf

(line no.12) anonymous_enable=YES(make this one as NO)

save&quit
#service vsftpd restart

2)To restrict local user login:

(line no. ) #local_enable=YES(remove #)

3)To allow local users to access their home directories:

#setsebool -P ftp_home_dir 1

4)To restrict local user to change root:

By default a local user can enter into "/" it will effect security of ftp
server so we restrict local user to enter into /
(line no.94) #chroot_list_enable=YES(remove #)
(line no. 96) #chroot_list_file=/etc/vsftpd/chroot_list(remove #)
save&quit
#vi /etc/vsftpd/chroot_list
type username
save&quit
#service vsftpd restart

5)To restrict a single users login to ftp server:

#vi /etc/vsftpd/ftpusers
type username
save&quit
(it will ask password and deny)

SECOND METHOD:

#vi /etc/vsftpd/user_list
type username
save&quit
(without asking password it will deny access)

To give upload permissions for anonymous user:

create a directory under /var/ftp
change that directories groupownership to ftp
make /var/ftp/<directory name> as public
Steps:
mkdir -p /var/www/cyber
chgrp ftp /var/www/cyber
chmod g+W /var/www/cyber
#chcon -R -t public_content_t /var/ftp
#chcon -t public_content_rw_t /var/ftp/cyber
#setsebool -P allow_ftpd_anon_write=1
#vi /etc/vsftpd/vsftpd.conf
(line no.27)#anon_upload_enable=YES(remove #)
save&quit
#!ser

To give permissions for an anonymous user to create directories:

(line no.31)#anon_mkdir_enable=YES(remove #)

To provide banner:
#vi /etc/vsftpd/vsftpd.conf
(line no.83)#ftpd_banner=welcome to blah ftpservice(remove # and
matter type your own matter)
save&quit
#!ser

CLIENT SIDE:
#ftp <server IP>
(it will prompt you for user name and password if you are login as
an anonymous user type ftp at username and nopassword is
required. If you are login as a local user name and password)
commands used at ftp
get:to download from server
syn:get <file name>
put:to upload to server
syn:put <file name>
!:to close ftp session temporarly
exit:to return to ftp
bye:to close session permanently
?:to view all commands

NFS Configuration in Linux (Redhat or CentOS 6)

NFS (NETWORK FILE SYSTEM)

Service profile:
type:system V-managed service
package:nfs-utils
Daemons:rpc.nfsd,rpc.lockd,rpciod,rpc.mountd,rpc.rquotad,rpc.stat
d
Scripts:/etc/init.d/nfs,/etc/init.d/nfslock
Ports:2049(nfsd),Others assigned by portmap(111)
Configuration:/etc/exports
Related:portmap (mandatory),tcp_wrappers

nfs server is used to share files accross the network

nfs server:
A system that contains the file resources to be shared with other
systems on the network.

nfs client:
A system that mounts the file resources shared over the network
and presents the file resource as if they were local(having same
range of IP address).

Benifits of nfs:
Centralized file access
Common software access
Easy to use

Requirements:
Packages:nfs-*

To create an nfs server:

#yum install nfs-* -y
#service portmap start
#service portmap restart
#service nfs start
#chkconfig portmap on
#chkconfig nfs on
(By using chkconfig for every reboot this services automatically
starts)
#vi /etc/exports
syn: <share directory> <clients range> <permissions>
ex: /data *.redhat.com(rw,sync)
save&quit

#service nfs restart

By default kernel will read root_squash means anyone who
wants to access /data comes under others.
So we have to change permissions of /data as readwrite to
others.
#chmod 777 /data
By giving like this there is no security and any file created by
users under /data should get the owner and group ownership to
nfsnobody.
To prevent this one provide no_root_squash in /etc/exports

#vi /etc/exports
/data *.redhat.com(rw,sync,no_root_squash)
save&quit
#chmod 750 /data
#service nfs restart
#showmount -e
(this is the command to check which directories are exported)
#exportfs -v
(to check exported directories permissions)
#exportfs -r
(to replicate changes without logout session from client)

Client side configuration:

#showmount -e <server IP>

(to findout which files or directories are exported from the server)
#mount <server IP>:<share directory> <mountpoint>
ex: mount 192.168.0.1:/data /mnt
#cd /mnt
#cat >a
(edit data save&quit)
#ll

Drawbacks of nfs:
For using nfs like this we have to mount server for a long time at
that time if any user wants to connect with server it will take a long
time (network traffic).
Wastage of bandwidth
To overcome this drawbacks we use automounting

AUTOMOUNTING

Automounting:
Automounting is used to save the bandwidth and helps
administrator for easy administration of nfs mounts.
We can mount server uploaded directory on a nested directory
only.
Note: Automounting has to implement only in client
Steps to configure automounting:
(now we are trying to mount server exported /data on /sun/moon in
client)

#vi /etc/auto.master
(this file contains information about nfs mount directory and second
maping file and time out session)
Edit at last line:
/sun /etc/auto.misc --timeout=5
(default timeout is 1 minute here in configuration file timeout
identifies as seconds)
save&quit
#vi /etc/auto.misc
this file contains information aboout hidden directory filesystem
type and location of server and share directory.
syn: <directory> <permissions> <server IP>:<shared directory>
ex:moon -rw,soft,intr 192.168.0.1:/data
save&quit
(here soft means whenever we are trying to edit into /sun/moon it
will automatically create a soft link between server and client)
intr is used to break the soft link whenever we comes out from the
nested directory by reading timeout

To check:
#cd /sun/moon
SAMBA Server Configuration in Linux (Redhat or CentOS 6)

SAMBA SERVER

The samba server will provide user authentication via passwords

and optionally domains. Samba can also try AFS(andrew file system)
authentication, granting AFS rights if successfull or falling back to
native password checking otherwise.

Samba also has the ability through the winbindd daemon, to

attach to a microsoft daemon password server.
When a redhat linux is running the winbindd service user
accounts defined in the microsoft domain can be used to
authenticate to the redhat linux machine.
Additionally in samba version 3.0 and later the samba services can
use some microsoft active directory resources.

SAMBA SERVICES:
Four main services of samba
1)Authentication and authorization of users
2)File and printer sharing
3)Name resolution
4)Browsing(service announcements)

Related:
smbclient command line access
linux can mount a samba share using cifs and smbfs filesystem
File and printer sharing is probably the most attractive samba
feature for most users. With this functions users can easily retrive
files or print to any printer over the network.

SERVICE PROFILE:
Type: System V-managed service
Packages: Samba,samba-common,samba-client
Daemons: /usr/sbin/nmbd,/usr/sbin/smbd
Script: /etc/init.d/smb
Ports: <netbios> 137(-ns),138(-dgm),139(-ssh),<smb over tcp>
445(-ds)
Configuration file: /etc/samba/smb.conf
Related: system-config-samba,testparm

Steps to configure samba server:

#yum install samba-* -y
#service smb start
#chkconfig smb on
#vi /etc/samba/smb.conf
copy last 8 lines and paste under change as follows
[linux]
comment=<any data>
path=/exam(directory to be shared)
valid users=sam john
writable= yes
printable= no
hosts allow= 192.168.0.(allowable network)

here we are sharing /exam directory to sam and john they can read
write /exam from any of 192.168.0. network system by using a share
name linux
Note: we have to provide samba password for both users
#smbpasswd -a <username>
samba passwords will store under /etc/samba/smbpasswd
To check syntax of configuration file:
#testparm
#service smb restart
#mkdir /exam
#chmod 777 /exam
(here we have to set selinux context )
#chcon -t samba_share_t /exam
#setsebool -P allow_smbd_anon_write=1

FROM LINUX CLIENT:

Note: Client must have samba-client package
#yum install samba-* -y
#service smb start
#service smb restart
#smbclient //<server IP>/<share name> -U <username>

try to get and put

to disconnect
smb> (type exit)

from windows client

Ist method :

right click on mynetwork places--- select mapnetwork drive---

choose a drive
in folderbox type \\<serverip>\sharename
select finish
type username and password
try to create some files and folders

to disconnect

rightclick on mynetwork places disconnect network drive

select drive click ok

IInd Method

start---run ----
\\<serverip>\<sharedirectory>
provide username and password

to access user homedirectory

#setsebool -P samba_enable_home_dirs 1

from linux client

#smbclient //<serverip>/<myhomes> -U <username>

from windows client

start--run--\\<serverip>\<myhomes>
provide username & password

to give directory for a specific group

vi /etc/samba/smb.conf
[<sharename>]
path=<exported directory>
write list=@<group name>

ex:
[linux]
path=/exam
write list=@sales

DNS Configuration in Linux (Redhat or CentOS 6)

DNS (Domain Naming Service)

DNS is a service which is used to resolve host to IP address and
zone records & configuration files.

MASTER DNS :

There are two types of zonerecords

1) Forwad lookup zone
2) Reverse lookup zone

By defaults, computer connects to another computer with the

help of IP address

Forward lookup zone

--------------------
It converts names into IP addresses

Reverse lookup zone

-------------------
It converts IP addresses to names

Steps:
#yum install bind-* caching-nameserver*-y
#service named start
#chkconfig named on
#cd /var/named/chroot/etc
#ls
#cp named-caching-nameserver named.conf
#vi named.conf
delete ipv6 lines (line nos. 16 &22)

(line no15) Listen on port 53 {127.0.0.1; 192.168.0.254;}

(here 192.168.0.254 is server ip
(line no 21) allow-query 192.168.0.0/24 (clients range)
(line no 30) match-clients {local host; 192.168.0.0/24; } (here
192.168.0.0/24 is clients ip range & subnet mask)
(line no 31) match-destinations {localhost; 192.168.0.0/24;}
save&quit

# vi /etc/rfc1912.zones
copy ten lines from 21 to 31 and paste under 31
change as follows
zone "redhat.com" IN {
type master;
file "redhat.for"
allow-update { none; };
};
zone "0.168.192.IN-addr-arpa IN {
type master;
file "redhat.rev"
allow-update { none; };
};

(here redhat.com is domain name and 0.168.192. is redhat.coms

network range redhat.for is forward look up zone & redhat.rev is
reverse lookup zone)
save & quit
# chgrp named named.conf
#chgrp named named.rfc1912.zones
#cd /var/named/chroot/var/named
#cp localhost.zone redhat.for
#cp named.local redhat.rev
# vi redhat.for
change as follows
$TTL 86400
@ IN SOA redhat.com. root.redhat.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

IN NS server1.redhat.com.
server1.redhat.com. IN A 192.168.0.254
www254.redhat.com. IN CNAME server1.redhat.com.
station1.redhat.com. IN A 192.168.0.1
www1.redhat.com. IN CNAME station1.redhat.com.
station2.redhat.com. IN A 192.168.0.2
www2.redhat.com. IN CNAME station2.redhat.com.
xxx2.redhat.com. IN CNAME station2.redhat.com.
yyy2.redhat.com. IN CNAME station2.redhat.com.
station3.redhat.com. IN A 192.168.0.3
www3.redhat.com. IN CNAME station3.redhat.com.
station4.redhat.com. IN A 192.168.0.4
www4.redhat.com. IN CNAME station4.redhat.com.
station5.redhat.com. IN A 192.168.0.5
www5.redhat.com. IN CNAME station5.redhat.com.
station6.redhat.com. IN A 192.168.0.6
www6.redhat.com. IN CNAME station6.redhat.com.

(zone: zone is a storage database which contains all zone records

forward lookup zone: used for resolving hostname to ipaddress & it

maintains host to ip mapping information
reverse lookup zone: used for resolving ip address to hostname & it
maintains ip to hostname mapping information

types of records:
SOA : sort of authority the first record in any zone it indicates who
is authority for this domain
NS :nameserver it identifies the dns server for each zone
A record : resolves hostname to ip address
CNAME record : resolves an alias name to a hostname
PTR record : resolves an ipaddress to a hostname
MX record : resolves mail server ip (used by mail server)
TTL :time to live)
save & quit

#vi redhat.rev
(change as follows)
$TTL 86400
@ IN SOA redhat.com. root.redhat.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS server1.redhat.com.
254 IN PTR server1.redhat.com.
1 IN PTR station1.redhat.com.
2 IN PTR station2.redhat.com.
3 IN PTR station3.redhat.com.
4 IN PTR station4.redhat.com.
5 IN PTR station5.redhat.com.
6 IN PTR station6.redhat.com.

save & quit

# chgrp named redhat.for

# chgrp named redhat.rev
# service named restart

to check:
#dig server1.redhat.com
#dig -x 192.168.0.1
(if answer is 1 server is ready if answer is 0 server has some error)

to check error in configuration file

#named-checkconf redhat.com /var/named/chroot/etc/named.conf

to check errors in zone record

#named-checkzone redhat.com
/var/named/chroot/var/named/redhat.for
#named-checkzone redhat.com
/var/named/chroot/var/named/redhat.rev
 SLAVE DNS

Master DNS Server

It is the Master Copy of all the Zone Information.
It is Read/Write copy.

Slave DNS Server

It is Slave Backup of Master zone. It is Read Only

if any error may occur to your dns server at the time the entir
network will stop.sometimes it may cause huge damage.for that one
we are createing slave dns for faulttolerance and load balancing.

we need another system which contains server o/s

steps

#yum install bind-* caching-nameserver -y

#service named start
#chkconfig named on
#cd /var/named/chroot/etc/named-rfc1912.zone

(change as follows)
copy 10 lines from 21 to 31 paste under 31
zone "redhat.com"
type slave;
file "redhat.for"
masters {192.168.0.254:};

zone "0.168.192. IN-ADDR-arpa" IN {

type slave ;
file " redhat.rev"
masters {192.168.0.254;};

save& quit

#service named restart

go to client
#i /etc/resolv.conf
nameserver 192.168.0.254
nameserver 192.168.0.1 (slave dns ip)

FORWARDERS

if you have trusted relationship with another company those

comapny users can enter into our network & our company users can
enter into their network by using this forwarders

steps
in master dns server
# vi /var/named/chroot/etc/named.conf

add aline
forwarders {192.168.10.254:};
forward only ;
};
(here 192.168.10.254 is trusted companies dns)
save & quit

#service named restart

APACHE Web Server Configuration on Linux RHEL / CentOS 5&6

APACHE Web Server Configuration

Different web servers in world :-

Tux: Kernel based only text support, Very fast

Stronghold : from RedHat Linux
Sun one: Also known as iPlanet from Sun Microsystems
AOL server : American online free web server
Apache : Open source
NETSCAPE

what is apache?

Apache is a freeware & is the Most Popular& widely used Web

Server which consumes 60% of web market that can be configured
in both windows and LINUX.
apache server is used to launch our web pages as websites.

service profile:
type: System V-managed service
packages: httpd,httpd-devel,httpd-manual
Daemon: /usr/sbin/httpd
script:/etc/init.d/httpd
ports: 80(http).443(https)
configuration file: /etc/httpd/conf/httpd.conf
related: system-config-httpd,mod_ssl
default selinux daemon : /var/www

steps to configure apache:

#yum install httpd-* -y
#service httpd start
#chkconfig httpd on
#vi /etc/httpd/conf/httpd.conf
copy 7 lines (line no 984 to 990)
paste under 990 line
change as follows
<VirtualHost 192.168.0.17>
992 ServerAdmin root@station17.redhat.com
993 DocumentRoot /var/www/html
994 ServerName station17.redhat.com
995 </VirtualHost>

(here 192.168.0.17 is our system's ip & /var/www/html is the

document root here we have to place web page to convert as web
site NOTE: web page must be with a name of index.html)
save&quit

cd /var/www/html
vi index.html
(type as follows)
<head>
<body bgcolor=red>
<h1> " welcome to cyber web services" <h1>
</body>
</head>
save & quit
#service httpd restart
open firefox and type in url
http://station17.redhat.com(now the website will appear)
to launch virtual websites using virtual hostnames

#vi /etc/httpd/conf/http.conf
(line no 971) # name vitual host *: 80 (remove # and *:80) type ur
system ip
(namevirtualhost 192.168.0.17 )
copy last five lines and paste under it

VirtualHost 192.168.0.17>
ServerAdmin root@www17.redhat.com
DocumentRoot /var/www/virtual
serverName www17.redhat.com
</VirtualHost>

(here we are changing system name as www17.redhat.com and

document root under /var/www/virtual)
save & quit
#mkdir -p /var/www/virtual
# cd /var/www/virtual
# vi index.html
<head>
<body bgcolor=green>
<h1> "welcome to virtual website" <h1>
</body>
</head>
save & quit
#service httpd restart

to check
open mozilla
type http://www17.redhat.com

to create virtual webpages under any directory

by default selinux allows webpages which are located under

/var/www/ if we want to launch a webpage which is not present
under /var/www we have to change selinux context,boolean values.

ex:
# vi /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.0.17>
 ServerAdmin root@xxx17.redhat.com
DocumentRoot /cyber
serverName xxx17.redhat.com
</VirtualHost>
save&quit
#mkdir /cyber
#cd /cyber
#vi index.html
<html>
<body bgcolor=blue>
<h1> "welcome to cyber'+'technologies" <h1>
</body>
</html>
save & quit
#chcon -R --reference=/var/www/html /cyber
#service httpd restart

to check :
open mozilla
type in url box as follows
http://xxx17.redhat.com(u will get website)

(Click On below image to large......)

##############################################
################################
 TRY THINGS AFTER PRACTICING EXAM ESSENTIALS

to create link pages in a website

#vi /etc/httpd/httpd.conf
<VirtualHost 192.168.0.17>
ServerAdmin root@www17.redhat.com
DocumentRoot /var/www/virtual
serverName www17.redhat.com
Alias /training /var/www/training (add this line in that website)
</VirtualHost>

save & quit

# cd /var/www/
#cat > training
(type any thing)
save
#service httpd restart

to check :
go to mozilla
type www17.redhat.com/training

to create Authenticated websites

#vi /etc/httpd/conf/httpd.conf

<Directory /var/www/html>
AllowOverride AuthConfig
</Directory>
save & quit

# cd /var/www/html
#vi .htaccess
AuthName "it"
AuthType Basic
AuthUserfile /etc/httpd/conf/passwd
require valid-user
we have to provide http password for an user to view this website
#htpasswd -mc /etc/httpd/conf/passwd sam
(type password 2 times)

#service httpd restart

to check :

open mozilla ---clear private data ---in url type

http://station17.redhat.com
(give username&password)

to restrict a particular user or particular system to access a website

#vi /etc/httpd/conf/httpd.conf

<Directory "/var/www/html">
Order Allow,deny
Allow from all
deny station12.redhat.com
</Directory>
( here we are denying station12.redhat.com)

to check try to open station17.redhat.com from station12 system

to create ssl certificate for an web server

#yum install openssl-* -y

#yum install mod-ssl-* -y

# vi /etc/httpd/conf.d/ssl.conf
(line no134) #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
(remove #)
save&quit
#cd /etc/pki/tls/certs
make genkey
provide passphrase
#make testcert
passphrase(create with samepassword)
provide country,city,office,mailaddress
#service httpd restart
to run scripts

#vi test.sh
#!/bin/bash
echo Content-Type:text/html
echo
--
date
ls -l
echo welcome to cyber services

save&quit
#mkdir -p /var/www/hml/cgi-bin
#cp -rf test.sh /var/www/html/cgi-bin/
#cd /var/www/html/cgi-bin/
#cd ..
#chown -R apache.apache cgi-bin
#cd cgi-bin
#chmod 755 test.sh
#vi /etc/httpd/conf/httpd.conf
add a line in website data
ScriptAlias /cgi-bin "/var/www/html/cgi-bin"
save&quit
#service httpd restart
#setsebool -P httpd_tty_comm on
#setsebool -P httpd_enable_cgi 1
#setsebool -P httpd_sys_script_exec_t rw

to check:

open mozilla

type http://station17.redhat.com/cgi-bin

DHCP Configuration in Linux (Redhat or Centos 6)

DHCP(Dynamically Host Configuration Protocol)

dhcp provide a method for hosts on a network to request and be

granted,configuration information including the address of routers
and nameservers
Ipv4 addresses are either dynamically assigned from a range of
address and netmask,its default gateway .Domain name and dns
server,timeserver,and location of kickstart conf.files

service profile:

type :SysteV-managed service

package:dhcp
Daemon: /usr/sbin/dhcpd
script : /etc/init.d/dhcpd
ports : 67(bootps), 68 (bootpc)
conf.file: /etc/dhcpd.conf,/var/lib/dhcpd/dhcpd.leases
related: dhclient,dhcpv6-client,dhcpv6

steps to configure dhcp server:

#yum install dhcpd-* -y

#service dhcpd start
#chkconfig dhcpd on
#cp /usr/share/doc/dhcp-3.0.5/dhcpd.conf.sample /etc/dhcpd.conf
# vi /etc/dhcpd.conf
(change as follows)

ddns-update-style interim;
ignore client-updates;

subnet 192.168.0.0 netmask 255.255.255.0 {

# --- default gateway

option routers 192.168.0.254; (server ip)
option subnet-mask 255.255.255.0; (subnetmask)

option nis-domain "domain.org";

option domain-name "redhat.com"; (domain name)
option domain-name-servers 192.168.0.254; (dns ip)

option time-offset -18000; # Eastern Standard Time

# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change
this unless
# -- you understand Netbios very well
# option netbios-node-type 2;

range dynamic-bootp 192.168.0.1 192.168.0.20; (ip range)

default-lease-time 21600;
 max-lease-time 43200;

save & quit

#service dhcpd restart
if you want to give a specific ip for a system

at the end of the file specify as follows

host station1
{ hardware ethernet 00:a0:cc:3d:45:3e
fixed address 192.168.0.10;
}
}
(here in this example we are providing 192.168.0.10 for a
specific system we have to type mac address of that system at
hardware ethernet)

(Click on Image to Large...)

NIS Configuration in Linux (Redhat or CentOS 6)

NIS (Network Information Server)

The two common authentication servicesare the Network

Information Service (NIS)
and the Lightweight directory Access Protocol (LDAP).

Both NIS and LDAP allows to manage all users &computer centrally.
it works with the help of sunrpc
here passwords are in clear text format. we normally use nfs along
wuth nis to share users home directories from server to client for
security purpose

steps to configure nis

#yum install yp* -y
#service ypserv start
#chkconfig ypserv on
#service ypbind start
#service ypxfrd start
#service yppasswdd start
#vi /var/yp/Makefile
(change as follows)
all: passwd group hosts rpc services netid protocols mail \
change as follows
all: passwd group hosts
# rpc services netid protocols mail \
save&quit
#/usr/lib/yp/ypinit -m (to make as master nis server)
ctrl+d
y (to create database)
#useradd user1
#useradd user2
#cd /var/yp
#make (to update database)

to set nisdomain name:

#nisdomainname RHCE
#vi /etc/sysconfig/network
add a new line
NISDOMAINNAME=RHCE
save&quit
#service network restart
#service ypxfrd restart
#service ypbind restart
#service yppasswdd restart
#service ypserv restart

(sharing home directories via nfs)

#yum install nfs-* -y
#service portmap start
#service portmap restart
#service nfs start
#chkconfig portmap on
#chkconfig nfs on
#vi /etc/exports
/home/u1 *.redhat.com(rw,sync)
save&quit
#service nfs restart
#exportfs -v
#exportfs -r

client side configuration:

#yum install yp-bind-* -y

#service ypbind start
#chkconfig ypbind on
#setup
select Authentication
select nis
provide nis domainname&nis server ip
#setsebool -P allow_ypbind 1
#vi /etc/auto.master
add a new line
/home /etc/auto.misc
save7quit
u1 -rw,soft,intr server1.redhat.com:/home/u1
save&quit
#service autofs restart
#getent passwd u1
# su - u1

KICKSTART Server Installation In Linux (REdhat or CentOS 6)

KICKSTART SERVER

this server is used for remote installation & Automatic installation

of o/s

steps :
keep rhel or centOS 5 or 6 dvd in cdrom
#mount /dev/cdrom /mnt
#cd /mnt
#cd Server
#rpm -ivh pykickstart-0.43-1.el5.noarch.rpm --force --aid
#system-config-kickstart-2.6.19.1-1.el5.noarch.rpm --force --aid
enter below command
#system-config-kickstart
open screen like below screen shots..
we have provided screen shots for this
save this file under /var/ftp/pub(with a name with .ks extension)
client side:

place linux bootable cd

type
linux ks:nfs://<server ip>/var/ftp/pub/<ks filename>
installation is starttttttt..........................

MAIL Server Configuration on RHEL / CentOS

MAIL SERVER

Sendmail
Postfix
Qmail:
The Qmail MTA is another alternative to sendmail.
It is used by an impressive list of Internet sites.
Smail:
It is reportedly easier to configure than sendmail.
It also includes support for blocking messages.
Exim:
The Exim MTA was developed at Cambridge (U.K.) and is licensed
under the GPL. While based on an older MTAknown as Smail

Features of mail server:

we can forward mails from one domain to another domain.with the

help of this mail server we can forward mails to branches or public
mailserver must have public ip

we have three types of mail servers

1)MUA
2)MTA
3)MDA

sending & recieving mails using TCP/IP protocols such as

SMTP server (simple mail transfer protocol port no.25)
pop3 server (postoffice protocol port no.110)
nmtp server (network news transfer protocol port no.119)
imap server (internet message access protocol port no.143)
x.500 server (directory server)
ldap server (leightweight directory access protocol)
x.400 server (message handling system)

Functions of mail server:

Sending and receiving mail from one user to group of users over
internet
Sending and receiving mail from one mail server to different mail
servers over internet
Sending and receiving mail that contains voice, images, sounds,
movies
(Note:MIME is the service which is used to share voice, images,
sounds, movies over internet. MIME-multipurpose mail extension)

Different mail servers:

Exchange server Microsoft

Send mail Linux/unix
Qmail Linux/unix
Postfix Linux/unix
Squirell mail Linux/unix
Lotus domino IBM(we can use on any operating system)
Lotus notes(client) IBM
Novel groupwise Novel

MUA:(mail user agent)

this is a client side package used to retrive mails from mail server
ex:mail(text),mutt,evolution,kmail

MTA(mail transfer agent)

this is the server side service used to send and receive mails with in
the domain
ex:sendmail(text&gui),postfix,qmail

MDA:(mail delivery agent)

this is the server side service used to send and receive mails from
one mailserver to another mail server.
ex:dovecot,procmail
Send mail:
It listens mails sent by MUA's through port no.25.
in this mail server mails will be strictly check for exploids and
regenerate the packet and send to MDA.

we have two types in MDA:

1)pop3
2)IMAP
1)pop3:(postoffice protocol 3 port no.110)
mails are in /var/spool/mail
The pop3 connect to server with port no.110 and downloads
/var/spool/mail/U1 and the clients every mail and move it to the
client p.c(don't have backup)
The entire mails of user(U1) are downloaded into client system. It
any damage had done to the client system. I want to get back.
2)IMAP:
From the client it connects to port no.143 and get the mails of the
user(one copy) and it doesn't remove original file when ever the
damage occurs in client p.c. We can download another copy from
server.

pop3--> moves original mails to the client

IMAP--> It send only one copy of the mails to the client

steps to configure mailserver

(here we are configuring MTA & MDA in one system)

#yum install sendmail-* -y

#service sendmail start
#chkconfig sendmail on
#cd /etc/mail
#vi sendmail.mc
add dnl # for line no116
ex:DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
save&quit

[root@server1 mail]# m4 sendmail.mc > sendmail.cf

# service sendmail restart
(to configure MDA)
#yum install dovecot-* -y
#service dovecot start
#chkconfig dovecot on
#vi /etc/dovecot.conf
(line no17) #protocols = imap imaps pop3 pop3s(remove #)
save &quit

to check:

add 2users login as one user & send mail to another user
then login as second user type mail

2nd method

as root: mutt -f {mahesh@server1.redhat.com}

yes
provide mahesh password
O

configuruing e-mail aliases:

if u want to send an users mails to another user we have to

configure email alias
steps

#vi /etc/aliases
go to last line add as follows
mahesh: john (here in this example we are redirecting mahesh
mails to john)
save&quit
#newaliases (to update /etc/aliases file)

tocheck :
send a mail to sam from remote system
you have to get mail in john mailbox

###################################

SQUIRRELMAIL (Gui based mail server)

to configure squirrel mail server

#yum install squirrelmail-* -y
#service httpd start
#service dovecot start
open mozilla
type http://sever1.redhat.com/webmail
provide username&password
now u can send or recieve mails from remote systems or remote
mail servers

to check:
add an user send mail to that user from remote system
#############################################

SSL Certification (Secure Socket Layer)

by using ssl certification we can encrypt the data transfer between

one user to another user or one mailserver to another mailserver

#vi /etc/dovecot.conf
(line no 87 & 88)
#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem (remove # for
two lines)
save&quit
#make -C /etc/pki/tls/certs dovecot.pem
provide country,state,city,organization,server,user info (user must
not root)
#cp /etc/pki/tls/certs/dovecot.pem /etc/pki/tls/private
#service sendmail restart
#service dovecot restart

How to clustering in Redhat Linux and CentOS 5&6

Configuring A High Availability Cluster (Heartbeat) On CentOS

This guide shows how to set up a two nodes, High-availability HTTP

cluster with heartbeat on CentOS/RHEL. Both nodes use the Apache
web server to serve the same content.

Pre-Configuration Requirements

Assign hostname node01 to primary node with IP

address 192.168.0.20 to eth0.
Assign hostname node02 to slave node with IP
address 192.168.0.21.
Note: on node01
#uname -n
must return node01.

On node02
#uname -n
must return node02.

192.168.0.22 is the virtual IP address that will be used for our

Apache webserver (i.e., Apache will listen on that address).

Configuration:

1. Download and install the heartbeat package. In our case we are

using CentOS/RHEL so we will install heartbeat with yum command:

#yum install heartbeat

or download these packages:

heartbeat-2.08
heartbeat-pils-2.08
heartbeat-stonith-2.08

2. Now we have to configure heartbeat on our two node cluster. We

will deal with three files. These three files are:

authkeys
ha.cf
haresources

3. Now moving to our configuration files . But there is one more

thing to do, that is to copy these files to the /etc/ha.d directory. In
our case we copy these files as given below:

#cp /usr/share/doc/heartbeat-2.1.2/authkeys /etc/ha.d/

#cp /usr/share/doc/heartbeat-2.1.2/ha.cf /etc/ha.d/
#cp /usr/share/doc/heartbeat-2.1.2/haresources /etc/ha.d/

4. Now let's start configuring heartbeat. First we will deal with

the authkeys file, we will use authentication method 2 (sha1). For
this we will make changes in the authkeysfile as below.

#vi /etc/ha.d/authkeys

Then add the following lines:

auth 2
2 sha1 test-ha

Change the permission of the authkeys file:

#chmod 600 /etc/ha.d/authkeys

5. Moving to our second file (ha.cf) which is the most important. So

edit the ha.cf file with vi:
#vi /etc/ha.d/ha.cf

Add the following lines in the ha.cf file:

logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
initdead 120
bcast eth0
udpport 694
auto_failback on
node node01
node node02
Note: node01 and node02 is the output generated by

#uname -n

6. The final piece of work in our configuration is to edit

the haresources file. This file contains the information about
resources which we want to highly enable. In our case we want the
webserver (httpd) highly available:

#vi /etc/ha.d/haresources
Add the following line:

node01 192.168.0.22 httpd

7. Copy the /etc/ha.d/ directory from node01 to node02:

#scp -r /etc/ha.d/ root@node02:/etc/

8. As we want httpd highly enabled let's start configuring httpd:

#vi /etc/httpd/conf/httpd.conf
Add this line in httpd.conf:

Listen 192.168.0.22:80

9. Copy the /etc/httpd/conf/httpd.conf file to node02:

#scp /etc/httpd/conf/httpd.conf root@node02:/etc/httpd/conf/

10. Create the file index.html on both nodes (node01 & node02):

On node01:

#echo "node01 heartbeat test server" > /var/www/html/index.html

On node02:
#echo "node02 heartbeat test server" > /var/www/html/index.html

11. Now start heartbeat on the primary node01 and slave node02:

#/etc/init.d/heartbeat start

12. Open web-browser and type in the URL:

http://192.168.0.22
It will show node01 apache test server.

13. Now stop the hearbeat daemon on node01:

#/etc/init.d/heartbeat stop
In your browser type in the URL http://192.168.0.22 and press enter.

It will show node02 apache test server.

14. We don't need to create a virtual network interface and assign
an IP address (192.168.0.22) to it. Heartbeat will do this for you,
and start the service (httpd) itself. So don't worry about this.

Don't use the IP addresses 192.168.0.20 and 192.168.0.21 for

services. These addresses are used by heartbeat for communication
between node01 and node02. When any of them will be used for
services/resources, it will disturb hearbeat and will not work. Be
carefull!!!