3D Desktop

Available Packages: Compiz, Beryl Compiz: By installing the package compiz and enabling the Desktop Effects in the system menu. rpm ivh compiz-0.0.13-0.36.20060817git.el5.i386.rpm --aid System -> Preferences -> Desktop Effects Now By accessing the following keys to get the 3D Desktop: Ctrl + Alt + Arrow keys, & Using Mouse. Beryl: Copy the Beryl packages in to a directory /var/ftp/pub/Beryl Adding an entry in the /etc/yum.repo.d/<server1>.repo vim /etc/yum.repo.d/server1.repo [Beryl] name=server1 SERVER repository baseurl=file:///var/ftp/pub/Beryl gpgcheck=0 createrepo -v /var/ftp/pub/Beryl yum install y beryl* For client machines add an entry in the /etc/yum.repos.d/<client>.repo vim /etc/yum.repo.d/client.repo [Beryl] name=Client Server Repository baseurl=ftp://192.168.0.254/pub/Beryl gpgcheck=0 yum install y beryl* Starting the beryl settings Applications -> System Tools -> select Beryl Manager Right click on the Beryl Manager icon in the time toolbar and select Beryl Settings Manager, Now the options are Displayed, change the settings as you wish. Now By accessing the following keys to get the 3D Desktop: Ctrl + Alt + Arrow keys, & Using Mouse

WEB PROXY
Page 1 of 47

PACKAGES NEEDED FOR CONFIGURATION squid IF THE PACKAGES ARE NOT AVAILABLE INSTALL THROUGH YUM INSTALLER yum install squid THE MAIN CONFIGURATION CAN BE EDITED AS FOLLOWS vim /etc/squid/squid.conf http_port 3128 SEARCH FOR THE WORD /OUR_NETWORKS, THEN ENTER THE FOLLOWING LINES acl example src 192.168.0.0/255.255.255.0 http_access allow example --> You can now refer to this network as "example" elsewhere in the configuration file. --> src means that the IP specified is the source Ip(s) for this acl DAEMON SERVICES SHOULD BE STARTED AND ENABLED AFTER REBOOT service squid start/restart/reload chkconfig squid on --> To set the proxy settings in Firefox, navigate to Edit->Preferences. In the General settings, click on the Connection Settings... button. Click the Manual proxy configuration radio button. Add localhost in the HTTP Proxy: box, and 3128 in the Port: box. Click OK to accept the changes. --> Try accessing a web page somewhere.

INSTALL VMWARE ON LINUX

INSTALL VMWARE ON LINUX 1.mount 192.168.0.154:/dumps /media 2.cd /media/VMWARE 3.rpm -ivh VMware-server-1.0.1-29996.i386.rpm 4.yum install gcc kernel-devel xinetd -y 5.vmware-config.pl 6.cat vmware-server.key TO EXTRACT WINDOWS IMAGE 1. scp nanju@192.168.0.154:/home/nanju/suma/raj.tar.bz2 . 2.tar jxvf raj.tar.bz2 -C /var/lib/vmware

Page 2 of 47

CONFIGURE SAMBA SERVER Step 1.mkdir /samba Step 2.chmod a+w /samba Step 3.yum install samba -y Step 4.vim /etc/samba/smb.conf [public] comment = Only users path = /samba public = yes browseable=yes writable = yes printable = no write list = +staff Step 5.service smb restart

CONFIGURE SAMBA SERVER

OPTIONS THAT CAN BE GIVEN IN FILE Step 1.If browseable=yes ->we CAN see the shared dir If browseable=no -> we CANNOT see the shared dir Step 2.If public=yes ->Allows anonymous Login If public=no ->Stops anonymous Login Step 3.writable = no ->uploading is denied for BOTH the users. writable = yes ->uploading is allowed for BOTH the users Step 4 a. writable =no + ->Allows only u1 to upload files, but b. write list =u1 both writable=no and writelist=u1 shuld b enabled Step 5.hosts allow=127. 192.168.0.20 ->Allow only 192.168.0.20 ip to access share, other ips are denied CLIENT COMMANDS Step 1.smbclient -L //192.168.0.48/share ->List directories shared Step 2. smbclient //192.168.0.48/share ->Anonymous Login get <file> put <file> Step 3a. To generat passwd to allow for non-anonymous login 1. smbpasswd -a u1 2. service smb restart Step 3b. smbclient //192.168.0.48/share -U u1 ->Non Anonymous Login get <file> put <file>

PORT MONITORING TOOLS

SHOWS all applications running in local machine Page 3 of 47

1. pkg:-net-tools-1.60-73 -> installed by default netstat -tulpn |grep <service> t->tcp u->udp l->listening p->pid n->numericip 2. pkg:-nmap-4.11-1.1 -> installed by default nmap <ip.address> |grep <service> SHOWS all applications running in entire network 1. yum install wireshark Applications-->Internet-->wireshark-->capture 2. pkg:-tcpdump-3.9.4-11.el5 -> installed by default tcpdump -c <ip.address> |grep <service>

Services which contain libwrap module can use hosts.deny to control Access ldd /usr/sbin/vsftpd |grep libwrap ldd /usr/sbin/sendmail |grep libwrap ldd /usr/sbin/sshd |grep libwrap To restrict a host/network to control access to a Service. 1. Using Hostname/Domain name vim /etc/hosts.deny -> vsftpd *.example.com ->All hosts in example.com denied to access ftp -> vsftpd server.example.com ->Host server in example.com denied to access 2. Using Ipaddress/Network vim /etc/hosts.deny -> vsftpd 192.168.1.0/255.255.255.0 ->All hosts in 1.0 N/W denied. -> vsftpd 192.168.1.4 ->Host 1.4 denied. 3. To Deny all except few vim /etc/hosts.deny -> sshd:ALL EXCEPT matrix.com matrix.com

TCP WRAPPERS

->Any domain other than are denied the Access to ssh.

4. To Allow all except few vim /etc/hosts.allow -> ALL *.example.com EXCEPT *.matrix.com ->Any domain other than matrix.com are Allowed to Access. Both entries allow/deny can be given in either hosts.allow or hosts.deny file SSH Configuration
Page 4 of 47

SSH Configuration
--> Pkg -openssh Daemon -sshd Portnum -22 Files -/etc/ssh/sshd_config .ssh/* ---> vim /etc/ssh/sshd_config 1. Line 13 -> change port num. Port 53 service sshd restart client connecting to your machine should connect giving like this ssh -p 53 <server ip> , Only then it connects. 2. Line 37 -> Allow/stop user to ssh Allow Users u1 Deny Users u2 service sshd restart This stops a client to connect as u2 and can connect as only u1 user. 3. Line 37 -> Allow/stop user to ssh Allow Groups asia DenyGroups america service sshd restart This stops a client to connect as any members of america, and can connect as any member os america. 4. Line 38 -> Login grace time. LoginGraceTime 1m service sshd restart Once you connect to sshserver, you haf to provide passsword within a min, or connection fails. 5. Line 39 -> Root login allowed/not-allowed PermitRootLogin no service sshd restart This stops a client to ssh as root user,anb can connect as normal user only 6. Line 41 -> Password prompts MaxAuthTries 1 service sshd restart Password is prompted only twice within which he has to give right password
Page 5 of 47

to authenticate. 7. Line 96 -> Stop Gui Access X11Forwarding no service sshd restart Thou the client connects to your server using ssh -X <server.ip>, they wont be able to connect to GUI of Server 8. Generating Public/Private key To generate the key->Generates id_dsa,id_dsa.pub files under .ssh dir ssh-keygen -t dsa To copy key to client machine->copies id_dsa to .ssh of clients machine ssh-copy-id -i /root/.ssh/id_dsa <clients.ip>

Syslog Server
Configure Syslog server Step 1.vim /etc/sysconfig/syslog sysLOGD_OPTIONS = "r" Step 2.service syslog restart Step 3. tailf /var/log/message To redirect all clients log message to file called remote Step 1.vim /etc/syslog.conf Step 2.*.* /var/log/remote Clients to redirect there logs to syslogserver(192.168.0.45) Step 1.vim /etc/syslog.conf *.* @192.168.0.45 Step 2.service syslog restart

Configure a DHCP Server Step 1. yum install dhcp -y Step 2. cp /usr/share/doc/dhcp-3.0.5/dhcpd.conf.sample /etc/dhcpd.conf Step 3. vim /etc/dchpd.conf set Servers ip, domainname,Nisdomainname,Subnet and other details Step 4. service dhcpd restart tailf /var/log/messages Configure a DHCP Client

DHCP Server Configuration

Page 6 of 47

To make a client of dhcp Server Step 1. dhclient OR Step 2. system-config-network ->select from dhcp Step 3. service network restart Database : cat /var/lib/dhclient/dhclient.leases cat /var/lib/dhclient/dhclient-eth0.leases Email ThisBlogThis!Share to TwitterShare to Facebook To make a client of dhcp Server Step 1. dhclient OR Step 2. system-config-network ->select from dhcp Step 3. service network restart Database : cat /var/lib/dhclient/dhclient.leases cat /var/lib/dhclient/dhclient-eth0.leases Email ThisBlogThis!Share to TwitterShare to Facebook

Different types of configure httpd (apache)

IP BASED Step 1. yum install httpd -y Step 2. ifconfig eth0:0 192.168.0.32 Step 3. ifconfig eth0:1 192.168.0.33 Step 4. vim /etc/httpd/conf/httpd.conf Step 5. vim /var/www/html/index.html here Step 6. service httpd restart Step 7. elinks 192.168.0.30 Step 8. elinks 192.168.0.32 Step 9. elinks 192.168.0.33 ips ->set virtual ip ->edit this files ->create web page

//Displays webpage for all 3

NAME BASED Step 1. vim /etc/httpd/conf/httpd.conf Step 2. mkdir /var/www/virtual Step 3. cd /var/www/virtual Step 4. vim index.html Step 5. vim /var/named/forward.zone in Dns server www CNAME server.matrix.com Step 6. service named restart Step 7. host www.matrix.com
Page 7 of 47

->Edit line 972

//5th to 7th To be done

Step 8. vim /etc/httpd/conf/httpd.conf Step 9. service httpd restart Step 10. elinks server.matrix.com Step 11. elinks www.matrix.com /var/www/virtual Step 12. elinks server.matrix.com /var/www/html HOST AUTHENTICATION Step 1. vim /etc/httpd/conf/httpd.conf Step 2. service httpd restart Step 3. elinks server.matrix.com defined

->Edit End of line

//Shows page in //Shows page in

->Edit the file ->Allows/Deny as per

USER AUTHENTICATION Step 1. vim /etc/httpd/conf/httpd.conf ->Edit the file Step 2. cd /var/www/html Step 3. vim .htaccess ->create this file and add contents Step 4. htpasswd -c /var/www/html/.htpasswd <user1> Step 5. htpasswd /var/www/html/.htpasswd <user2> Step 6. service httpd restart Step 7. elinks server.matrix.com ->Authenticate for user/passwd HTTPS Step 1. yum install mod_ssl -y Step 2. cd /etc/pki/tls/certs Step 3. rm -rf localhost.crt Step 4. rm -rf ../private/localhost.key Step 5. make genkey Step 6. make testcert Step 7. vim /etc/httpd/conf/httpd.conf ->Edit this file Step 8. setsebool -P httpd_disable_trans on Step 9. service httpd restart Step 10. URL--> https://server.matrix.com ->Allow only https USERHOMEDIR Step 1. vim /etc/httpd/httpd.conf ->Edit this file line 355 ->Comment the line line 362 ->UNComment the line line 370 to 381 ->UNComment the line Page 8 of 47

Step 2. service httpd restart cd /home/u1 ->get into user u1's home dir Step 3. mkdir public_html Step 4. cd public_html Step 5. vim index.html Step 6. chmod a+x /home/u1 Step 7. chcon -R --reference /var/www/ /home/u1/public_html Step 8. elinks server.matrix.com/~u1

Transmission Torrent on Linux

RHEL/CentOS5 cd /etc/yum.repos.d/ wget http://geekery.altervista.org/geekery-el5.repo RHEL/CentOS6 cd /etc/yum.repos.d/ wget http://geekery.altervista.org/geekery-el6.repo NOTE 02/09/2011: I've updated EL6 repo file, substituting $basearch with $arch (there was a problem with RHEL/CentOS 6 i686) NOTE 25/09/2011: RHEL/CentOS 6 x86_64 users have to replace $arch with $basearch in the repo file External repositories installation RPMforge RHEL/CentOS5 i386: wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.22.el5.rf.i386.rpm rpm -ivh rpmforge-release-0.5.2-2.el5.rf.i386.rpm x86_64: wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.22.el5.rf.x86_64.rpm rpm -ivh rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm RHEL/CentOS6 i686: wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.22.el6.rf.i686.rpm rpm -ivh rpmforge-release-0.5.2-2.el6.rf.i686.rpm x86_64: wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.22.el6.rf.x86_64.rpm rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
Page 9 of 47

EPEL RHEL/CentOS5 rpm -ivh http://download.fedora.redhat.com/pub/epel/5/i386/epelrelease-5-4.noarch.rpm

RHEL/CentOS6 rpm -ivh http://download.fedora.redhat.com/pub/epel/6/i386/epelrelease-6-5.noarch.rpm RPM packages installation Then use yum command to install packages, for example: yum install transmission* Answer YES to import the GPG key that I used to sign RPM packages: warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID a4673575 geekery/gpgkey | 1.3 kB 00:00 Importing GPG key 0xA4673575 "Marco Spallacci <marco.spallacci@gmail.com>" from http://geekery.altervista.org/download.php?filename=GEEKERY-GPGKEY Is this ok [y/N]: y

Install Wine on Linux

Wine is also available in the EPEL repository. http://fedoraproject.org/wiki/EPEL/FAQ#Using_EPEL Once installed you should either properly setup yum-priorities, and/or use the '--enablerepo=epel' option with yum when installing wine if you decide to leave that repo disabled overall. root@broken ~]# yum repolist Loaded plugins: fastestmirror, presto, priorities <snip> 55 packages excluded due to repository priority protections repo id repo name status base CentOS-6 - Base 6,019 epel Extra Packages for Enterprise Linux 6 - x86_64 6,444+54 extras CentOS-6 - Extras 1
Page 10 of 47

rpmforge 4,042+1 updates

RHEL 6 RPMforge .net - dag CentOS-6 - Updates

[root@broken ~]# yum list wine Loaded plugins: fastestmirror, presto, priorities <snip> 55 packages excluded due to repository priority protections Available Packages wine.i686 1.2.3-1.el6 epel wine.x86_64 1.2.3-1.el6 epel

Install Torrent Flux on CentOS 5.3

Connect To Your Vps OR Dedicated Box Code: yum update Code: yum install httpd python php mysql-server php-mysql php-common php-gd php-curl RESTART Apache Code: /etc/init.d/httpd restart CREATING MYSQL USER Code: mysql_install_db Apache and mysql Auto Startup on server reboot by using the following commands FOR APACHE Code: chkconfig --levels 235 httpd on AND MYSQL Code: chkconfig --levels 235 mysqld on Restart Mysqld Code: /etc/init.d/mysqld restart Code:
Page 11 of 47

mysqladmin -u root password YOURPASS CREATING A DIRECTORY FOR DOWNLOADING TORRENT FLUX Code: mkdir /var/www/html/torrentflux Next step is to download torrentflux from sourforge by using wget command Code: cd /var/www/html/torrentflux/ Code: wget http://softlayer.dl.sourceforge.net/sourceforge/torrentflux/torrentflux_2.4.tar. gz Uncompressing the archive Code: tar -xzf torrentflux_2.4.tar.gz Moving the torrentflux to previously created dir Code: mv torrentflux_2.4/html/* /var/www/html/torrentflux/ Now we will create required database Code: cd /var/www/html/torrentflux/torrentflux_2.4/sql/ Code: mysql -u root -p Password: YOUR PASS mysql>create database torrentflux; mysql>\q Code: mysql torrentflux < mysql_torrentflux.sql -u root -p Password: YOUR PASS CREATING A DIRECTORY WHRE THE FILES WILL BE DOWNLOADED AND STORED Code: mkdir /downloadz (can put anything u need) chmod 777 /downloadz chown apache.apache /downloadz NOW WE HAVE TO EDIT TORRENTFLUX CONFIG TO AND FILL DB DETAILS Code: Page 12 of 47

nano /var/www/html/torrentflux/config.php IT WILL OPEN THE BELOW THING Code: /**************************************************************************/ // YOUR DATABASE CONNECTION INFORMATION /**************************************************************************/ // Check the adodb/drivers/ directory for support for your database // you may choose from many (mysql is the default) $cfg["db_type"] = "mysql"; // mysql, postgres7, postgres8 view adodb/drivers/ $cfg["db_host"] = "localhost"; // DB host computer name or IP $cfg["db_name"] = "torrentflux"; // Name of the Database $cfg["db_user"] = "root"; // username for your MySQL database $cfg["db_pass"] = "YOUR PASS"; // password for database /**************************************************************************/ EDIT IT TO YOU DB CONFIG press control+x then it asks weather to save the edited data or not.. Press Y for security reasons Code: chmod -R 755 /var/www/ chown -R apache.apache /var/www/ Restarting Code: /etc/init.d/httpd restart /etc/init.d/mysqld restart now to to http://yourip/torrentflux/ default login details is Code: user:goombah pass:iamah change it to your needs..

How to rebuild initrd.img

Boot from the cd type 'linux rescue' at the prompt ignore networking setup allow search for installation chroot /mnt/sysimage mkinitrd /boot/initrd-2.6.18-92.el5.img 2.6.18-92.el5
Page 13 of 47

- exit - reboot

Updating Perl package

Download the latest package from http://www.perl.org/get.html #wget http://www.cpan.org/src/5.0/perl-5.12.3.tar.gz #tar -vzxf perl-5.12.3.tar.gz #cd perl-5.12.3 Before installation ensure gcc and make package is installed #yum install make gcc #./Configure #make #make test #make install #init 6 #perl -v This is perl 5, version 12, subversion 3 (v5.12.3) built for x86_64-linux

Boot MSDOS using syslinux

Download syslinux from http://www.kernel.org/pub/linux/utils/boot/syslinux/

Step 1. Create a directory called "CD_root". This is the ISO image master file tree --> Copy all files you want to have on the CD into this directory Step 2. Create a directory called "isolinux" underneath the directory "CD_root" --> Copy "core/isolinux.bin" from the Syslinux archive --> Create isolinux.cfg file Example:: display boot.txt prompt 1 default 1 # Boot other devices label a localboot 0x00 label b localboot 0x80 label c localboot -1 # PC-DOS label 1
Page 14 of 47

kernel /kernel/memdisk append initrd=/images/tools.imz # Dariks Boot and Nuke label 2 kernel /kernel/memdisk append initrd=/images/bootnuke.imz # MemTest label 3 kernel /kernel/memtp170 ******************************************** boot.txt: 09a07 - Boot A: 09b07 - Boot first HDD 09c07 - Boot next device 09107 - 0fPC-DOS07 09207 - Darik's Boot and Nuke 09307 - memtest86 Step 3. Copy any images you want to boot into isolinux folder Step 4. Copy "memdisk/memdisk" from the Syslinux archive into isolinux folder Use the following command to create your ISO image: mkisofs -o output.iso -b isolinux.bin -c boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table CD_root The file boot.cat will be automatically created. isolinux folder. create isolinux folder. The folder contents following things. i)initrd.img ii)isolinux.bin iii)isolinux.cfg iv)linux (Kernel) v)boot.cat and I have created a iso file -- mkisofs -o /tmp/DDLJ.iso -b isolinux.bin -c boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table /root/isolinux and burn the DDLJ.iso to cd. it is bootable. ******************************************************************** Normal iso file: type "mkisofs -o /tmp/cd.iso /tmp/directory/" To make an ISO from files on your hard drive. ******************************************************************** GENERAL:Isolinux is CD boot loader with a posibilities like: booting floppy images (using MEMDISK), booting CD boot sectors, booting linux kernels and passing parameters to kernels/initrd if needed.
Page 15 of 47

Legend: blue text - predefined names or command names and cannot be changed by user red text - user defined names Isolinux files: isolinux.bin - boot loader for no-emulation boot memdisk - this file is used to load floppy and HDD images isolinux.cfg - configuration file *.txt / *.msg - text files with some commands. This files are used for making boot messages - splash screens *.lss - Isolinux graphic splash screen isolinux.binThis file is loader himself. If you are making bootable CD that uses Isolinux for booting, then point your CD-burning software to this file when it ask for boot sector. MemdiskThis file is loader for floppy and HDD images. Memdisk is called by isolinux.bin according to options specified in isolinux.cfg. For a floppy image, the size of the image should be exactly one of the following: 1,228,800 bytes - For a 1200K floppy image 1,474,560 bytes - For a 1440K floppy image 2,949,120 bytes - For a 2880K floppy image Any other size is assumed to be a hard disk image. See isolinux.cfg for more details on using memdisk. isolinux.cfgThis is configuration file for isolinux. It is a plain text file and can be edited in any text editor. Options in isolinux.cfg DON'T have a particular order. Isolinux.cfg can be in DOS or Linux text format. Items/commands in isolinux.cfg: # - comment, use this at the begining of line to insert comments DEFAULT {label name or kernel options} - specifies what will be booted after boot timeout or if user just hits ENTER without specifiing boot options. example: DEFAULT myDOS - this will work just like you have typed myDOS at boot prompt, that means - it will boot anything that is specified in label myDOS (see label item) DEFAULT kernel bootsec.bin - this will boot bootsec.bin (for example WindowsXP installation CD boot sector) LABEL {label name} - This is a section that explains boot options for {label name}. example 1: LABEL myDOS kernel memdisk append initrd=DOS.IMGThis means: if user types myDOS at boot prompt
Page 16 of 47

then use memdisk (as kernel) to load DOS.IMG (floppy image file). example 2: LABEL oldbootcd kernel bootsec.bin This means: if user types oldbootcd at boot prompt then load CD boot sector as kernel (this can be used if you integrate more bootable CDs to your multiboot CD or to load any other no-emulation boot sector). With this method you can load BCDW, BScriptor or CDShell from Isolinux ( see Links section ). example 3: LABEL linux kernel vmlinuz append max_loop=255 initrd=initrd.gz init=linuxrc livecd_subdir=/ ... This means: if user types linux at boot prompt then load linux kernel and pass parameters from append section to linux kernel (used for live linux CDs). example 4: LABEL hdd localboot 0x80This means: if user types hdd at boot prompt then boot from first partition of first HDD. Valid parameters for localboot are: 0x80 - first partition of first HDD (C: in DOS) 0x81 - 2nd partition of first HDD (D: in DOS) 0x00 - first floppy drive (A: in DOS) ....etc -1 - tell BIOS to boot from next device listed in BIOS example 5 :LABEL somethig kernel memdisk append myFolder/myDisk.imgThis is example how you can use folders. In this example isolinux will search for myDisk.img in subfolder of folder that containsisolinux.cfg (in most cases this is /Isolinux folder). If isolinux.cfg is in folder /Isolinux, then myDisk.img should be in/Isolinux/myFolder. example 6:LABEL something kernel /vmlinuz append max_loop=255 initrd=/initrd.gz init=linuxrc livecd_subdir=/ ...This one will search for vmlinuz in a parent folder of folder that contains isolinux.cfg. It will also search for initrd.gz in parent folder ( "/" before vmlinuz and before initrd.gz). If isolinux.cfg folder is /Isolinux then files will be searched in root folder of the CD. example 7:LABEL something kernel /livelin/vmlinuz append max_loop=255 initrd=/livelin/initrd.gz init=linuxrc livecd_subdir=/ ...This one will search for vmlinuz and initrd.gz in following way: go to the parent folder of folder containing isolinux.cfg (in most cases this if /Isolinux folder), now go to the subfolder livelin and find files there. Kernel file and initrd file don't need to be in the same folder. TIMEOUT x - set timeout in 1/10 sec. If user don't type anything at boot
Page 17 of 47

prompt in time set by TIMEOUT, then DEFAULT orONTIMEOUT will be executed ( see ONTIMEOUT for details). ONTIMEOUT {label name or kernel options} - same as DEFAULT. If ONTIMEOUT option is set, then DEFAULT is used just if user hits ENTER without options at boot prompt. DISPLAY filename - display text (splash screen) specified with filename before boot prompt (at isolinux start). Splash screen is text file that can contain some commands. Extension of splash screen files can be ANY (.txt .msg .xyz...) except of: .0 .bin .bs .bss .c32 .cbt .com .img F1 filename - display text (same kind of text files as for DISPLAY) if user press F1. Same for F2 F3 ... F9 F0. SAY message - print the message on the screen PROMPT x - If x is 0, display the boot prompt only if the Shift or Alt key is pressed, or Caps Lock or Scroll lock is set (this is the default). If x is 1, always display the boot prompt. My advice: - use PROMPT 1. Notes: -command names are case insensitive, but label names are case sensitive. -isolinux.bin will search for isolinux.cfg file in following folders on CD: / (root of CD), /boot, /isolinux Example of isolinux.cfg: # default to boot from hard drive default 0 # let the user know the basic options display WELCOME.TXT prompt 1 # various options are available for booting # hd label 0 localboot 0x80 # floppy label a localboot 0x00 # cancel and try next boot device label q localboot -1 # MY BOOT
Page 18 of 47

label mydos kernel memdisk append initrd=BOBBY71p.IMG # MY BOOT2 label mydos2 kernel memdisk append initrd=BOBBY71s.IMG # part image label 11 kernel partimg/vmlinuz append initrd=partimg/initrd.img load_ramdisk=1 prompt_ramdisk=0 rw root=/dev/ram # movix vesa label VE kernel kernel/vmlinuz append initrd=initrd.gz load_ramdisk=1 prompt_ramdisk=0 ramdisk_size=62000 rw root=/dev/ram0 LABEL=vesa video=vesa:off timeout 200 F1 DOS.TXT F2 MOVIX2.txt F3 UTIL.TXT F4 LINUX.TXT F5 MX2HELP.TXT F6 TRBLST.TXT F7 MPHELP.TXT F8 PARTIMG.TXT F9 WELCOME.TXT F0 WELCOME.TXT Grub bootable CD cd /home mkdir -p iso/boot/grub cp /boot/grub/grub.conf /home/iso/boot/grub cp /boot/grub/stage* /home/iso/boot/grub cp /boot/grub/iso9660_stage1_5 /home/iso/boot/grub mkisofs -R -b boot/grub/iso9660_stage1_5 -no-emul-boot \ -boot-load-size 4 -boot-info-table -o grub.iso iso PPTP Server Installation in CentOS 5 Step 1. Run the command below to test if your kernel supports MPPE and you should get a return an ok: modprobe ppp-compress-18 && echo ok
Page 19 of 47

Step 2. Download the RPM file pptpd-1.3.4-1.rhel5.1.i386.rpm from: yum install pptpd -y or http://poptop.sourceforge.net/yum/stable/packages/

Step 3. Install the RPM by running this command: rpm -ivh pptpd-1.3.4-1.rhel5.1.i386.rpm Step 4. Change the following file /etc/ppp/options.pptpd as below: name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 proxyarp lock nobsdcomp novj novjccomp nologfd Step 5. Change the following file /etc/pptpd.conf as below: option /etc/ppp/options.pptpd logwtmp localip 192.168.2.1 remoteip 192.168.2.11-15 Step 6. Add the following username (johndie) and password (passwrd) in /etc/ppp/chap-secrets as below: # Secrets for authentication using CHAP # client server secret IP addresses johndoe pptpd passwrd * Step 7. Run the following command to enable the pptpd to start automatically in runlevel 3 and 5 as below: chkconfig --level 35 pptpd on Step 8. Now, you can start the pptpd service as below: service pptpd start
Page 20 of 47

Step 9. For pptpd to work, the packet forwarding must be enabled. Edit /etc/sysctl.conf and change the line to below: net.ipv4.ip_forward = 1 Step 10. To enable it immediately, run the following command below: sysctl -p

rsync configuration Make sure xinetd and rsync is available, if not type # yum -y install rsync xinetd Add xinetd service to system # chkconfig --add xinetd Make sure xinetd running on init 3 and 5 # chkconfig --list xinetd

Enable rsync # vi /etc/xinetd.d/rsync Change disable = yes into disable = no Create username and password for rsync client to use # vi /etc/rsyncd.secrets adminname:hispassword Create configuration and shares for rsync daemon # vi /etc/rsyncd.conf max connections = 2 log file = /var/log/rsync.log timeout = 300 [shares] comment = shared data stored here path = /home/adminname/shares read only = false # chg to true if you want read only list = yes uid = adminname gid = adminname auth users = adminname secrets file = /etc/rsyncd.secrets hosts allow = 10.10.105.0/24 Secure /etc/rsyncd.*
Page 21 of 47

# chown root.root /etc/rsyncd.* # chmod 600 /etc/rsyncd.* Make sure rsync now running # chkconfig --list Perhaps you also want to enable port 873 tcp and udp on your firewall so other can connect to your server --++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--+ +--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--+ + rsync command common options --delete : delete files that don't exist on sender (system) -v : Verbose (try -vv for more detailed information) -e "ssh options" : specify the ssh as remote shell -a : archive mode -r : recurse into directories -z : compress file data Task : Copy file from a local computer to a remote server Copy file from /www/backup.tar.gz to a remote server called openbsd.nixcraft.in $ rsync -v -e ssh /www/backup.tar.gz jerry@openbsd.nixcraft.in:/home/jerry

Task : Copy file from a remote server to a local computer Copy file /home/jerry/webroot.txt from a remote server openbsd.nixcraft.in to a local computer /tmp directory: $ rsync -v -e ssh jerry@openbsd.nixcraft.in:~/webroot.txt /tmp Task : Synchronize a local directory with a remote directory $ rsync -r -a -v -e "ssh -l jerry" --delete openbsd.nixcraft.in:/webroot/ /local/webroot Task : Synchronize a remote directory with a local directory $ rsync -r -a -v -e "ssh -l jerry" --delete /local/webroot openbsd.nixcraft.in:/webroot Task : Synchronize a local directory with a remote rsync server $ rsync -r -a -v --delete rsync://rsync.nixcraft.in/cvs /home/cvs Task : Mirror a directory between my "old" and "new" web server/ftp You can mirror a directory between my "old" (my.old.server.com) and "new" web server with the command (assuming that ssh keys are set for password less authentication) $ rsync -zavrR --delete --links --rsh="ssh -l vivek" my.old.server.com:/home/lighttpd /home/lighttpd Squid Web Proxy Domain Blacklists
Page 22 of 47

Whether you're a system administrator for a large site or simply a parent running a home network, there may come a time where access to certain domains should be controlled or blocked, this can be easily accomplished by introducing a domain blacklist. A blacklist is just a file containing all of the domain names that are considered inappropriate for the internal users to access, and Squid is configured to check each request made to ensure it is not within the blacklist.

There are several sites around the Internet that have updated blacklists available for you to download and use, these lists normally contain thousands of entries. Below are the details on how to create your own blacklist. Each entry located in the "bad_domains" file should be listed on a separate line. It is also important that only root and squid users have access to the list, otherwise users may change the contents.

After the blacklist has been created, populated and secured, ensure that you place the appropriate "BAD_DOMAINS" access control policy in the configuration file. [bash]# vi /etc/squid/bad_domains xxx breast .sex.com .nasty.com .naughty.com .noclothes.com [bash]# chown root.squid /etc/squid/bad_domains [bash]# chmod 640 /etc/squid/bad_domains

[bash]# vi /etc/squid/squid.conf acl BAD_DOMAINS dstdom_regex -i "/etc/squid/bad_domains" http_access deny BAD_DOMAINS

Page 23 of 47

AUTHENTICATING USERS Further security can be maintained over your Internet access by firstly authenticating valid users before their access is granted. Squid can be told to check for valid users by looking up their username and password details in a common text file. The password values located inside the valid user list are subject to a hashing function, so they can not be compromised by someone reading the file "over your shoulder" (social engineering). The password file can be created using the following commands. [bash]# touch /etc/squid/passwd [bash]# chown root.squid /etc/squid/passwd [bash]# chmod 640 /etc/squid/passwd [bash]# htpasswd /etc/squid/passwd username [bash]# vi /etc/squid/squid.conf acl INTERNAL src 192.168.1.0/24 acl AUTHUSERS proxy_auth REQUIRED http_access allow INTERNAL AUTHUSERS

auth_param auth_param auth_param auth_param auth_param

basic basic basic basic basic

program /usr/lib/squid/ncsa_auth /etc/squid/passwd children 5 realm Squid - Home Proxy Server credentialsttl 2 hours casesensitive off

CONFIGURING A TRANSPARENT PROXY

Now that you have successfully configured your Squid proxy server, you will need to configure all of your workstations on your internal network to be able to use it; this may seem like a lengthy task depending on how big your internal network is. It also means that you will need to manually configure all of your applications that connect to remote web servers for information / data exchange, this includes all web browsers, virus update applications and other such utilities. Hmm, this could take a while. One great feature of Squid is that is can be used as a HTTPD accelerator, and when configured in conjunction with an iptables redirect rule, it will become transparent to your network. Why? because we will no longer need to setup
Page 24 of 47

all of our applications on our workstations to use the proxy, now we can redirect all HTTP requests as they come through our firewall to use our transparent proxy instead; easier administration. An important point before proceeding, transparent proxies CAN NOT be used for HTTPS connections over SSL (Port 443). This would break the server to client SSL connection dependant upon your security and confidentiality of the protocol, it could also allow a "man in the middle" attack because of captured (proxied) packets. To continue, make the following changes to your Squid configuration file.

[bash]# vi /etc/squid/squid.conf httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on

The following rule is written for our firewall script as detailed in Chapter 6. The rule directs all packets from the internal LAN address to the proxy server's active "http_port" address (default is 3128). Once the proxy server has the packet it will be processed and returned to the client as normal, the client won't even know.

[bash]# vi /root/firewall.sh # Redirect all WWW (port 80) OUTBOUNT packets to the Squid Server on port 3128 iptables -t nat -A PREROUTING -i $INT_DEV -s $INT_NET -p tcp --dport 80 -j REDIRECT --to-port 3128

[bash]# /root/firewall.sh Once the Squid configuration has been adjusted, it needs to be reloaded before it will be available. [bash]# /etc/init.d/squid reload To test if the transparent proxy is functioning correctly, type the following command at a command prompt and watch for any clients using the
Page 25 of 47

Internet; you should see Squid access requests being logged to the screen. [bash]# tail -f /var/log/squid/access.log Steps of boot process Step 1. BIOS ->Do POST ->power on self test and Check boot priority, Step 2. MBR ->I stage boot loader,partition table, o/s signature Step 3. /etc/grub/grub.conf ->root (hd0,0) kernel /vmlinuz...... ro root=LABEL=/ initrd /initrd.....img Step 4. /etc/inittab ->/etc/rc.d/rc.sysinit ->Set hostname ->Set clock ->Enable selinux,quota ->check filesystem ->Enable root in rw mode Step 5. /etc/inittab ->runlevel Step 6. /etc/rc.d/rc ->whenever runlevel changes Step 7. /etc/rc.d/rc.local ->last script executed in boot process

Problem -> MBR CORRUPTED Corrupt -> dd if=/dev/zero of=/dev/sda bs=446 count=1 Error -> Stops at boot from for long time Recovery -> Put first cd and reboot thn press linux rescue chroot /mnt/sysimage grub-install /dev/sda

Problem -> grub.conf file missing OR wrong entries in grub.conf Corrupt -> mv /boot/grub/grub.conf /root Error -> drops you to grub prompt Recovery -> root (hd0,0) kernel /vmlinuz...... ro root=LABEL=/ initrd /initrd.....img

Problem -> /vmlinuz or /initrd file missing from /boot dir. Corrupt -> rm -rf /boot/vmlinuz....... rm -rf /boot/initrd....... Error -> file not found Recovery -> Put first cd and reboot thn press linux rescue chroot /mnt/sysimage
Page 26 of 47

cat /proc/sys/dev/cdrom/info ->check cdroms identity mount /dev/hdb /media cd /media/Server rpm --ivh --force kernel.................

Problem -> /etc/rc.d/rc.sysinit OR /etc/inittab file missing Corrupt -> rm -rf /etc/rc.d/rc.sysinit OR /etc/inittab Error -> cannot that execute /etc/rc.d/rc.sysinit OR No process left Recovery -> Put first cd and reboot thn press linux rescue chroot /mnt/sysimage cat /proc/sys/dev/cdrom/info ->check cdroms identity mount /dev/hdb /media cd /media/Server rpm --ivh --force initscripts-8.45

Problem -> Wrong entry of runlevel 0 or 6 Corrupt -> vim /etc/inittab and edit runlevel to 0 OR 6 Error -> continously reboots Recovery -> Reboot machine and go to single user mode and edit vim /etc/initab file and change runlevel to 3 or 5. and press init q for changes.

Problem -> Wrong entries in the /etc/fstab Corrupt -> vim /etc/fstab make some changes in the labels Error -> Drops you to emergencey mode Recovery -> First provide roots passwd mount -o remount,rw / vim /etc/fstab ->and correct the labels If you dotn know label e2label /dev/sda1 keep checking for correct label e2label /dev/sda2 NETWORK CONFIGURATION 1.eth0 ->first physical NIC card 2.eth1 ->second physical NIC card eth0:0 eth0:1 ->Use this to assign virtual ip

To assign Multiple IP:Page 27 of 47

Step 1.To set multiple Ip temporarily ifconfig eth0:0 192.168.0.11 ifconfig eth0:1 192.168.0.12 (Temp till service network restart) Step 2.To set multiple Ip permanently system-config-network-tui (Create New device and name as eth0:0) Step 3. To set ip using tool in GUI system-config-network-tui Step 4.dhclient ->reads the ip address from dhcp server Step 5.ifdown eth0 ->disable the card ifup eth0 ->enable the card Step 6.To check physical status of nic card ethtool eth0 (if yes link is present)

To change speed or duplex ethtool -s eth0 autoneg off (before changing speed or duplex autoneg shuld b off ethtool -s eth0 speed 10 ethtool -s eth0 duplex half VIRTULIZATION Step 1. yum groupinstall Virtualization Step 2. vim /boot/grub/grub.conf default=0 (boot wih xen kernel) Step 3.Create a partition of 10-20G Step 4.Reboot Step 5.virt-manager (Tool to create guest o/s)

xm xm xm xm xm

create <domain> ->create domain shutdown <domain> ->shutdown domain reboot <domain> ->reboot domain save <domain> <file> ->take snapshot domain restore <file> ->restore domain

cat /etc/xen/<domain> ->config file of the guest machine LVM (LOGICAL VOLUME MANAGER) TO CREATE LVM Step 1.fdisk /dev/sda ->create 3 partitions + label to 8e
Page 28 of 47

Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step

2.partprobe 3.fdisk -l 4.pvcreate /dev/sda8 /dev/sda9 5.pvdisplay /dev/sda8 6.pvdisplay /dev/sda9 7.vgcreate vg0 /dev/sda8 /dev/sda9 8.vgdisplay 9.lvcreate -L +200M -n /dev/vg0/home1 10.lvdisplay /dev/vg0/home1 11.lvcreate -L +300M -n /dev/vg0/var1 12.lvdisplay /dev/vg0/var1 13.mkfs.ext3 /dev/vg0/var1 14 mkfs.ext3 /dev/vg0/home1 15.mkdir /home1 16.mkdir /var1 17.mount /dev/vg0/home1 /home1 18.mount /dev/vg0/var1 /var1 19.cp /etc/a* /home1 20.cp /etc/b* /var1 21.vim /etc/fstab 22.mount -a

TO EXTEND LVM Step 1.lvdisplay /dev/vg0/home1 Step 2.lvextend -L +200M /dev/vg0/home1 Step 3.ls /home1 Step 4.resize2fs /dev/vg0/home1 Step 5.ls /home1

TO REDUCE LVM Step 1. lvdisplay Step 2. umount /var1 Step 3. e2fsck -f /dev/vg0/var1 Step 4. resize2fs /dev/vg0/var1 100M Step 5. lvreduce -L -100M -n /dev/vg0/var1 Step 6. mount /dev/vg0/var1 /var1 Step 7. df -h

Page 29 of 47

LVM SNAPSHOT Step 1. lvcreate -L 200M -s -n lv2 /dev/llc/lv1

TO EXTEND PV Step 1.pvcreate /dev/sda10 Step 2.pvdisplay

TO EXTEND VG Step 1.vgextend vg0 /dev/sda10 Step 2.vgdisplay vg0

TO REDUCE VG Step 1.vgreduce vg0 /dev/sda10 Step 2.vgdisplay

TO REDUCE PV Step 1.pvremove /dev/sda10 Step 2.pvdisplay

REMOVE LVM Step 1.lvdisplay Step 2.umount /dev/vg0/home1 Step 3.umount /dev/vg0/var1 Step 4.vim /etc/fstab Step 5.lvremove /dev/vg0/home1 Step 6.lvremove /dev/vg0/var1 Step 7.lvdisplay

REMOVE VG Step 1.vgdisplay Step 2.vgremove /dev/vg0 Step 3.vgdisplay

REMOVE PV Step 1.pvdisplay

Page 30 of 47

Step 2.pvremove /dev/sda9 Step 3.pvremove /dev/sda8 RAID 1. raid 0 ->stripping 2. raid 1 ->mirroring 3. raid 2 onwards ->parity check

TO CREATE RAID Step 1. fdisk /dev/sda ->create 3 partitons and label as fd Step 2. partprobe Step 3. fdisk -l Step 4. mdadm -C /dev/md0 -n 2 -l 1 /dev/sda8 /dev/sda9 ->create raid device where n ->num of device l ->raid level Step 5. cat /proc/mdstat ->status of raid device Step 6. mkfs.ext3 /dev/md0 ->format raid Step 7. mkdir /raid Step 8. mount /dev/md0 /raid ->mount raid Step 9. cp /etc/* /raid ->put some contents to raid dir Step 10.ls /raid/ Step 11.mount Step 12.df -h Step 13.vim /etc/fstab ->mount raid permanently /dev/md0 /raid ext3 defaults 1 2 (Add this line to /etc/fstab) Step 14.mount -a

TO VERIFY RAID Step 1. cat /proc/mdstat -->status of raid device Step 2. umount /raid Step 3. mdadm --stop /dev/md0 -->stop raid device Step 4. umount /raid Step 5. cat /proc/mdstat Step 6. mkdir /test1 -->create dir for mounting raid partitions Step 7. mkdir /test2 Step 8. mount /dev/sda8 /test1 --> mount partiton on dir Step 9. mount /dev/sda9 /test2 Step 10.ls /test1 Step 11.ls /test2 Step 12.umount /test1 -->umount the partitions Step 13.umount /test2
Page 31 of 47

Step 14.mdadm --assemble /dev/md0 /dev/sda8 /dev/sda9 -->assemble partitions Step 15.cat /proc/mdstat Step 16.mount /dev/md0 /raid --> mount back the raid Step 17.cat /proc/mdstat TO RECOVER A FAILED PARTITION Step 1. cat /proc/mdstat Step 2. mdadm --fail /dev/md0 /dev/sda8 //Fail a partition Step 3. cat /proc/mdstat Step 4. mdadm --add /dev/md0 /dev/sda10 //Add a partition Step 5. mdadm --remove /dev/md0 /dev/sda8 //Remove faulty partition Step 6. cat /proc/mdstat

FIELDS OF /ETC/FSTAB Step 1.partition or label of partition Step 2.Directory to mount the partition Step 3.file system type Step 4.Defaults (rw,ro,acl,quota) Step 5.Dump (backup) 1->Take backup 0->dont take backup Step 6.File system check 1->first priority 2 ->second priority 0->Dont check file system

a>. TO TAKE BACK UP OF PARTITION USING DUMP COMMAND Step 1.dump -0uf 123 /boot ->Take backup of /boot in 123 file Step 2.du -h /boot/ ->check space of /boot and 123 Step 3.du -h 123 Step 4.mkdir /boot/extra ->add some more contents to /boot dir Step 5.cp /etc/* /boot/extra Step 6.du -h /boot/extra/ Step 7.dump -1uf 456 /boot ->Again take backup of only newly added contents Step 8.du -h 456 Step 9.du -h /boot/extra/

TO RESTORE BACK Step 1.cd abc ->go to dir where you want to restore Step 2.restore -rf /456 ->where /456 is place where we took backup
Page 32 of 47

b>. TO TAKE BACK UP USING TAR COMMAND Step 1.tar -cvf backup file1 file2 file3 ->c-create v-verbose f-file,take backup of file1 to file3 in backup file Step 2.tar -tvf backup ->t-list num of files backed up Step 3.tar -xvf backup ->x-extract files backed up in pwd. Step 4.tar -rvf backup file4 file5 ->r-append more files to backed up file Step 5.tar -xvf backup -C /var ->Extract files inside /var dir

To uncompress and extract a file gzip file Step 1.gzip backup ->compress the file Step 2.tar zxvf backup ->uncompress + extract the file

To uncompress and extract a file bzip2 file Step 1.bzip2 backup ->compress the file Step 2.tar jxvf backup ->uncompress + extract the file QUOTAS limits on linux QUOTAS To set up quota Step 1.vim /etc/fstab LABEL=/home /home ext3 defaults,usrquota 12 Step 2.mount -a Step 3.mount Step 4.mount -o remount /home Step 5.mount Step 6.ls /home Step 7.quotacheck -cufmg /home Step 8.ls /home Step 9.quotaon /home

Setting Quota for users(Blocks) a> To Set quota for user limiting his block size (BLOCKS) Set 80 as soft (min), and 120 as hard (max) blocks=56 soft =blocks + soft(min) ex: 56 + 80 hard =blocks + hard(min) ex: 56 + 120

Page 33 of 47

Step 1.edquota -u suma (edit the blocks of file as given below) Filesystem blocks soft hard inodes soft hard /dev/sda7 56 136 176 7 10 12 Step 2.su - suma $> dd if=/dev/zero of=/home/suma/xyz bs=1024 count=80 //Warn $> dd if=/dev/zero of=/home/suma/xyz bs=1024 count=120 //Stop $> ctrl d Step 3.repquota -t /home

Setting Quota for users(Inodes) b> To Set quota for user limiting his num of files (INODES) Set 10 as soft (min),and 12 as hard (max) Step 1.edquota -u raju (edit the inodes of file as given below) Filesystem blocks soft hard inodes soft hard /dev/sda7 56 0 0 7 10 12

Step 2.su - raju $> touch 1 2 3 $> ls -a |wc -l //Warns $> touch 4 5 $> ls -a |wc -l //Stop $> ctrl d Step 3.repquota -t /home NFS CLIENT showmount -e 192.168.0.38 -->shows dir shared by remote/server 1. TEMPORARY MOUNTING mount 192.168.0.38:/songs /media cd /media/ ls mount cd umount /media

2. PERMANENT MOUNTING vim /etc/fstab 192.168.0.38:/songs /media mount -a mount

nfs

defaults

12

Page 34 of 47

3. AUTOMOUNTING a> DIRECT MAPPING #authconfig-tui Select NIS and add the domain name. Step 1. vim /etc/auto.master /media /etc/auto.media Step 2. vim /etc/auto.media abc -fstype=nfs 192.168.0.37:/share (Put this line in above file Step 3. service autofs restart Step 4. cd /misc Step 5. ls Cant see the dir Step 6. cd abc when u directly get into tht dir abc gets created Step 7. ls can see contents of /share dir Step 8. mount can see /misc/abc is mounted If ur no more using the dir After 600 sec it automatically umounts. b> INDIRECT MAPPING Step 1. vim /etc/auto.master //etc/auto.direct (put ths line in above file) Step 2. vim /etc/auto.direct /456 -fstype=nfs 192.168.0.37:/share (put this line in above file) Step 3. service autofs restart Step 4. ls / Step 5. ls /456 Step 6. mount CREATE A PARTITION CREATE A PARTITION Step 1.fdisk -l ->identify harddisk identity Step 2.fdisk /dev/sda ->open to create partition m display help n add a new partition ->first give enter, then +500M OR 1G d delete a partition l list known partition types p print the partition table q quit without saving changes t change a partition's system id w write table to disk and exit

Step 3.partprobe partition Step 4.mkfs /dev/sda8 Step 5.mkdir /songs Step 6.mount /dev/sda8 /songs

->update kernel about newly created ->format partition using default(ext2) ->create a dir to mount the partition ->mount partiton on dir (temporary)
Page 35 of 47

Step 7.cd /songs ->once mounted you can get into dir Step 8.touch aaa bbbb ccc ddd ->create files under tht dir Step 9.vim /etc/fstab (without label) /dev/sda8 /songs ext2 defaults 12 Step 10.mount -a --> To check syntax of fstab Step 11.e2label /dev/sda8 ->check label of sda8 partition Step 12.e2label /dev/sda8 songs ->set label of sda8 partition Step 13.vim /etc/fstab (entries with label) LABEL=/songs /songs ext2 defaults 12 Step 14.mount -a COMMANDS SHOWING INFO ABT HARDDISK Step 1.mount ->shows dir where partitions are mounted + filesystype Step 2.df -h ->shows use of partition Step 3.fdisk -l ->shows cylinders,id,partition Step 4.blkid ->shows filesystem type and some more info Step 5.dumpe2fs /dev/sdaX ->shows detailed info abt a partition where X is a partition number TO CONVERT EXT2 TO EXT3 Step 1.blkid /dev/sda8 Step 2.tune2fs -j /dev/sda8 Step 3.blkid /dev/sda8

->add journal to ext2

TO CONVERT EXT3 TO EXT2 Step 1.umount /dev/sda8 Step 2.tune2fs -O ^has_journal /dev/sda8 ->remove journal Step 3.mount /dev/sda8 /songs/ Step 4.blkid /dev/sda8 EXT3 =ext2 + journal journal =When file system is checked using e2fsck program, instead of checking entire file system checks only for latest files/dir been added aftr the last e2fsck check. TO CREATE SWAP a> Using Partiton Step 1.fdisk /dev/sda Step 2.partprobe partition Step 3.mkswap /dev/sda9 Step 4.free -m Step 5.swapon /dev/sda9 Step 6.free -m

->create a partition and label as 82 ->update kernel about newly created ->create swap on /dev/sda9 ->size of swap ->enable swap ->size of swap
Page 36 of 47

Step 7.swapoff /dev/sda9 ->disable swap Step 8.free -m ->check size of swap b> Using a Big file created by dd command Step 1. dd if=/dev/zero of=/var/swapfile bs=1 count=1G if ->input file of->output file bs->blocksize Step 2. df -h /var Step 3. free -m Step 4. mkswap /var/swapfile Step 5. swapon /var/swapfile Step 6. free m Step 7. vim /etc/fstab SELINUX DAC =Discretionary access control MAC =Mandatory access control DAC ->chmod,acl,sudo,visudo MAC ->selinux 3 states of selinux 1. ENABLED = DAC + MAC both are implemented 2. PERMISSIVE = DAC + warning messages of MAC 3. DISABLED = ONLY DAC

TO show status of selinux 1. cat /etc/selinux/conf 2. sestatus 3. getenforce TO Change status of selinux from or to permissive/enabled 1. setenforce 0 ->set to permissive from enforcing 2. setenforce 1 ->set to enforcing from permissive TO Change status of selinux from or to disabled/enabled 1. vim /etc/sysconfig/selinux OR 2. system-config-selinux Once u change from disable-enable or enable-disable you haf to reboot for changes To enable/disable booleans for services Page 37 of 47

1. getsebool -a |grep <service> ->show status of service 2. setsebool -P <service> <on/off> ->Change status of service To check status of selinux on files 1. ls -Z <file> ->show sestatus for files To change context of selinux on files 1. chcon -t <policy> <file> OR 2. chcon -R --reference <srcfile> <dstfile> To restore context/policy to originals 1. restorecon <srcfile> Log Messages of selinux are stored in 1. tailf /var/log/audit/audit.log ->>text mode 2. sealert -b /var/log/audit/audit.log ->>gui mode Pakage management TO SET A REPOSITORY A> SERVER SETUP 1. mount 192.168.0.154:/var/ftp/pub/RHEL5.1 /media 2. cd /media/Server 3. rpm -ivh createrepo............... 4. rpm -ivh vsftpd.................. 5. cd .. 6. cp -vrf /media/* /var/ftp/pub/ 7. cd /var/ftp/pub 8. createrepo -v Server 9. createrepo -v Cluster 10. createrepo -v ClusterStorage 11. createrepo -v VT B> vim /etc/yum.repos.d/server.repo [Server] name=RHEL 5 Server baseurl=file:///var/ftp/pub/Server enable=1 gpgcheck=0
Page 38 of 47

C> yum clean all CLIENT SETUP [Server] name=RHEL 5 Server baseurl=ftp://192.168.0.154/pub/RHEL5.1/Server enable=1 gpgcheck=0

YELLOWDOG UPDATE MANAGER yum install <pkg> -->installs package yum remove <pkg> -->remove package yum list <pkg> -->status of package yum clean all -->Flush the cache yum list all -->List all packages in server yum list available -->List all packages installed

RPM COMMANDS Zenity -2.16.0 -2.el5 .i386 .rpm syntax of rpm --> basename-versionnum-release.architecture.rpm 1.TO INSTALL rpm -ivh <pkgname> -->Install a package rpm -Uvh <pkgname> ->upgrade package even if older version dont exist rpm -Fvh <pkgname> -->upgrade a packg ONLY if older version exist rpm -ivh --force coreutils-5.97-12.1.el5.i386.rpm ((--force is used when the package is not corrupted but files or commands produced by that package is corrupted))

2.TO DELETE rpm -e <basename> -->To erase a package 3.TO QUERY installed packages rpm -q <basename> -->status of package
Page 39 of 47

rpm -qi rpm -qd rpm -qc created rpm -ql rpm -qf this

<basename> <basename> <basename> <basename> <command>

-->Query for info about package ->List of documents created by package ->List of configuration files by package -->List of files created by package -->show package which produced command.

4. TO QUERY UN-Installed packages use -p along with any options + Give full package num instead of base name.

~ GROUP REPOSITORY

1.mount /dev/cdrom /media 2.cd /media 3.cp Server/repodata/comps-rhel5-server-core.xml /var/ftp/pub/Server/ 4.cp VT/repodata/comps-rhel5-vt.xml

repodata/

/var/ftp/pub/VT/repodata/

5.cp Cluster/repodata/comps-rhel5-cluster.xml /var/ftp/pub/Cluster/ repodata/ 6.cp ClusterStorage/repodata/comps-rhel5-cluster-st.xml /var/ftp/pub/ClusterStorage/repodata/ 7.cd 8.createrepo -g /media/Server/repodata/comps-rhel5-server-core.xml /var/ftp/pub/Server 9.createrepo -g /media/Cluster/repodata/comps-rhel5-cluster.xml /var/ftp/pub/Cluster 10.createrepo -g /media/ClusterStorage/repodata/comps-rhel5-clusterst.xml /var/ftp/pub/ClusterStorage/ 11.createrepo -g /media/VT/repodata/comps-rhel5-vt.xml /var/ftp/pub/VT/
Page 40 of 47

12.vim /etc/yum.repos.d/server.repo //Add entries to the file YUM GROUP RELATED COMMANDS 13.yum clean all 14.yum grouplist all 15.yum groupremove GNOME Desktop Environment 16.yum grouplist all 17.yum groupinstall Virtualization boot process Steps of boot process Step 1. BIOS ->Do POST ->power on self test and Check boot priority, Step 2. MBR ->I stage boot loader,partition table, o/s signature Step 3. /etc/grub/grub.conf ->root (hd0,0) kernel /vmlinuz...... ro root=LABEL=/ initrd /initrd.....img Step 4. /etc/inittab ->/etc/rc.d/rc.sysinit ->Set hostname ->Set clock ->Enable selinux,quota ->check filesystem ->Enable root in rw mode Step 5. /etc/inittab ->runlevel ->/etc/rc.d/rcx.d (where x is num) Step 6. /etc/rc.d/rc ->whenever runlevel changes Step 7. /etc/rc.d/rc.local ->last script executed in boot process

GRUB FEATURES: Step 1. Grand unified boot loader Step 2. Grub indentifies upto 15 file systems Step 3. Grub has a pre-os enviornment use commands to load o/s Step 4. Grub supports LBA(Logical block addressing) GRUB COMMANDS Step 1. root (hd0,0) ->mount the boot partition Step 2. find /etc/fstab ->find the partition which contains label of / Step 3. cat (hd0,4)/etc/fstab -> TO check label of root OR Step 4. find /etc/fstab ->find the partition which contains label of / Step 5. root (hd0,4) ->Mount the route partiton Step 6. cat / + press tab ->shows contents of mounted partition Step 7. cat /etc/fstab ->open the file to see file contents Step 8. kernel /vmlinuz........ ro root=LABEL=/ ->Loads the kernel
Page 41 of 47

Step 9. initrd /initrd...img Step 10. boot

->provides initital ram disk -> Helps to boot the o/s

TO EXTRACT THE INITRD Step 1. mkdir initrd Step 2. cp /boot/initrd-2.6.18-53.el5.img initrd/ Step 3. cd initrd/ Step 4. ls Step 5. file initrd-2.6.18-53.el5.img Step 6. mv initrd-2.6.18-53.el5.img initrd.gz Step 7. ls Step 8. gunzip initrd.gz Step 9. ls Step 10.file initrd Step 11.cpio -ivd < initrd TO SET GRUB PASSWORD Step 1.grub-md5-crypt ->generate the password Step 2.vim /etc/grub.conf ->open file (write below line in this file) password --md5 <generated password> (write below hidden menu) Step 3.reboot Step 4.Try pressing e or c in grub prompt it wont let you unless you type p and provide password TO EXTRACT SPLASH IMAGE Step 1. mkdir splash Step 2. cp /boot/grub/splash.xpm.gz splash Step 3. cd splash/ Step 4. ls Step 5. gunzip splash.xpm.gz Step 6. ls Step 7. firefox splash.xpm TO ADD MULTIPLE TEXT TERMINAL Step 1. vim /etc/inittab Step 2. 50:2345:respawn:/sbin/mingetty tty50 -->creates 50th terminal Step 3. init q -->make changes to inittab Step 4. chvt 50 -->change to 50th terminal Note: To allow root to login also add entries to /etc/securetty. TO MAKE SERVICE PERMANENT Step 1. chkconfig --list |grep network Step 2. chkconfig --list |grep sendmail
Page 42 of 47

Step Step Step Step Step

3. chkconfig --list |grep cups 4. chkconfig --list |grep vsftpd 5. chkconfig vsftpd on 6. chkconfig --list |grep vsftpd 7. chkconfig --levels 35 vsftpd on chkconfig --levels 35 <service> <on/off>

Use wget to download from hotfile automated! lets think like you are cd /home/uploader create 2 files hf.txt & cookie then run this command wget --save-cookies cookie --post-data "returnto=%2F&user=Your Username&pass=Your Password&=Login" -O - http://www.hotfile.com/login.php > /dev/null So that now hotfile cookies will be saved on the file named cookie.

Now you add manually the hf links in hf.txt use command vi hf.txt Press Insert Add Links and press Esc :wq to save the file and run the below command. wget -c --load-cookies cookie -i hf.txt Now all the links which you have added in hf.txt will start downloading. From Next time just open hf.txt press "dd" to delete the lines and add new links save it and run this command alone wget -c --load-cookies cookie -i hf.txt Note:Important hf.txt & cookie files should be on current directory.If not you need to alternate the absolute path on the above commands. init commands init 0 : Shutdown (goes thru the /etc/rc0.d/* scripts then halts)
Page 43 of 47

init 1 : Single user mode or emergency mode means no network no multitasking is present in this mode only root has access in this runlevel init 2 : No network but multitasking support is present . init 3 : Network is present multitasking is present but with out GUI . init 4 : It is similar to runlevel 3; It is reserved for other purposes in research. init 5 : Network is present multitasking and GUI is present with sound etc. init 6 : This runlevel is defined to system restart. init s : Tells the init command to enter the maintenance mode. When the system enters maintenance mode from another run level, only the system console is used as the terminal. init S : Same as init s. init m : Same as init s and init S. init M : Same as init s or init S or init m. DHCP SERVER DHCP SERVER

This server is used to allocate the IP ADDRESS dynamically for the hosts connected to this server PACKAGE REQUIRED : dhcp yum list dhcp IF THE RPM IS NOT INSTALLED THEN USING YUM TO INSTALL yum install dhcp STEP 1: Copy the sample file and rename it cd /usr/share/doc/dhcp-3.0.1/ cp dhcpd.conf.sample /etc/dhcpd.conf STEP 2: Edit the configuration file as follows vi /etc/dhcpd.conf option routers 192.168.0.254; option subnet-mask 255.255.255.0; option domain-name "linux.com"; option domain-name-servers 192.168.0.254; if we want to allocate IP dynamically then do the following: range dynamic-bootp 192.168.0.200 192.168.0.225; default-lease-time 21600; max-lease-time 43200;
Page 44 of 47

if we want to specify a particular HOSTNAME should have to assign a same IP then do the following: host station201 { next-server station201.linux.com; hardware ethernet 00:50:FC:2A:AB:9D; fixed-address 192.168.0.201; } :wq STEP 3: To enable the services service dhcpd start/restart/reload chkconfig dhcpd on MySql configurations MySql Installing Mysql client #yum install mysql Installing Mysql server #yum install mysql-server To create database: #mysqladmin --user=root create database name to create user #mysql --user=root mysql or #mysql -u root -p mysql mysql> GRANT ALL ON database name.* TO username@localhost IDENTIFIED BY somepassword; mysql> flush privileges; mysql> bye; Edit include/config.php and specify the database type, name, host, user and password $database_type = "mysql"; $database_default = "database name"; $database_hostname = "localhost"; $database_username = "username"; $database_password = "password"; Update yum repository for Centos
Page 45 of 47

Download the rpm i386 http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.11.el5.rf.i386.rpm x86_64 http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.11.el5.rf.x86_64.rpm #rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.11.el5.rf.i386.rpm #yum check-update It will update the yum repository Mail Server Mail Server sendmail # yum install sendmail* # vi /etc/mail/sendmail.mc comment this line as dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl :wq Update the changes to db using m4 /etc/mail/sendmail.mc /etc/mail/sendmail.cf dovecot is used to receive the mails from client # yum install dovecot # service sendmail start # service dovecot start VNC Server Installing VNC-Server Installing KDE Desktop #yum groupinstall 'KDE (K Desktop Environment)' Installing VNC Server #yum install vnc-server Type the below command to create ~/.vnc #vncserver #vi /root/.vnc/xstartup
Page 46 of 47

Type the below command at the end of the /root/.vnc/xstartup file startkde& :wq #vi /etc/sysconfig/vncservers Uncomment the two lines VNCSERVERS="1:root" VNCSERVERARGS[1]="-geometry 800x600" :wq VNC Server configuration is done. #service vncserver restart Now you can connect the vncserver using vncviewer with port number Listening for VNC connections on port 5901 Listening for HTTP connections on port 5801 Thunderbird Configuration Thunderbird Configuration Download thunderbird software from http://www.mozillamessaging.com/enUS/thunderbird/all.html Copy your downloaded file to /home/tom/ and untar it: $ cp /home/tom/Desktop/thunderbird-2.0.0.0.tar.gz . $ tar -zxvf thunderbird-2.0.0.0.tar.gz Now software was installed. To start Thunderbird mail client, enter: $ cd thunderbird $ ./thunderbird Install thunderbird in /opt directory. Login as root user: # cd /opt # mkdir thunderbird # cd thunderbird # cp /home/tom/Desktop/thunderbird-2.0.0.0.tar.gz . # tar -zxvf thunderbird-2.0.0.0.tar.gz To start thunderbird, enter: $ /opt/thunderbird/thunderbird & Email ThisBlogThis!Share to TwitterShare to Facebook
Page 47 of 47