Beruflich Dokumente
Kultur Dokumente
Introduction
Unix System and Network Administration (Solaris, Linux, FreeBSD) Microsoft Windows 2003 System Environment, Active Directory, Network Infrastructure Cisco Network Fundamental Information Security Consultant
Unix System Administrator (Solaris)
Perform basic Unix tasks Understand basic Unix commands Use vi text editor Interact with a windowing system
Unix
Day 1
Introduction Solaris System Administration Basic OS Commands Understanding Shells User Accounts and Groups Rights and Roles File Systems, Backup and Recovery Administering Devices
Day 2
( )
Administering Systems Printing Service Network Service & Remote access Software Packages & Patches Tuning & Recognizing File Access Problems New Feature Enhancements in Solaris 10
Day1 Day1
1. 2. 3. 4. 5. 6. Introduction Solaris System Admin Basic OS Commands Understanding Shells User Accounts and Groups Rights and Roles File Systems
8
Path Structure
bin sbin
dev mnt
etc
Home
tmp
usr
export
var
John
Ken
doc
data
data
10
root Password
# pwd cd / ls l ls l h*
11
2.
vi command
Command Mode
/etc/hostname.<Interface> /etc/nodename
12
/etc/hosts (Map IP Hostname) Type 192.168.1.73 suwit001 /etc/hostname.pcn0 ( IP NIC) Type suwit001 ( /etc/hosts) /etc/nodename (hostname) Type suwit001 ( $> init 6 (reboot)
Training Professional Center 13
/etc/hosts)
SPARC
OpenBoot PROM
IA
BIOS Solaris Device Config Assistant MDB (Multiple Device Boot) Command Option at MDB
Booting system
14
SPARC
bootblk (Pri. boot program) ufsboot (Sec. boot program) load kernel
IA
mboot (MBR) pboot (Solaris Partition boot program) bootblk (Pri. boot program) ufsboot (Sec. boot program) load kernel
15
SPARC
shutdown,init w/o intervention SCSI, IDE
IA
shutdown,init w/ intervention SCSI and IDE
Disk Controller
Disk Max. 4 fdisk partition Sol fdisk 10 slices (0-9) but 0-7 store data 3.5, 5.25-inch
Diskette drive
16
Feature
17
Feature
64bits (SPARC only), LDAP, Dynamic reconfiguration, AnswerBook2, Unicode, RPC security, CDE (new tools) IPv6, Naming LDAP, Java2, Wizard (Installation), UDF (Universal Disk Format), DVD, Smart card, PDA, Multilanguage (90 locals,37 langs), XServer (X11R6.4), RBAC (Role-Based Access Control) Mobile IP, Removable Media (DVD,Zip,Jaz,CDROM,diskette) IP Multipathing with NICs, WBEM (Web-Based Enterprise Management, Print USB LDAP+iPlanet WebServer, SMC 2.0 (RBAC), WBEB (init.wbem, update security, SMC Log viewer), USB (Sun Blade 100, 1000 and Sun Ray system) New BIND, sendmail 8.10, IP multipathing with dynamic reconfiguration (DR), Mobile IP (reverse tunnel) PPP 4.0 (async,sync comm., PAP, CHAP), NCA (Solaris Network Cache Accelerator), IP Multipathing (IPMP reboot safe) DR 3.0 (Automated DR), USB (KB,Mouse,Printer,Audio) RPC (Sun ONC+ async protocol)
Solaris 8 (SunOS 5.8) (6/00) Solaris 8 (SunOS 5.8) (10/00) Solaris 8 (SunOS 5.8) (1/01) Solaris 8 (SunOS 5.8) (4/01) Solaris 8 (SunOS 5.8) (7/01) Solaris 8 (SunOS 5.8) (10/01) Solaris 8 (SunOS 5.8) (2/02)
18
Feature
Resource Manager (allocate resource), Fixed-priority (FX), Web Start Flash Install (master,clone), Live Upgrade, New option (df, du, ls, 1K unit), pargs and preap (process debugging), NIS+ LDAP, Sun Internet FTP Server, sendmail 8.12, Improve NCA, IPMP (link-up-down), Mobile IP (advertise dynamic if), BIND 8.2.4, Solaris volume manager, SMC 2.1 (6 new tools), smpatch, Solaris Secure Shell, cdrw (Write CD) X86/X64, SPARC Solaris Container Grid Container (Isolate App, Service, Allocate resource, Increase resource utilization) Solaris Secure Execution (File Integrity and Secure Execution, User&Process Right Management, IP Filter Firewall, Cyptographic Service/Secure, Enterprise Authentication LDAP,PW,MD5,Kerberos,Smartcard) Solaris Dynamic Tracing (easy to analyze, debug, optimize system, App in Realtime, Patch Management) Solaris Predictive Self Healing (Auto diagnostic, isolate recovery from H/W, App fault)
19
1.3 Understanding Superuser Status nding Special UID = 0 (/etc/passwd) Root Perform system admin tasks
mount/unmount file system change ownership or permission backup/restore create device file shutdown system
20
Shell prompt ($>, %>), type su Enter password (root) Environment enable, type su
su root su user1
21
Login prompt,
type root (Enter) type password (Enter)
Add user
$> useradd d /export/home/username username
22
Screenshot
23
/etc/motd write username write username < filename wall rwall n group
walld /etc/inetd.conf
0 Go to Firmware S or s Single mode (single logon) 1 Single admin mode mount all file system 2 Multi-user without NFS (Network File System) 3 Multi-user with NFS 4 No use 5 Power off (shutdown running services) 6 Reboot (shutdown running services and restart)
25
Default run level for system Process start, monitor, and restart if terminate Action to take when system enter new run level
id:rstate:action:process
26
Form
S,K[0-9][a-z][A-Z] S10webserver S20dbserver
/etc/rc3.d
S10webserver S20dbserver
28
Run Level 0 Run Level s and S Run Level 1 Run Level 2 Run Level 3 Run Level 4 Run Level 5 Run Level 6
29
30
31
Turn off system power because of power outage Change kernel parameters in /etc/system Perform system maintenance, backup or restore system data Repair system configuration file /etc/system Changing pseudo device parameters in /etc/system Add or remove hardware from system Boot kernel debugger to track down system problem
32
/var/adm/messages halt d (save in swap file system) dumpadm (configure crash dump) savecore (/var/crash/hostname) SPARC IA
33
SPARC IA
Boot from Solaris 10 Installation CD Screen selection mode
b s $> mount /dev/dsk/c0d0s0 /a $> cd /a/etc $> vi passwd $> vi shadow (in case of password recovery)
34
grep search string filename $> grep Aug 22 13:56 /var/adm/message $> grep i Aug 22 13:56 /var/adm/message egrep $> cat > filename $> touch filename $> vi filename (save and exit)
35
Turn off system power Install a new release Prepare power outage Add hardware to system Perform maintenance file system
36
Recommendation
/usr/sbin/shutdown /etc/telinit and /sbin/init
Not Recommendation
/usr/sbin/halt /usr/sbin/reboot
/usr/sbin/uadmin 2 0
37
38
39
40
41
2. Basic OS Commands
42
$> ls la
44
45
File permission
rwxrwxrwx r = Read w = Write x = Execute Ownership u = User g = Group o = Other Example: rw-rw-rw110110110 rwxrwxrwx r-xr-xr-x 555 filename
46
Example
Sticky bit permissions Protected files from being deleted by other users Should be set on the top-level directory Example
chmod +t somedir
49
setfacl
Example
find <path> -name filename print $> find / -name passwd print
view at the end of file (tail) $> tail filename (show last 10 lines) $> tail f filename (view last update information) view at the beginning of file (head) $> head filename (show first 10 lines)
52
$> df k (1K block) $> df h (1K unit KB, MB,GB) $> du k [pathname] (1k block) $> du h [pathname] (1K unit KB, MB,GB)
53
54
55
56
57
58
Set Parameter
59
3. Understanding Shells
60
3.1 Tasks Common to All Shells Aliases History list .profile .cshrc
61
Aliases
Example
Alias dir = ls al
62
History list
Example
63
.profile .profile can contain any commands and environment settings Example
64
.cshrc
65
Example:
Training Professional Center 66
Shell command Source (.) Basename Cat Cd Chgrp Date Find Grep
Training Professional Center 67
Shell command (cont.) Head Less Ls Mkdir More Pwd Rmdir tail
Training Professional Center 68
Source Path
69
Demonstration
Shell Command
70
Changing Shells from command line $> csh $> ksh $> sh $> bash $> tcsh Exit from Shells $> exit
Training Professional Center 71
72
Execute
fi ./count_lines.sh /etc/group
74
Execute
fi ./count_lines.sh /etc/group
75
Execute
Training Professional Center
Test facility
-a All -b file is a special block file. -c file is a special character file. -d file is a directory. -f File is a normal file -h File is a symbolic link. -p File is a named pipe. -s File has nonzero size. -w File is writable by the current user. -x File is executable by the current user.
Training Professional Center 76
#!/bin/sh For i in apple orange lemon kiwi guava Do DATAFILE=$i.dat echo Checking $DATAFILE if test s $DATAFILE then echo $DATAFILE is OK else echo $DATAFILE has zero-length fi done
77
78
Root /etc/shadow
/etc/group
/etc/passwd
79
4.1 Tools for Adding and Admin User Accounts $> smc & $> useradd $> userdel Creating password for user $> passwd username
80
81
Example
82
83
84
85
Example
Userdel r user1
86
87
Groupadd
Example
/etc/group
88
Groupmod
89
Change Password
root Password
owner
90
91
92
93
94
Rights
Roles
Root
/etc/security/auth_attr
/etc/user_attr
95
96
6. File Systems
97
target
No target
98
99
Formatting
Example
UFS (Unix File System) HSFS (ISO 9660) CDROM Readonly PCFS (PC File System) DOS-format, Floppy disk UDFS (Universal Disk Format file system) (CDRW, DVD-ROM)
101
CacheFS
Boot CDROM, mount file system store in Memory
102
CacheFS
Boot CDROM, mount file system store in Memory
103
Example: Formatting
IDE Disk
Fdisk
Partition
Adding new Harddisk $> touch /reconfigure $> telinit 5 Install new HDD+ Power on $> format
Adding new Harddisk $> format format> partition partition> help partition> 0 (0-7) partition> tag id partition> permission flag (wm) partition> size (Cylinder) partition> label (Save partition) partition> quit
Training Professional Center 106
Adding new Harddisk $> newfs /dev/rdsk/c0d[1]s[0] $> man newfs Mounting file system Create mount point $> mkdir /export/software
/export/software /dev/dsk/c0d1s0
108
109
Day 2
7. Administering Systems 8. Printing Service 9. Network Service & Remote access 10. Software Packages & Patches 11. Tuning & Recognizing File Access Problems 12. New Feature Enhancements in Solaris 10
110
7. Administering Systems
111
Determine Hostid $> hostid $> sysdef h $> sysdef > /tmp/sysdef.txt Host information $> uname a Display System Information $> prtconf
Training Professional Center 112
How long a system has been up $> uptime Find system was booted $> who b System date / time $> date Setting date / time $> date mmddHHMMyy
Training Professional Center 113
Changing Timezone Edit in file /etc/TIMEZONE TZ=Asia/Bangkok The complete list of time zone variables /usr/share/lib/zoneinfo
114
Checking the data consistency of File system $> fsck /dev/rdsk/c0d1s0 Finding whether need to checking
/dev/rdsk/c0d1s0 /export/data $> umount /export/data $> fsck m /dev/rdsk/c0d1s0 If need, init S or s $> fsck /dev/rdsk/c0d1s0 $> man fsck
115
/dev/rmt/0 Tape 1 /dev/rmt/1 Tape 2 $> ufsdump 0cuf /dev/rmt/0 /dev/dsk/c0d0s0 $> man ufsdump
Ufsdump Command
117
Ufsdump parameter
/usr/sbin/ufsdump [options] [arguments] files to dump Options
-f : dump to file -u: update the dump record -v: verify -c: Cartridge Example
Ufsrestore Command
119
Ufsrestore parameter
/usr/sbin/ufsrestore -i : Interfactive -f : Restore selected file -t : Testing -a: archive_file
Example
Ufsrestore (Interactive)
121
122
/dbasefile /backup
/dev/dsk/c0d1s0
/backup/full.dat
Backup & Restore File System List Table of content $> ufsrestore ta /backup/full.dat Extract data from backup device $> ufsrestore ia /backup/full.dat ufsrestore> help ufsrestore> ls ufsrestore> add [filename] ufsrestore> extract
Training Professional Center 124
$> tar cvf - ./etc | gzip - > /export/data/full.tgz $> gunzip full.tgz tar xvf full.tar
Training Professional Center 125
126
8. Printing Service
127
Printer Overview
Server Printer
Print Device
128
129
Printer Manager $> /usr/sadm/admin/bin/printmgr & Name service = File Click Menu Printer
131
Setting Print Server (P421-422) (P421-422) Printer Name Server Name Network printer access name IP address for the printer Protocol (TCP)
132
Install Printer Device Lpadmin Accept (Print Queue) Enable (Activate Printer for Lp) Lpstat Lp, Lpr
133
Monitoring
Using Printer
Training Professional Center
Lpadmin command
134
Example: Lpadmin
135
Accept Command
136
Enable Command
137
Lpstat Command
138
Lp command
139
141
Configure Host and IP address w/ Multi-NICs Multi$> touch /reconfigure $> init 5 Install Network Cards Power On $> cd /etc $> vi hosts
IP address0 hostname0 IP address1 hostname1 IP address2 hostname2 hostname.pcn0 hostname0 hostname.pcn1 hostname1 hostname.pcn2 hostname2
/etc/hostname.[interface]
142
IP address1 hostname1 IP address2 hostname2 IP address3 hostname3 hostname.pcn0:1 hostname1 hostname.pcn0:2 hostname2 hostname.pcn0:3 hostname3
143
/etc/hostname.[interface]:[1-99]
/etc/init.d/nfs.server start
$> share Check sharing $> dfshares Check sharing Client $> mkdir /export/share $> mount F nfs hostname:/export/share /export/share $> mount Check mounting $> df Check mounting
Training Professional Center 144
Example
145
[&] is for running as background process CTRL-Z $> bg $> fg (For running as forground process
$> processname
$> ps ef | grep processname $> kill [process id] $> pkill [processname]
Training Professional Center 146
Edit /etc/hosts
192.168.1.200 suwit001 suwit001
DHCP Client
$> /sbin/dhcpagent
Request Network Information from DHCP Server
147
Check ip address Check routing table (Look for line default) Check nameserver (DNS)
$> more /etc/defaultrouter [Static ip] Manually add routing table route add default [gateway ip]
Server
192.168. 192.168.1.1 203.151.100. 203.151.100.1 pcn0 .10 pcn1 .10
203.151.100. 203.151.100.0 / 24 Route add [NetworkID] [Gateway IP] $> route add 0.0.0.0 203.151.100.1 203.151.100. $> route add default 203.151.100.1 203.151.100.
Training Professional Center
192.168. 192.168.1.0 / 24 Route add [NetworkID] [Gateway IP] $> route add 192.168.9.0 192.168.1.1 192.168. 192.168. $> route add 192.168.9.9 192.168.1.1 192.168. 192.168.
149
Click Remote Login Click Choose from list $> rlogin hostname [ip address of remote system] $> telnet hostname [ip address] Edit file /etc/default/login Comment line #CONSOLE=.
150
Check remote system how long be up $> rup hostname [ip address] Check remote system alive $> ping hostname [ip address] $> ping s hostname (infinity loop)
151
Login / password
ftp> help ftp> get [filename] download ftp> mget [filename *.*] multiple get ftp> put [filename] upload ftp> mput [filename *.*] multiple put ftp> binary Binary file (exe, jpg, gif) ftp> ascii Text file (txt) ftp> prompt Toggle interactive mode ftp> hash Show Progress print # ftp> quit / bye
Training Professional Center 152
Checking Packet from Network $> snoop $> snoop o /tmp/packet.txt Capture to file $> snoop d pcn1 $> snoop | grep hostname1[192.168.1.190] $> ethereal & $> nmap Read from captured file $> snoop i /tmp/packet.txt
Training Professional Center 153
Installation
Get file lsof.4.74*local.gz $> gunzip lsof4.74.gz $> lsof4.74*local $> pkgadd d lsof*local
/usr/local/bin /usr/local/man
Installation
155
$> . /.profile
156
157
Package Installation
Web Start Insert CDROM package $> ./installer Select desire to install Command Line $> pkginfo [Package Name] check if exist. $> pkgrm [Package Name] remove package $> pkgadd d [Path] [Package Name] install package
Training Professional Center 158
Installer
159
Installer (Cont.)
160
Pkginfo command
161
Pkgrm command
162
Pkgadd command
163
/usr/sbin/cron
$> cd /etc/cron.d
$> vi /var/spool/cron/crontab/root
30 11 * * * /tmp/echo.sh $> chmod +x /tmp/echo.sh
$> ps ef | grep cron $> kill [cron pid] restart cron to read new crontab $> date check time/date Execute /tmp/echo.sh
166
Recognize Problem with Permission, Ownership Change permission of file for execution
$> chmod +x [shell script] $> chown [userid]:[groupid] [file, directory] $> chown R [userid]:[groupid] [file, directory]
168
169
170
Zone configuration
171
Zone configuration
172
NIS Setting up NIS Server $> svcadm enable network/nis/server $> svcs network/nis/server $> domainname suwit.com $> ypinit m $> ypstart
173
NIS Setting up NIS Client $> domainname suwit.com $> ypinit c $> ypstart Edit file /etc/nsswitch.conf
174
/etc/rc3.d/S50apache [start|stop] $> cp /etc/apache/httpd.conf-example httpd.conf $> /etc/rc3.d/S50apache start $> ps ef | grep httpd IE, Webbrowser http://[hostname, ip address]
175
Configuration file
Web Browser
176
Solaris IP Filter Firewall http://www.muine.org/~hoang/solnat.html Lock down the box Setup network interfaces in the Solaris box Enable packet forwarding, dhcp, firewall and network address translation Configure machines behind NAT Familiarize with IPFilter IPsec Reference
Training Professional Center 177
178
www.sun.com www.bigadmin.com Discussion/Forum www.sunfreeware.com Free Software sunsolve.sun.com Patche docs.sun.com Document
khajorn@hotmail.com
179