├── .gitattributes ├── 9781484254547.jpg ├── Chapter-17.tgz ├── Contributing.md ├── Experiment_6-1.txt ├── Experiment_6-3.txt ├── LICENSE.txt ├── README.md ├── doUpdates ├── errata.md └── quickstart.zip /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /9781484254547.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/using-and-administering-linux-volume-2/1165760e7fd1954bb830c49e997c18dddea13eeb/9781484254547.jpg -------------------------------------------------------------------------------- /Chapter-17.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/using-and-administering-linux-volume-2/1165760e7fd1954bb830c49e997c18dddea13eeb/Chapter-17.tgz -------------------------------------------------------------------------------- /Contributing.md: -------------------------------------------------------------------------------- 1 | # Contributing to Apress Source Code 2 | 3 | Copyright for Apress source code belongs to the author(s). However, under fair use you are encouraged to fork and contribute minor corrections and updates for the benefit of the author(s) and other readers. 4 | 5 | ## How to Contribute 6 | 7 | 1. Make sure you have a GitHub account. 8 | 2. Fork the repository for the relevant book. 9 | 3. Create a new branch on which to make your change, e.g. 10 | `git checkout -b my_code_contribution` 11 | 4. Commit your change. Include a commit message describing the correction. Please note that if your commit message is not clear, the correction will not be accepted. 12 | 5. Submit a pull request. 13 | 14 | Thank you for your contribution! -------------------------------------------------------------------------------- /Experiment_6-1.txt: -------------------------------------------------------------------------------- 1 | Team 1 Apr 3 2 | Leader Virginia Jones vjones88@example.com 3 | Frank Brown FBrown398@example.com 4 | Cindy Williams cinwill@example.com 5 | Marge smith msmith21@example.com 6 | [Fred Mack] edd@example.com 7 | 8 | Team 2 March 14 9 | leader Alice Wonder Wonder1@example.com 10 | John broth bros34@example.com 11 | Ray Clarkson Ray.Clarks@example.com 12 | Kim West kimwest@example.com 13 | [JoAnne Blank] jblank@example.com 14 | 15 | Team 3 Apr 1 16 | Leader Steve Jones sjones23876@example.com 17 | Bullwinkle Moose bmoose@example.com 18 | Rocket Squirrel RJSquirrel@example.com 19 | Julie Lisbon julielisbon234@example.com 20 | [Mary Lastware) mary@example.com 21 | 22 | -------------------------------------------------------------------------------- /Experiment_6-3.txt: -------------------------------------------------------------------------------- 1 |  2 | 3 | Theory and Practice 4 | of 5 | Linux System Administration 6 | 7 | 8 | 9 | Lab Projects 10 | 11 | Version 1.50 12 | October 25, 2014 13 | 14 | 15 | David P. Both 16 | RHCE, Instructor 17 | 18 | 19 | Copyright © Millennium Technology Consulting LLC 20 | Table of Contents 21 | Introduction 5 22 | Lab Project 1: Installing Linux 6 23 | Lab Project 1A. Installing Fedora 15 through 17 6 24 | Lab Project 1B: Installing CentOS 7.X, Fedora 18 and Above 14 25 | Lab Project 1C: Installing CentOS 6.x 23 26 | Lab Project 2. Post Installation 30 27 | Lab Project 2A: CentOS 6.X and Fedora up through Release 18 30 28 | Lab Project 2B: CentOS 7, Fedora 19 and above 31 29 | Lab Project 3. Initial Desktop Login 33 30 | Lab Project 4. Using Virtual Consoles 34 31 | Lab Project 5. Using Screen 36 32 | Lab Project 6. The Command Line Interface (CLI) 38 33 | Lab Project 7. Using vim 42 34 | vimtutor 42 35 | Disabling SELinux 42 36 | Lab Project 8. Important Linux Commands 43 37 | Moving around, Viewing, Copying and Creating Files 43 38 | System Performance and Problem Solving 44 39 | top 44 40 | Memory Statistics 45 41 | System Statistics with sar 45 42 | The /proc filesystem 46 43 | I/O Data 46 44 | lm_sensors 46 45 | Hard Drive Statistics 47 46 | The Lazy Admin 47 47 | Information About Files 48 48 | Lab Project 9. Using Pipes and Redirection 49 49 | Basic Standard Pipes 49 50 | Named Pipes 50 51 | Lab Project 10. Using Compound Commands 51 52 | Lab Project 11. Basic Command Line Programming 52 53 | RPM List 52 54 | Lab Project 12. Backup with tar 54 55 | Lab Project 13. The Linux Boot and Startup Process 56 56 | Lab Project 13A: CentOS 6.X and Fedora up through Release 15 56 57 | The boot sequence 56 58 | The Startup sequence 59 59 | Lab Project 13B: CentOS 7.X and Fedora 16 and Above 59 60 | The boot sequence 59 61 | The startup sequence 61 62 | Lab Project 14. Managing and Using Runlevels 63 63 | Lab Project 14A: Managing SystemV Init scripts in CentOS 63 64 | Lab Project 14B: Managing Runlevels with systemd in CentOS 7 and Fedora 17 and above 64 65 | Managing Units and Services with systemd 65 66 | Lab Project 15: Using Midnight Commander to Manage Files 66 67 | Install Midnight Commander 66 68 | Using Midnight Commander as user student 66 69 | Using Midnight Commander as root 67 70 | Lab Project 16. Managing Users 68 71 | Lab Project 17. Managing Processes 69 72 | Lab Project 18. Scheduling Tasks 71 73 | Limiting Access to cron 71 74 | Scheduling Specific Tasks 71 75 | One Set of Solutions 72 76 | Lab Project 19. Adding a New Filesystem Partition 73 77 | Lab Project 20. Managing Filesystems with LVM 77 78 | Adding a New Volume Group 77 79 | Expanding a Volume 78 80 | Lab Project 21. Exploring and Repairing EXT Filesystems 80 81 | Exploring EXT Filesystems 80 82 | Repairing EXT Filesystems 80 83 | Lab Project 22. Files 82 84 | Links 82 85 | Symbolic (soft) Links 82 86 | Hard Links 83 87 | Locating Files 84 88 | Locating files with Several Hard Links 85 89 | File Information 86 90 | Lab Project 23: Package Management 87 91 | RPM 87 92 | YUM 88 93 | Adding Repositories 88 94 | Using YUM to Explore Software 89 95 | Installing Software from a Repository 90 96 | Updating All Packages 90 97 | Lab Project 24: Network Configuration And Management 92 98 | Hardware 92 99 | Interface Configuration 92 100 | Network Configuration and Management 93 101 | Configuring NTP 93 102 | Configuring the /etc/hosts file 95 103 | Using SSH 95 104 | Creating Public/Private Key Pairs 96 105 | Lab Project 25: Security 98 106 | Configuring IPTABLES 98 107 | sudo 99 108 | Restrict SSH Remote Root Login 100 109 | Checking for Rootkits 100 110 | Lab Project 26: Problem Solving 102 111 | System Rescue 102 112 | 113 | Introduction 114 | I originally started teaching Linux as part of my regular day jobs over the years. The courses were designed to meet the needs of my employers of the time and were generally well received. 115 | As time went on, and gaps between W-2 jobs increased, I decided to start my own company and consult on and teach Linux. This course, and the two others I have created as of this writing, are the results of that effort. 116 | In the late summer of 2013, this course was redesigned to enable the use of CentOS as well as Fedora Linux as the basis for the lab projects. Thus this single course is flexible enough for both distributions and can be used to teach either or both at the same time. 117 | The lab projects provide installation instructions for Fedora 15 through 17. It also provides a set of instructions for Fedora 18 and later, which are installed using a completely rewritten Anaconda installer. There are also instructions for installing CentOS 6.X. 118 | Where there are differences, the lab projects provide instructions and commands for both Fedora and CentOS. 119 | Taken from my own experiences accumulated during more than 15 years of using Linux, and developed using my knowledge and experience as a course developer and trainer for both IBM and Red Hat, this class covers the practical aspects of Linux System Administration. It builds upon the foundation of the “Philosophy of Linux” in a way that helps the student understand how and why things are done as they are. 120 | Lab Project 1: Installing Linux 121 | This lab project takes you through the process of preparing for and installing Linux on your student host. Fedora releases 15 through 17 are covered in Lab Project 1A. The Anaconda installer has been completely rewritten starting with Fedora 18. Installation of Fedora 18 and higher is covered in Lab Project 1B. Installation if CentOS is covered in Lab Project 1C. 122 | A minimal system does not have any type of graphical interface and is an excellent platform for use as a firewall, router, or any type of server such as a web, FTP or email server. It can be used as all of these at the same time. This lab project will install a basic system with the KDE Desktop. Any additional functionality required later in the course will be added as it is needed. 123 | Regardless of which distribution of Linux used in the classroom, the partitioning for this system will include a single standard EXT4 partition for /boot which cannot be part of a Logical Volume. The rest of the hard drive will be used as a Physical Volume (PV) on which Logical Volumes will be created for the rest of the filesystems. Not all of the PV will be used so that the free space can be used later. 124 | The default partition type for recent Fedora releases is EXT4, though there have been significant issues with EXT4 in the past. For these lab projects we will use EXT4. 125 | Lab Project 1A. Installing Fedora 15 through 17 126 | This lab project provides instruction on the installation of Fedora releases 15 through 17. 127 | 128 | 1. Insert the Fedora Linux installation media provided by the instructor into the DVD drive or USB port of your computer. 129 | 2. Reboot or turn on the computer. 130 | 3. You will use the graphical installation because it allows more control over disk partitioning. At the installation Welcome screen, choose “Install a new system or upgrade an existing system” and press the Enter key. 131 | 4. Use the Tab or the Right Arrow key to move the highlight to the Skip button and press Enter to go directly to the installation and skip over the media check. 132 | 5. At the initial Fedora graphical splash screen press Enter or use the mouse to click on the Next button. 133 | 6. English should be the default language on the language selection screen. If not, select English and click Next. 134 | 7. The U.S. English Keyboard should be the default. If not, select it and click Next. 135 | 8. Leave Basic Storage Devices checked and click Next. 136 | 9. We will not be upgrading any possible existing installation. Choose Fresh Installation and click Next. 137 | 10. Type the hostname of your student computer. It should be studentXX.linuxclass.com where XX is your two digit student number starting with 01. Your instructor will have assigned you a student number at the beginning of the class. If not, obtain a student number from your instructor now. Do NOT press Enter or click Next! 138 | 11. There is also a button on this page, Configure Network. Click on this button to see the options available. Click on the em1 entry and then the Edit button. The device in Illustration 2 is for a pluggable NIC in motherboard slot 2 and a single port. Yours will be “Ethernet Motherboard 1,” or EM1. Place a check in the Connect automatically checkbox. This is supposed to start the network during startup. With a server or desktop installation, if you do not check this box the network will not start until a user logs in to the GUI. Although that could be corrected manually after the installation, now is the best opportunity to make this change. 139 | 12. Click on the IPV4 Settings tab. Notice that although the default is for DHCP to provide configuration data for the NICs, you can also specify a static IP address and manually enter DNS and gateway server entries. Do not change anything here as we will use DHCP for all lab projects. Your instructor may ask you for your IP address later. 140 | 13. When you have finished exploring, click Apply on the Editing System eth0 window and then Close on the Network Connections window. 141 | 14. Click Next on the Hostname page. 142 | 15. Select the correct Time Zone for your Location. The default is Eastern/New York. Also remove the check from the System clock uses UTC checkbox. Then click the Next button to continue. 143 | 16. Enter the root password (use “lockout” with no quotes) in both spaces and click Next. You will receive a message window indicating that this is a weak password. For this class it is fine and the instructor requires that you use it, so click on Use Anyway. 144 | 17. There are several options on the next screen which asks which type of installation you would like. Choose the Create custom layout option and click Next. 145 | 18. If there were partitions on the disk they will be shown on the disk Device screen. If there are any existing partitions, remove all of them. If it was Linux partitions, start with the Logical Volumes, then the Volume Group and the Physical Volume, and end with the /boot and other EXT partitions. Your disk should be empty of partitions and look like Illustration 3. If you need help deleting existing partitions be sure to ask the instructor. 146 | 19. You first need a /boot partition so click on the Create button. Be sure to select Standard Partition as shown in Illustration 4, and click Create. The Add Partition window is displayed. Only the /boot partition needs to be a Standard partition. 147 | 20. In the Add Partition window select /boot from the Mount Point drop-down. Leave the File System type as EXT4 and the size at the default of 500MB. 500MB is the default size for all partitions in this menu, but it is not the best choice for most partitions. Click on OK to create the /boot partition. 148 | 21. Now you need to create a Physical Volume (PV) out of a portion of the remaining disk space to use for the rest of the Logical Volumes. Click on Create, choose LVM Physical Volume. Type 20000 (20,000MB or 20GB) in the Size field and click OK. At least some of the remaining space on the disk will be used later. It does not normally make sense to create multiple PVs on a single physical hard drive, but this enables us to pretend that there are multiple physical hard drives for later lab projects. We will also leave some unused space on the PV for later use. After creating the new Physical Volume, your disk partitioning should look like Illustration 7. 149 | 22. The next step is to create a Volume Group (VG). Click the Create button and select LVM Volume Group and click Create. 150 | 23. At this point you have the Make LVM Volume Group and Make Logical Volume windows displayed. You can create all of the needed Logical Volumes within this window. Select / (root) for the Mount Point. Leave the File System Type at EXT4. Type root for the Logical Volume Name and 2000 (2GB) for the Size. Click the OK button when you are finished entering the data. 151 | 24. Now create the rest of the required Logical Volumes using Table 1, below. This table shows all of the partitions and Logical Volumes you should have when you are completed including the /boot partition which was previously created, as well as the Physical Volume (PV) and Volume Group (VG). 152 | 153 | Mount Point 154 | LVM 155 | Volume Name 156 | Filesystem Type 157 | Size 158 | /boot 159 | No 160 | 161 | EXT4 162 | 500M 163 | PV 164 | 165 | 166 | Physical Volume 167 | 20GB 168 | VG 169 | 170 | 171 | Volume Group 172 | 173 | / 174 | Yes 175 | root 176 | EXT4 177 | 5GB 178 | /usr 179 | Yes 180 | usr 181 | EXT4 182 | 10GB 183 | /home 184 | Yes 185 | home 186 | EXT4 187 | 2GB 188 | /tmp 189 | Yes 190 | tmp 191 | EXT4 192 | 2GB 193 | /var 194 | Yes 195 | var 196 | EXT4 197 | 2GB 198 | NA 199 | Yes 200 | Swap 201 | Swap 202 | 2GB 203 | Table 1: Filesystem and Volume mount points and sizes. Note that the Volume Group is sized automatically by the sizes of the defined Logical Volumes. Everything else is left as free space in the Volume Group. All hard drive space on all physical hard drives is included in this one Volume Group. 204 | This uses about 23.5 GB of space. I have installed a full version of Fedora on a NetBook computer with the KDE Desktop along with LibréOffice, Thunderbird, Firefox and other application programs in about 8GB of disk space. 205 | 25. To create the Swap partition, click Add and select Swap as the File System Type. 206 | 26. Your completed Logical Volumes should look like those in Illustration 10. Click on the Next button to complete creation of the disk partitions and Logical Volumes. Then click Write Changes to Disk in the Confirm window. At this time the partitioning layout you have just defined will be created and written to the hard drive, and all of the filesystems will be created. If you are installing on a system that had a running operating system this is the point of no return. Once you have clicked on the Write Changes to Disk button, the contents of the disk will be irretrievably overwritten. This is the “No turning back” point. 207 | 27. No changes are required to the Boot Loader configuration so click Next. 208 | 28. The software selection screen allows the choice of four primary software installation options. Choose Graphical Desktop and ensure that the Customize now radio button is selected. Do not change the repository selection. Click Next. 209 | 29. The software selection menu is displayed as shown in Illustration 11. Select the various desktop environments as shown, especially the KDE Software Compilation. Linux has multiple desktops which users can choose, providing huge amount of flexibility. 210 | 30. Observe while the installation process checks for dependencies, transfers the install image to the hard drive and begins the installation. Notice that there are about 1504 packages being installed for Fedora 15. The minimum number of packages for a minimal Linux system is about 198. 211 | 31. When you see the “Congratulations, your Fedora installation is complete” screen, remove the installation media and click the Reboot button. 212 | 213 | 214 | Lab Project 1B: Installing CentOS 7.X, Fedora 18 and Above 215 | This lab project takes you through the process of preparing for and installing Fedora Linux, releases 18 and above. It will usually use the most recent version of Fedora. 216 | Installation of Fedora 15 through 17 is covered in Lab Project 1A. Installation of CentOS 6.x is covered in Lab Project 1C. 217 | A minimal system does not have any type of graphical interface and is an excellent platform for use as a firewall, router, or any type of server such as a web, FTP or email server, but we want a bit more than that. This lab project will install a basic system with the KDE Desktop. Any additional functionality required later in the course will be added as it is needed. 218 | The partitioning for this system will include a single standard EXT4 partition for /boot which cannot be part of a Logical Volume. The rest of the hard drive will be used as a Physical Volume (PV) on which Logical Volumes will be created for the rest of the filesystems. Not all of the PV will be used so that free space can be used later. 219 | The default partition type for recent Fedora releases is EXT4. That is what will be used for this lab project. 220 | 1. Insert the Fedora Linux installation media provided by the instructor into the DVD drive or USB port of your computer, as appropriate. 221 | 2. Reboot or turn on the computer. 222 | 3. When the Fedora 19 installation menu is displayed, use the Up arrow key to select Install Fedora and press Enter. 223 | 224 | You could run the media test by just pressing the Enter key but that should not be necessary. 225 | 4. On the Fedora 18 and 19 installation Welcome screen, English is already selected as the installation language, but you should check the box at the lower left that is labeled, Set keyboard to default layout for selected language. 226 | Then click the Continue button. 227 | 5. The main installation menu, titled INSTALLATION SUMMARY is displayed as shown below. This menu is the central hub from which you can select sub-menus to customize the installation. 228 | Note the yellow banner across the bottom of the menu and the yellow warning icon next to the Installation destination sub-menu. You will not be able to proceed with the installation until all warnings are eliminated. 229 | Most of the sub-menus do not need to be selected for a vanilla installation, for this lab project, we will take some time to look at each. There are a few things you will need to change for this lab project. 230 | 6. Look at the Date & Time sub-menu. You can click on the desired time zone on the map, or you can select the region and city from the drop-down selection fields. 231 | When finished on this menu, press the Done button in the upper left corner. 232 | 7. The Installation Source sub-menu allows you to choose between the install media from which the system was booted, an ISO file on the hard drive if one is available, or a mirrored repository on the Internet. The most common is the default, from the auto-detected installation media that you booted from. It is not necessary to change anything on this sub-menu for this class. 233 | 8. You will need to make some selections on the Software Selection sub-menu shown in Illustration 16. Select the KDE Plasma Workspace. For this class, which is not about applications, it is not necessary to select any of the add-on software on the right side of the menu, but in a real-world environment you may wish to install applications like LibréOffice and others. 234 | When finished with this sub-menu, click on the Done button. 235 | 9. The Installation Destination sub-menu in Illustration 17, is the one that will always need some attention. Select this sub-menu and you will see a list of available disks on which you can install Fedora. For this lab only one hard drive is installed in your lab computer so it should already be selected. If other hard drives were available they would be pictured on this page and be available for you to select. 236 | Note the checkbox for encrypting the data on the hard drive but do not select it. Press the Done button to configure the partitions. 237 | 10. At this point you are presented with the screen in Illustration 18, which allows you to select custom partitioning. For many users, if enough free space is available, the default option is fine. 238 | Due to the fact that the hard disk drives on the lab computers have been used before there is little or no available space, or a large portion of the space has been previously partitioned. So in order to delete all existing partitions you will have to reclaim all of the used space from the disk. 239 | 240 | For this lab project, click on the Custom Partitioning button. Select each partition and click on the Delete button 241 | 11. The Manual partitioning menu displays existing partitions and allows you to delete them. Illustration 19 shows the existing disk partitions in the expandable list entitled, Fedora Linux 18 for x86_64. Click on that line to expand the list of existing partitions. 242 | Click on each partition in the expanded list of partitions and click the Minus (-) sign on the toolbar to delete each existing partition. 243 | 12. After deleting the existing partitions click on the Plus sign (+) to create new partitions. First create a /boot partition of 500MB in size as an EXT3 partition. The /boot partition cannot be a logical volume; it must be an EXT3 or EXT4 file system on a standard Linux partition of type 83. 244 | Click on the Add mount point button to add the partition to the list. No partitions are actually created until you click on the Finish Partitioning button, but do not do that yet. 245 | 13. Then click on [+] Customize to expand the menu options. Notice that the device type is a standard partition and not a logical volume. This is normal and correct for the /boot partition because the /boot partition cannot be a logical volume. 246 | After changing the File System to EXT3, click on the Apply Changes button to complete configuration of the /boot partition. 247 | 14. Now create the / (root) partition with a 5GB size as shown in Illustration 22. Click on the Add mount point button to create the entry for the / partition. 248 | 15. Add the “root” label as shown in Illustration 23, and verify that it is to be formatted as an EXT4 partition. At this point you could change the filesystem to EXT3, BTRFS, or other formats. You can also change the Volume Group in which the partition will be created if there are more than one, or change the name of the existing Volume Group. 249 | 16. Click on Update Settings to complete configuration of the / (root) partition. 250 | 251 | 17. Now create the rest of the required Logical Volumes using the table below using the same steps you did to create the / (root) partition. This table shows all of the partitions and Logical Volumes you should have when you are completed including the /boot partition which was previously created, as well as the Physical Volume (PV) and Volume Group (VG). Note that neither the Physical Volume nor the Volume Group is shown by the manual partitioning menu in the table of partitions on the left. The automatically generated Volume Group name is shown on the drop-down on the right side. 252 | Each new mount point you create will appear in the “New Fedora 18/19 Installation” partition list. 253 | 254 | Mount Point 255 | LVM 256 | Volume Name 257 | Filesystem Type 258 | Size 259 | /boot 260 | No 261 | 262 | EXT4 263 | 500M 264 | PV 265 | 266 | 267 | Physical Volume 268 | automatic 269 | VG 270 | 271 | 272 | Volume Group 273 | automatic 274 | / 275 | Yes 276 | root 277 | EXT4 278 | 5GB 279 | /usr 280 | Yes 281 | usr 282 | EXT4 283 | 10GB 284 | /home 285 | Yes 286 | home 287 | EXT4 288 | 2GB 289 | /tmp 290 | Yes 291 | tmp 292 | EXT4 293 | 2GB 294 | /var 295 | Yes 296 | var 297 | EXT4 298 | 2GB 299 | NA 300 | Yes 301 | Swap 302 | Swap 303 | 2GB 304 | Table 2: Filesystem and Volume mount points and sizes. Note that the Volume Group is automatically created to be the sum of the defined Logical Volumes. Everything else is left as free space and is not part of a partition or Physical Volume. 305 | This uses about 23.5 GB of space. I have installed a full version of Fedora on a NetBook computer with the KDE Desktop along with LibréOffice, Thunderbird, Firefox and other application programs in about 8GB of disk space. 306 | Note that the Swap partition does not have a mount point and is a special swap filesystem type. 307 | 18. When you have completed configuring the partitions, click on the Done button. and then click the Accept Changes button on the SUMMARY OF CHANGES page. The process of partitioning will take place in the background while you continue making additional customization for the installation. 308 | 19. There is no need to make any changes in the Keyboard sub-menu unless you are setting up a host for a non-English environment. You can take a look at this sub-menu if you like. 309 | 20. The network to which your student host is attached has a DHCP server and, for now, you do not need to make any changes to the networking configuration. However you should look at this sub-menu to see what it looks like and to verify that the network configuration is as you expect it to be. 310 | Notice in Illustration 24, that the Hostname, IP Address, Subnet Mask, Default Route and Name Servers have all been provided by the classroom DHCP server. 311 | The information in this illustration is for the VM used to create this lab project. The data for your student host will be different from but consistent with the details of the classroom environment. The IP Address for your student host should be 192.168.25.2X, where X is your student number. The Name Server will be 192.168.25.1, the instructor's laptop. 312 | When you have finished verifying that the network configuration is correct, click on the Done button to return to the main installation menu. Do not change anything on this menu! 313 | 21. On the main menu page, Installation Summary, click on the Begin Installation button to begin the actual installation. 314 | 22. The installation progress page is displayed and is shown in Illustration 25. At this time you will need to set the root password. Use the password lockout for your root password. It is not necessary to create a user as it can be done later during the post installation phase. For this lab project do not create a new user. 315 | 23. When the installation has completed, remove the installation medium and click the Reboot button. 316 | 317 | 318 | Lab Project 1C: Installing CentOS 6.x 319 | This lab project provides instructions for the installation of CentOS 6.x. Installation of Fedora 15 through 17 is covered in Lab Project 1A. Installation of Fedora 18 and above is covered in Lab Project 1B. 320 | A minimal system does not have any type of graphical interface and is an excellent platform for use as a firewall, router, or any type of server such as a web, FTP or email server, but we want a bit more than that. This lab project will install a basic system with the KDE Desktop. Any additional functionality required later in the course will be added as it is needed. 321 | The partitioning for this system will include a single standard EXT4 partition for /boot which cannot be part of a Logical Volume. The rest of the hard drive will be used as a Physical Volume (PV) on which Logical Volumes will be created for the rest of the filesystems. Not all of the PV will be used so that free space can be used later. 322 | The default partition type for recent CentOS releases is EXT4. That is what will be used for this lab project. 323 | 324 | 1. Insert the CentOS Linux installation media provided by the instructor into the DVD drive or USB port of your computer as appropriate. 325 | 2. Reboot or turn on the computer. 326 | 3. Although a text mode installation is available, we will use the graphical installation because it allows more control over disk partitioning. Use the arrow keys to highlight "Install or upgrade an existing system" to begin the installation. 327 | 4. The next screen is Disk Found. This just means that the installation media has been detected. This screen gives you the opportunity to test the installation media for corruption. It is not really necessary to do that during this lab project as the media has already been tested by the instructor. Use the arrow keys to select Skip and then press the Enter key. 328 | 5. The next screen is a graphical display of the CentOS logo. There is nothing to do on this screen except to use the mouse to click on the Next button. 329 | 6. The Language screen allows selection of a language to use during the installation process itself. English is the default just click on the Next button to continue. 330 | 7. The next screen provides choices for the keyboard to be used. The default is U.S. English so once again just click on the Next button to continue. 331 | 8. The next screen allows you to select the type of storage devices on which to install CentOS. For this lab project use the Basic Storage Devices option, which is the default. Then click on the Next button to continue. 332 | 9. Verify that the Fresh Installation radio button is selected and click on the Next button. 333 | 10. Type the hostname of your student computer. It should be studentXX.mtc-llc.net where XX is your two digit student number starting with 01. Your instructor will have assigned you a student number at the beginning of the class. If not, obtain a student number from your instructor now. Do NOT press Enter or click Next! 334 | 11. There is also a button on this page, Configure Network. Click on this button to see the options available. Click on the eth0 entry and then the Edit button. The device in Illustration 28 is ETH0, which is the designation for the NIC on the VM on which this lab project was developed. Yours should be ETH0 also, for CentOS on your student host. Place a check in the Connect automatically checkbox. This is supposed to start the network during startup. With a server or desktop installation, if you do not check this box the network will not start until a user logs in to the GUI. Although that could be corrected manually after the installation, now is the best opportunity to make this change. 335 | 12. Click on the IPV4 Settings tab. Notice that although the default is for DHCP to provide configuration data for the NICs, you can also specify a static IP address and manually enter DNS and gateway server entries. Do not change anything here as we will use DHCP for all lab projects. Your instructor may ask you for your IP address later. 336 | 13. When you have finished exploring, click Apply on the Editing System eth0 window and then Close on the Network Connections window. 337 | 14. Click Next on the Hostname page. 338 | 15. Select the correct Time Zone for your Location. The default is Eastern/New York. Also remove the check from the System clock uses UTC checkbox. Then click the Next button to continue. 339 | 16. Enter the root password (use “lockout” with no quotes) in both spaces and click Next. You will receive a message window indicating that this is a weak password. For this class it is fine and the instructor requires that you use it, so click on Use Anyway. 340 | 17. There are several options on the next screen which asks which type of installation you would like. Choose the Create custom layout option and click Next. 341 | 18. If there were partitions on the disk they will be shown on the disk Device screen. If there are any existing partitions, remove all of them. If it was Linux partitions, start with the Volume Group and the Physical Volume, and end with the /boot and other EXT partitions. Your disk should be empty of partitions and look like Illustration 29. If you need help deleting existing partitions be sure to ask the instructor. 342 | 19. You first need a /boot partition so click on the Create button. Be sure to select Standard Partition as shown in Illustration 4, and click Create. The Add Partition window is displayed. Only the /boot partition needs to be a Standard partition. 343 | 20. In the Add Partition window as shown in Illustration 30, select /boot from the Mount Point drop-down. Leave the File System type as EXT4 and set the size to 500MB. 200MB is the default size for all partitions in this menu, but it is not the best choice for most partitions. Click on OK to create the /boot partition. 344 | 21. Now you need to create a Physical Volume (PV) out of a portion of the remaining disk space to use for the rest of the Logical Volumes. Click on Create, choose LVM Physical Volume. Type 30000 (30,000MB or 30GB) in the Size field and click OK. At least some of the remaining space on the disk will be used later. It does not normally make sense to create multiple PVs on a single physical hard drive, but this enables us to simulate that there are multiple physical hard drives for later lab projects. After creating the new Physical Volume, your disk partitioning should look like Illustration 32. 345 | 22. The next step is to create a Volume Group (VG). Click the Create button and select LVM Volume Group and click Create. 346 | 23. At this point you have the Make LVM Volume Group and Make Logical Volume windows displayed. You can create all of the needed Logical Volumes within this window. Select / (root) for the Mount Point. Leave the File System Type at EXT4. Type root for the Logical Volume Name and 2000 (2GB) for the Size as shown in Illustration 33. Click the OK button when you are finished entering the data. 347 | 24. Now create the rest of the required Logical Volumes using Table 1, below. This table shows all of the partitions and Logical Volumes you should have when you are completed including the /boot partition which was previously created, as well as the Physical Volume (PV) and Volume Group (VG). 348 | 349 | Mount Point 350 | LVM 351 | Volume Name 352 | Filesystem Type 353 | Size 354 | /boot 355 | No 356 | 357 | EXT4 358 | 500M 359 | PV 360 | 361 | 362 | Physical Volume 363 | 30GB 364 | VG 365 | 366 | 367 | Volume Group 368 | 30GB 369 | / 370 | Yes 371 | root 372 | EXT4 373 | 5GB 374 | /usr 375 | Yes 376 | usr 377 | EXT4 378 | 10GB 379 | /home 380 | Yes 381 | home 382 | EXT4 383 | 2GB 384 | /tmp 385 | Yes 386 | tmp 387 | EXT4 388 | 2GB 389 | /var 390 | Yes 391 | var 392 | EXT4 393 | 2GB 394 | NA 395 | Yes 396 | Swap 397 | Swap 398 | 2GB 399 | Table 3: Filesystem and Volume mount points and sizes. 400 | This uses about 23.5 GB of space. It should leave a little less than 7GB of space in the logical Volume and about 446GB free on the hard drive. I have installed a full version of Fedora on a NetBook computer with the KDE Desktop along with LibréOffice, Thunderbird, Firefox and other application programs in about 8GB of disk space. To create the Swap partition, click Add and select Swap as the File System Type. 401 | 25. Your completed Logical Volumes should look like those in Illustration 35. 402 | Click on the Next button to complete creation of the disk partitions and Logical Volumes. Then click Write Changes to Disk in the Confirm window. At this time the partitioning layout you have just defined will be created and written to the hard drive, and all of the filesystems will be created. If you are installing on a system that had a running operating system this is the point of no return. Once you have clicked on the Write Changes to Disk button, the contents of the disk will be irretrievably overwritten. This is the “No turning back” point. 403 | 26. No changes are required to the Boot Loader configuration so click Next. 404 | 27. The software selection screen allows the choice of eight primary software installation options. Choose Desktop and ensure that the Customize now radio button is selected. Do not change the repository selection. Click Next. 405 | 28. The software selection menu is displayed. You could select packages and groups to install from among many hundreds, including Gnome and KDE desktops, various server and development options as well as a large number of administrative tools. There are also options to install commercial grade software such as load balancing and high availability. 406 | 29. Click on the Desktops selection in the left window pane and you will see a list of desktop software that can be installed in the right pane. Select the KDE Desktop. For this class, which is not about applications, it is not necessary to select any additional software. Additional packages required by the lab projects will be installed later as required. 407 | 30. Click on the Next button to continue. 408 | 31. Observe while the installation process checks for dependencies, transfers the install image to the hard drive and begins the installation. The installation should install 1195 packages for this CentOS configuration. 409 | 32. When you see the “Congratulations, your CentOS installation is complete” screen, remove the installation media and click the Reboot button. 410 | 411 | Lab Project 2. Post Installation 412 | After rebooting immediately following the completion of the installation you are forced through the initial setup sequence. This sequence prompts you to accept the license and allows you to create a single, non-privileged user account to be used for GUI desktop logins. You will create one non-root user now to use during the next Lab Project, and some additional non-privileged users in a later lab project. 413 | Lab Project 2A: CentOS 6.X and Fedora up through Release 18 414 | 415 | 1. The first screen is the Welcome screen. Click the Forward button. 416 | 2. Click the Forward button on the License Information screen. Notice that you do not have to scroll through the entire thing to allegedly “read” the GPL before you can continue. A copy of the license is available from the URL on the License Information page. 417 | 3. Enter the data to create a new user, “student”, with a password of “lockout” on the Create User page. Then click the Forward button. This will be your non-privileged user account. 418 | 4. Select Synchronize date and time over the network on the Date and Time page. Then click the Forward button. It will take a moment for the time on your local computer to synchronize with the Fedora time servers. 419 | 5. Fedora: Check the Send Profile radio button on the Hardware Profile page. This sends the profile of your computer hardware and information about the software installation to the Fedora Project. This information is used to create a list of hardware that works well with Fedora. 420 | CentOS: The Kdump page allows you to specify parameters for creating dump files if the kernel crashes. Do not change anything on this page. 421 | 6. Click on the Finish button. CentOS will force a reboot in order to properly start the Kdump service. 422 | 7. Regardless of whether you are using CentOS or Fedora, the computer will now display the graphical login screen. 423 | Lab Project 2B: CentOS 7, Fedora 19 and above 424 | Fedora 19 uses the same “hub and spoke” structure for the post-installation tasks as the installation does. Currently, the only option is for user creation. 425 | 1. Click on USER CREATION to create a new user. 426 | 2. Enter the data for a new user, “student”, in the appropriate locations. 427 | Full Name: Student 428 | Username: student 429 | Password: lockout 430 | 3. Click on the Done button to return to the INITIAL SETUP page. 431 | 4. Click on the FINISH CONFIGURATION button to complete the post-installation configuration. 432 | 5. The computer will now display the graphical login screen. 433 | Lab Project 3. Initial Desktop Login 434 | The first thing an administrator must do is login to the system. Because the root user cannot login through the GUI login you must either login as root using a virtual console or login as a non-privileged user and the “su” to root. 435 | So let's login to the GUI as the user student. 436 | 1. Click on the user “student” if it is displayed, or type it in the text box. Which you do will depend upon the Display Manager. GNOME Display Manager (GDM) displays a scrollable list of non-privileged users. KDE Display Manager (KDM) does not display a list and requires that you type in the user ID which is more secure. 437 | 2. Select the KDE Plasma workspace. For Fedora, this choice is in the Session Type menu; for CentOS it is in the configuration bar across the bottom of the screen. 438 | 3. Enter the password and press the Enter key on the keyboard. 439 | It will take a few moments for the desktop to initialize for the first time as several configuration files must be created for the user. Future logins will take less time. 440 | At this point you are logged in to the GUI desktop. 441 | 442 | Lab Project 4. Using Virtual Consoles 443 | Virtual consoles provide a means to access multiple consoles using a single physical system console, the Keyboard, Video display and Mouse (KVM). This gives administrators more flexibility to perform system maintenance and problem solving. There are some other means for additional flexibility, but Virtual Consoles is always available if you have physical access to the system or directly attached KVM device or some logical KVM extension such as ILO. Other means such as the screen command might not be available in some environments and a GUI will probably not be available on most servers. 444 | 445 | For now you will use one of the virtual consoles to login as root in a text mode only environment. Text mode is where you will do most of your work as a system administrator. You will have an opportunity to use a terminal session in the GUI desktop later, but this is what your system will look like if you do not have a GUI. 446 | 447 | 1. Press Ctrl-Alt-F2 to access virtual console 2. 448 | 2. If not already logged in, login to the console session 2 as root. Type root on the Login line and press the Enter key. Type in the root password – lockout – and press Enter again. You should now be logged in and at the command prompt as shown in the Illustration above. 449 | 3. Use Ctrl-Alt-F3 to change to console session three (3). Login on this console as student. 450 | 1. ID = student 451 | 2. PW = lockout 452 | Note that any user, in this case student, can be logged in multiple times. You should be logged in as student both in the GUI desktop and here in virtual console 3. 453 | 4. Note the $ symbol prompt which denotes the prompt for a non-root (non-privileged) user. 454 | 5. Run the ls -la command. Notice the BASH configuration files, .bash_profile, .bash_logout and .bashrc. 455 | 6. Use the clear command to clear the console screen. 456 | 7. The reset command resets all console settings. This is useful if the terminal becomes unusable or unreadable, such as after cat’ing a binary file. 457 | 8. Type w to list currently logged in users and uptime. You should see at least three logins; one for root on tty2 and one for student on tty3 and one for student on tty7, which is the GUI console session. 458 | 9. Enter the who command. It provides similar, slightly different information than w. 459 | 10. Type whoami to display your current login name. 460 | 11. Type the id command to display your real and effective ID and GID. The id also shows a list of the groups to which your user id belongs. 461 | 12. Switch back to console session 2. 462 | 13. Use the whoami and id commands the same as in the other console session. 463 | 14. Do not logout of the virtual console sessions. 464 | Lab Project 5. Using Screen 465 | The screen utility allows launching multiple shells in a single terminal session and provides means to navigate between the running shells. It also allows disconnecting the screen session from the terminal session and reconnecting later from the same or a different computer. 466 | The screen command can be useful in some environments where physical access to a hardware console is not available to provide access to the Virtual Consoles but the flexibility of multiple shells is needed. 467 | This is an important exercise because through many of the following lab sessions you will find it convenient to use the screen program and in some cases it will be necessary to do so in order to work quickly and efficiently. Unfortunately, the screen command has not been installed as part of the installation, so you will have to do this. There is also another package that needs to be installed, sysstat, so you can also install that now. 468 | Be sure to su – to root in order to perform this lab project. 469 | The network interface should have been started but if it has not you will have to start it. 470 | Now use the yum command to install the screen and sysstat packages. The sysstat RPM package is being installed now so that it can begin collecting data to be used in a later lab project. The yum command will be discussed in more detail later. 471 | yum -y install screen sysstat 472 | Remember that this is Linux, not Windows, so it is NOT necessary to reboot after installing most software. One of the very few exceptions would be after installing an updated kernel. We will cover the “yum” command, which is used to install remove and update software packages, in more detail later. 473 | Now to start screen and learn how it works, follow these steps. 474 | 1. Press Ctrl-Alt-F1 to switch to the GUI desktop if you are not already there. 475 | 2. Right click on the desktop and select Konsole from the pop-up desktop menu. 476 | 3. At the CLI type screen which will clear the display and leave you at a command prompt. 477 | 4. Type command such as ls. 478 | 5. Type Ctrl-a c to open a new shell within the screen session. 479 | 6. Enter a different command, such as df –h 480 | 7. Type Ctrl-a-Ctrl-a to switch between screen shells. 481 | 8. Enter Ctrl-a c to open a third shell. 482 | 9. Type Ctrl-a “ to list the open shells. Choose any one by using the up/dn arrow keys and hit the key to switch to that shell. 483 | 10. To close one session, type exit and press the Enter key. 484 | 11. Type the command Ctrl-a “ to verify that the shell is gone. 485 | 12. To reopen a fresh shell use Ctrl-a c 486 | 13. Type Ctrl-a “ to verify that the new shell has been created. 487 | 14. To disconnect from the screen session, press Ctrl-a d 488 | 15. Enter the command screen –list to list all of the current screen sessions. This can be useful to ensure that you reconnect to the correct screen session if there are multiple ones. 489 | 16. Type screen –r to reconnect to the active screen session. If multiple active screen sessions are open, then a list of them will be displayed and you can choose the one to which you wish to connect. 490 | 491 | Lab Project 6. The Command Line Interface (CLI) 492 | The Command Line Interface (CLI) is the primary user interface for System Administrators on most Linux systems. This may be because there is no GUI Desktop installed or because you are working remotely and a text mode CLI is much faster than using any GUI remotely. It can also be due to the fact that you are, in fact, using the GUI and want to use a text mode terminal session on the desktop; this is a very powerful way to work. 493 | This Lab Project introduces you to working with the CLI through a few very basic commands. It also expands upon the use of Virtual Consoles and shows you how to identify who is logged on in each session as well as how to identify screen sessions. 494 | 1. Press Ctrl-Alt-F1 to switch to the GUI desktop if you are not already there. 495 | 2. If a konsole session is not already started, right click on the desktop and select Konsole from the pop-up desktop menu. 496 | 3. Because you had to login to the GUI as the user, student, the Konsole terminal session is open as the student user. You must switch users to the root user in the terminal session in order to perform the rest of the tasks in this lab project. Type su - and press the Enter key. Be sure to use the (-) after the command. When prompted, enter the root password and press Enter. 497 | 4. Note the # symbol for the root prompt. 498 | 5. Type date to display the date. 499 | 6. Type Date to see the error when a command is incorrect. The date command is all lowercase as are almost all Linux commands. Using uppercase results in a “command not found” error message. 500 | 7. We will discuss adding new users from the command line in a later session, but for now, create a new user, student2, with the command: 501 | useradd -c “Student 2” student2 502 | 8. Now set the password for the new student2 user. Use lockout for the new password. Note that the password will not display when you type it in. 503 | passwd student2 504 | Changing password for user student2. 505 | New password: 506 | BAD PASSWORD: it is based on a dictionary word 507 | BAD PASSWORD: is too simple 508 | Retype new password: 509 | passwd: all authentication tokens updated successfully. 510 | 9. Type Ctrl-Alt-F4 to open another tty session. 511 | 10. Login as student2. 512 | 11. Note the $ symbol for a non-root prompt. 513 | 12. Return to the Desktop. 514 | 13. In the root Konsole session, enter the who command to list all logged in users. Note that root is logged in on tty2 and has a couple screen sessions open in that tty, and student2 is logged in on tty3. You may also be logged in as student on a different tty. 515 | [root@student01 ~]# who 516 | root tty2 2013-08-26 15:54 517 | student tty3 2013-08-26 15:58 518 | student2 tty4 2013-08-26 19:53 519 | student tty7 2013-08-26 08:35 (:0) 520 | student pts/0 2013-08-26 08:35 (:0) 521 | root pts/2 2013-08-26 18:31 (david1:S.0) 522 | root pts/3 2013-08-26 18:33 (david1:S.1) 523 | root pts/4 2013-08-26 18:33 (david1:S.2) 524 | root pts/5 2013-08-26 18:33 (david1:S.3) 525 | student pts/6 2013-08-26 18:39 (:0) 526 | [root@student01 ~]# 527 | 528 | If one of your login sessions still has screen sessions running the output will look like lines 6 through 9 in the sample above. This output shows that there is one screen session running with a root login on tty2. The user student is logged in on tty3 and tty4. The pts stands for Pseudo Terminal Session. The four lines of the above output that end with (david1:S.0) and so on, show that root is logged in from a remote host with the hostname david1, probably through a Secure Shell (SSH) session. 529 | 14. Enter the w command which provides additional information such as the amount of CPU time used by each login and the command being run. 530 | 15. Enter the cd (Change Directory) command with no arguments or options to ensure that you are in root's home directory. Use the pwd (Present Working Directory) command to verify that you are currently in /root. 531 | 16. Copy the install.log file so that we can use it to do some file manipulation 532 | cp install.log testfile.txt 533 | 17. Type ls to list the files in root's home directory and verify that testfile.txt exists. 534 | 18. Enter the ls -la command to see a long listing of all files, including “hidden” ones. 535 | 19. Remove the new file with the rm testfile.txt command. Notice that as root you are asked if you really want to do this; this is a safety feature intended to prevent root from accidentally deleting files, especially important ones. Type y and press the Enter key. 536 | 20. Now recopy the install.log file to testfile.txt. Remember that you can use the up-arrow key to scroll up to the previously issued copy (cp) command and just press the Enter key to execute it. 537 | 21. Type clear to clear the terminal screen. 538 | 22. Enter the dmesg command. Notice that the there is a great deal of information that scrolls off the top of the screen. You will find out how to prevent that in a future Lab Project. 539 | 23. Enter the command dmesg > dmesg.txt which redirects the output of the dmesg command to the file dmesg.txt which will be created by this command. 540 | 24. Enter the ls -l command and look at the size of your newly created file. 541 | 25. Copy the file using the cp dmesg.txt dmesg1.txt command. 542 | 26. Copy the file two times using up arrow and command line editing to produce the commands below. 543 | cp dmesg.txt dmesg2.txt 544 | cp dmesg.txt dmesg3.txt 545 | 27. Now create an empty new file. 546 | touch newfile.txt 547 | 28. Use the ls -l command to see that you have copied and created these files. Your results should look similar to this: 548 | [root@instructor ~]# ls -l 549 | total 300 550 | -rw-------. 1 root root 1892 Jun 9 2011 anaconda-ks.cfg 551 | -rw-r--r--. 1 root root 35691 Jun 9 15:35 dmesg1.txt 552 | -rw-r--r--. 1 root root 35691 Jun 9 15:35 dmesg2.txt 553 | -rw-r--r--. 1 root root 35691 Jun 9 15:35 dmesg3.txt 554 | -rw-r--r--. 1 root root 35691 Jun 9 15:34 dmesg.txt 555 | -rw-r--r--. 1 root root 65780 Jun 9 2011 install.log 556 | -rw-r--r--. 1 root root 10646 Jun 9 2011 install.log.syslog 557 | -rw-r--r--. 1 root root 0 Jun 9 15:35 newfile.txt 558 | -rw-r--r--. 1 root root 65780 Jun 9 15:31 testfile.txt 559 | [root@instructor ~]# 560 | 29. Use ls -l dmesg* to only show the files that start with “dmesg”. 561 | 30. Enter the command ls -l *[13].txt and see what happens. 562 | 31. Enter the command ls -l * and see the difference. 563 | 32. Delete one of the files you just created with the rm dmesg1.txt command. 564 | 33. Type the command echo don’t do this to see the result. Note that the single quote opens a quoted string so that the shell waits for a second single quote to close the string. 565 | 34. Press Ctrl-C to cancel the command and return to the prompt. 566 | 35. Now type echo “Don’t do this” and it should work. 567 | 36. Now do the same thing but put double quotes around the single quote instead of around the entire streng to be displayed. echo Don”’”t do this 568 | 37. Yet another way to do this is to type echo Don\’t do this which produces the same result. The backslash (\) “escapes” the character and tells the shell to interpret it as a literal character rather than as shell syntactical punctuation. 569 | 38. Enter echo $MYVAR to display the value of the shell variable MYVAR. This should be null as the variable has not been set. 570 | 39. Enter MYVAR=”This is my variable” 571 | 40. Now enter echo $MYVAR to display the value of this shell variable. The result should be “This is my variable”. 572 | 41. Enter the command man bash to look at the information for the shell. You should see the Man Page entry for the BASH shell. Scroll though this entry for a few moments using the up and down arrow keys and the Page-Up and Page-Down keys. 573 | 42. While still viewing the BASH man page, press the 1 key and then G (capital G) to go to line 1. You can type the number of any line and then G to go to that line number. 574 | 43. Use /list to search for the first occurrence of the term “list”. Type n to search for the next occurrence. 575 | 44. Enter q to quit the man page for BASH. 576 | 45. Use the man man command to read the man page for the man command. Practice moving around and searching the man page for the man command. 577 | 578 | Lab Project 7. Using vim 579 | The vi editor, vim in Fedora and other Red Hat based distributions, is one of the most powerful tools a System Administrator can have in their toolbox. There are other editors, such as Emacs, and many flame wars have been fought over which is better. I suggest learning vi or vim because it is always present in all releases and distributions of Linux down to the very most minimal installation. It is also the most readily available editor in other Unixes as well. No other editor is so ubiquitous. 580 | vimtutor 581 | 1. Login and su – to root if not already there. 582 | 2. Install the vim-enhanced package: yum -y install vim-enhanced 583 | 3. At the CLI type the command vimtutor 584 | 4. The file itself is the tutorial. Read it and follow the directions it gives. 585 | If you have any questions about this lab project please ask the instructor. Your ability to use vim or vi is key to some of the following lab projects. 586 | Disabling SELinux 587 | SELinux is a security protocol created by the NSA to prevent crackers from making changes to a Linux computer even if they have gained access. Due to some problems that this causes with some future lab projects, you must disable SELinux. 588 | Use vim to set SELinux to “disabled” in the /etc/selinux/config file. When you have saved the modified SELinux configuration file, reboot your student host. This is one of the very few times that a reboot is required to effect the desired changes to the configuration. It will take several minutes during the reboot while SELinux relabels the targeted files and directories. Labeling is the process of assigning a security context to a process or a file. The system will reboot again at end of the relabel process. 589 | Lab Project 8. Important Linux Commands 590 | The most basic Linux commands are those that allow you to determine and change your current location in the directory structure, create manage and look at files, view various aspects of system status, manipulate streams of text data and more. This Lab Project will introduce you to a few basic commands that enable you to do all of these things. 591 | This lab project also covers some advanced commands that are frequently used during the process of problem determination. 592 | Most of the commands covered in this lab project have many options, some of which can be quite esoteric. This lab project is neither meant to cover all of the Linux commands available (there are several hundred) nor is it intended to cover all of the options on any of these commands. It is meant only as an introduction to these commands and their uses. 593 | Three of the commands you will explore, sar, vmstat and iostat, were installed earlier when you installed the sysstat RPM. Doing so earlier has allowed some time for the SAR package to collect data that can be used later in this lab project. 594 | Moving around, Viewing, Copying and Creating Files 595 | 1. You should already be logged in to your Linux computer as the user student in the GUI and have a Konsole session open. The current tab of your Konsole session should be su'd to root. If not, use the command su – to do so. Don't forget to use the “-” when you issue the command. 596 | 2. Open a new tab by selecting File from the Konsole Menu Bar and select New Tab from the drop down menu. The new tab will become the active one and it is logged in as the user student. An alternate and easy way to open a new tab in Konsole is to double-click the empty space next to an existing tab. 597 | 3. Use the hostname command to determine the name of the host computer. You can also change the host name of your computer using this command when logged in as root. 598 | 4. Enter pwd to determine the present working directory (PWD). It should be /home/student. 599 | 5. If the PWD is not your home directory, change to your home directory using the cd command without any options or arguments. 600 | 6. Let's create some new files like you did as root in an earlier project. Use the following commands to do this. 601 | touch newfile.txt 602 | dmesg > dmesg.txt 603 | cp dmesg.txt dmesg1.txt 604 | cp dmesg.txt dmesg2.txt 605 | cp dmesg.txt dmesg3.txt 606 | 607 | 7. Use the command ls -lah to display a long list of all files in your home directory and display their sizes in human readable format. Note that the time displayed on each file is the mtime which is the time the file or directory was last modified. There are a number of “hidden” files that have a dot (.) as the first character of their names. Use ls –lh if you don't need to see all of the hidden files. 608 | 8. The touch dmesg2.txt changes all of the times for that file. 609 | 9. Enter the commands ls -lc and ls -lu to view the ctime (time the inode last changed) and atime (time the file was last accessed – used or the contents viewed), respectively. 610 | 10. Enter the command cat dmesg1.txt but don't worry about the fact that the data spews off the screen. Now use the commands ls -l, ls -lc and ls -lu to again view the dates and times of the files and notice that the file dmesg1.txt has had its atime changed. The atime of a file is the time that it was last accessed for reading by some program. Note that the ctime has also changed. Why? If you don't figure this out now, it will be covered later so no worries. 611 | 11. Enter stat dmesg1.txt to display a complete set of information about this file, including its [acm]times, its size, permissions, the number of disk data blocks assigned to it, its ownership and even its inode number. We will cover inodes in detail in a later session. 612 | Notice that the files timestamps are in microseconds. This is a recent change since Fedora 14. The reason for this is that the previous granularity of timestamps in full seconds was not fine enough to deal with high speed, high volume transaction based environments in which transaction timing sequence is important. 613 | 12. Move the file dmesg3.txt to the /tmp directory with the mv dmesg3.txt /tmp command. Use the ls command in both the current directory and the /tmp directory to verify that the file has been moved. 614 | 13. Enter the command rm /tmp/dmesg3.txt to delete the file and use the ls command to verify that it has been deleted. 615 | 616 | System Performance and Problem Solving 617 | Now let's try some commands that enable you to observe various configuration and performance aspects of your Linux system. You will have the opportunity to explore these commands and more in perhaps excruciating detail later, but for now this is just a brief glimpse of the information available to you. Be sure to use the man pages for each command if you have questions about interpreting the data displayed. 618 | There are a large number of Linux commands that are used in the process of analyzing system performance and problem determination. Most of these commands obtain their information from various files in the /proc filesystem. You may wish to use multiple terminal sessions side-by-side in order to make some of the comparisons between commands and their output. 619 | top 620 | Start the top command. Set the refresh delay to 1 second. Observe the output for a few minutes. 621 | Can you set the delay to sub-second, such as .2 or .5 seconds?_______________ 622 | Reset the delay to 1 second. 623 | What are the load averages?__________________________________________ 624 | How much memory and swap space are free?____________________________ 625 | What is the default sort column?_______________________________________ 626 | 627 | Change the default sort column first to PID and then to TIME+. 628 | What does the TIME+ value tell you?____________________________________________ 629 | __________________________________________________________________________ 630 | Which task is getting the most accumulated time? PID_________ Name________________ 631 | Which task is taking the most RAM? PID________ Name___________ RAM Used_______ 632 | Memory Statistics 633 | The top command displays, among many other things, the memory statistics for your system. There are other ways to do that as well. 634 | Use the free command to display the system memory. 635 | Does it agree fairly closely with the output from top?_____________________ 636 | How much RAM is installed in the system?____________________________ 637 | How much RAM is in use?______________ How much is free?____________ 638 | 639 | The vmstat command shows the virtual memory statistics including some of the data shown in top and other utilities. The data output form this command may need more explanation than some of the others so use the man page to interpret it if you need to. 640 | Do these agree reasonably closely with the output from top?_______________ 641 | System Statistics with sar 642 | The sar command is one of my favorites when it comes to resolving problems. SAR stands for System Activity Reporter. The output from the sar command can be very extensive, or you can choose to limit the data displayed. For example, issue the sar command with no options. You should only see the CPU data for today (starting from about 10 minutes after you installed the sysstat RPM earlier in this lab project. Remember that the SAR data is collected in 10 minute averages. Smaller time intervals are possible if you need greater granularity for problem determination purposes. 643 | On the other hand, using the sar -A command shows all of the data that has been collected for today. Issue the sar -A | less command now and page through the output to view the many types of data collected by SAR, including disk and network usage, CPU context switches (how many times per second the CPU switched from one program to another), page swaps, memory and swap space usage and much more. Use the man page for the sar command to interpret the results and to get an idea of the many options available. 644 | I typically use the sar -A command because many of the types of data available are interrelated and sometimes I find something that gives me a clue to a performance problem in a section of the output that I might not have looked at otherwise. 645 | The /proc filesystem 646 | All of the data displayed by the commands so far in this section are stored by the kernel in the /proc filesystem. Because the kernel already stores this data in an easily accessible location and format, it is possible for other programs to access it with no impact upon the performance of the kernel. 647 | Enter the following commands to view some of the raw data from the /proc filesystem. 648 | cat /proc/meminfo 649 | cat /proc/cpuinfo 650 | cat /proc/loadavg 651 | These are just a few of the files in /proc that contain incredibly useful information. 652 | I/O Data 653 | Enter iostat to view cumulative disk input/output statistics. The sda device is the main, physical hard drive. Other devices displayed represent the other partitions and Logical Volumes on the hard drive. It also displays the CPU usage information as shown in top. 654 | The iostat command also has many options so refer to the man page for information on these options and how to interpret the results. 655 | lm_sensors 656 | In some environments, external temperatures can be hazardous for a computer. There are a number of temperature, fan speeds, voltages and other sensors packed into CPUs, hard drives, various chip sets and locations on the motherboard. The lm_sensors package reads the values of these and prints it in a more or less intelligible report. Note that the data points returned will vary significantly depending upon the motherboard and chipsets in the computer. Some older or very new chipsets may not report data correctly. 657 | Verify that the lm_sensors and acpi packages are installed. If they are not install them using the command below. 658 | yum -y install lm_sensors acpi 659 | It is necessary to configure the lm_sensors package before useful data can be obtained. Unfortunately this is a highly interactive process, but you can usually just press the Enter key to take all of the defaults. Run the command sensors-detect to start the configuration process. 660 | Run the command sensors -f to obtain all available sensor data. Note that the -f option produces output temperatures in Fahrenheit; otherwise output is in Celsius. 661 | Hard Drive Statistics 662 | Hard drives are one of the most common failure points in computers, right after fans. They have moving parts and those are always more prone to failure than electronic integrated circuit chips. Knowing in advance that a hard drive is likely to fail soon can save much time and aggravation. 663 | The smartctl command is used to access the data and statistics available from SMART-enabled hard drives. Most hard drives are SMART-enabled these days, but not all, especially very old drives. 664 | First use the fdisk command below to verify the device name of your hard drive. 665 | fdisk -l 666 | Use the command below to print all SMART data and pipe it through the less filter. This assumes that your hard drive is /dev/sda, which it probably is in the lab environment. 667 | smartctl -a /dev/sda | less 668 | Be sure to peruse the data available in order to familiarize yourself with it. I also like the -x option instead of -a, as it can provide some interesting additional information including a temperature bar chart for the drive. 669 | smartctl -x /dev/sda | less 670 | What is the current temperature of your hard drive?_____________ 671 | How many total hours has it been powered on?___________ 672 | The Lazy Admin 673 | Now here is some help for long complex commands. Type 674 | fdisk -u=cylinders -l /dev/sda 675 | to use fdisk to list the partitions sda device. Do not use /dev/sdax for a specific partition; you want the whole drive. Notice that the partition and free space sizes are given in blocks. I like using cylinders as I think they are easier to read than blocks and the default used to be in cylinders, but like many other things in Linux, the fdisk command is evolving. So create an alias to make it easier to use. An alias substitutes a command for the one you typed in. In this case add the option -u=cylinders to the command so you don't have to type it every time. 676 | alias fdisk='fdisk -u=cylinders' 677 | Now you can simply type fdisk -l /dev/sda to get the same result as the original fdisk command. You will use this command in a later lab project and you will need to use cylinders. You can add this line to your ~/.bashrc file to make it permanent between reboots and logout/in. You can see some other aliases that were added as commands in your ~/.bashrc file. 678 | This alias can result in less typing. Good admins are lazy admins and less typing is good for lazy admins. Type the alias command without any parameters to list all of the aliases currently in effect. 679 | Information About Files 680 | Some commands allow you to discover information about files and other commands. 681 | Enter the command which fdisk which returns the location of the executable file, fdisk, that would be run if you issued the command without a path. If this is not the version of the command you want, you can use the type command as shown below, to locate all of the executables, and then use the absolute path to the one you want to use. 682 | Use the alias command to list all of the current aliases. This should show you the alias for fdisk that was created in the previous section. 683 | The command whereis fdisk displays all of the files for the fdisk command. This usually is the executable itself and the man page. It does not include libraries, directories, or other files that may simply contain the string “fdisk” as would be returned from the locate fdisk command. 684 | Enter the command type fdisk to display the executable as in the which command, above. However, the type -a fdisk command shows both the executable and any aliases for the fdisk command. If there are multiple versions of fdisk on your system, it will show all of them but the which command will only show the one that would be executed if you issue the command. 685 | Type the commands below. 686 | type -a ls 687 | type -a type 688 | 689 | Lab Project 9. Using Pipes and Redirection 690 | Piping the output of commands or the contents of files through various Linux filter programs enables an administrator or user to very quickly search through massive amounts of data to locate only that in which you are interested. Redirection allows you to redirect the output of a command or a chain of piped commands to a file. 691 | Basic Standard Pipes 692 | Creating lengthy pipelines of commands is easily accomplished by building up the individual commands, ensuring that the result is what you want at each stage. In this case we want to count the number of files that end in “conf” in /etc and all subdirectories; these are usually configuration files. 693 | This Lab Project must be performed as root. 694 | 1. Change to the /etc directory and enter ls -l *conf and observe the output. Notice that the expansion of the * file glob results in not only a list of the files ending with “conf” in /etc, but also a list of all files in directories that end with “conf”. 695 | 2. Enter the command ls -l | grep conf to view all files in /etc/ that contain the string “conf”. You might also need to pipe the output of that command through the “less” filter to be able to scroll through it all. 696 | 3. Actually that does not exactly do what we want either. Configuration files usually end with “.conf” so we need to specify that the “.conf” is at the end of the file name 697 | ls -l | grep conf$ like so. The $ sign specifies the end of a line. 698 | 4. Notice that one of the files, grub.conf, is a link. You can tell by the “l” as the leftmost character in the output for that line, and the pointer “->” . We will look at links in much more detail later. So we don't really want this link in our output. Use the command 699 | ls -l | grep conf$ | grep -v ^l where the “^l” matches an “l” at the beginning of the line and the -v parameter in the grep command indicates logical “not”; the result is we display every line that does NOT contain an “l” at the beginning of the line. Remember, this is after we have already filtered so that only lines ending with “conf” were displayed. 700 | 5. There are also configuration files in subdirectories, so add the -R (Recursive) option to the initial ls command, like this, ls -lR | grep conf$ to see all configuration files in all subdirectories as well as the PWD of /etc. 701 | 6. Now pipe the results through the wc command, like this, 702 | ls -lR | grep conf$ | wc -l to count the lines of output which gives us the number of configuration files in /etc and all of its subdirectories. I get 365 configuration files on the system I used to write this lab project. How many do you get? 703 | ______________________________ 704 | Named Pipes 705 | Named pipes can be used for any number of purposes. They can provide inter-process communication between scripts and other executable programs, as well as a place to store output data for later use by other programs. 706 | This section can be performed as root or a non-root user. 707 | Create a named pipe called mypipe in your home directory. 708 | mkfifo mypipe 709 | Do a long listing of the contents of your home directory and look at the entry for mypipe. It should have a “p” as the file type in the first column to indicate that it is a pipe. Use any command of your choosing and redirect the output to the named pipe. In the example below I use the ifconfig command. 710 | ifconfig > mypipe 711 | Notice that you do not get returned to the command prompt; you are left with a blank line. Do not press Ctrl-C to return to the command prompt. 712 | In another terminal session, use the cat command to read the data from the named pipe. 713 | [root@vtest1 ~]# cat mypipe 714 | lo Link encap:Local Loopback 715 | inet addr:127.0.0.1 Mask:255.0.0.0 716 | inet6 addr: ::1/128 Scope:Host 717 | UP LOOPBACK RUNNING MTU:16436 Metric:1 718 | RX packets:10 errors:0 dropped:0 overruns:0 frame:0 719 | TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 720 | collisions:0 txqueuelen:0 721 | RX bytes:1204 (1.1 KiB) TX bytes:1204 (1.1 KiB) 722 | 723 | p2p1 Link encap:Ethernet HWaddr 08:00:27:B1:57:34 724 | inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0 725 | inet6 addr: fe80::a00:27ff:feb1:5734/64 Scope:Link 726 | UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 727 | RX packets:853 errors:0 dropped:0 overruns:0 frame:0 728 | TX packets:680 errors:0 dropped:0 overruns:0 carrier:0 729 | collisions:0 txqueuelen:1000 730 | RX bytes:87246 (85.2 KiB) TX bytes:83843 (81.8 KiB) 731 | 732 | Note that all of the data in the pipe is send to STDOUT. Return to the terminal session in which you added data to the pipe. Notice that it has been returned to the command prompt. 733 | Add more data to the pipe using one or more different commands and then read it again. 734 | Lab Project 10. Using Compound Commands 735 | You can build up compound commands in the same way as you built complex pipelines of commands in Lab 7. 736 | The rpm command allows you to install, upgrade, remove and query RPMs. RPM stands for Red Hat Package Management. The following commands specify an RPM name, uses the RPM command to determine whether it exists, and prints an appropriate message. Note that the command should be entered all on a single line as denoted by the “\”. 737 | RPM=acpid;rpm -q $RPM && echo "RPM $RPM Exists" || \ 738 | echo "RPM $RPM Does not exist" 739 | Notice the “\” at the end of the first line of the command. On paper, that means that the next line is part of the first. On the actual CLI it can be used to extend the command to the next line. You can type the command all on one line or split it over multiple lines using the \ to delimit and tell the shell that the command is continued on the next line. 740 | The result of running this command is 741 | RPM acpid Exists 742 | Now issue the same command but misspell the RPM or enter a nonsense string for the name of the RPM: 743 | RPM=acpsdffwe;rpm -q $RPM && echo "RPM $RPM Exists" || \ 744 | echo "RPM $RPM Does not exist" 745 | When the RPM does not exist the result of the command is 746 | RPM acpsdffwe Does not exist 747 | The path taken is dependent upon the return code from the rpm –q command. There is a built-in variable, $?, which contains the return code from the previous command. The following commands use that variable to show the return code from the rpm –q command: 748 | rpm –q acpid;echo $? 749 | You should get a return code of “0” when you run this command. A return code of “0” usually means the command completed successfully from this. If you misspell the RPM name you should receive a 1 as the result. 750 | 751 | Lab Project 11. Basic Command Line Programming 752 | Adding loops to the CLI commands we have already learned provides a great deal of power to what we can accomplish from the command line. 753 | RPM List 754 | Suppose someone asks for a list of all RPMs on a particular Linux computer and a short description of each. This happened to me while I worked at the State of North Carolina. Since Open Source was not “approved” and I only used Linux on my desktop computer, the pointy haired bosses (PHBs) needed a list of each piece of software that was installed on my computer so that they could “approve” an exception. 755 | How would you approach that? Well, here is one way, starting with the knowledge that the rpm –qi command provides a complete description of an RPM including the two items we want, name and a summary. 756 | You will build up to the final result a step at a time. First we list all RPMs. 757 | rpm -qa 758 | Adding first the sort and then the uniq commands sorts the list and then prints only the unique ones. 759 | rpm –qa | sort 760 | rpm –qa | sort | uniq 761 | 762 | Since this gives the correct list of RPMs you want to look at, we can use this as the input list to a loop that will print all of the details of each RPM. 763 | for I in `rpm -qa | sort | uniq`;do rpm -qi $I;done 764 | Notice the backticks (`) around your first piece of code. This command substitution creates the list of RPMs that are used in the loop. Placing backticks around any section of code allows the results of that code to be used as list input to other code. This is called command substitution. 765 | This code produces way more data than was desired. 766 | The next step is to extract only the information that was requested. This code adds an egrep (extended grep) command which is used to OR ^Name or ^Summary. Thus any line with Name or Summary at the beginning of the line (the carat ^ specifies the beginning of the line) is displayed. 767 | for I in `rpm -qa | sort | uniq`;do rpm -qi $I;done | \ 768 | egrep “^Name|^Summary” 769 | 770 | You can try grep instead of egrep in the command above but it does not work. You could also pipe the output of this command through the less filter. 771 | 772 | The final command sequence looks like this. It uses pipelines, redirection and a loop – all on a single line. It redirects the output of our little CLI program to a file that can be used in an email or as input for other purposes. 773 | for I in `rpm -qa | sort | uniq`;do rpm -qi $I;done | \ 774 | egrep “^Name|^Summary” > /tmp/rpminfo.txt 775 | This process allows you to see the results of each step and to ensure that it is working as you expect and provides the desired results. 776 | Note that the PHBs received a list of over 1,900 separate pieces of software–actually the RPM packages. I seriously doubt that anyone actually read that list. 777 | Check with the instructor if you have problems. 778 | 779 | Lab Project 12. Backup with tar 780 | The tar command is widely used in many organizations for creating archives and backups. The tar command produces output in a standard format that is sent by default to STDOUT. This makes it very flexible and powerful. Many application programs are distributed as source files or as binaries in tarballs. A source file distributed as a tarball can be installed and compiled on any Linux or Unix system. 781 | Perform this lab project as root. Use the following command to create a tarball of the entire /home filesystem and store the output as /tmp/home.tar. This would be a normal type of backup to perform in many systems. This should not take long as you will have only a few files to backup. 782 | tar -cvf /tmp/home.tar /home/ 783 | Verify that the tarball has been created. Now change to the /tmp directory and use the following command to view the Table of Contents, i.e., the list of files contained in the tarball. 784 | tar -tvf home.tar 785 | You should see a listing of all the files in the /home directory. 786 | The tar command extracts the contents of a tarball into the current directory. Be sure you are in the /tmp directory and extract the contents of the tarball into the /tmp directory with the following command. 787 | tar -xvf home.tar 788 | The above command extracts the data from the home.tar file into the present working directory along with the complete directory structure. You now have a /tmp/home directory which is identical to /home. If you had created a backup tarball of your /home directory and something destroyed the files there, you could make the pwd root (/) and then issue the above command using the complete absolute path to the tarball to restore all of the files directly into the /home directory. 789 | You can also restore single files or files that match a particular pattern such as all txt files or files in a particular subdirectory. Delete the /home/student/dmesg1.txt file and verify that it has been deleted. Then ensure you are in / and issue the following command which will restore only that one file. 790 | tar -xvf /tmp/home.tar home/student/dmesg1.txt 791 | Verify that the file was restored correctly and notice that the date, time, permissions and ownership are all the same as the original. 792 | You can also create compressed files with the tar command. The following command creates a new, compressed tarball of /home. 793 | tar -czvf /tmp/home2.tgz /home/ 794 | Notice the significant difference in size between the two tarballs you have created. The home2.tgz file should be about 3% of the size of the home.tar file. Compression works really well on text files which is all you have in your home directory, but less so on binary executable or graphic files. 795 | Use the tar command to look at the TOC for the home2.tgz file. Delete the entire /tmp/home directory and then use the following command to restore /home into /tmp from the home2.tgx tarball. Note that the tar command recognizes from the tgx extension that this is a gzipped file and decompresses it accordingly. 796 | tar -xvf home2.tgz 797 | It is also possible to gunzip .tgz files manually using the gunzip command. Uncompress home2.tgz using the following command. 798 | gunzip home2.tgz 799 | Note that the home2.tar and home.tar should be the same size or very close. They would only differ if you had changed the size of an existing file or added or deleted files from /home between the times at which the two tarballs were created. 800 | Now gzip the home2.tar file with the following command. 801 | gzip home2.tar 802 | The resulting gzipped tarball is named home2.tar.gz. 803 | Do not delete the tarballs you have created. They will be used in a later lab project. 804 | Lab Project 13. The Linux Boot and Startup Process 805 | This Lab Project explores the complexities of the Linux boot and startup processes. You will configure the GRUB bootloader to show many boot messages that are not normally displayed and use the dmesg command and the messages log file to locate kernel log messages. Knowing where to find these messages can be crucial to solving problems with the boot process and with determining whether new hardware is recognized by the kernel. 806 | The boot process starts when the computer is turned on and ends with the kernel loaded and running and started either init or systemd. 807 | The Linux startup process begins when the kernel has been loaded and started either systemd for Fedora 16 and above, or the init program for CentOS and releases of Fedora prior to 16. 808 | Startup is the process that takes a Linux computer from having a running kernel and nothing else, to one of (by default) four runlevels, each of which has its own characteristic set of capabilities. Other runlevels are defined but do not provide for a usable computer, such as runlevel 0 which is “off,” 6 which is “reboot,” or runlevel 4 which is generally a duplicate of runlevel 3. 809 | The installation performed in Lab Project 1 does not display any startup details so this project is about viewing those details and specifying the default runlevel. 810 | These Lab Projects (13A and 13B) must each be performed as root. 811 | For CentOS and earlier versions of Fedora up through Fedora 15, the GRUB configuration file is /boot/grub/grub.conf. For Fedora 16 and above the GRUB2 configuration file is /boot/grub2/grub.cfg. Be sure to use the correct configuration file for the distribution and release of Linux on your classroom host. 812 | Lab Project 13A: CentOS 6.X and Fedora up through Release 15 813 | These instructions are for CentOS 6.X and Fedora up through Fedora Release 15 which all use GRUB and SystemV startup. 814 | The boot sequence 815 | 1. Modify grub.conf to make the startup a little more flexible using vi. Add a “#” character to the beginning of the hiddenmenu line. This causes the grub menu to be displayed during the boot process. This configuration line does not exist in Fedora 16 and above with GRUB2. 816 | 2. Change the timeout line from its current value, usually either 3 or 5, to 9 to allow more time to interrupt the boot and make a choice in the grub menu. This change, because it is made in the grub configuration file is persistent through reboots. Save the GRUB configuration file. 817 | 3. Enter the reboot command on the CLI to start the reboot. 818 | 4. At the GRUB menu press the “e” key to edit the boot parameters. You now have 9 seconds to do this and there is a countdown timer to show you how long is left. 819 | 5. Notice for Fedora up through release 15 and for CentOS that there are three lines on the screen as shown in Illustration 40. These correspond to the three lines in each kernel stanza in the /boot/grub/grub.conf file. Each line can be edited so that the boot process can be changed on a one-time basis. Any changes made here are for this boot only. The grub.conf file must be edited to make the changes permanent. 820 | 6. Move the cursor to the middle line and press “e” to edit the line. 821 | 7. Add a “3” at the end of the kernel parameters line. This will now boot your computer to runlevel 3 which is text mode. These changes are only effective for this boot and are not permanent. 822 | 8. Press the Enter key to leave edit mode and then press b to continue to boot the system. 823 | 9. Notice that there is very little output which might make it difficult to troubleshoot a boot problem. 824 | 10. Reboot your computer and again edit the kernel parameters. 825 | 11. Remove the word “quiet” and add a “3” at the end of the line. Then continue the boot process. 826 | 12. Go through the entire boot process and pay particular attention to the process from the top down to the login message. Note that you can use the Shift-PageUp key to scroll back through the screen output. Note the information that is displayed. 827 | 13. Now login. 828 | 14. Reboot again using the reboot command. 829 | 15. At the GRUB splash screen to press e for edit. Remove the “rhgb” and “quiet” parameters from the kernel parameters and once again, boot your computer to runlevel 3. These changes are only effective for this boot and are not permanent. 830 | 16. Notice the huge amount of data the scrolls by on the screen. It is very fast and pretty unreadable. Use the Shift-PageUp key to scroll back and look at the boot process again. Note that the message “Welcome to Fedora Release 15 (Lovelock)!” or “Welcome to CentOS” is the demarcation between the kernel boot process and the Linux startup process. 831 | In earlier versions of Fedora and all current versions of RHEL and CentOS, the kernel boot message data also is stored in the /var/log/dmesg file. In Fedora 15, you have to use the dmesg command or extract it from the /var/log/messages file. When the computer will not complete the boot sequence, using this technique to display all of this boot data can help determine where in the process that it is failing. 832 | 17. Now login and enter the runlevel command. This displays the previous and current runlevel which should be N and 3. The N means that there was no previous runlevel. 833 | 18. Enter dmesg | less to view the kernel boot logs in the ring buffer. 834 | 19. Use the cat /var/log/messages | grep kernel: | less command to view the data from the kernel boot process. This is the same information that was displayed on the screen during boot. 835 | 20. Reboot again and interrupt the process at the GRUB Menu. 836 | 21. This time edit the GRUB kernel line and append 1 at the end of the line. 837 | 22. Press the Enter key to leave edit mode and then press b to boot the system. Notice again that little of the text that was displayed in the previous boots is displayed now. 838 | 23. In addition, you end up in run level 1. You can check this with the runlevel command. 839 | 24. Enter runlevel 3 with the command init 3. The init command can be used to switch between runlevels. 840 | The Startup sequence 841 | 25. Edit the file /boot/grub/grub.conf again. This time remove the “rhgb” (Red Hat Graphical Boot) and “quiet” arguments from the kernel line of the default startup stanza, usually stanza 0. making this change in the grub.conf file makes the change permanent so you don't have to make the change manually at the grub menu each time you reboot. 842 | 26. Reboot the computer. You will see many messages that comprise output from the startup sequence. 843 | 27. Change to the /var/log directory and use the less command to view the boot.log file. 844 | less boot.log 845 | All of the startup sequence messages are recorded in this log. 846 | 847 | Lab Project 13B: CentOS 7.X and Fedora 16 and Above 848 | These instructions are for CentOS 7 and Fedora Release 16 and above which use GRUB2 and systemd startup. 849 | The boot sequence 850 | 851 | 1. For Fedora 16 and above using GRUB2 in /boot/grub2/grub.cfg, use vim to change the timeout line from its current value, usually either 3 or 5, to 9 to allow more time to interrupt the boot and make a choice in the grub menu. This change, because it is made in the grub configuration file is permanent – at least until it is changed again. Save the GRUB configuration file. 852 | 2. Enter the reboot command to start the reboot. 853 | 3. At the GRUB menu press e for edit. You now have 9 seconds to do this and there is a countdown timer to show you how long is left. 854 | 4. For Fedora 16 and above─which all use GRUB2─there are many lines that can be edited. Choose the kernel line which begins “linux /vmlinuz” 855 | 5. Move the cursor to the kernel line and press the End key to begin editing at the end of the line. Note: You will have to scroll down in the GRUB2 menu editor to locate the kernel line. 856 | 6. Add a “3” at the end of the kernel parameters line as shown in about the middle of Illustration 42. This will now boot your computer to runlevel 3 which is text mode and not a GUI. These changes are only effective for this boot and are not permanent. 857 | 7. Press the F10 key to continue the boot process. 858 | 8. Notice that there is very little output which might make it difficult to troubleshoot a boot problem. 859 | 9. Reboot your computer and again edit the kernel parameters. 860 | 10. Remove the word “quiet” and add a “3” at the end of the line. 861 | 11. Press F10 continue the boot process. 862 | 12. Go through the entire boot process and pay particular attention to the process from the top down to the message “Welcome to Fedora 19 ... ”. Note that you can use the Shift-PageUp key to scroll back through the screen output. 863 | 13. Now login. 864 | 14. Reboot again using the reboot command. 865 | 15. At the GRUB splash screen to press e for edit. Remove the “rhgb” and “quiet” parameters from the kernel parameters and once again, boot your computer to runlevel 3. These changes are only effective for this boot and are not permanent. 866 | 16. Notice the huge amount of data the scrolls by on the screen. It is very fast and pretty unreadable. Use the Shift-PageUp key to scroll back and look at the boot process again. Note that the message “Welcome to Fedora Release 19 ...” is the demarcation between the kernel boot process and the Linux startup process. 867 | In earlier versions of Fedora and all current versions of RHEL and CentOS, this data also is stored in the /var/log/dmesg file. In Fedora 15 and above, you have to use the dmesg command or extract the data from the /var/log/messages file — either method will work. When the computer will not complete the boot sequence, using these techniques to display all of this boot data can help determine where in the process that it is failing. 868 | 17. Now login and enter the runlevel command. This displays the previous and current runlevel which should be N and 3. The N means that there was no previous runlevel. 869 | 18. Enter dmesg | less to view the kernel boot logs in the ring buffer. 870 | 19. Use the cat /var/log/messages | grep kernel: | less command to view the data from the kernel boot process. This is the same information that was displayed on the screen during boot. 871 | 20. Reboot again and interrupt the process at the GRUB Menu. 872 | 21. This time edit the GRUB kernel line and append 1 at the end of the line. 873 | 22. Press the F10 key to continue the boot process. Notice again that none of the text that was displayed in the previous boots is displayed now. 874 | 23. In addition, you end up in run level 1. Note that with current versions of Fedora you must enter the root password to access Single user mode. 875 | 24. Verify that you are in runlevel 1 with the runlevel command. 876 | 25. Enter runlevel 3 with the command init 3. The init command can be used to switch between runlevels. 877 | 26. Login and verify that your student host is in runlevel 3. Note that I have had instances where attempting to move from runlevel 1 (S) to runlevel 3 resulted in the host being at runlevel 5. If this is the case for you, run the init 3 command again and you should be in runlevel 3. 878 | The startup sequence 879 | 880 | 27. Edit the file /boot/grub2/grub.cfg again. This time remove the “rhgb” (Red Hat Graphical Boot) and “quiet” arguments from the kernel lines of the startup stanzas. making this change in the grub.cfg file makes the change permanent so you don't have to make the change manually at the grub menu each time you reboot. An alternate way to make this change, rather than to edit the file using the vi editor is to use the sed command. 881 | cd /boot/grub2 882 | sed -i -e "s/rhgb//g" -e "s/quiet//g" grub.cfg 883 | The above sed command removes both the “rhgb” and “quiet” entries from the kernel startup lines. 884 | 28. Reboot the computer. You will see many messages that comprise output from the startup sequence. 885 | 29. Change to the /var/log directory and use the cat or the less command to view the boot.log file. 886 | 887 | less boot.log 888 | All of the startup sequence messages are recorded in this log. 889 | 30. Notice that later in the startup sequence you might see “Starting SYSV...” or “Starting LSB...” messages. These indicate whether the startup of those services is accomplished directly by systemd or by legacy startup services such as SystemV init scripts or Linux Standards Base compliant start scripts. 890 | Lab Project 14. Managing and Using Runlevels 891 | Linux runlevels are used to define the various states of operation in which a Linux computer might be used. These range, in an init based system, from “off” (runlevel 0) to “Single user” (1 or S) to “Multi-user with a graphical user interface” (5) These runlevels are also available in systemd based systems but are defined in terms of “targets” such as multiuser.target and graphical.target. 892 | This lab project must be performed as root. 893 | Lab Project 14A: Managing SystemV Init scripts in CentOS 894 | As you perform each step in this portion of the lab project, be sure to look at the contents of the runlevel directories, /etc/rc.d/rcX.d where X represents runlevel numbers. You can see the links in each of these directories change as the service is added or deleted from that runlevel. 895 | 896 | 1. Login to the CLI as root if you are not already, or su to root in a terminal session. 897 | 2. Type the command chkconfig –list | less to list all of the services managed by System V start scripts. You can exit from the less command by pressing the q key. 898 | 3. Type chkconfig --list irda to list just the irda service. It should be off in all runlevels. irda is the InfraRed communication daemon and should not be required on a server or on many desktop computers. 899 | 4. Check the /etc/init.d/irda script and look for the chkconfig configuration line. Note that it is supposed to be off in all runlevels; that is what the “-” means. 900 | 5. Type service irda status to check the status of this service. It should not be running. Note that a few services do not respond to the status sub-command. 901 | 6. Type the command service irda start to start the service now. 902 | 7. You can also specify particular levels using the chkconfig command. Type the command 903 | chkconfig --level 35 irda on to turn irda on for only runlevels 3 and 5. Verify this with the chkconfig -list irda command. 904 | 8. Stop the irda service and use chkconfig to make sure it is off in all runlevels. 905 | 9. The pcscd daemon is used to deal with PC Smart Cards. The pcscd daemon is not required on your computer. Check its status using the service command, then stop it using the command service pcscd stop and verify that it has actually stopped. 906 | 10. Now you can use chkconfig to ensure that the pcscd daemon is off in all runlevels. 907 | 11. Taking this one step further, use the command chkconfig --del pcscd to remove the service from control by the chkconfig command. Look in the rcX.d directories to verify that all start and stop links have been deleted. Also verify that the pcscd script still exists in init.d. Verify also using the command chkconfig --list pcscd to ensure that it is no longer listed. You could also use the service command to check its status. You should get an error message from that command. 908 | 12. Add the pcscd control back into chkconfig using the chkconfig --add pcscd command and verify with the 909 | chkconfig --list pcscd command that it is now back under control of chkconfig. Notice that it has been re-added with the default information from the init script and not the last setting you made manually which was off in all runlevels. 910 | 13. Turn pcscd off in runlevel 3, but leave it on in the others in which it is already on. 911 | 14. Use the init 3 command to change to runlevel 3 and verify that the pcscd daemon is not running in that level. Then change back to runlevel 5, init 5. The init command still works to change runlevels. 912 | 15. Issue the chkconfig pcscd off command in order to configure the pcscd daemon to be off in all runlevels. Stop the pcscd service which is probably running currently. 913 | Lab Project 14B: Managing Runlevels with systemd in CentOS 7 and Fedora 17 and above 914 | 1. List all of the systemd units with the systemctl -a command. Note that the results of this command are already piped through the less filter. 915 | 2. List just the active units with the systemctl command to see which ones are running. 916 | 3. Use the command 917 | systemctl start rescue.target 918 | to enter Rescue mode. You will have to login as root. 919 | 4. Use the command 920 | systemctl start default.target 921 | to return to the default.target which points to graphical.target and which is runlevel 5. 922 | 5. You may have to use the init 5 command or even reboot to make this work and actually get back to the GUI. See the warning box above for details. 923 | 6. Change to the /lib/systemd/system directory. Run the command 924 | ls -l | grep target to view the target units. Notice that the various runlevel targets are symbolic links to various systemd targets. Which targets do runlevels 2,3, and 4 point to? _________________________________________________ 925 | Note that changing the default runlevel is not accomplished in the /lib/systemd/system directory. That is accomplished in the /etc/systemd/system directory. 926 | 7. Change into the /etc/systemd/system directory. 927 | 8. Look at the files and links in this directory. 928 | Where do the links point?_________________________________________________ 929 | 9. Remove the existing default.target link. An error will occur while attempting to create the new link if you do not do this. 930 | 10. Run the following command to generate a new link to the desired run target. 931 | systemctl enable multi-user.target 932 | Note that you could also create this link manually. 933 | 11. Reboot the computer. It will start up in multi-user mode which is the old runlevel 3. 934 | 12. Use the command man systemd.special to read about the special system units defined by systemd. Refer especially to the section, “default.target.” 935 | 13. Reboot your computer and type e at the GRUB splash screen. Edit the kernel line of the first (0) stanza and append the following: 936 | systemd.unit=multi-user.target 937 | This should work and boot the system into multi-user mode which is the equivalent of runlevel 3. 938 | 14. Now return systemd startup to normal so that the default.target is symlinked to graphical.target. 939 | 15. Return to runlevel 5, GUI mode:init 5 or systemctl start graphical.target 940 | Managing Units and Services with systemd 941 | 1. List all of units, whether running or not, with the systemctl command. 942 | 2. List all of the systemd targets with the systemctl list-units --type=target command. 943 | 3. Now list all running units with the systemctl -a list-units command. Take a look at the line for the pcscd.service unit. 944 | 4. Check the status of the pcscd service: systemctl status pcscd.service 945 | What is its status?__________________________________________ It should be “loaded stopped” or “Loaded Failed” which just means it is stopped. 946 | 5. Start the pcscd service: systemctl start pcscd.service 947 | 6. Now check the status of the pcscd service. It should say “active running” and give the amount of time the service has been active. 948 | 7. Configure the pcscd service to start at the next boot: 949 | systemctl enable pcscd.service 950 | 8. Reboot your host and verify that the service starts. For many services, this does not mean that the daemon is started and running, just that the socket required to communicate with the daemon has been created. The daemon will be started when a program or other service requests communication with it on that socket. The pcscd daemon, however, is still not completely integrated into systemd, so it may actually be running when started by systemd. 951 | 952 | Lab Project 15: Using Midnight Commander to Manage Files 953 | Midnight Commander (mc) provides an interactive, visually based, text mode program for navigating the filesystem and managing files. It can be used to copy, edit, move or delete files and complete directory trees. It can also be used to expand archive files of various types and explore their contents. 954 | Install Midnight Commander 955 | Use the command below to install Midnight Commander. 956 | yum -y install mc 957 | Using Midnight Commander as user student 958 | Ensure that you are logged in as the user student and that the current directory is /home/student, student's home directory. 959 | Start Midnight Commander with the mc command. Note that it starts with two open panes. Switch between the panes using the Tab key. Use the arrow keys to move the highlight bar (cursor) up and down the list of files and directories on the current pane. 960 | Change directories by highlighting the desired directory in the current pane and press the Enter key. Move up to the parent directory can be accomplished by highlighting the double-dot (..) entry and pressing the Enter key. 961 | Notice the Function Key assignments at the bottom of the Midnight Commander window. F1 will display some help. There are also Function keys for Move, Copy, Delete and Quit, among others. Simply press the corresponding Function Key on the keyboard to perform that function. 962 | You can issue CLI commands simply by typing them; the CLI entry text box is at the bottom, just above the Function Key assignment line. The cursor there is always active while you are in navigation mode. To change the pwd of the current pane to the /tmp directory, type cd /tmp and press the Enter key, just as you would from the shell prompt. 963 | Now use the Tab key to switch to the other pane. Navigate to the home directory for the user student. Highlight the file dmesg1.txt and press F3. This shows the contents of that file. Scroll up and down the file using the Page-up and Page-Down keys. Press F3 again to return to navigation mode. 964 | Locate the dmesg2.txt file and press F8 to delete it. Press Enter to answer “Yes” to the question. 965 | Now, still as user student, navigate to /var/log and use F3 to open the messages file. You should get an error message “Permission denied.” Navigate this pane back to /home/student using the command cd on the Command Line Entry. 966 | Regular users do not have access to the contents of many of the log files. 967 | Using Midnight Commander as root 968 | Now open a terminal session as root, if there is not already one open, and start Midnight Commander. Navigate in one pane to the /var/log directory. Highlight the messages file and press F3. This shows the content of the /var/log/messages file. Use F3 again to return to the navigation panes. 969 | Navigate the other pane to /tmp. So you should have one pane at /tmp and one at /var/log. Highlight the messages file and press F5 to copy it to /tmp. This displays a “Copy” dialogue and allows you to change certain parameters. Nothing needs to be changed at this time so simply press the Enter key. Notice that the file now appears in the other MC pane. Use the Tab key to switch to the /tmp pane. 970 | Highlight the home2.tar.gz file and press the Enter key. It may take a moment or two after which the contents of the this compressed tarball will be displayed. 971 | Navigate through the directories in this file to locate the /tmp/home.tar.gz/home/student/dmesg2.txt file. Now switch to the other pane and navigate to the “real” /home/student directory. Switch back to the pane showing the contents of the tarball and highlight the dmesg2.txt file. Press F5 to copy it to the “real” home directory for student. This is a simple example of how you can use Midnight Commander to locate and restore a single file from almost any kind of archive file. 972 | Like the rest of Linux, there is much more to MC than we have time for in this Lab Project. You should experiment with MC to learn more about it. 973 | Exit from Midnight Commander by pressing the F10 key and then press Enter to answer “Yes” to the question. 974 | Lab Project 16. Managing Users 975 | Adding, managing and deleting users is an important part of Linux system administration. In this lab project you will perform some of these basic tasks. 976 | This lab project must be performed as root. 977 | 978 | 1. Enter the command useradd -c “Student User3” student3 to create the new user 979 | 2. Enter the command passwd student3 to set the password for the new account. 980 | 3. Type the password lockout and press Enter 981 | 4. Type the password again and press Enter 982 | 5. Notice that you get errors indicating that this is a bad password because it is based on a dictionary word and because it is too simple. This is true but root can do anything including assign bad passwords. A non-privileged user would be unable to change the password to a password that is short, too simple or is based on a dictionary word. 983 | 6. Create a user with the ID of “student4” and set a password. Verify that the /home/student4 directory was created. 984 | 7. Now delete student4 using the command userdel -r student4 and verify that the home directory for this user was deleted. 985 | 8. Delete the student3 account but do not use the -r option. Verify that the home directory for student3 has NOT been deleted. 986 | 9. Delete the home directory for student3 manually. rm -rf /home/student3 987 | 10. If you are logged in as the user student, logout. 988 | 11. As root, create the empty file, /etc/nologin. touch /etc/nologin 989 | 12. Attempt to login as student using the GUI and a virtual console. You should be unable to do so. 990 | 13. Now add a message to the nologin file. 991 | echo “Logins not permitted. System going down for maintenance” \ > /etc/nologin 992 | 14. Now attempt to login as student from a virtual console session. You should see the message and be unable to login. 993 | 15. Logout of the GUI desktop session and then login to the desktop as student using the GDM GUI login. You are not able to login and you will not see the message. 994 | 16. Delete /etc/nologin. 995 | 996 | Lab Project 17. Managing Processes 997 | This lab project should be performed starting as the user student in the GUI. 998 | Start two terminal sessions. In one terminal session run top and position this window so you can see it as you perform the tasks below in the second terminal session. Observe the load averages displayed in top as you progress through this Lab Project. 999 | Start a screen session in the second terminal. In one screen session run the following program. 1000 | let X=0;while [ 1 ];do printf "X =\t$X\n";let X=$X+1;done 1001 | Using while [ 1 ] forces this to loop forever. Also the syntax is very picky; be sure to leave spaces around the “1” in this expression; [ 1 ] will work but [1] will not work. 1002 | This program will run until we stop it. Use the top program to show CPU usage. This should show that one BASH session is taking up a very large amount of CPU time. Record the PID for this BASH instance. You should also notice that the nice number of this BASH session is 0. In addition, use the Ctrl-a-“ key combination to note and record the number of the screen session running this program. 1003 | Renice the process from within top. Simply type r and top asks you which process to renice. Enter the PID of the process and hit the Enter key. In my case the PID is 7533; the PID will definitely be different for you. Then it asks “Renice PID 7533 to value:” Now type the number 10 and hit the Enter key. 1004 | Now open a new screen session in this terminal and change the nice number from the command line. 1005 | renice 20 7533 1006 | The nice number should now be shown as 19 by top. Any number higher than 19 is interpreted to be 19. Although the system is no more or less responsive because this is a shell script and there is plenty of CPU available, this is one way to make a process behave more nicely. Remember that a bigger nice number means the program will be nicer to the rest of the system. 1007 | Now type the command: 1008 | renice -20 7533 1009 | You will receive an error indicating that you don't have permission to do this. You could still kill this process but a non-root user cannot renice their own processes to a lower (less nice) number. Why do you think that this might be the case? _________________________________________________ 1010 | _________________________________________________. 1011 | The next part of this lab project should be performed as root. 1012 | Switch to or open a new terminal session as root and start a screen session. Start top in one screen session. 1013 | Now, as root, run the above command to reset the nice number of this process to -20. This will actually work this time and set the nice number for the process to -20, which as not nice as you can specify. Switch to the screen session running top and observe the nice number of this process. Again the system is no more or less responsive, but in a real environment a program that has a -20 nice number might cause the rest of the system to become very sluggish. 1014 | Now, as root still, try to kill the process from within top. Back in the screen session in which top is running, type k. Now top asks “PID to kill:”. Type in the PID of the process, again in my case this would be 7533, and press the Enter key. The top program now displays “Kill PID 7533 with signal [15]:” At this point you could choose another signal or just press Enter. For now, just press Enter. Notice that nothing changes in top. Switch back to the screen session running our little program and notice that it is still running. 1015 | Asking this program to kill itself nicely has not worked so we need to try a more forceful way to kill it. Let’s do this from the command line, although we could also do it from within top. We will use signal 9, SIGKILL, to kill this program. 1016 | Go to an unused screen session and enter the command, being sure to use the correct PID on your system: 1017 | kill -9 7533 1018 | And the rest of this lab project should be again performed as the user student. 1019 | Switch to the session running as user student. Notice that top no longer shows the BASH session. Using the Ctrl-a-“ key combination in screen shows that the screen session in which BASH and the program was running has been killed. So we killed not only our little program, but the entire session in which it was running. This is perhaps overkill, pardon the pun. 1020 | As student start a new screen session. Note the number of the new screen session. It should be the same as the one that was terminated. Use the up arrow key to scroll up to the command that contains our little program and press the Enter key to restart it. Check top to determine the PID of the session running this program. 1021 | Let’s try to terminate the program but leave the BASH session intact. Go to an unused screen session and issue the following command, being sure to use the correct PID: 1022 | kill -2 12503 1023 | This sends the SIGINT (2) signal to the BASH session. Go to the screen session running top and see that the program has been killed but the BASH session is still running. The CPU usage should be way down now. Also, switch to the screen session in which the program was running and verify that it has been killed but that the screen BASH session still exists. Note the error message. 1024 | While still in that screen session, restart the program. After it has run for a couple seconds, press Ctrl-c. Note that the running program is killed. Using kill -2 is the same as pressing Ctrl-c from within the session running the program. 1025 | 1026 | 1027 | Lab Project 18. Scheduling Tasks 1028 | Linux provides multiple methods for scheduling tasks to run at some future time. This Lab Project provides you with some opportunity to schedule some tasks. 1029 | Limiting Access to cron 1030 | You should normally limit who has the ability to schedule cron jobs. This prevents users from setting up cron jobs that may use excessive amounts of system resources. Generally, root is the only user that should have access to cron. 1031 | Adding user names to /etc/cron.allow will allow only those users to create cron jobs. All other users will be denied. As root, create the file /etc/cron.allow with the user name “root” (without the quotes) as it's only contents. 1032 | As the user student attempt to create a cron job. You should not be able to do so and you should see the following results. 1033 | [student@student00 ~]$ crontab -e 1034 | You (student) are not allowed to use this program (crontab) 1035 | See crontab(1) for more information 1036 | Scheduling Specific Tasks 1037 | This portion of the Lab Project should be performed as root. 1038 | You have three different tasks to run at prescheduled times. Create appropriate jobs using the scheduling tools you have learned about. Test what you can. Have the instructor check your work. One possible set of solutions is provided at the end of this Lab Project. 1039 | 1. The first task is to run the free program to check the amount of free memory and store the results in a text file in /tmp. This program needs to be run once a day; it can be run at any time, but if the computer is turned off overnight and then back on it still needs to run that same day (within 24 hours) if it has not already. 1040 | 2. The second task is to check the /var/log/messages file for lines relating to kernel errors and store those lines in a text file in /tmp. You expect a series of kernel messages due to a test that you will be running in a few minutes. This task needs to run only once 15 minutes from now. 1041 | 3. The last task is to check the student home directory for files with a .bad extension and delete them. This is due to a really badly written program that spews these files into your home directory and fills up disk space if they are not deleted often enough. This program needs to run every 5 minutes from 7am to 6pm, Monday through Friday. It should not be run as root, but using the student ID. 1042 | 1043 | One Set of Solutions 1044 | Note that this is just one possible set of solutions for these problems. Other solutions may work just as well. If you have questions about your own solution, check with the instructor. 1045 | 1. Add a script into the directory /etc/cron.daily which contains the lines: 1046 | #!/bin/bash 1047 | /usr/bin/free > /tmp/free.out.txt 1048 | 1049 | 2. Add an 'at' job for “now +15 minutes” that contains the line: 1050 | grep kernel /var/log/messages > /tmp/kernel.messages 1051 | 3. As root, add a cron job for the user student with the command: 1052 | crontab -e -u student 1053 | 1054 | Then add the following line to the crontab file: 1055 | */5 * * * * /bin/rm ~/*bad 1056 | 1057 | Lab Project 19. Adding a New Filesystem Partition 1058 | This exercise takes you through the process of creating a new partition on an existing hard drive, creating a filesystem and a mountpoint and mounting the new filesystem. This is a common task and you should become familiar with how to perform it. In many cases you will do this by adding a new hard drive with plenty of space. In this exercise we will use some space left free for this purpose. Other than the physical installation of the new hard drive, the process is the same. 1059 | You can list the drive and its partitions using the fdisk –l -u=cylinders /dev/sda command. By default fdisk now displays units in sectors; cylinders used to be the default. The results should look similar to this: 1060 | [root@instructor ~]# fdisk -l -u=cylinders /dev/sda 1061 | 1062 | Disk /dev/sda: 42.9 GB, 42949672960 bytes 1063 | 255 heads, 63 sectors/track, 5221 cylinders 1064 | Units = cylinders of 16065 * 512 = 8225280 bytes 1065 | Sector size (logical/physical): 512 bytes / 512 bytes 1066 | I/O size (minimum/optimal): 512 bytes / 512 bytes 1067 | Disk identifier: 0x0006393d 1068 | 1069 | Device Boot Start End Blocks Id System 1070 | /dev/sda1 * 1 64 512000 83 Linux 1071 | /dev/sda2 64 2614 20480000 8e Linux LVM 1072 | [root@instructor ~]# 1073 | 1074 | While we are here, notice the partition types in the Id column. Partition type 83 is a standard Linux partition. Type 82 would be a Linux swap partition. Type 5 is an extended partition and type 8e is a Linux LVM partition. The fdisk program does not provide any direct information on the sizes of partitions in bytes, but that can be calculated from the available information. 1075 | Notice in the above example that the partition /dev/sda1 ends at cylinder 64 while the LVM partition /dev/sda2 ends at cylinder 2614. That leaves 2607 cylinders of free space on the hard drive that is available to use for creation of a new partition. The exact details may differ on your computer. 1076 | As a quick aside here, using this long command is clunky. I like using cylinders as I think they are easier to read than blocks. So create an alias to make it easier to use. An alias substitutes a command for the one you typed in. In this case you should add the alias using the following command. 1077 | alias fdisk='fdisk -u=cylinders' 1078 | Now type the alias command with no options or arguments to see a list of all aliases. Verify that the alias you added above is listed. Now you can type fdisk without the “-u-cylinders” option. 1079 | It is necessary to enter fdisk in interactive mode in order to create a new partition. Type fdisk /dev/sda to start fdisk to manage the sda device. Do not use /dev/sdaX for a specific partition; you want the whole drive. 1080 | Type p and press Enter to print (p = print, get it?) the current partition table for this device. It should look similar to the above example. 1081 | Type n and press Enter to create a new partition. Type p and press Enter to create a new primary partition. Since primary partition numbers 1 and 2 are in use, fdisk automatically selects partition 3. If multiple primary partitions had been free, fdisk would have asked you to enter a partition number. 1082 | The sequence is shown below. Remember that you created the alias to display cylinders. 1083 | [root@instructor ~]# fdisk /dev/sda 1084 | 1085 | WARNING: cylinders as display units are deprecated. Use command 'u' to change units to sectors. 1086 | 1087 | Command (m for help): p 1088 | 1089 | Disk /dev/sda: 42.9 GB, 42949672960 bytes 1090 | 255 heads, 63 sectors/track, 5221 cylinders 1091 | Units = cylinders of 16065 * 512 = 8225280 bytes 1092 | Sector size (logical/physical): 512 bytes / 512 bytes 1093 | I/O size (minimum/optimal): 512 bytes / 512 bytes 1094 | Disk identifier: 0x0006393d 1095 | 1096 | Device Boot Start End Blocks Id System 1097 | /dev/sda1 * 1 64 512000 83 Linux 1098 | /dev/sda2 64 2614 20480000 8e Linux LVM 1099 | 1100 | Command (m for help): n 1101 | Command action 1102 | e extended 1103 | p primary partition (1-4) 1104 | p 1105 | Partition number (1-4, default 3): 1106 | Using default value 3 1107 | First cylinder (2614-5221, default 2614): 1108 | 1109 | The fdisk program is smart enough to detect the first free cylinder on the disk and make it the default starting point for the new partition. Just hit the Enter key to select the first free cylinder as the default starting point for the new partition. 1110 | Notice that fdisk now shows the default last cylinder as the last one available in this contiguous space on the disk. Do not accept this default as we do not want to use the entire disk for this lab project, just a part of it. 1111 | To specify the size of the new partition as 5GB, enter +5G and press Enter. 1112 | Type p to print the new partition table. The results should be similar to those below. 1113 | Command (m for help): p 1114 | Disk /dev/sda: 42.9 GB, 42949672960 bytes 1115 | 255 heads, 63 sectors/track, 5221 cylinders 1116 | Units = cylinders of 16065 * 512 = 8225280 bytes 1117 | Sector size (logical/physical): 512 bytes / 512 bytes 1118 | I/O size (minimum/optimal): 512 bytes / 512 bytes 1119 | Disk identifier: 0x0006393d 1120 | 1121 | Device Boot Start End Blocks Id System 1122 | /dev/sda1 * 1 64 512000 83 Linux 1123 | /dev/sda2 64 2614 20480000 8e Linux LVM 1124 | /dev/sda3 2614 3267 5249153 83 Linux 1125 | 1126 | Note that the new partition table has not yet been written to the disk. Now type w to write the new partition table to the disk and exit from fdisk. You should get the following message which indicates that the kernel is not yet aware of the new partition table. 1127 | Command (m for help): w 1128 | The partition table has been altered! 1129 | 1130 | Calling ioctl() to re-read partition table. 1131 | 1132 | WARNING: Re-reading the partition table failed with error 16: Device or resource busy. 1133 | The kernel still uses the old table. The new table will be used at 1134 | the next reboot or after you run partprobe(8) or kpartx(8) 1135 | Syncing disks. 1136 | 1137 | Previous releases said that a reboot is required to reread the partition table. That was not really true. As this message now says, you can use the partprobe command to force the kernel to reread the partition table on the fly. Do that now. No parameters are required. 1138 | At this point we are only partway through. We have created a partition but not a filesystem so our next step is to create a filesystem and a mountpoint. Since our new partition is /dev/sda3, enter the command mkfs –t ext4 /dev/sda3 to create a new EXT4 filesystem on /dev/sda3. 1139 | Let’s label this partition as /stuff. Use the command e2label /dev/sda3 to show the current label which should be blank. Then enter the command e2label /dev/sda3 /stuff to set the new label. Use the e2label command to verify that the label has been set correctly. 1140 | Now create a mountpoint. mkdir /stuff 1141 | At this point we can mount the new filesystem manually using the command mount /dev/sda3 /stuff to do that. Use the mount command to verify that the new filesystem has been mounted. Now unmount the filesystem with the umount /stuff command. 1142 | 1143 | The last step we need to take is to add this new filesystem to /etc/fstab in order to be able to mount it automatically at boot or with a simpler mount command. Use vim to add the following line to /etc/fstab: 1144 | /dev/sda3 /stuff ext4 defaults 1 2 1145 | 1146 | Now you can mount this partition with the mount /stuff command. You could also use the mount –a command which would mount all unmounted partitions that have the keyword defaults or auto. A noauto keyword in the options column of the fstab file would prevent the partition from being automatically mounted at boot time or with the mount –a command. 1147 | Use the mount command to verify that the new filesystem has been mounted correctly. Copy a file or two to stuff and use the ls command to verify that the files are there. 1148 | Unmount the /stuff filesystem with the umount /stuff command. Edit /etc/fstab and change the line for the /stuff filesystem so that the filesystem is identified by the label you created earlier rather than the device name. 1149 | LABEL=/stuff /stuff ext4 defaults 1 2 1150 | Now mount the /stuff filesystem. Verify that it has been correctly mounted. 1151 | Important: Let’s now unmount this filesystem as we will use this space for the next exercise. Just issue the umount /stuff command to do that. Delete the line for this filesystem from /etc/fstab. 1152 | Remember that we have simply added a new raw Linux type 83 partition and created an EXT4 filesystem on it and then mounted that new filesystem on a new mountpoint. It is not possible expand an existing raw Linux type 83 partition with EXT3 or EXT4 filesystems unless free space exists at the end of the partition to be expanded. 1153 | 1154 | Lab Project 20. Managing Filesystems with LVM 1155 | Adding a new filesystem or adding space to an existing one are fairly common disk management tasks. Using LVM makes these tasks easy and they can be done while the system is up and running. Mounted, active filesystems do not even need to be unmounted and taken off line in order to be expanded when using LVM. 1156 | Adding a New Volume Group 1157 | We already have a partition that we created in Lab Project 19 so we can use that without having to create a new partition. Normally after creating a new partition, we would create the Physical Volume over the raw partition. In this case we can simply create the PV and ignore the existing filesystem and it will be overwritten. 1158 | If you have not already, unmount the /stuff filesystem and comment out the entry for /stuff in /etc/fstab. 1159 | Use the pvs command to show the list of current Physical Volumes. It should look similar to this: 1160 | [root@student ~]# pvs 1161 | PV VG Fmt Attr PSize PFree 1162 | /dev/sda2 vg_student lvm2 a- 19.50g 4.75g 1163 | 1164 | This shows that the PV is on /dev/sda2 and that it is part (or all) of Volume Group vg_student. It also shows the amount of space used and that there is still some free space available in the PV. We will use some of that space later. 1165 | Use the command fdisk –l /dev/sda to verify the partition we will be using for this exercise. It should be /dev/sda3, the same partition we created in Exercise 12. You won't need the -u option if you created the alias for fdisk in Lab Project 20. 1166 | Use the command pvcreate /dev/sda3 to create the new PV. And use the following command to create a new Volume Group named TestVG from the PV on /dev/sda3. This command uses all of the space on /dev/sda3 for the new Physical Volume. 1167 | Now create the Volume Group (VG) with the following command. 1168 | vgcreate TestVG /dev/sda3 1169 | Notice that it is necessary to specify the device because there is no name or other identifying attribute for the PV. You can use a list of PVs to add several to the new Volume Group in a single command. So a single VG can be composed of multiple PVs. 1170 | Use the pvs and vgs command to list the PVs and Vgs, respectively, to verify your work so far. 1171 | Now we need to create a Logical Volume and a filesystem on the new Volume Group. The command below creates a new volume with the name TestVol with a size of 500MB on the Volume Group TestVG. 1172 | lvcreate -L 500M TestVG --name TestVol 1173 | 1174 | Look in the /dev directory and locate the directories vg_student and TestVG, which contain the Logical Volumes for those respective Volume Groups. Look in each one of the two directories. The /dev/TestVG/TestVol device will be used to create the filesystem. And now create the filesystem in just the same way as on a regular partition with the following command: 1175 | mkfs –t ext4 /dev/TestVG/TestVol 1176 | Add a label “/stuff” to the filesystem on the logical volume with the command: 1177 | e2label /dev/TestVG/TestVol stuff 1178 | 1179 | We need to add an entry to /etc/fstab for this new filesystem. Of course you could continue to use the line already in /etc/fstab that uses the /stuff label. If you choose note to use the existing line that refers to /stuff, add the following line and delete or comment out the LABEL=/stuff line: 1180 | /dev/TestVG/TestVol /stuff ext4 defaults 1 2 1181 | You can now mount this filesystem with the command: mount /stuff 1182 | Now look around a bit. Use the pvs, vgs and lvs commands as well as the mount and df commands to look at the LVM environment as it now exists. Pay particular attention to any free space that might still be available in your Volume Groups. 1183 | Expanding a Volume 1184 | Logical Volumes and Volume Groups can both be extended on the fly. This capability gives significant power and flexibility to the administrator when more space needs to be added to a filesystem. Volume Group vg_studentX has a little additional space on it, so lets use that to demonstrate. You will add 1GB of space to the root filesystem (/). 1185 | The vgs command should show the following, or something very similar. The vg_studentX X will be the volume group for your hostname. 1186 | [root@student ~]# vgs 1187 | VG #PV #LV #SN Attr VSize VFree 1188 | TestVG 1 1 0 wz--n- 5.00g 4.52g 1189 | vg_studentX 1 6 0 wz--n- 19.50g 4.75g 1190 | 1191 | First, cd into /root and open the file install.log with vi. You won’t actually edit this file, unless you just want to play with it, but it is just to prove the point that an active filesystem with open files can be extended. The /root directory is part of the / (root) filesystem. 1192 | Enter the lsof / command to list the open files on the / filesystem. There are plenty. Remember, all of the system binaries and library files are located in the root filesystem as are many configuration files. Verify that the install.log file is open by the vi program. How many total files are open in the / filesystem? ____________________________. Do not quit editing install.log. Leave it open in vi. 1193 | There is still space on vg_student and although we do not actually need to extend the VG itself, we are going to do that anyway as a first step. 1194 | To begin with, create a new partition. You need to create an extended partition first and then the Linux partition we will use to create a new Physical Volume for LVM. Create a new Extended partition that takes the rest of the hard drive and then create a Linux partition that is 5GB in size. Be sure to write the altered partition table and then use the partprobe command to force the kernel to reread it. 1195 | Create a new Physical Volume from this space which should be the device /dev/sda5. 1196 | pvcreate /dev/sda5 1197 | Add this new PV to the existing vg_student Volume Group, which is where the / root partition is located. 1198 | vgextend vg_student /dev/sda5 1199 | Use the pvs command to show that /dev/sda5 is now part of vg_student. 1200 | Now we just need to extend the / volume and resize the filesystem to expand it into the new space. Lets just add 1GB to the / Logical Volume with the lvextend command: 1201 | [root@student ~]# lvextend -L +1G /dev/vg_student/root 1202 | Rounding up size to full physical extent 1.20 GiB 1203 | Extending logical volume root to 3.48 GiB 1204 | Logical volume root successfully resized 1205 | 1206 | At this point the Logical Volume has been extended but the filesystem has not. Use the df and lvs commands to verify this. Resize the / filesystem. 1207 | [root@instructor ~]# resize2fs /dev/vg_student/root 1208 | resize2fs 1.41.14 (22-Dec-2010) 1209 | Filesystem at /dev/vg_student/root is mounted on /; on-line resizing required 1210 | old desc_blocks = 1, new_desc_blocks = 1 1211 | Performing an on-line resize of /dev/vg_student/root to 647168 (4k) blocks. 1212 | The filesystem on /dev/vg_student/root is now 909312 blocks long. 1213 | 1214 | Notice that it is not necessary to specify a size or the amount of increase if you wish the filesystem to expand to fill the entire space on the Logical Volume. 1215 | It is very important to understand that we have increased the size of the / (root) filesystem not specifically the /root directory. Use df and lvs to verify this. The / filesystem is the most critical filesystem on a Linux computer. If it could be unmounted the system would come to a halt immediately. This filesystem is in constant and continuous use by the operating system. The ability to extend the Logical Volume and the filesystem on which / exists means that there should never be a time when any full or nearly full filesystem cannot be expanded while the system is up and running. 1216 | That is not to say that it is a good idea to resize a filesystem on a business critical system while it is running under a full load. Good judgment is still required. ☺ 1217 | 1218 | Lab Project 21. Exploring and Repairing EXT Filesystems 1219 | This lab project applies to EXT2, EXT3 and EXT4 filesystems. For the most part, differences in the filesystems are minor as far as the commands used to manage them. 1220 | Exploring EXT Filesystems 1221 | Use the dumpe2fs command to view the first few lines data for the /boot filesystem. 1222 | dumpe2fs /dev/sda1 | head 1223 | Note that the first line is the Filesystem volume name, which is blank. Add a label to /boot with the following command. 1224 | e2label /dev/sda1 /boot 1225 | Now issue the dumpe2fs /dev/sda1 | head again. Notice that the volume name is now /boot. 1226 | Verify that the filesystem UUID is the same as that used in /etc/fstab to mount the /boot filesystem with. Also check the Inode count and the times the filesystem was last mounted. how many total Groups are there in the /boot filesystem?___________________ 1227 | Now use the following dumpe2fs command to look at the data for /home. You can use the df command or look in /etc/fstab for the device path. 1228 | dumpe2fs /dev/mapper/vg_student0X-home 1229 | Be sure to use the correct device path for your system. 1230 | Unmount the /boot filesystem umount /boot and add a line to /etc/fstab to mount the /boot filesystem using the label you added to it above. The line in /etc/fstab should look like this: 1231 | LABEL=/boot /boot ext4 defaults 1 2 1232 | Comment out the line that mounts /boot using the UUID and manually mount /boot. 1233 | mount /boot 1234 | Repairing EXT Filesystems 1235 | It is strongly recommended that filesystems being repaired be offline and unmounted when doing so. In fact, it is best that the fsck program be run only in single user mode or even better, in rescue mode. For our purposes, on a student machine and for demonstration purposes runlevel 3 or 5 will be fine. 1236 | If you are not already logged in at the console, do so now. Before unmounting a filesystem, you should check for open files. 1237 | lsof /stuff 1238 | If there are open files in that directory you should not continue. Close the open files and then run the lsof command again. 1239 | Regardless of the runlevel you are using, unmount the /stuff filesystem. 1240 | umount /stuff 1241 | Run the following command to perform a filesystem consistency check.. 1242 | fsck –a /stuff 1243 | The –a parameter would automatically repair any inconsistencies that might be found. This is a fairly verbose command so it will report any inconsistencies and the repair actions it takes. 1244 | Now remount the /stuff filesystem and return to runlevel 5 if you performed this lab project in any other runlevel. 1245 | mount /stuff 1246 | Lab Project 22. Files 1247 | Managing and manipulating files and links is a large part of the system administrator’s daily work. In this project you will learn about dealing with files and links. 1248 | Links 1249 | There are two types of links; hard and soft. In this part of the exercise you will learn how to create links and about some of their properties. 1250 | Symbolic (soft) Links 1251 | Be sure to make your pwd /root (the root home directory) for this part of the exercise. 1252 | Link the /var/log/dmesg file to the root home directory with the following command. By default the ln command tries to create a link with the same name as the target file. 1253 | ln -s /var/log/messages 1254 | Do a long listing of the files to see the link. It’s listing should look like this: 1255 | lrwxrwxrwx. 1 root root 17 Jul 10 10:04 messages -> /var/log/messages 1256 | Because there is no file of this name in the current directory, this command works without an error. 1257 | Now create a symbolic link to the install.log file in root’s home directory. 1258 | ln -s install.log 1259 | ln: failed to create symbolic link `./install.log': File exists 1260 | 1261 | Because the file already exists the ln command throws an error. Now create the link using a new name for the link, install.log.softlink1. 1262 | [root@instructor ~]# ln -s install.log install.log.softlink1 1263 | [root@instructor ~]# ls -l 1264 | total 284 1265 | -rw-------. 1 root root 1892 Jun 9 15:47 anaconda-ks.cfg 1266 | -rw-r--r--. 1 root root 35691 Jun 9 15:35 dmesg1.txt 1267 | -rw-r--r--. 1 root root 35691 Jun 9 15:35 dmesg2.txt 1268 | -rw-r--r--. 1 root root 35691 Jun 9 15:35 dmesg3.txt 1269 | -rw-r--r--. 1 root root 23444 Jun 16 16:51 fedora_frog-2.0-15.0.0.noarch.rpm 1270 | -rw-r--r--. 1 root root 65796 Jun 28 09:39 install.log 1271 | lrwxrwxrwx. 1 root root 11 Jul 10 10:07 install.log.softlink1 -> install.log 1272 | -rw-r--r--. 1 root root 10646 Jun 9 15:41 install.log.syslog 1273 | lrwxrwxrwx. 1 root root 17 Jul 10 10:04 messages -> /var/log/messages 1274 | -rw-r--r--. 1 root root 0 Jun 9 15:35 newfile.txt 1275 | -rw-r--r--. 1 root root 65780 Jun 9 15:31 testfile.txt 1276 | 1277 | In this case the link is created without a problem. Use cat to view the contents of install.log.softlink1. 1278 | Now rename the install.log file. 1279 | 1280 | mv install.log install.log.bak 1281 | List the contents of the directory and use cat to view the contents of the link, install.log.softlink1. In the directory listing the symbolic link still exists but the entry for the link has a red background which means that it is a broken link. In a black and white only or green terminal, the red background may not show up. The file command will identify a broken link. 1282 | file install.log.softlink1 1283 | When attempting to cat the file it throws an error indicating that the file does not exist. Now rename install.log.bak back to install.log and list the directory and cat the contents. Everything is now as it should be and the link is now valid because there is a file to which it points. It could be any file given that name. 1284 | Create a soft link from the /tmp directory to the install.log file. 1285 | cd /tmp 1286 | ln –s /root/install.log 1287 | Do a long listing of the /tmp directory to see that the link has been correctly created. Remember that /tmp is on a different filesystem from /root and that only a symbolic link can be created across filesystems. 1288 | Notice that soft, or symbolic links, the number of hard links to the original file did not change at any time during this exercise. That column is the numeric data in a long listing between the file permissions and the owner. Symbolic links do not change the number of hard links to a file’s inode; it points instead to the directory entry of the file. 1289 | Notice also that the soft link is much smaller than the real install.log file. 1290 | Hard Links 1291 | Hard links create a new directory entry pointing to the same inode, so when hard links are added to a file you will see the number of links increase. 1292 | Ensure that the current, or Present Working Directory (pwd) is root’s home directory. Create a hard link to the file install.log with the following command. 1293 | ln install.log install.log.hardlink1 1294 | Do a long listing of the directory and you should see the following lines.Use the ls -li command to display the Inode numbers for the files. 1295 | 7758 -rw-r--r--. 3 root root 65796 Jun 28 09:39 install.log 1296 | 7758 -rw-r--r--. 3 root root 65796 Jun 28 09:39 install.log.hardlink1 1297 | 7881 lrwxrwxrwx. 1 root root 11 Jul 10 10:07 install.log.softlink1 -> install.log 1298 | 1299 | Notice that both files have 2 links and are exactly the same size. The date stamp is also the same. This is really one file with one Inode and two links, i.e., directory entries to it. Notice that the Inode number for the softlink, install.log.softlink1, is different from the two hardlink Inodes. 1300 | Now create a second hard link to this file. The link can be created to either of the existing ones. 1301 | 1302 | ln install.log.hardlink1 install.log.hardlink2 1303 | A long listing of the directory now shows that there are three hard links to this file. Use ls -li to show the Inode numbers. 1304 | 7758 -rw-r--r--. 3 root root 65796 Jun 28 09:39 install.log 1305 | 7758 -rw-r--r--. 3 root root 65796 Jun 28 09:39 install.log.hardlink1 1306 | 7758 -rw-r--r--. 3 root root 65796 Jun 28 09:39 install.log.hardlink2 1307 | 7881 lrwxrwxrwx. 1 root root 11 Jul 10 10:07 install.log.softlink1 -> install.log 1308 | 1309 | Now try to create a hard link from the /tmp directory to the install.log file. 1310 | [root@instructor tmp]# ln /root/install.log install.log 1311 | ln: failed to create hard link `install.log' => `/root/install.log': Invalid cross-device link 1312 | 1313 | The command results in an error which indicates that the link cannot be made across devices. This is due to the fact that /tmp and /root are on different filesystems. 1314 | Use the ls –li command to display the /root directory. 1315 | [root@instructor ~]# ls -li 1316 | total 420 1317 | 7877 -rw-------. 1 root root 1892 Jun 9 15:47 anaconda-ks.cfg 1318 | 861 -rw-r--r--. 1 root root 35691 Jun 9 15:35 dmesg1.txt 1319 | 863 -rw-r--r--. 1 root root 35691 Jun 9 15:35 dmesg2.txt 1320 | 877 -rw-r--r--. 1 root root 35691 Jun 9 15:35 dmesg3.txt 1321 | 2385 -rw-r--r--. 1 root root 23444 Jun 16 16:51 fedora_frog-2.0-15.0.0.noarch.rpm 1322 | 7758 -rw-r--r--. 3 root root 65796 Jun 28 09:39 install.log 1323 | 7758 -rw-r--r--. 3 root root 65796 Jun 28 09:39 install.log.hardlink1 1324 | 7758 -rw-r--r--. 3 root root 65796 Jun 28 09:39 install.log.hardlink2 1325 | 7881 lrwxrwxrwx. 1 root root 11 Jul 10 10:07 install.log.softlink1 -> install.log 1326 | 19 -rw-r--r--. 1 root root 10646 Jun 9 15:41 install.log.syslog 1327 | 7761 lrwxrwxrwx. 1 root root 17 Jul 10 10:04 messages -> /var/log/messages 1328 | 879 -rw-r--r--. 1 root root 0 Jun 9 15:35 newfile.txt 1329 | 853 -rw-r--r--. 1 root root 65780 Jun 9 15:31 testfile.txt 1330 | 1331 | The leftmost column of numbers are the inodes for the files in the listing. Notice that all of the hard links to the install.log file have the same inode but the soft link has a different inode. 1332 | Locating Files 1333 | Sometimes finding files can be the hardest part of managing them. Linux has a couple tools to assist with locating files using several different criteria. Using the locate command to find files by name is very easy. 1334 | The locate lvm command will find all files and directories that contain the string “lvm.” The locate command relies on a database that is built every night. Take a look at the file /etc/cron.daily/mlocate.cron. As a result files added or deleted since the last update of the database may incorrectly show up or not be displayed in the results. You can run the updatedb command to bring the database up to date. 1335 | File globbing patterns also work with the locate command. If no file globbing patterns are explicitly used, the search pattern is *PATTERN*. 1336 | A more flexible command used for finding files is “find.” Suppose you want to find all of the empty (zero length) files in your entire filesystem while ignoring empty directories. The first command below does this. It starts looking at the root (/) directory for files (type f) that are empty. The results really surprised me. Using wc to count them I found over 8000 empty files. 1337 | find / -type f -empty | wc 1338 | The next example uses the bang (!) to negate the meaning of empty so it finds all files that are not empty. You can list all of the files resulting from each command by not piping the output of find through the wc command. 1339 | find / -type f ! -empty | wc 1340 | Locating files with Several Hard Links 1341 | The find command also locates files with multiple hard links. Use the following command to locate all files with 5 hard links. 1342 | find / -type f -links 5 1343 | Now pick one of the files you have found and determine the inode for the file, and then locate all of the file names that share the same inode, and thus the same file. In this case I chose the file /sbin/fsck.ext3. 1344 | [root@instructor /]# ls -i /sbin/fsck.ext3 1345 | 1072 /sbin/fsck.ext3 1346 | [root@instructor /]# find / -inum 1072 1347 | /usr/share/terminfo/x/xterm-new 1348 | /var/lib/yum/yumdb/k/c41d36b278cf65483701ede5b4f230e744b17fbb-khmeros-base-fonts-5.0-11.fc15-noarch 1349 | /sbin/fsck.ext3 1350 | /sbin/fsck.ext2 1351 | /sbin/fsck.ext4 1352 | /sbin/e2fsck 1353 | /sbin/fsck.ext4dev 1354 | /sys/devices/pci0000:00/0000:00:01.0/power/wakeup_hit_count 1355 | /sys/kernel/debug/tracing/events/syscalls/sys_enter_times/id 1356 | 1357 | This gives you a list of all the files that are hardlinked to that same Inode. So you can see that the fsck.ext3 command is actually the same file as fsck.ext2 and fsck.ext3, among others. However, you can also see that there are other files in other filesystems that have the same Inode. This is why hardlinks cannot be made across filesystems; because files in other filesystems can also have the same Inode number. A better way to locate just the files related to fsck is to use the following command. 1358 | find /sbin -inum 1072 1359 | File Information 1360 | There are a number of different types of files that you can run into in a Linux environment, and it is not a good idea to perform some operations on the wrong type of file. Linux has some commands to help you determine a great deal of information about files. 1361 | The file command tells what type of file it is. The following command tells us that the .bash_profile file is ASCII text file. 1362 | [root@instructor ~]# file ~/.bash_profile 1363 | /root/.bash_profile: ASCII English text 1364 | 1365 | And the following command tells us that /bin/ls is a compiled executable binary file that is dynamically linked. 1366 | [root@instructor /]# file /bin/ls 1367 | /bin/ls: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, stripped 1368 | 1369 | You might want to use text tools such as vi or cat on the first, but definitely not on the second. 1370 | The strings command extracts all of the text strings from any file including binary executables. Use the command below to view the text strings in the ls executable. You may need to pipe the output through the less filter. 1371 | strings /bin/ls 1372 | The stat command provides a great deal of information about a file. The following command shows atime, ctime and mtime; the file size in bytes and blocks; its inode, the number of (hard) links and more. 1373 | [root@instructor /]# stat /bin/ls 1374 | File: `/bin/ls' 1375 | Size: 116632 Blocks: 232 IO Block: 4096 regular file 1376 | Device: fd00h/64768d Inode: 1313 Links: 1 1377 | Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) 1378 | Context: system_u:object_r:bin_t:s0 1379 | Access: 2011-07-10 10:03:03.032982631 -0400 1380 | Modify: 2011-02-08 06:46:44.000000000 -0500 1381 | Change: 2011-06-09 12:32:23.932043401 -0400 1382 | Birth: - 1383 | 1384 | 1385 | Lab Project 23: Package Management 1386 | RPM is the Red Hat Package Manager. It is a very powerful program that allows installation, removal and management of RPMs. It has some drawbacks such as no ability to deal with dependencies in RPMs being installed or removed. 1387 | Yum is a wrapper around the RPM program. It provides installation of RPM packages from local or remote repositories and deals with dependencies as required. 1388 | RPM 1389 | Your instructor will provide you with two RPMs. Install the Fedora Frog V 2.0-14 RPM from the file in the /root directory. 1390 | 1391 | [root@instructor ~]# rpm -ivh fedora_frog-2.0-14.0.0.noarch.rpm 1392 | Preparing... ########################################### [100%] 1393 | 1:fedora_frog ########################################### [100%] 1394 | 1395 | The Fedora Frog program is now installed in /usr/local/bin 1396 | and the license files installed in /usr/share/doc/frog. 1397 | If you have any old copies located in your home directory 1398 | you should delete the ~/.frog directory now. 1399 | 1400 | Use the command: 1401 | frog -h for help 1402 | frog to run frog and install applications 1403 | frog -r to remove packages 1404 | 1405 | Now upgrade the program with the Fedora Frog V2.0-15 RPM located in /root. 1406 | 1407 | [root@instructor ~]# rpm -Uvh fedora_frog-2.0-15.0.0.noarch.rpm 1408 | Preparing... ########################################### [100%] 1409 | 1:fedora_frog ########################################### [100%] 1410 | 1411 | The Fedora Frog program is now installed in /usr/local/bin 1412 | and the license files installed in /usr/share/doc/frog. 1413 | If you have any old copies located in your home directory 1414 | you should delete the ~/.frog directory now. 1415 | 1416 | Use the command: 1417 | frog -h for help 1418 | frog to run frog and install applications 1419 | frog -r to remove packages 1420 | 1421 | How does this work if we have a dependency that is not met. Determine the dependencies of Fedora Frog. 1422 | 1423 | rpm -q --requires fedora_frog 1424 | 1425 | One of the dependencies for Fedora Frog is wget which is a CLI program that allows scripted or interactive downloading of files from web sites. Remove the frog program and the dependency, “wget”. The wget program can download files from the Internet from the command line or a script. The wget program is required by the Fedor Frog program. 1426 | rpm -e fedora_frog wget 1427 | 1428 | Notice that the RPM command can accept a list of RPMs to install or remove. It will work so long as there are no unresolved dependencies. 1429 | Attempt to install Fedora Frog V2.0-15 RPM. 1430 | 1431 | [root@instructor ~]# rpm -ivh fedora_frog-2.0-15.0.0.noarch.rpm 1432 | error: Failed dependencies: 1433 | wget is needed by fedora_frog-2.0-15.0.0.noarch 1434 | 1435 | This throws an error because of the missing dependency. 1436 | YUM 1437 | Now install Fedora Frog using YUM. YUM can install local RPMs as well as from local or remote repositories. We do not have a local repository and the Frog package is not in any remote repository. The wget package is located in the “fedora” repository at the Fedora web site. Use the command yum list wget to determine whether wget is located in a Fedora repository and which one. 1438 | Install Fedora Frog using YUM. 1439 | yum -y install fedora_frog-2.0-15.0.0.noarch.rpm 1440 | You will see the output from YUM as it processes the Fedora Frog RPM and determines that a dependency is required. 1441 | Adding Repositories 1442 | Adding repositories can make adding new software much easier and faster. The RPMFusion repositories contain many packages that are not provided with the Fedora distributions of repositories. 1443 | If you wish, you may take a few minutes to use your browser to explore the www.rpmfusion.org web site. 1444 | For CentOS and Red Hat, you must first install the EPEL (Extra Programs for Enterprise Linux) repository. 1445 | cd /root 1446 | wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm 1447 | wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm 1448 | rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm 1449 | Use wget to download the RPMFusion RPMs into /root. 1450 | For Fedora: 1451 | Enter each of the following two commands. Each command should be on a single line. They are split here due to space issues. 1452 | wget http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm 1453 | wget http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm 1454 | 1455 | For CentOS: 1456 | Enter each of the following two commands. Each command should be on a single line. They are split here due to space issues. 1457 | wget -c http://download1.rpmfusion.org/free/el/updates/6/i386/rpmfusion-free-release-6-1.noarch.rpm 1458 | wget -c http://download1.rpmfusion.org/nonfree/el/updates/6/i386/rpmfusion-nonfree-release-6-1.noarch.rpm 1459 | 1460 | Install these two RPMs locally with the following command. 1461 | yum -y install rpmfusion* 1462 | Change to the /etc/yum.repos.d directory and list the files there. You should see several RPMFusion repositories. You should also see the default fedora and fedora-updates repository configuration files. 1463 | Look at the contents of some of these files. Notice that the testing and rawhide repositories have enabled=0 which means that they are disabled. These are repositories used for testing and should never be enabled unless you are a programming expert and like self-flagellation. 1464 | Some repositories simply have you download the repo file and place it in /etc/yum.repos.d instead of packaging them in an RPM. 1465 | Using YUM to Explore Software 1466 | It is not necessary for you to know which repository contains a package you want to install so long as the repository configuration file exists in /etc/yum.repos.d. 1467 | You can obtain list of all available, i.e., not installed, packages using the command below. Note that the following command will produce over 19,500 lines of data so you should store the output in a file as is shown. 1468 | yum list available > /tmp/available.list 1469 | The list produced 1470 | You can use the “installed” argument instead of “available” to list all installed software. You can also search for specific packages using patterns and file globbing, such as in the command: 1471 | yum list ruby* | less 1472 | The above command lists all packages whether installed or available that begin with “ruby”. YUM first lists all installed packages and then all available packages that match the pattern. 1473 | You can obtain more detailed information about a specific package using the “info” argument. Suppose you want to investigate BackupPC as a possible backup solution. Enter the following command to obtain information about BackupPC. 1474 | yum info BackupPC 1475 | The information displayed includes the package name and version, and a summary of the package as well as a somewhat more verbose description of the package. 1476 | Installing Software from a Repository 1477 | Install the BackupPC package and all of its dependencies using the following command: 1478 | yum install BackupPC 1479 | This command pauses to display the list of packages to be installed. You should see a list of packages that need to be installed for dependencies. Type y and press the Enter key to install all of the packages in the list. It will take a little time to download all of the required packages and install them. 1480 | Updating All Packages 1481 | Now update all packages for which updates are available with the following command. 1482 | yum -y update 1483 | Observe the update process. Notice that there will be a large number of packages to update; well over 400. It will take some time to perform this task which takes place in phases. 1484 | 1. Determine which installed packages have updates available. 1485 | 2. Check for and add dependencies. 1486 | 3. Download the required packages or deltas. 1487 | 4. Rebuild RPMs using deltas. 1488 | 5. Install the updates. 1489 | 1490 | Due to bandwidth limitations in the classroom and the number of packages that will need updated, this process can take a long time. When the downloads begin, let the instructor know. 1491 | After the update has completed, reboot the computer. The only time it is necessary to reboot a Linux computer is after the kernel has been upgraded; this is the only way load the new kernel. It is also a good idea to reboot after glibc has been updated. 1492 | Lab Project 24: Network Configuration And Management 1493 | Most network configuration is pretty straightforward. In fact, on many workstations and laptops it can be completely automatic using NetworkManager. However for servers use of automatic network configuration might not be the best choice, especially prior to Fedora 15. It is still possible to manually configure the network and that is what this Lab Project is all about. 1494 | Hardware 1495 | Start by pinging the computer of your classroom neighbor or the default gateway to verify that the network is working. Use the route –n command to determine the IP address of the gateway router; then ping the gateway router, ping –c2 to ensure that you currently have network connectivity. The –c2 option specifies the count of ICMP packets to send. If you get a response from the router you can continue with the next step. If you get no response notify the instructor. 1496 | Determine the name of your network interface with the command: 1497 | [root@CentOS65 ~]# ifconfig 1498 | eth0 Link encap:Ethernet HWaddr 08:00:27:17:83:41 1499 | inet addr:192.168.0.151 Bcast:192.168.0.255 Mask:255.255.255.0 1500 | inet6 addr: fe80::a00:27ff:fe17:8341/64 Scope:Link 1501 | UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 1502 | RX packets:14337 errors:0 dropped:0 overruns:0 frame:0 1503 | TX packets:9649 errors:0 dropped:0 overruns:0 carrier:0 1504 | collisions:0 txqueuelen:1000 1505 | RX bytes:14222290 (13.5 MiB) TX bytes:751648 (734.0 KiB) 1506 | 1507 | lo Link encap:Local Loopback 1508 | inet addr:127.0.0.1 Mask:255.0.0.0 1509 | inet6 addr: ::1/128 Scope:Host 1510 | UP LOOPBACK RUNNING MTU:16436 Metric:1 1511 | RX packets:16 errors:0 dropped:0 overruns:0 frame:0 1512 | TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 1513 | collisions:0 txqueuelen:0 1514 | RX bytes:1584 (1.5 KiB) TX bytes:1584 (1.5 KiB) 1515 | Your results should look similar to the above. The lo device is the local loopback device used for intra-system communications. The example above shows eth0 as the network interface. Your NIC name might be different. Use the correct name for the NIC in your computer for the rest of this lab project. 1516 | Interface Configuration 1517 | The ethtool program can be used to view and change hardware NIC configuration, however the ability to change configuration items seems to be broken. Run the command ethtool and look at the output. Be sure to check the settings for speed, duplex and auto-negotiate. 1518 | Note that mii-tool does not support Gb speeds in many earlier versions. It does provide support for Gb speeds starting with Fedora 15 and CentOS 7. 1519 | mii-tool 1520 | You can normally use ethtool to change the settings. However that has not been working in recent releases and I suspect a bug in the code or that NetworkManager prevents that. It does seem to work correctly to restart autonegotiation. 1521 | Enter the command ethtool –r to restart autonegotiation. Ping your student neighbor or the gateway to ensure that the network is working correctly. 1522 | You can also use the nm-tool command to view the current NIC settings in some earlier versions of Fedora but nm-tool is no longer available with Fedora 20. Remember that nm-tool does not offer any options to change the NIC hardware settings. 1523 | Network Configuration and Management 1524 | Use the ifconfig command to display the current networking configuration and NIC statistics for all NICs. If you use ifconfig the command will only show the information for . Record the MAC address of just in case you need it in a later portion of this lab project. 1525 | Use the systemctl command below to verify that the NetworkManager is running. 1526 | [root@student00 network-scripts]# systemctl list-units | grep NetworkManager 1527 | NetworkManager.service loaded active running Network Manager 1528 | 1529 | In earlier versions of Fedora that do not use NetworkManager or systemd, the chkconfig command can be used to determine which runlevels have networking turned on. 1530 | 1531 | [root@instructor ~]# chkconfig --list network 1532 | network 0:off 1:off 2:on 3:on 4:on 5:on 6:off 1533 | 1534 | Use the command ifconfig to check the current status of the network. This command will show you information about which interfaces are configured and which are running. 1535 | Ping the Gateway router to ensure that you currently have network connectivity. The –c2 option specifies the number (Count) of ICMP packets to send. If you get a response from the router you can continue with the next step. 1536 | Stop the network interface with the command ifdown and then ping the router again to verify that connectivity is down. Use the ifup command to restart the NIC. 1537 | Ensure that the network interface is up and you have network connectivity. 1538 | Configuring NTP 1539 | The NTP Daemon is normally synchronized with the Fedora pool of NTP servers using the default configuration. This could have been configured during the post-installation configuration, but we will do it here. 1540 | Use the ntpstat command to determine the current status of NTP synchronization. 1541 | 1542 | [root@instructor /]# ntpstat 1543 | synchronised to NTP server (69.65.40.29) at stratum 3 1544 | time correct to within 97 ms 1545 | polling server every 1024 s 1546 | 1547 | This tells us that we are synchronized to an external server at stratum 3. 1548 | Use vi to look at the /etc/ntp.conf file on about line 31 to see that the internal dummy server is stratum 10, so the NTP client becomes stratum 11 if no external servers can be contacted. 1549 | Now add the following line to the /etc/ntp.conf file before the set of fedora pool commands, around line 19. Use the IP address supplied by the instructor. 1550 | server prefer iburst 1551 | This specifies the local NTP server on the instructor's machine. 1552 | Issue the service ntpd restart command to restart the NTP service. Use the ntpstat command to verify the eventual synchronization of the client. This may take from a few seconds to a minute or so to occur. 1553 | You should see results that look like this: 1554 | [root@instructor ~]# ntpstat 1555 | synchronised to NTP server (192.168.25.1) at stratum 4 1556 | time correct to within 137 ms 1557 | polling server every 64 s 1558 | 1559 | Notice that using the instructor's NTP server synchronizes at stratum 4 while synchronizing to the Fedora pool machines results in synchronization at stratum 3. This is because the instructor machine synchronizes with the Fedora pool servers and adds an additional layer between your computer and the pool servers. 1560 | Each student machine can be used as an NTP server at this point. The ntp.conf file needs to be configured to allow that. It is also necessary to configure the firewall (IPTABLES) to allow inbound UDP packets on port 123. 1561 | First, on the server, uncomment the following “restrict” line to be less restrictive of hosts on the local network. 1562 | # Hosts on local network are less restricted. 1563 | restrict mask 255.255.255.0 nomodify notrap 1564 | 1565 | Be sure to use the IP network for the lab such as 192.168.1.0. If you have a question about that ask the instructor. 1566 | The server to which you will be synchronizing must be configured in IPTABLES with the command below. Note that the server should continue to synchronize with the Fedora servers. 1567 | iptables -t filter -I INPUT 1 -p udp --dport 123 -j ACCEPT 1568 | This the NTP UDP packets from being blocked. Note that this rule has been inserted in the first position of the chain so we don't have to deal with stateful connections – yet. 1569 | Now change the IP address in the following line of the client to that of the new server, your student partner. 1570 | server prefer iburst 1571 | Restart the NTP service on both machines. Note that it may take a few moments to sync to this new server. Use the ntpstat command to determine which server your computer is synced with. 1572 | When your computer has synchronized with the NTP server, whichever one you are using, you can set the system hardware clock from the system (OS) time use the following command. 1573 | /sbin/hwclock --systohc 1574 | This command can be added as a cron job or a script in cron.daily to keep the hardware clock synced with the system time. This reduces the amount of time required to sync the clock using NTP after a reboot. 1575 | Configuring the /etc/hosts file 1576 | You will have to work with a lab partner or the instructor to complete this portion of the Lab Project. Obtain the IP Address for your lab partner's computer. You can add an entry for that computer to the /etc/hosts file to make it easier to connect. For example the following line would associate the hostname “student02” with the ip address “192.168.2.15”. 1577 | 192.168.2.15 student02 1578 | 1579 | Ping your partner's computer by IP Address and then by hostname to ensure that the hosts file entry is correct. 1580 | Using SSH 1581 | Work with your lab partner for this portion of the Lab Project. 1582 | If it is not already started, start the SSH Server. This will allow other hosts to connect to yours using SSH. Check the current status of SSH with the command: 1583 | service sshd status 1584 | If the SSHD is not active, start it with one of the commands below. 1585 | service sshd start 1586 | or 1587 | systemctl start sshd.service 1588 | 1589 | Use SSH to connect to your lab partner's computer as root. 1590 | ssh studentXX 1591 | The first time you connect to a remote host using SSH, a message will be displayed indicating that the authenticity of the remote host cannot be established. You must type yes and press the Enter key to continue with the connection. Your passwords should be the same so enter the password when requested. 1592 | Note that if you are logged in as the user “student” and you wish to SSH to another host as root or any other user, you can use the command below. 1593 | ssh user@hostname 1594 | While you are logged into your partner's computer, verify the hostname and then use the exit command to terminate the connection. 1595 | Creating Public/Private Key Pairs 1596 | Public/Private Key Pairs (PPKP) provide secure SSH communication without the need for using a password. PPKPs can be used for many purposes including SSH host identification. This can be very useful when using scripts to issue commands to remote hosts via SSH. A PPKP does require a passphrase, however that passphrase must be empty for hosts. 1597 | Create a PPKP as follows. Press the Enter key for all requested entries. 1598 | 1599 | ssh-keygen 1600 | Generating public/private rsa key pair. 1601 | Enter file in which to save the key (/root/.ssh/id_rsa): 1602 | Created directory '/root/.ssh'. 1603 | Enter passphrase (empty for no passphrase): 1604 | Enter same passphrase again: 1605 | Your identification has been saved in /root/.ssh/id_rsa. 1606 | Your public key has been saved in /root/.ssh/id_rsa.pub. 1607 | The key fingerprint is: 1608 | 33:28:35:f0:95:a6:5b:0e:5c:6e:b0:37:c9:52:68:9a root@test2.both.org 1609 | The key's randomart image is: 1610 | +--[ RSA 2048]----+ 1611 | | . ... | 1612 | | o+.= | 1613 | | =+X . | 1614 | | E.*oO | 1615 | | . .OS. | 1616 | | .. .o | 1617 | | | 1618 | | | 1619 | | | 1620 | +-----------------+ 1621 | 1622 | This produces two keys in the ~/.ssh directory. the private key is id_rsa and the public key is id_rsa.pub. 1623 | Now use the ssh-copy-id command to securely install the public key you just created onto your partner's host. 1624 | [root@test2 .ssh]# ssh-copy-id root@studentX 1625 | root@studentX's password: 1626 | Now try logging into the machine, with "ssh 'root@studentX'", and check in: 1627 | 1628 | ~/.ssh/authorized_keys 1629 | 1630 | to make sure we haven't added extra keys that you weren't expecting. 1631 | 1632 | This step can be performed manually but this is a much faster method. This one command replaces the following steps. 1633 | 1. Use SCP to securely copy the public key to the remote host. 1634 | 2. Login to the remote host. 1635 | 3. Append the public key to the ~/.ssh/authorized_keys file. 1636 | 4. Ensure that permissions are correctly set on the ~/.ssh directory. 1637 | 5. Ensure that permissions are correctly set on the ~/.ssh/authorized_keys file. 1638 | 6. Logout of the remote host. 1639 | In some cases the manual procedure does not work. If you perform the manual procedure unsuccessfully, you can delete everything pertaining to the key you are trying to activate from the ~/.ssh directory of the remote host and use the ssh-copy-id command. 1640 | 1641 | If you have not already done so, login to your partner's host and verify that the above procedure has been successful. 1642 | ssh root@studentX 1643 | Enter the exit command to logout from the remote host. 1644 | Lab Project 25: Security 1645 | There are many aspects to security. In this lab project you will have an opportunity to examine some of the most common methods for enhancing security on a Linux computer. 1646 | Configuring IPTABLES 1647 | The IPTABLES service is the standard Linux firewall. The default configuration is to reject all access except for SSH. This is a good basic starting point. You will make a few additions to the IPTables rules to allow some additional services access. Since we are not using these services in this class, the instructor will have to check your work. 1648 | You will not edit the /etc/sysconfig/iptables file directly; you will use the CLI to insert new rules and to save them. Note that all additions to iptables rules issued from the command line take effect immediately while adding rules to the iptables file requires a restart of the iptables service leaving the computer momentarily vulnerable. You could stop and restart the network but that interrupts the network service. 1649 | You have seen above one command to insert a rule in an IPTables chain. That was a simple example. It did not utilize connection tracking so each packet has to be filtered through the rules. Delete the rule you entered above. Remember that it has not been saved so is not yet permanent. 1650 | iptables -t filter -D INPUT 1 1651 | Now add a rule to the filter table input chain to accept the first UDP packet of the connection, that is to create a new connection, on the NTP port. This rule needs to be added after the state RELATED,ESTABLISHED line which should be line 1 in the INPUT chain. The following rule should be entered all on one line. 1652 | iptables -t filter -I INPUT 2 -p udp -m state --state NEW -m udp --dport 123 -j ACCEPT 1653 | After that first packet is accepted, the connection is tracked and any further packets relating to that connection are allowed when they hit the following rule. 1654 | Now add rules using the same command syntax to allow stateful access to http (port 80) and smtp (port25). 1655 | Save these new rules so that they survive a reboot. You could use the old service command as shown below or you can use the iptables-save command, which has been around for a while but only saves directly to /etc/sysconfig/iptables. 1656 | service iptables save 1657 | Use the iptables-save command and redirect the output to the IPTables configuration file as shown below. 1658 | iptables-save > /etc/sysconfig/iptables 1659 | The iptables-save command is more flexible than the older method because the current rule set can be saved to any file and restored with the iptables-restore command in one of the forms shown below. 1660 | cat /path/to/file/iptables | iptables-restore 1661 | iptables-restore < /path/to/file/iptables 1662 | sudo 1663 | Using the sudo command to provide legitimate access to specific privileged commands can reduce the system administrator's workload while maintaining security and providing a log of the users' actions by ID and command. 1664 | You will now give the user student sudo access to a single command. Login as the user student, and try the following command. 1665 | [student@testvm3 ~]$ mii-tool 1666 | SIOCGMIIPHY on '' failed: Operation not permitted 1667 | 1668 | Now use the visudo command to add the following line to the bottom of /etc/sudoers. 1669 | student ALL=/sbin/mii-tool 1670 | This line gives the student user access to use only this one privileged command. 1671 | Logout as student and login again. This is required to activate student's sudo privileges. Run the command below to test the ability of the user student to execute the mii-tool command. 1672 | [student@testvm3 ~]$ sudo mii-tool 1673 | 1674 | We trust you have received the usual lecture from the local System 1675 | Administrator. It usually boils down to these three things: 1676 | 1677 | #1) Respect the privacy of others. 1678 | #2) Think before you type. 1679 | #3) With great power comes great responsibility. 1680 | 1681 | [sudo] password for student: 1682 | : no autonegotiation, 100baseTx-FD, link ok 1683 | 1684 | Note that the first time a user uses sudo they get a little on-screen lecture. The sysadmin should always give a stern lecture to users with sudo privileges. ☺ 1685 | The user must enter their own password and the command is executed. Notice that if you execute the same command or any other allowed command within a 5 minutes, it is not necessary to reenter your password. This expiration time is configurable. 1686 | Now try another privileged command. The hwclock command sets the hardware clock to the time currently maintained by the system clock or vice-versa. In this case the student user will try to set the hardware clock using the current value of the syatem clock. 1687 | [student@testvm3 ~]$ hwclock --systohc 1688 | Sorry, only the superuser can change the Hardware Clock. 1689 | 1690 | This command fails because the user student has only been given privileges to a single command. 1691 | Restrict SSH Remote Root Login 1692 | Work with your neighbor in the lab on this section. 1693 | Login to your neighbor's computer as root via SSH. You should be able to to this. Remember that your passwords are the same. After confirming that you have logged into your neighbor's computer, logout again. 1694 | Now both of you should edit the etc/ssh/sshd_config file and change the following line: 1695 | #PermitRootLogin yes 1696 | To: 1697 | PermitRootLogin no 1698 | And run the service sshd restart command to enable the change. 1699 | Now try to login to your neighbor's computer again as root. 1700 | ssh root@ 1701 | You should receive a “Permission denied” error. Also be sure to verify that you can login to your neighbor's computer as user student. 1702 | ssh 1703 | Change this back and revert to allowing remote root login on SSH and test to ensure that your neighbor can again access your computer and you can login to theirs. 1704 | Checking for Rootkits 1705 | There are two good programs that can be used to scan your system for rootkits. 1706 | Install the chkrootkit and rkhunter RPMs. 1707 | yum -y install chkrootkit rkhunter 1708 | Run the chkrootkit command. You should get a long list of tests as they are run. Do you get any anomalous output from chkrootkit? You should not. 1709 | I think that the RootKit Hunter program is a better and more complete program. It is more flexible because it can update the signature files without upgrading the entire program. It also checks for changes to certain system executable files that are frequently targeted by crackers. 1710 | Before running RootKit Hunter the first time, update the signature files. 1711 | [root@testvm3 sbin]# rkhunter --update 1712 | [ Rootkit Hunter version 1.4.2 ] 1713 | 1714 | Checking rkhunter data files... 1715 | Checking file mirrors.dat [ No update ] 1716 | Checking file programs_bad.dat [ No update ] 1717 | Checking file backdoorports.dat [ No update ] 1718 | Checking file suspscan.dat [ Updated ] 1719 | Checking file i18n/cn [ No update ] 1720 | Checking file i18n/de [ Updated ] 1721 | Checking file i18n/en [ No update ] 1722 | Checking file i18n/tr [ Updated ] 1723 | Checking file i18n/tr.utf8 [ Updated ] 1724 | Checking file i18n/zh [ Updated ] 1725 | Checking file i18n/zh.utf8 [ Updated ] 1726 | 1727 | Create the initial database of critical files. 1728 | [root@voyager ~]# rkhunter --propupd 1729 | [ Rootkit Hunter version 1.4.2 ] 1730 | File updated: searched for 172 files, found 133 1731 | 1732 | Now run the command to check for rootkits. The --sk option skips the normal pause between the different tests. The -c option tells rkhunter to check for rootkits. 1733 | [root@testvm3 sbin]# rkhunter -c --sk 1734 | 1735 | This program also displays a long list of tests and their results as it runs, along with a nice summary at the end. 1736 | Note that the installation RPM for RootKit Hunter sets up a daily cron job with a script in /etc/cron.daily. The script performs this check every morning at about 3AM. If a problem is detected an email message is sent to root. If no problems are detected no email or any other indication that the rkhunter program was even run is provided. Unix tenet “Silence is golden.” 1737 | Lab Project 26: Problem Solving 1738 | System Rescue 1739 | There are times when the only recovery option for a system is “System Rescue” mode. This entails booting to a Rescue CD or to an installation CD/DVD. 1740 | 1. Insert the installation DVD in the DVD drive. 1741 | 2. Reboot your computer. 1742 | 3. When the RHEL installation splash screen is displayed, use the down arrow key to select Rescue installed system and press the Enter key. 1743 | 4. Select English for the Language and Keyboard. 1744 | 5. Do not start the network interfaces. 1745 | 6. On the Rescue menu press the Continue button. 1746 | 7. You should get a text window that says, “Your system has been mounted under /mnt/sysimage.” Select the OK button and press the Enter key. 1747 | At this point you have entered Rescue mode. You can edit files, such as /etc/fstab; just remember that the true path here is /mnt/sysimage/etc. You can also chroot to make this environment just like running as if you had booted direct from the hard drive. 1748 | 1. cd /mnt/sysimage 1749 | 2. Run the pwd command. 1750 | 3. Run the command chroot /mnt/sysimage. 1751 | 4. Now run pwd again. 1752 | To exit chroot mode type exit. Then type exit again to reboot the computer. 1753 | Now lets create a situation for which you must use Rescue mode to recover from a boot problem. Start by overwriting part of the boot record so that the computer will not boot. We will use a very dangerous command for this, dd. This command is nicknamed “Disk Destroyer” because incorrect usage can destroy the entire contents of your disk, or at least enough to make it totally unrecoverable. It is also a very good illustration of the fact that everything is a file; in this case you will treat your hard drive as a file. 1754 | First back up the boot sector just in case. 1755 | dd if=/dev/sda of=/tmp/bootsector.bak bs=512 count=1 1756 | 1757 | Verify that the boot sector has been backed up. Now destroy the beginning of the boot sector. 1758 | dd if=/dev/zero of=/dev/sda bs=255 count=1 1759 | This command writes 255 bytes of data (all zeros) to the beginning of /dev/sda, your hard drive. If too much data is written it would also destroy your partition table which would create a much more difficult exercise than is intended. 1760 | Now reboot your computer. 1761 | Proceed through the Rescue boot and when it is complete use the command grub-install /dev/sda to attempt to reinstall GRUB, including the boot record. It fails with an error message that /sbin/grub cannot be found. This shows that grub and many other commands are not available in the default rescue environment. We must use a chroot’ed environment to make these commands available. 1762 | Use the following commands to enter chroot’ed mode. 1763 | cd /mnt/sysimage 1764 | chroot /mnt/sysimage 1765 | 1766 | Now we can reenter the grub-install /dev/sda command to reinstall GRUB and the boot record. 1767 | exit;exit to reboot. 1768 | 1769 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Freeware License, some rights reserved 2 | 3 | Copyright (c) 2019 David Both 4 | 5 | Permission is hereby granted, free of charge, to anyone obtaining a copy 6 | of this software and associated documentation files (the "Software"), 7 | to work with the Software within the limits of freeware distribution and fair use. 8 | This includes the rights to use, copy, and modify the Software for personal use. 9 | Users are also allowed and encouraged to submit corrections and modifications 10 | to the Software for the benefit of other users. 11 | 12 | It is not allowed to reuse, modify, or redistribute the Software for 13 | commercial use in any way, or for a user’s educational materials such as books 14 | or blog articles without prior permission from the copyright holder. 15 | 16 | The above copyright notice and this permission notice need to be included 17 | in all copies or substantial portions of the software. 18 | 19 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 20 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 21 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 22 | AUTHORS OR COPYRIGHT HOLDERS OR APRESS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 23 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 24 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 25 | SOFTWARE. 26 | 27 | 28 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Apress Source Code 2 | 3 | This repository accompanies [*Using and Administering Linux: Volume 2*](http://www.apress.com/9781484254547) by David Both (Apress, 2019). 4 | 5 | [comment]: #cover 6 | ![Cover image](9781484254547.jpg) 7 | 8 | Download the files as a zip using the green button, or clone the repository to your machine using Git. 9 | 10 | ## Releases 11 | 12 | Release v1.0 corresponds to the code in the published book, without corrections or updates. 13 | 14 | ## Contributions 15 | 16 | See the file Contributing.md for more information on how you can contribute to this repository. -------------------------------------------------------------------------------- /doUpdates: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ################################################################################ 3 | # doUpdates # 4 | # # 5 | # This is a simple program to perform updates on a Linux computer. If a new # 6 | # kernel is installed, it will build a new grub.cfg to create the recovery # 7 | # mode kernel boot options, and then reboot the computer. # 8 | # # 9 | # # 10 | # Change History # 11 | # 04/12/2017 David Both Original code. Suitable only for testing. # 12 | # 04/13/2017 David Both Tested code. V1.0.0. # 13 | # 04/13/2017 David Both Added messages for rebooting or not at end. # 14 | # Added check for new glibc for doing reboot. # 15 | # 04/14/2017 David Both Completion message includes hostname. # 16 | # 04/28/2017 David Both Add GPL2 statement. # 17 | # 05/12/2017 David Both Added the code I forgot that rebuilds the grub.cfg # 18 | # file. Duh. # 19 | # 06/30/2017 David Both Test for glibc separately then change the logic so # 20 | # we only rebuild grub.conf when replacing the # 21 | # kernel. # 22 | # 08/08/2017 David Both Add -r option so that reboots only occur if -r is # 23 | # used and the kernel or glibc is updated. # 24 | # 08/11/2017 David Both Redo logic for reboots just a bit. Add message to # 25 | # manually reboot if kernel or glibc updated but the # 26 | # -r option was not selected. # 27 | # Add -c option to check and report on whether # 28 | # updates are needed and whether reboot is needed. # 29 | # 01/02/2018 David Both Do not do mandb in CentOS systems. # 30 | # 02/22/2018 David Both Fixed comparison operator to run mandb. # 31 | # 04/12/2018 David Both Added logic to reconfigure GRUB2 standard and # 32 | # EFI versions if the original configuration files # 33 | # already exist. # 34 | # 09/29/2018 David Both Altered logic to better report on reboot need # 35 | # during the actual update. # 36 | # 11/02/2018 David Both Save list of updates to /etc/updates.list in order # 37 | # to make searching for reboot triggers easier and # 38 | # faster. # 39 | # 01/13/2019 David Both Fix location of temporary file from /etc to /tmp. # 40 | # Fix code so mandb runs on CentOS, too. # 41 | # # 42 | # # 43 | # # 44 | # # 45 | # # 46 | # # 47 | # # 48 | # # 49 | ################################################################################ 50 | ################################################################################ 51 | ################################################################################ 52 | # # 53 | # Copyright (C) 2007, 2018 David Both # 54 | # LinuxGeek46@both.org # 55 | # # 56 | # This program is free software; you can redistribute it and/or modify # 57 | # it under the terms of the GNU General Public License as published by # 58 | # the Free Software Foundation; either version 2 of the License, or # 59 | # (at your option) any later version. # 60 | # # 61 | # This program is distributed in the hope that it will be useful, # 62 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # 63 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # 64 | # GNU General Public License for more details. # 65 | # # 66 | # You should have received a copy of the GNU General Public License # 67 | # along with this program; if not, write to the Free Software # 68 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # 69 | # # 70 | ################################################################################ 71 | ################################################################################ 72 | ################################################################################ 73 | 74 | ################################################################################ 75 | # Help # 76 | ################################################################################ 77 | Help() 78 | { 79 | # Display Help 80 | echo "doUpdates - Performs all updates, builds new GRUB2, and" 81 | echo "reboots if a new kernel or glibc was installed." 82 | echo 83 | echo "Syntax: doUpdates --[g|h|c|V|rv]" 84 | echo "options:" 85 | echo "g Print the GPL license notification." 86 | echo "c Check to see if updates are available and whether reboot would be needed." 87 | echo " Does not actually do the update or reboot." 88 | echo "h Print this Help." 89 | echo "r Reboot if the kernel or glibc or both have been updated." 90 | echo "v Verbose mode." 91 | echo "V Print software version and exit." 92 | echo 93 | } 94 | 95 | ################################################################################ 96 | # Print the GPL license header # 97 | ################################################################################ 98 | gpl() 99 | { 100 | echo 101 | echo "################################################################################" 102 | echo "# Copyright (C) 2007, 2016 David Both #" 103 | echo "# Millennium Technology Consulting LLC #" 104 | echo "# http://www.millennium-technology.com #" 105 | echo "# #" 106 | echo "# This program is free software; you can redistribute it and/or modify #" 107 | echo "# it under the terms of the GNU General Public License as published by #" 108 | echo "# the Free Software Foundation; either version 2 of the License, or #" 109 | echo "# (at your option) any later version. #" 110 | echo "# #" 111 | echo "# This program is distributed in the hope that it will be useful, #" 112 | echo "# but WITHOUT ANY WARRANTY; without even the implied warranty of #" 113 | echo "# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #" 114 | echo "# GNU General Public License for more details. #" 115 | echo "# #" 116 | echo "# You should have received a copy of the GNU General Public License #" 117 | echo "# along with this program; if not, write to the Free Software #" 118 | echo "# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #" 119 | echo "################################################################################" 120 | echo 121 | } 122 | 123 | ################################################################################ 124 | # Quit nicely with messages as appropriate # 125 | ################################################################################ 126 | Quit() 127 | { 128 | if [ $verbose = 1 ] 129 | then 130 | if [ $error = 0 ] 131 | then 132 | echo "Program terminated normally" 133 | else 134 | echo "Program terminated with error ID $ErrorMsg"; 135 | fi 136 | fi 137 | exit $error 138 | } 139 | 140 | ################################################################################ 141 | # Display verbose messages in a common format # 142 | ################################################################################ 143 | PrintMsg() 144 | { 145 | if [ $verbose = 1 ] && [ -n "$Msg" ] 146 | then 147 | echo "########## $Msg ##########" 148 | # Set the message to null 149 | Msg="" 150 | fi 151 | } 152 | 153 | ################################################################################ 154 | # Define the $PkgMgr variable based on distro and release # 155 | ################################################################################ 156 | SelectPkgMgr() 157 | { 158 | # get the Distribution, release and architecture. 159 | GetDistroArch 160 | if [ $NAME = "Fedora" ] && [ $RELEASE -ge 20 ] 161 | then 162 | PkgMgr="dnf" 163 | elif [ $NAME = "Fedora" ] && [ $RELEASE -lt 20 ] 164 | then 165 | PkgMgr="yum" 166 | elif [ $NAME = "CentOS" ] 167 | then 168 | PkgMgr="yum" 169 | else 170 | Msg="Unknown distrubution and release. Unable to define Package Manager." 171 | PrintMsg 172 | error=7 173 | Quit $error 174 | fi 175 | Msg="Using $PkgMgr Package Manager" 176 | PrintMsg 177 | } # End SelectPkgMgr 178 | 179 | ################################################################################ 180 | # Get Distribution and architecture 64/32 bit # 181 | ################################################################################ 182 | GetDistroArch() 183 | { 184 | #--------------------------------------------------------------------------- 185 | # Get the host physical architecture 186 | HostArch=`echo $HOSTTYPE | tr [:lower:] [:upper:]` 187 | Msg="The host physical architecture is $HostArch" 188 | PrintMsg 189 | #--------------------------------------------------------------------------- 190 | # Get some information from the *-release file. We care about this to give 191 | # us Fedora or CentOS version number and because some group names change between 192 | # release levels. 193 | #--------------------------------------------------------------------------- 194 | # First get the distro info out of the file in a way that produces consistent results 195 | # Due to the different ways distros keep info in the release files we have to do this 196 | # a bit harder than we would otherwise. 197 | # Switch to /etc for now 198 | cd /etc 199 | # Start by looking for Fedora 200 | if grep -i "NAME=Fedora" os-release > /dev/null 201 | then 202 | # This is Fedora 203 | NAME="Fedora" 204 | # Define the Distribution 205 | Distro=`grep PRETTY_NAME os-release | awk -F= '{print $2}' | sed -e "s/\"//g"` 206 | # Get the full release number 207 | FULL_RELEASE=`grep VERSION_ID os-release | awk -F= '{print $2}'` 208 | # The Release version is the same as the full release number, i.e., no minor versions for Fedora 209 | RELEASE=$FULL_RELEASE 210 | #--------------------------------------------------------------------------- 211 | # Verify Fedora release $MinFedoraRelease= or above. This is due to the lack 212 | # of Fedora and Fusion repositories prior to that release. 213 | #--------------------------------------------------------------------------- 214 | if [ $RELEASE -lt $MinFedoraRelease ] 215 | then 216 | Msg="Release $RELEASE of Fedora is not supported. Only releases $MinFedoraRelease and above are supported." 217 | PrintMsg 218 | error=2 219 | Quit $error 220 | fi 221 | elif grep -i CentOS centos-release > /dev/null 222 | then 223 | # This is CentOS 224 | NAME="CentOS" 225 | Distro=`cat centos-release` 226 | # Get the full release number 227 | FULL_RELEASE=`echo $Distro | sed -e "s/[a-zA-Z() ]//g"` 228 | # Get the CentOS major version number 229 | RELEASE=`echo $FULL_RELEASE | awk -F. '{print $1}'` 230 | 231 | #--------------------------------------------------------------------------- 232 | # Verify CentOS release $MinCentOSRelease= or above. This is due to the lack 233 | # of testing for this program prior to that release. 234 | #--------------------------------------------------------------------------- 235 | if [ $RELEASE -lt $MinCentOSRelease ] 236 | then 237 | Msg="Release $RELEASE of CentOS is not supported. Only releases $MinCentOSRelease and above are supported." 238 | PrintMsg 239 | error=4 240 | Quit $error 241 | fi 242 | else 243 | Msg="Unsupported OS: $NAME" 244 | PrintMsg 245 | error=2 246 | Quit $error 247 | fi 248 | 249 | Msg="Distribution = $Distro" 250 | PrintMsg 251 | Msg="Name = $NAME Release = $RELEASE Full Release = $FULL_RELEASE" 252 | PrintMsg 253 | # Now lets find whether Distro is 32 or 64 bit 254 | if uname -r | grep -i x86_64 > /dev/null 255 | then 256 | # Just the bits 257 | Arch="64" 258 | else 259 | # Just the bits 260 | Arch="32" 261 | fi 262 | if [ $verbose = 1 ] 263 | then 264 | Msg="This is a $Arch bit version of the Linux Kernel." 265 | PrintMsg 266 | fi 267 | } # end GetDistroArch 268 | 269 | 270 | ################################################################################ 271 | ################################################################################ 272 | # Main program # 273 | ################################################################################ 274 | ################################################################################ 275 | # Set initial variables 276 | badoption=0 277 | check=0 278 | doReboot=0 279 | error=0 280 | MinCentOSRelease="6" 281 | MinFedoraRelease="22" 282 | NeedsReboot=0 283 | newKernel=0 284 | newglibc=0 285 | newsystemd=0 286 | PkgMgr="dnf" 287 | RC=0 288 | UpdatesAvailable=0 289 | UpdatesFile="/tmp/updates.list" 290 | verbose=0 291 | version=01.04.02 292 | 293 | #--------------------------------------------------------------------------- 294 | # Check for root 295 | 296 | if [ `id -u` != 0 ] 297 | then 298 | echo "" 299 | echo "You must be root user to run this program" 300 | echo "" 301 | Quit 1 302 | fi 303 | 304 | ################################################################################ 305 | # Process the input options # 306 | ################################################################################ 307 | # Get the options 308 | while getopts ":gchrvV" option; do 309 | case $option in 310 | g) # display GPL 311 | gpl 312 | Quit;; 313 | v) # Set verbose mode 314 | verbose=1;; 315 | V) # Set verbose mode 316 | echo "Version = $version" 317 | Quit;; 318 | c) # Check option 319 | verbose=1 320 | check=1;; 321 | r) # Reboot option 322 | doReboot=1;; 323 | h) # display Help 324 | Help 325 | Quit;; 326 | \?) # incorrect option 327 | badoption=1;; 328 | esac 329 | done 330 | 331 | if [ $badoption = 1 ] 332 | then 333 | echo "ERROR: Invalid option" 334 | Help 335 | verbose=1 336 | error=1 337 | ErrorMsg="10T" 338 | Quit $error 339 | fi 340 | 341 | # What package manager should we be using? 342 | SelectPkgMgr 343 | 344 | ################################################################################ 345 | # Are updates available? Just quit with message if not 346 | # RC from dnf check-update = 100 if available and 0 if none available. 347 | # Side effect is to create list of updates that can be searched for 348 | # items that trigger a reboot. 349 | ################################################################################ 350 | $PkgMgr check-update > $UpdatesFile 351 | UpdatesAvailable=$? 352 | # Turn on verbose so message will print 353 | verbose=1 354 | if [ $UpdatesAvailable = 0 ] 355 | then 356 | Msg="Updates are NOT available for host $HOSTNAME at this time." 357 | PrintMsg 358 | Quit 359 | else 360 | Msg="Updates ARE available for host $HOSTNAME." 361 | PrintMsg 362 | fi 363 | 364 | # Does the update include a new kernel 365 | if grep ^kernel $UpdatesFile > /dev/null 366 | then 367 | newKernel=1 368 | NeedsReboot=1 369 | Msg="Kernel update for $HOSTNAME." 370 | PrintMsg 371 | fi 372 | # Or is there a new glibc 373 | if grep ^glibc $UpdatesFile > /dev/null 374 | then 375 | newglibc=1 376 | NeedsReboot=1 377 | Msg="glibc update for $HOSTNAME." 378 | PrintMsg 379 | fi 380 | # Or is there a new systemd 381 | if grep ^systemd $UpdatesFile > /dev/null 382 | then 383 | newsystemd=1 384 | NeedsReboot=1 385 | Msg="systemd update for $HOSTNAME." 386 | PrintMsg 387 | fi 388 | # Report on reboot requirement 389 | if [ $NeedsReboot = 1 ] 390 | then 391 | Msg="A reboot will be required after these updates are installed." 392 | PrintMsg 393 | else 394 | Msg="A reboot will NOT be required after these updates are installed." 395 | PrintMsg 396 | fi 397 | 398 | 399 | # Are we checking or doing? 400 | if [ $check = 1 ] 401 | then 402 | # Just checking so we quit 403 | Quit 404 | else 405 | # Do the update 406 | $PkgMgr -y update 407 | # Preserve the return code 408 | RC=$? 409 | # Message and quit if error =3 occurred 410 | if [ $RC -eq 1 ] 411 | then 412 | Msg="An error ocuurred during the update but it was handled by $PkgMgr." 413 | PrintMsg 414 | elif [ $RC -eq 3 ] 415 | then 416 | Msg="WARNING!!! An uncorrectable error ocuurred during the update." 417 | PrintMsg 418 | Quit 419 | fi 420 | fi 421 | 422 | Msg="Updating the man database on $HOSTNAME." 423 | PrintMsg 424 | mandb 425 | 426 | # If new kernel then rebuild grub.cfg, grub for EUFI, and /etc/motd 427 | # We assume that we are using grub2 not the older grub (1) 428 | if [ $newKernel = 1 ] 429 | then 430 | # Do we have regular grub2 configuration? 431 | if [ -e /boot/grub2/grub.cfg ] 432 | then 433 | # Generate the new grub.cfg (grub2) file 434 | Msg="Rebuilding the non-EUFI grub2.cfg file on $HOSTNAME." 435 | PrintMsg 436 | grub2-mkconfig > /boot/grub2/grub.cfg 437 | fi 438 | # Do we have EFI grub configuration? 439 | if [ -e /boot/efi/EFI/fedora/grub.cfg ] 440 | then 441 | Msg="Rebuilding the EUFI grub2.cfg file on $HOSTNAME." 442 | PrintMsg 443 | grub2-mkconfig > /boot/efi/EFI/fedora/grub.cfg 444 | fi 445 | fi 446 | 447 | if [ $doReboot = 1 ] && [ $NeedsReboot = 1 ] 448 | then 449 | # reboot the computer because the kernel or glibc have been updated 450 | # AND the reboot option was specified. 451 | Msg="Rebooting $HOSTNAME." 452 | PrintMsg 453 | reboot 454 | # no need to quit in this fork 455 | elif [ $doReboot = 0 ] && [ $NeedsReboot = 1 ] 456 | then 457 | Msg="This system, $HOSTNAME, needs rebooted but you did not choose the -r option to reboot it." 458 | PrintMsg 459 | Msg="You should reboot $HOSTNAME manually at the earliest opportunity." 460 | else 461 | Msg="NOT rebooting $HOSTNAME." 462 | fi 463 | 464 | PrintMsg 465 | Quit 466 | 467 | ################################################################################ 468 | ################################################################################ 469 | ################################################################################ 470 | # End of program 471 | ################################################################################ 472 | ################################################################################ 473 | ################################################################################ 474 | 475 | -------------------------------------------------------------------------------- /errata.md: -------------------------------------------------------------------------------- 1 | # Errata for *Book Title* 2 | 3 | On **page xx** [Summary of error]: 4 | 5 | Details of error here. Highlight key pieces in **bold**. 6 | 7 | *** 8 | 9 | On **page xx** [Summary of error]: 10 | 11 | Details of error here. Highlight key pieces in **bold**. 12 | 13 | *** -------------------------------------------------------------------------------- /quickstart.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/using-and-administering-linux-volume-2/1165760e7fd1954bb830c49e997c18dddea13eeb/quickstart.zip --------------------------------------------------------------------------------