linux guide

LOGICAL VOLUME MANAGER (LVM)

2009-11-18T02:09:00.000-08:00

If we have logical volume we can dynamicly add or remove diskspace to or from it. Any disk partitions to used as physical volumes need to have their partition types set to 8e, Linux LVM. After creating Primary Volu me, we must create a Volume Group with any name.After that we will create Logical Volume. Not only to the Logical Volume, we can extend or reduce the size of a Volume Group.
Lets start -
Create a Partition of LVM type using fdisk and reboot the system. –

fdisk /dev/hda
n
(define/accept the first cylinder)
(define the last cylinder) +100M
n
(define/accept the first cylinder)
(define the last cylinder) +150M
p (check the newly created partitions at the bottom, note down the partition no.
We are assuming /dev/hda10 and /dev/hda11 are created)
t
10 (partition no)
l ( to list codes - please note the code for Linux LVM, it is 8e)
8e
t
11 (partition no)
8e
w ( to write to partition table and exit from fdisk)

reboot ( reboot your system)

Initialize the LVM Configuration Files
vgscan

Initialize the LVM partitions as physical volumes.
pvcreate /dev/hda10 /dev/hda11

Create Vouume Group.
vgcreate vg1 /dev/ hda10
Here, vg1 is volume group name

Create Logical Volume.

lvcreate -L 50M -n lvm1 vg1
Here, lvm1 is logical volume name

Make filesystem.

mkfs /dev/vg1/lvm1
Mount the newly created logical volume to a directory, say /lvmone
mount /dev/vg1/lvm1 /lvmone

Check the volume size.

lvdisplay /dev/vg1/lvm1

If you want to resize it, first unmount the partion and run
e2fsadm -L+25M /dev/vg1/lvm1

Check the volume size once again. If you want to reduce the partition size run -
e2fsadm -L-20M /dev/vg1/lvm1

Run the following command to see the volume group size and space left on it.
vgdisplay

To extend the volume group size

vgextend vg1 /dev/hda11

Run ‘vgdisplay’ once again to check the volume group size, allocated space and free space.

Some important commands regarding user and group

2009-11-17T01:30:00.000-08:00

To Change owner of a file
chown user_name file_name
Example: You want to make gautam as owner of beragautam.tx
chown gautam beragautam.tx

To change owner and group of a file
chown user_name.group_name file_name

You can also use this command as follows –
chown user_nam:group_name file_name
(Please note, you can use either “:” or “.”)

If you want to assign a file would be used by a group use the following command.
chgrp special atanu.tx
Here group name is special and file name is beragautam.tx

What is a group?
A group is used to represent users, who have similar characteristics,exercise similar tasks and
enjoy similar permission and environment in a network. Now think about the situation here.
You have a group of users who need similar type of access to a file, beragautam.tx. What you will do? Very simple

Create a group.

Issue the command that enables the group to access the file

Give file access permission to this group. (Example, all permissions to owner and read and
execute permissions to group)

Make the users members of a group.

Do these tasks as defined below.
groupadd newgroup
chgrp newgroup bera.tx
chmod 750 beragautam.tx

And then add the user to this group.

vi /etc/group
At the bottom of the file verify the entry related to newgroup and add the user name. It
will look like –
newgroup:x:600:beragautam,gautam

Here, beragautam and gautam are members of the newly created group, ‘newgroup’. The thing
must be noted is, usernames are specified by comma (,) separated form. However,
instead of editing th e /etc/group file directly, we can use commands to add or remove
users from a group.

If we want to add members (in our example, the name of the group is acct and the
members are red and green), we can use the following command –
gpasswd –M red,green acct

If we want to add user ‘blue’ in the ‘acct’ group we can use the following command –
gpasswd –a blue acct

To remove user red from the acct group, we can use the following command –
gpasswd –d red acct

DHCP SERVER

2009-09-17T00:02:00.000-07:00

In a TCP/IP network, each host should have a unique IP address according to the Network address.The clients may also require other information to access different services and resources.In a large network it increase the overhead for an administrator. DHCP Server automates this. DHCP Server provides clients with an IP address along with some host specific configuration parameters. A DHCP Server can be used for dynamic allocation, or it can be used just as a bearer.
In RedHat linux, the main configuration file is /etc/dhcpd.conf

DHCP related information are stored in /var/lib/dhcp/dhcpd.leases file
By default, the /etc/dhcpd.conf file not exists in your system. Though you can copy a
sample file, /usr/share/doc/dhcp-3.0.1/dhcpd.conf.sample, to /etc/dhcpd.conf.

Some options and systaxes in /etc/dhcpd.conf file:

default-lease-time 720;
max-lease-time 86400;
(Values are in seconds)
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.10 192.168.100.50;
range 192.168.100.101 192.168.100.150;
}
(Specifies subnet address with mask followed by subnet address range. Here, addresses
from 192.168.100.51 to 192.168.100.100 will never allocated to any systems)

host comp1 {
hardware Ethernet 00:04:5A:4F:8E:4B;
fixed address 192.168.100.60;
}
(You are supplying ip address ( 192.168.100.60) to comp1 whose NIC mac address is
00:04:5A: 4F:8E:4B.)

option routers 192.168.100.1;
(Gateway address)

option domain-name-servers 192.168.100.2,192.168.100.3;
(Ip address of your Primary and Secondary DNS Server)

option time-servers 192.168.100.2;
(Clients synchronizes time from this Time Server)
option netbios-name-servers 192.168.100.4;
(Microsoft WINS Server)

Check out the following example of a /etc/dhcpd.conf file for your perusal: -

To start the DHCP Server –

/etc/init.d/dhcpd start or
service dhcpd start

To start the service automatically during the boot time –
chkconfig dhcpd on

TCP WRAPPERS

2009-07-09T03:16:00.001-07:00

TCP WRAPPERS
To provide a better degree of access control, some service like sshd, portmap, xinetd are compiled with libwrap.a library. These are called “Tcp-wrapped” service.
Now, we are going to implement control on tcp-wrapped service. We will modify /etc/hosts.deny file here as follows – see the highlighted section in the screenshot below.

Here, in the highlighted section –
• The 1st line defines “ssh connection from any system will be disallowed”
• The 2nd line defines “only a computer with IP address 172.16.1.38 will be allowed to establish ssh session – others will be disallowed”
• The 3rd line defines “ssh connection from any system will be disallowed but the system will allow 172.16.1.38 and 172.16.1.178 to establish ssh session”
• The 4th line allows “computer from 172.16.0.0/255.255.248.0 network will be establis allowed to h ssh session – other will be disallowed”
• The 5th line defines “computer from 172.16.0.0/255.255.248.0 network, except 172.16.1.38, will be allowed and other systems will be disallowed to establish ssh session.
• The 6th line defines “the same rule as it is defined in the 5th line, where the rule is here for telnet and ssh service”
• The last line defines “all tcp-wrapped service can only be accessible from
abc.com domain”

In the screen shot above the last line is activated only as it is not commented out using #.
Have a note, you do not need to start or restart any service to control tcp-wrapped service using tcp-wrapper. All you have to do is just modify the /etc/hosts.deny file.
There is another important file, /etc/hosts.allow, as far as tcp wrapper is concerned. The system will check the /etc/hosts.allow file first, service will be accessible to users using it. Then the system will go through /etc/hosts.deny file and act accordingly.
Let us assume, we have a requirement where we want only ssh service will be accessible from 172.16.1.38 and other “tcp-wrapped” services will be blocked from any user.
The easiest solution is add the following line in /etc/hosts.deny file –
ALL: ALL
Add the following line in /etc/hosts.allow file –
ssh: 172.16.1.38

Protecting the boot loader(grub.conf) with password

2009-06-26T01:04:00.000-07:00

Protecting the /boot/grub/grub.conf with md5 password:

For trouble shooting purpose, administrator sometimes boot the linux computer in single user mode. We will learn how to boot a linux system in single user mode shortly.
If you boot a Linux computer in single user mode the system will never ask you to authenticate and assume you as root user. It is really helpful in case you forgot root user’s password, or the root password has expired, or you want to recover the grub boot loader in a dual-boot system etc.
But there is a security risk also. For example, any one can change the root user’s password after booting the computer in single user mode.
To protect unauthorized user to start the Linux computer in single user mode, it is recommended to set md5 password on grub. The md5 password can be implemented during the time of installation of the Linux computer. It is also possible to set the md5 password on grub after installation.
Here, I will show you, how to set md5 password on grub after installation.
Run, grub-md5-crypt
The system will ask you to enter the password. Supply it.
The system will return you a string on your monitor like this -
$1$Hk/zc0$k3vGSgE0kYxqMKzF6Qi3g/
Note down the string very carefully.
Now, open the /boot/grub/grub.conf file in vi editor
Just below the splashimage=(hd0,1)/grub/splash.xpm.gz line in the file, place the following line –
password—md5 $1$Hk/zc0$k3vGSgE0kYxqMKzF6Qi3g/

After modification, the /boot/grub/grub.conf will look like –
# grub.conf generated by anaconda
#
#boot=/dev/hda
default=0
timeout=20
splashimage=(hd0,1)/grub/splash.xpm.gz
password --md5 $1$Hk/zc0$k3vGSgE0kYxqMKzF6Qi3g/
title DOS
rootnoverify (hd0,0)
chainloader +1
title Red Hat Linux (2.4.18-14)
root (hd0,1)
kernel /vmlinuz-2.4.18-14 ro root=LABEL=/
initrd /initrd-2.4.18-14.img
# end of file
gr
However, I never do the task the same way I describe you above. Rather I append the output of grub-md5-crypt to /etc/grub.conf by executing the following command –
grub-md5-crypt >> /etc/grub.conf
Then I delete unnecessary lines there in the grub.conf file and cut the string and paste it to right place.
At this point if you reboot the computer and try to start the computer with single user mode, you need to supply the grub password, by default the system will boot according to the configuration in the /etc/inittab file.

Remote Administration Telnet, SSH, telnet

2009-06-24T03:58:00.000-07:00

Remote Administration Telnet, SSH and telnet:
Telnet
Telnet is basically a virtual terminal program that helps you to configure a system remotely. In production environment, telnet is rarely used as it transfer keystroke in clear text.To enable telnet all you have to do is, run the following two commands
chkconfig telnet on
service xinetd restart
By default, telnet to remote system using root user is disabled. You have to log into the telnet server as a non-privileged user then you can change your identity as root using the following command –
su – root

SSH

Unlike telnet, ssh is considered a Secure Shell Service. Ssh runs on public/private key infrastructure using rsa or dsa technology.
It is very easy to start ssh. Execute service sshd restart command.
By default any user can establish ssh session. However, this can be controlled by modifying the /etc/ssh/sshd_config file. See the following screen shot. Here I have denied atanu and allowed all other users to establish an ssh session.
We can also allow or deny one or multiple group using AllowGroups or DenyGroups directive, like AllowGroups acct mrkt.
The modification can only be effected when you restart the ssh server.
Check the last two lines in the screen shot in the page –

In my network, I always use ssh to configure remote servers. Generally I configure my linux laptop as an ssh client. I have a RHEL 4 system and I use this particular computer to administer my proxy server that is running on 172.16.1.12. See, what I usually do –In my laptop I execute the following command to create the key –
ssh-keygen –t dsa
You can also use rsa here. See the following screen shot –

Check the output, in the screen shot, carefully. In the 3rd Line, it is saying the key will be saved in /root/.ssh directory. If the .ssh directory is not exist in /root, the sshkeygen command will create it, check the 4th line. After creating /root/.ssh directory, the system will ask you to supply the passphrase. I enter empty passphrase, means just press enter twice. My identification is now saved in /root/.ssh/id_dsa file and the public key is id_dsa.pub.
It is time to copy the id_dsa.pub in the /root/.ssh/ directory in my proxy server and the name of the file will be authorized_keys. I will be using the following command assuming in my proxy server, running on 172.16.1.12, the /root/.ssh directory exists.
scp –rp /root/.ssh/id_dsa.pub root@172.16.1.12:/root/.ssh/authorized_keys
See the output in the following screenshot. After executing the above command the system will ask your confirmation, type yes and press enter, supply root’s password for 172.16.1.12 and the file will be copied securely.

The scp will be discussed shortly.
Now, from your client computer if you execute ssh 172.16.1.12 the system will never ask you to supply the password!!

SCP

Using scp, you can copy files from or to a remote linux system. In ssh section above, see how we use scp to copy id_dsa.pub. To refer a remote system we use user@machin_name_or_ip_address:/any/directory and a source can also be a remote system.
While working with Windows system, I use winscp to communicate with linux system. The winscp382setup.exe is freely available for download in sourceforge.net.
Please be noted, when you establish an ssh or scp session with a computer for the first time, the remote system related information is added in /root/.ssh/known_hosts text file. And if the remote system is re-installed you will be failed to establish ssh or scp session until you remove the system’s information from the /root/.ssh/known_hosts file.

PLUGGABLE AUTHENTICATION MODULE (PAM)

2009-06-23T03:57:00.000-07:00

PLUGGABLE AUTHENTICATION MODULE (PAM)
If you want to disallow console logins to all but root
Open the /etc/security/access.conf file in any editor
Copy the follwing line and paste it at the next line -
# -:ALL EXCEPT wheel shutdown sync:LOCAL
Modify the line as follows -
-:ALL EXCEPT root sync:LOCAL
Edit the /etc/pam.d/system-auth file - add the following line
account required /lib/security/pam_access.so
The above task will disallow console login locally. The user will be able to login to your server from remote system using telnet or ssh.
To disallow local as well as virtual terminal login
Edit the /etc/pam.d/system-auth file - add the following line
account required /lib/security/pam_listfile.so item=user sense=allow
onerr=fail file=/etc/security/validusers
Do not be confused. I am repeating, the above is a single line input. It looks different because it does not fit into my document.
Now, create the /etc/security/validusers file and add users’ name there one in a single line like –
root
user1

The above configuration will allow root and user only to log into your system’s terminal. If you replace sense=allow with sense=deny in the directive in
/etc/pam.d/system-auth file, it will disallow root and .
If you want to disallow a user from login from any terminal except ttyx
Open the /etc/security/access.conf file in any editor
Copy the follwing line and paste it at the next line -
# -:ALL EXCEPT wheel shutdown sync:LOCAL
Modify the line as follows -
-:red:ALL EXCEPT tty3
Edit the /etc/pam.d/system-auth file - add the following line
account required /lib/security/pam_access.so
Login Time Restriction
Open the /etc/security/time.conf in any editor
Add the following lines there -
login;*;red;MoTuWeThFr0000-2400
login;*;green;Mo1000-2400|TuWeThFr0000-2400|Sa0000-1400
Edit the /etc/pam.d/system-auth file - add the following line
account required /lib/security/pam_time.so
Here, user red will be allowed to login from Monday to Friday. And
user green will be allowed to login to the system from Monday 10 hrs to Saturday 14 hrs.
We refer day by using the first two characters of it. For example to refer Sunday, we will be using Su only.
We can use ! for reverse action. Check the following line–
login;*;red;!MoTuWeThFr0000-2400
Here, user red will be disallowed to login from Monday to Friday.

Working with Log - Syslog

2009-06-20T01:30:00.000-07:00

Working with Log - Syslog
Linux applications use syslog utility to log application related error and status messages to a file, by default in /var/log directory.
By default the syslog utility is running in your system to log messages. By default your syslog server accepts log messages from your local system. We can configure a centralized log server in our network that eventually eases track log messaging.
The files related with syslog are /etc/syslog.conf and /etc/sysconfig/syslog.
The /etc/syslog.conf defines in which files log messages will be written. The /etc/sysconfig/syslog file defines mode of operation, whether it will allow remote system to send log messages or not.
A sample /etc/syslog.conf is as follows –

In the default file, it defines –
/var/log/messages is a “general purpose” log, many application logs messages here.
/var/log/secure records login attempts, session related information.
/var/log/maillog contains information about mailing
/var/log/cron allows crond daemon to log messages
/var/log/boot.log contains log messages related to service – start/stop/shutdows information.
Briefly, the syslog service accepts log messages from different programs and writes the messages to appropriate files,generally in /var/log directory.
If you want to configure syslog service to accept log-messages from remote system, you have to configure /etc/sysconfig/syslog file as follows. Note the highlighted section in the following screen shot of /etc/sysconfig/syslog file –
in Syslog Server

Here, what I have done is, replace SYSLOGD_OPTIONS=”-m 0” with
SYSLOGD_OPTIONS=”-m 0 –r”
Now, go to the Linux Client, the system that will send log-messages to your log-server, and do the following – assuming the IP address and name of your log-server is 172.16.1.230 and redhatlinux .
Modify /etc/hosts file by adding the following entry -
172.16.1.230 redhatlinux
Modify /etc/syslog.conf as follows –
authpriv.* @redhatlinux
The above syntax will tell the syslog service to send authentication related information to your syslog server.
Now, restart the syslog service in both, client and server, system. Execute –
service syslog restart
One important thing I must tell. The log files are really helpful. If you are getting problem always check the related log file.
And for students preparing for RHCE exam, “If you fail to log in to your linux system, reboot your computer in single-user mode, check the /var/log/secure file”.

Configure secure imap – imaps

2009-06-18T23:13:00.000-07:00

Configure secure imap – imaps

First of all check whether your mail server is running. If everything is going file, follow the steps –

1. Have backup copy of dovecot.pem file
cd /usr/share/ssl/certs
mv dovecot.pem org.dovecot.pem
cd ../private
mv dovecot.pem org.dovecot.pem
cd –

2. Create new dovecot.pem file with your customized setting, execute make
dovecot.pem. See the screen shot below

At this point your system will ask you to supply some information like – Country name
etc. See what I have done in my case below –

Carefully note the Common Name section. Here, you must supply the FQDN of your mailserver.
At this point the /usr/share/ssl/certs/dovecot.pem is created. If there is any problem, remove the dovecot.pem file and recreate it.

3. Copy the file to /usr/share/ssl/private directory –
cp dovecot.pem ../private
4. Modify /etc/dovecot.conf file as follows –
protocols = ipop3 pop3 imap imaps
5. Restart the servers –
service dovecot restart
service sendmail restart

xinetd Access Control

2009-06-17T20:38:00.000-07:00

When you have a system available from the Internet or remote location, you must consider applying some security on your system. In Redhat there are some services run by xinetd server. xinetd is consider a “super server” in Redhat linux environment.
Here I am going to show you how you can implement security on a service under xinetd in your system.
Below I have printed a sample /etc/xinetd.d/telnet file for our purpose –
# a sample /etc/xinetd.d/telnet file
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
only_from = 172.16.0.0/16
no_access = 172.16.1.2
per_source = 1
instances = 4
access_times = 13:00-17:00
}
# end of file
In the above sample file, -
disable = no (enable telnet service)
only_from = 172.16.0.0/16 (Telnet server will respond to clients from
no_access = 172.16.1.2 172.16.0.0/16 network only, except
172.16.1.2)
per_source = 1 (Per source only one connection will be
allowed)
instances = 4 (Total number of connection allowed is 4)
access_times = 13:00-15:00 (Connection will be allowed between 13 and
15 hrs)
However, whenever you modify /etc/xinetd.d/telnet file, never forget to restart the xinetd service. Run – service xinetd restart

Squid Proxy Server

2009-06-14T21:08:00.000-07:00

Squid Proxy Server
Basic Configuration
The main configuration file for squid proxy server is /etc/squid/squid.conf.

The Squid Proxy Server has a dependency on a DNS Server. Please be noted,
while configuring the proxy client, what you only need to do is, specify the proxy
server’s address and the port number the proxy server is listen to in the browser
setting. There is no need to define the DNS or Router’s address in the TCP/IP
properties in the client machine.

So, please check the /etc/resolv.conf file whether you have already putted any
‘nameserver’ entry on not. The Squid Proxy Server listens to Port 3128 by default.
And by default it will reject all packets. If you want to allow users from your
network only to get the service from squid proxy server – modify the
/etc/squid/squid.conf file as follows. Here we are assuming our network address
is 192.168.0.0/24.

First of all find out the visible_hostname directive in the squid.conf file. By
default it sets to none. Just below the line # none – place an entry like this –

visible_hostname hostname or FQDN

Now find out ‘acl all’ directive in the file. You will find a line like the following –
acl all src 0.0.0.0/0.0.0.0

The above directive is a way to define every hosts in every network, src keyword
define the “source”, by “all” access control list name. If you move downwords,
you will find a line like this –
http_access deny all

Using the two lines, acl all src 0.0.0.0/0.0.0.0 and http_access deny all, the
squid proxy server disallow all the clients to access the proxy service. If you
replace deny with allow in http_access deny all line here, it will allow all clients
to access the serveice. However our task here is to allow our network only. So
put a line that will define you network with an acl name and allow it using the
http_access directive while keeping the default setting. You can write a directive
like this just after the acl all src 0.0.0.0/0.0.0.0 line –
acl ourlan src 192.168.0.0/255.255.255.0

Also put a line just before the http_access deny all directive like the following –
http_access allow ourlan

While allowing clients, Squid Proxy Server goes through the policy one after
another, top to bottom. If it finds any match related to the current packet, it
takes decision on that - whether the client will be allowed or denied.

To start/stop/restart the squid service you can execute the following command
respectively –

service squid start
service squid stop
service squid restart

chkconfig squid on command will start squid automatically at booting time.

User authenticated access to Squid Proxy

The user can be authenticated from the local system (the squid proxy server) through
ncsa authentication or from an LDAP server like Novell' s NDS or e-Directory or Microsoft's
Active Directory.

I am sending you the ncsa authentication implementation....

1. First of all, create a password file for the users and assign read permission to all.

touch /etc/squid/squid_passwd
chmod o+r /etc/squid/squid_passwd

2. Create Users and Passwords for the users -

htpasswd /etc/squid/squid_passwd user_1
htpasswd /etc/squid/squid_passwd user_2
htpasswd /etc/squid/squid_passwd user_n

3. Modify /etc/squid/squid.conf to support ncsa_auth program
Open the /etc/squid/squid.conf in vi editor, find out auth_param directives, and add the
following line just below the last auth_param directives -

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd

Move to acl section in the /etc/squid/squid.conf file - you can find out acl all directive
by pressing /acl all and press . Add the follwing line -

acl ncsa_users proxy_auth REQUIRED

Scroll down to http_access deny all directive and insert a line at the top as follows -

http_access allow ncsa_users

4. Restart your Squid proxy server -

service squid restart

Web site restriction through Squid Proxy

Open the /etc/squid/squid.conf in vi editor - move to acl ncsa_users proxy_auth
REQUIRED
add a line as follows -

acl blockdomain dstdomain "/etc/squid/blocked-domain-list"

Scroll down to http_access allow ncsa_users
put a line at the top like this -

http_access deny blockdomain

After modification, it will look like these -
...
http_access deny blockdomain
http_access allow ncsa_users
http_access deny all

Now create a file in /etc/squid, named blocked-domain-list

Define the name of th e web sites you want to block as follows -
.xxx.com
.yyy.com

Please be noted, you can only define one domain name in a single line.

Restart your Squid proxy server -

service squid restart

There are several methods of using a block list with squid. One of them is the Malware
Block list. Let us check how to use this list.

Now, it is time to check, the activities of squid proxy server. By default squid
generates log report in /var/log/squid directory. The access.log reports you
information about website access using your proxy server where cache.log and
store.log keep information about cached information. Commands are available
to pipe out information. However, there are so many utilities available in the
Internet to show you information in easily readable format.

In production environment I use SARG – the Squid Analysis Report Generator.
SARG helps you to analysis squid-log information using a browser where you can
categorize information. Top of that it is free.

First of all, download the software. I have downloaded it, sarg-2.2.2.tar.gz, from
http://sarg.sourceforge.net/sarg.php.

Go to the directory where you have downloaded the software and extract it using
the following command.
tar xzvf sarg-2.2.2.tar.gz

The command will extract the file in sarg-2.2.2 directory. Change your working
directory there – execute cd sarg-2.2.2
./configure –-enable-htmldir=/var/www/html/report
It is time to compile and install the software. Execute the following commands –
make && make install

By default the sarg binary directory is /usr/bin, where the sarg configuration file
is saved in /usr/local/sarg directory. The name of the configuration file is
sarg.conf.

Now you have to modify /usr/local/sarg/sarg.conf so that it will find the
access.log file, generated by squid, and generate a report by creating necessary
files in a directory.

In my case, I define minimum parameters like follows –
access_log /var/log/squid/access.log
output_dir /var/www/html/squid/squid-reports

You will find the access_log and output_dir parameters in sarg.conf file. Remove
the # and make necessary changes. In my case the squid directory is created in
/var/www/html directory. You do not need to create squid-report directory, rather
the sarg software will create it. You have to make it sure whether squid has
enough permission to create file there in /var/www/html/squid directory.

Now, generate the report that will be used by “sarg” using the following command
–
sarg –f /usr/local/sarg/sarg.conf

Now, configure Apache to access this report from your browser. What I usually do
is, I put the following Alias directives in my /etc/httpd/conf/httpd.conf file –

Alias /report “/var/www/html/squid/squid-reports/”

Options Indexes Includes

Restart your apache web server. From your web browser see the fascinating
report using – http://squid_server’s_ip_address/report

Here I am putting some screen shots –

Thing is that whenever you run sarg –f /usr/local/sarg/sarg.conf, sarg-report
will be created. We can submit a cron job, so that the system will execute it
automatically. In my network, I put the following line after executing crontab –e,

0 * * * * /usr/bin/sarg –f /usr/local/sarg/sarg.conf

Setting customized message

Create an html file with customized message and save it to /etc/squid/error
directory.

Now put the following directives in /etc/squid/httpd.conf –

acl blacklist dstdomain “/var/lib/squidguard/BL/blacklist”
http_access deny blacklist
deny_info blocked.htm blacklist

Restart squid proxy server and try to access any restricted site, as per
/var/lib/squidguard/BL/blacklist, from your workstation.

See the result in my case –

SAMBA FILE SERVER

2009-06-08T00:16:00.000-07:00

SAMBA FILE SERVER
SAMBA is a software package that lets you share file system with computer running
Session Message Black (SMB) Protocol.
If we have all RedHat Linux or UNIX systems in our network, using NFS is the best choice.
If we have windows clients, with no NFS installed to access RedHat Linux directories and
files, configuring SAMBA is probably the best choice.
The main configuration-file for SAMBA is /etc/samba/smb.conf.
We can edit this file or can use swat program to configure SAMBA.
Configuring the basic SAMBA server is a three steps procedure –
1 Edit the smb.conf file
2 Add samba users
3 Start samba service

1.
The minimum settings in /etc/samba/smb.conf file are as follows –

[global]
workgroup = WORKGROUP (It will always better to have same workgroup name with the
respective window client – here, WORKGROUP)

netbios name = LINUX (When windows user browse the network, the linux
system will be displayed as LINUX. If we have an WINS server in our network, we must
manually add the host name and IP address of our LINUX SAMBA SERVER)

hosts allow = 192.168.100. (The users from 192.168.100. network can access
the SAMBA Server)

security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
(Established user level security, users need to be authenticated using samba passwords,
stored in / etc/samba/smbpasswd file)
#[Share Defination Section]
[home]
browseable = yes
writable = yes
valid user = %S
(Users can access their respective home directory)

[accounting]
path = path-to-the-directory-you-want-to-share
(The shared folder will have ‘accounting’ share name)
browseable = yes
writable = yes
valid users = user1,user2,user3,@group1
(user1, user2 and user3 are valid users where group1 is a valid group)
It is always better to modify the /etc/samba/smb.conf file to fulfill our purpose.

2.

To add samba users use the following command –
useradd –m username

To create passwords for samba users use the following command –
smbpasswd –a username

3.

To start the samba service immediately –

/etc/init.d/smb start or service smb start

To start the samba service automatically every time the system boots –

chkconfig smb on

An example of /etc/samba/smb.conf may look like this –

# Samba config file created using SWAT
# from UNKNOWN (192.168.100.2)
# Date: 2004/04/03 08:37:46

# Global parameters
[global]
netbios name = LINUX
server string = Samba Server
encrypt passwords = Yes
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
hosts allow = 192.168.100.
printing = lprng

[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0664
directory mask = 0775
browseable = No

[winusers]
path=/home/winusers
browseable = yes
writable = yes
valid users = user1,@wingroup

NFS FILE SERVER

2009-05-23T02:26:00.000-07:00

By default the RedHat linux has built in Kernel support for NFS.
The Filesystem to share are defined in /etc/exports file.
In our lab session, we will configure our web server so that users can access their respective home directory and will have read- only access to /all directory. We must remind whatever share permission we specify in the /etc/exports file, the most restrictive settings will activated. The IP address of our NFS server is 192.168.100.2.
First of all, edit the /etc/exports file by inserting the following lines
/all *(ro)
/home *(rw)
Export the share using the following command –
exportfs –a –v
Restart the service –
service nfs restart
service nfslock restart

Check which folders are NFS shared –
exportfs
Go to any client computer, make a directory using mkdir command say /all
mkdir /all
Assign necessary permission, here we will set – chmod 705 –R /all
Mount the NFS shared directory to your client’s computer
mount 192.168.100.2:/all /all
At this point, users from your client computer will access /all directory in your NFS server.
Yes, it is read-only access.
Now, you have to configure your network such a way, so that, whenever a user logs in to any computer, he will get the same file system and hierarchy in his/her home directory.
In fact, whenever a user saves files to his/her home directory, it will be saved to NFS Server.

Working with Boot Loader

2009-05-13T23:30:00.000-07:00

Let us know, how we can configure our boot loader.In linux the file is
/boot/grub/grub.conf. You will find a soft link of this file in /etc directory.
The boot loader file specifies the computer where the system files exist in our system so that the computer can boot perfectly. The grub.conf understands Microsoft’s boot loader file also. If we have multiboot system, we can configure the linux boot loader file, /boot/grub/grub.conf to set the default operating system and how long the computer can wait before booting the system with the default operating system.
Let us have a look at the screen shot below for /boot/grub/grub.conf file.

According to the above example, there is only one operating system loaded – the Red Hat Enterprise Linux, see the title section here. You are open to change the contents of the title . The default=0 tells the system to boot using the OS referred by the first title. The timeout=5 defines that the system will wait for 5 seconds before booting with the default Operating system. The splashimage is nothing but the image you see in the boot loader screen. Here, considering you have a dual booting system, you may choose which Operating System will be loaded. The hiddenmenu does what its name implies – it hides the menu. The root (hd0,0) indicates where the system will find the root of the booting related files. In Red Hat linux, the name of the directory is /boot. The hd0,0 section could be different in accordance with the partition information in your hard disk. Here hd0,0 indicates the first partition in the first hard disk. The next two lines defines the kernel and initrd image file name.Let us check another grub.conf file below –
# grub.conf generated by anaconda
#
#boot=/dev/hda
default=0
timeout=10
splashimage=(hd0,1)/grub/splash.xpm.gz
title Red Hat Linux (2.4.18-14)
root (hd0,1)
kernel /vmlinuz-2.4.18-14 ro root=LABEL=/
initrd /initrd-2.4.18-14.img
title DOS
rootnoverify (hd0,0)
chainloader +1
# end of file
According to the above file the computer’s default operating system is Red Hat Linux. You
know, why !!. If you want to set DOS as the default, what we can do is just change the
value for ‘default’. Replace 0 with 1.
At this point if you reboot the computer you will see at the top Red Hat Linux exists though the DOS has been selected. If you interchange the title directives, you will see at the top DOS exists and it has also been selected.
Here is the modified /boot/grub/grub.conf file....
# grub.conf generated by anaconda
#
#boot=/dev/hda
default=0
timeout=20
splashimage=(hd0,1)/grub/splash.xpm.gz
title DOS
rootnoverify (hd0,0)
chainloader +1
title Red Hat Linux (2.4.18-14)
root (hd0,1)
kernel /vmlinuz-2.4.18-14 ro root=LABEL=/
initrd /initrd-2.4.18-14.img
# end of file
Please note that, there is no need to run any command to make the change effective.

FTP SERVER

2009-05-04T22:43:00.000-07:00

Setting up FTP server is a standard method for sharing files over the internet.
Two FTP server packages are provided with Linux RedHat 8 distribution, - the Washington
University FTPD (WUFTPD) and the Very Secure FTPD (VSFTPD).
Among the two, VSFTPD is considered to be better for high-volume FTP servers.
Access to the FTP server relies on a login process in the particular FTP server. Users with
their accounts on the system most likely have access to the greater part of the file system
after been authenticated comparing to ‘Anonymous’ user.
We will only concentrate to the VSFTPD configuration.
Setting up VSFTPD:
Start the VSFTPD FTP Server: Redhat 8
First of all check whether WUFTPD is running or not. To stop WUFTPD you must modify
the /etc/xinetd.d/wu-ftpd file. Replace the seeting
disable = no with disable = yes.
Edit the /etc/xinetd.d/vsftpd file by replacing the setting
disable = yes with disable = no
Restart the xinetd server by running the following command –
service xinetd restart or
/etc/init.d/xinetd restart
At this point, by default, anonymous users are given ‘read-only’ access to files and
subdirectories in /var/ftp.
Authenticated local users get access to their respective home directories.
With RHEL 3 or RHEL 4 starting ftp service is really simple. All you have to do is
exetcute the following command - service vsftpd restart .
To Start the ftp service in booting time, execute chkconfig vsftpd on
The vsftp ftp service configuration file is vsftpd.conf In case of Redhat 8, you will find
this file in /etc/ folder. In RHEL 3/4 you will find the file in /etc/vsftpd/ directory.
The vsftpd.conf file:
Configuration for the anonymous users:
By default, the anonymous users have read-only access to /var/ftp directory. The
default location for anonymous users can be changed by keeping the following directive in
the vsftpd.conf file – anon_root=/var/new .
Please be noted, whenever you modify the vsftpd.conf file, you need to restart the ftp service.
The anonymous_enable=YES option in vsftpd.conf file lets the anonymous users to access
the /var/ftp directory. It is the default setting.
If you want to disable anonymous access modify the
anonymous_enable=YES to anonymous_enable=NO
We can allow anonymous users to upload files using –
anon_upload_enable=YES option, provided that the directory or directories, where the
filess will be uploaded, are exist with write permission. For the security reason it is
always better to create a directory in /var/ftp with 777 permission – where the
anonymous users will upload their files.
Create a directory, say, public
mkdir /var/ftp/public
Set the permission
chmod 777 –R /var/ftp/public
We must keep in mind, ownership will be granted to ftp user for the files uploaded by
anonymous users. So, it is understandable, anonymous users get read-only access to the uploaded files.
If you want to allow the anonymous users to rename or delete the files in
/var/ftp/public directory, place the following option in the vsftpd.conf file –
anon_other_write_enable=YES
If you want to allow the anonymous users to create their own directory in the
/var/ftp/public directory, place the following option in the vsftpd.conf file –
anon_mkdir_write_enable=YES
If you want to configure the FTP server so that a particular user, say Linuxuser, will be
granted the ownership of the files uploaded by the anonymous users, place the following
options in the vsftpd.conf file –
chown_uploads=YES
chown_username=Linuxuser
Do not forget to restart ftp service –
service vsftpd restart

DUMP and RESTORE

2009-05-04T04:41:00.000-07:00

DUMP and RESTORE:
Dump and Restore is used to take backup or restore ‘only ext2 or ext3’ file system. This
particular dump and restore utility can be u sed to take full or incremental backup.
To take a full backup of the /home filesystem onto the tape device nst1 we can use the
following command –
dump -0u-f /dev/nst0 /home
Here we specify 0 to define full backup and u (dump -0u-f /dev/nst0 /home)
is specified so that dump information will be recorded for future use of dump. Generally
administrators love to take full backup on weekly or monthly basis while regularly take
incremental backup. For incremental backup, the command may be as follows –
dump -4u-f /dev/nst0 /home
Please note, we use 4 instead of 0 to define incremental backup.
To restore data backed up with dump command we use restore command. For example,
suppose we had /dev/hda9 mounted on /home. On a clean device mounted on /home,
first of all we should change the working directory there and then use the following
command – restore –rf /dev/nst0
Whenever we use dump command using –u option, it will update /etc/dumpdates, which
actually contents the dump-information.

SOME BACKUP RELATED COMMANDS:

To Erase Dat Drive
mt –f /dev/st0 erase
To rewind the Dat Drive
mt –f /dev/st0 rewind
To backup the www Server
find /etc/httpd/conf /usr/local –print | cpio –ovcB > /dev/st0
To backup up Sendmail Mail Server
find /var /home /etc/mail –print | cpio –ovcB > /dev/st0

SCHEDULING TASKS:

2009-05-02T02:31:00.000-07:00

Using the ‘at’ utility. The at facilty is designed to run jobs at specific times. Submitted jobs are spooled to /var/spool/at directory.
The daemon name is atd. Access Control Files:
/etc/at.allow - Contains list of users who are granted to submit ‘at’ jobs.
/etc/at.deny - Contains list of users who have ‘No’ permission to submit ‘at’ jobs.
Let us see how can we use the ‘at’ facility. For Example, we need to copy the contents of /home directory in compressed form to /tmp/backup directory.
To do this, we can run the following commands –
at 12:00
cd /home
mkdir /tmp/home
mkdir /tmp/backup
cp –Rf * /tmp/home
cd /tmp/home
tar czvf backup.tar.gz *
cp backup.tar.gz /tmp/backup
+d
We can also run a single command to make this happen – this command will do the same task above.
echo “cd /home; mkdir /tmp/home; mkdir /tmp/backup; cp –Rf * /tmp/home; cd
/tmp/home; tar czvf backup.tar.gz *; cp backup.tar.gz /tmp/backup” | at 12:00
Example for specifying times for at jobs:
at now The job will run immediately
at now + 2 minutes The job will run 2 minutes from the current time.
at next hour The job will run after 1 hour from the current time.
at next month The job will run after 1 month from the current time.
at next year The job will run after 1 year from the current time.
at next fri The job will run on next Friday
at 16:00 today The job will run today at 16 hours.
at 16:00 tomorrow The job will run tomorrow at 16 hours
at 16:00 May 31 2004 The job will run on May 31s t , 2004 at 16 hours
I think, the most efficient way to use the at facility with –f option.
• f option can be used to use contents of a file to executed as ‘at’ command.
For Example, if we use the following command –
at –f /home/newback now + 10 hours
The system will see the contents of the /home/newback file and use them as ‘at’ command

COMPRESSION UTILITY

2009-04-29T23:34:00.000-07:00

To compress all files in the current directory –
tar czvf myfile.tar.gz *
To de-compress or extract
tar xzvf myfile.tar.gz
To compress a file with zip utility -
gzip –v file_name (File_name will be zipped with .gz extension)
gunzip file_name.gz (Decompresses a zipped file)
gunzip –c file_name.gz (Decompresses a zipped file while keeping the original .gz file)
bzip2 –v file_name (Newer compression utility. Creates a zipped file with bz2 extension)
bunzip2 file_name.bz2 (Decompress .bz2 file)
tar cjvf myfile.tar.bz2 * (All files will be zipped with bz2 extension)
Use the following command a have low level formatted floppy disk –
fdformat /dev/fd0 H1440
We can save a zipped file in floppy disk (with low level format) without mounting the
floppy disk using this following command –
tar czvf /dev/fd0

IP Forwarding

2009-04-25T01:10:00.000-07:00

IP Forwarding is a feature of the LINUX kernel, which can be turned on or off,
if needed, without rebooting the computer. It is very much needed, especially
when a LINUX system is used as a Firewall/Router or a Proxy Server for
a network and is doing Network Address Translation (NAT) to masquerade
a private subnet behind a single public IP address. In this regard,
what Administrators do is –
Install two network cards (one will be assigned with the real or public IP
address and the second will be assign ed with the private IP address.)
To turn IP Forwarding on we can run the following command –
echo 1 > /proc/sys/net/ipv4/ip_forward
The above command will enable IP forwarding for the current session,
as the default setting is “disable”. To make it permanent, modify /etc/sysctl.conf as follows -
net.ipv4.ip_forward = 1
By default the value 0 is set, means the NATing is disabled. However, after modifying
/etc/sysctl.conf, reboot your machine to make it permanent. During the time of
booting the computer will check the /etc/sysctl.conf and read the IP forwarding related
parameters net.ipv4.ip_forward = x and load it to /proc/sys/net/ipv4/ip_forward file.
However, by executing - echo 1 > /proc/sys/net/ipv4/ip_forward you can enable IP
forwarding instantly.

Configure Network Interface Card

2009-04-23T05:11:00.000-07:00

To view the current configuration of the Network Interface Card run : ifconfig
We can use ifconfig command to temporarily changes parameters of the NIC. The syntax is –
ifconfig eth0 ip_address net_mask
Example: ifconfig eth0 192.168.100.1 255.255.255.0
We must keep in mind that the ifconfig command is used to assign the IP address
temporarily. To change the IP address permanently we must use netconfig command.
Using netconfig command we can assign IP address, subnet mask and network related
parameters, like – Gateway address, DNS server address, Host name of this Server,
Domain name etc.
To make the configuration effected, we can restart the computer. However, we can also
restart the network service to apply the settings. To do this we can use the following
command – "service network restart "
We must remind, if we use netconfig it will configure the eth0. To configure eth1 we
should use the following command – " netconfig –d eth1 "
We can bind multiple IP address to a single Ethernet card. To do this we must configure
sub-interface for that particular Network Interface Card. To create sub-interface 0 for
eth0, we should use the following command – "netconfig –d eth0:0 "
To create sub-interface 1 for eth0, we should use command - "netconfig –d eth0:1 ". After setting values
to the sub-interface(s), don’t forget to restart the network service (service network restart).
If we want to configure network card from GUI, we will run "system-config-network " in a Terminal.
Please be noted, the DNS server related configuration goes to /etc/resolv.conf
It is also possible to bind a single or multiple range of IP addresses to a single network
interface card. To do this, go to / etc/sysconfig/network-scripts folder and create a file
named with ifcfg-eth0-range0. I am assuming we are binding a range of IP addresses to eth0.
The contents of this file will be –
IPADDR_START=192.168.0.50
IPADDR_END=192.168.0.100
CLONENUM_START=0
Do not forget to start the network service using service network restart command.
You can bind maximu m 256 IP addresses to a single network interface card.
To bring up/down an interface, say eth0, we use the following commands –
ifup eth0 (To bring up)
ifdown eth0 (To bring down)
To configure eth0 to obtain IP address from dhcp server, we can edit the
/etc/sysconfig/network-scripts/ifcfg-eth0 file as follows –
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
Yes, we can also use the netconfig command in this respect.
To allow a non-privileged user to control network interface card, we can add the following
line in /etc/sysconfig/network-scripts/ifcfg-eth0 file –
USERCTL=yes

Define IP route:
We can set static route per-interface basis. For exammple, if we want to add a route on
eth0, we must use the following file – /etc/sysconfig/network- scripts/route-eth0
The syntax is – ip-address/CIDR via gateway-address
Example - 192.168.1.0/24 via 192.168.100.254
If we use redhat-config-network command, the command uses a different file. It is
/etc/sysconfig/networking/devices/eth0.route. Here, the syntax used is different.
It will be like this –
ADDRESS0=192.168.1.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.100.254
Please note, I define ADDRESS0,NETMASK0 and GATEWAY0. Because, they define the
first static route. For the second static you route, you must use ADDRESS1,NETMASK1
and GATEWAY1 with the same syntax.
OK?

Vi editor

2009-04-20T22:52:00.000-07:00

Use vi editor
There are so many editors available with RedHat Linux distribution.You must know one
of them. We will learn and use vi editor in our classroom. To configure and maintain a
RedHat Linux system we must know the followings –
To create/edit a file with vi editor we use vi file_name command.
Press ‘I’ or ‘Insert’ button to insert contents to a file.
:wq - Save and Exit
:w - Save
:q - Quit
:x - Save and Exit
:se nu - Sets number of lines
/text - Searches a text
?text - Searches the text above the current position
yy - Yanking (Copy) line
No.yy - Copy lines (Replace No. with the number you want to copy)
dd - Delete line
p - Paste line
u - Undo changes
G - Go to the last line in the file
1G - Go to the first line in the file
!!command - Replace the blank line with the output of the command.
:1,$s/text/newtext/g - Search and Replace – text will be replaced by newtext throughout the document.
:8,12s/text/newtext/g - Find and Replace – between line 8 and 12
:.,.+10s/text/newtext/g - Replace between current line and next 10 lines
:r file_name - Read file_name and place it after the cursor.
:1,20w newfile - 1s t to 20t h line will be saved to newfile
:10,20w >> newfile1 - 10th to 20t h line will be appended to newfile1

Linux command

2009-04-08T01:38:00.000-07:00

Some Important Commands:
Before we start, we must commit not to delete files except those, that are created by us.
Lets go…..
Log in as root
pwd is used to display full path name of the current directory.
cd command changes the current directory to a specified directory.
Example – cd /usr/bin
~ sign specifies full path for your home directory
mkdir is used to create a directory. Example – mkdir new (will create directory in the current directory) mkdir /home/new (will create directory under /home)
mkdir –p /all/{tom,dic,harry}/{old,new}
The above command will create tom, dic and harry directories in /all and also creates old and new directory in each tome, dic and harry directory.
ls is used to display list of files and directory.
ls –l displays a detail list of files and directories, indicating directory/file, file acess
permission, link ,file, directory, owner, group owner, size in bytes,creation date and time
and name of directory/ file. In the first field, “-“ indicates “file”, “d” indicates directory”.
ll will also gives the same result as ls –l.
ls –la or ll -a list all files including the hidden files.
ls –R –l recursive listing of files, includes contents of the specified/current directory and all the subdirectories.
ls –r –l displays files and directory in reverse order.
ls –s –l list files, sorts by file size.
cp command is used to copy file. Example – cp file1 file2 (here file1 is source file and
file2 is the destination).
cp /etc/* . (copy all files from the /etc directory into the current position)
cp –r file_name destination_directory (Copy file to destination and preserve
permission, ownership and time stamps)
cp –r /etc/* /home/user1 copy all files and directories, including subdirectories in
/home/user1directory.
rm * delets all files from the current directory. Here the system will ask your
confirmation. Only files will be deleted.
rm –f * deletes all files from the current directory forcefully. The system will not ask your confirmation before deleting files.
rm –Rf * this command removes all files and subdirectories
cat command is used to display contents of a file. Example – cat file1
cat > file2 command allows you to create file, named as file2, and it gives you an interface to add contents to this file. However after adding contents we can save the file using +d command.
cat file1 file2 > file3:it create a file, named file3, with the contents of file1 and file2
cat file1 > file2 (here, the contents of file2 will be overwritten by the contents of file1)
cat file1 >> file2 (here, the contents of file1 will be appended to the contents of file2)
touch command can be used to create file/files with no contents. Example -
touch file_name1 file_name2 file_name3
echo command is used display any string
rmdir deletes directory. Example rmdir /home/new. This command will remove /home/new directory if it is empty.
rm deletes file. Example rm file1
date command displays current date & time
clear will clear the console screen.
df –h displays partition(s) and space used in partitions
w OR who is used to view who are logged on to this server
useradd or adduser is used to create user object.Example: useradd user_name
passwd - a user can change his password using this command
passwd user_name :If root user wants to change the password for any user
Here are some important passwd commands: -
passwd –d user-name (will empty password for that user)
passwd –l user-name (will lock the user account)
passwd –u user-name (will unlock the user account

X-Windows

2009-04-06T20:56:00.001-07:00

The X Window System or X or X11 is the foundation for the Graphical User Interface on RedHat Linux. The X Server works with Graphics Hardware (VGA). Any application requires graphic display is an X Client. RedHat provides two desktop environment – GNOME and KDE. The GNOME is the default desktop. To switch between the GNOME and KDE run switchdesk and select your desired desktop. We will come to this point later. By default RedHat Linux has configured with six (6) virtual console and one X console. We can move to any virtual console by typing ctrl+alt+Fx (Where F – Function key and in place of x we can use 1 to 6 to switch from one virtual terminal to another) or we can switch to X console by typing ctrl+alt+F7. We can start the X server by running the following command – startx considering the system has started in run level 3. We will discuss “run level” later.

X window

2009-04-06T20:56:00.000-07:00

The X Window System or X or X11 is the foundation for the Graphical User Interface on

RedHat Linux. The X Server works with Graphics Hardware (VGA). Any application

requires graphic display is an X Client.

RedHat provides two desktop environment – GNOME and KDE. The GNOME is the default

desktop. To switch between the GNOME and KDE run switchdesk and select your

desired desktop. We will come to this point later.

By default RedHat Linux has configured with six (6) virtual console and one X console.

We can move to any virtual console by typing ctrl+alt+Fx (Where F – Function key and

in place of x we can use 1 to 6 to switch from one virtual terminal to another) or we can

switch to X console by typing ctrl+alt+F7.

We can start the X server by running the following command –

startx considering the system has started in run level 3. We will discuss “run level”

later.

Apache Web Server

2009-04-04T04:42:00.000-07:00

APACHE WEB SERVER
We are assuming the FQDN of our Web Server is – mail.bera.com and the IP address is 192.168.100.2. Our DNS Server is configured properly and it is running.
Minimum Configuration to start the Web Server: -
The main configuration file is /etc/httpd/conf/httpd.conf.
Please make a copy of the httpd.conf file by using the following command –
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.org
Now you have to edit the file as below step.
1. Edit the /etc/httpd/conf/httpd.conf file -
(Find the ‘ServerName’ directive and place the FQDN or IP address as follows -
ServerName 192.168.100.2:80
2. Put an html file (which will be displayed as your ‘home page’) in the /var/www/html
directory. The preferred name of the file, may be, index.html.
3. Start the httpd server - service httpd start or /etc/init.d/httpd start
To start the service every time you boot the system, run the following command –
chkconfig httpd on

This is a very simple configuration. Isn’t it?

If you have any problem then post your comment’s that I can provide the solution.

About Linux short briefing

2009-04-04T04:30:00.000-07:00

Linus Torvalds introduced LINUX in 1991. LINUX is developed keeping UNIX as a
reference model. We can consider LINUX as another version of UNIX. Mr. Linus has made the source code of the LINUX KERNEL available for study, develop and change over the internet. LINUX is an open-development model. It accepts modification to the KERNEL code. Now different distributions are available in the internet. Like RedHat, Mandrake,Slackware, SUSE etc. The core of the LINUX System is KERNEL. It controls the resource of the computer and allots these resources to users and different tasks. In other words we can say the KERNEL allows the users to interact with the hardware. However, we must keep in mind,users cannot access the KERNEL directly. Rather they use a simple user interface to communicate with the KERNEL, called a SHELL.
We will use RedHat E nterprise Linux Release 4 in the training program.
Before starting here is quick look to -
UNIX SHELL
Bourne Shell (sh) : Original UNIX shell written by Steven Bourne at AT&T.
C Shell (csh) : Written by Bill Joy at UC Berkeley
Korn Shell (ksh) : Written by David Korn at AT&T.
Bourne Again Shell (bash) : The default shell for RedHat Linux. We will find
many of the extra features of all the above shells – these include –
Command line completion
Command line editing
Command line h istory
Prompt control.