linux guide

If we have logical volume we can dynamicly add or remove diskspace to or from it. Any disk partitions to used as physical volumes need to have their partition types set to 8e, Linux LVM. After creating Primary Volu me, we must create a Volume Group with any name.After that we will create Logical Volume. Not only to the Logical Volume, we can extend or reduce the size of a Volume Group.
Lets start -
Create a Partition of LVM type using fdisk and reboot the system. –

fdisk /dev/hda
n
(define/accept the first cylinder)
(define the last cylinder) +100M
n
(define/accept the first cylinder)
(define the last cylinder) +150M
p (check the newly created partitions at the bottom, note down the partition no.
We are assuming /dev/hda10 and /dev/hda11 are created)
t
10 (partition no)
l ( to list codes - please note the code for Linux LVM, it is 8e)
8e
t
11 (partition no)
8e
w ( to write to partition table and exit from fdisk)

reboot ( reboot your system)

Initialize the LVM Configuration Files
vgscan

Initialize the LVM partitions as physical volumes.
pvcreate /dev/hda10 /dev/hda11

Create Vouume Group.
vgcreate vg1 /dev/ hda10
Here, vg1 is volume group name

Create Logical Volume.

lvcreate -L 50M -n lvm1 vg1
Here, lvm1 is logical volume name

Make filesystem.

mkfs /dev/vg1/lvm1
Mount the newly created logical volume to a directory, say /lvmone
mount /dev/vg1/lvm1 /lvmone

Check the volume size.

lvdisplay /dev/vg1/lvm1


If you want to resize it, first unmount the partion and run
e2fsadm -L+25M /dev/vg1/lvm1

Check the volume size once again. If you want to reduce the partition size run -
e2fsadm -L-20M /dev/vg1/lvm1

Run the following command to see the volume group size and space left on it.
vgdisplay

To extend the volume group size

vgextend vg1 /dev/hda11

Run ‘vgdisplay’ once again to check the volume group size, allocated space and free space.

Labels: command, configuration, edit, file system, guide to linux, instalation, Linux, linux administrator guide, linux config, lvm.LOGICAL VOLUME MANAGER, pocket linux guide, red hat linux guide

To Change owner of a file
chown user_name file_name
Example: You want to make gautam as owner of beragautam.tx
chown gautam beragautam.tx

To change owner and group of a file
chown user_name.group_name file_name

You can also use this command as follows –
chown user_nam:group_name file_name
(Please note, you can use either “:” or “.”)

If you want to assign a file would be used by a group use the following command.
chgrp special atanu.tx
Here group name is special and file name is beragautam.tx

What is a group?
A group is used to represent users, who have similar characteristics,exercise similar tasks and
enjoy similar permission and environment in a network. Now think about the situation here.
You have a group of users who need similar type of access to a file, beragautam.tx. What you will do? Very simple

Create a group.

Issue the command that enables the group to access the file

Give file access permission to this group. (Example, all permissions to owner and read and
execute permissions to group)

Make the users members of a group.

Do these tasks as defined below.
groupadd newgroup
chgrp newgroup bera.tx
chmod 750 beragautam.tx

And then add the user to this group.

vi /etc/group
At the bottom of the file verify the entry related to newgroup and add the user name. It
will look like –
newgroup:x:600:beragautam,gautam

Here, beragautam and gautam are members of the newly created group, ‘newgroup’. The thing
must be noted is, usernames are specified by comma (,) separated form. However,
instead of editing th e /etc/group file directly, we can use commands to add or remove
users from a group.

If we want to add members (in our example, the name of the group is acct and the
members are red and green), we can use the following command –
gpasswd –M red,green acct

If we want to add user ‘blue’ in the ‘acct’ group we can use the following command –
gpasswd –a blue acct

To remove user red from the acct group, we can use the following command –
gpasswd –d red acct

Labels: command, configuration, edit, file system, guide to linux, job, kernel, Linux, linux administrator guide, linux config, Linux installation guide, pocket linux guide, red hat linux guide

TCP WRAPPERS
To provide a better degree of access control, some service like sshd, portmap, xinetd are compiled with libwrap.a library. These are called “Tcp-wrapped” service.
Now, we are going to implement control on tcp-wrapped service. We will modify /etc/hosts.deny file here as follows – see the highlighted section in the screenshot below.


Here, in the highlighted section –
• The 1st line defines “ssh connection from any system will be disallowed”
• The 2nd line defines “only a computer with IP address 172.16.1.38 will be allowed to establish ssh session – others will be disallowed”
• The 3rd line defines “ssh connection from any system will be disallowed but the system will allow 172.16.1.38 and 172.16.1.178 to establish ssh session”
• The 4th line allows “computer from 172.16.0.0/255.255.248.0 network will be establis allowed to h ssh session – other will be disallowed”
• The 5th line defines “computer from 172.16.0.0/255.255.248.0 network, except 172.16.1.38, will be allowed and other systems will be disallowed to establish ssh session.
• The 6th line defines “the same rule as it is defined in the 5th line, where the rule is here for telnet and ssh service”
• The last line defines “all tcp-wrapped service can only be accessible from
abc.com domain”

In the screen shot above the last line is activated only as it is not commented out using #.
Have a note, you do not need to start or restart any service to control tcp-wrapped service using tcp-wrapper. All you have to do is just modify the /etc/hosts.deny file.
There is another important file, /etc/hosts.allow, as far as tcp wrapper is concerned. The system will check the /etc/hosts.allow file first, service will be accessible to users using it. Then the system will go through /etc/hosts.deny file and act accordingly.
Let us assume, we have a requirement where we want only ssh service will be accessible from 172.16.1.38 and other “tcp-wrapped” services will be blocked from any user.
The easiest solution is add the following line in /etc/hosts.deny file –
ALL: ALL
Add the following line in /etc/hosts.allow file –
ssh: 172.16.1.38

Labels: command, guide to linux, Linux, linux administrator guide, Linux installation guide, linux security, pocket linux guide, red hat linux guide, redhat server, TCP WRAPPERS

Protecting the /boot/grub/grub.conf with md5 password:

For trouble shooting purpose, administrator sometimes boot the linux computer in single user mode. We will learn how to boot a linux system in single user mode shortly.
If you boot a Linux computer in single user mode the system will never ask you to authenticate and assume you as root user. It is really helpful in case you forgot root user’s password, or the root password has expired, or you want to recover the grub boot loader in a dual-boot system etc.
But there is a security risk also. For example, any one can change the root user’s password after booting the computer in single user mode.
To protect unauthorized user to start the Linux computer in single user mode, it is recommended to set md5 password on grub. The md5 password can be implemented during the time of installation of the Linux computer. It is also possible to set the md5 password on grub after installation.
Here, I will show you, how to set md5 password on grub after installation.
Run, grub-md5-crypt
The system will ask you to enter the password. Supply it.
The system will return you a string on your monitor like this -
$1$Hk/zc0$k3vGSgE0kYxqMKzF6Qi3g/
Note down the string very carefully.
Now, open the /boot/grub/grub.conf file in vi editor
Just below the splashimage=(hd0,1)/grub/splash.xpm.gz line in the file, place the following line –
password—md5 $1$Hk/zc0$k3vGSgE0kYxqMKzF6Qi3g/

After modification, the /boot/grub/grub.conf will look like –
# grub.conf generated by anaconda
#
#boot=/dev/hda
default=0
timeout=20
splashimage=(hd0,1)/grub/splash.xpm.gz
password --md5 $1$Hk/zc0$k3vGSgE0kYxqMKzF6Qi3g/
title DOS
rootnoverify (hd0,0)
chainloader +1
title Red Hat Linux (2.4.18-14)
root (hd0,1)
kernel /vmlinuz-2.4.18-14 ro root=LABEL=/
initrd /initrd-2.4.18-14.img
# end of file
gr
However, I never do the task the same way I describe you above. Rather I append the output of grub-md5-crypt to /etc/grub.conf by executing the following command –
grub-md5-crypt >> /etc/grub.conf
Then I delete unnecessary lines there in the grub.conf file and cut the string and paste it to right place.
At this point if you reboot the computer and try to start the computer with single user mode, you need to supply the grub password, by default the system will boot according to the configuration in the /etc/inittab file.

Labels: boot, boot loader, command, grub, grub.conf, guide to linux, linux administrator guide, linux boot loader, linux security, pocket linux guide, red hat linux guide, redhat server, single user mode

Remote Administration Telnet, SSH and telnet:
Telnet
Telnet is basically a virtual terminal program that helps you to configure a system remotely. In production environment, telnet is rarely used as it transfer keystroke in clear text.To enable telnet all you have to do is, run the following two commands
chkconfig telnet on
service xinetd restart
By default, telnet to remote system using root user is disabled. You have to log into the telnet server as a non-privileged user then you can change your identity as root using the following command –
su – root

SSH

Unlike telnet, ssh is considered a Secure Shell Service. Ssh runs on public/private key infrastructure using rsa or dsa technology.
It is very easy to start ssh. Execute service sshd restart command.
By default any user can establish ssh session. However, this can be controlled by modifying the /etc/ssh/sshd_config file. See the following screen shot. Here I have denied atanu and allowed all other users to establish an ssh session.
We can also allow or deny one or multiple group using AllowGroups or DenyGroups directive, like AllowGroups acct mrkt.
The modification can only be effected when you restart the ssh server.
Check the last two lines in the screen shot in the page –


In my network, I always use ssh to configure remote servers. Generally I configure my linux laptop as an ssh client. I have a RHEL 4 system and I use this particular computer to administer my proxy server that is running on 172.16.1.12. See, what I usually do –In my laptop I execute the following command to create the key –
ssh-keygen –t dsa
You can also use rsa here. See the following screen shot –


Check the output, in the screen shot, carefully. In the 3rd Line, it is saying the key will be saved in /root/.ssh directory. If the .ssh directory is not exist in /root, the sshkeygen command will create it, check the 4th line. After creating /root/.ssh directory, the system will ask you to supply the passphrase. I enter empty passphrase, means just press enter twice. My identification is now saved in /root/.ssh/id_dsa file and the public key is id_dsa.pub.
It is time to copy the id_dsa.pub in the /root/.ssh/ directory in my proxy server and the name of the file will be authorized_keys. I will be using the following command assuming in my proxy server, running on 172.16.1.12, the /root/.ssh directory exists.
scp –rp /root/.ssh/id_dsa.pub root@172.16.1.12:/root/.ssh/authorized_keys
See the output in the following screenshot. After executing the above command the system will ask your confirmation, type yes and press enter, supply root’s password for 172.16.1.12 and the file will be copied securely.

The scp will be discussed shortly.
Now, from your client computer if you execute ssh 172.16.1.12 the system will never ask you to supply the password!!


SCP

Using scp, you can copy files from or to a remote linux system. In ssh section above, see how we use scp to copy id_dsa.pub. To refer a remote system we use user@machin_name_or_ip_address:/any/directory and a source can also be a remote system.
While working with Windows system, I use winscp to communicate with linux system. The winscp382setup.exe is freely available for download in sourceforge.net.
Please be noted, when you establish an ssh or scp session with a computer for the first time, the remote system related information is added in /root/.ssh/known_hosts text file. And if the remote system is re-installed you will be failed to establish ssh or scp session until you remove the system’s information from the /root/.ssh/known_hosts file.

Labels: allow, command, conf, configuration, edit, guide to linux, Linux, modify, network, password, proxy, redhat server, Remote Administration Telnet, rhel, scp, services, squid, SSH, telnet, user

PLUGGABLE AUTHENTICATION MODULE (PAM)
If you want to disallow console logins to all but root
Open the /etc/security/access.conf file in any editor
Copy the follwing line and paste it at the next line -
# -:ALL EXCEPT wheel shutdown sync:LOCAL
Modify the line as follows -
-:ALL EXCEPT root sync:LOCAL
Edit the /etc/pam.d/system-auth file - add the following line
account required /lib/security/pam_access.so
The above task will disallow console login locally. The user will be able to login to your server from remote system using telnet or ssh.
To disallow local as well as virtual terminal login
Edit the /etc/pam.d/system-auth file - add the following line
account required /lib/security/pam_listfile.so item=user sense=allow
onerr=fail file=/etc/security/validusers
Do not be confused. I am repeating, the above is a single line input. It looks different because it does not fit into my document.
Now, create the /etc/security/validusers file and add users’ name there one in a single line like –
root
user1

The above configuration will allow root and user only to log into your system’s terminal. If you replace sense=allow with sense=deny in the directive in
/etc/pam.d/system-auth file, it will disallow root and .
If you want to disallow a user from login from any terminal except ttyx
Open the /etc/security/access.conf file in any editor
Copy the follwing line and paste it at the next line -
# -:ALL EXCEPT wheel shutdown sync:LOCAL
Modify the line as follows -
-:red:ALL EXCEPT tty3
Edit the /etc/pam.d/system-auth file - add the following line
account required /lib/security/pam_access.so
Login Time Restriction
Open the /etc/security/time.conf in any editor
Add the following lines there -
login;*;red;MoTuWeThFr0000-2400
login;*;green;Mo1000-2400|TuWeThFr0000-2400|Sa0000-1400
Edit the /etc/pam.d/system-auth file - add the following line
account required /lib/security/pam_time.so
Here, user red will be allowed to login from Monday to Friday. And
user green will be allowed to login to the system from Monday 10 hrs to Saturday 14 hrs.
We refer day by using the first two characters of it. For example to refer Sunday, we will be using Su only.
We can use ! for reverse action. Check the following line–
login;*;red;!MoTuWeThFr0000-2400
Here, user red will be disallowed to login from Monday to Friday.

Labels: command, configuration, guide to linux, linux administrator guide, linux security, PLUGGABLE AUTHENTICATION MODULE, pocket linux guide, red hat linux guide

Working with Log - Syslog
Linux applications use syslog utility to log application related error and status messages to a file, by default in /var/log directory.
By default the syslog utility is running in your system to log messages. By default your syslog server accepts log messages from your local system. We can configure a centralized log server in our network that eventually eases track log messaging.
The files related with syslog are /etc/syslog.conf and /etc/sysconfig/syslog.
The /etc/syslog.conf defines in which files log messages will be written. The /etc/sysconfig/syslog file defines mode of operation, whether it will allow remote system to send log messages or not.
A sample /etc/syslog.conf is as follows –


In the default file, it defines –
/var/log/messages is a “general purpose” log, many application logs messages here.
/var/log/secure records login attempts, session related information.
/var/log/maillog contains information about mailing
/var/log/cron allows crond daemon to log messages
/var/log/boot.log contains log messages related to service – start/stop/shutdows information.
Briefly, the syslog service accepts log messages from different programs and writes the messages to appropriate files,generally in /var/log directory.
If you want to configure syslog service to accept log-messages from remote system, you have to configure /etc/sysconfig/syslog file as follows. Note the highlighted section in the following screen shot of /etc/sysconfig/syslog file –
in Syslog Server


Here, what I have done is, replace SYSLOGD_OPTIONS=”-m 0” with
SYSLOGD_OPTIONS=”-m 0 –r”
Now, go to the Linux Client, the system that will send log-messages to your log-server, and do the following – assuming the IP address and name of your log-server is 172.16.1.230 and redhatlinux .
Modify /etc/hosts file by adding the following entry -
172.16.1.230 redhatlinux
Modify /etc/syslog.conf as follows –
authpriv.* @redhatlinux
The above syntax will tell the syslog service to send authentication related information to your syslog server.
Now, restart the syslog service in both, client and server, system. Execute –
service syslog restart
One important thing I must tell. The log files are really helpful. If you are getting problem always check the related log file.
And for students preparing for RHCE exam, “If you fail to log in to your linux system, reboot your computer in single-user mode, check the /var/log/secure file”.

Labels: command, configuration, Linux, linux administrator guide, linux security, log error, log messages, pocket linux guide, red hat linux guide, syslog, syslog server, syslog service, working with log

Configure secure imap – imaps

First of all check whether your mail server is running. If everything is going file, follow the steps –

1. Have backup copy of dovecot.pem file
cd /usr/share/ssl/certs
mv dovecot.pem org.dovecot.pem
cd ../private
mv dovecot.pem org.dovecot.pem
cd –

2. Create new dovecot.pem file with your customized setting, execute make
dovecot.pem. See the screen shot below


At this point your system will ask you to supply some information like – Country name
etc. See what I have done in my case below –



Carefully note the Common Name section. Here, you must supply the FQDN of your mailserver.
At this point the /usr/share/ssl/certs/dovecot.pem is created. If there is any problem, remove the dovecot.pem file and recreate it.

3. Copy the file to /usr/share/ssl/private directory –
cp dovecot.pem ../private
4. Modify /etc/dovecot.conf file as follows –
protocols = ipop3 pop3 imap imaps
5. Restart the servers –
service dovecot restart
service sendmail restart

Labels: command, configuration, Configure secure imap, fqdn, guide to linux, imap, linux administrator guide, Linux installation guide, linux security, pocket linux guide, red hat linux guide

When you have a system available from the Internet or remote location, you must consider applying some security on your system. In Redhat there are some services run by xinetd server. xinetd is consider a “super server” in Redhat linux environment.
Here I am going to show you how you can implement security on a service under xinetd in your system.
Below I have printed a sample /etc/xinetd.d/telnet file for our purpose –
# a sample /etc/xinetd.d/telnet file
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
only_from = 172.16.0.0/16
no_access = 172.16.1.2
per_source = 1
instances = 4
access_times = 13:00-17:00
}
# end of file
In the above sample file, -
disable = no (enable telnet service)
only_from = 172.16.0.0/16 (Telnet server will respond to clients from
no_access = 172.16.1.2 172.16.0.0/16 network only, except
172.16.1.2)
per_source = 1 (Per source only one connection will be
allowed)
instances = 4 (Total number of connection allowed is 4)
access_times = 13:00-15:00 (Connection will be allowed between 13 and
15 hrs)
However, whenever you modify /etc/xinetd.d/telnet file, never forget to restart the xinetd service. Run – service xinetd restart

Labels: command, linux administrator guide, Linux installation guide, linux security, modify xinetd service., pocket linux guide, red hat linux guide, service, xinetd, xinetd Access Control, xinetd server

SAMBA FILE SERVER
SAMBA is a software package that lets you share file system with computer running
Session Message Black (SMB) Protocol.
If we have all RedHat Linux or UNIX systems in our network, using NFS is the best choice.
If we have windows clients, with no NFS installed to access RedHat Linux directories and
files, configuring SAMBA is probably the best choice.
The main configuration-file for SAMBA is /etc/samba/smb.conf.
We can edit this file or can use swat program to configure SAMBA.
Configuring the basic SAMBA server is a three steps procedure –
1 Edit the smb.conf file
2 Add samba users
3 Start samba service

1.
The minimum settings in /etc/samba/smb.conf file are as follows –

[global]
workgroup = WORKGROUP (It will always better to have same workgroup name with the
respective window client – here, WORKGROUP)

netbios name = LINUX (When windows user browse the network, the linux
system will be displayed as LINUX. If we have an WINS server in our network, we must
manually add the host name and IP address of our LINUX SAMBA SERVER)

hosts allow = 192.168.100. (The users from 192.168.100. network can access
the SAMBA Server)

security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
(Established user level security, users need to be authenticated using samba passwords,
stored in / etc/samba/smbpasswd file)
#[Share Defination Section]
[home]
browseable = yes
writable = yes
valid user = %S
(Users can access their respective home directory)

[accounting]
path = path-to-the-directory-you-want-to-share
(The shared folder will have ‘accounting’ share name)
browseable = yes
writable = yes
valid users = user1,user2,user3,@group1
(user1, user2 and user3 are valid users where group1 is a valid group)
It is always better to modify the /etc/samba/smb.conf file to fulfill our purpose.

2.

To add samba users use the following command –
useradd –m username

To create passwords for samba users use the following command –
smbpasswd –a username

3.

To start the samba service immediately –

/etc/init.d/smb start or service smb start

To start the samba service automatically every time the system boots –

chkconfig smb on


An example of /etc/samba/smb.conf may look like this –

# Samba config file created using SWAT
# from UNKNOWN (192.168.100.2)
# Date: 2004/04/03 08:37:46

# Global parameters
[global]
netbios name = LINUX
server string = Samba Server
encrypt passwords = Yes
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
hosts allow = 192.168.100.
printing = lprng

[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0664
directory mask = 0775
browseable = No


[winusers]
path=/home/winusers
browseable = yes
writable = yes
valid users = user1,@wingroup

Labels: command, configuration, file, File server, file server in linux, guide to linux, Linux, samba

By default the RedHat linux has built in Kernel support for NFS.
The Filesystem to share are defined in /etc/exports file.
In our lab session, we will configure our web server so that users can access their respective home directory and will have read- only access to /all directory. We must remind whatever share permission we specify in the /etc/exports file, the most restrictive settings will activated. The IP address of our NFS server is 192.168.100.2.
First of all, edit the /etc/exports file by inserting the following lines
/all *(ro)
/home *(rw)
Export the share using the following command –
exportfs –a –v
Restart the service –
service nfs restart
service nfslock restart

Check which folders are NFS shared –
exportfs
Go to any client computer, make a directory using mkdir command say /all
mkdir /all
Assign necessary permission, here we will set – chmod 705 –R /all
Mount the NFS shared directory to your client’s computer
mount 192.168.100.2:/all /all
At this point, users from your client computer will access /all directory in your NFS server.
Yes, it is read-only access.
Now, you have to configure your network such a way, so that, whenever a user logs in to any computer, he will get the same file system and hierarchy in his/her home directory.
In fact, whenever a user saves files to his/her home directory, it will be saved to NFS Server.

Labels: book, command, guide to linux, Linux, linux administrator guide, linux config, Linux installation guide, mail server, NFS, NFS File server, pocket linux guide, red hat linux guide

Let us know, how we can configure our boot loader.In linux the file is
/boot/grub/grub.conf. You will find a soft link of this file in /etc directory.
The boot loader file specifies the computer where the system files exist in our system so that the computer can boot perfectly. The grub.conf understands Microsoft’s boot loader file also. If we have multiboot system, we can configure the linux boot loader file, /boot/grub/grub.conf to set the default operating system and how long the computer can wait before booting the system with the default operating system.
Let us have a look at the screen shot below for /boot/grub/grub.conf file.

According to the above example, there is only one operating system loaded – the Red Hat Enterprise Linux, see the title section here. You are open to change the contents of the title . The default=0 tells the system to boot using the OS referred by the first title. The timeout=5 defines that the system will wait for 5 seconds before booting with the default Operating system. The splashimage is nothing but the image you see in the boot loader screen. Here, considering you have a dual booting system, you may choose which Operating System will be loaded. The hiddenmenu does what its name implies – it hides the menu. The root (hd0,0) indicates where the system will find the root of the booting related files. In Red Hat linux, the name of the directory is /boot. The hd0,0 section could be different in accordance with the partition information in your hard disk. Here hd0,0 indicates the first partition in the first hard disk. The next two lines defines the kernel and initrd image file name.Let us check another grub.conf file below –
# grub.conf generated by anaconda
#
#boot=/dev/hda
default=0
timeout=10
splashimage=(hd0,1)/grub/splash.xpm.gz
title Red Hat Linux (2.4.18-14)
root (hd0,1)
kernel /vmlinuz-2.4.18-14 ro root=LABEL=/
initrd /initrd-2.4.18-14.img
title DOS
rootnoverify (hd0,0)
chainloader +1
# end of file
According to the above file the computer’s default operating system is Red Hat Linux. You
know, why !!. If you want to set DOS as the default, what we can do is just change the
value for ‘default’. Replace 0 with 1.
At this point if you reboot the computer you will see at the top Red Hat Linux exists though the DOS has been selected. If you interchange the title directives, you will see at the top DOS exists and it has also been selected.
Here is the modified /boot/grub/grub.conf file....
# grub.conf generated by anaconda
#
#boot=/dev/hda
default=0
timeout=20
splashimage=(hd0,1)/grub/splash.xpm.gz
title DOS
rootnoverify (hd0,0)
chainloader +1
title Red Hat Linux (2.4.18-14)
root (hd0,1)
kernel /vmlinuz-2.4.18-14 ro root=LABEL=/
initrd /initrd-2.4.18-14.img
# end of file
Please note that, there is no need to run any command to make the change effective.

Labels: anaconda, boot, boot loader, chainloader, command, configuration, grub, grub.cong, Linux, linux boot loader, multiboot, unix

DUMP and RESTORE:
Dump and Restore is used to take backup or restore ‘only ext2 or ext3’ file system. This
particular dump and restore utility can be u sed to take full or incremental backup.
To take a full backup of the /home filesystem onto the tape device nst1 we can use the
following command –
dump -0u-f /dev/nst0 /home
Here we specify 0 to define full backup and u (dump -0u-f /dev/nst0 /home)
is specified so that dump information will be recorded for future use of dump. Generally
administrators love to take full backup on weekly or monthly basis while regularly take
incremental backup. For incremental backup, the command may be as follows –
dump -4u-f /dev/nst0 /home
Please note, we use 4 instead of 0 to define incremental backup.
To restore data backed up with dump command we use restore command. For example,
suppose we had /dev/hda9 mounted on /home. On a clean device mounted on /home,
first of all we should change the working directory there and then use the following
command – restore –rf /dev/nst0
Whenever we use dump command using –u option, it will update /etc/dumpdates, which
actually contents the dump-information.

SOME BACKUP RELATED COMMANDS:

To Erase Dat Drive
mt –f /dev/st0 erase
To rewind the Dat Drive
mt –f /dev/st0 rewind
To backup the www Server
find /etc/httpd/conf /usr/local –print | cpio –ovcB > /dev/st0
To backup up Sendmail Mail Server
find /var /home /etc/mail –print | cpio –ovcB > /dev/st0

Labels: backup, command, drive, dump, erase, file system, Linux, mail server, Proxy server, restore, sendmail

Using the ‘at’ utility. The at facilty is designed to run jobs at specific times. Submitted jobs are spooled to /var/spool/at directory.
The daemon name is atd. Access Control Files:
/etc/at.allow - Contains list of users who are granted to submit ‘at’ jobs.
/etc/at.deny - Contains list of users who have ‘No’ permission to submit ‘at’ jobs.
Let us see how can we use the ‘at’ facility. For Example, we need to copy the contents of /home directory in compressed form to /tmp/backup directory.
To do this, we can run the following commands –
at 12:00
cd /home
mkdir /tmp/home
mkdir /tmp/backup
cp –Rf * /tmp/home
cd /tmp/home
tar czvf backup.tar.gz *
cp backup.tar.gz /tmp/backup
+d
We can also run a single command to make this happen – this command will do the same task above.
echo “cd /home; mkdir /tmp/home; mkdir /tmp/backup; cp –Rf * /tmp/home; cd
/tmp/home; tar czvf backup.tar.gz *; cp backup.tar.gz /tmp/backup” | at 12:00
Example for specifying times for at jobs:
at now The job will run immediately
at now + 2 minutes The job will run 2 minutes from the current time.
at next hour The job will run after 1 hour from the current time.
at next month The job will run after 1 month from the current time.
at next year The job will run after 1 year from the current time.
at next fri The job will run on next Friday
at 16:00 today The job will run today at 16 hours.
at 16:00 tomorrow The job will run tomorrow at 16 hours
at 16:00 May 31 2004 The job will run on May 31s t , 2004 at 16 hours
I think, the most efficient way to use the at facility with –f option.
• f option can be used to use contents of a file to executed as ‘at’ command.
For Example, if we use the following command –
at –f /home/newback now + 10 hours
The system will see the contents of the /home/newback file and use them as ‘at’ command

Labels: at command, backup, command, corn, job, Linux, SCHEDULING, TASKS, unix

To compress all files in the current directory –
tar czvf myfile.tar.gz *
To de-compress or extract
tar xzvf myfile.tar.gz
To compress a file with zip utility -
gzip –v file_name (File_name will be zipped with .gz extension)
gunzip file_name.gz (Decompresses a zipped file)
gunzip –c file_name.gz (Decompresses a zipped file while keeping the original .gz file)
bzip2 –v file_name (Newer compression utility. Creates a zipped file with bz2 extension)
bunzip2 file_name.bz2 (Decompress .bz2 file)
tar cjvf myfile.tar.bz2 * (All files will be zipped with bz2 extension)
Use the following command a have low level formatted floppy disk –
fdformat /dev/fd0 H1440
We can save a zipped file in floppy disk (with low level format) without mounting the
floppy disk using this following command –
tar czvf /dev/fd0

Labels: command, compress, decompress, file, gunzip, gz, Linux, tar, unix, zip