Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Linux
1. In the name of god
LINUX
red hat(centos)
Abolfazl Hashemi
2. Title
•
•
•
•
•
•
•
•
•
•
•
What’s Linux?
working with directories, files
Using text editors like vi, vim
Control on mount & un-mounting
process
File permissions & ownerships
Linux installation & package
management (yum, rpm, wget )
process & threads
Configure disk partitions
Manage disk quota & create quota
report
Symbolic links, FHS
Writing shell script
•
•
•
•
•
•
•
•
•
•
•
Working with archive files
System resource management
Working with debuggers in Linux
gpg command
Introduction to network
Security in linux
Do automate tasks in Linux, cron job
Configure & working with OpenSSH
Working with tcpdump
Configure web server
Network configuration
3. Summary of Linux
•
•
•
•
Linux clone of unix os
Linux can run on small computer
Open source os
Distributed of Linux
–
–
–
–
–
–
–
Debian GNU/Linux
Fedora Linux
Gentoo Linux
Libranet GNU/Linux
Red Hat Linux
Yellow Dog Linux
bash
…….
tsh
zsh
x86_64
i386
User
Shell
Kernel
Graphic User Interface(GUI)
5. working with directories, files, …
• Command line for directories
pwd: current working directory-> /root
cd: change working directory -> cd /etc/init.d
ls: list of directory, files, ... .
• ls –a: list of all directory,… .
• ls –l : list of all directory,... With details
mkdir: make directories -> mkdir test
7. working with directories, files, …(cont’d)
echo: display a line of text
date: print or set the system date and time
date –s: set time and date
more: filter and show text
less: opposite of more
head: output the first part of file
Head –n 5 /etc/init.d/netfs
tail: output the last part of file
tail–n 5 /etc/init.d/netfs
alias: summary of commands that you now it
alias ll=“ls –l”
: -> arg out to arg in
8. working with directories, files, …(cont’d)
Important files:
/
/etc
/var
/sbin
/bin
/dev
/usr
/home
/root
/proc
Exercise1
What is . ?
What is .. ?
9. Using text editors like vi, vim
vi & vim -> vi test.txt
vim: vi improved
command for vi:
i -> insert
:w -> save
:q ->quit
:! ->force
:wq! ->save and quit with force
11. Using text editors like vi, vim(cont’d)
•
•
•
•
•
•
•
•
•
•
•
:set remap Accept macros within macros
:set report Indicates largest size of changes
reported on status line
:set ro Changes file type to "read only"
:set scroll=n set n lines for CTRL-d and z
:set sh=shell_path set shell escape (default
is /bin/sh) to shell_path
:set showmode Indicates input or replace
mode at bottom
:set slow Postpone display updates during
inserts
:set sm Show matching { or ( as ) or } is
typed
:set sw=n Sets shift width to n characters
:set tags=x Path for files checked for tags
(current directory included in default)
:set term Prints terminal type
•
•
•
•
•
•
•
•
•
•
:set terse Shorten messages with terse
:set timeout Eliminates one-second time
limit for macros
:set tl=n Sets significance of tags
beyond n characters (0 means all)
:set ts=n Sets tab stops to n for text input
:set wa Inhibits normal checks before write
commands
:set warn
warn
:set window=n Sets number of lines in a
text window to n
:set wm=n Sets automatic
wraparound n spaces from right margin.
:set ws Sets automatic
wraparound n spaces from right margin.
12. Using text editors like vi, vim(cont’d)
•
•
•
•
•
•
•
•
•
•
•
:set ai Turns on auto indentation
:set all Prints all options to the screen
:set ap Prints line after d c J m :s t u
commands
:set aw Automatic write on :n ! e# ^^
:rew ^} :tag
:set bf Discards control characters from
input
:set dir=tmp Sets tmp to directory or
buffer file
:set eb Precedes error messages with a
bell
:set ed Precedes error messages with a
bell
:set ht= Sets terminal hardware tabs
:set ic Ignores case when searching
:set lisp Modifies brackets for Lisp
•
•
•
•
•
•
•
•
•
compatibility.
:set list Shows tabs (^l) and end of line
($)
:set magic Allows pattern matching with
special characters
:set mesg Allows others to send
messages
:set nooption Turns off option
:set nu Shows line numbers
:set opt Speeds output; eliminates
automatic RETURN
:set para= macro names that start
paragraphs for { and } operators
:set prompt Prompts for command input
with :
:set re Simulates smart terminal on dumb
terminal
13. Using text editors like vi, vim(cont’d)
Exercise2
How to search word in text?
How to save output command in text?
What are grep and find command?
14. Using text editors like vi, vim(cont’d)
od: octal and other format
export: show variables
env: environments variable
wc: show word, char, … .
sort: sort text
uniq: delete repeated lines
pr: print text
touch: change file timestamps
cpio: copy files to and from archives
dd: convert and copy a file
15. Control on mount & un-mounting process
• mount: verify hardware(device) to Linux
• umount: unmount
• command for mount:
mount -> show devices mounted
mount /dev/cdrom /mnt->mount cd rom
mount /dev/sda1 /mnt ->mount sda(storage
device type a number1
mount –l –t <type> -> list and type of devices
/etc/udev/rules.d -> verify devices
16. Control on mount & un-mounting process(cont’d)
Important file:
/etc/fstab
/etc/mtab
/proc/mounts
Exercise3
What is mount point?
What is journaling?
18. File permissions & ownerships(cont’d)
- Normal data file; may be text, an
executable program, graphics,
compressed data, or just about any
other type of data.
d Directory; disk directories are files
just like any others, but they contain
filenames and pointers to disk in
odes. Controlling Access to Files 195
l Symbolic link; the file contains the
name of another file or directory.
When Linux accesses the symbolic
link, it tries to read the linked-to file.
p Named pipe; a pipe enables two
running Linux programs to
communicate with each other. One
opens the pipe for reading, and the
other opens it for writing, enabling
data to be transferred between the
programs.
s Socket; a socket is similar to a
named pipe, but it permits network
and bidirectional links.
b Block device; a file that
corresponds to a hardware device to
and from which data is transferred in
blocks of more than one byte. Disk
devices (hard disks, floppies, CDROMs, and so on) are common block
devices.
c Character device; a file that
corresponds to a hardware device to
and from which data is transferred in
units of one byte. Examples include
parallel port, RS-232 serial port, and
audio devices.
19. File permissions & ownerships(cont’d)
command for permission
chmod: change file mode -> chmod 777
filename
chown: change file owner and group-> chown
user1 filename -> chown –R
Set User ID (SUID)
Set Group ID (SGID)
23. File permissions & ownerships(cont’d)
Command line:
groupadd: create new group -> groupadd test
-p test
groupadd –r: create system group
groupdel: delete group
groupmems: add members to group
->groupmems –g test [-l] [-a] [-d]
groupmod: groupmod test –g 777
24. File permissions & ownerships(cont’d)
find / [-group name] [-user name]
newgrp: login to new group
useradd: create new user
Userdell: delete user
passwd: change password
25. File permissions & ownerships(cont’d)
Important directory:
/etc/shadow
/etc/group
/etc/gshadow
/etc/login.defs
/etc/passwd
Exercise4
What is umask ?
What is file attributes?
What is sudoedit ?
26. symbol
• > Creates a new file containing standard output. If the specified file exists,
it’s overwritten.
• >> Appends standard output to the existing file. If the specified file
doesn’t exist, it’s created.
• 2> Creates a new file containing standard error. If the specified file exists,
it’s overwritten.
• 2>> Appends standard error to the existing file. If the specified file doesn’t
exist, it’s created.
• &> Creates a new file containing both standard output and standard error.
If the specified file exists, it’s overwritten.
• < Sends the contents of the specified file to be used as standard input.
• << Accepts text on the following lines as standard input.
• <> Causes the specified file to be used for both standard input and
standard output.
27. Linux installation & package management
Install: some time you should install packages(program)
for example MySQL packages.
Type of packages are URL, .rpm, name, … .
yum install package1 [package2] …
Upgrade: some time you should upgrade program for
example change MySQL 4 to 5.
yum upgrade [package1] [package2]
Update: some time you should update program for
example MySQL 5 to 5.1.
yum update [package1] [package2] …
Uninstall: some time you should uninstall program for
example erase MySQL.
remove | erase [package1] [package2] ….
28. Linux installation & package management(cont’d)
Another command for package management:
rpm just manage .rpm packages
rpm –i -> install
rpm –U -> upgrade
rpm –v -> print verbose information
rpm –h -> print 50 hash marks as the package
archive is unpacked. Use with –v
rpm –e -> erase or uninstall
rpm –Uvh package.rpm
29. Linux installation & package management(cont’d)
Another command for package management:
wget: download from network and support
http, https and ftp.
wget –c -> continue
wget –d ->debug
For install all packages you need make file
that and compile and copy configure. For
example ./configure -> make -> make install
30. Linux installation & package management(cont’d)
Important file:
/etc/yum
/etc/yum.conf
/etc/yum.repos.d
Exercise5
install mc packages from local use yum
go to /usr/share/doc and find mc files
Work by mc command
31. Configure disk partitions
LVM(Logical Volume Manager) partition
Standard partition
Extended : same as primary but don’t have
file system and create logical partition on it
and their have fs LVM
active
sda1
Primary[4]
sda2
Extended[5->]
Sda(n)
33. Configure disk partitions(cont’d)
A partition can be primary, extended and active
Just 1 active, 4 primary
Name of hard: sda or hda
Name of partition: sda1, sda2, … .
Name of device: cdrw, cdrom, sdb, … .
fdisk: partition table in linux
fdisk –l : list of all partition->fdisk –l name: details
for name
fdisk [name of disk] -> fdisk /dev/sda : manage sda
Interactive area
m for help
34. Configure disk partitions(cont’d)
a : bootable flag
n : new partition
q : exit with out save
w : write and exit
d : delete a partition
parted : same as fdisk
partx : show number of partition for sda
35. Configure disk partitions(cont’d)
Create file system on partition
mke2fs : create ext2,ext3,ext4 fs
resize2fs : resize ext2,ext3,ext4 fs
mkfs: build a linux fs
mkswap : set up a linux swap area
36. Configure disk partitions(cont’d)
Logical Volume Manager, or LVM, is a
storage management solution that allows
administrators to divide hard drive space
into physical volumes (PV), which can then
be combined into logical volume groups
(VG), which are then divided into logical
volumes (LV) on which the file system and
mount point are created.
38. Configure disk partitions(cont’d)
Example: lvm>
pvcreate pv1
vgcreate vg1
lvcraete –L 10g -n lv1 vg1
Mkfs.ext4 /dev/vg1/lv1
Important files:
/dev/*
/sbin/vg*
/etc/fstab
Exercise6
Create lvm disk and vg and pv
Create ext4 file system on lvm
39. Manage disk quota & create quota report
File system base disk quota allocation
User or group based disk quota allocation
Hard limit – For example, if you specify 2GB as hard
limit, user will not be able to create new files after 2GB
Soft limit – For example, if you specify 1GB as soft limit,
user will get a warning message “disk quota exceeded”,
once they reach 1GB limit. But, they’ll still be able to
create new files until they reach the hard limit
Grace Period – For example, if you specify 10 days as a
grace period, after user reach their hard limit, they
would be allowed additional 10 days to create new files.
In that time period, they should try to get back to the
quota limit.
40. Manage disk quota & create quota report(cont’d)
Create user and group for disk quota
Enable disk quota check : ->go fstab
LABEL=/home /home ext2 defaults,usrquota,grpquota 1 2
mount -n -o remount /
Reboot server
Show disk quota:
quotacheck –avug
a: Check all quota-enabled file system
v: Verbose mode
u: Check for user disk quota
g: Check for group disk quota
Assigned disk quota:
edquota username
41. Manage disk quota & create quota report(cont’d)
Report disk quota:
Repquota /home
Add quota check daily:
Create cron -> next session
Example: go fastab
/dev/VolGroup1/LogVol1 /home ext3
defaults,usrquota 1 2
42. Symbolic links, FHS
Link : connection between 2 files. For
example /var/spool/mail -> /var/mail
Soft link (symbolic link) : point to file
Hard link : pointer of file in directory so if
delete file link is exist
ln : make links between files
ln –s : create soft link
ln –p : hard link to soft link
FHS(Filesystem Hierarchy System)
43. Writing shell script
What is shell script : Shell scripts are plaintext files, so you create them in text editors.
A shell script begins with a line that
identifies the shell that’s used to run it.
The execute text file begin with #!/bin and if
you want use bash commands you insert
#!/bin/bash ->sharp bang
For execute that you should set execute
permission and enter ./filename.
45. Writing shell script(cont’d)
Commands for shell script:
set: for see system variables
BASH=
Our shell name
BASH_VERSION=
Our shell version name
COLUMNS=
No. of columns for our screen
HOME=
Our home directory
LINES=
No. of columns for our screen
LOGNAME= Our logging name
OSTYPE=
Our OS type
PATH=
Our path settings
PS1=
Our prompt settings
PWD=
Our current working directory
SHELL=
Our shell name
USERNAME= User name who is currently login to this PC
46. Writing shell script(cont’d)
export: definition variable -> export var=10
echo: show quantity of variable -> echo $var
-n
-e
a
b
c
n
r
t
Do not output the trailing new line.
Enable interpretation of the following backslash escaped
characters in the strings:
alert (bell)
backspace
suppress trailing new line
new line
carriage return
horizontal tab
backslash
if [ -n "$var" ]; then
echo "not empty"
else
echo "empty"
47. Writing shell script(cont’d)
How to use and create function:
What is function?
Example: function today {
echo “today is”
date +”%A,%B,%D,%Y”
}
Run today
type: show type of command
48. Writing shell script(cont’d)
Conditions and loops: what is condition and loop?
if: what is .bashrc->directory of store information of user bash and
variable and etc.
if [ condition]; then
commands
elif
commands
else
commands
fi
while: for like while
while [condition ]
do
commands
done
49. Writing shell script(cont’d)
• Example:
#!/bin/bash
x=“welcome”
y=“welcome to linux”
z=15
if [ $z –gt 10];
then
echo “z=“$z;
else
if [ $x –eq $y ];
then
echo “x=y”;
fi
echo “var=n” $x ”n” $y “n” $z
fi
50. Writing shell script(cont’d)
for: for { variable name } in { list }
Condition:
Exercise7
Input 2 number and compare their. so calculate a*b,
a+b, a/b, a10.
51. Working with archive files
tar: extract, archive, … .
tar –cvf filename.tar filetoarchive
tar –xzf filename –C directory->extract & zip
gzip: compress a file -> gunzip: expand a file
zip & unzip: similar to gzip
52. System resource management
Run level: 0 – 6 -> /etc/grub.conf
0: turn on
6: turn off
pstree: Shows the Parent-Child Relation Between Processes
gstack: print a stack trace of a running process -> gstack [PID]
more /proc/cpuinfo
top: display Linux task
s -> change delay
z -> change color
h -> help
b -> bold
q -> exit
53. System resource management(cont’d)
ps: report a snapshot of current process -> ps aux
USER: The name of the user who started the process.
PID: The PID of the process. The command ps aux sorts the
processes by their PID.
%CPU: The percentage of CPU time the process has used since
startup.
%MEM: The percentage of memory the process is currently using.
VSZ: The virtual memory size, which is the total amount of memory
claimed by this process.
RSS: The resident memory size, which is the amount of memory the
process currently has in use.
TTY: The terminal (TTY) from which the process was started. A
question mark indicates a daemon process that is not associated to
any TTY.
54. System resource management(cont’d)
STAT: The current status of the process.
START: The time at which the process was started.
TIME: The total amount of system time this process has
been using since it started.
COMMAND: The command that was used to start this
process. If the name of this command is between square
brackets (you can see quite a few examples of this in
(Listing 9-5), the process is not started with a command
at the command line, but is a kernel thread.
55. System resource management(cont’d)
Use limited system resource use ulimit command:
Core File Limits The -c option limits the size of core dumps, which are
fi les created for
debugging purposes in certain types of program crashes.
File Limits The -f option limits the size of fi les that may be created by
the shell, and –n limits the number of open fi le descriptors. (Most
systems don’t honor the -n limits, though.)
Process Limits The -u option limits the number of processes a user
may run, and -t limits the total CPU time in seconds.
Memory Limits The -v option sets the total amount of virtual memory
available to the shell, -s sets the maximum stack size, -m sets the
maximum resident set size, -d limits programs’ data set size, and -l sets
the maximum size that may be locked into memory.
56. System resource management(cont’d)
Hard and Soft Limits The -H and -S options modify other options,
causing them to be set as hard or soft limits, respectively. Hard
limits may not be subsequently increased, but soft limits may be. If
neither option is provided, ulimit sets both the hard and soft limits
for the feature specified.
Current Settings Passing -a causes ulimit to report its current
settings.
Important directories:
/proc/*
/boot/System.map –
Exercise8
Read command : pgrep, pkill, free, kill,
57. Working with debuggers in Linux
After you write shell script you need debug
it and some time you need debug software
for this problem we use gdb command.
gdb: GNU debugger
In shell script use (gdb) commands……(gdb)
For software use gdb (option) [ pid or name of
software]
Some option of gdb
58. Working with debuggers in Linux(cont’d)
h: for help
q: quit
run: run [program name]
bt: print call stack = where
up: move up one stack frame
down: != up
frame: frame n ->go to frame n
info: info frame ->information current frame
Exercise9
If you need Debugger command see Debugging with gdb
Tenth Edition, for gdb version 7.6.1.2013, Richard
Stallman, Roland Pesch, Stan Shebs, 658paper
59. gpg command
Checksum: when we transfer or storage data
between computers maybe information
destroyed and we don’t understand or
understand not solve their so we use a
method to solve it problem. For example
CRC checksum. You Consider, checksum
different with encrypt. In data encryption
goal is encrypt and in checksum goal is
solve and understand mistake. For best data
transfer we encrypt and checksum methods.
61. gpg command(cont’d)
Encryption (gpg GNU Privacy Guard) : 2 way for
encryption
signature file: just who make file can access it
gpg --output file.sig --detach-sign file
Primary and public key: just who Possessing primary key
can access it and other just encrypt file with public key.
gpg --gen-key->generate private and public key
gpg --list-key->list of key
gpg --edit-key keyID->edit key
gpg --output [fileforsendkey.gpg] --export->create export key
gpg --armor --output [fileforsendkey.gpg] --export-> Creates
ASCII armored output
62. Security in linux
Physical Access Problems
Set bios password
Set grub password
[grub-crypt --sha-256] or [grub-crypt --md5]
Copy to /etc/grub.conf -> password –md5 ………………….
Stolen Passwords
Local Program Bugs
Set SUID and SGID bit for program
find / -perm +6000 -type f
Server Bugs
Denial-of-Service Attacks
Encryption Issues
63. Security in linux(cont’d)
Creating Firewall Rules: iptable
/etc/services: see the services run on linux and more
details about them.
netstat -> netstat –ap : see active internet connection
67. Security in linux(cont’d)
#!/bin/bash
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# Let traffic on the loopback interface pass
iptables -A OUTPUT -d 127.0.0.1 -o lo -j
ACCEPT
iptables -A INPUT -s 127.0.0.1 -i lo -j
ACCEPT
# Let DNS traffic pass
iptables -A OUTPUT -p udp --dport 53 -j
ACCEPT
iptables -A INPUT -p udp --sport 53 -j
ACCEPT
# Let clients' TCP traffic pass
iptables -A OUTPUT -p tcp --sport
1024:65535 -m state
--state NEW,ESTABLISHED,RELATED -j
ACCEPT
iptables -A INPUT -p tcp --dport
1024:65535 -m state
--state ESTABLISHED,RELATED -j ACCEPT
# Let local connections to local SSH server
pass
iptables -A OUTPUT -p tcp --sport 22 -d
172.24.1.0/24 -m state
--state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s
172.24.1.0/24 -m state
--state NEW,ESTABLISHED,RELATED -j
ACCEPT
68. Do automate tasks in Linux, cron job
What is automate task ?
When use automate task?
Some system maintenance tasks should be
performed at regular intervals and are highly
automated
Automate task in linux?
at
cron: cron is a daemon
at & cron: at just run once and cron run ongoing
Command for cron job:
69. Do automate tasks in Linux, cron job
crontab: execute program to configuration cron
crontab –l : see cron job
crontab [-u user] [-l | -e | -r] [file]
/etc/cron.d: configuration directory -> sysstat
/var/spool/cron: cron job
Create cron job:
02 4 * * *
root
run-parts
/etc/cron.daily
This line begins with five fields that specify the time. The fields
are, in order, the minute
(0–59), the hour (0–23), the day of the month (1–31), the month
(1–12), and the day of the
week (0–7; both 0 and 7 correspond to Sunday)
70. Do automate tasks in Linux, cron job
In all cases, you can specify multiple values in several ways:
An asterisk (*) matches all possible values.
A list separated by commas (such as 0,6,12,18) matches any of the
specified values.
Two values separated by a dash (-) indicate a range, inclusive of
the end points. For instance, 9-17 in the hour field specifies a time
of from 9:00 a.m. to 5:00 p.m.
A slash, when used in conjunction with some other multi value
option, specifies stepped values /a range in which some members
are skipped. For instance, */10 in the minute field indicates a job
that’s run every 10 minutes
at: at -f commands.txt noon
71. Working with tcpdump
Capture packets from a particular Ethernet interface
using tcpdump -i
Capture only N number of packets using tcpdump -c
Display Captured Packets in ASCII using tcpdump -A
72. Working with tcpdump
Display Captured Packets in HEX and ASCII using
tcpdump -XX
Capture the packets and write into a file using
tcpdump -w
Reading the packets from a saved file using tcpdump -r
Capture packets with IP address using tcpdump -n
Capture packets with proper readable timestamp
using tcpdump -tttt
Read packets longer than N bytes
tcpdump -w g_1024.pcap greater 1024
Receive only the packets of a specific protocol type
tcpdump -i eth0 arp
73. Working with tcpdump
Receive packets flows on a particular port
using tcpdump port
tcpdump -i eth0 port 22
Capture packets for particular destination IP
and Port
tcpdump -w comm.pcap -i eth0 dst 16.181.170.246
and port 22
tcpdump Filter Packets – Capture all the
packets other than arp and rarp
tcpdump -i eth0 not arp and not rarp
74. Introduction to network
tcp/ip and osi model:
physical layer
data link layer
network layer
transport layer
session layer
presentation layer
application layer
Topology of network
Ring
Star
bus
protocol
75. Introduction to network (cont’d)
IP
DNS
DHCP
Port
telnet and ssh
ftp
http and https
Arp and rarp
icmp
77. Network configuration(cont’d)
DHCP
How to work dhcp ?
/etc/dhcp/dhcpd.conf
Telnet & SSH
how to work telnet or ssh?
ssh 192.168.1.100
telnet 192.168.1.100