of 151
8/8/2019 RHCE Total
1/152
1
RHCERed Hat Certified Engineer
Session 1Session 1
M. A. Agheli M. A. Agheli
8/8/2019 RHCE Total
2/152
2
History Of UNIX & LinuxHistory Of UNIX & Linux19571957:: Bell Labs found they needed an operating systemBell Labs found they needed an operating system
which at the time was running various batch jobs.which at the time was running various batch jobs.19651965:: Bell Labs create Multics (Multiplexed Information andBell Labs create Multics (Multiplexed Information and
Computing Service)Computing Service)19691969:: SummerSummer 19691969 UNIX was developed by AT&TUNIX was developed by AT&T19751975:: Sixth edition of UNIX released MaySixth edition of UNIX released May 1975197519851985: GNU project startedGNU project started19911991: Linux is introduced by Linus Benedict Torvalds whoLinux is introduced by Linus Benedict Torvalds who
was a second year student of Computer Science at thewas a second year student of Computer Science at theUniversity of HelsinkiUniversity of Helsinki
19931993: NetBSD & FreeBSD releasedNetBSD & FreeBSD released19941994: Red Hat Linux is introducedRed Hat Linux is introduced
8/8/2019 RHCE Total
3/152
3
F irst Article About LinuxF irst Article About LinuxF rom: [email protected]. FI (Linus Benedict Torvalds)F rom: [email protected]. FI (Linus Benedict Torvalds)Newsgroups: comp.os.minixNewsgroups: comp.os.minix
Subject: What would you like to see most in minix?Subject: What would you like to see most in minix?Summary: small poll for my new operating systemSummary: small poll for my new operating systemMessageMessage- - ID : D ate:D ate: 2525 Aug Aug 91 2091 20: :5757::0808 GMTGMTOrganization: University of HelsinkiOrganization: University of Helsinki
Hello everybody out there usingHello everybody out there using minixminix --I' m doing a (free) operating system (just a hobby, won ' t be big andI' m doing a (free) operating system (just a hobby, won ' t be big andprofessional like gnu) forprofessional like gnu) for 386 386((486486) AT clones. This has been brewing) AT clones. This has been brewingsince april, and is starting to get ready. I' d like any feedback onsince april, and is starting to get ready. I' d like any feedback onthings people like/dislike in minix, as my OS resembles it somewhatthings people like/dislike in minix, as my OS resembles it somewhat(same physical layout of the file(same physical layout of the file- -system (due to practical reasons)system (due to practical reasons)among other things). I' ve currently ported bash(among other things). I' ve currently ported bash(11. .0808) and gcc() and gcc(1 1..4040),and),andthings seem to work.This implies that I' ll get something practical within athings seem to work.This implies that I' ll get something practical within afew months, and I' d like to know what features most people would want.afew months, and I' d like to know what features most people would want.a
Any suggestions are welcome, but I won ' t promise I' ll implement them : Any suggestions are welcome, but I won ' t promise I' ll implement them :- -))Linus ([email protected])Linus ([email protected])PS. YesPS. Yes - - it ' s free of any minix code, and it has a multiit ' s free of any minix code, and it has a multi- -threaded fs.threaded fs.I t is NOT protable (usesI t is NOT protable (uses 386 386 task switching etc), and it probably nevertask switching etc), and it probably neverwill support anything other than ATwill support anything other than AT- -harddisks, as that ' s all I have :harddisks, as that ' s all I have :- -(.(.
8/8/2019 RHCE Total
4/152
4
G NU & GP LG NU & GP LGNU Project:
F ocused on creating a Unixlike operating systemthatcould be freely distributed
GPL:Global Public license(Copyleft)
8/8/2019 RHCE Total
5/152
5
Maj or Linux DistributorsMaj or Linux Distributors
Ma ndr ak e LinuxMa ndr ak e LinuxSlackwa re LinuxSlackwa re LinuxSuSE LinuxSuSE Linux
Turbo Linux Turbo Linux
Vector Linux Vector Linux
Ca lder a LinuxCa lder a LinuxCorel LinuxCorel LinuxDebi an LinuxDebi an LinuxKond ara LinuxKond ara Linux
Red H a t LinuxRed H a t Linux
8/8/2019 RHCE Total
6/152
6
The Adv ant ag e of Linux The Adv ant ag e of LinuxLo w purch ase costLo w purch ase costOpen Source Soft ware (OSS)Open Source Soft ware (OSS)UNIX herit ag eUNIX herit ag eM ulti UserM ulti UserScalabilityScalability
Vendor support Vendor support
Reli able uptimeReli able uptimeSecuritySecurityLogg ing SystemLogg ing System
8/8/2019 RHCE Total
7/152
7
The Dis adv ant ag e of Linux The Dis adv ant ag e of Linux
Steep learning curveSteep learning curveHardware supportHardware supportEndEnd--user applicationsuser applications
8/8/2019 RHCE Total
8/152
8
A Comp arison Of Win A Comp arison Of Win 99x, NT, andx, NT, and
LinuxLinuxL inuxL inux Win NT Win NT Win 9x Win 9xFeatureFeature
GoodGoodGoodGoodPoorPoorScalability Scalability
GoodGoodGoodGoodExcellentExcellentDesktop App. SupportDesktop App. SupportGoodGoodGoodGoodNoneNoneEnterprise App. SupportEnterprise App. Support
GoodGoodGoodGoodExcellentExcellentHardware SupportHardware Support
ExcellentExcellentPoorPoorGoodGoodL icensing CostL icensing CostExcellentExcellentGoodGoodGoodGoodNetwork PerformanceNetwork Performance
GoodGoodGoodGoodPoorPoorSecurity Security
8/8/2019 RHCE Total
9/152
9
Linux F ilesystem Hier archyLinux F ilesystem Hier archyEssenti a l Bin ary F ilesEssenti a l Bin ary F iles/bin/bin
Boot Lo ader F ilesBoot Lo ader F iles/boot/boot
Device F ilesDevice F iles/dev /dev
Confi guration F ilesConfi guration F iles/etc/etc
User Home DirectoriesUser Home Directories/home/home
Shared Libr aries and Kernel M odulesShared Libr aries and Kernel M odules/lib/lib
M ount P oint for Tempor arily Mounted F SM ount P oint for Tempor arily Mounted F S/mnt/mnt
System Inform a tion Virtu al F ile SystemSystem Inform a tion Virtu al F ile System/proc/proc
root User Home Directoryroot User Home Directory/root/root
Essenti a l System Bin ariesEssenti a l System Bin aries/sbin/sbin
Tempor ary F iles Tempor ary F iles/tmp/tmp
Shareable F ilesShareable F iles/usr/usr
NonNon--Shareable F ilesShareable F iles/v ar/v ar
8/8/2019 RHCE Total
10/152
10
RHCERed Hat Certified Engineer
SessionSession 2 2
M. A. Agheli M. A. Agheli
8/8/2019 RHCE Total
11/152
11
Inst alling LinuxInst alling Linux
H ard ware RequirementsH ard ware RequirementsH arddis k P artitionin gH arddis k P artitionin gBoot Lo aderBoot Lo aderInst all P ackag esInst all P ackag esX Confi gurationX Confi guration
8/8/2019 RHCE Total
12/152
12
Overvie w of the Inst a lla tion P rocessOvervie w of the Inst a lla tion P rocess1.1. Startin g the inst allation processStartin g the inst allation process
Inst a lla tion M odeInst a lla tion M odeLanguag eLanguag e
Keybo ardKeybo ardM ouseM ouse
2.2. P artitionin g P artitionin g 3.3. Boot Lo ader Inst a lla tionBoot Lo ader Inst a lla tion4.4. Net w ork Confi gura tionNet w ork Confi gura tion
5.5. Settin g the time zoneSettin g the time zone
8/8/2019 RHCE Total
13/152
13
5.5. F ire wa ll Confi gura tionF ire wa ll Confi gura tion6.6. Specifyin g authentic a tion optionsSpecifyin g authentic a tion options
(option a l)(option a l)7.7. Specifyin g user accountsSpecifyin g user accounts8.8. Selectin g packag esSelectin g packag es9.9. Inst a lling packag esInst a lling packag es10.10. Cre a tin g a boot dis k Cre a tin g a boot dis k 11.11. Confi gura tion the X Windo w s systemConfi gura tion the X Windo w s system
(option a l)(option a l)
Overvie w of the Inst a lla tion P rocessOvervie w of the Inst a lla tion P rocess
8/8/2019 RHCE Total
14/152
14
Inst alling Linux:Inst alling Linux: Consoles & M ess ag e Lo gsConsoles & M ess ag e Lo gs
ContentsKeystrokesConsole
Text-based installation procedureCtrl+Alt+F11
Shell promptCtrl+Alt+F22
Messages from installation programCtrl+Alt+F33
Kernel messagesCtrl+Alt+F44
Other messages, including filesystem creation messages
Ctrl+Alt+F55
Graphical installation procedureCtrl+Alt+F77
8/8/2019 RHCE Total
15/152
15
Confi gurin g Inst a llTime OptionsConfi gurin g Inst a llTime Options
after Inst a lla tionafter Inst a lla tionauthconfig authconfig
ntsysv ntsysv setupsetupredhatredhat--config config--
kbdconfig kbdconfig
mouseconfig mouseconfig timeconfig timeconfig sndconfig sndconfig netconfig netconfig
8/8/2019 RHCE Total
16/152
16
RHCERed Hat Certified Engineer
SessionSession 3 3
M. A. Agheli M. A. Agheli
8/8/2019 RHCE Total
17/152
17
SHELLSHELL
Some of Import ant BASH V ariablesSome of Import ant BASH V ariablesP ATHP ATH SHELLSHELL P SP S11 P SP S22
bash (Bourne A ga in Shell)bash (Bourne A ga in Shell)
ashash sachsach
tcshtcsh mcmc
P S1, P S2 S w itchesP S1, P S2 S w itches\\u ,u , \\h ,h , \\W , W , \\d ,d , \\t ,t , \\s ,s , \\$ , $$ , $
8/8/2019 RHCE Total
18/152
18
Some of Linux Comm andsSome of Linux Comm ands ((11))lslsinfoinfohelphelpmanmanechoecho
rmrmmv mv cpcptactaccatcat
rmdirrmdirmk dirmk dir p w d p w dtouchtouchcdcd
logoutlogoutdatedatelesslessaliasaliasclearclear
ha ltha ltrebootrebootexitexit
8/8/2019 RHCE Total
19/152
19
RHCERed Hat Certified Engineer
SessionSession 4 4
M. A. Agheli M. A. Agheli
8/8/2019 RHCE Total
20/152
20
BASHBASH TAB key Features TAB key Features R eview Pages & CommandsR eview Pages & Commands
Q uotin g in BASH:Q uotin g in BASH: value value
value value
`value``value`
Redirection Oper ators:Redirection Oper ators:>> >>>> | |
8/8/2019 RHCE Total
21/152
21
Import ant Comm and F ormsImport ant Comm and F ormscmdcmdcmd &cmd & (fg, ctrl+z, bg)(fg, ctrl+z, bg)cmdcmd11 ; cmd; cmd22(cmd(cmd11 ; cmd; cmd22))cmdcmd11 `cmd`cmd22`cmdcmd11 | cmd| cmd22cmdcmd11 && cmd&& cmd22cmdcmd11 || cmd|| cmd22
{ cmd{ cmd11 ; cmd; cmd22 }}
8/8/2019 RHCE Total
22/152
22
Linux F ile TypesLinux F ile TypesNorm al fileNorm al file--NormalNormal
Norm al directoryNorm al directoryddDirectoriesDirectories
--Hard link Hard link Shortcut to a file or directoryShortcut to a file or directoryllSymbolic link Symbolic link P ass d ata bet w een 2 processP ass d ata bet w een 2 processssSocketSocket
Lik e soc k ets, user c anLik e soc k ets, user c ant w ork directly w itht w ork directly w ithppNamed pipeNamed pipeP rocesses ch aracter h w communic ationP rocesses ch aracter h w communic ationccCharacter deviceCharacter device
Maj or & minor numbers for controlin g dev.Maj or & minor numbers for controlin g dev.bbBlock deviceBlock device
8/8/2019 RHCE Total
23/152
23
Bash Speci al V ariablesBash Speci al V ariablesSpecifies number of arguments g iven to the comm andSpecifies number of arguments g iven to the comm and$#$#
Returns v alue of the l ast pro g ram to be usedReturns v alue of the l ast pro g ram to be used$?$?
P rocesses number of the current shellP rocesses number of the current shell$$$$
P rocesses number of the l ast child processP rocesses number of the l ast child process$!$!
Specifies individu ally quoted argumentsSpecifies individu ally quoted arguments$@$@
Specifies all arguments quoted as w holeSpecifies all arguments quoted as w hole$*$*Specifies position al argument v alue, w hereSpecifies position al argument v alue, w here n n is the positionis the position$n$n
Specifies n ame of the current shellSpecifies n ame of the current shell$0$0
8/8/2019 RHCE Total
24/152
24
Process Text StreamsProcess Text Streamssort,sort, cut, head, tail, split, wc, uniq, grepcut, head, tail, split, wc, uniq, grepR
edirecting CommandR
edirecting Commands outputs outputteetee
Create, Monitor & Kill ProcessesCreate, Monitor & Kill Processesps, pstree,ps, pstree, top, kill, killalltop, kill, killall
Modify Process Priority Modify Process Priority ( ( renicerenice ) )
Some of Linux Comm andsSome of Linux Comm ands ((22))
8/8/2019 RHCE Total
25/152
25
RHCERed Hat Certified EngineerM. A. Agheli M. A. Agheli
SessionSession 5 5
8/8/2019 RHCE Total
26/152
26
Create Partitions and FilesystemCreate Partitions and Filesystemfdisk, mkefdisk, mke22fs,fs, mkfs.*mkfs.*
Maintain the Integrity of FilesystemMaintain the Integrity of Filesystemee22fsck, fsck.*,fsck, fsck.*, du, df du, df
Filesystem Mounting & Umounting Filesystem Mounting & Umounting mount, umount, /etc/fstabmount, umount, /etc/fstab
Some of Linux Comm andsSome of Linux Comm ands ((33))
8/8/2019 RHCE Total
27/152
27
Use File PermissionsUse File Permissionschmod, chown,chmod, chown, chgrp, suchgrp, su
Create Hard & Symbolic L inks ( Create Hard & Symbolic L inks ( lnln ) )Find System Files ( Find System Files ( find, locate, whichfind, locate, which ) )
Using Emergency & Single UserUsing Emergency & Single UserModeMode
Some of Linux Comm andsSome of Linux Comm ands ((44))
8/8/2019 RHCE Total
28/152
28
Insert ModeInsert Mode
Normal ModeNormal Mode
Command ModeCommand Mode
vi vi P o w erful Text EditorP o w erful Text Editor
dd n+dd (Delete)
yy n+yy (Copy)
p (paste)
P (P aste)
/ (Search)
v(Visual) (Text Selection)
Insert Text
Delete
w
q
wq = x
q!
r
s ///
8/8/2019 RHCE Total
29/152
29
RHCERed Hat Certified EngineerM. A. Agheli M. A. Agheli
SessionSession 6 6
8/8/2019 RHCE Total
30/152
30
Run LevelsRun LevelsDefinitionRun Le vels
This runle vel halts the system0
This runle vel sets single-user mode1
Multiuser mode without net working2
Multiuser mode with net working3
Not used4
X-based log in5
This runle vel reboot the system6
init & ch k confi g Comm andsinit & ch k confi g Comm ands
/etc/initt ab/etc/initt ab
/etc/rc.d/init.d & /etc/rc[0123456].d//etc/rc.d/init.d & /etc/rc[0123456].d/
8/8/2019 RHCE Total
31/152
31
Confi gurin g Boot lo aderConfi gurin g Boot lo ader
L ILOL ILO
Edit /etc/lilo.conf & executeEdit /etc/lilo.conf & execute lilolilocommandcommand
GR UBGR UBEdit /boot/grub/grub.conf Edit /boot/grub/grub.conf
8/8/2019 RHCE Total
32/152
32
Manage Users, Groups & R elated FilesManage Users, Groups & R elated Filesuseradd, userdel, groupadd, groupdel, passwd, vipw, vigruseradd, userdel, groupadd, groupdel, passwd, vipw, vigr/etc/passwd, /etc/shadow, /etc/skel, /etc/profile,/etc/passwd, /etc/shadow, /etc/skel, /etc/profile,
Configure and use system log filesConfigure and use system log files/etc/syslog.conf, /etc/logrotate.conf /etc/syslog.conf, /etc/logrotate.conf
Scheduling Jobs (at & crontab commands)Scheduling Jobs (at & crontab commands)Backup & R estore ToolsBackup & R estore Tools
tar, bzip2, gziptar, bzip2, gzip
Administr a tive T ask s Administr a tive T ask s
8/8/2019 RHCE Total
33/152
33
RHCERed Hat Certified EngineerM. A. Agheli M. A. Agheli
SessionSession 7 7
8/8/2019 RHCE Total
34/152
34
Linux Inst allation andLinux Inst allation andP ackag e Ma nag ementP ackag e Ma nag ement
Mak e and Inst a ll P rogramsMak e and Inst a ll P rogramsfrom Sourcefrom SourceR P M R P M (Redh a t P ackag e Ma nag er)(Redh a t P ackag e Ma nag er)
8/8/2019 RHCE Total
35/152
8/8/2019 RHCE Total
36/152
36
Confi gurin g ModemsConfi gurin g Modems
redh a tredh a t--confi gconfi g--net w ork net w ork --tui Comm andtui Comm and
in Text M odein Text M odeModem Confi gura tion F ilesModem Confi gura tion F iles
k ppp Comm and in X w indo w k ppp Comm and in X w indo w
8/8/2019 RHCE Total
37/152
37
RHCERed Hat Certified EngineerM. A. Agheli M. A. Agheli
SessionSession 8 8
8/8/2019 RHCE Total
38/152
38
Shell ScriptsShell Scripts# Comments# Comments#! Special Comments#! Special Comments
Assign a Value Assign a Valuex=y x=y x=x=$y $y
x=${y}x=${y} x=x=\\ $y $y
x=$y x=$y export x,y,zexport x,y,zx=${y}esx=${y}es export x= $y export x= $y x=$yesx=$yes
8/8/2019 RHCE Total
39/152
39
Shell ScriptsShell ScriptsControl ConstructsControl Constructs
readread commandcommandtesttest command ( [ ] )command ( [ ] )
if if ; then; then ; else; else ; fi; ficase ...; in pattern)case ...; in pattern) ;; esac;; esac
while while ; do; do ; done; doneuntiluntil ; do; do ; done; donefor x infor x in ; do; do ; done; donebreak, continue, exit (for, while, until)break, continue, exit (for, while, until)
8/8/2019 RHCE Total
40/152
40
RHCERed Hat Certified EngineerM. A. Agheli M. A. Agheli
SessionSession 9 9
8/8/2019 RHCE Total
41/152
41
Ins talli n g a n dIns talli n g a n dCo n figuri n gCo n figuri n g
XX
8/8/2019 RHCE Total
42/152
42
Bas ic X Co n cept sBas ic X Co n cept s
X ClientX Client
X ServerX Server
X P rotocolX P rotocol
8/8/2019 RHCE Total
43/152
43
Bas ic X Co n cept sBas ic X Co n cept s
X Windo w Ma nag erX Windo w Ma nag er
X Des k top Ma nag erX Des k top Ma nag er
X Displ a y Ma nag erX Displ a y Ma nag er
8/8/2019 RHCE Total
44/152
44
Ins talli n g XIns talli n g X
1.1. Determine the proper X serverDetermine the proper X server
2.2. Inst a ll the proper p ackag esInst a ll the proper p ackag es
8/8/2019 RHCE Total
45/152
45
X Server Selectio nX Server Selectio nXF reeXF ree8686--**
Ins tallatio n the Package sIns tallatio n the Package sfreetypefreetypeg tk+g tk+XF reeXF ree8686--libslibs
XF reeXF ree8686--7575dpidpi--fontsfontsredh a tredh a t--confi gconfi g --xfreexfree8686
XF reeXF ree8686--xfsxfsXF reeXF ree8686--xdmxdmXF reeXF ree8686--t w mt w m
XF reeXF ree8686--toolstoolsxinitrcxinitrc
8/8/2019 RHCE Total
46/152
46
Co n figuri n g XCo n figuri n g X
redh atredh at--confi gconfi g--xfreexfree8686
xvidtunexvidtune
8/8/2019 RHCE Total
47/152
47
I mporta n t X Directorie s & File sI mporta n t X Directorie s & File s
/usr/X/usr/X1111R R66/bin/bin/etc/X/etc/X1111/etc/X/etc/X1111/X F/X F 8686Confi gConfi g
8/8/2019 RHCE Total
48/152
48
Co n figure a n d U s e PPPCo n figure a n d U s e PPP
redh a tredh a t--confi gconfi g--net w ork net w ork --tuitui
Comm and in Text M odeComm and in Text M odeModem Confi guration F ilesModem Confi guration F iles
k ppp Comm and in X w indo w k ppp Comm and in X w indo w
8/8/2019 RHCE Total
49/152
49
RHCERed Hat Certified EngineerM. A. Agheli M. A. Agheli
SessionSession 1010
8/8/2019 RHCE Total
50/152
50
IP (network & host portion)IP (network & host portion)192192..168168..168168..11 :: 1100000011000000..1010100010101000..1010100010101000..0000000100000001
Static IPStatic IP Dynamic IPDynamic IP
Netmask AddressNetmask Address255255..255255..255255..00 :: 1111111111111111 ..1111111111111111 ..1111111111111111 ..0000000000000000Network AddressNetwork Address
192192..168168..168168..00 :: 1100000011000000..1010100010101000..1010100010101000..0000000000000000Broadcast AddressBroadcast Address
192192..168168..168168..255255 :: 1100000011000000..1010100010101000..1010100010101000..1111111111111111
Network Bas ics Network Bas ics
8/8/2019 RHCE Total
51/152
51
Cla ss full Addre ss in g Sy s temCla ss full Addre ss in g Sy s temNetwork ClassesNetwork Classes
Class AClass A 11..00..00..00--126126..00..00..00 ( (88 bits)bits)Class BClass B 128128..00..00..00--191191..00..00..00 ( (1616 bits)bits)Class CClass C 192192..00..00..00--223223..00..00..00 ( (2424 bits)bits)
R eserved IPR eserved IP127127..00..00..00--127127..255255..255255..255255 ( ( L oop back Addr.)L oop back Addr.)224224..00..00..00--239239..255255..255255..255255 ( (Multicast Protocols)Multicast Protocols)240240..00..00..00--255255..255255..255255..255255 ( (do not used)do not used)
Public & Private Networks (Valid & Invalid IPes)Public & Private Networks (Valid & Invalid IPes)1010..00..00..00--1010..255255..255255..255255172172..1616..00..00--172172..3131..255255..255255192192..168168..00..00--192192..168168..255255..255255
8/8/2019 RHCE Total
52/152
52
Net. Addr.:Net. Addr.: 192192..168168..168168..00 == 1100000011000000..1010100010101000..1010100010101000..0000000000000000Netmasks:Netmasks:255255..255255..255255..00 (*/(*/2424) : ) : 1111111111111111 ..1111111111111111 ..1111111111111111 ..0000000000000000
255255..255255..255255..128128 (*/(*/2525) : ) :1111111111111111
..1111111111111111
..1111111111111111
..1100000000000000
255255..255255..255255..192192 (*/(*/2626) : ) : 1111111111111111 ..1111111111111111 ..1111111111111111 ..1111000000000000255255..255255..255255..224224 (*/(*/2727) : ) : 1111111111111111 ..1111111111111111 ..1111111111111111 ..1111110000000000255255..255255..255255..240240 (*/(*/2828) : ) : 1111111111111111 ..1111111111111111 ..1111111111111111 ..1111111100000000255255..255255..255255..248248 (*/(*/2929) : ) : 1111111111111111 ..1111111111111111 ..1111111111111111 ..1111111111000000255255..255255..255255..252252 (*/(*/3030) : ) : 1111111111111111 ..1111111111111111 ..1111111111111111 ..1111111111110000255255..255255..255255..254254 (*/(*/3131) : ) : 1111111111111111 ..1111111111111111 ..1111111111111111 ..11111111111111 00
Cla ss less Addre ss in g Sy s temCla ss less Addre ss in g Sy s tem ((Sub n et)Sub n et)
8/8/2019 RHCE Total
53/152
53
TCP/ I P Model (TCP/ I P Model (11))
ApplicationProtocols
TransportProtocols
InternetProtocols
Network AccessProtocols
8/8/2019 RHCE Total
54/152
54
TCP/ I P Model (TCP/ I P Model (22))
Network Access ProtocolsNetwork Access Protocols All functions necessary to access the physical All functions necessary to access the physical
network network
Internet ProtocolsInternet Protocols
IPIP ( ( Internet ProtocolInternet Protocol
ConnectionlessConnectionless ) )ICMPICMP ( ( Internet Control Message ProtocolInternet Control Message Protocol ) )
8/8/2019 RHCE Total
55/152
55
TCP/ I P Model (TCP/ I P Model (33))
Transport Protocols Transport Protocols TCP TCP (Transmission Control Protocol)(Transmission Control Protocol)
ConnectionConnection--basedbasedUDPUDP (User Datagram Protocol)(User Datagram Protocol)
ConnectionlessConnectionless
Application Protocols Application ProtocolsPrevilage Ports ( Previlage Ports (00--10231023) )/etc/services/etc/services
8/8/2019 RHCE Total
56/152
56
Type s of TCP/ I P Service sType s of TCP/ I P Service s
StandStand--a lonea lone
xinetdxinetd (and its confi g )(and its confi g )
8/8/2019 RHCE Total
57/152
57
R elated TCP/ I P Comma n dsR elated TCP/ I P Comma n ds
ps x ps xnetst a tnetst a t --a pa p ----inet | grep LISTENinet | grep LISTEN
Start the d aemonStart the d aemonStop the d aemonStop the d aemonRest art the d aemonRest art the d aemonSta tus the d aemonSta tus the d aemon
Co n trolli n g TCP/ I P Daemo nsCo n trolli n g TCP/ I P Daemo ns
8/8/2019 RHCE Total
58/152
8/8/2019 RHCE Total
59/152
59
Co n figuratio n Network Co n figuratio n Network
Initi a lizin g Net w ork H ard wareIniti a lizin g Net w ork H ard wareLoad rel a ted moduleLoad rel a ted module
Net w ork Confi gura tion ToolsNet w ork Confi gura tion Toolsnetconfi gnetconfi gredh a tredh a t--confi gconfi g--net w ork net w ork
8/8/2019 RHCE Total
60/152
60
Co n figuratio n Network Co n figuratio n Network
Other Net w ork ToolsOther Net w ork Tools
tcpdumptcpdumpnm a pnm a ptethere a ltethere a l
iptr aff iptr aff
ifconfi gifconfi g pin g pin gtraceroutetraceroute
netst a tnetst a t
8/8/2019 RHCE Total
61/152
61
Co n figuratio n Network Co n figuratio n Network
Net w ork Confi gura tion F ilesNet w ork Confi gura tion F iles/etc/hosts/etc/hosts/etc/host.conf /etc/host.conf /etc/services/etc/services/etc/resolv.conf /etc/resolv.conf
/etc/sysconfi g /net w ork /etc/sysconfi g /net w ork /etc/sysconfi g /net w ork /etc/sysconfi g /net w ork --scripts/*scripts/*
IP Aliasin gIP Aliasin g
8/8/2019 RHCE Total
62/152
62
RHCERed Hat Certified EngineerM. A. Agheli M. A. Agheli
SessionSession 1212
8/8/2019 RHCE Total
63/152
63
DHCPDHCP Adv ant ag e & dis adv ant ag e of Adv ant ag e & dis adv ant ag e of DHC PDHC P
DHC P Server Confi gura tionDHC P Server Confi gura tion/etc/dhcpd.conf /etc/dhcpd.conf /v ar/lib/dhcp/dhcpd.le ases/v ar/lib/dhcp/dhcpd.le ases
DHC P Client Confi gura tionDHC P Client Confi gura tionnetconfi g comm andnetconfi g comm and
A E l f dh d fA E l f dh d f
8/8/2019 RHCE Total
64/152
64
An Example of dhcpd.co n f An Example of dhcpd.co n f ddnsddns--upd a teupd a te--style adstyle ad--hochoc ;;
subnetsubnet 192192..168168..00..00 netm ask netm ask 255255..255255..255255..00 {{rangerange 192192..168168..00..1 1921 192..168168..00..2525;;option routersoption routers 192192..168168..00..11;;option subnetoption subnet- -m ask mask 255255..255255..255255..00;;option dom ainoption dom ain--namename "dom ain.com""dom ain.com" ;;option dom ainoption dom ain--namename--serversservers 192192..168168..11..11;;def aultdef ault--leaselease--timetime 2160021600;;maxmax--leaselease--timetime 4320043200;;
# w e want the n ameserver to a ppe ar at a fixed address# w e want the n ameserver to a ppe ar at a fixed address
host dnshost dns11 {{hard ware ethernethard ware ethernet 1212::3434::5656::7878:AB:CD:AB:CD ;;fixedfixed--addressaddress 192192..168168..00..2020;;
}}}}
8/8/2019 RHCE Total
65/152
65
dhcpd.lea s es Formatdhcpd.lea s es Format
leaselease 192192..168168..11..88 {{startsstarts 3 20043 2004//0404//12 0912 09::3434::1212endsends 6 20046 2004//0707//15 2315 23::4949::5757hard ware ethernethard ware ethernet 0000::0909:e:e66::8888::00a :a :0505
}}......
8/8/2019 RHCE Total
66/152
2004Agust 66
NFS NFSRela ted D aemonsRela ted D aemons
rpc.nfsdrpc.nfsdrpc.portm a prpc.portm a prpc.mountdrpc.mountd
Inst a lla tionInst a lla tion
nfsnfs--utilsutils portm a p portm a p
8/8/2019 RHCE Total
67/152
67
NFS Co n figuratio n NFS Co n figuratio nServer SideServer Side
Edit /etc/exports fileEdit /etc/exports fileP ATHP ATH host_lists(options)host_lists(options)
RunRun exportfsexportfs rrcomm andcomm andredh atredh at--confi gconfi g --nfsnfsComm andComm and
Client SideClient Sidemountmount t nfs server: P ATH M ountpointt nfs server: P ATH M ountpointEditEdit /etc/fst ab/etc/fst abfilefileserver: P ATH M .P .server: P ATH M .P . nfsnfs roro 00 00
8/8/2019 RHCE Total
68/152
68
SAM BA (SAM BA (11))Rela ted ServicesRela ted Services
smbdsmbd
nmbdnmbdRela ted P ackag esRela ted P ackag essamb asamb a
samb asamb a--commoncommonsamb asamb a--clientclient
8/8/2019 RHCE Total
69/152
69
SAM BA (SAM BA (22))Server Confi gurationServer Confi gura tion
G lob a l DirectivesG lob a l DirectivesService DirectivesService Directives
Client Confi gura tionClient Confi gura tionsmbmount //server/sh are /m.p.smbmount //server/sh are /m.p.
smbclient //server/sh aresmbclient //server/sh areConfi guration w ith SWATConfi guration w ith SWAT
8/8/2019 RHCE Total
70/152
70
RHCERed Hat Certified EngineerM. A. Agheli M. A. Agheli
SessionSession 1313
8/8/2019 RHCE Total
71/152
71
TCP/ I P Service sTCP/ I P Service s
C lient Server
Process
Port
Port
Port
Process
2. C lient bindsto port
1. server binds toport and listens
4. Server designates port
3. C lient connectsto server
5. C lient and server communicate
8/8/2019 RHCE Total
72/152
72
R emote Logi nR emote Logi n
Telnet Telnet
Server & ClientServer & ClientSSHSSH
Server & ClientServer & Client
8/8/2019 RHCE Total
73/152
73
The Apache Web Server The Apache Web Server M odulesM odules
mod_ authmod_ authmod_infomod_infomod_phpmod_phpmod_includemod_include
mod_perlmod_perlmod_sslmod_ssl
8/8/2019 RHCE Total
74/152
74
Ins tallatio n ApacheIns tallatio n Apache
rpmrpm Uvh httpdUvh httpd--[^d]*.rpm[^d]*.rpm
rpmrpm Uvh httpdUvh httpd--devel*.rpmdevel*.rpm
(for support apache modules)(for support apache modules)
8/8/2019 RHCE Total
75/152
75
Bas ic Co n figuratio nBas ic Co n figuratio n
httpd.conf httpd.conf SectionSection 11::
The G lob al Environment The G lob al EnvironmentSectionSection 22::
The Ma in Confi guration The Ma in Confi guration
SectionSection 33:: The Virtu a l Host Confi guration The Virtu a l Host Confi guration
8/8/2019 RHCE Total
76/152
76
Apache Adva n cedApache Adva n cedCo n figuratio nCo n figuratio n
Authentic a tion in Ap ache Authentic a tion in Ap acheConfi gure w ith P H PConfi gure w ith P H P
Confi gure w ith SSLConfi gure w ith SSLConfi gure Virtu a l HostConfi gure Virtu a l Host
8/8/2019 RHCE Total
77/152
8/8/2019 RHCE Total
78/152
78
Con figure Apache with PHPCon figure Apache with PHP
rpmrpm Uvh phpUvh php--44*.rpm*.rpm
Co n figure Apache with SSLCo n figure Apache with SSL
rpmrpm Uvh mod_ssl*.rpmUvh mod_ssl*.rpm
8/8/2019 RHCE Total
79/152
79
Co n figure Virtual Ho s tCo n figure Virtual Ho s t
< Virtu alHost< Virtu alHost 127127..00..00..22>>ServerAdminServerAdmin w ebm [email protected] w ebm [email protected] /v ar/ www /html/vh//v ar/ www /html/vh/ServerN ameServerN ame www .vh.com www .vh.com
< /Virtu alHost>< /Virtu alHost>
Confi gurin g Confi gurin g /etc/hosts/etc/hosts filefileConfi gurin g Confi gurin g httpd.conf httpd.conf filefile
8/8/2019 RHCE Total
80/152
80
StartStart
StopStopRest artRest art
Relo adRelo adStatusStatus
Apache Admi n is tratio nApache Admi n is tratio n
8/8/2019 RHCE Total
81/152
81
Trouble s hooti n g the ApacheTrouble s hooti n g the Apache
/v ar/lo g /mess ag es/v ar/lo g /mess ag es
/v ar/lo g /httpd//v ar/lo g /httpd/
/usr/sbin/httpd/usr/sbin/httpd SS(for virtu al host)(for virtu al host)
8/8/2019 RHCE Total
82/152
82
Securi n g Your Network Securi n g Your Network Usin g Usin g lokk itlokk itoror redh a tredh a t--confi gconfi g--securitylevelsecuritylevel Comm andComm andP ass w ord & P hysic a l SecurityP ass w ord & P hysic a l SecuritySecurin g TC P /I PSecurin g TC P /I P
Usin g Trip w ireUsin g Trip w ire
Keepin g UpKeepin g Up--toto--Da te on Linux SecurityDa te on Linux SecurityIssuesIssues
8/8/2019 RHCE Total
83/152
83
RHCERed Hat Certified EngineerM. A. Agheli M. A. Agheli
SessionSession 1414
8/8/2019 RHCE Total
84/152
84
FTPFTPInst a lla tionInst a lla tion
rpmrpm ivh vsftp*.rpmivh vsftp*.rpmConfi g F ileConfi g F ile
/etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf
Access Levels Access Levels
Anonymouse Access ( Anonymouse Access ( anonymouse_enableanonymouse_enable))User Access (User Access ( tcp_wrappers needstcp_wrappers needs))
8/8/2019 RHCE Total
85/152
85
Cache Server (Squid)Cache Server (Squid)
Inst all squidInst all squidrpmrpm ivh squid*.rpmivh squid*.rpm
Ma nag ing squidMa nag ing squid
start, stop, rest art, st a tus,start, stop, rest art, st a tus,relo adrelo ad
8/8/2019 RHCE Total
86/152
86
Squid Log File sSquid Log File s/v ar/lo g /squid/ access.lo g /v ar/lo g /squid/ access.lo g ((cache_ access_lo gcache_ access_lo g))/v ar/lo g /squid/c ache.lo g /v ar/lo g /squid/c ache.lo g ((cache_lo gcache_lo g))
/v ar/lo g /squid/store.lo g/v ar/lo g /squid/store.lo g((cache_store_lo gcache_store_lo g))
8/8/2019 RHCE Total
87/152
87
An Example of s quid.co n fAn Example of s quid.co n f
http_porthttp_port 80818081cache_effective_user squidcache_effective_user squidcache_effective_ group squidcache_effective_ group squid
acl all srcacl all src 00..00..00..00//00..00..00..00http_ access a llo w allhttp_ access a llo w all
cache_dir ufs /c achecache_dir ufs /c ache 1024 16 321024 16 32 visible_hostn ame w s visible_hostn ame w s11
8/8/2019 RHCE Total
88/152
88
R unn in g SquidR unn in g Squidservice squid st artservice squid st art
squidsquid dd11 zz
squidsquid dd11 f /etc/squid/squid.conf f /etc/squid/squid.conf
8/8/2019 RHCE Total
89/152
89
The Ki n d of Proxie sThe Ki n d of Proxie s
Upstre am P roxyUpstre am P roxycache_peer yourproxy.com p arentcache_peer yourproxy.com p arent 3128 31303128 3130
prefer_direct off prefer_direct off
Tr ansp arent P roxy Tr ansp arent P roxyhttpd_ accel_host virtu alhttpd_ accel_host virtu alhttpd_ accel_porthttpd_ accel_port 8080httpd_ accel_ w ith_proxy onhttpd_ accel_ w ith_proxy onhttpd_ accel_uses_host_he ader onhttpd_ accel_uses_host_he ader on
8/8/2019 RHCE Total
90/152
90
RHCERed Hat Certified EngineerM. A. Agheli M. A. Agheli
SessionSession 1515
8/8/2019 RHCE Total
91/152
8/8/2019 RHCE Total
92/152
92
Type of
R oute
sType of
R oute
s
Sta tic routeSta tic route
Dyn amic routeDyn amic route
C f i lC f i l
8/8/2019 RHCE Total
93/152
93
Compo n en ts of R outi n g R ule sCompo n en ts of R outi n g R ule s
Destin a tion I P AddressDestin a tion I P Address
An Interf ace An Interf ace An Option a l G a te wa y IP An Option a l G a te wa y IP Address Address
8/8/2019 RHCE Total
94/152
94
R outi n g Comma n dR outi n g Comma n droute addroute add netnet net_addr net_addr netm ask netm ask mask_addr mask_addr interface interface
route addroute add hosthost ip_addr ip_addr interface interface
route add def ault ga te wa yroute add def ault ga te wa y ip_addr ip_addr interface interface
A EAn ExampleAn Example
8/8/2019 RHCE Total
95/152
95
A
192.168.1.2
B
192.168.1.3
C
192.168.1.4
D
192.168.1.5
E
192.168.100.2
F
192.168.100.3
G
192.168.100.4
H
192.168.100.5
Gateway192.168.1.1
192.168.100.110.1.1.1
Router 10.1.1.2
Internet
eth0 eth1eth2
An Example An Example
l d ll d l
8/8/2019 RHCE Total
96/152
96
R elated R ule sR elated R ule sroute addroute add netnet 192192..168168..11..00 netm ask netm ask 255255..255255..255255..00 etheth00route addroute add netnet 192192..168168..100100..00 netm ask netm ask 255255..255255..255255..00etheth11route addroute add netnet 1010..11..11..00 netm ask netm ask 255255..255255..255255..00 etheth22route add def ault ga te wa yroute add def ault ga te wa y 1010..11..11..22 etheth22
ll
8/8/2019 RHCE Total
97/152
97
R es ultR es ultIf aceIf aceUseUseRef Ref M etricM etricF lag sF lag sG enm ask G enm ask G a te wa yG a te wa yDestin a tionDestin a tion
eth0eth0000000UHUH255.255.255.255255.255.255.255**192.168.1.1192.168.1.1
Eth1Eth1000000UHUH255.255.255.255255.255.255.255**192.168.100.1192.168.100.1
Eth2Eth2000000UHUH255.255.255.255255.255.255.255**10.1.1.110.1.1.1
eth0eth0000000UU255.255.255.0255.255.255.0**192.168.1.0192.168.1.0
Eth1Eth1000000UU255.255.255.0255.255.255.0**192.168.100.0192.168.100.0
Eth2Eth2000000UU255.255.255.0255.255.255.0**10.1.1.010.1.1.0
eth2eth2000000UG
UG
0.0.0.00.0.0.010.1.1.210.1.1.20.0.0.00.0.0.0lolo000000UU255.0.0.0255.0.0.0**127.0.0.0127.0.0.0
U: Network link is up H: Dest. Addr. Refers to a host G : Gateway
8/8/2019 RHCE Total
98/152
98
Electro n icElectro n icMailMail
(Se n dmail)(Se n dmail)
H E il Is S n t n d R i dH E il Is S n t n d R i d
8/8/2019 RHCE Total
99/152
99
How Email Is Sen t an d R eceivedHow Email Is Sen t an d R eceived
mail2 MTA
[email protected]@mail1.com
mail1 MTA
?
?
CC
8/8/2019 RHCE Total
100/152
100
Co n cept sCo n cept sM TA :M TA : Ma il Tr ansport A gentMa il Tr ansport A gentSM T P (serverSM T P (server--toto--server)server)
Simple Ma il Tr ansport P rotocolSimple Ma il Tr ansport P rotocolP O P (Ma il Access)P O P (Ma il Access)
P ost Office P rotocolP ost Office P rotocolIM A P (Ma il Access)IM A P (Ma il Access)
Interim Ma il Access P rotocolInterim Ma il Access P rotocol
M DA :M DA : Ma il Delivery A gentMa il Delivery A gentM UA :M UA : Ma il User A gentMa il User A gent
Ad f S d ilAd f S d il
8/8/2019 RHCE Total
101/152
101
Adva n tage of Se n dmailAdva n tage of Se n dmailOlder M TA Older M TA P o w erful M TA P o w erful M TA
Di s adva n tage of Se n dmailDi s adva n tage of Se n dmailSlo w Slo w Hi gh Lo ad EnvironmentHi gh Lo ad EnvironmentCrypto Confi gura tionCrypto Confi gura tion
MTAMTA
8/8/2019 RHCE Total
102/152
102
MTAsMTAsSendm a ilSendm a ilP ostfixP ostfixEximEximQ ma ilQ ma il
MUA sMUA sEvolution, Km a ilEvolution, Km a il (KDE)(KDE)BalsaBalsa (G NO ME)(G NO ME)M ozilla Ma ilM ozilla Ma il
R i d P kR i d P k
8/8/2019 RHCE Total
103/152
103
R equired Package sR equired Package s
sendm a ilsendm a il
sendm a ilsendm a il--cf cf im a pim a p ((Confi g xinetd)Confi g xinetd)((cont ains I M A P & P O Pcont ains I M A P & P O P 33))
8/8/2019 RHCE Total
104/152
8/8/2019 RHCE Total
105/152
8/8/2019 RHCE Total
106/152
106
R ejecti n g EmailR ejecti n g EmailEditEdit /etc/m a il/ access/etc/m a il/ access filefilesp am.comsp am.com REJECTREJECT
yahoo.com yahoo.com OK OK
service sendm a il rest artservice sendm a il rest art
SessionSession 1616
8/8/2019 RHCE Total
107/152
107
RHCERed Hat Certified EngineerM. A. Agheli M. A. Agheli
SessionSession 1616
8/8/2019 RHCE Total
108/152
108
h d l kh d l k
8/8/2019 RHCE Total
109/152
109
Where do I look?Where do I look?
//etc/nss w itch.conf etc/nss w itch.conf ((n ameservice s w itch)nameservice s w itch)
t@localhost:~$ cat /etc/nsswitch.conft@localhost:~$ cat /etc/nsswitch.confhosts: files dnshosts: files dns
ilil
8/8/2019 RHCE Total
110/152
110
File sFile s
Search order determined bySearch order determined bynss w itch.conf nss w itch.conf
It is polite to h a ve /etc/hosts first!It is polite to h a ve /etc/hosts first!sjh@mccoy:~$ cat /etc/hostssjh@mccoy:~$ cat /etc/hosts127127. .00..00..11 localhostlocalhost193193. .6262..8181..135135 mccoy.tardis.ed.ac.uk mccoy mccoy.tardis.ed.ac.uk mccoy
193193. .6262..8181..134134 baker.tardis.ed.ac.uk baker baker.tardis.ed.ac.uk baker193193. .6262..8181..132132 packages.tardis.ed.ac.uk packages packages.tardis.ed.ac.uk packages
D S lD S l
8/8/2019 RHCE Total
111/152
111
D NS Traver s alD NS Traver s al
1.1. Loc a l filesLoc a l files2.2. Dns server loc a llyDns server loc a lly3.3. Item in c ache?Item in c ache?4.4. Root server,Root server, w ork your wa y w ork your wa y
do w ndo w n
R l i NR l i N
8/8/2019 RHCE Total
112/152
112
R es olvi n g Name sR es olvi n g Name s
Confi gura tion F iles for the Loc a lConfi gura tion F iles for the Loc a lHost N ame Resolution (import antHost N ame Resolution (import antfor testin g)for testin g)
/etc/resolv.conf /etc/resolv.conf
/etc/nss w itch.conf /etc/nss w itch.conf /etc/host.conf /etc/host.conf
DNSDNS
8/8/2019 RHCE Total
113/152
113
D NSD NS
BINDBIND Ber k ley Internet N ame D aemonBer k ley Internet N ame D aemonDentsDents bu gg y as hell (still in a lph a?)bu gg y as hell (still in a lph a?)D jbdnsD jbdns Dan BernsteinDan Bernstein s DNS servers DNS serverBanyan VINESBanyan VINES dondon t go there!t go there!
N d ( d )N d ( d )
8/8/2019 RHCE Total
114/152
114
Named ( n ame dee) Named ( n ame dee)/etc/n amed.conf:/etc/n amed.conf:this defines a directory to store the DNS config files this defines a directory to store the DNS config files
Contains info about what zones we serve, and where to find config files! Contains info about what zones we serve, and where to find config files! Config file for named Config file for named tells us if we are master / slave, allow or deny zone transfers,tells us if we are master / slave, allow or deny zone transfers,what the IPs of other master / slave servers are, etc.what the IPs of other master / slave servers are, etc.
< DNSROOT>/root.hints:< DNSROOT>/root.hints:Contains "pointers" to the Root Servers Contains "pointers" to the Root Servers
< DNSROOT>/< DNSROOT>/127127..00..00::Config for reverse Config for reverse- -lookup to the local host/subnet lookup to the local host/subnet
< DNSROOT>/ < zone>:< DNSROOT>/ < zone>:Config for zone Config for zone
< DNSROOT>/ < in< DNSROOT>/ < in--addr. arpa file>addr. arpa file>Config for reverse lookup for your zone Config for reverse lookup for your zone
A s imple n amed co n fA s imple n amed co n f
8/8/2019 RHCE Total
115/152
115
A imple amed.co f A imple amed.co f ## n amed.custom## n amed.custom - - custom confi guration for bindcustom confi guration for bind
zone "." {zone "." {type hint;type hint;file "root.lists";file "root.lists";
};};options {options {
directory "/v ar/n amed/";directory "/v ar/n amed/";};};zone "zone "00..00..127127.in.in--addr. arpa" {addr. arpa" {
type m aster;type m aster;file "file "127127..00..00";";
};};zone "hq. alim.ir" {zone "hq. alim.ir" {
type m aster;type m aster;
file "hq. a lim.ir";file "hq. a lim.ir";};};zone "zone "168168..168168..192192.in.in--addr. arpa" {addr. arpa" {
type m aster;type m aster;file "file "192192..168168..168168";";
};};
DNS DDNS D
8/8/2019 RHCE Total
116/152
116
D NS DataD NS DataDNS d atabases cont a in more th an justDNS d atabases cont a in more th an just
hostn amehostn ame--toto--address records:address records:SOA SOA Start Of AuthorityStart Of Authority it is the d addy!it is the d addy!
IN NSIN NS N ame ServerN ame ServerIN M XIN M X Ma il eXch angerMa il eXch angerIN A IN A A record (Address record) A record (Address record)
IN CNA M EIN CNA M E Canonic al NA M ECanonic al NA M E
A s imple zo n e fileA s imple zo n e file
8/8/2019 RHCE Total
117/152
117
A imple zo e fileA imple zo e file@ IN SOA hq. a lim.ir. root.hq. a lim.ir. (@ IN SOA hq. a lim.ir. root.hq. a lim.ir. (
199609206199609206 ; seri a l, tod a ys d a te + tod a ys seri a l #; seri a l, tod a ys d a te + tod a ys seri a l #88H ; refresh, secondsH ; refresh, seconds22H ; retry, secondsH ; retry, seconds44W ; expire, seconds W ; expire, seconds11D ) ; minimum, secondsD ) ; minimum, seconds
NSNS hq. a lim.ir.hq. a lim.ir.
M XM X 1010 hq. a lim.ir. ; P rim a ry Ma il Exch angerhq. a lim.ir. ; P rim a ry Ma il Exch anger TXT TXT "Alim IT Center""Alim IT Center"
loca lhostloca lhost A A 127127..00..00..11routerrouter A A 192192..168168..168168..11hq. a lim.ir.hq. a lim.ir.A A 192192..168168..168168..22nsns A A 192192..168168..168168..33
www www A A 207207..159159..141141..192192ftpftp CNA M ECNA M E hq. a lim.ir.hq. a lim.ir.m a ilm a il CNA M ECNA M E hq. a lim.ir.hq. a lim.ir.ne w sne w s CNA M ECNA M E hq. a lim.ir.hq. a lim.ir.
A s imple i nA s imple i n-- addr.arpa fileaddr.arpa file
8/8/2019 RHCE Total
118/152
118
A imple iA imple i addr.arpa fileaddr.arpa file$TTL$TTL 33DD
@ IN SOA hq. a lim.ir. root.hq. a lim.ir. (@ IN SOA hq. a lim.ir. root.hq. a lim.ir. (199609206199609206 ; Seria l; Seria l2880028800 ; Refresh; Refresh72007200 ; Retry; Retry604800604800 ; Expire; Expire8640086400) ; M inimum TTL) ; M inimum TTL
NS hq. a lim.ir.NS hq. a lim.ir.; Servers; Servers11 P TR router.hq.a lim.ir.P TR router.hq.a lim.ir.22 P TR hq.a lim.ir.P TR hq.a lim.ir.22 P TR funn.hq.a lim.ir.P TR funn.hq.a lim.ir.; Wor k sta tions; Wor k sta tions200200 P TR w sP TR w s--177200177200.hq. a lim.ir..hq. a lim.ir.201201 P TR w sP TR w s--177201177201.hq.a lim.ir..hq. a lim.ir.202202 P TR w sP TR w s--177202177202.hq. a lim.ir..hq. a lim.ir.
F d D NSF d D NS
8/8/2019 RHCE Total
119/152
119
Forward D NSForward D NShq. a lim.ir ( as per /etc/n amed.conf)hq. a lim.ir ( as per /etc/n amed.conf)
SOA SOA Start Of AuthorityStart Of Authority it is the d addy!it is the d addy!IN NSIN NS N ame ServerN ame ServerIN M XIN M X Ma il eXch angerMa il eXch angerIN A IN A A record (Address record) A record (Address record)
IN CNA M EIN CNA M E Canonic al NA M ECanonic al NA M E
R s D NSR s D NS
8/8/2019 RHCE Total
120/152
120
R ever s e D NSR ever s e D NS
192192..168168..168168 ((as per /etc/n amed.conf as per /etc/n amed.conf ))SOA SOA IN NSIN NSIN P TR IN P TR P ointerP ointer
DNS R n d R bi nDNS R n d R bi n
8/8/2019 RHCE Total
121/152
121
D NS R oun d R obi nD NS R oun d R obi n
F ault toler ance? Throu gh nifty DNSF ault toler ance? Throu gh nifty DNShack shack s
www.teviot.com. www.teviot.com. 60 60 ININ A A 1010..00..11..100100 www.teviot.com. www.teviot.com. 60 60 ININ A A 1010..00..22..100100 www.teviot.com. www.teviot.com. 60 60 ININ A A 1010..00..33..100100
C n Mi s t k sC n Mi s t k s
8/8/2019 RHCE Total
122/152
122
Commo n Mi s take sCommo n Mi s take s
F orgettin g to increment the Seri a l Number!F orgettin g to increment the Seri a l Number!CNA M E pointin g a t another CNA M E!CNA M E pointin g a t another CNA M E!F
orgettin g theF
orgettin g the
..
In a ppropri a te pl aces!In a ppropri a te pl aces!Underscores in hostn ames!Underscores in hostn ames!F orgettin g to relo ad the d aemon!F orgettin g to relo ad the d aemon!
Version control issues Version control issues clobber ch anges!clobber ch anges! TTL Issues TTL Issues
Tes t Tool sTes t Tool s
8/8/2019 RHCE Total
123/152
123
Tes t Tool sTes t Tool snsloo k upnsloo k updigdig
dig mail.hq. alim.irdig mail.hq. alim.ir
dig dig --xx 192192..168168..168168..22dig dig 168168..168168..192192.in.in--addr. arpa . AXF R addr. arpa . AXF R
w hois w hois
http:// www .squish.net/dnschec k /http:// www .squish.net/dnschec k / James P onder James P onder s DNS chec k w eb p ag es DNS chec k w eb p ag e
SessionSession 1717
8/8/2019 RHCE Total
124/152
124
RHCERed Hat Certified EngineerM. A. Agheli M. A. Agheli
FirewallFirewall
8/8/2019 RHCE Total
125/152
125
FirewallFirewall
ControlControl Allo w only those p ack ets th a t you are Allo w only those p ack ets th a t you are
interested to p ass throu gh.interested to p ass throu gh.SecuritySecurityRe ject p ack ets from m a licious outsidersRe ject p ack ets from m a licious outsiders
Wa tchfulness Wa tchfulnessLog pack ets to/from outside w orldLog pack ets to/from outside w orld
R equired Propertie s:R equired Propertie s:
Firewall Type sFirewall Type s
8/8/2019 RHCE Total
126/152
126
Firewall Type sFirewall Type s
P ack et F ilterin gP ack et F ilterin g
P roxyP roxy--Based F ire wa llBased F ire wa ll
Statefull
Stateless
P k t Filt d LiP k t Filt d Li
8/8/2019 RHCE Total
127/152
127
Packet Filter u n der Li n uxPacket Filter u n der Li n ux11st gener a tionst gener a tionipfw (from BSD)ipfw (from BSD)
22nd gener a tionnd gener a tion
ipfwadm ( L inuxipfwadm ( L inux 22..00) )33rd gener a tionrd gener a tion
ipchains ( L inuxipchains ( L inux 22..22) )
44th gener a tionth gener a tioniptable ( L inuxiptable ( L inux 22..44 && 22..66) )
Ins talli n g Iptable sIns talli n g Iptable s
8/8/2019 RHCE Total
128/152
128
Ins talli n g I ptable sIns talli n g I ptable s
Kernel Supports Ipt ablesKernel Supports Ipt ablesNetworking O ptionsNetworking O ptions --> TCP/IP Networking > TCP/IP Networking - -> Network Packet Filtering > Network Packet Filtering Networking O ptionsNetworking O ptions --> TCP/IP Networking > TCP/IP Networking - -> IP: advanced router> IP: advanced router --> *> *Networking O ptionsNetworking O ptions --> IP: NetfilterNetworking O ptions> IP: NetfilterNetworking O ptions --> IP: Netfilter> IP: Netfilter
F or P ack ets Tr affic Control :F or P ack ets Tr affic Control :Networking O ptions> QoS and/or fair queueing Networking O ptions> QoS and/or fair queueing --> *> *
# rpm# rpm - -ivhivh \\ipt ablesipt ables--11..22..66aa--22.i.i386386.rpm.rpm
Chai ns of Table sChai ns of Table s
8/8/2019 RHCE Total
129/152
129
INPUTINPUTControls packets entering your systemControls packets entering your system
O UTPUTO UTPUTControls packets leaving your systemControls packets leaving your system
FOR WAR DFOR WAR D
Controls what packets can move from oneControls what packets can move from onenetwork to another through your systemnetwork to another through your system
Chai of TableChai of Table
8/8/2019 RHCE Total
130/152
130
Forward
In put
Output
Local Process
R outi n gDeci s ion
8/8/2019 RHCE Total
131/152
131
1.1. When a packet comes in, the kernel first looks at When a packet comes in, the kernel first looks at
the destination of the packet: this is called routing.the destination of the packet: this is called routing.2.2. If itIf its destined for this boxs destined for this box
Passes downwards in the diagramPasses downwards in the diagram
To INPUT chain To INPUT chainIf it passes, any processes waiting for that packet will receiveIf it passes, any processes waiting for that packet will receiveit.it.
O therwise go to stepO therwise go to step 33
C ontinue
8/8/2019 RHCE Total
132/152
Packet Statu s inPacket Statu s in
8/8/2019 RHCE Total
133/152
133
Packet Statu i Packet Statu i I ptable sI ptable s
Est ablishedEst ablished
Ne w Ne w Rela tedRela tedInv a lidInv a lid
8/8/2019 RHCE Total
134/152
134
R es ult s of Packet Checki n gR es ult s of Packet Checki n g
ACCE P T ACCE P T
DRO PDRO PREJECTREJECT
8/8/2019 RHCE Total
135/152
NetworkThe Path of PacketThe Path of Packetin Iptable sin Iptable s
8/8/2019 RHCE Total
136/152
136
Mangle TablePRERO U TING C hain
NAT TablePRERO U TING C hain Destination NAT
Mangle INP U T
Filter INP U T
Local process
Routing decision
Mangle OU
TPU
T
Mangle FORWARD
ManglePOSTRO U TING
NATPOSTRO U TING C hain
Network
Source NAT
Based on routing
Routingdecision
i ptablei ptable
NAT O U TP U T
Filter O U TP U T
Filter FORWARD
Table s of Chai nsTable s of Chai ns
8/8/2019 RHCE Total
137/152
137
Table s of Chai nsTable s of Chai ns
PO STRO UTIPO STRO UTINGNGP
R ERO UTINGPR ERO UTINGFOR WAR DFOR WAR DO UTPUTO UTPUTINPUTINPUTChainChain
tabletable
**********MANG L EMANG L E
****--**--NATNAT
----******FIL TE R FIL TE R
8/8/2019 RHCE Total
138/152
138
Buildi n g a R ule s ource/de s tin atio nBuildi n g a R ule s ource/de s tin atio n
ipt ablesipt ables ss 200200..200200..200200..11R efers to packet from a specific IP addressR efers to packet from a specific IP address
The The --ss refers to the source of the packet, where therefers to the source of the packet, where thepacket is coming from.packet is coming from.
A corresponding A corresponding --dd refers to the destination, whererefers to the destination, where
the packet is going to.the packet is going to.
Buildi n g a Rule Actio nBuildi n g a Rule Actio n
8/8/2019 RHCE Total
139/152
139
Buildi g a R ule ActioBuildi g a R ule Actio
iptablesiptables ss 200200..200200..200200..11 --j DRO Pj DRO P The The --jj determines what happens to thedetermines what happens to the
Buildin
g a R uleBuildin
g a R uleI P addre ss ran ge sI P addre ss ran ge siptablesiptables ss 200200..200200..200200..00//2424 --j DRO Pj DRO P
IPs that matchIPs that match 200200..200200..200200.*.* The The //2424 refers to the number of bits that are fixed,refers to the number of bits that are fixed,counting from the left.counting from the left.
Other Actio nsOther Actio ns
8/8/2019 RHCE Total
140/152
140
Other ActioOther Actio
R EDI R ECTR EDI R ECTSends packets to a proxy Sends packets to a proxy
LO
GLO
G Tracks packets as they match rules Tracks packets as they match rulesR ETU R NR ETU R N
Terminates user defined chains Terminates user defined chains
Buildi n g a R uleBuildi n g a R ule
8/8/2019 RHCE Total
141/152
141
appe n din g rule s to table sappe n din g rule s to table s
iptablesiptables A A IN P UTIN P UT ss 200200..200200..200200..11 --j DRO Pj DRO P The The --A A appends the rule to an iptableappends the rule to an iptable
The TheINPUTINPUT
specifies the iptablespecifies the iptable
This command makes your system to ignore all packets This command makes your system to ignore all packetsfromfrom 200200..200200..200200..11
iptablesiptables A A OUT P UTOUT P UT dd 200200..200200..200200..11 j DRO Pj DRO P This command does not allow your system to sent packets to This command does not allow your system to sent packets to200200..200200..200200..11
Buildi n g a R uleBuildi n g a R ule
8/8/2019 RHCE Total
142/152
142
on ly blocki n g s ome packet son ly blocki n g s ome packet sipt ablesipt ables A IN P UT A IN P UT ss 200200..200200..200200..11 p tcp p tcp ----destin ationdestin ation--port telenet port telenet j j DRO PDRO P
The The --pp specifies a specific protocol: tcp, udp, or icmpspecifies a specific protocol: tcp, udp, or icmp The The --destinationdestination--portport is where the packet is going is where the packet is going
Y ou can user the service name or the port number Y ou can user the service name or the port numberCould useCould use 2323 in this examplein this example
Keep in mind that the sourceKeep in mind that the source--port is very different from the destinationport is very different from the destination--port.port.In this example the inbound message is going to your telenet server. TheIn this example the inbound message is going to your telenet server. Thetelenet client that is sending you the message could be running on any port.telenet client that is sending you the message could be running on any port.
----dport ==dport == ----destinationdestination--portport----sport ==sport == ----sourcesource--portport
Buildi n g a R uleBuildi n g a R ule
8/8/2019 RHCE Total
143/152
143
multiple n etwork i n terface smultiple n etwork i n terface s Assume your machine has two interface cards. O ne to a L AN named Assume your machine has two interface cards. O ne to a L AN namedetheth00 and the other to the Internet named pppand the other to the Internet named ppp00
iptablesiptables A INPUT A INPUT p tcpp tcp ----dport telnetdport telnet i pppi ppp00 j DRO Pj DRO P The The --ii option specifies the input interfaceoption specifies the input interface
The is also a The is also a --oo option for the output interfaceoption for the output interface
iptablesiptables A INPUT A INPUT p tcpp tcp ----dport telnetdport telnet i ethi eth00 j ACCEPTj ACCEPT
Together these rules would accept telnet requests from the L AN but Together these rules would accept telnet requests from the L AN butblock telnet requests from the Internet.block telnet requests from the Internet.
Buildi n g a Rule Table Policie sBuildi n g a Rule Table Policie s
8/8/2019 RHCE Total
144/152
144
Buildi n g a R ule Table Policie sBuildi n g a R ule Table Policie s
iptablesiptables P FOR WAR D ACCEPTP FOR WAR D ACCEPT The The --PP option followed by a table name and actionoption followed by a table name and actiondetermines the default policy of the table. If no ruledetermines the default policy of the table. If no rule
in the table matches this default action is taken.in the table matches this default action is taken. The usual policies are The usual policies are
INPUT = ACCEPTINPUT = ACCEPTO
UTPUT = ACCEPTO
UTPUT = ACCEPTFOR WAR D = DEN Y FOR WAR D = DEN Y
Buildi n g a R uleBuildi n g a R ule
8/8/2019 RHCE Total
145/152
145
Addi n g R ule s to Table sAddi n g R ule s to Table siptablesiptables A INPUT A INPUT ss 200200..200200..200200..11 --j DRO Pj DRO P
Appends the rule to the end of the table Appends the rule to the end of the table
iptablesiptables I INPUTI INPUT 33 ss 200200..200200..200200..11 --j DRO Pj DRO PInserts the rule as ruleInserts the rule as rule 33 in the table, moving all other rulesin the table, moving all other rulesdowndown 11..
iptablesiptables R INPUTR INPUT 33 ss 200200..200200..200200..11 --j DRO Pj DRO PR eplaces ruleR eplaces rule 33 in the tablein the table
iptablesiptables D INPUTD INPUT 33Deletes ruleDeletes rule 33 in the tablein the table
Operatio ns to ma n age wholeOperatio ns to ma n age whole
8/8/2019 RHCE Total
146/152
146
chai nschai ns--NN Create a new chainCreate a new chain
--X X Delete an empty chainDelete an empty chain
--PP Change the policy for a builtChange the policy for a built--in chainin chain--LL L ist the rules in a chainL ist the rules in a chain
--FF Flush the rules out of a chainFlush the rules out of a chain
--ZZ Zero the packet and byte counters on allZero the packet and byte counters on allrules in a chainrules in a chain
Ma n ipulate rule s ins ide a chai nMa n ipulate rule s ins ide a chai n
8/8/2019 RHCE Total
147/152
147
--A A Append a new rule to a chain Append a new rule to a chain
--II Insert a new rule at some position in aInsert a new rule at some position in achainchain
--R R R eplace a rule at some position in a chainR eplace a rule at some position in a chain
--DD Delete a rule at some position in a chainDelete a rule at some position in a chain
--DD Delete the first rule that matches in a chainDelete the first rule that matches in a chain
An ExampleAn Example
8/8/2019 RHCE Total
148/152
148
192.168.1.5GW: 192.168.1.1
192.168.1.6GW: 192.168.1.1
192.168.1.7GW: 192.168.1.1
192.168.1.1
Internet
Firewall
eth0
eth1Web Server
SSH Server Accessible ONLY via LAN
SessionSession 1818
8/8/2019 RHCE Total
149/152
149
RHCERed Hat Certified Engineer
M. A. Agheli M. A. Agheli
Advanced Advanced
Traffic Shapi n g (C BQ )Traffic Shapi n g (C BQ )
8/8/2019 RHCE Total
150/152
150
Traffic Shapi n g (C BQ )Traffic Shapi n g (C BQ )/etc/rc.d/init.d/cbq.init/etc/rc.d/init.d/cbq.init
((http://ovh.dl.sourcefor ge.net/sourcefor ge/cbqinit/cbq.inithttp://ovh.dl.sourcefor ge.net/sourcefor ge/cbqinit/cbq.init- -v v00..77..33))
Inst a llInst a ll sh a pecf gsh a pecf gR P MR P M
/etc/sysconfi g /cbq/*/etc/sysconfi g /cbq/* ((00020002--FFFF )FFFF )
/etc/rc.d/init.d/cbq.init st art/etc/rc.d/init.d/cbq.init st art
Sample of C BQ Sample of C BQ
8/8/2019 RHCE Total
151/152
151
Co n figuratio nCo n figuratio nDEVICE=ethDEVICE=eth0 0,,1010M bit,M bit,11M bitM bit
RATE=RATE=1010 KbitKbitP RIO=P RIO=55RULE=:RULE=:2121,,192192..168168..11..00//2424
8/8/2019 RHCE Total
152/152
T he End
Good Luck