System Administration, for Linux

Procedure for checking System, after login

check for suspicious activity when you login

• check the environment...
  • ...]# set
• show who is logged on and what they are doing...
  • ...]# w
• report process status -- make sure all needed processes are running (ex: apache, mysql, ssh)...
  • ...]# ps -auxf
• display used/free memory...
  • ...]# free -m
• display network interface information -- make sure your interfaces are up and running...
  • ...]# ifconfig
• show network connections -- see what ports your system is listening on and the programs behind those ports...
  • ...]# netstat -ape
• view logged activity...
  • ...]# less /var/log/secure
• view logged activity...
  • ...]# less /var/log/messages
• show listing of last logged in users...
  • ...]# last
• show log of login activity by user name...
  • ...]# lastlog
• list loaded modules...
  • ...]# lsmod

Services

chkconfig is a tool for maintaining the /etc/rc[0-6].d directory hierarchy by relieving system administrators of the task of directly manipulating the numerous symbolic links in those directories.

• lists all of the services which chkconfig knows about...
  • ...]# chkconfig --list
• turn services OFF or ON, on specified System Run-Levels...
  • ...]# chkconfig --level 0123456 service off/on

Killing processes

• list running processes with their pids, hierarchical structure...
  • ...]# ps -auxf
• kill process...
  • ...]# kill pid
• kill process, if previous kill is unsuccessful...
  • ...]# kill -9 pid

Changing Hostname

• Edit /etc/sysconfig/network...
  • Edit HOSTNAME="www.domain.com"
  • Edit DOMAINNAME="domain.com"
• Restart
• ...]# hostname
  • www.domain.com
• Prompt will now display as [user@www dir]#

Update local host aliases

• Edit /etc/hosts...
  • Format is IP <tab> www.your.domain <tab> alias
  • For localhost: 127.0.0.1 <tab> localhost.localdomain <tab> localhost

Add an extra IP address

• ...]# cd /etc/sysconfig/network-scripts/
• /etc/sysconfig/network-scripts]# cp ifcfg-eth0 ifcfg-eth0:1
• Edit ifcfg-eth0:1...
  • Edit DEVICE="eth0:1"
  • Edit IPADDR="put.extra.ip.here"
• Bind IP address with...
  • ...]# ifup eth0:1

Put NIC into Promiscuous Mode

Promiscuous mode allows your NIC to read ALL the data that is sent over the wire, not just your IP.

• ...]# ifconfig eth0 promisc
• Remove promiscuous mode with...
  • ...]# ifconfig eth0 -promisc

View Process info and Network connections

• ...]# ps -auxf
• ...]# netstat -ape

System info

• Display Bootup messages: ...]# dmesg
• Display System information: ...]# uname -a
  • Linux www.domain.com 2.4.20-19.7 #1 Tue Jul 15 13:44:14 EDT 2003 i686 unknown

File Ownership

• Change file owner and group: ...]# chown owner:group file
• Change dir/file owner and group recursively: ...]# chown -R owner:group dir
  • Recursive: every file and sub-directory under the specified directory

Red Hat Network up2date, command line

• Register with the Red Hat Network...
  • ...]# rhn_register --nox
• Change up2date options...
  • ...]# up2date --configure
  • configuration file: /etc/sysconfig/rhn/up2date
• Packages/headers located under /var/spool/up2date
• Update the update program...
  • ...]# up2date --nox up2date
• Show available relevant updated packages...
  • ...]# up2date --nox -l
• Update system with all relevant packages...
  • ...]# up2date --nox -u
• Install or Update package...
  • ...]#up2date --nox package_name