Red hat 5 视频教程笔记

00 - Ingress
01 - Welcome Message
02 - Classroom Topology
03 - CD/DVD Install

pratice：

看完视频，我自己在公司的电脑上装这个系统，用的是RHEL5.5版本DVD，在安装的时候遇到一个问题：网络配置的时候如果勾选任意网卡的active on boot，配上地址或DHCP，点下一步就会卡在那里，很久无反应。最后是去掉所有active on boot的勾才装成功， 原因后来想可能是没激活成功导致了僵死。

安装成功后，进入命令行:

#su  输入root密码

#system-config-network  进入网络配置图形界面

激活各个网卡，配置地址，在active device when computer starts上打勾，就可以在启动时自动激活网卡了。

command note:

$uname -a    //return OS/Kernel information 

Linux rhel.stephen.chinamobile 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:43 EDT 2010 i686 i686 i386 GNU/Linux

rhel.stephen.chinamobile       :domain name 

2.6.18-194.el5     :2.6 is Major version      .18 is Minor version

Tue Mar 16 21:52:43 EDT 2010:  compiled time

 $df -h    //see disk information

$/sbin/ifconfig   //see network interface card information

$ping -c 3 10.156.232.254   //ping the destination ip for 3 times

$ssh root@192.168.75.100   //login through ssh

04 - VMWare Install
05 - VMWare Network Install
06 - RAID5 Install

1.启动盘boot.iso启动后，输入linux askmethod

2.安装方式选择HTTP，ip config选OK就可以了

web site name: 192.168.75.100

RHEL Server directiory :/RH5/i386

以后同CD 安装方式

07 - LVM Network Install
08 - Kickstart Install
09 - Kickstart Install with RAID5
10 - FTP fetch Install

comand note:

首先配置ftp 服务

#useradd -s /bin/false -d /srv/ww/linuxcbt.com   stephen       //add a user

#passwd stephen

#ftp stephen@192.168.75.100

重启 server with boot.iso(your install cd/dvd) 

 type 'linux askmethod',enter install phase.

选择ftp安装方式，设置

 FTP Site name：192.168.75.100

 RHEL directiory：/srv/www/linuxctb.com/RH5/i386

OK下一步

输入FTP account name 和password

进入安装程序，同CD安装步骤。

#swapon -s   //see swap partition information

#grep default /etc/inittab   //see inittab default

#   0 - halt (Do NOT set initdefault to this)
#   6 - reboot (Do NOT set initdefault to this)

 

唯独没有介绍硬盘安装方式，补充在这里：

见 http://www.cnblogs.com/babykick/archive/2011/06/22/2086726.html

 

11 - BIOS - GRUB - INT

grub 界面的kernel 行最后加single进入单用户模式

单用户模式：

1.单个用户登录时其他用户不能登录

2.经常用于找回密码

#which passwd  //where password save

#whoami     //current user info.

#which init   //current init process information

#ps -ef | grep init    //see init process

boot sequence:

Power on --> Bios (RAM, keyborad, mouse, storage, etc.)  --> Bootable media (MBR 512bytes bootcode  ) -->stage 1 (load file system) --> stage1.5(load file system) ---> stage 2 (launch init process)--> INIT --> /etc/inittab -->setup the approprite runlevel

#cd /boot/

#ls -ltr

#ls -ltr grub.conf

#less grub.conf  //see grub.conf content

#init 1    //start init 1 process

#ps -ef | grep -i init

#cd /etc/rc.d   //under directory rc.d saves a lot of scripts

#ls -ltr init.d

#cd rc1.d   //runlevel 1 scripts directory

K开头的是kill program script

S开头的是start program script

#ls -l s* | wc -l   //统计多少start scripts

#ls -l k* | wc -l   //统计多少kill scripts

#tty

#init 3  //enter init 3 runlevel

#netstat -ntl

#runlevel //see which runlevel we are in

12 - Rescue Environment

Rescue Envirenment

#runlevel   //查看runlevel

N 3   //runlevel number 3

#reboot

进入启动界面

boot:  输入linux rescue    

选择media，如http:

select http media:

web site name:192.168.75.100

Red Hat Enterprise linux server directory :  /RH5/i386

出现提示Retrieving image… ，will mount /mnt/sysimage ,点击press继续

#df –h

#cd /mnt/sysimage

#ls –ltr

#passwd root   

Unknown uid 0

#chroot /mnt/sysimage

#df –h

#passwd

#chroot /mnt

#cd /etc

#ls –l grub.conf

#nano grub.conf

#ls –ltr /boot/

#reboot

如果启动分区加载不了出现Error： Selected disk doesn’t exist

启动界面修改grub命令行

在kenel 行最后加入single进入单用户模式,修改grub.conf

如果fstab破坏：

#root

#root passwd

#nano /etc/grub.conf

#cd /etc

#less fstab

#mv fstab fstab.corrupt

#reboot

提示fstab  file not found 等等

1、  用安装光盘启动

2、  boot:linux rescue

3、  #df –h

#fdisk –l   //列出所有分区 

找到可用的启动分区

#mkdir /mnt/sysimage

#mount /dev/sda2 /mnt/sysimage/

#df –h

#cd /mnt/sysimage

#ls

#cd etc/

#ls –l fstab.corrupt

#mv fstab.corrupt fstab

#less fstab

#reboot

13,14,15 - Basic Shell Skills

1.tty   -reveals the current terminal
2.whoami  -reveals the currently logged-in user
3. which -reveals where in the search path a program is located
$which tty
/usr/bin/tty
$which whoami
/usr/bin/whoami
4.echo -prints to the screen
$echo $PATH
$echo $PWD - dumps the contents of the $PWD variable
$echo $OlDPWD - dumps the most recently visited directory
$echo $?  - reveals wheather last command executed normally
5.set - prints and optionally sets shell variables
$set  //reveal all shell variables
6.clear -clear the screen or teminal
7.reset - resets the screen buffer
8.history - reveals your command history
   a.!690 - executes the 690th command in our history
   b. command history is manitained on a per-use basis via:
   ~/.bash_history
~ equals users's $HOME directory 
9.pwd - prints the working derectory
$ls -l .bash_history
$less .bash_history
10. cd  -  changes directory to desired directory
$cd ~  changes to the $HOME directory
cd /  changes to the root directory
cd ..  changes us one-level up on the directory tree
cd ../.. changes us two-levels up in the directory tree

11.Arrow Keys (up and down) navigates the history commands
12.BASH supports tab completion:
type unique characters in the command and press tab
$system-config- 
then press tab
system-config-date
system-config-display
......
13.You can copy and paste in GNOME terminal windows using:
 a.left button to block
 b.right button to paste OR CTRL0Shift-V to paste

14.ls - lists directories and files
 a. ls / - lists the content of the '/' monut point
 b.ls -l -lists the contents of a directory in long format:
 includes: permissions ,links, ownership, size, date, name
 c. ls -ld - lists properties of the directory '/etc', NOT the contents of '/etc'
 d. ls -ltr - sorts chronologically from older to newer (bottom)
 e. ls -- help - returns possible usage information
 f. ls -a - reveals hidden files  e.g. '.bash_history'
Note: files/directories prefixed with '.' are hidden. e.g.
'.bash_histroy'
 g. ls -li .bash_history -reveals the inode of the file
15.cat - catenates files
 a.$cat 123.txt - dumps the contens of '123.txt' to STDOUT
 b.$cat 123.txt 456.txt - dumps both files to STDOUT
 c.$cat 123.txt 456.txt >123456.txt - creates catenated file
16.mkdir - creates a new directory
 a.mkdir testRH5 - creates a 'testRH5' directory
17. cp - copies files
 a. cp 123.txt testRH5/
By default, 'cp' does NOT preserve the original modification time
 b. cp -v 456.txt testRH5/
18. mv - moves files
 a. mv 123456.txt testRH5/ - moves the file, preserving timestamp
 
19. rm - removes files/directories

   a. rm 123.txt

   b. rm -rf 456.txt - removes recursively and enforce

20. touch - creates blank file/updates timestamp

  a.touch test.txt will create a zero-byte file, if it doesn't exist

  b.touch 123456.txt - will update the timestamp

  c. touch -t 200801091530 123456.txt - changes timestamp

21. stat - reveals statistics of files

    a. stat 123456.txt - reveal full attributes of the file

22. find - finds files using search patterns

   a. find / -name 'fstab'

Notes: 'find' can search for fields returned by stat command. find --help for details

23. alias - returns/sets aliases for commands

   a. alias -dumps current alias

   b. alias copy='cp -v'

###linux Rediretion & Pipes###

Features:

1. Ability to control input and output

Input redirection:

1. cat < 123.txt

Note: Use input redirection when program does NOT default to file as input

Output redirection '>':

1. cat 123.txt > onetwothree.txt

Note: Default nature is to:

1. Clobber the target file

2. Populate with information from input stream

Append redireciton '>>'

1.  cat 123.txt >> numbers.txt -creates 'numbers.txt'  if it doesn't exist, or appends if it does.

2. cat 456.txt >> numbers.txt

Pipes '|':

Features: Connects the output stream of one command to the input stream of subsequent command

1. cat 123.txt | sort

2. cat 456.txt 123.txt | sort

3. cat 456.txt 123.txt | sort | grep 3

###Command Chaining###

Features:

1. Permits the execution of multiple commands in sequence

2. Also permits execution based on the success or failure of a previous command

1.  cat 123.txt ; ls -l   - this runs first command, the second command without regards for exit status of the firest command

2.  cat 123.txt && ls -l

3. cat 1234.txt && ls -l -this runs the second if first command is successful

4. cat 123.txt || ls -l - this runs second command, if first command fails

24. more  | less - paginators, which display text one-page at  a time

1. more /etc/fstab

2. less 1thousand.txt

25. seq -  echoes a sequence of numbers

a. seq 1000 > 1thousand.txt

b. seq 5  5 20 -  the paras are start increment end

26. su - switches users

a. su -  with no options attempts to log in as 'root'

27. head - displays opening lines of text files

a.head /var/log/messages

28. tail - displays the closing lines of text files

  a. tail /var/log/messages

29. wc - counts words and optionally lines of text files

a. wc -l /var/log/messages - count lines

b. wc -w var/log/messages - count  words

30.  file - determines file type

 a. file /var/log/messages

 - Bzip2 - Unzip - Tar

###Tar, Gzip, Bzip2, Zip###

Features:

1. Compression

2. File rollers(the ability to represent many files as one)

Gzip:

Includes:

1. gzip

2. gunzip -decompresses gzip files

Tasks:

  1. compress '1million.txt' file using gzip

    a.gizp -c 1million.txt

Note: gzip auto-dumps to STDOUT, by default

b. gzip -l lmillion.txt.gz - returns status information

c. gunzip 1lmillion.txt.gz - dumps to file, decompressed, and removed compress version.

d. gzip -d 1million.txt.gz - decompress the zip file

e. zcat 1million.txt.gz - dumps the contents to STDOUT

 f.less 1million.txt.gzip - dumps the contents of gzip files to STDOUT

Bzip2:

1. bzip2 -c 1million.txt > 1million.txt.bz2

Note: Bzip2 tends to outperform gzip on larger files

2. bunzip2 1million.txt.bz2

3.bzip2 -d 1million.txt.bz2

4. bzcat 1million.txt.bz2 - dump contents to STDOUT

5. less 1million.txt.bz2 - also  dumps the contents to STDOUT

Zip & unzip:

1. zip filename.zip path/ - general usage

 2. zip 1million.txt.zip 1million.txt

Note: zip deffers slight from gzip and bzip2 in that the destination file (resultant zip file) is specified before the source

3. unzip 1million.txt.zip

Tar & Gzip /Bzip2:

1. tar -cvf filename.tar path/ - creates a non-compressed archive

2. tar -cvf lmillion.txt.tar 1million.txt

Note: tar, requires a small overhead for itself in each file

3. tar -czvf 1million.txt.tar.gz 1million.txt - creates  tar/gzip document

4. tar -cjvf 1million.txt.tar.bz 1million.txt - creates  tar/bzip2 document

5. tar -tzvf -dumps the tar/gzipfile 

6. tar -cjvf 1million.txt.tar.bz 1million.txt testRH5 - creates tar/bzip2 document for the text file and 'testRH5' directory tree.

17 - GREP
Features:
 1. The ability to parse lines based on text and/or RegExes
 2. post-processor
 3. Searches case-sensitively, by default
 4. Searches the text everywhere on the line

1. grep 'linux' filename.txt
2. grep -i 'linux' grep1.txt - case-insensitive search
3. grep -i '^linux' grep1.txt - uses '^' anchor to anchor searches at the beginging of lines
4. grep -i 'linux' grep1.txt
5. grep '$linux' grep1.txt - uses '$' anchor to anchor searches at the ending of lines

Note: Anchors are Regex characters(meta - chararters). They're used to match at the beginning and end of line
6. grep '[0-9]' grep1.txt - returns lines containing at least 1 number
7. grep '[a-z].*' grep1.txt
8. rpm -qa | grep grep - searches the package database for programs named 'grep'
9. rpm -qa | grep -i xorg | wc -l -returns the number of packages with 'xorg' in their names
10. grep sshd messages  | wc -l
11. grep -v sshd messages -performs and inverted search (all but 'sshd' entries will be returned)
12. grep -v sshd messages  | grep -v gconfd
13. grep -c shhd messages -- count the time shhd occurs
14  grep -C 2 sshd messages - returns 2 lines, above and below matching line
Note: Most,if not all, Linux programs log linearly, which means on line after another,from the earlies to the current

Note: Use single or double quotes to specity Regexes ,Also, execute 'grep' using 'egrep' Regexes are being used.

18 - Awk

Features:
  1. Field processor
  2. Supports egrep-comatible (POSIX) RegExes
  3. Can return full lines like grep
  4. Awk runs 3 steps:
     a. BEGIN
     b. Body, where the main action(s) take place
     c. END - optional
  5. Muliple body actions can be executed by separating them using semicolons. e.g '{print $1; print $2}'

  6. Awk, auto-loops through input stream, regardless of the source of the stream. e.g. STDIN ,end with Ctrl+D .

 
Usage:
  1. awk '/optional_match/{action}' file_name | Pipe
  2. awk '{print $1}' grep1.txt

Note: Use single quotes with awk, to avoid shell interpolation of awk's variables

  3. awk '{print $1, $2}' grep1.txt
Note: Default input and output field separators is whitespace

  4. awk '/linux/{print }' grep1.txt - this will print All lines containing 'linux'
  
  5. awk '{if ($s ~ /Linux/) print}' grep1.txt

  6. awk '{ if ($2 ~ /8/) print }' /var/log/messages - this will print the entire line for log items for
     the 8th
 
  7. awk '{print $3}' /var/log/messages | awk -F: '{print $1, $2}'

19 - Sed

Features:
   1. Faciliates automated text editing
   2. Supports RegExes (POSIX)
   3. Like Awk, supports scripting using '-F' option

Usage:
 1. sed [options] 'instructions[s]' files[s]
 2. sed -n '1p'  grep1.txt prints the first line of the file
 3. sed -n '1,5p' grep1.txt - prints the first 5 lines of the file
 4. sed -n '$p' grep1.txt - prints the last line of the file
 5. sed -n '1,3!p' grep1.txt - prints ALL but lines 1-3
 6. sed -n '/linux/p' grep1.txt
 7. sed -e '/^$/d' grep1.txt  -deletes blank lines from the document  grep1.txt
 8. sed -e '/^$/d' grep1.txt  > sed1.txt - deletes blank lines from the document  grep1.txt
    and creates 'sed1.txt'
 9. sed -ne 's/search/replace/' sed1.txt
 10 sed -ne 's/linux/unix/' sed1.txt
 11. sed -i.bak -e 's/3/5' sed1.txt - this backs up the original file and creates a new 'sed1.txt'
     with the modifications indicated in the command

Note: Generally, to create new files, use output redirection, instead of allowing sed to write to STDOUT

    
20 - Perl
21 - System Utilites

###User/Group Management###
 
 
###System Utilities###
Features:
  1. Process listing
  2. Free/available memory
  3. Disk utilization
 
 
1. ps - process status/listing  
   a. ps -ef or ps -aux 
 
2. top - combines, ps, uptime, free and updates regurlary
 
3. uptime - returns useful system utilization information:
  a. current time 
  b. uptime - days, hours and minutes
  c. connect users 
  d. load averaged - 1,5,15 minute values
 
 
4. free - returns memory utilization
  a. RAM
  b. SWAP
  free -m for human readable format

5. df -returns disk partition/mount point information
   a. df - returns info. using kilobytes
   b. df -h - returns info. using megabytes/human readabel (
   gigs/teray/etc.)

6. vmstat - reports on: processes, memory, paging, block I/O,traps, CPU activity

   a. vmstat
   b. vmstat -p /dev/hda1 -returns partitions stats for /dev/hda1 (/boot)

7. gnome-system-monitor -GUI, combining most system utilities
8. ls -ltr /proc
  a. cat /proc/cpuinfo

9. kill PID - kills the process with a given PID
10. runlevel - returns runlevel information using 2 fields:
  a.  represents previous runlevel
  b.  represents current runlevel

22 - Users and Groups

Features
  1. The ability to control users and groups

Primary tools:
1. useradd - used to add users and modify group membership
2. system-config-users
see /etc/login.defs
Task:
 1. Create a user named 'student1' using 'useradd'
   a. useradd student1
   b. set password for user 'student1': passwd student1

Default User Accounts DB:  /etc/passwd
student1:x:501:501::/home/student1:/bin/bash
username:shadow_reference:uid:gid:Description(GECOS):$HOME:$SHELL
Note: /etc/passwd is a world-readable file
Note: /etc/shadow now stores passwords in encrypted form
Note: /etc/shadow is NOT world-readable

Fileds in /etc/shadow:
student1:%#%#%#%!&(%&(#)%&)(&*)KLfjLKJKLDSFSD:0:999999:7:::
1. username:
2. encrpted_password:
3. Days_since_Unix_epoch_password_was_changed (01/01/1970)
4. Days before password may be changed
5. Days after which the password MUST be changed
6. Days before password is to expire that user is warned
7. Days after password expires, that account is disabled
8. Days since Unix epoch, that account is disabled
9. Reserved field (currently unused)

 2. Modify user 'student1' to have password expire after 45 days
   a. usermod

Groups:
  1. groupadd - adds new group
  2. groups - lists groups on the system: /etc/group

Task: Create a 'sales' group and add 'linuxcbt' and 'student1' as members
 
 1. groupadd sales
 2. usermod -G sales linuxcbt
 3. usermod -G sales student1

Note: 2 types of groups exist:
  1. Primary  - used by default for a user's permissions
  2. Supplemental - used to determine effecitve permissions

userdel/groupdel are used to delete users and groups, respectively

23 - File Permissions

###File Types - Permissions -Symlinks###
Features:
  1. The ability to restrict/control access to files
Note: 10 bits represent permissions for files (including directioris)

Note: use 'ls -l' to examine permissions or GUI application like 'Nautilus'

-rwxrwxr-x 1 linuxcbt linuxcbt 681 Jan 13 11:31 regextest.pl

1st bit = file type. '-' = file , 'd' =directory

2nd - 4th bits =owner's permissions
r = read =4
w= write = 2
x = execute = 1
- = none =0

5th-7th bits = group owner's permissions
r = read =4
w= write =2
x= execute = 1
- = none =0

8th - 10th bits = everyone(world)
r = read =4
w= write =2
x = execute = 1
- = none =0

Task:
  1. Manipulate file permissions using 'chmod'
    a. chmod -x regextest.pl

rw = 6 or 4+2
rw = 6 or 4+2 for groupowner
r= 4 for everyone else (world)

Octal notation: 6664 for file 'regexetest.pl'

chmod 664 regextest.pl - removes execution for ALL users
chmod 775 regextest.pl - enables execution for ALL users

2. Ensure that 'regextest.pl' is rw by owner and noone else
  a. chmod 600 regextest.pl

Note: File will now be rw by owner(linuxcbt) and 'root'

 3. Ensure that 'regextest.pl' is r by owner and noone else
   a. chmod 400 regextest.pl && ls -l regextest.pl

Note: chmod supports string values, which represent octal values
chmod +/- x file
chmod +/- w file
chmod +/- r file

chmod  u+x file - updates owner's excute permisssions on the file
chmod  o+x file - updates other's excute permisssions on the file
chmod  g+x file - updates group's excute permisssions on the file
chmod  a+rwx file = chomod 777- updates all's excute write and read permisssions on the file

chown - permits changing of ownership of files
  a. chown root regextest.pl - changes ownership to 'root'
  b. chown linuxcbt:sales regextest.pl - changes owner and group to 'linuxcbt:sales'

Task:
 Update 'regextest.pl' so that owner and group owner may modify the file
   a. chmod 660 regextest.pl

SETUID:
  Features:
    1. ability to execute file as owner
 
chmod 4760 regextest.pl - this will ensure that the perl script always excutes as the user 'linuxcbt'
-rwsrw---- 1 linuxcbt sales ........

's' in the execute position means that the program will execute as that user

SETGID:
  Features:
    1. Ability to enforce permissions to a directory structure

mkdir /sales
chmod 2755  /sales

Creates a file in the '/sales' directory as 'linuxcbt'
seq 1000000 > linuxcbt.1million.txt

chgrp:
  Permits updating of group permissions
 
Sticky Bit:
  Features:
  1. Ability to ensure that users cannot delete others' files in a directory
   /tmp - users cannot delete other user's files in '/tmp'

chmod 3777 /sales - ensures that /sales will not lose files from incorrect users.

24 - Symlinks and Quotas
25 - File Systems
26 - Swap Space
27 - Logical Volume Management 1
28 - Logical Volume Management 2
29 - RAID
30 - RPM Package Management

###RPM###
Features:
 1. Provides package management
  a. Query
  b. Install
  c. Uninstall
  d. Upgrade
  e. Verify
2. Auto-veryfies packages using GPG, MD5, SHA1SUMs
3. Automatically reports on unresolved dependency
 
Query:
  1. rpm -qa -dumps all installed ppackages
  2. rpm -qa | wc -l -dumps all installed packages and provides a count
  3. rpm -qa | grep -i nano
  4. rpm -qi nano -dumps info. about the 'nano' package
  5. rpm -qf /usr/bin/nano - dumps package membership info. for the 'nano' file.
  6. rpm -qpi http://192.168.75.100/RH5/i386/Server/dhcp-*.* -dumps info. about  the uninstalled 'dhcp'packages,which resides on the repository

Verify:
  1. rpm -Va -verifies ALL packages on the system, returning info. only if there are discrepancies from the original installation
  2. rpm -Vf /usr/bin/nano

Task: change 'usr/bin/nano' then verify 
SM5......T /usr/bin/nano
S(file size), M(mode or permissions), 5(MD5), T(mod time)
 
  3.rpm -Vp nano

Install:
  1. rpm -ivh *.rpm
  2. rpm -ivh http://192.168.75.100/RH5/i386/Server/dhcp-3.0.5.7.el5.i386.rpm

Upgrade(Installs or overwrites existing package):
 1. rpm -Uvh *.rpm
 2. rpm -Uvh http://192.168.75.100/RH5/i386/Server/dhcp-3.0.5.7.el5.i386.rpm

Note: Will NOT install the package, if it doesn't exist locally

  1.rpm -Fvh *.rpm - frenshens the current verision of a package

Removal:
 1. rpm -ev *.rpm -removes a package
Note :removal process considers dependencies and will complain if the removal will break 1 or more packages.To get around this, use '--nodeps' option with 'rpm -evh --nodeps *.rpm'
  2. rpm -ev gftp

Package Management GUI:
  1. Add/Removal Software
  2. system-config-packages
 
31 - YUM Package Management

###YUM Configuration###
  Features:
  1. The ability to centralize packages (updates)
Installation & Setup:
 (on server):
 1. Install 'createrepo*rpm'
 2. Setup directory structure
    a.make a directory '/srv/www/linuxcbt.com/RH5/yum'
      and put your rpms in the directory

 3. run 'createrepo /srv/www/linuxcbt.com/RH5/yum'

 4. Publish the yum repository using HTTP
 (on client):
 5. Configure yum client to use HTTP to fetch the RPMs
   a. /etc/yum.conf
    a1. ###included as our first repository on the SUSE box###

[0001]
name=linuxcbtsuse1
baseurl=http://192.168.75.100/RH5/yum

Note: Ensure that about 3GBs are available for the yum repository

tar -cjvf yum_metadata.bz2 repodata/

Yum Usage:
  1. Search for packages
  a. 'yum search gftp'

  2. Install packages -Requires RedHat GPG Key for RPMs
  rpm --import http://192.168.75.100/RH5/i386/RPM-GPG-KEY-redhat-release
     a. 'yum install gftp'
     b. 'yum -y install gftp dhcp' install 2 packages

  3. Remove Package

    a. 'yum -y remove gftp'

32 - Cron

###Cron - Scheduler###
 Features:
   1. Scheduler
   2. Rules are based on times:
     a. minute (0-59)
     b. hour (0-23)
     c. day rof the month (1-31)
     d. month (1-12)
     e. day of the week (Sun, Mon, Tue, etc. OR 0-7)
     f. command to execute (shell, perl, php, etc)
   3. Wakes up every minute in search of programs to execute
   4. Reads cron entries from multiple files
   5. Maintains per-user and system-wide (/etc/crontab schedules)  

/etc:
cron.d
cron.daily  - runs jobs daily
cron.deny  - denies cron execution by user
cron.hourly - runs jobs hourly
cron.monthly - runs jobs monthly
cron.weekly  - runs jobs weekly
crontab - contains system-wide schedules

Note: '*' wildcard in a time column means to run for all values.

Per-user Crontabs:
Stored in: /var/spool/crontabs

Task:
   1. Create a cron entry for the user 'student1'
      a. su student1
      b. crontab -e
      defaultly under vi, other editor whe can export EDITOR=nano
      c. create an entry, minus the name of the user             
  for example:
      1 * * * * /home/stephen/load_averages.sh

Note: "crontab -l"  - enumerates per-user cron entries

System-wide Crontab
Stored in:/etc/crontab

Task:
   1. Create a cron entry in: /etc/crontab
Note: 'crontab -l -u username' -  enumerates specify-user cron entries
ls -ltr /var/spool/cron -check the cron task

33 - Syslog
34 - Logrotate
35 - Common Network Tools

###Common Network Utilities###
 Features: 
   1. Useful for basic troubleshooteing


PING:
  Features:
   a. ability to communciate with hosts using ICMP
   b. Ping expectsd to receive ICMP echo-replies

Task: PING some hosts and evaluate the output
    1. ping localhost (127.0.0.1)
    2. ping -c 3 localhost - sends 3 ICMP echo-requests
    3. ping -c 3 192.168.75.199
    4. ping -c 3 -i 3 192.168.75.199 - delays PINGs to 3 seconds apart

Note: PING defaluts to standard 1-second interval

TELNET:
   Features:
     1. Great for basic TCP port diagnosis
Task:
1. Connect to ports on various hosts
    a. telnet 192.168.75.100 22
    b. telnet www.linuxcbt.com 80

NETSTAT:
  Features:
    1. Provides network connection information from /proc/net/*

Task:
   1. Return useful information for various protocols
     a. netstat
     b. netstat -a - returns all protocols/sockets
     c. netstat -ntlp - returns all TCP LISTENNERS without name resolution
     d. netstat -nulp - returns all UDP LISTENNERS without name
Note: netstats uses /etc/services to translate ports to names
Note: 0.0.0.0:514 - this means that Syslog will accept traffice to any of the defined IP addresses/interfaces on the system

     e. netstat -ntp - returns estatblished connections (sockets)

ARP:
  Features
    1. Resolves layer-2 (OSI model) MAC addresses to Layer-3 IP addresses

Task:
  1. Examine MAC addresses using: ifconfig and arp
    a. ifconfig - returns our local MAC addresses
    b. arp -a - returns MAC to IP mappings

Note: When 2 TCP/IP hosts communicate, ARP is performed to translate the IP address (v6/v4) to a MAC address.

Note: If a one or more routers separate the communicating host, the the MAC address of the default router's (gateway's) interface is stored by each client.


36 - Network Config

++IPv4 Configuaration & Network Settings###
 
Network Support:
  1. Boot system into a multi-user mode 
  2. /etc/modprobe.conf - contains alias and reference to module(s) to be loaded in order to provide networking
  3. Linux decides if the interface is DHCP or static by viewing the contents of :
     a. /etc/sysconfig/network - networking=yes|no, IPv6_Support, Default Gateway, etc.
     b. /etc/sysconfig/network-scripts/ifcfg-eth0 - contains ifup, ifdown, and ifcfg-*scripts
     c. /etc/init.d/network - main service
 
service network status - checks networking
 
system-config-network-* - network interface configuration
 
Note: Either update your net configuration manually from the shell, or using the 'system-config-network*' tools to avoid losing settings.
 
/etc/resolv.conf - DNS configuration file
/etc/hosts - static list of hosts
 
IPv4 Aliases: 
  1. ifconfig eth0:1 192.168.75.11 
  2. ifconfig eth0:2 10.168.76.11
 
Note: To ensure that aliases persist do the following:
  1. cp /etc/sysconfig/network-scripts/ifcfg-eth0 ./ifcfg-eth0:1
  2. Modify ifcfg-eth0:1 to reflect aliased IP
 
Note: Aliases do NOT work with DHCP interfaces
 
ifconfig eth0:2 del 10.168.76.11 - removes the virtual interfaces
IPv6 Config:
  Features:
    1. Auto-configured by defalut gateway (router)
    2. fe80:: -link-local address (loopback/local subnet address)
    3. 2002:: - 6to4 address, that can be configured based on IPv4 embedded address, using HEX notation
 
ping6 -I eth0 fe80::
traceroute6 - used to trace routes on IPv6 networks
 
37 - Kernel Upgrade
38 - NTSysv and Chkconfig
39 - NTP
40 - TFTPD

 ### Trivial File Transfer Protocol Daemon (TFTPD)###
Features:
  1. Fast, connectionless(UDP), file transfers
  2. Often used to move files to and fro networked systems(VOIP Phones, PXE configurations, Router/Firewall/Switch configurations, etc.)

Note: Implements as 2 components:
  a. Client - tftp-*.rpm
  b. Server - tftp-server*

Tasks:
  1. Install TFTP client
     a. yum -y install tftp
  2. Install TFTP server
     a. yum -y install tftp-server

Note: this also install 'xinetd' dependency

 3. Configure and start 'tftp' via 'xinetd'
   a. /etc/xinetd.d/tftp - modify this file prior to starting 'TFTPD'
   server_args             = -s /var/lib/tftpboot  -specify the default directory that tftp use

   b. service xinetd start - to start XINETD
Note: TFTPD listens to UPD:69, by default
Note: use 'netstat -nulp | grep 69' to check if xinetd is started

 4. Copy Cisco Router configuration to TFTP server
    a. copy running-config tftp://192.168.75.199
    b. setsebool -P  tftpd_disable_trans=1 - disables SELinux for TFTPD
      check the file  /etc/sysconfig/selinux
    c. 'service xinetd restart' - restart XINETD
    d. 'chmod 666 linuxcbtrouter1.config' - to permit TFTPD to write

 5. Use 'tftp' client to download 'linuxcbtrouter1.config' file
   a. tftp 192.168.75.199 -c get linuxcbtrouter1.config
   b. tftp - enters interactive mode

Note: tftp client operates in both non-interactive and interactive modes

41- VSFTPD

### Very Secure File Transfer Protocol Daemon (VSFTPD)###
Features:
 1. FTPD
 2. Chroot jail
 3. anonymous and local-user auth

Task:
 1. Install 'vsftpd'
   a. yum -y install vsftpd

 2. Start the server
    a. service vsftpd start
    b. netstat -ntlp | grep 21
 
 3. Configure service to start when system boots into multi-user runlevel
    a. chkconfig vsftpd on
    b. chkconfig --list vsftpd

 4.  Connect to the FTPD service:
    a. Use web browser , which defaults to anonymous
    b. Use standard FTP client, as anonymous
    c. setsebool -P ftp_home_dir 1 -permits users access to their home directory
    d. service vsftpd restart - for changes to take effect

 5. Chroot jail local users & disable'anonymous' users
     a. chroot_local_user=YES - this jails users,edit the /etc/vsftpd/vsftpd.conf
     b. service vsftpd restart -  for changes to take effect
     c. test connectiveity as 'anonymous' and 'non-anonymous' users


 6. Enable IPv6 listener:
  a. listen_ipv6=YES - DO NOT USE WITH 'listen=YES(IPv4)'

 7. Restrict 'non-anonymous' user's transfer rate
    a. local_max_rate=1000 - restricts connections to 1000/bps (1K/s)

42 - LFTP
43 - TelnetD
44 - DHCPD
45 - BIND Caching Only
46 - BIND Master and Slave
47 - BIND Reverse and IPv6
48 - NFS
49 - AutoFS
51 - Samba Config
52 - Samba Winbind
53 - Apache Server
54 - Apache Basics
55 - Apache Virtual Hosts
56 - Apache SSL
57 - MySQL Intro

###MySQL###
  Features:
     1. DBMS Engine
      2. Compabtible with various front-ends:
        a. Perl
        b. PHP
        c. ODBC
        d. GUI Management

Tasks:
   1. Install MySQL Client & Server
     a.  yum -y install mysql

/etc/my.cnf - primary config file
/usr/bin/mysql -primary client used to
/usr/bin/mysqladmin - primary admin ultity to return useful info, and perform admin tasks from the shell

     b. yum -y install mysql-server

/usr/libexec/mysqld - DBMS engine

 2. Start Mysql server and modify perms for 'root'
    a. service mysqld start
    b. chkconfig --level 35 mysqld on
    c. mysqladmin -u root password abc123\

 3. Install 'mysql' client on a remote system
   a. yum -y install mysql
   b. mysql -u root -p

Note: mysql command-line options ALWAYS override global (/etc/my.cnf), and or local (~/.my.cnf) configuration derectives


Note: MySQL Users consist of the following:
   a. username 'root'
   b. host i.e. 'localhost'

A sample username is : 'root@localhost'

  4. Secure 'anonymous' account
    a. DELETE FROM mysql.user WHERE user = '';
    b. flush privileges;
  
  5. Create Database 'addressbook'

create database AddressBook;
use AddressBook;
create table contacts (`first_name` char(20), 'last_name' char(20),
`bus_phone1` char(20), `email` char(30) PRIMARY KEY (`email`));

   6. Insert Data into 'contacts' table using INSERT

INSERT INTO contacts (first_name, last_name, bus_phone1, email) Va VALUES ('Kay', 'Mohammed', '4234', 'kay@LinuxCBT.com')

    7. Delete record from 'content' table
 DELETE FROM contacts WHERE email = 'kay1@LinuxCBT.com';

    8. Update a record in the 'contacts' table
UPDATE contacts SET email='kay2@LinuxCBT.com' WHERE first_name='Kay';

   
58 - Postfix Intro
59 - Dovecot Intro
60 - Squirrel Mail WebMail
61 - Squid Proxy
62 - SELinux Intro
63 - GPG Intro
64 - SSH Intro
65 - IPTables4 Intro
66 - IPTables6 Intro
67 - NMap Intro
68 - Nessus Intro
69 - Snort Sniffer and Logger
70 - Snort NIDS
71 - Egress

转载于:https://www.cnblogs.com/babykick/archive/2011/06/17/2083630.html