Linux Guide For You……: July 2010

Saturday, July 10, 2010

Live DNS Setup

########## LIVE DNS SETUP WITH WEB SERVER ###############

1)hostname configuretion file.

#vim /etc/sysconfig/network

2)To assign hostname temp.

#hostname server1.example.com

3)To install packages.

#rpm -ivh bind* --force --aid

#rpm -ivh caching-nameserver-9.3.3-7.el5.i386.rpm

4)DNS configuretion file

#vim /var/named/chroot/etc/named.conf

options {

directory "/var/named";

};

zone "example.com" IN {

type master;

file "example.for";

};

zone "0.168.192.in-addr.arpa" IN {

type master;

file "example.rev";

};

5)Go into this path.

#cd /var/named/chroot/var/named/

6)Copy the file

#cp localhost.zone example.for

7)Copy the file

#cp named.local example.rev

8)To change the owenership.

#chown named.named example*

9)To configure the file(.for)

#vim example.for

$TTL 86400

@ IN SOA server1.example.com. root (

                                                        42 ; serial (d. adams)

                                                          3H ; refresh

                                                          15M ; retry

                                                          1W ; expiry

                                                          1D ) ; minimum

IN      NS      server1.example.com.

server1    IN   A   192.168.0.1

server2    IN   A 192.168.0.2

server3    IN    A   192.168.0.3 --------> (windows machine)

www        IN   CNAME server1

10)To configure the file(.rev)

#vim example.rev

$TTL 86400

@ IN SOA server1.example.com.                              root.server1.example.com. (

                                                                                   1997022700 ; Serial

                                                                                   28800 ; Refresh

                                                                                   14400 ; Retry

                                                                                   3600000 ; Expire

                                                                                   86400 ) ; Minimum

IN     NS    server1.example.com.

1       IN     PTR     server1.example.com.

2       IN      PTR     server2.example.com.

11)To configure the file.

#vim /etc/resolv.conf

nameserver 192.168.0.6

12)To restart the srvice.

#service named restart

13)To check.

#host server1.example.com

server1.example.com has address 192.168.0.6

14)To check.

#host 192.168.0.2

2.0.168.192.in-addr.arpa domain name pointer server2.example.com.

15)client side.

#dig (server name)

#dig -x (ip)

############### WEB SERVER CONFIGURETION ####################

1)Matchine name.

#hostname server1.example.com

#vim /etc/sysconfig/network

HOSTNAME= server1.example.com

2)Matchine IP.

192.168.0.1

3)To install package.

#rpm -ivh httpd* --force

4)Open configuretion file.

#vim /etc/httpd/conf/httpd.conf

LINE NO-250

ServerAdmin root@server1.example.com

LINE NO-264

ServerName www.example.com:80

LINE NO-280

DocumentRoot "/var/www/html"

LINE NO-305

LINE NO-390

DirectoryIndex index.html index.html.var

5)To create a html file.

#vim /var/www/html/index.html

6)To restart the service.

#service httpd restart

7)To open the file.

# vim /etc/hosts

192.168.0.253 www.example.com

8)To check the page.

open the firefox & check.

###############################################################

From windows client machine.

Machine Name --> server3

My network place --> Property --> Tcp/IP --> Property --> DNS 192.168.0.2

##################### END #####################################

Laxman Dattaram Kadam.
Ph No.9967413230
Email:- vikasjk3@gmail.com

NFS Server Configuretion

################### NFS ###################################

Requirements
• Packages
portmap-4.0-63.i386.rpm
nfs-utils-1.0.6-46.i386.rpm
• Port Numbers
2049       Nfsd
111        Portmap
• Configuration File
/etc/exports
• Service
portmap
nfs
• Daemons
nfsd
mountd
statd
lockd

1)To install packages.
#rpm -ivh portmap-4.0-63.i386.rpm
#rpm -ivh nfs-utils-lib-devel-1.0.8.i386.rpm

2)to create directory.
# mkdir /share

3)to export directory.
#vim /etc/exports
/share *(rw,sync)    -- sync --> syncronisation.
or
/share 10.0.0.0/255.0.0.0(ro,sync)
or
/share 10.0.0.0/255.0.0.0(ro,async)

4)to restart the services.
#service portmap restart
#service nfs restart

5)To check nfs server.
#showmount -e
#showmount -e 10.0.0.1

#####################################################################

Configuring Client

1)Create Mount point on client
#mkdir /nfs

2)Mount remote shared filesystem on local mount point
#mount 10.0.0.1:/share /nfs
#cd /nfs

###################### Advanced Practical #############################

*To share the nfs server for different networks.

1)To assigne the virtual IP.
2)export the directory & assigne the permitions.
3)restart the service.
4)Try to connect from client side.

*To assigne the virtual IP.
#netconfig --device eth0:1
10.0.0.2 255.0.0.0

*Restart the service.
#service network restart

*To configure the export file.
#vim /etc/exports

/share 10.0.0.3/8(ro,sync)

/share 10.0.0.0/8(rw,sync)

/reliance 192.168.1.0/24(rw,sync)

*To create the directory.
#mkdir /reliance
#chmod 777 /reliance/

*To restart the service.
# service portmap restart
#service nfs restart

*To check.
#exportfs -rav

############## Client side configuretion.##########################

*To check from clientside.
#showmount -e (server IP)
#showmount -e 10.0.0.2
*To create the directory.
#mkdir /mount

*To mount the export directory by server.
#mount 10.0.0.2:/reliance /mount

*Directory should be mount but that directory is a read-only.

###################### END ###############################
Laxman Dattaram Kadam.

Ph No. 9976413230
Email:- vikasjk3@gmail.com

IPTABLES (Firewall)

###################### IPTABLES ########################

*NATING = network address translation.

*PATING = port address translation.

*What is Routing
ANS :- forwarding the packet from 1 interface to another interface.

Postrouting - After routing change the source ip address.
              To hide the internel network (Dnat).

Prerouting - Before routing change the destination ip address.(Snat)

INPUT Chain - To configure in filter tables.

Targets --> ACCEPT,DROP,REJECT.
            drop - no acknoledgement
            reject - get acknoledgement.

icmp - internet control messege protocol.

#######################################################

1)To Configure the iptables command is.
#iptabls

                            Filter             NAT                           Mangle

                     INPUT          PREROUTING                INPUT

CHAINS:-     OUTPUT        POSTROUTING            OUTPUT

                     FORWARD        OUTPUT                  PREROUTING

                                                                                    POSTROUTING

                                                                                   FORWARD

########################################################

1)To apply the rules.
ACCEPT,DROP,REJECT.

-L --> To listening
-A --> To append
-p --> Protocol
-j --> To jump
-F --> To flush

2)To check whether the rule is applied or not.
#iptables -L

3)To remove the previous rules.
#iptables -F

4)To remove the rule.
#iptables -D

5)To insert a rule.
#iptables -I

6)To install the rules.

1)(ping)input traficc block.
#iptables -A INPUT -p icmp -j DROP/reject

2)To block perticuler matchine.
#iptables -A INPUT -p icmp -s 10.0.0.1 -j DROP/reject

3)To allow 1 matchine & block other all traffic.
#iptables -A INPUT -p icmp -s ! 10.0.0.1 -j DROP/reject

4)To block http service.
#iptables -A INPUT -p tcp --dport 80 -j DROP/reject

7)To set the iptables rules Permanent.
first set the rules.
#service iptables save

8)To delet the set rules.
#rm /etc/sysconfig/iptables

9)To remove a rule from the chain.
#iptables -D INPUT 1 -t filter

################### END #########################

Laxman Dattaram Kadam.
Ph No. 9976413230
Email:- vikasjk3@gmail.com

Thursday, July 8, 2010

RHCE Example Question Bank

############## Question & Answer Bank ################################

(1)Question 1.

Scenario : You need to setup groups for different departments in your company.

You also need to set up user accounts for the employees in thoes departments.

A server with users with joshua and alex in the sales group; dax and

bryan in the hr group; zak and ed in the web group, and manager in the sales

hr, and web groups.

Instructions: 1. Assigns Gid 700 - sales , 800 - web , hr - 999.

2. Assign uid 888 - alex, dax - 900.

#####################################################################

(1)ANS:- 1

1)create users & set the user id.

2)create groups & set the group id.

3)Add user in to the perticular group.

1)useradd -u 888 alex

2)passwd alex

3)useradd -u 900 dax

4)passwd dax

5)useradd joshua

6)passwd joshua

7)useradd bryan

8)passwd bryan

9)useradd zak

10) passwd zak

11)useradd ed

12)passwd ed

13)useradd manager

14)passwd manager

15)groupadd -g 700 sales

16)groupadd -g 800 web

17)groupadd -g 999 hr

18)gpasswd -M joshua,alex,manager sales

19)gpasswd -M dax,bryan,manager hr

20)gpasswd -M zak,ed,manager web

21)tail /etc/group

############## Question & Answer Bank ################################

Question 2.

Scenario : For each group you have created in above scenario also needs a shareddirectory by their names under /depts directory. This will allow users in each

department to share the files, but will prevent users in other department from altering, or even seeing thoes files.

A share directory for each department that allows only users in that

department to enter it or create, view and alter files within.

#####################################################################

(2)ANS:- 2

1)To create directory.

2)To change the group owenership.

3)To give the write permition for the group.

4)To assign the sticky bit.

5)Login by the user & check the permitions.

1)mkdir /depts

2)cd /depts/

3)mkdir sales

4)mkdir hr

5)mkdir web

6)chown -g sales /depts/sales/

7)chown sales /depts/web/

8)chgrp hr /depts/hr

9)chmod s+w sales

10)chmod s+w web

11)chmod s+w hr

12)chmod o+t /depts/

############## Question & Answer Bank ################################

Question 3.

Scenario : Some data needs to be accessible to several groups. Use ACLs to

accoplish this. Directories accessible by several groups and users.

Create directory in /opt called tech. Change the permissions such that

root is owner and hr is the group. Use ACLs to give full permissions for /opt/tech/ to the web group. Allow alex read/execute( but not write) permission on the

/opt/tech directory. Set a default ACL of read/write for alex on that directory.

Create some files in /opt/tech/ as several of the users and verify access. Does

alex or Joshua have access to files ? Does Managers ?

#######################################################################

(3)ANS:- 3

1)To create directory under /opt.

2)To create a partition & mount with acl.

3)To change group owenership.

4)To give the permition.

5)To login by users & check it.

1)mkdir /opt/tech

2)chmod 777 /opt/tech

3)cd /opt/tech

3)touch 11 22 33 44

4)fdisk /dev/sda9

5)partprobe /dev/sda

6)mount -o acl /dev/sda9 /opt/tech

7)chgrp hr /opt/tech

8)setfacl -m u:alex:rx /opt/tech

9)setfacl -m g:web:rwx /opt/tech

10)setfacl -m u:manager:rwx /opt/tech

11)getfacl /opt/tech/

############## Question & Answer Bank ################################

Question 4.

Scenario : You'll add a new swap partition using the fdisk utility of 100mb.

Remember to make the partition work with the appropriate file type, and then

format and activate it. Make sure it's properly included in /etc/fstab so this

partition is used the next time you boot Linux.

######################################################################

(4)ANS:- 4

1)To create partition.

2)To update the kernel.

3)To format the partition with swap file system.

4)To enable the swap.

1)fdisk /dev/sda

2)partprobe /dev/sda

3)mkswap /dev/sda10

4)swapon /dev/sda10

5)free

6)vim /etc/fstab

/dev/sda10 swap swap defaoult 0 0

7)mount -a

8)reboot

9)swapon -s --- To check.

############## Question & Answer Bank ################################

Question 5.

Scenario : Create a new partition using fdisk tool, format it, transfer the

files currently on your /data directory to that partition, and revise

/etc/fstab so the new partition is properly mounted the next time you boot Linux.

#####################################################################

(5)ANS:- 5

1)To cretae the partition.

2)update the kernel

3)Format the partition.

4)Create the directory.

5)write the entry in fstab file.

1)fdisk /dev/sda

2)partprobe /dev/sda

3)fdisk -l

4)mkfs.ext3 /dev/sda12

5)mkdir /data

6) chmod 777 /data/

7)vim /etc/fstab

/dev/sda12 /data ext3 defoults 0 0

8)reboot

9)mount --- to check.

############## Question & Answer Bank ################################

################## END #########################

By Laxman D. Kadam
Ph. No. 9967413230
email:-vikasjk3@gmail.com

Thursday, July 1, 2010

SUDO Configuretion

############# SUDO Configuretion ################

With sudo we can give the root privilege to the normal users.
With sudo a normal users can access the some commands as like a root.

To open the Configuretion file.

#vim /etc/sudoers

Line No - 84

## Same thing without a password
%wheel ALL=(ALL)       NOPASSWD: ALL
suresh ALL=(ALL)       NOPASSWD: ALL
sudo    ALL=(ALL)       NOPASSWD: ALL
rajesh ALL=(ALL)       NOPASSWD: ALL

Line No - 91

%users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom, /sbin/lspci, /usr/sbin/neat

To check.(Example)
#su (user name)
#su rajesh
We get above shell
[rajesh@server1 root]$

[rajesh@server1 root]$cd
[rajesh@server1 ~]$sudo neat

To check.
[root@server1 ~]# sudo -l
User root may run the following commands on this host:
    (ALL) ALL
    (ALL) NOPASSWD: ALL

[rajesh@server1 ~]$ sudo tail /var/log/messages

############### END ################

By Laxman D. Kadam

Ph. No. 9967413230

email:-vikasjk3@gmail.com

Linux Guide For You……

My Blog List