Tuesday, August 19, 2014

Up and Running with BASH Script 1

#!/bin/bash - shebang at the beginning of the script that will mean that script is bash compatible.

# - Comment, bash will not execute anything after # sign.

www.shellcheck.net - is very useful tool to verify your scripts.

echo - prints output and very useful tool to enter texts into the text files. Definitely, mostly used command in the script

true - means success and in Linux mostly defined as number '0'.

false - means fail and in Linux mostly defined as number '1'

I have little example script below to demonstrate some basics in real time.

function - function can define any function you would like to use in the script just like a variable. Format is: function [name of the function] { comment or command }

read - is a command that takes input from the user and transforms into a variable

[root@localhost ~]# cat check.sh
#!/bin/bash
# Author: Bek Azimov
# Created: 8/19/2014

function usage {
echo "ERROR: $abc is already in the system, where is rest of the script????????????? "
}
echo -n "Please, enter the service name: "
read abc
date >> check.log
rpm -qi $abc >> check.log
echo "<<<<<<<<<< line break  >>>>>>>>>>" >> check.log

if [ $? -eq 1 ]

        then yum install $abc -y
        else echo "Service is already installed!" && usage
fi

exit 1
- - - - - - - - - - - - - - - -- - - - - - - - -- - - - - - -- - - - - - - - -- - - - - - - - - -- -- - -



Saturday, August 2, 2014

Creating swap Method 2

Method 2: Use a File for Additional Swap Space
If you don’t have any additional disks, you can create a file somewhere on your filesystem, and use that file for swap space.

The following dd command example creates a swap file with the name “myswapfile” under /root directory with a size of 1024MB (1GB).

# dd if=/dev/zero of=/root/myswapfile bs=1M count=1024
1024+0 records in
1024+0 records out

# ls -l /root/myswapfile
-rw-r--r--    1 root     root     1073741824 Aug 14 23:47 /root/myswapfile
Change the permission of the swap file so that only root can access it.

# chmod 600 /root/myswapfile
Make this file as a swap file using mkswap command.

# mkswap /root/myswapfile
Setting up swapspace version 1, size = 1073737 kB
Enable the newly created swapfile.

# swapon /root/myswapfile
To make this swap file available as a swap area even after the reboot, add the following line to the /etc/fstab file.

# cat /etc/fstab
/root/myswapfile               swap                    swap    defaults

Creating swap Method 2

Method 2: Use a File for Additional Swap Space
If you don’t have any additional disks, you can create a file somewhere on your filesystem, and use that file for swap space.

The following dd command example creates a swap file with the name “myswapfile” under /root directory with a size of 1024MB (1GB).

# dd if=/dev/zero of=/root/myswapfile bs=1M count=1024
1024+0 records in
1024+0 records out

# ls -l /root/myswapfile
-rw-r--r--    1 root     root     1073741824 Aug 14 23:47 /root/myswapfile
Change the permission of the swap file so that only root can access it.

# chmod 600 /root/myswapfile
Make this file as a swap file using mkswap command.

# mkswap /root/myswapfile
Setting up swapspace version 1, size = 1073737 kB
Enable the newly created swapfile.

# swapon /root/myswapfile
To make this swap file available as a swap area even after the reboot, add the following line to the /etc/fstab file.

# cat /etc/fstab
/root/myswapfile               swap                    swap    defaults

Saturday, May 31, 2014

FTP Server

Package name for the FTP server in Linux is vsftpd - Very Secure FTP

# yum install vsftpd -y
#chkconfig vsftpd on
#/etc/init.d/vsftpd start

Open firewall TCP ports of 20 and 21.
Add the following modules to the /etc/sysconfig/iptables-config file
# IPTABLES_MODULES="nf_conntrack_ftp nf_nat_ftp"

By default vsftpd allows anonymous access and download files. Once, you get into the ftp server with #lftp ftp.server.name you can use regular bash commands.
Download and upload files with:
lftp> put somefile.txt  - to upload
lftp> get somefile.txt  - to download

# Public default directory is - /var/ftp/pub

Configuration file is located below location. Configuration file has many useful options to manage FTP server.
#vim /etc/vsftpd/vsftpd.conf

Selinux booleans can be found below, turn on any boolean according to your configuration.

#getsebool -a |grep ftp
or
#semanage boolean -l |grep ftp

Turn on booleans
# setsebool -P allow_ftpd_anon_write on
# setsebool -P allow_ftpd_anon_write off


Monday, May 26, 2014

RHCSA Objectives ANSWERS

Understand and use essential tools
·         Access a shell prompt and issue commands with correct syntax.
A: Applications -> system tools -> terminal
·         Use input-output redirection (>, >>, |, 2>, etc.).
A: 1 > stdout 2> stnderr > filename < stdin (both stdoutAndstderr >filename 2>&1
·         Use grep and regular expressions to analyze text.
A: grep word filename, grep -v (do not). grep -v ^# filename
·         Access remote systems using ssh and VNC.
A: ssh root@iptaddress; yum install tigervnc-server(server) (client - tigervnc) 
·         Log in and switch users in multiuser runlevels.
·         A: su - username (su -)
·         Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2.
A: tar –czvf newtar.tar.gz originfile (j – bz2), untar = tar –x(j)zvf newtar.tar.gz, star –c f=newname.star filename, sar –xattr f=backup.star sat.doc
·         Create and edit text files.
A: vim, touch, cat-read, ls –la, less
·         Create, delete, copy, and move files and directories.
A: touch, rm (-rf), cp (-rp), mv
·         Create hard and soft links.
A: ln –s /fullpath source/ fulpath ; ln sourcefile filename
·         List, set, and change standard ugo/rwx permissions.
A: ls –l, ll, chmod, r = 4, w=2, x=1
·         Locate, read, and use system documentation including man, info, and files in /usr/share/doc.
A: rpm –qd service, locate, find, grep less
Note: Red Hat may use applications during the exam that are not included in Red Hat Enterprise Linux for the purpose of evaluating candidate's abilities to meet this objective.
Operate running systems
·         Boot, reboot, and shut down a system normally.
A: init 0, init 6, shutdown –r now, shutdown –h now (+10), reboot
·         Boot systems into different runlevels manually.
A: init 1,2,3, telinit 1,2,3
·         Use single-user mode to gain access to a system.
A: space bar, grub menu edit, kernel append 1 (passwd)
·         Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes.
A: top, ps, pstree, ps –ef, top –p pidnumber, sar –A, lsof –c; nice –n –p, renice, inside top (r option) to renice, kill -9(-15) pidnumber, killall name, pkill -9 (-15) or no number; ps –aux | grep –w Z (zombie process)
·         Locate and interpret system log files.
A: less, more, tail (-f),  dmesg, sealert –a /var/log/audit/audit.log
·         Access a virtual machine's console.
A: Applications->system tools->virt-manager, virt-view domain
·         Start and stop virtual machines.
A: virsh shutdown (destroy) domain, virsh start domain, virsh list –all,
·         Start, stop, and check the status of network services.
A: /etc/init.d/network status (stop, start, restart)
Configure local storage
·         List, create, delete, and set partition type for primary, extended, and logical partitions.
A: fdisk –l, n, d, p, e: pvs, vgs,lvs, lvdisplay, pvcreate(vg,lv) lvremove
·         Create and remove physical volumes, assign physical volumes to volume groups, and create and delete logical Volumes.
A: pvcreate, vgcreate, vgremove, pvremove
·         Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot.
A: crypsetup –y –v luksFormat /dev/mapper/balo1
·         Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label.
# blkid
·         Add new partitions and logical volumes, and swap to a system non-destructively.
A: pvcreate,vgextend, lvresize –r, mkswap –L Labelname, swapon Labelname
Create and configure file systems
·         Create, mount, unmount, and use ext2, ext3, and ext4 file systems.
·         Mount, unmount, and use LUKS-encrypted file systems.
·         Mount and unmount CIFS and NFS network file systems.
A: mount –t cifs //serverip/shareolder /mnt
·         Configure systems to mount ext4, LUKS-encrypted, and network file systems automatically.
·         Extend existing unencrypted ext4-formatted logical volumes.
·         Create and configure set-GID directories for collaboration.
A: chmod 2070 /home/group
·         Create and manage Access Control Lists (ACLs).
A: add acl by defaults in /etc/fstab, setfacl –m u:user:rwx /file (-x remove, -b remove all the acl)
·         Diagnose and correct file permission problems.
A: ls –l, lsattr, chattr +
Deploy, configure, and maintain systems
·         Configure networking and hostname resolution statically or dynamically.
A: /etc/sysconfig/network-scripts/ifcfg-eth0
·         Schedule tasks using cron.
A: crontab –e, crontab –l
·         Configure systems to boot into a specific runlevel automatically.
A: /etc/inittab
·         Install Red Hat Enterprise Linux automatically using Kickstart.
A: system-config-kickstart; -x ks=, linux ks=http:file
·         Configure a physical machine to host virtual guests.
A: yum groupinstall “Virtualization”; yum groupinstall “Virtualization Platform”; yum groupinstall “Virtualization Client”
·         Install Red Hat Enterprise Linux systems as virtual guests.
A: virt-install, or Applications->System Tools-> Virt-manager->create new
·         Configure systems to launch virtual machines at boot.
A: virsh autostart domainname
·         Configure network services to start automatically at boot.
A: ifcfg-eth0 -> ONBOOT=yes
·         Configure a system to run a default configuration HTTP server.
A: yum groupinstall “Web Server” –y; service httpd start, chkconfig httpd on, open port80.
·         Configure a system to run a default configuration FTP server.
A: yum install vsftpd –y; service vsftpd start, chkconfig vsftpd on, open port 20 and 21
·         Configure a system to use time services.
A: yum install ntp –y, vim /etc/ntp.conf
·         Install and update software packages from Red Hat Network, a remote repository, or from the local file system.
A: vim /etc/yum.repos.d/file.repo, [name],name=, baseurl=http://server/model/os/$basearch; yum clean all, yum repolist all, yum install –disablerepo package
·         Update the kernel package appropriately to ensure a bootable system.
A: yum install kernel
·         Modify the system bootloader.
A: vim /boot/grub/grub.conf
Manage users and groups
·         Create, delete, and modify local user accounts.
A: useradd, userdel (-r), usermod, usermod –aG team user
·         Change passwords and adjust password aging for local user accounts.
A: passwd; chage –E mm/dd/yyyy user; chage –l user
·         Create, delete, and modify local groups and group memberships.
A: groupadd, groupmod, groupdel,
·         Configure a system to use an existing LDAP directory service for user and group information.
A: GUI mode -> Adminstration
Manage security
·         Configure firewall settings using system-config-firewall or iptables.
A: system-config-firewall
·         Set enforcing and permissive modes for SELinux.
A: setenforce 1 or 0 or /etc/selinux/config
·         List and identify SELinux file and process context.
A: ls –Z or for dir – ls –Zd, ps –eZ |grep processname
·         Restore default file contexts.
A: restorecon -R
·         Use boolean settings to modify system SELinux settings.
A: semanage boolean –l, setsebool –P boolean on/off
·         Diagnose and address routine SELinux policy violations
A: yum install policycoreutils-gui setroubleshoot, sealert –a /var/log/audit/audit.log


Wednesday, May 21, 2014

NTP Server / Client

NTP SERVER

# yum install ntp -y
# /etc/init.d/ntpd start
# chkconfig ntpd on
-Open the UDP 123 port in your firewal
# iptables -I INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
# service iptables save

Open the configuration file and uncomment where ip restrict is and modify the subnet according to your subnet.
# vim /etc/ntp.conf

{# Hosts on local network are less restricted.}
{#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap}
s/
# Hosts on local network are less restricted.
restrict 192.168.122.0 mask 255.255.255.0 nomodify notrap
:wq

# /etc/init.d/ntpd restart

To verify your server synced with the most accurate time server available after couple minutes. 
# ntpq -p

Output should show in *servername for the synced server

NTP CLIENT

# yum install ntp -y
# /etc/init.d/ntpd start
# chkconfig ntpd on

Comment out all 4 default servers from the OS System and enter your time server in the /etc/ntp.conf file.

# vim /etc/ntp.conf
server 192.168.122.50 iburst
:wq

Check if your NTP client is synced with the NTP server you have provided
# ntpq -p

AutoFS in Linux

AutoFS automounts desired nfs share and other mountpoints automatically, when it is needed.

# yum install autofs
# /etc/init.d/autofs start
# chkconfig autofs on

Open the /etc/auto.master file to make your new entries for the automount. You will have one example in the file as cdrom.

# vim /etc/auto.master

/remote    /etc/auto.remote
:wq

Now create auto.remote file in the /etc/ directory

# vim /etc/auto.remote
nfs        -fstype=nfs,intr         192.168.122.50:/home/share
:wq

# /etc/init.d/autofs restart

# cd /remote/nfs
or
# ls /remote/nfs/

Now you should be able to access to the nfs from automount, if it becomes inactive for about 10 minutes, it will be disconnected automatically until you again access it. 

Tuesday, May 13, 2014

NFS in Linux

Network File System - allows remote hosts to mount file systems over the network. We will be setting up a NFS server and client in this post.

NFS SERVER:
First you will have to install packages
# yum groupinstall "NFS file server"

Open Firewall Ports TCP 2049, TCP 111, UDP 111
# vim /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
:wq

# service iptables restart

Start your services for NFS
# service rpcbind start
# service nfslock start
# service nfs start

Let us make our services persistent to reboot
# chkconfig rpcbind on
# chkconfig nfslock on
# chkconfig nfs on

Now we can create our share directories, if you have one that is even better
# mkdir -p /home/testshare

We will enter desired directory to share in the /etc/exports file
# vim /etc/exports
/home/testshare nfsclient(rw,no_root_squash)
:wq

Export the directory
# exportfs -avr

NFS CLIENT:

Install basic services for nfs client also, in my case I have again groupinstalled all the packages (just lazy)
$ Start the services
$ Make them persistent to reboot

# mount -t nfs 192.168.122.50:/home/testshare /nfsclientdir
# cd /nfsclientdir

Do not forget to enter mount information to the /etc/fstab file to make it persistent to reboot
# vim /etc/fstab
192.168.122.50:/home/testshare   /nfsclientdir      nfs          _netdev       0 0
:wq

* _netdev option is for system not to try to mount the filesystem until nfs service started after boot. (will prevent boot time hanging)

Now you have access to the folder that has been shared, and you will have read and write permissions.

Saturday, May 10, 2014

LVM in Linux - (Logical Volume Management)

Logical Volume Management is widely used technique for deploying logical storage rather than physical.

First check what device blocks do you have with fdisk utility 

In my VM I had /dev/sdb, /dev/sdc, and /dev/sdd empty new blocks to use

You can create partitions with fdisk and make sure to take extra step before -w (write) command to convert the partition to LVM (8e) type. Before writing changes select (t) option and change partition to LVM.

Example disks output of fdisk -l:

Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1        1044     8385898+  8e  Linux LVM

Device Boot      Start         End      Blocks   Id  System
/dev/sdc1               1        1044     8385898+  8e  Linux LVM

Device Boot      Start         End      Blocks   Id  System
/dev/sdd1               1        1044     8385898+  8e  Linux LVM


1) Once, all the partitions are done we start creating physical  volumes.

# pvcreate /dev/sdb1
# pvcreate /dev/sdc1
# pvcreate /dev/sdd1

Check your newly created physical volumes with

# pvs
or
#pvdisplay

2) We now will create a volume group that will consist of physical volumes.

# vgcreate volume_group_new /dev/sdb1 /dev/sdc1 /dev/sdd1

Check your volume group with

#vgs
#vgdisplay

You can extend or remove physical volumes from the volume group

# vgextend volume_group_new /dev/sdb2

# vgreduce volume_group_new /dev/sdb2

To remove volume group itself

# vgremove Volume Group Name

3) After you have created volume group now you can create LVM blocks and allocate size to them

# lvcreate -L 10G -n logical_volume_new volume_group_new

Now you will have a 10 GB LVM block in the /dev/mapper/volume_group_new/logical_volume_new

# lvs
# lvdisplay

NOTE: You will need to format the LVM block after you have created

# mkfs.ext4 /dev/mapper/volume_group_new/logical_volume_new

Next step is create a directory to mount and mount the lvm

# mkdir /lvmextra
# mount /dev/mapper/volume_group_new/logical_volume_new /lvmextra

Please, make sure you enter the entries to the /etc/fstab file to make it persistent to reboot

# blkid - this will give you UUID of all the blocks so you can enter its UUID to /etc/fstab file

4) Here is some helpful and most important commands of LVM

To extend a space on lv disk (cool part of LVM)
# lvextend -L +1G /dev/mapper/volume_group_new/logical_volume_new
# resize2fs /dev/mapper/volume_group_new/logical_volume_new

To reduce the space on lvm (which you might not use it often)
Please, be sure you might loose some data here and do this if you know what you are doing.

First unmount the device
# umount /lvmextra
# fsck -f /dev/mapper/volume_group_new/logical_volume_new

Then do the opposite of the extending procedure. Let us say you want the total disk size be 7GB.
# resize2fs /dev/mapper/volume_group_new/logical_volume_new 7G
# lvresize -L 7G /dev/mapper/volume_group_new/logical_volume_new

Now, mount your device or just run the # lvs command to check the new resized disk space.

*** There is GUI form of LVM if you are interested to learn. Above material might have typos or mistakes please read about LVM at www.redhat.com documentation or learn some before using the commands.

Wednesday, May 7, 2014

User and Group Administration in Linux

User and Group management is essential skill of the System Administrator.

To add a new user

# useradd newuser
-c - "Comment" - you can comment user's name or anything
-G - Group user belongs to (by default user group will be same as its username)
-e - expiration date of the user's account
-d - custom home directory
-p - set a password
-s - custom shell for a user

You can modify user's account

#usermod user1

Above options will work with usermod and plus some extra commands
-L - lock user's account
-U - unlock user's account
-m - move home dir to another location

You can delete user with

#userdel username
#userdel -r username -> deletes users fully (recursively) from the system

You can modify user's account password with

#passwd user1 - change password for a user
#passwd -l username > to lock user's account
#passwd -u username > to unlock user's account
#chage - changes user password age
#chage -E year-month-date > sets an expiration date
#chage -W 2 > sets a warning for a password expiration
#chage -M 30 > sets a maximum (30) days for the user's account to expire
#chage -l $username > lists information about the user's account

You can create a groups in Linux

#groupadd Groupname - > Adds a group
#groupmod Groupname -> Modifies a group
#groupdel Groupname - > Deletes a group

#groupmod -n oldname newname
#groupmod -g 1001 groupname -> changes group's id

You can set up particular user as an Admin of the group
#gpasswd -A username groupname

Now user can add users to the group he or she is admin of
#gpasswd -a username groupname

User configuration file: /etc/passwd
User password configuration file: /etc/shadow

Group configuration file: /etc/group
Group password file: /etc/gshadow

If you want, you can use GUI too under SYSTEM > ADMINISTRATION > USERS&GROUPS.