Friday, January 13, 2017
Linux Boot Process
The process happens behind the scenes from the time we press the power button until the Linux login prompt appears is known as Linux Boot Process.
Linux booting process can be divided to multiple stages.
Step 1: Power Supply & SMPS (there are two program post and run services )
One of the main component of a computer is SMPS (Switching Mode Power Supply). The primary objective of this component is to provide the perfect required voltage level to the motherboard and other computer components.
Computer internals work in DC, however the power supply we have at home and other places are AC. SMPS converts AC to DC and maintain the required voltage level so that the computer can work flawlessly.
But the main task performed by SMPS, is to inform about the good power supply. If the voltage is more/ or is less, in both the conditions a computer cannot work. As soon as you supply power to the computer, the SMPS checks the voltage level's its providing to the motherboard. If the power signal level is perfect, then SMPS will send a POWER GOOD signal to the motherboard timer. On receiving this POWER GOOD signal from SMPS, the motherboard timer will stop sending reset signal to the CPU. Which means the power level is good and the computer can boot.
Step 2: Bootstrapping (runtime services program loads into memory and post program clear from memory)
Something has to be programmed by default, so that the CPU knows where to search for instructions. This is an address location in the ROM. The address location is FFFF:0000h. This address location is the last region of the ROM. It only contains one instruction. The instruction is to jump to another memory address location. This JUMP command, will tell the location of the BIOS program in the ROM. This is how the computer will come to know where the BIOS program is located.
Step 3: The Role of BIOS in booting process
BIOS stands for Basic Input Output System. The most important use of BIOS during the booting process is POST. POST stands for Power on Self-Test. It’s a series of tests conducted by the bios, which confirms the proper functioning of different hardware components attached to the computer.
Once the POST check is completed successfully, BIOS will look CMOS settings to know what the boot order is.
Boot order is nothing but an user defined order which tells where to look for the operating system. It looks for boot loader (MBR) in first boot device as set in bios. If MBR is not found in first boot device, it keeps on searching for MBR in consecutive boot devices. Once the boot loader program is detected in bootable device (HDD), bios load it into the memory & give the control to it.
Step 4: MBR and GRUB
BIOS is programmed to look at a permanent location on the hard disk to complete its task. This location is called a Boot sector. This is nothing but the first sector of your hard disk. This area is sometimes called as MBR (Master Boot Record).
This is the location that contains the program that will help our computer to load the operating system. As soon as bios finds a valid MBR, it will load the entire content of MBR to RAM, and then further execution is done by the content of MBR.
It is located in the 1st sector of the bootable disk.
• MBR is less than 512 bytes in size. This has three components
a) primary boot loader info in 1st 446 bytes,
b) partition table info in next 64 bytes
c) mbr validation check in last 2 bytes.
• MBR contains information about GRUB (or LILO in old systems).
• So, in simple terms MBR loads and executes the GRUB (Grand unified boot loader).
• GRUB stands for Grand Unified Boot loader.
• If you have multiple kernel images installed on your system, you can choose which one to be executed.
There are three stages of grub in total.
1. GRUB Stage 1 : Contains the boot loader information
2. GRUB Stage 1.5 : Identify Boot Loader File System
3. Grub Stage 2 : Read /boot/grub/grub.conf
• Now this is the point where you are presented with a beautiful TUI (Terminal user interface), where you can select your operating system kernel and press enter to boot it. If you don’t enter anything, it loads the default kernel image as specified in the grub configuration file.
• GRUB has the knowledge of the files system.
• The “/boot/grub/grub.conf” file contains kernel and initrd image.
• So, in simple terms GRUB loads and executes Kernel and initrd images.
Step 5 loading The kernel Image
• Mounts the root file system as specified in the “grub.conf” file.
• Kernel executes the “/sbin/init” program
• Since init was the 1st program to be executed by Linux Kernel, it has the process id (PID) of 1.
• initrd stands for Initial RAM Disk.
• initrd is used by kernel as temporary root file system until kernel is booted and the real root file system is mounted. Initrd image also contains necessary drivers compiled inside, which will required for accessing the hard drive partitions, and other hardware.
• So, in simple term Kernel mounts the “/root” filesystem & executes the init programs with the help of initrd image.
Step 6. Init
• The “/etc/inittab file” decides the Linux Default run level.
• Following are the available run levels
0 – halt, 1 – Single user mode
2 – Multiuser, without NFS, 3 – Full multiuser mode,
4 – unused, 5 – X11, GUI Mode
6 – reboot
• So, in simple term, Init identifies the default initlevel from “/etc/inittab” and loads all appropriate programs for default run level.
Step 7. Runlevel programs
• When the Linux system is booting up, you might see various services getting started. Those are the run level programs, executed from the run level directory as defined by your run level.
• Depending on your default init level setting, the system will execute the programs from particular run level directories.
# cd /etc/rc.d/
# ll drwxr-xr-x. 2 root root 4096 Oct 8 00:50 init.d
-rwxr-xr-x. 1 root root 2617 Jul 24 08:53 rc
drwxr-xr-x. 2 root root 4096 Oct 8 00:50 rc0.d
drwxr-xr-x. 2 root root 4096 Oct 8 00:50 rc1.d
drwxr-xr-x. 2 root root 4096 Oct 8 00:50 rc2.d
drwxr-xr-x. 2 root root 4096 Oct 8 00:50 rc3.d
drwxr-xr-x. 2 root root 4096 Oct 8 00:50 rc4.d
drwxr-xr-x. 2 root root 4096 Oct 8 00:50 rc5.d
drwxr-xr-x. 2 root root 4096 Oct 8 00:50 rc6.d
-rwxr-xr-x. 1 root root 499 Aug 13 10:55 rc.local
-rwxr-xr-x. 1 root root 19216 Jul 24 08:53 rc.sysinit
• Here u can see rc.sysinit file. It runs first and load hostname, date, time, acl, quota, selinux etc after it goes to below step.The folders rc0.d, rc1.d, rc2.d etc contains run level specific programs that will be executed depending upon the default run level you have in your inittab configuration file.
• If you see the files inside these run level specific folders, they either begin with S or they begin with K. The files are also numbered.
• Now files with an S at starting will be executed during the startup process, and files that begins with K, will be killed during shutdown process.
• The number after either S or K is the sequence with which these will be executed.
• Once the kernel has started all programs in your desired run level directory. It runs the rc.local file where user can put any executable script or command. Now you will get a login screen to log inside your booted system.
BOOT LEVEL PROBLEMS
1. To change configure Run Level=> # vi /etc/inittab
2. To Configure IP=> # setup or
# cd /etc/sysconfig/network-scripts/
# vi ifcfg-eth0
BOOTPROTO=static
IPADDR=192.168.249.2
NETMASK=255.255.255.0
ONBOOT=yes
# service network reload
# chkconfig network on
3. To change hostname => # vi /etc/sysconfig/network
4. To reinstall Grub => Boot with ‘Linux Rescue’….& follow cmds,
#chroot /mnt/sysimage/
# grub-install /dev/sda
# grub
# root (hd0,0)
# setup (hd0)
# quit
5. To set Grub password in an encrypted format =>
# grub-md5-crypt
{Then entry the encrypted password in grub.conf file after the timeout line}.
6. To remove Grub password if forgotten => Boot with ‘Linux Rescue’….& follow cmds,
#chroot /mnt/sysimage/
{In /etc/grub.conf, comment the password line}.
7. To reinstall Initrd => Boot with ‘Linux Rescue’….& follow cmds,
# mkinitrd /initrd-$(uname –r).img $(uname -r)
#cp initrd-2.6.18-164.el5.img /boot/
#exit
8. Boot with single user mode. => Edit the kernel by pressing ‘e’ at the booting.
Write ‘ s’ or ‘1’ at the end of the kernel file following by a ‘space’.
OR
Instead of ‘S’or ‘1’ write init=/bin/bash
Then type # mount –o remount,rw /
This will give the read/write permission in the single user mode.
YUM INSTALLATION
# mount /dev/cdrom /mnt
# cd /mnt
# mkdir /yum
# cp -rf /mnt/* /yum
# cd /etc/yum.repos.d/
# vi station.repo
[base]
name=rhel6
baseurl=file:///yum
enable=1
gpgcheck=0
# yum clean all
# yum update all
# rpm -qa | grep -i samba
# yum install samba [All these things will run in RHEL 6]
# cd /yum/Server
# ls | grep -i createrepo
# rpm -ivh createrepo-0.4.11-3.el5.noarch.rpm
# createrepo -v /yum [All these things will run in RHEL 5]
Q. Command for installing a package
# rpm –ivh <package name>
Q. Command for uninstalling a package
# rpm –e <package name>
Q. Command to check a package has been installed or not?
# rpm –qa <package name>
TO CREATE PASSWORD LESS LOGIN
# ssh-keygen –t rsa
# cd /root/.ssh/
# cat id_rsa.pub
copy the whole thing to a file
# /root/.ssh/authorized_keys
# ssh other server login name
ISO FILE MOUNTING
Mount an iso file/root/boot.iso on /disk. This mount should be persistent across system restart.
# mkdir /disk
# mount –t iso9660 /root/boot.iso /disk
# vi /etc/fstab
/root/disk.iso /disk iso9660 defaults, loop 0 0
# mount -a
# df -Th
IMPLEMENTING NIC BONDING
Step #1: Create Bond0 :
# vi /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
IPADDR=192.168.0.25
NETWORK=192.168.0.255
NETMASK=255.255.255.0
Step #2: Modify eth0 config :
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
MASTER=bond0
SLAVE=yes
Step #3: Modify eth1 config :
# vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
MASTER=bond0
SLAVE=yes
Step #4: # vi /etc/modprobe.conf
alias bond0 bonding
options bond0 mode=4 miimon=100
Step #5: # modprobe bonding
Step #6: # service network restart
Step #7: # cat /proc/net/bonding/bond0
Step #8: # ifconfig –a
Modes of bonding:
-----------------
These modes determine the way in which traffic sent out of the bonded interface is actually dispersed over the real interfaces.
Mode 0 (balance-round robin) This mode transmits packets in a sequential order. The first will be transmitted on the first slave and the second frame will be transmitted on the second slave. The third packet will be sent on the first and so on. This provides load balancing and fault tolerance.
Mode 1 (active-backup) This mode places one of the interfaces into a backup state and will only make it active if the link is lost by the active interface. Only one slave in the bond is active at an instance of time. A different slave becomes active only when the active slave fails. This mode provides fault tolerance.
Mode 2 (Load balancing and Fault tolerance) This selects the same slave for each destination MAC address and provides load balancing and fault tolerance.
Mode 3 (broadcast) This mode transmits everything on all slave interfaces. This mode is least used (only for specific purpose) and provides only fault tolerance.
Mode 4 (Aggregation) This mode is known as Dynamic Link Aggregation mode. If the speed of the NIC cards are 1gb each then the data transfer rate will be 2gb. It increases the speed of the data transfer.
Mode 5 (balance-tlb) This is called as Adaptive transmit load balancing. The outgoing traffic is distributed according to the current load and queue on each slave interface. Incoming traffic is received by the current slave.
Mode 6 (balance-alb) This is Adaptive load balancing mode. This includes balance-tlb + receive load balancing (rlb) for IPV4 traffic. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the server on their way out and overwrites the src hw address with the unique hw address of one of the slaves in the bond such that different clients use different hw addresses for the server.
S/W RAID CONFIGURATION IN A RUNNING M/C.
To check partition list: # fdisk –cul
To create partition # fdisk /dev/sdb
Command (m for help): m {List the menu}
Command (m for help): n {add a new partition }
P { partition type }
Partition number (1-4): 1
Last cylinder, +cylinders or +size{K,M,G} (1-1958, default 1958): +3800M{partition size}
Command (m for help): t {change a partition's system id}
Partition number (1-4): 1
Hex code (type L to list codes): l {list known partition types}
Hex code (type L to list codes): fd {type of partition}
Command (m for help): p {print the partition table }
# reboot
To create a RAID 5 meta disk # mdadm --create /dev/md0 --level=5 --raid-disk=3 /dev/sdb1 /dev/sdb2 /dev/sdb3
To check the meta disk # mdadm --detail /dev/md0
To format the Meta disk # mkfs.ext4 /dev/md0
Make a directory # mkdir /raid
# mount /dev/md0 /raid
To fail a disk in RAID 5 # mdadm /dev/md0 --fail /dev/sdb1
# mdadm --detail /dev/md0
To add a disk in Raid 5 # mdadm /dev/md0 --add /dev/sdb4
# mdadm --detail /dev/md0
To remove the faulty disk # mdadm /dev/md0 --remove /dev/sdb1
# mdadm --detail /dev/md0
# mdadm /dev/md0 --add /dev/sd1
# mdadm /dev/md0 --add /dev/sdb1
# mdadm --detail /dev/md0
{ If there is a spare disk and at the mean time a working disk goes failed then the spare disk will come to use and take the place of the failed disk}.
# mdadm /dev/md0 --fail /dev/sdb4
# mdadm --detail /dev/md0
H/W RAID CONFIGURATION IN A SERVER
ü Before installing the OS go to the bios of the server. There you can find the storage configuration in the main tab.
ü In the Storage configuration tab you have to set “configure SATA as RAID”. Then save it and exit.
ü Then when the server will reboot we have to press Ctrl + F9 or F8 to enter.
ü Now we can see the disks which are in the server. There one option will be there as “create Raid Volume”.
ü Going by that option we have to set the RAID type in Raid Level. Then the HW raid will be configured.
MONITORING COMMANDS
1. Top -> The top program provides a dynamic real-time view of a running system i.e. actual process activity.
By default, it displays the most CPU-intensive tasks running on the server and updates the list every
five seconds.
2. vmstat -> The command vmstat reports information about processes, memory, paging, block IO, traps, and CPU activity.
3. w -> w command displays information about the users currently on the machine, and their processes.
4. uptime -> The uptime command can be used to see how long the server has been running. The current time,
how long the system has been running, how many users are currently logged on, and the system
load averages for the past 1, 5, and 15 minutes.
5. free -> The command free displays the total amount of free and used physical and swap memory in the system, as well as the buffers used by the kernel.
6. iostat -> The command iostat report Central Processing Unit (CPU) statistics and input/output statistics for devices, partitions and network filesystems (NFS).
7. ps -> Command to display all running process:
# ps aux | less
Command to see every process on the system
# ps –A or # ps –e
Command to see process run by user vivek
# ps -u vivek
Command to display a tree of processes
# pstree
8. mpstat -> The mpstat command displays activities for each available processor, processor 0 being the first one.
mpstat -P ALL to display average CPU utilization per processor:
9. netstat -> The command netstat displays network connections, routing tables, interface statistics,
masquerade connections, and multicast memberships.
MIGRATION AND DEPLOYMENT OF A SERVER
ü To migrate a server from a physical server to virtual server, first install the OS in the Virtual server.
ü Then arrange the storage from the storage side. After completing this work the application team installs the application.
ü Then we ask for the down time to stop the application in the physical server and copy all the data to the virtual server from the physical server.
ü After coping the data we have to change the ip of the virtual server as it is in the physical server. Then only the user can access the data from the server they are using.
ü After doing all this thing the application team may face some problem like to change the kernel parameters or to access some more files. So we have to give access to all those files they ask for by chown command.
SEMI KICKSTART INSTALLATION PROCEDURE:
We need to create the kick start configuration file manually, by logging into the server prdrhadm01.net.bms.com, and copy any previous ushpwbmsclz???.cfg file(/data/configs/cfg/) with our server’s name like ushpwbmsclz095.cfg and edit it and change the IP ADDRESS= with the IP Address of our server, and the kick start configuration file is ready.
Now you may begin with the installation:
I had already copied the RHEL4 iso image on the server USAHZBMSQ001(location --> E:\Software\boot8.iso) by the name boot8.iso, just mount that image to the server before starting with installation, by opening the “Virtual Media Applet” from the ILO and then browse for the iso image and press connect button, as shown.
After this restart the server and it will show the boot prompt, there we have to write:
boot: linux ks=http://165.89.184.69/cfg/ushpwbmsclz???.cfg
and press enter to start the installation.
HP ILO CONFIGURATION:
1. Q. Accessing and configuring the server by using HP ILO {Integrated Light Out -2} & VM console.
Ans. If the remote server needs to be powered off or something like that then ILO is used to short that problem. I need to login to the server with ILO software and in the power management column I need to operate. There are four switches are there to operate.
• Momentary press : should do a gracefull shutdown.
• Press and Hold : will force the server to power off.
• Cold boot : is like removing power and restarting.
• Reset : is like a warm boot
2. The details of the server is in
ILO2/System Status/ Summary/Status Summary/
3. The details of the logs are in
ILO2/System Status/ ILO2 Log/
4. The details of information
ILO2/System Status/ System Information/
5. To go to the Remote Console
ILO2/Remote Console/Remote Console/
ISCSI DISK INITIATOR
In the server side add a hard disk
# yum install scsi-target-utils* -y
# chkconfig tgtd on
# service tgtd start
# vi /etc/tgt/targets.conf
# TGTD example targets file
#
# Example iSCSI target with one LUN.
# This gets read when "service tgtd start" is run.
#
<target iqn.lun1.com.example:tgtd>
# List of files to export as LUNs
#backing-store /usr/storage/disk_1.img
backing-store /dev/sdd
# Authentication :
# if no "incominguser" is specified, it is not used
#incominguser backup secretpass12
# Access control :
# defaults to ALL if no "initiator-address" is specified
initiator-address 192.168.100.
initiator-address 192.168.100.224 223 {Mention the ip who will take this disk}
</target>
# service tgtd start
# tgt-admin –s
In the client side
# yum install iscsi-initiator-utils* -y
# chkconfig iscsid on
# service iscsid restart
# iscsiadm -m discovery -t st -p 192.168.100.222
192.168.100.222:3260,1 iqn.lun1.com.example:tgtd
# iscsiadm -m node -T iqn.lun1.com.example:tgtd -p 192.168.100.222 –l
# fdisk –l
{If any problem in finding the disks then restart both the server and the client}.
# fdisk /dev/sda (Create a partition table on the device as required)
# mkfs.ext4 /dev/sda1 (create a file system on partition)
# mkdir /coldstorage (create a mount point for partition)
# vim /etc/fstab (create partition mountable on every reboot)
UUID=XXXX-XXXX-XXXX /coldstorage ext4, _netdev 0 0
# mount -a
# df -Th
SECURITY & ACCESS MANAGEMENT
1. How you can use firewall as a Security measure.
# iptables –F
# chkconfig iptables off
# service iptables save
# service iptables stop
# service iptables status
INPUT : used to block incoming traffic to your server
OUTPUT : used to block outgoing traffic from your server
FORWARD : scan for incoming and outgoing and forwarding packets accordingly over another interface.
This is used for gateway/router type of scenarios.
a. Now, I need to use ssh login on port 22, from *.example.com (192.168.1.0/255.255.255.0/24) only.
# iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -d 192.168.0.250 -j ACCEPT
b. My server should not be allowed to use (ssh login) from anywhere in the world (0.0.0.0/0.0.0.0 a.k.a 0/)
# iptables -A INPUT -p tcp --dport 22 -s 0.0.0.0./0 -d 192.168.0.250 -j REJECT
To Delete a IP table list
# iptables -D INPUT 2 (will delete INPUT chain rule #2)
iptables -A INPUT -p icmp -s 192.168.0.254 -d 192.168.0.250 -j DROP (to disable ping)
iptables -A INPUT -p tcp -s *.myl33tgroup.org -d 192.168.0.250 -j DROP
SELINUX CONFIGURATION
1. To check se status # sestatus
2. for permissive # setenforce 0
3. for enabling # setenforce 1
4. Config file editing # vim /etc/selinux/config
5. To see the directory context
# ls –Zd
6. change file SELinux security context
# chcon –R –t public_contents_rw_t <dir-path>
[root@chittaranjan2 /]# getsebool -a | grep -i samba
[root@chittaranjan2 /]# getsebool -a | wc -l
[root@chittaranjan2 /]# getsebool -a | grep -i samba
[root@chittaranjan2 /]# setsebool -P samba_share_nfs on
[root@chittaranjan2 /]# getsebool -a | grep -i samba
SSH SERVER CONFIGURATION
Configure SSH Server. Only example.com domain's persons can come in to your machine & Clients within “remote. test” or “my133t.org” should NOT have access to ssh on your system.
Solution: - # chkconfig sshd on
# service sshd restart
# vim /etc/hosts.allow
sshd: .example.com
# vim /etc/hosts.deny
sshd: .remote.test
Or
sshd: .my133t.com
(Note: while using hosts.deny & hosts.allow file wild cards should not be used)
CRON CONFIGURATION
Cron is a daemon that executes commands at specified intervals. These commands are called "cron jobs."
Cron is available on Unix, Linux and Mac servers. Windows servers use a Scheduled Task to execute commands.
Cron is a process to setup or schedule a task at a partial time.
[root@chittaranjan-3 ~]# service crond restart
[root@chittaranjan-3 ~]# chkconfig crond on
[root@chittaranjan-3 ~]# crontab –e
5 * * * * echo "hi">/dev/pts/0
[Execute the command or job you want to do.]
* ( 0 -59)is for minutes.
* ( 0 -23)is for hours.
* ( 0 -31)is for days.
* ( 0 -12)is for months.
* ( 0 -7)is for weeks.
~
"/tmp/crontab.XXXXAvq1Ux" 1L, 31C
[root@chittaranjan-3 ~]# crontab –l
5 * * * * echo "hi">/dev/pts/0
[root@chittaranjan-3 ~]#
hi
[root@chittaranjan-3 ~]# service crond stop
Q. To find out cron jobs in root user for other users
# crontab –u username –l
Q. In user login to find the cron tabs
# crontab –l
Q. Deny cron service for sarsha user and allow cron service for all users.
# vim /etc/cron.deny
Add “ sarsha”
# service crond restart
SENDMAIL CONFIGURATION
Just specify the relay server in
# /etc/mail/sendmail.mc file like below.
DSrelayserver.abc.com
# cat submit.cf | grep -i mailhost
Set DS as mailhost
DSmailhost.bms.com
Q. Linux Configure Sendmail as SMTP Mail Client
Step # 1: Disable Sendmail Daemon In a Listing Mode
# vi /etc/sysconfig/sendmail
Modify the line:
DAEMON=no
Step #2: Configure Mail Submission
# vi /etc/sysconfig/submit.cf
Find the line beginning with D{MTAHost}, and update it to read as follows:
DS {MTAHost}mail.nixcraft.net
POSTFIX CONFIGURATION
Q. Configure Postfix. Set up Intranet E-mail for user john. John’s mail should me spooled to /var/spool/mail/john.
Your server should accept from remote networks.
Solution: - # yum install postfix
Open a main.cf config file and edit the line
# vim /etc/postfix/main.cf
myhostname = serverX.example.com (Uncomment a line and edit)
mydomain = example.com (Uncomment a line and edit)
myorigin = $myhostname (Uncomment a line)
myorigin = $mydomain (Uncomment a line)
inet_interfaces = all (Uncomment a line)
#inet_interfaces = localhost (Comment a line)
mydestination = $myhostname,
localhost.$mydomain, localhost, $mydomain (Uncomment a line)
mynetworks =127.0.0.1/8, 172.24.48.0/24 (Uncomment a line and edit)
relay_domains = $mydestination (Uncomment a line)
relayhost = $mydomain (Uncomment a line)
#chkconfig postfix on
#service postfix restart
Q. Configure a POP3 server. Allow only example.com network and deny all for POP3 server.
Solution: - # yum install dovecot
Open dovecot.conf file and uncomment a line
# vim /etc/dovecot/dovecot.conf
Protocols = imap pop3 lmtp
# chkconfig dovecot on
# service dovecot restart
# vim /etc/hosts.deny
dovecot: ALL EXCEPT .example.com
Q. Configure mail aliases. User jerry should get the mail of principal.
Solution: - # vim /etc/aliases
Principal: jerry
[root@luci /]# yum install nmap –y
[root@luci /]# nmap 192.168.100.11 {This will show all the ports in use}
NTP SERVER
Q. Setup your machine as NTP Client
Ans: - Go to System Administration Date and Time
Click on Synchronize date and time over the network,
Click on Add and Type the Server name or IP add,
Click Apply and Ok.
# chkconfig ntpd on
# service ntpd restart
DNS SERVER ADMINISTRATION
Q. Configure a caching-only DNS server that forwards requests to the physical host system
Solution: -
# yum install bind
Modify the named configuration file
# vim /etc/named.conf
listen-on port 53 {any ;};
listen-on port 53 {any ;};
allow-query {localhost; 172.24.48.0/24 ;};
forwarders {172.24.48.254 ;};
Dnssec-query no;
# chkconfig named on
# service named restart
Test from the desktop X system
(where X is a machine number)
# host serverX.example.com 172.24.48.X
(where X is a machine number)
NFS SERVER CONFIGURATION
Q. Export your “/common” directory via NFS to the example.com domain only.
# mkdir /common
# vim /etc/export
/common *.example.com(ro,sync)
# chcon -R --reference=/var/ftp/pub /common
# exportfs -ra
# chkconfig nfs on
# service nfs restart
# showmount -e x.x.x.x (where as x.x.x.x is IP of nfs server)
Q. Export “/share” directory, allow example.com and deny all. The exported directory must be automatically mounted
under “/net/misc/serverX”.
Solution: -
# mkdir /share
# vim /etc/exports
/share *.example.com(ro,sync)
# exportfs -ra
# chkconfig nfs on
# service nfs restart
# showmount -e x.x.x.x (Where as x.x.x.x is IP of nfs server)
# vim /etc/auto.master
/net/misc/serverX /etc/auto.misc (Where X is a your machine number)
# vim /etc/auto.misc
Share -ro,sync,intr serverx.example.com:/share
(Where as serverx is nfs server)
# service autofs stop
# service autofs start
# chcon -R --reference=/var/ftp/pub /share
(setting Selinux permission)
# cd /net/misc/serverX
# cd share
Q. Name the NFS Daemons.
mountd, Automountd, nfsd, nfslogd, lockd, statd
Q. How do I fix NFS Stale Partition?
Find a good base directory mount point and execute the following:
# mount -o remount [directory you selected]
This basically refreshes the NFS mount across all mounted points.
FTP CONFIGURATION
Q. Configure ftp server. Make access to example.com and deny all.
Solution: - # vim /etc/hosts.deny
Vsftpd: ALL EXCEPT .example.com
Q. Set up drop-box for anonymous upload should be enabled on “/var/ftp/upload”, Anonymous Should connects as wx and allow for only your domain
Solution: - Open a Configuration File and uncomment a line
# vim /etc/vsftpd/vsftpd.conf
anon_upload_enable=YES
anon_mkdir_write_enable=YES
# mkdir /var/ftp/upload
# chgrp ftp /var/ftp/upload
# chmod 730 /var/ftp/upload
# yum install libsemanage*
# yum install libsemanage-python
# yum install policycoreutils*
# chkconfig vsftpd on
# service vsftpd restart
# semanage fcontext -a –t public_content_rw_t ‘/var/ftp/upload (/.*)?’
# restorecon -vvFR /var/ftp/upload
# getsebool -a | grep ftp
# setsebool -P allow_ftpd_anon_write=1
# setsebool -P allow_ftpd_full_access=1
# setsebool -P ftp_home_dir=1
LDAP USER CLIENT CONFIGURATION
Q. Setup LDAP inyour machine so that all ldapusers can login without their home directory.
# system-config-authentication
# authconfig -gui
Set the User Account Database dropdown to LDAP. If it is not already set, DAP Search Base DN to dc=example, dc=com. Set the LDAP Server to “ldap://server.example.com”. Check the Use TLS to encrypted connections checkbox. Click Download CA Certificate and enter http://server.example.com/pub/EXAMPLE-CA-CERT. Set the Authencation Method dropdown to LDAP. Click Apply and ok
# getent passwd ldapuser8
Q. Setup LDAP inyour machine so that all ldapusers can login with their home directory.
# yum install authconfig-gtk
# yum groupinstall directory-client
# vim /etc/auto.master
/rhome /etc/auto.misc
# vim /etc/auto.misc
(Where X is a your machine number)
ldapuserX –rw –fstype=nfs server.example.com:/rhome/server/ldapuserX
# service sssd restart
#chkconfig sssd on
# service autofs reload
# chkconfig autofs on
SAMBA SERVER CONFIGURATION
Install samba package
# yum install samba*
Open smb.conf file and edit
# vim /etc/samba/smb.conf
workgroup = RHCEGROUP (Edit a line)
hosts allow = 127. 172.24.48. (Open semicolon and edit line)
[share]
comment = samba server
path = /share
writable = no
browseable = yes
valid users = jerry
# Smbpasswd -a jerry
# chkconfig smb on
# service smb restart
# getsebool -a | grep samba
# setsebool -P samba_create_home_dirs=1
# setsebool -P samba_domain_controller=1
# setsebool -P samba_enable_home_dirs=1
# setsebool -P samba_export_all_ro=1
# setsebool -P samba_export_all_rw=1
# setsebool -P use_samba_home_dirs=1
# getsebool -a | grep smb
# setsebool -P allow_smbd_anon_write=1
# smbclient //server.example.com/share -u jerry
Password:
Smb:\>
WEB SERVER CONFIGURATION
1. Install the packages required for configuring http server
# yum install httpd wget
2. Configure http server with document root default path
# vim /etc/httpd/conf/httpd.conf
< VirtualHost *:80>
ServerAdmin root@serverX.example.com
DocumentRoot /var/www/html
ServerName serverX.example.com
</VirtualHost >
(Where X is a your machine number)
3. Setting html page from given path
# cd /var/www/html
# wget http://server.example.com/pub/serverX.html
# mv serverX.html index.html
# chcon -R --reference=/var/www/html index.html
# chkconfig httpd on
# service httpd restart
4. Testing http server
# elinks http://serverX.example.com
(Where X is a machine number)
VIRTUAL WEB SERVER CONFIGURATION
Open Configuration file & uncomment the line
“NameVirtualHost *:80” to enable virtual hosting
# vim /etc/httpd/conf/httpd.conf
NameVirtualHost *:80
(Uncomment this line to enable virtual hosting)
< VirtualHost *:80>
ServerAdmin root@serverX.example.com
DocumentRoot /var/www/virtual
ServerName wwwX.example.com
</VirtualHost >
(Where as “wwwX.example.com” is virtual host name)
# mkdir /var/www/virtual
# cd /var/www/virtual
# wget http://server.example.com/pub/wwwX.html
# mv wwwX.html index.html
# chcon -R --reference=/var/www/html /var/www/virtual
# chkconfig httpd on
# service httpd restart
# elinks http://wwwX.example.com
(Where X is a machine number)
Enable Access control to file system for giving write access to John to “/var/www/virtual”
# vim /etc/fstab
/dev/mapper/GLSvg-GLSroot / ext4 defaults,acl 1 1
(Note by default need to enable acl in rhel6)
# mount -o remount; /
# mount
# setfacl -m u:john:rwx /var/www/virtual
SECURE WEB SERVER CONFIGURATION
Open Configuration file and last 7 line Copy and paste. Change the lines number (1, 2, 3, 4, 7) and
uncomment changes line. (Line number 5 and 6 will be commented)
# vim /etc/httpd/conf/httpd.conf
< VirtualHost *:80>
ServerAdmin root@serverX.example.com
(Where X is a your machine number)
DocumentRoot /var/www/localhost
ServerName localhost.localdomain
</VirtualHost >
# mkdir /var/www/localhost
# cd /var/www/localhost
# wget http://server.example.com/pub/local.html
# mv local.html index.html
# chcon -R --reference=/var/www/html /var/www/localhost
# chkconfig httpd on
# service httpd restart
# elinks http://localhost.localdomain
CREATING A CUSTOM SELF-SIGNED CERTIFICATE
1. Install following packages for generating certificate
# yum install crypto-utils mod_ssl
# genkey --days 365 serverX.example.com
Provide the appropriate input as required while generating certificate &
note down the path of newly generated certificate file & certificate key.
2. Open the /etc/httpd/conf.d/ssl.conf”file & change the path of “SSLCertificateFile” & “SSLCertificateFile” as follows
# vim /etc/httpd/conf.d/ssl.conf
# SSLCertificateFile /etc/pki/tls/certs/localhost.crt (old path)
SSLCertificateFile /etc/pki/tls/certs/serverX.example.com.crt
# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key (old path)
SSLCertificateKeyFile /etc/pki/tls/private/serverX.example.com.key
3. Restart the httpd service
LINUX CLUSTER COMMANDS
1. Where the cluster configuration files are stored?
# /etc/cluster/cluster.conf
2. To check the Service information
# clustat -l
Cluster Status for chittucluster @ Tue Feb 4 11:25:12 2014
Member Status: Quorate
Member Name ID Status
------ ---- ---- ------
node1.cluster.com 1 Online, Local, rgmanager
node2.cluster.com 2 Online, rgmanager
Service Information
------- -----------
Service Name : service:nfs_service
Current State : started (112)
Flags : none (0)
Owner : node2.cluster.com
Last Owner : none
Last Transition : Tue Feb 4 10:04:15 2014
Service Name : service:nfsserv10
Current State : started (112)
Flags : none (0)
Owner : node2.cluster.com
Last Owner : none
Last Transition : Tue Feb 4 10:04:15 2014
3. To check the cluster status and it should be refreshed in each 3 seconds.
# clustat -i 3
Cluster Status for chittucluster @ Tue Feb 4 11:37:45 2014
Member Status: Quorate
Member Name ID Status
------ ---- ---- ------
node1.cluster.com 1 Online, Local, rgmanager
node2.cluster.com 2 Online, rgmanager
Service Name Owner (Last) State
------- ---- ----- ------ -----
service:nfs_service node2.cluster.com started
service:nfsserv10 node2.cluster.com started
4. To migrate a a service
# clusvcadm -r nfsserv10 -m node1.cluster.com
5. To enable a service
# clusvcadm -e nfsserv10
6. To disable a service
# clusvcadm -d nfsserv10
7. To update the cluster.conf file
# ccs_tool update /etc/cluster/cluster.conf
Proposed updated config file does not have greater version number.
Current config_version :: 12
Proposed config_version:: 12
Failed to update config file.
8. To update the version of the cluster.conf file
# cman_tool version –r 12
9. What are the services needed to start the cluster ?
1. cman, 2. clvmd/gfs, 3. rgmanager
10. What are the services needed to close the cluster ?
1. rgmanager, 2. clvmd/gfs, 3. cman
KERNEL UPDATE
1. Check the kernel version # uname –r
2. Install the kernel update # rpm –ivh <Path of the kernel where it has been stored.>
# rpm –ivh /root/Desktop/kernel/kernel – firmware 2.6.32.220…
3. There will be a conflict in the firmware, so install the firmware force fully and then install the kernel again.
# rpm –ivh /root/Desktop/kernel/kernel – firmware 2.6.32.220… --force
4. Install the kernel update # rpm –ivh /root/Desktop/kernel/kernel – firmware 2.6.32.220…
5. Now check whether the kernel is there in the module or not. # ls /lib/modules/
6. Now check the Linuz image is there or not. # ls /boot/vmlinuz*
7. Now reboot the server. # reboot
TO EDIT KERNEL PARAMETERS
1. Configure kernel ip range to 35000 to 61000
# sysctl -a |grep -i range {net.ipv4.ip_local_port_range = 32768 61000}
# vi /etc/sysctl.conf Add this at the end net.ipv4.ip_local_port_range = 35000 61000
# sysctl –p { will take effect after running this command}
2. Configure kernel such that kernstack value is 1.
# vi /etc/grub.conf {At the end of the kernel write “ kernstack = 1”}
# reboot
# cat /proc/cmdline
3. Configure or Enable IP forwarding
# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
# sysctl –p
LINUX PATCHING PROCESS
1. To register the server # Up2date --register/rhn_register
2. To list channels # Up2date –show-channels
# echo "repo list" | yum shell
# rhn-channel -l
3. To list updates # Up2date --list or up2date –l
# yum list updates
4. Up2date configuration # Up2date --configure
# /etc/sysconfig/rhn/up2date
{This is the file it actually updates with up2date –configure}
5. To configure yum to save rollback information,
add the line tsflags=repackage to /etc/yum.conf.
6. To configure command-line rpm to do the same thing, step-2
add the line %_repackage_all_erasures 1 to /etc/rpm/macros
7. Apply patches
Use console to do it, not ssh connection
#up2date –u
OR
#yum update
This can even take hours to finish, let it finish.
8. Actual Roll back of patches
If/when you want to rollback to a previous state, perform an rpm update with the --rollback option followed by a date/time specifier.
Some examples:
# rpm -Uhv --rollback '9:00 am',
# rpm -Uhv --rollback'4 hours ago',
# rpm -Uhv --rollback 'december 25'.
TO SET ACL PARAMETERS
1. To check the ACL status of a mount point # getfacl /mount point/
2. To set the ACL status of a mount point for an user # setfacl -m u:username:rwx <mount point/>
3. To set the ACL status of a mount point for others # setfacl -m o::rwx <mount point/>
4. To remove ACL parameters # setfacl –remove-all /mount point
5. If necessary to remount the mount point. # mount -o remount /mount point/
FINE TUNING A SERVER.
1. Increser swapiness or swap memory increased to 75%. # cat /proc/sys/vm/swappiness
# echo 75 > /proc/sys/vm/swappiness
2. To release the cache memory (page Caches) # sync;echo 1 > /proc/sys/vm/drop_caches
To release the dentries and inode caches # sync;echo 2 > /proc/sys/vm/drop_caches
To release the both page caches and dentries,inode caches # sync;echo 3 > /proc/sys/vm/drop_caches
# /sbin/sysctl vm.drop_cache=3
3. To edit the kernel range # sysctl -a | grep -i range
# sudo sysctl -w net.ipv4.ip_local_port_range="32800 61000"
# sysctl -a | grep -i range
# echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
4. Unique list of open files used in root file system. # lsof / | awk ‘{print $1}’ | uniq
5. To get current CPU usage # sar 2 10
To get the CPU usage for previous date, consider 14th # sar -P ALL -f /var/log/sa/sa14
To get the CPU usage for 10th of month, from 7 AM to 3 PM (i.e. with specifying the time)
# sar -P ALL -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00
6. How to know Database (Oracle) is running in the server? # ps -ef | grep pmon
or
# ps -ef | grep smon
# ps -ef | grep tnslsnr (Listner service (lsnr))
7. Command to the file using highest space in the storage. # du -sch * | grep K (will show the size in kb)
# du -sch * | grep M (will show the size in mb)
# du -sch * | grep G (will show the size in gb)
8. To zip all the folders in a directory starting with 0 and 11 -12. # bzip2 sa*0*
# bzip2 sa* 1{1..2}
9. To remove all the files starting with 2013 # rm –rf 2013-*
List of some Ethernet tools commands
1. Command to detect the status of the Eth0 # ethtool eth0
2. Command to detect the status of the NIC # mii-tool bond0
3. To down an Ethernet # ifdown eth0
4. To up an Ethernet card # ifup eth0
5. Command to chk the version of the Eth0. # ethtool –i eth0
6. To ping a ip only once # ping 192.168.100.111 -c 1
SHELL SCRIPTING
1. Show the average speed of the cpu from 12 to 21 date
# for i in {12..21}; do sar -u -f sa$i | grep -i average; done
2. Show the average speed of the memory from 12 to 21 date
# for i in {12..21}; do sar -r -f sa$i | grep -i average; done
3. Show the average speed of the paging from 12 to 21 date
# for i in {12..21}; do sar -B -f sa$i | grep -i average; done
4. To ping all the ips in between 192.168.100.111 to 192.168.100.150
# for i in {111..150}; do ping 192.168.100.$i -c 2 | grep ttl; done
What are the System information required before restarting the server and you need to restart them in the server after rebooting?
Before reboot
# mount>file1.txt; mount | wc -l >> file1.txt
# df -Th>>file1.txt; df -Th | wc -l >> file1.txt
# ip addr list>>file1.txt; ip addr list | wc -l >> file1.txt
# cat /etc/fstab>>file1.txt; cat /etc/fstab | wc -l >> file1.txt
# netstat -nr>>file1.txt; netstat -nr | wc -l >> file1.txt
# cat/etc/rc.local>>file1.txt; cat /etc/rc.local | wc -l >> file1.txt
After reboot
# mount> file2.txt; mount | wc -l >> file2.txt
# df -Th>> file2.txt; df -Th | wc -l >> file2.txt
# ip addr list>> file2.txt; ip addr list | wc -l >> file2.txt
# cat /etc/fstab>> file2.txt; cat /etc/fstab | wc -l >> file2.txt
# netstat -nr>> file2.txt; netstat -nr | wc -l >> file2.txt
# cat/etc/rc.local>> file2.txt; cat /etc/rc.local | wc -l >> file2.txt
Then compare both the files
# diff 'file1.txt' 'file2.txt'
LUN DETECTION
1. For WWN Number => # cat /sys/class/fc_host/host1/port_name
2. For HBA Status => # cat /sys/class/fc_host/host1/port_state
3. command to check the Manageable HBA List # hbacmd listhbas
4. Command to chk the HBA Port state # systool -c fc_host -v |grep -i port_state
5. Command to reset the HBA Port State # hbacmd Reset < Port WWN > # hbacmd Reset 10:00:00:90:fa:74:da:fa
6. Command to scan a new hard disk without rebooting the system.
# rescan-scsi-bos.sh
7. First take output of multipath and dev-mapper
# multipath -ll > /tmp/mpath.pri
# ls > /tmp/devmapper.pri
8. For Adding LUN commands used are:
#echo 1 > /sys/class/fc_host/host0/issue_lip,
#echo 1 > /sys/class/fc_host/host1/issue_lip
#echo 1 > /sys/class/fc_host/host2/issue_lip
#echo "- - -" > /sys/class/scsi_host/host0/scan
#echo "- - -" > /sys/class/scsi_host/host1/scan
#echo "- - -" > /sys/class/scsi_host/host2/scan
9. Take output of multipath and dev-mapper again
# multipath -ll > /tmp/mpath.post
# ls > /tmp/devmapper.post
10. Now compare both the files pri and post. Then we can get the new lun which has been added recently.
# diff /tmp/mpath.pri /tmp/mpath.post
# diff /tmp/devmapper.pri /tmp/devmapper.post
11. If this output you have forgotten to taken before then use following command. The scan disk will flush.
# multipath -f
12. To check what are the new luns have came now.
# multipath -v2
13. Detect LUNs with different HBA Card
# lsmod | grep scsi
# lsmod | grep fc
rfcomm 104937 0
l2cap 89409 8 hidp,rfcomm
bluetooth 118725 3 hidp,rfcomm,l2cap
scsi_transport_fc 83145 1 bfa
scsi_mod 199001 10
scsi_dh_emc,bfa,scsi_dh,sr_mod,sg,scsi_transport_fc,usb_storage,libata,cciss,sd_mod
bfa This is the module here for this HBA card
# rmmod bfa
# modprobe bfa
14. Configuring Multipath on the server:
# yum install device-mapper-multipath* {To install the multipath software in the server}
# mpathconf –enable
# service multipathd start { If this does not work then }
# /etc/init.d/multipathd start
# chkconfig multipathd on
# cd /etc/multipath/
# ls –ltr /dev/mapper (Check if any mpath* or pv* file available)
# vi /etc/multipath.conf
Comment the below lines: # it
devnode_blacklist {
devnode "*"
}
Uncomment the below lines: remove #
defaults {
user_friendly_names yes
}
#service multipathd restart (Now, must be able to see mpath* or pv* file)
15. Add this things at the end of the multipath.conf file. So that instead of such a big name for the new multipath an user friendly name as per us will be seen.
# Persistent binding start info
multipaths {
multipath { wwid 360060e8016528a000001528a000011d5
alias ARCH_EXP-d1
}
multipath {wwid 360060e8016528a000001528a000011ca
alias RECO_EXP-d1
}
}
# Persistent binding ends info
16. Display the current multipath configuration gathered from sysfs and the device mapper.
# multipath –l
17. Display the current multipath configuration gathered from sysfs, the device mapper, and all other available components on the system.
# multipath –ll
Only for multipath environment:
After detection run the below command
# multipath
And then check the files under /dev/mapper
# /dev/mapper/pv2 Or # /dev/mapper/mpath2
18. To check the mpath* is belong to which dm-*
[root@host0] #cd /dev/mpath/
[root@host0 mpath] # pwd
/dev/mpath
[root@host0 mpath] # ls -ltr
total 0
lrwxrwxrwx 1 root root 8 Nov 10 13:09 mpath6 -> ../dm-23
lrwxrwxrwx 1 root root 8 Nov 10 13:09 mpath7 -> ../dm-24
lrwxrwxrwx 1 root root 8 Nov 10 13:09 mpath8 -> ../dm-25
[root@dloradb10 mpath]# multipath -ll | grep -A6 mpath6
mpath6 (360060160ff4b1f009a8649299909e111)
[size=70 GB][features="1 queue_if_no_path"][hwhandler="1 emc"]
\_ round-robin 0 [prio=2][active]
\_ 0:0:1:3 sdp 8:240 [active][ready]
\_ 2:0:1:3 sdz 65:144 [active][ready]
\_ round-robin 0 [enabled]
\_ 0:0:2:3 sdu 65:64 [active][ready]
19. Remove the named multipath device
# multipath –f device
[root@dloradb10 mpath] # multipath –f mpath6
[root@host0 mpath] # echo 1 > /sys/block/sdp/device/delete
[root@host0 mpath] # echo 1 > /sys/block/sdz/device/delete
After removal it will come like:
[root@tlmnora07 mapper]# multipath -ll | grep -A5 mpath3 | more
mpath3 (360060e80058d1c0000008d1c000004bb)
[size=33 GB][features="1 queue_if_no_path"][hwhandler="0"]
\_ round-robin 0 [active]
\_ #:#:#:# - 65:192 [active][faulty]
\_ #:#:#:# - 8:48 [active][faulty]
COMMAND OF HPACUCLI TOOL
hpacucli = hp array configuration utility cli
1. Command to check the RAID status # hpacucli ctrl all show config
Smart Array P400 in Slot 1 (sn: PAFGK0R9SX80JW)
array A (SAS, Unused Space: 0 MB)
logicaldrive 1 (279.4 GB, RAID 1+0, Interim Recovery Mode)
physicaldrive 2I:1:1 (port 2I:box 1:bay 1, SAS, 300 GB, Failed)
physicaldrive 2I:1:2 (port 2I:box 1:bay 2, SAS, 300 GB, OK)
2. Command to check the RAID status in details # hpacucli ctrl all show config detail
3. Some other commands to check drive status:
# hpacucli ctrl slot=0 pd all show
# hpacucli ctrl slot=0 pd 1I:1:1 show
# hpacucli ctrl slot=0 pd 1I:1:2 show
4. To check the Server Health
Install the package # yum install hp-health.x86_64
# /etc/init.d/hp-health status
# /etc/init.d/hp-health start
Display general information of the server hpasmcli> SHOW SERVER
Show current temperatures hpasmcli> SHOW TEMP
Get the status of the server fans hpasmcli> SHOW FAN
# hpasmcli -s "show fan; show temp"
Show device boot order configuration hpasmcli> SHOW BOOT
Set USB key as first boot device hpasmcli> SET BOOT FIRST USBKEY
Show memory modules status hpasmcli> SHOW DIMM
# hpasmcli -s "show dimm" | egrep "Module|Status"
Generating ADUReport
| caede0p004:~# hpacucli HP Array Configuration Utility CLI 9.20.9.0 Detecting Controllers...Done. Type "help" for a list of supported commands. Type "exit" to close the console. => ctrl all diag file=/tmp/ADUReport.zip Generating diagnostic report...done |
CFG2HTML report
| You can download a CFG2HTML report for more details about the hardware status • Download the file -cfg2html linux124HP (Attached to the file) in a directory / xxx • Run cd / xxx • Run chmod + x-cfg2html linux124HP • Run the script . / Cfg2html-linux124HP • A file will be generated (hostname). Tar under / xxx • All output is stored all together in the file {hostname}.tar (as stated during execution of the script). |
LVM COMMANDS
1. To check partition list: # fdisk –cul
2. To create partition # fdisk /dev/sdb
Command (m for help): m {List the menu}
Command (m for help): n {add a new partition }
P { partition type }
Partition number (1-4): 1
Last cylinder, +cylinders or +size{K,M,G} (1-1958, default 1958): +3800M {partition size}
Command (m for help):t {change a partition's system id}
Partition number (1-4): 1
Hex code (type L to list codes): l {list known partition types}
Hex code (type L to list codes): fd {type of partition}
Command (m for help): p {print the partition table }
3. # reboot
4. To create PV: # pvcreate /dev/sdb2
# pvcreate /dev/sdc
5. To create VG : # vgcreate vghr /dev/sdb2 /dev/sdc
6. To create VG with 8MB PE size # vgcreate –s 8 vghr /dev/sdb2 /dev/sdc
7. To create LV of 200mb. # lvcreate -L 200M -n lvhcl01 vghr
8. LV is of 10%of total VG: # lvcreate -l 10%VG -n lvhcl02 vghr
9. LV is of 10% of freeVG: # lvcreate -l 10%FREE -n lvhcl03 vghr
10. To format the LV: # mkfs.ext3 /dev/vghr/lvhcl01
Process to mount the file system to a mount point
11. Create a mount point # mkdir /hr
#mount /dev/vghr/lvhcl01 /hr
#mount-t ext3 /dev/vghr/lvhcl01 /hr
# vi /etc/fstab
12. To extend the LV
# df –Th
# lvextend -L +200M /dev/vghr/lvhcl01
# resize2fs /dev/vghr/lvhcl01
Or
# lvextend -L +200M /dev/vghr/lvhcl01 –r
# df –Th
13. To extend the VG # pvcreate /dev/sdd
# vgextend hcl /dev/sdd
14. To reduce the VG & remove the LV # pvmove /dev/sdd
# vgreduce hcl /dev/sdd
15. To remove LV & VG # lvremove /dev/hcl/lvhcl01
# vgremove vgname
16. To remove a PV # pvmove /dev/sdd
# vgreduce hcl /dev/sdd
# pvremove /dev/sdd
17. To reduce and resize LV
# umount /hr
# e2fsck -f /dev/hcl/hr
# resize2fs /dev/hcl/hr 500M
# lvreduce /dev/hcl/hr -L 500M
# mount /hr
Or
# umount /hr
# lvreduce -L -50M /dev/hcl/hr -r
# mount /hr
18. To create SWAP LV # lvcreate -L 100M -n swapvol01 vghr
# mkswap -c /dev/vghr/swapvol01
# vi /etc/fstab
# swapon –s
# swapon –a
19. To remove SWAP LV # swapoff –s
# swapoff –a
# lvremove /dev/vghcl/lvswap01
# vi /etc/fstab
20. To check the swap partitions # cat /proc/swaps
21. To check which LVs are mounted on which disk # lvs -a -o +devices
22. To check a certain LV mounted on which disk # lvdisplay -m /dev/vg01/lv01
23. To move a vg from one m/c to another
In 1st m/c
# vgchange –a n vgname (to deactivate the vg)
# vgexport vgname
In 2nd m/c
# vgs
# vgimport vgname
# vgchange –a y vgname (to activate the vg)
24. To Recover Physical Volume # lvs -a -o +devices
# vgchange -a n --partial
# pvcreate --uuid "FmGRh3-zhok-iVI8-7qTD-S5BI-MAEN-NYM5Sk" --restorefile
(UUID is "FmGRh3-zhok-iVI8-7qTD-S5BI-MAEN-NYM5Sk")
# vgcfgrestore -f VG
# lvs -a -o +devices
# lvchange -a y /dev/VG/LV
25. If a mount point is showing busy at the time of unmounting then
# fuser –vm <mount point> {to view who are using this}
# fuser –km <mount point> {to kill who are using this}
USER & GROUP PERMISSIONS
1. All the information of the user stored in # cat /etc/passwd
2. All the information of the group stored in # cat /etc/group
3. User password stored in # cat /etc/shadow
4. To add an user # useradd <username>
5. To remove an user # userdel <username>
6. To change the username # usermod –l <new username> <old username>
7. To change the user’s information # usermod -c "Sanjeev Kumar" jhulu
8. To lock an user # usermod –L <username> / # passwd –l <username>
9. To unlock an user # usermod –U <username> / # passwd –u <username>
10. How to add with specific user id? # useradd <user name> -u <user id>
# useradd manalo –u 5433
11. Check if the user expiry date # chage -l username
12. Command to extend the user expiry time. # usermod -e yyyy-mm-dd username
# chage -E yyyy-mm-dd username
(if user has been locked the in /etc/shadow file there will be ’!!’ before the password.)
13. To add a group # groupadd <groupname>
14. To remove the group # groupdel <username>
15. To change the group name # groupmod -n <new-group-name> <old-group-name>
16. To view the information of an user # id
17. Add an user with primary and secondary group in path /opt/home
# useradd <username> -g <primary group> -G <Secondary group> -d </opt/home>
18. To give password to a group? # gpasswd <group name>
19. To remove password from an assigned group? # gpasswd –r <group name>
20. To change the group owner of a directory # chgrp <group owner> <mount point>
21. To change user and group owner of a mount point # chown user:group /mount point
22. To change the user and group of a mount point with all its contents.
# chown –R user:group /mount point
23. To change the permissions of the directory # chmod 775 dir1
24. To change the permissions of the directory as well as its contents
# chmod -R 775 dir1
25. To copy all the contents of a folder to a new folder. # cp –rf path of the folder/* newfoldername/
26. To make an user a password less login
In /etc/passwd file remove ‘X’ for password and change the /bin/bash to /sbin/nologin.
Then it will not ask for the password at the time of login.
27. To add an user who is not having access to an interactive shell.
# usermod –s /sbin/nologin
28. To check the the new folder or the new files permission properties.
# umask or #umask -S
New folder permission will be as 755
New file permission will be as 644
29. To clear the history # history –c
30. To go to a particular history command # !<line number of history>
31. Explain stickybit with an example.
If Sticky bit is enabled on a folder, the folder contents are deleted by only owner who created them and the root user. No one else can delete other users data in this folder.
For Ex. /tmp
32. To make a directory stickybit permitted. # chmod 1777 directory name
# chmod o+t directory name
# chmod +t directory name
33. Explain SUID with an example.
In simple words users will get file owner’s permissions as well as owner UID and GID, when executing a file/program/command. For Ex. /user/bin/shutdown and /etc/shadow
34. How to make a file suid permitted. # chmod 4755 file name
# chmod o+s file name
# chmod +s file name
35. Explain SGID with an example
In simple words if a directory is SGID permitted then all its contents will of the same user owner and group owner as the directory. If the directory is configured as the secondary user then all the contents are will be in the secondary group owner. Parent folder group owner will be assigned to the contents inside the collaborated/shared directory.
36. Command to make a file SGID permitted # chmod 2755 file name
37. Command to give both the permission of SGID & Stickybit access to a directory
# chmod 3755 /diectory
OTHER COMMANDS
1. To check Linux kernel Version # uname –a & # uname –r
2. To check the version of the running Linux. # cat /etc/redhat-release
3. To see the physical configuration of servers. # dmidecode
4. To check the Kernel Architechture or platform. # arch [ shows OS is running 64 bit or 32 bit ]
5. Command to know the PCI slot details # lspci
6. To make a folder TAR type. # tar cvf foldername.tar foldername/
7. To make a TAR folder UNTAR. # tar xvf foldername.tar
8. To make a folder a gz file. # tar cvfz foldername.tar.gz foldername/
9. To unzip a tar.gz file # tar xvfz foldername.tar.gz foldername/
10. To compress a file # gzip <file name>
11. To unzip the gzip file # unzip <file name>
12. To copy a file with date and time # cp -p /etc/selinux/config /etc/selinux/config`date +%F`
13. Command to set date in Linux. # date –s “2 OCT 2013 18:00:00”
This cmd will not run in putty.
14. To check the size of the directory # du –sh /directory name or path
15. To determine which service needs to be start during the boot.
# pwd
# /etc/rc.d/rc3.d
16. To check the service startup mode # chkconfig - -list service name
17. To add route => # vi /etc/rc.local
18. To check Route = > # netstat –nr or # route
19. Command to configure DNS server # /etc/resolve.conf
DNS uses a feature called FQDN : Fully qualified Domain name )
Forward FQDN resolves from host name to IP Address
Reverse FQDN resolve from IP Address to host name.
Port number of DNS is 53.
20. To set umask # vi /etc/bashrc
21. To set allias permanently # cat ~/.bashrc
22. To set alias temporarily # alias lsss='ls -ltr'
23. To check when the server is rebooted. # last | grep boot
24. To check the log files # tail –f /var/log/messages
25. Logs of users login? # /var/log/secure
26. Logs of cpu uses average for every day? # /var/log/sa/
27. Where can we find the mail logs # /var/log/maillog
28. Configuration files of all the systems are stored? # /etc/
29. System configurations are stored? # /proc/
30. Command for CPU information Details # cat /proc/cpuinfo
31. Command for Memory Information Details # cat /proc/meminfo
32. Command for swap Information Details # cat /proc/swaps
33. To check a port is active or not # telnet <address> <port number>
# telnet <localhost> <53> [to check the DNS port]
34. Command to create a softlink # ln –s <destination folder name> <link path>
# ln –s /etc/sysconfig/network_scripts/ /ippath
35. To remove the softlink # unlink <link path>
# unlink </ippath>
36. Command to know the Zombie process id. # ps auxf | grep D
37. Command to print ( 3rd column of /etc/fstab/) # awk ‘{print $3}’ /etc/fstab
38. To see the list of open file in root filesystem. # lsof /
39. How to find all files of an user and copy it to a particular directory?
# findfiles / -type f –user <username> -exec cp {}/home/findfiles \;
40. How to find all directories of an user and copy it to a particular directory?
# findfiles / –user <username> -exec cp {}/home/findfiles \;
41. To check all the services status at a time # service --status-all
42. Where all the script are located? # /etc/init.d
43. Command to restart a script? # < Path of the script > restart
# /etc/init.d/sendmail restart (this is an example)
44. Command to get the ip of a name server or site # dig www.google.com
45. To create a file of 100mb # dd if=/dev/zero of=/tmp/chitta bs=2M count =50
46. To nullify the above file # > chitta
47. Convert ext2 fs to ext3 fs. # tune2fs –j /dev
48. To adjust the number of mounts after which the file system will be checked by e2fsck # tune2fs –c
49. To Set the number of times the file system has been mounted. # tune2fs –C
50. To Adjust the maximal time between two file system checks. # tune2fs –i
51. To List the contents of the file system superblock. # tune2fs -l
53. Killing Defounct process # preap `ps -ef|grep -i defunc |awk '{print $2}'`
55. Changing KeyBoard Type # loadkeys us
# system-config-keyboard
{change to US international Keyboard}
56. Sending files to other system
# scp -rp /root/tmp/chitta/auto_home_mngr.sh.INT sh-local-adm-ai@fr0-vsiaas-1825:/tmp
57. Adding and giving access to a user
# visudo (add the useraccess @ the end "username ALL=/bin/su, /bin/su -")
# vi /etc/security/access.conf (add the user at the end)
# vi /etc/hosts.allow (sshd:ALL)
# vi /etc/group (add the user name in the wheel)
58. passwd:Authentication information cannot be recovered
The file /etc/security/opasswd is used to store old passwords for users.
This file should exist if "remember = X" is used with pam_unix in password section of /etc/pam.d/system-auth
or /etc/pam.d/password-auth file.
Create or replace the opasswd file :
# rm -f /etc/security/opasswd
# touch /etc/security/opasswd
# chmod 600 /etc/security/opasswd
59. Find largest size file into the fs
# find // -xdev -type f -size +1000000000c -exec ls -lad {} \;
# find . -xdev -size +100M
Nice and good article.I have suggested to my friends to go through this blog. Thanks for sharing this useful information. If you want to learn Linux course in online, please visit below site.
ReplyDeleteLinux Online Training
linux course
Linux Online Training in kurnool
Linux Online Training in Hyderabad
Linux Online Training in Bangalore
Linux Online Training in Chennai
online training
online education
online learning
best career courses
trending courses