Linux Basics

 

Linux Boot Process

The process happens behind the scenes from the time we press the power button until the Linux login prompt appears is known as Linux Boot Process.

Linux booting process can be divided to multiple stages.

Step 1: Power Supply & SMPS (there are two program post and run services )

One of the main component of a computer is SMPS (Switching Mode Power Supply). The primary objective of this component is to provide the perfect required voltage level to the motherboard and other computer components.

Computer internals work in DC, however the power supply we have at home and other places are AC. SMPS converts AC to DC and maintain the required voltage level so that the computer can work flawlessly.

But the main task performed by SMPS, is to inform about the good power supply. If the voltage is more/ or is less, in both the conditions a computer cannot work. As soon as you supply power to the computer, the SMPS checks the voltage level's its providing to the motherboard. If the power signal level is perfect, then SMPS will send a POWER GOOD signal to the motherboard timer. On receiving this POWER GOOD signal from SMPS, the motherboard timer will stop sending reset signal to the CPU. Which means the power level is good and the computer can boot.

Step 2: Bootstrapping (runtime services program loads into memory and post program clear from memory)

Something has to be programmed by default, so that the CPU knows where to search for instructions. This is an address location in the ROM. The address location is FFFF:0000h. This address location is the last region of the ROM. It only contains one instruction. The instruction is to jump to another memory address location. This JUMP command, will tell the location of the BIOS program in the ROM. This is how the computer will come to know where the BIOS program is located.

Step 3: The Role of BIOS in booting process

BIOS stands for Basic Input Output System. The most important use of BIOS during the booting process is POST. POST stands for Power on Self-Test. It’s a series of tests conducted by the bios, which confirms the proper functioning of different hardware components attached to the computer.

Once the POST check is completed successfully, BIOS will look CMOS settings to know what the boot order is.

Boot order is nothing but an user defined order which tells where to look for the operating system. It looks for boot loader (MBR) in first boot device as set in bios. If MBR is not found in first boot device, it keeps on searching for MBR in consecutive boot devices. Once the boot loader program is detected in bootable device (HDD), bios load it into the memory & give the control to it.

Step 4: MBR and GRUB

BIOS is programmed to look at a permanent location on the hard disk to complete its task. This location is called a Boot sector. This is nothing but the first sector of your hard disk. This area is sometimes called as MBR (Master Boot Record).

This is the location that contains the program that will help our computer to load the operating system. As soon as bios finds a valid MBR, it will load the entire content of MBR to RAM, and then further execution is done by the content of MBR.

It is located in the 1st sector of the bootable disk.

• MBR is less than 512 bytes in size. This has three components

a) primary boot loader info in 1st 446 bytes,

b) partition table info in next 64 bytes

c) mbr validation check in last 2 bytes.

• MBR contains information about GRUB (or LILO in old systems).

• So, in simple terms MBR loads and executes the GRUB (Grand unified boot loader).

• GRUB stands for Grand Unified Boot loader.

• If you have multiple kernel images installed on your system, you can choose which one to be executed.

There are three stages of grub in total.

1. GRUB Stage 1 : Contains the boot loader information

2. GRUB Stage 1.5 : Identify Boot Loader File System

3. Grub Stage 2 : Read /boot/grub/grub.conf

• Now this is the point where you are presented with a beautiful TUI (Terminal user interface), where you can select your operating system kernel and press enter to boot it. If you don’t enter anything, it loads the default kernel image as specified in the grub configuration file.

• GRUB has the knowledge of the files system.

• The “/boot/grub/grub.conf” file contains kernel and initrd image.

• So, in simple terms GRUB loads and executes Kernel and initrd images.

Step 5 loading The kernel Image

• Mounts the root file system as specified in the “grub.conf” file.

• Kernel executes the “/sbin/init” program

• Since init was the 1st program to be executed by Linux Kernel, it has the process id (PID) of 1.

• initrd stands for Initial RAM Disk.

• initrd is used by kernel as temporary root file system until kernel is booted and the real root file system is mounted. Initrd image also contains necessary drivers compiled inside, which will required for accessing the hard drive partitions, and other hardware.

• So, in simple term Kernel mounts the “/root” filesystem & executes the init programs with the help of initrd image.

Step 6. Init

• The “/etc/inittab file” decides the Linux Default run level.

• Following are the available run levels

0 – halt, 1 – Single user mode

2 – Multiuser, without NFS, 3 – Full multiuser mode,

4 – unused, 5 – X11, GUI Mode

6 – reboot

• So, in simple term, Init identifies the default initlevel from “/etc/inittab” and loads all appropriate programs for default run level.

Step 7. Runlevel programs

• When the Linux system is booting up, you might see various services getting started. Those are the run level programs, executed from the run level directory as defined by your run level.

• Depending on your default init level setting, the system will execute the programs from particular run level directories.

# cd /etc/rc.d/

# ll drwxr-xr-x. 2 root root 4096 Oct 8 00:50 init.d

-rwxr-xr-x. 1 root root 2617 Jul 24 08:53 rc

drwxr-xr-x. 2 root root 4096 Oct 8 00:50 rc0.d

drwxr-xr-x. 2 root root 4096 Oct 8 00:50 rc1.d

drwxr-xr-x. 2 root root 4096 Oct 8 00:50 rc2.d

drwxr-xr-x. 2 root root 4096 Oct 8 00:50 rc3.d

drwxr-xr-x. 2 root root 4096 Oct 8 00:50 rc4.d

drwxr-xr-x. 2 root root 4096 Oct 8 00:50 rc5.d

drwxr-xr-x. 2 root root 4096 Oct 8 00:50 rc6.d

-rwxr-xr-x. 1 root root 499 Aug 13 10:55 rc.local

-rwxr-xr-x. 1 root root 19216 Jul 24 08:53 rc.sysinit

• Here u can see rc.sysinit file. It runs first and load hostname, date, time, acl, quota, selinux etc after it goes to below step.The folders rc0.d, rc1.d, rc2.d etc contains run level specific programs that will be executed depending upon the default run level you have in your inittab configuration file.

• If you see the files inside these run level specific folders, they either begin with S or they begin with K. The files are also numbered.

• Now files with an S at starting will be executed during the startup process, and files that begins with K, will be killed during shutdown process.

• The number after either S or K is the sequence with which these will be executed.

• Once the kernel has started all programs in your desired run level directory. It runs the rc.local file where user can put any executable script or command. Now you will get a login screen to log inside your booted system.

BOOT LEVEL PROBLEMS

1. To change configure Run Level=> # vi /etc/inittab

2. To Configure IP=> # setup or

# cd /etc/sysconfig/network-scripts/

# vi ifcfg-eth0

BOOTPROTO=static

IPADDR=192.168.249.2

NETMASK=255.255.255.0

ONBOOT=yes

# service network reload

# chkconfig network on

3. To change hostname => # vi /etc/sysconfig/network

4. To reinstall Grub => Boot with ‘Linux Rescue’….& follow cmds,

#chroot /mnt/sysimage/

# grub-install /dev/sda

# grub

# root (hd0,0)

# setup (hd0)

# quit

5. To set Grub password in an encrypted format =>

# grub-md5-crypt

{Then entry the encrypted password in grub.conf file after the timeout line}.

6. To remove Grub password if forgotten => Boot with ‘Linux Rescue’….& follow cmds,

#chroot /mnt/sysimage/

{In /etc/grub.conf, comment the password line}.

7. To reinstall Initrd => Boot with ‘Linux Rescue’….& follow cmds,

# mkinitrd /initrd-$(uname –r).img $(uname -r)

#cp initrd-2.6.18-164.el5.img /boot/

#exit

8. Boot with single user mode. => Edit the kernel by pressing ‘e’ at the booting.

Write ‘ s’ or ‘1’ at the end of the kernel file following by a ‘space’.

OR

Instead of ‘S’or ‘1’ write init=/bin/bash

Then type # mount –o remount,rw /

This will give the read/write permission in the single user mode.

YUM INSTALLATION

# mount /dev/cdrom /mnt

# cd /mnt

# mkdir /yum

# cp -rf /mnt/* /yum

# cd /etc/yum.repos.d/

# vi station.repo

[base]

name=rhel6

baseurl=file:///yum

enable=1

gpgcheck=0

# yum clean all

# yum update all

# rpm -qa | grep -i samba

# yum install samba [All these things will run in RHEL 6]

# cd /yum/Server

# ls | grep -i createrepo

# rpm -ivh createrepo-0.4.11-3.el5.noarch.rpm

# createrepo -v /yum [All these things will run in RHEL 5]

Q. Command for installing a package

# rpm –ivh <package name>

Q. Command for uninstalling a package

# rpm –e <package name>

Q. Command to check a package has been installed or not?

# rpm –qa <package name>

TO CREATE PASSWORD LESS LOGIN

# ssh-keygen –t rsa

# cd /root/.ssh/

# cat id_rsa.pub

copy the whole thing to a file

# /root/.ssh/authorized_keys

# ssh other server login name

ISO FILE MOUNTING

Mount an iso file/root/boot.iso on /disk. This mount should be persistent across system restart.

# mkdir /disk

# mount –t iso9660 /root/boot.iso /disk

# vi /etc/fstab

/root/disk.iso /disk iso9660 defaults, loop 0 0

# mount -a

# df -Th

IMPLEMENTING NIC BONDING

Step #1: Create Bond0 :

# vi /etc/sysconfig/network-scripts/ifcfg-bond0

DEVICE=bond0

IPADDR=192.168.0.25

NETWORK=192.168.0.255

NETMASK=255.255.255.0

Step #2: Modify eth0 config :

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

MASTER=bond0

SLAVE=yes

Step #3: Modify eth1 config :

# vi /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1

MASTER=bond0

SLAVE=yes

Step #4: # vi /etc/modprobe.conf

alias bond0 bonding

options bond0 mode=4 miimon=100

Step #5: # modprobe bonding

Step #6: # service network restart

Step #7: # cat /proc/net/bonding/bond0

Step #8: # ifconfig –a

Modes of bonding:

-----------------

These modes determine the way in which traffic sent out of the bonded interface is actually dispersed over the real interfaces.

Mode 0 (balance-round robin) This mode transmits packets in a sequential order. The first will be transmitted on the first slave and the second frame will be transmitted on the second slave. The third packet will be sent on the first and so on. This provides load balancing and fault tolerance.

Mode 1 (active-backup) This mode places one of the interfaces into a backup state and will only make it active if the link is lost by the active interface. Only one slave in the bond is active at an instance of time. A different slave becomes active only when the active slave fails. This mode provides fault tolerance.

Mode 2 (Load balancing and Fault tolerance) This selects the same slave for each destination MAC address and provides load balancing and fault tolerance.

Mode 3 (broadcast) This mode transmits everything on all slave interfaces. This mode is least used (only for specific purpose) and provides only fault tolerance.

Mode 4 (Aggregation) This mode is known as Dynamic Link Aggregation mode. If the speed of the NIC cards are 1gb each then the data transfer rate will be 2gb. It increases the speed of the data transfer.

Mode 5 (balance-tlb) This is called as Adaptive transmit load balancing. The outgoing traffic is distributed according to the current load and queue on each slave interface. Incoming traffic is received by the current slave.

Mode 6 (balance-alb) This is Adaptive load balancing mode. This includes balance-tlb + receive load balancing (rlb) for IPV4 traffic. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the server on their way out and overwrites the src hw address with the unique hw address of one of the slaves in the bond such that different clients use different hw addresses for the server.

S/W RAID CONFIGURATION IN A RUNNING M/C.

To check partition list: # fdisk –cul

To create partition # fdisk /dev/sdb

Command (m for help): m {List the menu}

Command (m for help): n {add a new partition }

P { partition type }

Partition number (1-4): 1

Last cylinder, +cylinders or +size{K,M,G} (1-1958, default 1958): +3800M{partition size}

Command (m for help): t {change a partition's system id}

Partition number (1-4): 1

Hex code (type L to list codes): l {list known partition types}

Hex code (type L to list codes): fd {type of partition}

Command (m for help): p {print the partition table }

# reboot

To create a RAID 5 meta disk # mdadm --create /dev/md0 --level=5 --raid-disk=3 /dev/sdb1 /dev/sdb2 /dev/sdb3

To check the meta disk # mdadm --detail /dev/md0

To format the Meta disk # mkfs.ext4 /dev/md0

Make a directory # mkdir /raid

# mount /dev/md0 /raid

To fail a disk in RAID 5 # mdadm /dev/md0 --fail /dev/sdb1

# mdadm --detail /dev/md0

To add a disk in Raid 5 # mdadm /dev/md0 --add /dev/sdb4

# mdadm --detail /dev/md0

To remove the faulty disk # mdadm /dev/md0 --remove /dev/sdb1

# mdadm --detail /dev/md0

# mdadm /dev/md0 --add /dev/sd1

# mdadm /dev/md0 --add /dev/sdb1

# mdadm --detail /dev/md0

{ If there is a spare disk and at the mean time a working disk goes failed then the spare disk will come to use and take the place of the failed disk}.

# mdadm /dev/md0 --fail /dev/sdb4

# mdadm --detail /dev/md0

H/W RAID CONFIGURATION IN A SERVER

ü Before installing the OS go to the bios of the server. There you can find the storage configuration in the main tab.

ü In the Storage configuration tab you have to set “configure SATA as RAID”. Then save it and exit.

ü Then when the server will reboot we have to press Ctrl + F9 or F8 to enter.

ü Now we can see the disks which are in the server. There one option will be there as “create Raid Volume”.

ü Going by that option we have to set the RAID type in Raid Level. Then the HW raid will be configured.

MONITORING COMMANDS

1. Top -> The top program provides a dynamic real-time view of a running system i.e. actual process activity.

By default, it displays the most CPU-intensive tasks running on the server and updates the list every

five seconds.

2. vmstat -> The command vmstat reports information about processes, memory, paging, block IO, traps, and CPU activity.

3. w -> w command displays information about the users currently on the machine, and their processes.

4. uptime -> The uptime command can be used to see how long the server has been running. The current time,

how long the system has been running, how many users are currently logged on, and the system

load averages for the past 1, 5, and 15 minutes.

5. free -> The command free displays the total amount of free and used physical and swap memory in the system, as well as the buffers used by the kernel.

6. iostat -> The command iostat report Central Processing Unit (CPU) statistics and input/output statistics for devices, partitions and network filesystems (NFS).

7. ps -> Command to display all running process:

# ps aux | less

Command to see every process on the system

# ps –A or # ps –e

Command to see process run by user vivek

# ps -u vivek

Command to display a tree of processes

# pstree

8. mpstat -> The mpstat command displays activities for each available processor, processor 0 being the first one.

mpstat -P ALL to display average CPU utilization per processor:

9. netstat -> The command netstat displays network connections, routing tables, interface statistics,

masquerade connections, and multicast memberships.

MIGRATION AND DEPLOYMENT OF A SERVER

ü To migrate a server from a physical server to virtual server, first install the OS in the Virtual server.

ü Then arrange the storage from the storage side. After completing this work the application team installs the application.

ü Then we ask for the down time to stop the application in the physical server and copy all the data to the virtual server from the physical server.

ü After coping the data we have to change the ip of the virtual server as it is in the physical server. Then only the user can access the data from the server they are using.

ü After doing all this thing the application team may face some problem like to change the kernel parameters or to access some more files. So we have to give access to all those files they ask for by chown command.

SEMI KICKSTART INSTALLATION PROCEDURE:

We need to create the kick start configuration file manually, by logging into the server prdrhadm01.net.bms.com, and copy any previous ushpwbmsclz???.cfg file(/data/configs/cfg/) with our server’s name like ushpwbmsclz095.cfg and edit it and change the IP ADDRESS= with the IP Address of our server, and the kick start configuration file is ready.

Now you may begin with the installation:

I had already copied the RHEL4 iso image on the server USAHZBMSQ001(location --> E:\Software\boot8.iso) by the name boot8.iso, just mount that image to the server before starting with installation, by opening the “Virtual Media Applet” from the ILO and then browse for the iso image and press connect button, as shown.

After this restart the server and it will show the boot prompt, there we have to write:

boot: linux ks=http://165.89.184.69/cfg/ushpwbmsclz???.cfg

and press enter to start the installation.

HP ILO CONFIGURATION:

1. Q. Accessing and configuring the server by using HP ILO {Integrated Light Out -2} & VM console.

Ans. If the remote server needs to be powered off or something like that then ILO is used to short that problem. I need to login to the server with ILO software and in the power management column I need to operate. There are four switches are there to operate.

• Momentary press : should do a gracefull shutdown.

• Press and Hold : will force the server to power off.

• Cold boot : is like removing power and restarting.

• Reset : is like a warm boot

2. The details of the server is in

ILO2/System Status/ Summary/Status Summary/

3. The details of the logs are in

ILO2/System Status/ ILO2 Log/

4. The details of information

ILO2/System Status/ System Information/

5. To go to the Remote Console

ILO2/Remote Console/Remote Console/

ISCSI DISK INITIATOR

In the server side add a hard disk

# yum install scsi-target-utils* -y

# chkconfig tgtd on

# service tgtd start

# vi /etc/tgt/targets.conf

# TGTD example targets file

#

# Example iSCSI target with one LUN.

# This gets read when "service tgtd start" is run.

#

<target iqn.lun1.com.example:tgtd>

# List of files to export as LUNs

#backing-store /usr/storage/disk_1.img

backing-store /dev/sdd

# Authentication :

# if no "incominguser" is specified, it is not used

#incominguser backup secretpass12

# Access control :

# defaults to ALL if no "initiator-address" is specified

initiator-address 192.168.100.

initiator-address 192.168.100.224 223 {Mention the ip who will take this disk}

</target>

# service tgtd start

# tgt-admin –s

In the client side

# yum install iscsi-initiator-utils* -y

# chkconfig iscsid on

# service iscsid restart

# iscsiadm -m discovery -t st -p 192.168.100.222

192.168.100.222:3260,1 iqn.lun1.com.example:tgtd

# iscsiadm -m node -T iqn.lun1.com.example:tgtd -p 192.168.100.222 –l

# fdisk –l

{If any problem in finding the disks then restart both the server and the client}.

# fdisk /dev/sda  (Create a partition table on the device as required)

# mkfs.ext4 /dev/sda1  (create a file system on partition)

# mkdir /coldstorage  (create a mount point for partition)

# vim /etc/fstab  (create partition mountable on every reboot)

UUID=XXXX-XXXX-XXXX /coldstorage ext4, _netdev 0 0

# mount -a

# df -Th

SECURITY & ACCESS MANAGEMENT

1. How you can use firewall as a Security measure.

# iptables –F

# chkconfig iptables off

# service iptables save

# service iptables stop

# service iptables status

INPUT : used to block incoming traffic to your server

OUTPUT : used to block outgoing traffic from your server

FORWARD : scan for incoming and outgoing and forwarding packets accordingly over another interface.

This is used for gateway/router type of scenarios.

a. Now, I need to use ssh login on port 22, from *.example.com (192.168.1.0/255.255.255.0/24) only.

# iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -d 192.168.0.250 -j ACCEPT

b. My server should not be allowed to use (ssh login) from anywhere in the world (0.0.0.0/0.0.0.0 a.k.a 0/)

# iptables -A INPUT -p tcp --dport 22 -s 0.0.0.0./0 -d 192.168.0.250 -j REJECT

To Delete a IP table list

# iptables -D INPUT 2 (will delete INPUT chain rule #2)

iptables -A INPUT -p icmp -s 192.168.0.254 -d 192.168.0.250 -j DROP (to disable ping)

iptables -A INPUT -p tcp -s *.myl33tgroup.org -d 192.168.0.250 -j DROP

SELINUX CONFIGURATION

1. To check se status # sestatus

2. for permissive # setenforce 0

3. for enabling # setenforce 1

4. Config file editing # vim /etc/selinux/config

5. To see the directory context

# ls –Zd

6. change file SELinux security context

# chcon –R –t public_contents_rw_t <dir-path>

[root@chittaranjan2 /]# getsebool -a | grep -i samba

[root@chittaranjan2 /]# getsebool -a | wc -l

[root@chittaranjan2 /]# getsebool -a | grep -i samba

[root@chittaranjan2 /]# setsebool -P samba_share_nfs on

[root@chittaranjan2 /]# getsebool -a | grep -i samba

SSH SERVER CONFIGURATION

Configure SSH Server. Only example.com domain's persons can come in to your machine & Clients within “remote. test” or “my133t.org” should NOT have access to ssh on your system.

Solution: - # chkconfig sshd on

# service sshd restart

# vim /etc/hosts.allow

sshd: .example.com

# vim /etc/hosts.deny

sshd: .remote.test

Or

sshd: .my133t.com

(Note: while using hosts.deny & hosts.allow file wild cards should not be used)

CRON CONFIGURATION

Cron is a daemon that executes commands at specified intervals. These commands are called "cron jobs."

Cron is available on Unix, Linux and Mac servers. Windows servers use a Scheduled Task to execute commands.

Cron is a process to setup or schedule a task at a partial time.

[root@chittaranjan-3 ~]# service crond restart

[root@chittaranjan-3 ~]# chkconfig crond on

[root@chittaranjan-3 ~]# crontab –e

5 * * * * echo "hi">/dev/pts/0

[Execute the command or job you want to do.]

* ( 0 -59)is for minutes.

* ( 0 -23)is for hours.

* ( 0 -31)is for days.

* ( 0 -12)is for months.

* ( 0 -7)is for weeks.

~

"/tmp/crontab.XXXXAvq1Ux" 1L, 31C

[root@chittaranjan-3 ~]# crontab –l

5 * * * * echo "hi">/dev/pts/0

[root@chittaranjan-3 ~]#

hi

[root@chittaranjan-3 ~]# service crond stop

Q. To find out cron jobs in root user for other users

# crontab –u username –l

Q. In user login to find the cron tabs

# crontab –l

Q. Deny cron service for sarsha user and allow cron service for all users.

# vim /etc/cron.deny

Add “ sarsha”

# service crond restart

SENDMAIL CONFIGURATION

Just specify the relay server in

# /etc/mail/sendmail.mc file like below.

DSrelayserver.abc.com

# cat submit.cf | grep -i mailhost

Set DS as mailhost

DSmailhost.bms.com

Q. Linux Configure Sendmail as SMTP Mail Client

Step # 1: Disable Sendmail Daemon In a Listing Mode

# vi /etc/sysconfig/sendmail

Modify the line:

DAEMON=no

Step #2: Configure Mail Submission

# vi /etc/sysconfig/submit.cf

Find the line beginning with D{MTAHost}, and update it to read as follows:

DS {MTAHost}mail.nixcraft.net

POSTFIX CONFIGURATION

Q. Configure Postfix. Set up Intranet E-mail for user john. John’s mail should me spooled to /var/spool/mail/john.

Your server should accept from remote networks.

Solution: - # yum install postfix

Open a main.cf config file and edit the line

# vim /etc/postfix/main.cf

myhostname = serverX.example.com (Uncomment a line and edit)

mydomain = example.com (Uncomment a line and edit)

myorigin = $myhostname (Uncomment a line)

myorigin = $mydomain (Uncomment a line)

inet_interfaces = all (Uncomment a line)

#inet_interfaces = localhost (Comment a line)

mydestination = $myhostname,

localhost.$mydomain, localhost, $mydomain (Uncomment a line)

mynetworks =127.0.0.1/8, 172.24.48.0/24 (Uncomment a line and edit)

relay_domains = $mydestination (Uncomment a line)

relayhost = $mydomain (Uncomment a line)

#chkconfig postfix on

#service postfix restart

Q. Configure a POP3 server. Allow only example.com network and deny all for POP3 server.

Solution: - # yum install dovecot

Open dovecot.conf file and uncomment a line

# vim /etc/dovecot/dovecot.conf

Protocols = imap pop3 lmtp

# chkconfig dovecot on

# service dovecot restart

# vim /etc/hosts.deny

dovecot: ALL EXCEPT .example.com

Q. Configure mail aliases. User jerry should get the mail of principal.

Solution: - # vim /etc/aliases

Principal: jerry

[root@luci /]# yum install nmap –y

[root@luci /]# nmap 192.168.100.11 {This will show all the ports in use}

NTP SERVER

Q. Setup your machine as NTP Client

Ans: - Go to System  Administration  Date and Time

Click on Synchronize date and time over the network,

Click on Add and Type the Server name or IP add,

Click Apply and Ok.

# chkconfig ntpd on

# service ntpd restart

DNS SERVER ADMINISTRATION

Q. Configure a caching-only DNS server that forwards requests to the physical host system

Solution: -

# yum install bind

Modify the named configuration file

# vim /etc/named.conf

listen-on port 53 {any ;};

listen-on port 53 {any ;};

allow-query {localhost; 172.24.48.0/24 ;};

forwarders {172.24.48.254 ;};

Dnssec-query no;

# chkconfig named on

# service named restart

Test from the desktop X system

(where X is a machine number)

# host serverX.example.com 172.24.48.X

(where X is a machine number)

NFS SERVER CONFIGURATION

Q. Export your “/common” directory via NFS to the example.com domain only.

# mkdir /common

# vim /etc/export

/common *.example.com(ro,sync)

# chcon -R --reference=/var/ftp/pub /common

# exportfs -ra

# chkconfig nfs on

# service nfs restart

# showmount -e x.x.x.x (where as x.x.x.x is IP of nfs server)

Q. Export “/share” directory, allow example.com and deny all. The exported directory must be automatically mounted

under “/net/misc/serverX”.

Solution: -

# mkdir /share

# vim /etc/exports

/share *.example.com(ro,sync)

# exportfs -ra

# chkconfig nfs on

# service nfs restart

# showmount -e x.x.x.x (Where as x.x.x.x is IP of nfs server)

# vim /etc/auto.master

/net/misc/serverX /etc/auto.misc (Where X is a your machine number)

# vim /etc/auto.misc

Share -ro,sync,intr serverx.example.com:/share

(Where as serverx is nfs server)

# service autofs stop

# service autofs start

# chcon -R --reference=/var/ftp/pub /share

(setting Selinux permission)

# cd /net/misc/serverX

# cd share

Q. Name the NFS Daemons.

mountd, Automountd, nfsd, nfslogd, lockd, statd

Q. How do I fix NFS Stale Partition?

Find a good base directory mount point and execute the following:

# mount -o remount [directory you selected]

This basically refreshes the NFS mount across all mounted points.

FTP CONFIGURATION

Q. Configure ftp server. Make access to example.com and deny all.

Solution: - # vim /etc/hosts.deny

Vsftpd: ALL EXCEPT .example.com

Q. Set up drop-box for anonymous upload should be enabled on “/var/ftp/upload”, Anonymous Should connects as wx and allow for only your domain

Solution: - Open a Configuration File and uncomment a line

# vim /etc/vsftpd/vsftpd.conf

anon_upload_enable=YES

anon_mkdir_write_enable=YES

# mkdir /var/ftp/upload

# chgrp ftp /var/ftp/upload

# chmod 730 /var/ftp/upload

# yum install libsemanage*

# yum install libsemanage-python

# yum install policycoreutils*

# chkconfig vsftpd on

# service vsftpd restart

# semanage fcontext -a –t public_content_rw_t ‘/var/ftp/upload (/.*)?’

# restorecon -vvFR /var/ftp/upload

# getsebool -a | grep ftp

# setsebool -P allow_ftpd_anon_write=1

# setsebool -P allow_ftpd_full_access=1

# setsebool -P ftp_home_dir=1

LDAP USER CLIENT CONFIGURATION

Q. Setup LDAP inyour machine so that all ldapusers can login without their home directory.

# system-config-authentication

# authconfig -gui

Set the User Account Database dropdown to LDAP. If it is not already set, DAP Search Base DN to dc=example, dc=com. Set the LDAP Server to “ldap://server.example.com”. Check the Use TLS to encrypted connections checkbox. Click Download CA Certificate and enter http://server.example.com/pub/EXAMPLE-CA-CERT. Set the Authencation Method dropdown to LDAP. Click Apply and ok

# getent passwd ldapuser8

Q. Setup LDAP inyour machine so that all ldapusers can login with their home directory.

# yum install authconfig-gtk

# yum groupinstall directory-client

# vim /etc/auto.master

/rhome /etc/auto.misc

# vim /etc/auto.misc

(Where X is a your machine number)

ldapuserX –rw –fstype=nfs server.example.com:/rhome/server/ldapuserX

# service sssd restart

#chkconfig sssd on

# service autofs reload

# chkconfig autofs on

SAMBA SERVER CONFIGURATION

Install samba package

# yum install samba*

Open smb.conf file and edit

# vim /etc/samba/smb.conf

workgroup = RHCEGROUP (Edit a line)

hosts allow = 127. 172.24.48. (Open semicolon and edit line)

[share]

comment = samba server

path = /share

writable = no

browseable = yes

valid users = jerry

# Smbpasswd -a jerry

# chkconfig smb on

# service smb restart

# getsebool -a | grep samba

# setsebool -P samba_create_home_dirs=1

# setsebool -P samba_domain_controller=1

# setsebool -P samba_enable_home_dirs=1

# setsebool -P samba_export_all_ro=1

# setsebool -P samba_export_all_rw=1

# setsebool -P use_samba_home_dirs=1

# getsebool -a | grep smb

# setsebool -P allow_smbd_anon_write=1

# smbclient //server.example.com/share -u jerry

Password:

Smb:\>

WEB SERVER CONFIGURATION

1. Install the packages required for configuring http server

# yum install httpd wget

2. Configure http server with document root default path

# vim /etc/httpd/conf/httpd.conf

< VirtualHost *:80>

ServerAdmin root@serverX.example.com

DocumentRoot /var/www/html

ServerName serverX.example.com

</VirtualHost >

(Where X is a your machine number)

3. Setting html page from given path

# cd /var/www/html

# wget http://server.example.com/pub/serverX.html

# mv serverX.html index.html

# chcon -R --reference=/var/www/html index.html

# chkconfig httpd on

# service httpd restart

4. Testing http server

# elinks http://serverX.example.com

(Where X is a machine number)

VIRTUAL WEB SERVER CONFIGURATION

Open Configuration file & uncomment the line

“NameVirtualHost *:80” to enable virtual hosting

# vim /etc/httpd/conf/httpd.conf

NameVirtualHost *:80

(Uncomment this line to enable virtual hosting)

< VirtualHost *:80>

ServerAdmin root@serverX.example.com

DocumentRoot /var/www/virtual

ServerName wwwX.example.com

</VirtualHost >

(Where as “wwwX.example.com” is virtual host name)

# mkdir /var/www/virtual

# cd /var/www/virtual

# wget http://server.example.com/pub/wwwX.html

# mv wwwX.html index.html

# chcon -R --reference=/var/www/html /var/www/virtual

# chkconfig httpd on

# service httpd restart

# elinks http://wwwX.example.com

(Where X is a machine number)

Enable Access control to file system for giving write access to John to “/var/www/virtual”

# vim /etc/fstab

/dev/mapper/GLSvg-GLSroot / ext4 defaults,acl 1 1

(Note by default need to enable acl in rhel6)

# mount -o remount; /

# mount

# setfacl -m u:john:rwx /var/www/virtual

SECURE WEB SERVER CONFIGURATION

Open Configuration file and last 7 line Copy and paste. Change the lines number (1, 2, 3, 4, 7) and

uncomment changes line. (Line number 5 and 6 will be commented)

# vim /etc/httpd/conf/httpd.conf

< VirtualHost *:80>

ServerAdmin root@serverX.example.com

(Where X is a your machine number)

DocumentRoot /var/www/localhost

ServerName localhost.localdomain

</VirtualHost >

# mkdir /var/www/localhost

# cd /var/www/localhost

# wget http://server.example.com/pub/local.html

# mv local.html index.html

# chcon -R --reference=/var/www/html /var/www/localhost

# chkconfig httpd on

# service httpd restart

# elinks http://localhost.localdomain

CREATING A CUSTOM SELF-SIGNED CERTIFICATE

1. Install following packages for generating certificate

# yum install crypto-utils mod_ssl

# genkey --days 365 serverX.example.com

Provide the appropriate input as required while generating certificate &

note down the path of newly generated certificate file & certificate key.

2. Open the /etc/httpd/conf.d/ssl.conf”file & change the path of “SSLCertificateFile” & “SSLCertificateFile” as follows

# vim /etc/httpd/conf.d/ssl.conf

# SSLCertificateFile /etc/pki/tls/certs/localhost.crt (old path)

SSLCertificateFile /etc/pki/tls/certs/serverX.example.com.crt

# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key (old path)

SSLCertificateKeyFile /etc/pki/tls/private/serverX.example.com.key

3. Restart the httpd service

LINUX CLUSTER COMMANDS

1. Where the cluster configuration files are stored?

# /etc/cluster/cluster.conf

2. To check the Service information

# clustat -l

Cluster Status for chittucluster @ Tue Feb 4 11:25:12 2014

Member Status: Quorate

Member Name ID Status

------ ---- ---- ------

node1.cluster.com 1 Online, Local, rgmanager

node2.cluster.com 2 Online, rgmanager

Service Information

------- -----------

Service Name : service:nfs_service

Current State : started (112)

Flags : none (0)

Owner : node2.cluster.com

Last Owner : none

Last Transition : Tue Feb 4 10:04:15 2014

Service Name : service:nfsserv10

Current State : started (112)

Flags : none (0)

Owner : node2.cluster.com

Last Owner : none

Last Transition : Tue Feb 4 10:04:15 2014

3. To check the cluster status and it should be refreshed in each 3 seconds.

# clustat -i 3

Cluster Status for chittucluster @ Tue Feb 4 11:37:45 2014

Member Status: Quorate

Member Name ID Status

------ ---- ---- ------

node1.cluster.com 1 Online, Local, rgmanager

node2.cluster.com 2 Online, rgmanager

Service Name Owner (Last) State

------- ---- ----- ------ -----

service:nfs_service node2.cluster.com started

service:nfsserv10 node2.cluster.com started

4. To migrate a a service

# clusvcadm -r nfsserv10 -m node1.cluster.com

5. To enable a service

# clusvcadm -e nfsserv10

6. To disable a service

# clusvcadm -d nfsserv10

7. To update the cluster.conf file

# ccs_tool update /etc/cluster/cluster.conf

Proposed updated config file does not have greater version number.

Current config_version :: 12

Proposed config_version:: 12

Failed to update config file.

8. To update the version of the cluster.conf file

# cman_tool version –r 12

9. What are the services needed to start the cluster ?

1. cman, 2. clvmd/gfs, 3. rgmanager

10. What are the services needed to close the cluster ?

1. rgmanager, 2. clvmd/gfs, 3. cman

KERNEL UPDATE

1. Check the kernel version # uname –r

2. Install the kernel update # rpm –ivh <Path of the kernel where it has been stored.>

# rpm –ivh /root/Desktop/kernel/kernel – firmware 2.6.32.220…

3. There will be a conflict in the firmware, so install the firmware force fully and then install the kernel again.

# rpm –ivh /root/Desktop/kernel/kernel – firmware 2.6.32.220… --force

4. Install the kernel update # rpm –ivh /root/Desktop/kernel/kernel – firmware 2.6.32.220…

5. Now check whether the kernel is there in the module or not. # ls /lib/modules/

6. Now check the Linuz image is there or not. # ls /boot/vmlinuz*

7. Now reboot the server. # reboot

TO EDIT KERNEL PARAMETERS

1. Configure kernel ip range to 35000 to 61000

# sysctl -a |grep -i range {net.ipv4.ip_local_port_range = 32768 61000}

# vi /etc/sysctl.conf Add this at the end net.ipv4.ip_local_port_range = 35000 61000

# sysctl –p { will take effect after running this command}

2. Configure kernel such that kernstack value is 1.

# vi /etc/grub.conf {At the end of the kernel write “ kernstack = 1”}

# reboot

# cat /proc/cmdline

3. Configure or Enable IP forwarding

# vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

# sysctl –p

LINUX PATCHING PROCESS

1. To register the server # Up2date --register/rhn_register

2. To list channels # Up2date –show-channels

# echo "repo list" | yum shell

# rhn-channel -l

3. To list updates # Up2date --list or up2date –l

# yum list updates

4. Up2date configuration # Up2date --configure

# /etc/sysconfig/rhn/up2date

{This is the file it actually updates with up2date –configure}

5. To configure yum to save rollback information,

add the line tsflags=repackage to /etc/yum.conf.

6. To configure command-line rpm to do the same thing, step-2

add the line %_repackage_all_erasures 1 to /etc/rpm/macros

7. Apply patches

Use console to do it, not ssh connection

#up2date –u

OR

#yum update

This can even take hours to finish, let it finish.

8. Actual Roll back of patches

If/when you want to rollback to a previous state, perform an rpm update with the --rollback option followed by a date/time specifier.

Some examples:

# rpm -Uhv --rollback '9:00 am',

# rpm -Uhv --rollback'4 hours ago',

# rpm -Uhv --rollback 'december 25'.

TO SET ACL PARAMETERS

1. To check the ACL status of a mount point # getfacl /mount point/

2. To set the ACL status of a mount point for an user # setfacl -m u:username:rwx <mount point/>

3. To set the ACL status of a mount point for others # setfacl -m o::rwx <mount point/>

4. To remove ACL parameters # setfacl –remove-all /mount point

5. If necessary to remount the mount point. # mount -o remount /mount point/

FINE TUNING A SERVER.

1. Increser swapiness or swap memory increased to 75%. # cat /proc/sys/vm/swappiness

# echo 75 > /proc/sys/vm/swappiness

2. To release the cache memory (page Caches) # sync;echo 1 > /proc/sys/vm/drop_caches

To release the dentries and inode caches # sync;echo 2 > /proc/sys/vm/drop_caches

To release the both page caches and dentries,inode caches # sync;echo 3 > /proc/sys/vm/drop_caches

# /sbin/sysctl vm.drop_cache=3

3. To edit the kernel range # sysctl -a | grep -i range

# sudo sysctl -w net.ipv4.ip_local_port_range="32800 61000"

# sysctl -a | grep -i range

# echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range

4. Unique list of open files used in root file system. # lsof / | awk ‘{print $1}’ | uniq

5. To get current CPU usage # sar 2 10

To get the CPU usage for previous date, consider 14th # sar -P ALL -f /var/log/sa/sa14

To get the CPU usage for 10th of month, from 7 AM to 3 PM (i.e. with specifying the time)

# sar -P ALL -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00

6. How to know Database (Oracle) is running in the server? # ps -ef | grep pmon

or

# ps -ef | grep smon

# ps -ef | grep tnslsnr (Listner service (lsnr))

7. Command to the file using highest space in the storage. # du -sch * | grep K (will show the size in kb)

# du -sch * | grep M (will show the size in mb)

# du -sch * | grep G (will show the size in gb)

8. To zip all the folders in a directory starting with 0 and 11 -12. # bzip2 sa*0*

# bzip2 sa* 1{1..2}

9. To remove all the files starting with 2013 # rm –rf 2013-*

List of some Ethernet tools commands

1. Command to detect the status of the Eth0 # ethtool eth0

2. Command to detect the status of the NIC # mii-tool bond0

3. To down an Ethernet # ifdown eth0

4. To up an Ethernet card # ifup eth0

5. Command to chk the version of the Eth0. # ethtool –i eth0

6. To ping a ip only once # ping 192.168.100.111 -c 1

SHELL SCRIPTING

1. Show the average speed of the cpu from 12 to 21 date

# for i in {12..21}; do sar -u -f sa$i | grep -i average; done

2. Show the average speed of the memory from 12 to 21 date

# for i in {12..21}; do sar -r -f sa$i | grep -i average; done

3. Show the average speed of the paging from 12 to 21 date

# for i in {12..21}; do sar -B -f sa$i | grep -i average; done

4. To ping all the ips in between 192.168.100.111 to 192.168.100.150

# for i in {111..150}; do ping 192.168.100.$i -c 2 | grep ttl; done

What are the System information required before restarting the server and you need to restart them in the server after rebooting?

Before reboot

# mount>file1.txt; mount | wc -l >> file1.txt

# df -Th>>file1.txt; df -Th | wc -l >> file1.txt

# ip addr list>>file1.txt; ip addr list | wc -l >> file1.txt

# cat /etc/fstab>>file1.txt; cat /etc/fstab | wc -l >> file1.txt

# netstat -nr>>file1.txt; netstat -nr | wc -l >> file1.txt

# cat/etc/rc.local>>file1.txt; cat /etc/rc.local | wc -l >> file1.txt

After reboot

# mount> file2.txt; mount | wc -l >> file2.txt

# df -Th>> file2.txt; df -Th | wc -l >> file2.txt

# ip addr list>> file2.txt; ip addr list | wc -l >> file2.txt

# cat /etc/fstab>> file2.txt; cat /etc/fstab | wc -l >> file2.txt

# netstat -nr>> file2.txt; netstat -nr | wc -l >> file2.txt

# cat/etc/rc.local>> file2.txt; cat /etc/rc.local | wc -l >> file2.txt

Then compare both the files

# diff 'file1.txt' 'file2.txt'

LUN DETECTION

1. For WWN Number => # cat /sys/class/fc_host/host1/port_name

2. For HBA Status => # cat /sys/class/fc_host/host1/port_state

3. command to check the Manageable HBA List # hbacmd listhbas

4. Command to chk the HBA Port state # systool -c fc_host -v |grep -i port_state

5. Command to reset the HBA Port State # hbacmd Reset < Port WWN > # hbacmd Reset 10:00:00:90:fa:74:da:fa

6. Command to scan a new hard disk without rebooting the system.

# rescan-scsi-bos.sh

7. First take output of multipath and dev-mapper

# multipath -ll > /tmp/mpath.pri

# ls > /tmp/devmapper.pri

8. For Adding LUN commands used are:

#echo 1 > /sys/class/fc_host/host0/issue_lip,

#echo 1 > /sys/class/fc_host/host1/issue_lip

#echo 1 > /sys/class/fc_host/host2/issue_lip

#echo "- - -" > /sys/class/scsi_host/host0/scan

#echo "- - -" > /sys/class/scsi_host/host1/scan

#echo "- - -" > /sys/class/scsi_host/host2/scan

9. Take output of multipath and dev-mapper again

# multipath -ll > /tmp/mpath.post

# ls > /tmp/devmapper.post

10. Now compare both the files pri and post. Then we can get the new lun which has been added recently.

# diff /tmp/mpath.pri /tmp/mpath.post

# diff /tmp/devmapper.pri /tmp/devmapper.post

11. If this output you have forgotten to taken before then use following command. The scan disk will flush.

# multipath -f

12. To check what are the new luns have came now.

# multipath -v2

13. Detect LUNs with different HBA Card

# lsmod | grep scsi

# lsmod | grep fc

rfcomm 104937 0

l2cap 89409 8 hidp,rfcomm

bluetooth 118725 3 hidp,rfcomm,l2cap

scsi_transport_fc 83145 1 bfa

scsi_mod 199001 10

scsi_dh_emc,bfa,scsi_dh,sr_mod,sg,scsi_transport_fc,usb_storage,libata,cciss,sd_mod

bfa  This is the module here for this HBA card

# rmmod bfa

# modprobe bfa

14. Configuring Multipath on the server:

# yum install device-mapper-multipath* {To install the multipath software in the server}

# mpathconf –enable

# service multipathd start { If this does not work then }

# /etc/init.d/multipathd start

# chkconfig multipathd on

# cd /etc/multipath/

# ls –ltr /dev/mapper (Check if any mpath* or pv* file available)

# vi /etc/multipath.conf

Comment the below lines: # it

devnode_blacklist {

devnode "*"

}

Uncomment the below lines: remove #

defaults {

user_friendly_names yes

}

#service multipathd restart (Now, must be able to see mpath* or pv* file)

15. Add this things at the end of the multipath.conf file. So that instead of such a big name for the new multipath an user friendly name as per us will be seen.

# Persistent binding start info

multipaths {

multipath { wwid 360060e8016528a000001528a000011d5

alias ARCH_EXP-d1

}

multipath {wwid 360060e8016528a000001528a000011ca

alias RECO_EXP-d1

}

}

# Persistent binding ends info

16. Display the current multipath configuration gathered from sysfs and the device mapper.

# multipath –l

17. Display the current multipath configuration gathered from sysfs, the device mapper, and all other available components on the system.

# multipath –ll

Only for multipath environment:

After detection run the below command

# multipath

And then check the files under /dev/mapper

# /dev/mapper/pv2 Or # /dev/mapper/mpath2

18. To check the mpath* is belong to which dm-*

[root@host0] #cd /dev/mpath/

[root@host0 mpath] # pwd

/dev/mpath

[root@host0 mpath] # ls -ltr

total 0

lrwxrwxrwx 1 root root 8 Nov 10 13:09 mpath6 -> ../dm-23

lrwxrwxrwx 1 root root 8 Nov 10 13:09 mpath7 -> ../dm-24

lrwxrwxrwx 1 root root 8 Nov 10 13:09 mpath8 -> ../dm-25

[root@dloradb10 mpath]# multipath -ll | grep -A6 mpath6

mpath6 (360060160ff4b1f009a8649299909e111)

[size=70 GB][features="1 queue_if_no_path"][hwhandler="1 emc"]

\_ round-robin 0 [prio=2][active]

\_ 0:0:1:3 sdp 8:240 [active][ready]

\_ 2:0:1:3 sdz 65:144 [active][ready]

\_ round-robin 0 [enabled]

\_ 0:0:2:3 sdu 65:64 [active][ready]

19. Remove the named multipath device

# multipath –f device

[root@dloradb10 mpath] # multipath –f mpath6

[root@host0 mpath] # echo 1 > /sys/block/sdp/device/delete

[root@host0 mpath] # echo 1 > /sys/block/sdz/device/delete

After removal it will come like:

[root@tlmnora07 mapper]# multipath -ll | grep -A5 mpath3 | more

mpath3 (360060e80058d1c0000008d1c000004bb)

[size=33 GB][features="1 queue_if_no_path"][hwhandler="0"]

\_ round-robin 0 [active]

\_ #:#:#:# - 65:192 [active][faulty]

\_ #:#:#:# - 8:48 [active][faulty]

COMMAND OF HPACUCLI TOOL

hpacucli = hp array configuration utility cli

1. Command to check the RAID status # hpacucli ctrl all show config

Smart Array P400 in Slot 1 (sn: PAFGK0R9SX80JW)

array A (SAS, Unused Space: 0 MB)

logicaldrive 1 (279.4 GB, RAID 1+0, Interim Recovery Mode)

physicaldrive 2I:1:1 (port 2I:box 1:bay 1, SAS, 300 GB, Failed)

physicaldrive 2I:1:2 (port 2I:box 1:bay 2, SAS, 300 GB, OK)

2. Command to check the RAID status in details # hpacucli ctrl all show config detail

3. Some other commands to check drive status:

# hpacucli ctrl slot=0 pd all show

# hpacucli ctrl slot=0 pd 1I:1:1 show

# hpacucli ctrl slot=0 pd 1I:1:2 show

4. To check the Server Health

Install the package # yum install hp-health.x86_64

# /etc/init.d/hp-health status

# /etc/init.d/hp-health start

Display general information of the server hpasmcli> SHOW SERVER

Show current temperatures hpasmcli> SHOW TEMP

Get the status of the server fans hpasmcli> SHOW FAN

# hpasmcli -s "show fan; show temp"

Show device boot order configuration hpasmcli> SHOW BOOT

Set USB key as first boot device hpasmcli> SET BOOT FIRST USBKEY

Show memory modules status hpasmcli> SHOW DIMM

# hpasmcli -s "show dimm" | egrep "Module|Status"

Generating ADUReport

caede0p004:~# hpacucli HP Array Configuration Utility CLI 9.20.9.0 Detecting Controllers...Done. Type "help" for a list of supported commands. Type "exit" to close the console. => ctrl all diag file=/tmp/ADUReport.zip Generating diagnostic report...done

CFG2HTML report

You can download a CFG2HTML report for more details about the hardware status • Download the file -cfg2html linux124HP (Attached to the file) in a directory / xxx • Run cd / xxx • Run chmod + x-cfg2html linux124HP • Run the script . / Cfg2html-linux124HP • A file will be generated (hostname). Tar under / xxx • All output is stored all together in the file {hostname}.tar (as stated during execution of the script).

LVM COMMANDS

1. To check partition list: # fdisk –cul

2. To create partition # fdisk /dev/sdb

Command (m for help): m {List the menu}

Command (m for help): n {add a new partition }

P { partition type }

Partition number (1-4): 1

Last cylinder, +cylinders or +size{K,M,G} (1-1958, default 1958): +3800M {partition size}

Command (m for help):t {change a partition's system id}

Partition number (1-4): 1

Hex code (type L to list codes): l {list known partition types}

Hex code (type L to list codes): fd {type of partition}

Command (m for help): p {print the partition table }

3. # reboot

4. To create PV: # pvcreate /dev/sdb2

# pvcreate /dev/sdc

5. To create VG : # vgcreate vghr /dev/sdb2 /dev/sdc

6. To create VG with 8MB PE size # vgcreate –s 8 vghr /dev/sdb2 /dev/sdc

7. To create LV of 200mb. # lvcreate -L 200M -n lvhcl01 vghr

8. LV is of 10%of total VG: # lvcreate -l 10%VG -n lvhcl02 vghr

9. LV is of 10% of freeVG: # lvcreate -l 10%FREE -n lvhcl03 vghr

10. To format the LV: # mkfs.ext3 /dev/vghr/lvhcl01

Process to mount the file system to a mount point

11. Create a mount point # mkdir /hr

#mount /dev/vghr/lvhcl01 /hr

#mount-t ext3 /dev/vghr/lvhcl01 /hr

# vi /etc/fstab

12. To extend the LV

# df –Th

# lvextend -L +200M /dev/vghr/lvhcl01

# resize2fs /dev/vghr/lvhcl01

Or

# lvextend -L +200M /dev/vghr/lvhcl01 –r

# df –Th

13. To extend the VG # pvcreate /dev/sdd

# vgextend hcl /dev/sdd

14. To reduce the VG & remove the LV # pvmove /dev/sdd

# vgreduce hcl /dev/sdd

15. To remove LV & VG # lvremove /dev/hcl/lvhcl01

# vgremove vgname

16. To remove a PV # pvmove /dev/sdd

# vgreduce hcl /dev/sdd

# pvremove /dev/sdd

17. To reduce and resize LV

# umount /hr

# e2fsck -f /dev/hcl/hr

# resize2fs /dev/hcl/hr 500M

# lvreduce /dev/hcl/hr -L 500M

# mount /hr

Or

# umount /hr

# lvreduce -L -50M /dev/hcl/hr -r

# mount /hr

18. To create SWAP LV # lvcreate -L 100M -n swapvol01 vghr

# mkswap -c /dev/vghr/swapvol01

# vi /etc/fstab

# swapon –s

# swapon –a

19. To remove SWAP LV # swapoff –s

# swapoff –a

# lvremove /dev/vghcl/lvswap01

# vi /etc/fstab

20. To check the swap partitions # cat /proc/swaps

21. To check which LVs are mounted on which disk # lvs -a -o +devices

22. To check a certain LV mounted on which disk # lvdisplay -m /dev/vg01/lv01

23. To move a vg from one m/c to another

In 1st m/c

# vgchange –a n vgname (to deactivate the vg)

# vgexport vgname

In 2nd m/c

# vgs

# vgimport vgname

# vgchange –a y vgname (to activate the vg)

24. To Recover Physical Volume # lvs -a -o +devices

# vgchange -a n --partial

# pvcreate --uuid "FmGRh3-zhok-iVI8-7qTD-S5BI-MAEN-NYM5Sk" --restorefile

(UUID is "FmGRh3-zhok-iVI8-7qTD-S5BI-MAEN-NYM5Sk")

# vgcfgrestore -f VG

# lvs -a -o +devices

# lvchange -a y /dev/VG/LV

25. If a mount point is showing busy at the time of unmounting then

# fuser –vm <mount point> {to view who are using this}

# fuser –km <mount point> {to kill who are using this}

USER & GROUP PERMISSIONS

1. All the information of the user stored in # cat /etc/passwd

2. All the information of the group stored in # cat /etc/group

3. User password stored in # cat /etc/shadow

4. To add an user # useradd <username>

5. To remove an user # userdel <username>

6. To change the username # usermod –l <new username> <old username>

7. To change the user’s information # usermod -c "Sanjeev Kumar" jhulu

8. To lock an user # usermod –L <username> / # passwd –l <username>

9. To unlock an user # usermod –U <username> / # passwd –u <username>

10. How to add with specific user id? # useradd <user name> -u <user id>

# useradd manalo –u 5433

11. Check if the user expiry date # chage -l username

12. Command to extend the user expiry time. # usermod -e yyyy-mm-dd username

# chage -E yyyy-mm-dd username

(if user has been locked the in /etc/shadow file there will be ’!!’ before the password.)

13. To add a group # groupadd <groupname>

14. To remove the group # groupdel <username>

15. To change the group name # groupmod -n <new-group-name> <old-group-name>

16. To view the information of an user # id

17. Add an user with primary and secondary group in path /opt/home

# useradd <username> -g <primary group> -G <Secondary group> -d </opt/home>

18. To give password to a group? # gpasswd <group name>

19. To remove password from an assigned group? # gpasswd –r <group name>

20. To change the group owner of a directory # chgrp <group owner> <mount point>

21. To change user and group owner of a mount point # chown user:group /mount point

22. To change the user and group of a mount point with all its contents.

# chown –R user:group /mount point

23. To change the permissions of the directory # chmod 775 dir1

24. To change the permissions of the directory as well as its contents

# chmod -R 775 dir1

25. To copy all the contents of a folder to a new folder. # cp –rf path of the folder/* newfoldername/

26. To make an user a password less login

In /etc/passwd file remove ‘X’ for password and change the /bin/bash to /sbin/nologin.

Then it will not ask for the password at the time of login.

27. To add an user who is not having access to an interactive shell.

# usermod –s /sbin/nologin

28. To check the the new folder or the new files permission properties.

# umask or #umask -S

New folder permission will be as 755

New file permission will be as 644

29. To clear the history # history –c

30. To go to a particular history command # !<line number of history>

31. Explain stickybit with an example.

If Sticky bit is enabled on a folder, the folder contents are deleted by only owner who created them and the root user. No one else can delete other users data in this folder.

For Ex. /tmp

32. To make a directory stickybit permitted. # chmod 1777 directory name

# chmod o+t directory name

# chmod +t directory name

33. Explain SUID with an example.

In simple words users will get file owner’s permissions as well as owner UID and GID, when executing a file/program/command. For Ex. /user/bin/shutdown and /etc/shadow

34. How to make a file suid permitted. # chmod 4755 file name

# chmod o+s file name

# chmod +s file name

35. Explain SGID with an example

In simple words if a directory is SGID permitted then all its contents will of the same user owner and group owner as the directory. If the directory is configured as the secondary user then all the contents are will be in the secondary group owner. Parent folder group owner will be assigned to the contents inside the collaborated/shared directory.

36. Command to make a file SGID permitted # chmod 2755 file name

37. Command to give both the permission of SGID & Stickybit access to a directory

# chmod 3755 /diectory

OTHER COMMANDS

1. To check Linux kernel Version # uname –a & # uname –r

2. To check the version of the running Linux. # cat /etc/redhat-release

3. To see the physical configuration of servers. # dmidecode

4. To check the Kernel Architechture or platform. # arch [ shows OS is running 64 bit or 32 bit ]

5. Command to know the PCI slot details # lspci

6. To make a folder TAR type. # tar cvf foldername.tar foldername/

7. To make a TAR folder UNTAR. # tar xvf foldername.tar

8. To make a folder a gz file. # tar cvfz foldername.tar.gz foldername/

9. To unzip a tar.gz file # tar xvfz foldername.tar.gz foldername/

10. To compress a file # gzip <file name>

11. To unzip the gzip file # unzip <file name>

12. To copy a file with date and time # cp -p /etc/selinux/config /etc/selinux/config`date +%F`

13. Command to set date in Linux. # date –s “2 OCT 2013 18:00:00”

This cmd will not run in putty.

14. To check the size of the directory # du –sh /directory name or path

15. To determine which service needs to be start during the boot.

# pwd

# /etc/rc.d/rc3.d

16. To check the service startup mode # chkconfig - -list service name

17. To add route => # vi /etc/rc.local

18. To check Route = > # netstat –nr or # route

19. Command to configure DNS server # /etc/resolve.conf

DNS uses a feature called FQDN : Fully qualified Domain name )

Forward FQDN resolves from host name to IP Address

Reverse FQDN resolve from IP Address to host name.

Port number of DNS is 53.

20. To set umask # vi /etc/bashrc

21. To set allias permanently # cat ~/.bashrc

22. To set alias temporarily # alias lsss='ls -ltr'

23. To check when the server is rebooted. # last | grep boot

24. To check the log files # tail –f /var/log/messages

25. Logs of users login? # /var/log/secure

26. Logs of cpu uses average for every day? # /var/log/sa/

27. Where can we find the mail logs # /var/log/maillog

28. Configuration files of all the systems are stored? # /etc/

29. System configurations are stored? # /proc/

30. Command for CPU information Details # cat /proc/cpuinfo

31. Command for Memory Information Details # cat /proc/meminfo

32. Command for swap Information Details # cat /proc/swaps

33. To check a port is active or not # telnet <address> <port number>

# telnet <localhost> <53> [to check the DNS port]

34. Command to create a softlink # ln –s <destination folder name> <link path>

# ln –s /etc/sysconfig/network_scripts/ /ippath

35. To remove the softlink # unlink <link path>

# unlink </ippath>

36. Command to know the Zombie process id. # ps auxf | grep D

37. Command to print ( 3rd column of /etc/fstab/) # awk ‘{print $3}’ /etc/fstab

38. To see the list of open file in root filesystem. # lsof /

39. How to find all files of an user and copy it to a particular directory?

# findfiles / -type f –user <username> -exec cp {}/home/findfiles \;

40. How to find all directories of an user and copy it to a particular directory?

# findfiles / –user <username> -exec cp {}/home/findfiles \;

41. To check all the services status at a time # service --status-all

42. Where all the script are located? # /etc/init.d

43. Command to restart a script? # < Path of the script > restart

# /etc/init.d/sendmail restart (this is an example)

44. Command to get the ip of a name server or site # dig www.google.com

45. To create a file of 100mb # dd if=/dev/zero of=/tmp/chitta bs=2M count =50

46. To nullify the above file # > chitta

47. Convert ext2 fs to ext3 fs. # tune2fs –j /dev

48. To adjust the number of mounts after which the file system will be checked by e2fsck # tune2fs –c

49. To Set the number of times the file system has been mounted. # tune2fs –C

50. To Adjust the maximal time between two file system checks. # tune2fs –i

51. To List the contents of the file system superblock. # tune2fs -l

53. Killing Defounct process # preap `ps -ef|grep -i defunc |awk '{print $2}'`

55. Changing KeyBoard Type # loadkeys us

# system-config-keyboard

{change to US international Keyboard}

56. Sending files to other system

# scp -rp /root/tmp/chitta/auto_home_mngr.sh.INT sh-local-adm-ai@fr0-vsiaas-1825:/tmp

57. Adding and giving access to a user

# visudo (add the useraccess @ the end "username ALL=/bin/su, /bin/su -")

# vi /etc/security/access.conf (add the user at the end)

# vi /etc/hosts.allow (sshd:ALL)

# vi /etc/group (add the user name in the wheel)

58. passwd:Authentication information cannot be recovered

The file /etc/security/opasswd is used to store old passwords for users.

This file should exist if "remember = X" is used with pam_unix in password section of /etc/pam.d/system-auth

or /etc/pam.d/password-auth file.

Create or replace the opasswd file :

# rm -f /etc/security/opasswd

# touch /etc/security/opasswd

# chmod 600 /etc/security/opasswd

59. Find largest size file into the fs

# find // -xdev -type f -size +1000000000c -exec ls -lad {} \;

# find . -xdev -size +100M