Chapter 11

solidseniorΔιακομιστές

9 Δεκ 2013 (πριν από 3 χρόνια και 11 μήνες)

117 εμφανίσεις

CIS 238DL

Linux System Administration

Ray Esparza

GCC CIS Faculty

Introductions


Name


Work or school major/minor


Unix experience


Expectations of the course

Course Materials


A Practical Guide to Red Hat Linux textbook


Chapters 11
-
20, 23, 26


Lab Exercises on syllabus, download at


www.gc.maricopa.edu/business/cis238dl


Compact Discs with Fedora Core 2


Syllabus Overview


Other:


Virtual PC account OR


5 GB or larger HDD in Inclose Drive Bay Model
P96i
-
T

Midas Setup


Log onto Midas using Palette ID and password


Select “Account Info”


Input your Primary Email address in


“Internet Contact Information”


Input
paletteid@student.gc.maricopa.edu

as your
Secondary email address, use
YOUR paletteid

above.


Go to Message Cnt “Personal Preferences”


Check box for “Forward all messages to email “


Click “Submit” button


Return to “course” screen, select “Take an Exam”


Take Course Pretest exam.


http://www.maricopa.edu/midas

Enter Your Palette User ID and
Password

Select “Account Info”

Enter your Cox.net, AOL, Hotmail, etc.
email address here.

Enter your GCC email address here.

Select “Message Cnt” then

Select “Personal Preferences”

Check this Box

Classroom Configuration

HTC1
-
141

\
\
ht1
-
141
-
xx

\
\
Instructor01

192.168.0.1

Instructor’s

Computer


\
\
ht1
-
141
-
xx

...

\
\
ht1
-
141
-
xx

DNS and WINS

to Internet

Facilities

Building Hours

Parking

Rest Rooms

No Eating/Drinking

Phones

Smoking

Class Hours

Chapter 11


System Administration and Superuser


Rescue Mode


SELinux


System Operation


Useful Utilities


Setting up a server


nsswitch.conf


PAM


System Administration


System Administration Tools:


su/sudo


consolehelper


kill

Rescue Mode


boot: linux rescue


Takes you into rescue mode to change files
and perform other maintenance


boot: /boot/vmlinuz

SELinux


DAC based on users and groups


SELinux based on MAC, based on roles


Use system
-
config
-
users to assign roles


SELinux states:


Enforcing/Active


Permissive/Warn


Disabled

System Operation


Booting the system: runlevel set in inittab


Start and Stop services (init scripts)


/etc/rd.d/rc.sysinit


initial logging, time, etc.


/etc/rc.d/rc


runlevel setup


Configure services II


system
-
config
-
services


redhat
-
config
-
services


chkconfg: Configures Services III

Modes


Single user 1


Multi user 2


Multi user with network 3


Reserved 4


Multi user with network and GUI 5


Reboot 6

Logging In


PAM (pluggable authentication module)


covered later


/etc/shadow password file


Uses MD5 hash


/etc/profile and /etc/bashrc

Bringing the system down


shutdown


-
h

halt system now


-
r

reboots

5 (in 5 minutes)


-
k

just kidding



init 0


Ctrl
-
alt
-
del

Useful Utilities


Red Hat utilities


redhat
-
config
-
*


system
-
config
-
* (Fedora)


bind


boot


display


netboot


network


samba


List on pages 394 to 396


Linux Utilities

chsh




clear




dmesg



e2label


kudzu



mkfs

ping




reset

setserial



umask

uname

Setting up a server


Standard config file rules:


Ignore blank lines


Comments begin with a # in column 1


Use
\

or quotes to hide embedded spaces


Break long lines into shorter lines with
\

Portmap


rpcinfo


to display information using portmap


-
p probe


-
n (port) number


-
u UDP


-
t TCP


-
b broadcast


-
d delete


Example: rpcinfo

p hostname

The xinetd Super Server


Uses /etc/xinetd.conf file


Used to start network services based on
network requests

Securing a Server


TCP Wrappers:


hosts.allow and hosts.deny


Stops at first hit so use wisely


chroot “jail”


Same as “fake root”


Useful in hiding true directory structure


DHCP


Uses dhcpd.conf file on server


default
-
lease
-
time 600; # seconds or 10 minutes


max
-
lease
-
time 86400; # seconds or 1 day


options (subnet
-
mask, routers, domain
-
name
-
servers)


Or dhclient.conf on client machine


Interface “eth0”


{ send dhcp
-
client
-
identifier 1:xx:xx:xx:xx:xx:xx;



send dhcp
-
lease
-
time 86400}

nsswitch.conf


name service switch configuration file


Specifies which methods to use and the
order to use them when looking for a certain
type of information.

passwd files nis

hosts files dns

passwd: compat (requires +
-

entries)

PAM


Linux Pluggable Authentication Modules


Used to determine how various applications use
authentication to verify the identity of a user.

#%PAM
-
1.0

auth required pam_securetty.so

auth required pam_nologin.so

session required pam_console.so

session required pam_selinux.so multiple

Any Questions?