Linux notes
-----------------------------------------------------------------------------------
Linux and Unix are file-based OS
Linux os used in mission critical environment, data center environment.
Unix was the first OS to be invented as machine level.
Dennis ritche: upgraded from machine core to high level('C').
UNIX was made to OpenSource(Free learning).
Histroy:
1969: Developed at AT&Bell Labs
1975: AT&T makes UNIX widely available-offered to educational institutions at minimal cost.
Advantages:
Can install in any x86 system processor.
Platform independant.
-----------------------------------------------------------------------------------------------------
Red Hat: Company
3 linux
RHEL(Red Hat Enterprise Linux): Lincensed linux
CentOS 7
Fedora 7
Mission Critical Environment: (24*7)
Datacenter:
Nearly 300000 servers are available.(FB,G)
Like ULTIMATIX.
SUSE Enterprise Linux-->Lincensed linux
Red Hat 7, these are the flavours of linux that runs on Mission Critical Environment.
--------------------------------------------------------------------------------------------------------
Components of Linux:
Various type of shells:
Firstly, we need to know what is kernal?
To operate the hardware, we need OS. The core part of OS is "Kernal". Kernal directly interacts with hardware.
To play music, we click the song file, background: The kernal will invoke the sound card. Kernal will communicate with hardware.
To communicate with kernal, we need "Shell".
1.Bourne Shell(sh):
Oldest type of shell. When unix became portable.
2.C Shell(csh):
3.Korn Shell(ksh):
4.TC Shell(tcsh):
5.Bourne Again Shell(bash): Default shell in RHEL 7.
Commad to create "user":
useradd -s /bin/sh user1.
If -s /bin/sh is not mentioned in command, the shell for user1 will be "bash".
If you want to specify particular shell then use "-s /bin/shell_name"
-----------------------------------------------------------------
Existing flavours of
LINUX:
Redhat, fedora, suse, ubuntu, centOS
UNIX:
Oracle solaris, IBM AIX,HP UX
It is costly and hardware dependable but its stable.
Width of rack is 19inch.
Locking mechanism in blade server to insert/remove blades.
-------------------------------------------------------------
RUN LEVELS:
Run level specify the state of an linux OS.
Seven run levels are available in linux
Default run level is: 3.
Run level 0: Power off.
Command: init
To change run levels
init 0--> Power off state.
init 1-->Single user mode(Run level 1). Normally used to troubleshoot
init 2-->Advanced form of Run level 1, we have networking support. Multiple user mode.
init 3-->Default runlevel, all application modules will be started.
init 4-->User specific, where user can modify.
init 5-->Graphical (GUI) applications, RAM memory will be consumed.
init 6-->It's for reboot/restart .
Mostly we use runlevels 1,3.
------------------------------------------------------------------
Commands:
Halt: shutdown -h now
Reebot: shutdown -r now
------------------------------------------------------------------
In Windows:
Continous pressing of F8 while the system starting, we are invoked to safe mode side. Networking applications will be disabled.
For troubleshooting we use SafeMode.
-------------------------------------------------------------------
Apache
To run service at boot time
RHEL 7->systemctl enable <service name>
systemctl enable httpd (Service corresponding to apache software)
|
RHEL 6->chkconfig <service name> on
chkconfig <service name> off
|
RHEL 5
--------------------------------------------------------------------
Exercise: Create centOS in VM
--------------------------------------------------------------------
Linux Boot process:
When you turn on computer, IC is actived in BIOS
BIOS-> 2 Memory areas: ROM and CMOS.
Where ROM contains BIOS Firmware(sort of s/w)-->RAM-->Processor
we can customize the BIOS firmware by pressing F12/DEL/F2 depends on models.
Changes are saved in CMOS area.
JOBS initiated by BIOS in ROM
Job 1-->POST(Power On Self Test): Checks all the hardware/electronics circuits are working properly.
Job 2-->Boot process: Check for the storage media/network for OS.
Boot priority: DVD, HDD, USB, Network Boot.
CMOS:
User settins are saved in CMOS and its powered by CMOS battery. (non-volatile)
If battery is removed then all user settings will be locked.
Factory default loaded-->Clock 2016
--------------------------------------------------------------------
File system: ntfs, fat, refs, xfs, ext3, ext4, vxfs
First BIOS will read MBR/GPT.
MBR/GPT: Master Boot Record/GUID Partion Table (Small partitions in HDD in MB/KB)
MBR executes GRUB(Grand Unified Boot Loader)
Boot Loader: Load all kernal files and it gets boot, once kernal is activated then kernal will execure init process. And init process is the first process that starts when linux OS loaded.
init (name of process) with PID=0
It will initiate "run level" programes.
Run level programs are executed from /etc, /rc.d.....
/etc/init.d : There is an entry of startup runlevel details.
Like: init:3, it means runlevel 3 will be initiated at the startup.
-----------------------------------------------------------------
OS Installation methods:
DVD
Harddisk/pendrive (bootable)
Network Installation Method: via NFS, HTTP, FTP.
*Clonzilla: s/w that we can remotely install Linux OS.
------------------------------------------------------------------------
Linux Basic Commands:
3 Parts:
command-key|-option|parameter
(mandate)|(optional)|(optional)
Ex: command-key -option parameter(path)
ls : listing the contents of path
ls -l : Full details of the contents
20/July/2017
Commands:
ls: List of commands
ls -l: with detail
useradd username: Create username
Users can be seen in /home
To change users: su - username
Opening file: vi filename.txt
Closing file: esc +:wq
Webinar Session:--------------------------
Two ways to connect Linux:
1.Over Network
2.Console: Directly connecting monitor,remote hardware mgmt tool OA/ILO to CPU. (Physical/Console)
For troubleshooting purpose we use console access.
Over Network:
---------------------
Psuedo Console Access-->Network-->Protocols.
Protocols: ssh and telnet are used to connect linux over network.
We will be using pseudo console access to server remotely.
Putty: S/W we can connect with linux/Unix by selecting particular protocol
Compared to telnet, ssh is more secure.
In hardneing process, telnet will be disabled.
Command: id (show you the current login user)
df -hT (File system
touch and > are used to create empty file
Ex: touch /tmp/filename
>/tmp/filename
vi has three modes:
execution-->saving/quiting/searching a pattern
command-->Deleting, copy, paste of text
insert--> insert the text
x-->to delete a character
dw-->to delete a word
yy-->copy
p-->paster
n-->Create partition
Two partitions
1.Primary
Press enter for single partition
partition type press in t
8e-->LVM
w-->Saving
useradd -c "comment" <username>
passwd <username>
cat /etc/passwd-->See user details.
cat /etc/group->See group details
df -hT: Disk free -h: Human readable format; T: type
ps -ef: Process state
du -sk /tmp: Disk usage.
---------------------
21/July/2017
---------------------
Command for coping file/dir
-----------------------------------------
cp-->Copy a file/dir within same
scp->Copy a file/dir among computers
Ex: cp -pr /tmp/testfile /var/data
option: -pr:
p: retain permission
r: recursive copy
scp -pr /tmp/data1 user1@10.2.3.5:/tmp/datanew
To search:
---------------
Command:
find <which path> -name <pattern>
Ex: find /var -name filename
---------------------------------------------------------------------
tail-->Displaying last few lines of text
head-->Displaying first ten lines of text
tail -n 2 filename: '2' is no.of lines to display
For ex: tail -n 3 /tmp/file1.txt
--------------------------------------------------------
To see live logs:
tail -t /var/log_filename
---------------------------------------------------
To view contents of a file:
cat , more, less
|--> Pipe symbol: we used to combine two commands.
Ex: ls -l /tmp (it may be 200 dir's) It's difficult to access.
So, use
ls -l /tmp | more : we can use spacebar to scroll down
2nd command depends on 1st command output
grep: we use for filtering a pattern
Ex: grep "user1" /etc/passwd
grep -i : Patterns search is case insensitive
grep -v : Display all text content except what we have provided.
------------------------------------------
Visual editor:
h-left
l-right
j-down
k-up
---------------------
Relative path:step by step path
Absolute path:Single command of path
To come back to one directory: cd ..
-------------------------------------------------------------------------
File security:
Permission:
----
read, write, execute.
drwxrwxrwt:
Three parts
1.User permission:rwx
2.Group permission:rwx
3.Other users:rwt
chmod
Ownership
-------
Owner will be user/group.
chown
Setting permission:
---------------------------
Two ways we can change permission:
1.Binary
r-read (permission level:4)
w-write(permission level:2)
x-execute(permission level:1)
drwxrwxrwt:
1st part: r+w+x: 4+2+1
2nd part: rwx: 4+2+1
3rd part: rwt: 4+2+?
for drwxr-xr-x: 4+2+1 4+0+1 4+0+1: 7 5 5
Value for change permission is: 755
chmod 544 /path
2.ASCII
chmod u-w /path: from user part the write permission is removed
chmod g-w /path: Remove write from group part
chmod ugo+rwx: Add r,w and x to all users, groups and others.
Setting ownership:
-----------------------------
chown user1:group1 ls /tmp/testfile: user changed to user1 and
group changed to group1
To view group: vi /etc/group
To view changes: vi /etc/passwd
To view password info of user: vi /etc/shadow
System variable:
--------------------------
TMOUT=600(sec), if its idle, then session will be closed.
For not to close: TMOUT=0
Variable are stored in .profile file: vi .profile
Without losing the variable valuse when the session expires, we need to
add variable in .profile file.
---------------------|
25/July/2017
---------------------|
ACL (Access Control List)
---------------------------------------
Used to assign permission to file/folder.
Advantage: In single command, we can set both ownership and permission.
----------------
To add permission:
----------------------------
setfacl: setting the permission.
getfacl: To see the permission/ownership/security level.
Two options to setfacl:
---------------------------------
setfacl -m: modifing permission
setfacl -x: removing permission
setfacl -m u:user1:rw /tmp/file1.txt (Assigning both ownership and permission)
setfacl -x u:user1 /tmp/file1.txt (Remove the permission)
To have glimpse over permissions:
----------------------------------------------------
getfacl /tmp/file1.txt: Able to see the permission as we assigned
Before using ACL, go to /etc/fstab file(mount point information)
Partition:
-----------
n
p
select size
partition type: 8e
q
In a raw partition (no filesystem), we cannot save a data.
Command to create filesystem in linux: mkfs.ext4 /dev/sdb1
The latest version of linux filesystem: xfs.
Formatting: mkfs.xfs /dev/sdb1
Root filesystem: Single point of contact of kernal.
So we need to link kernal and root filesystem:
1.Create directory:
mkdir /data1
2.Link /dev/sdb1 and /data1
mount /dev/sdb1 /data1
To make permanent mount: enter in fstab file:
/dev/sdb1 /data1 xfs default,acl 0 0. (0:No fsck check(errors)) (
mount -a then we can execute ACL Commands
For safe side: copy fstab file to other folder.
Then we can restore at booting.
--------------------------------------------------------------------------------------------------------------------------
SELinux (Security Enhanceed Linux)
-----------------------------------------------------
Implementation of MAC (Mandatory Access Control), where chmod,chown are under DAC(Discretionary Access Control)
Provides security even for application module.
Basic commands:
---------------------------
ls -Z:
------
Context policy of SELinux- 3 labels
User Role Type
system_u:object_r:initrc_tmp_t:s0 (Pemission level in selinux policy)
chcon -t <context type> <file/directory>
semanage -t fcontext -a <file/directory>
To list all context file: semanage -t fcontext -l
To apply permenantly after reboot:
--------------------------------------------------
restorecon -v <file/dir>
setsebool: Set boolean, otherwise the application wont be enabled even if you are "root".
We can edit selinux:
cd /etc/selinux:
Three modes: enforcing, permissive(default mode), disabled
Status: sestatus (command)
/var/log/aduit.log: Which boolean we need to set can be seen here.
like: setsebool -p <boolean name> on
-p: To save even after rebooting.
--------------------------
ps -Zef
ps ag
For example: apache
------------------------------
To start:
context type-->htttpd
semanage -l -t fcontext|grep -i httpd : list services of httpd
chcon -t <context type> /var/www/html/
restorecon -v /var/html/www/tmsht(application)
Finally set boolean:
To set which boolean: go to /var/log/audit.log
Then only application will start.
LVM: Logical Volume Manager
--------------------------------------------
Servers must use LVM to run mission critical system.
Online increase/decrease of disk space we use LVM.
Installed by Default at the time of installation.
Key terms:
----------------
physical volume(PV): Partitioned HDD.
volume group (VG): Add all PV's to create VG.
logical voume(LV): Partition of VG is called LV.
/dev/sdb1 (15GB) to make PV.
pvcreate /dev/sda1 is now a PV.
To create VG: vgcreate vg01 /dev/sdb1 (15GB)
To increase VG size: vgextent vg01 /dev/sdb2 (New partition)
To create LV: lvcreate -L 10G vg01 -n newlv
Remains 5GB, so we can extend LV
lvextend -L +5G /dev/vg01/newlv
To see all details of VG: vgdisplay -v <vgname>
Make filesystem:
mkfs.xfs /dev/vg01/newlv.
Mount:
mount /dev/vg01/newlv /data123
To make changes permanent:
open fstab: (vi /etc/fstab)
Add:
/dev/vg01/newlv /data123 xfs default 0 0
How to install application in linux:
------------------------------------------------
YUM: Yellowdog Updater Modifier
rpm: Redhad Package Manager
These are software installers in RHEL, centOS, Fedora.
For Ubuntu server:
S/W installer: dpkg, apt-get
YUM vs rpm:
YUM downloads dierctly from the internet and will install the application.
rpm: Download the setup file and then install the application like we do in windows OS.
To install tomcat:
yum install tomcat: Search for files
cd /etc/yum.repo.d/
ls -l: you can seee .repo extension.
cat any .repo file: you can see URL's like http://centOS----something
These url's are called as centOS mirror URL's.
The installer read the repo files URL's and wil install.
It's difficult to install dependency softwares like tomcat which is linked with jdk.
But yum will download the setup from the internet including dependency software.
RPM: Manual installation.
Download application and install through rpm command.
rpm -ivh <stefile.rpm>: command for installing software package
Command for removing a software:
--------------------------------------------------------
YUM and rpm
yum remove <package name>
If any requirements of other softwares to remove software, yum will download and install package for other package
rpm -e <package name>
Updation:
-------------
yum update: To update all the application components of linux system.
If you want to roll back to previous version:
----------------------------------------------------------------
rpm -Uhv
Disk Management:
---------------------------
Done using fdisk utility.
MBR/GPT: Booting OS
GRUB: Bootloader
BIOS: Firmware
GPT: Supports UEFI(Unified Extensible Firmware Interface) and advanced form of MBR.
SWAP: Virtual memory or paging. Cetain memory of HDD can be used for RAM.
To add more swap space: mkswap /dev/sdb2
/etc/fstab: Get a entry.
And mention filesystem as swap in /etc/fstab.
Multipath:
-------------
A path is connection between a server and underlying storage.
SANstorage: Used in datacenters when primary storatge is at maximum level
SAN used in (Storage Area Network)
SAN Switch
HBA card or FC card is an electronic circuit to be installed on servers
Using FC cable SAN Storage,switch and HBA are connected.
Identity of each node is wwwn port number.
In SAN Storage: 2 Storage Controllers.
Each storage controller has 2 ports.
So totally 4 ports for connecting fiber channel.
In Data center we use 2 san switches, 2 Fiber cable FC cards.
Image link: docs.oracle.com/cd/E19787-01/819-7306/images/SAN-stor-config.gif
Server(node) has 2 HBA paths.
*For any SAN Storage which can be linked to computer, it has two controllers each has 2 fiber channel ports.
Storage can be accessed by server in two ways.
Server will connect to storage via a SAN Switch.
If one path got disconnected, multipath s/w will automatically link the other path to the SAN Storage.
Multipath s/w was pre-installed in linux.
Default path: /usr/share/doc/device-mapper-multipath-0.4.7/multipath.conf.defaults
In Datacenter, we dont possess multipath but we prefer EMC PowerPath.
EMC PP gives better management and performance when compared to multipath s/w.
Network Time Protocol:
------------------------------------
NTP are used to sync the "Timezone".
In datacenters, we have a networking device with antenna connected to satellite. That device has accurate time.
That device is connected to NTP server which is installed in RHEL.
/etc/ntp/.conf: Client configuration file
/etc/chronyd.conf
In the above file, we add IP address of ntp server.
IP address, host name configuration in RHEL
----------------------------------------------------------------
ifconfig: Latest linux flavours like RHEL7
ip addr show: All the linux flavours
Set IP address using ifconfig:
ifconfig 172.26.48.11 netmask 255.255.255.0 eth0 up
route add default gw 172.26.48.1 (command to add gateway)
This is not permanent, to overcome this issue we need to edit one file, named as /etc/sysconfig/network-scripts/eth0_cfg
In that file, ie vi eth0_cfg
ip address
subnetmask
gateway
dns server
(or)
nmtui, we get GUI console prompt.
Service that controls networking is: systemctl list-unit-files | grep net
Service to start at boot time: systemctl enable <service name>
Using systemctl start/stop/restart <service name> : we can start/stop of the service.
cat /etc/resolv.conf : Contains DNS Server details like primary and secondary DNS
cat /etc/nsswitch.conf: Contains how DNS should happen.
cat /etc/hosts: Host ip and host name
NFS and SAMBA:
------------------------
Sharing a file/directory among linux/unix systems then we require NFS.
Sharing a file/directory with windows system then we require SAMBA.
In NFS, there's a file named as /etc/exports. In this file, it mentions the name of directories which we need to share.
/etc/fstab
ip:/dirpath /data-nfs nfs default 0 0
In SAMBA, the configuration file is located at /etc/samba/smb.conf
APACHE
------------
It's a webserver.
If you want to configure any web application, we require an apache web server.
Apache is the name of the software.
lly nginx webserver.
Apache web server:
-----------------------------
Install: yum install httpd
Installed.
/etc/httpd/conf.d/httpd.conf
In httpd.conf file, we have to edit some syntax like
172.26.48.48:80 http or 172.26.48.48:443 https
certificate key: To convert http -> https
<directory root=/var/www/html> (by default)
Any html file to access in apache web server.
</directory>
Virtualization:
-------------------
Any network service running in linux has a unique port number. That's the service port number.
service port can be blocked using software firewall.
Two types of virtualization:
1.Host based virtualization: we require OS.
Ex: Oracl virtual box, vmware workstation
2.Bare metal virtualization: Production environment.
Ex: VmwareEXSI, citrix
Firewall configuration
--------------------------------
lly to SELinux but in firewall config. in linux, security is provided for application service ports.
Replaces the IP Tables interface and connects to netfilter kernal code.
RHEL 7: firewalld(service/deamon) responsible for firewall services
We can ensure the security for application service ports.
Ex:
http: port 80 (default) or unique port(1234)
In firewall we have different "zones": Internal, External, public, home.
Public zone: Some services are blocked and some are allowed.
firewall-cmd (command)
To get default zone:
firewall-cmd--get-default-zone
To get active zone:
firewall-cmd--get-active-zone
To set default zone:
firewall-cmd-set-default-zone-home/public
To set ethernet:
weblink: www.certdepot.net/rhel7-get-started-firewalld/
We can set network range: To cofine users accessibilty.
Port management:
firewall-cmd--zone-internal--add-port-443/tcp
Troubleshooting:
------------------------
Link: techmint (reset forgotten root password)
If you have forgot your root password, log on to single user mode(init 1)
Select the default highlighted,
press 'e' to edit(at bottom)
Some entry like linux 16 /vmliunuz------------------------------
----------------------------------------------------------------------------------
/root rhbg quiet replace with init=/bin/bash
--------
---------
---------
----------
-------
----and so on, please refer the above link for detailed information.
GROUPS Concept:
------------------------
Primary group: Creation of user
useradd -s /bin/bash -G usergrp user1
Name changed from user1 to usergrp
Secondary group:
groupadd <groupname>
By editing file: vi /etc/group
usergrp:user1,user2,user3... we can add users.
APACHE:
-------------
web server software to run php/html codes.
To install apache:
yum install httpd.
configuration are stored in etc directory path.
httpd.config
openssl is a freeware where you can generate ssk key and ssl certificate.
Symantec, geo trust: lincensed.
--------------------------------------------------*THE END*------------------------------------------------------
0 Comments