RH-133 CH-01

YUM Installation & Removal

YUM Server configuration steps

To solve the problem of dependency resolution and package location, volunteer

programmers at Duke University developed Yellow dog Update, Modified or
short for YUM. The system is based on repositories that hold RPMs and repodata
file list. Yum server is the centralized server through which you can install all
servers’ package. The data of Yum server is stored in /var/ftp/pub to install Yum
server you should have minimum 7 GB in /Var partition. If you don’t have var
partition then you should create a new partition and mount with /var by using
vi /etc/fstab.

LAB: - ---------------------------------------------------------------------------------------------

~] # create a drive like mkdir /popo

~] # mount /dev/cdrom /popo

~] # cd /popo/

Popo] # cd Server

Server] # rpm –ivh vsftpd (press tab key to complete the command)

Server] # rpm –ivh createrepo (press tab key to complete the command)

Server] # cp –rvf /popo/* /var/ftp/pub

Server] # cd /var/ftp/pub

Server] # cd Server
Server] # createrepo –v /var/ftp/pub/Server/

Server] # service vsftpd restart;chkconfig vsftpd on

Server] # service portmap restart;chkconfig portmap on

Server] # service iptables stop

*Note:- if you want to install software on server then use the following command. Open the file. And
edit the file

~] # vi /etc/yum.repos.d/server.repo

[server]

Name=test

Baseurl=file:///var/ftp/pub/Server

Gpgcheck=0

Enabled=1

:wq

Now yum server is ready to install packages like

~] # yum list all

~] # yum install packagename

yum clean all

yum list ---------- show all the available package list

yum grouplist

To install CLI -

yum groupinstall “Virtualization”

yum install package-name

yum remove package-name

service vsftpd start

chkconfig –level 35 vsftpd on

YUM Clients configuration steps

vi /etc/yum.repos.d/server.repo
 [Server]
 name=test
 baseurl=ftp://192.168.0.254/pub/Server
 gpgcheck=0
 enabled=1

________________________________________________________________________________

Yum install packagename -Install the package with name packagename

Yum localinstall rpmfilename - Install the local rpm filename and it will search local repository
for dependencies

Yum groupinstall gnome-desktop - Install all packages that are part of the group named gnome-
desktop. It will search local repository for dependencies

Yum remove packagename - remove the package, if any package is depends on my package
then it will prompt to remove the package

Yum update mypackage -updates the older version with newer version.
Configuration are over written and old configuration files are saved with either .rpmsave or .rpmnew.

_____________________________________________________________________________________

Yum Queries

Yum searches both local database and repository

Yum search searchterm - it will search for all packages having the searchterm in package
names, description and packager

Yum list ‘*irefo*’ - It will search the packages with *irefo*, Quotes are must
Yum list installed ‘*irefo*’ - search in installed packages only

Yum list [all|available|extra|installed|recent|updates] ‘*ireo*’

Yum info ‘*irefo*’ -display information after searching pkg ( installed & repo)

yum whatprovides /usr/sbin/sendmail - what package provides file /usr/sbin/sendmail. ( in both

installed & available)

Configuring repository

create a file /etc/yum.repos.d/name.repo containing

[reponame]

Name=description

Baseurl=file:///mnt

Enabled=1

Gpgcheck=0

Yum clean dbcache|all - Clear the cache of Yum.

_____________________________________________________________________________________

RPM Package Manager

Name-version-release.architecture.rpm

Rpm database is maintained in /var/lib/rpm

Rpm –i -Install RPM

Rpm –F – freshen ( if older version does not exist it will skip installation)

Rpm –U – upgrade ( if package does not exist then it will treat it as fresh installation

Rpm –e - erase the package

-v ( verbose mode) – h ( bashed output)

Rpm Query

Rpm –qa – all packages

Rpm –q packagename – check for named package and version

Rpm –qf filepathname - Package that owns the file

Rpm –qp file name - Package ( uninstalled) package file

Syntax: - rpm -qa |less

rpm -qf filename (show owning package)

rpm -qi package_name (general information)

rpm -ql package_name (lists files in package)

RPM Verification:- verifying an installed package compares the file sizes, permission, type, owner,
group, MD5 checksum, and modify time against the RPM database. Any inconsistency will be reported.
An installed package can also be verified against a package file as well:

Syntax: - rpm -V zip verifies the installed zip rpm against the RPM database.

rpm -Va verifies all installed RPMS against the RPM database.

rpm -Vp zip-2.3-8.i386.rpm verifies the installed zip package against the zip
pacakage file.

Chapter -2

Order of the Boot Process

 BIOS initialization
 Boot loader configuration [ GRUB initialization ]
 Stage 1 : small, resides in MBR or boot sector contains information about only Stage 2
and loads the stage 2
 Stage 2:This is the core image of GRUB reads the file (loaded from /boot)
 Grub.conf [ /boot/grub/grub.conf ] symbolic link [ /etc/grub.conf ]
 Kernel Loading
 Init Process [ /sbin/init ]
 Starting init also loads [ /etc/inittab ] file into memory
 rc loading [ /etc/rc.d/rc ]
 rc.sysinit loading for interactive startup [ /etc/rc.d/rc.sysinit ]
 System reads the file [ /etc/fstab ] to mount system partitions
 sets kernel parameter in /etc/sysctl.conf
 set hostname
 set swap partitions
 activate RAID
  enable SELINUX
 rc reads /etc/inittab file to load default or selected run level and Enter to selected run level
 /etc/rc.d/rc and /etc/rc.d/rc?.d(K and S scritps) which are linked to /etc/init.d/K or S*
 rc.local for user defined scripts [ /etc/rc.d/rc.local ]

Show Current & Previous run levels

/sbin/runlevel
Who –r

GRUB and grub.conf

 GRUB – GRand Unified Bootloader Grub is more powerful and we can edit the Grub
 Command-line interface available at boot prompt
 Boot form ext2/ext3, ReiserFS, FAT file systems
 Supports MD5 password protection
 /boot/grub/grub.conf
 Configuration file provides the information about kernel location and other parameters to load
operating system
 Chain-loading is used for loading other operating system.

Run Levels
 Run Levels are different modes to run linux with different configuration. Init defines 0 to 6 run
levels
 Defines in file [ /etc/inittab ]
 Following chard details the run levels that linux defines by default:
 Runlevel Effect
 0 Halt
 1,s,emergency Single user modes ( Only root user can be
logged on. Used to perform Maintenance )
 2 Multi-user, without NFS networking
 3 Full multi-user mode. ( Includes networking )
 4 User definable, but duplicate of run level 3
 5 X11 ( Includes networking )
 6 Reboot
 Note :- If there is no run level defined then system will attempt to boot to run level 9 which is
undefined.

Daemon Process
 A daemon process is a program that is run in the background, providing some system service
 Two types of daemons
 Standalone ( Controlled by init or by a startup script /etc/rc.d )
 Transient : ( Controlled by the “ Super-daemon xinetd )
Password Protecting – Single user mode

vi /etc/inittab Append the line

su:S:wait:/sbin/sulogin

XINETD Services

Manage Trasient services on demand

/etc/xinetd.conf, /etc/xinetd.d/service

Controlling service

Chkconfig --list

Chkconfig –level 3 5 NFS on

Chkconfig nfs on
 UNIT-3
Kernel Services
Kernel documentation is provided with the kernel source code and is distributed by Red Hat in the
kernel-doc RPM. The documentation can be found under /usr/share/doc/kernel-doc-* /documentation

Kernel can be linear( 1 large kernel file)

Kernel can be small ( modules)

Kernel Modules are located in /lib/modules/$(uname –r)/ *

Lsmod provide a list of loaded modules

Modprobe can load and unload modules

Modprobe usb_stroage

Modprobe –r usb_storage

Modinfo usb_storage - displays information about the available modules

/etc/modprobe.conf used for module configuration ( contains)

Parameters to pass to a module whenever it is loaded

Aliases to represent a module name

Command to execute when a module is loaded.

To Mount the root file system Kernel needs modules such as ext3,raid1,scsi_mod etc

An initial RAM DISK provides modules ( /boot/initrd-$(uname -r).img } ( CPIO Image of the modules)

RAMDISK module is created by

Mkinitrd /boot/initrd-$(uname -r).img $(uname-r)

Kernel Configuration with /proc

Virtual File system

Readonly files
/proc/cpuinfo

/proc/1/*

/proc/partitions

/proc/meminfo

Read-write Entries

/proc/sys/kernel/hostname

/proc/sys/met/ip4/ip_forward

/proc/sys/vm/drop_cache

/proc/sys/vm/swappiness

Sysctl

Add persistence to /proc/sys- based on /etc/sysctl.conf

Sysctl –a - List all current settings

Sysctl –p - reread sysctl.conf

Sysctl –w net.ipv4.ip_forward=1 - Change a sysctl conf value

Exploring hardware devices

Hal-devices - List all devices in text

Hal-device-manager - List all devices in GUI

Lspci / lsusb -list devices connected to PCI & USB

Monitoring Process & resources

Memory- Free , vmstat, swapon –s, pmap

Processes – ps , top,gnome-system-monitor

Kernel state – uname,uptime , tload

What is X Windows
 The X Windows System is the foundation of the Linux graphical user interface (GUI). The X
Windows System is maintained by X Consortium at http://www.X.org
 The X Window System is designed as a flexible and powerful client/server-based system

Methods to establish X environment

 Two methods to establish the environment
 /usr/X11R6/bin/xinit
 /usr/X11R6/bin/startx
Configuration Utilities
 system-config-display
 mouseconfig
 switchdesk
Setting password less authentication using SSH

Hosta> ssh-keygen –d

Hosta> ssh-copy-id –I .ssh/id_dsa.pub root@hostb

Or copy the id_dsa.pub to hostb’s root account /.ssh/.authorised_keys2

Common UNIX Printing Service [ CUPS ]

 CUPS, the common printing system, is the primary printing system under Red Hat Enterprise
Linux. CUPS supports a new Internet Printing Protocol, IPP, based on HTTP.
Installing and Managing Printer Server and Client
 CUPS Configuration Files

 /etc/cups/cupsd.conf
 cupsd server configuration file
 /etc/cups/printers.conf
 Print queue configuration file
Printing Commands
 system-config-printer : Utility to install and manage print devices
 lpr : command to send print jobs to print device
 lpq : command to view print queues
 lprm : command to remove print jobs
 lpadmin : command line tool for printer administration
Using Scheduling [ cron ]
 Used to schedule recurring events
 Use crontab to edit, install and view job schedules
 Command Examples
 Crontab OPTIONS
 -l list crontab
 -r removes crontab
 -e edits crontab
Using Crontab File
• Fields in a crontab file can be separated by any number of tabs or spaces

Controlling Cron
 Restrict / allow user access to cron
 /etc/cron.allow
 /etc/cron.deny
 Contains usernames to allow / deny access

 Disable “email” notifications:

 If email notification is not required then put the following command at the end of the cron job
line:
>/dev/null 2>&1
 Crontab “LOG FILE” generation:
30 18  *   *  *   somecommand > /somelocation/logfilename.log

System Logging
What is System Logging ?
 An important part of maintaining a secure system is keeping track of the activities that take
place on the system. If you know what usually happens, such as understanding when users log
into your system, you can use log files to spot unusual activity
 Two main logging daemons
 klogd :The kernel log daemon service logs kernel messages
and events
  syslogd :The syslog daemon logs all other process activity. You can use the log
files that syslogd generates to track activities on your system
Log Files
 /var/log/dmesg : Kernel log messages
 /var/log/messages : Standard system error messages
 /var/log/maillog : Mail System messages
 /var/log/secure : Security, authentication, and xinetd messages

utmpdump /var/log/wtmp

used for monitoring login activity

Configuring Central Log Server

 Server Side – Allow “syslogd” to accept remote message
 vi /etc/sysconfig/syslog
 SYSLOGD_OPTIONS=”-r -m 0”
 Restart the “syslogd”
 service syslog restart

 Client Side – Instruct client to send log to Central Server

 vi /etc/syslog.conf
 user.* @192.168.0.253
 Restart “syslogd”
 service syslog restart

 Test – On client
 logger -i -t username “this is to be sent to remote server”

tmpwatch- deletes all files in /tmp which have not been accessed for 240hours ( 10days)

logrotate- Keeps log file from getting to large ( /etc/logrorate.conf)

logwatch- provides a summary about system activity/reports suspicious messages (

/etc/logwatch/conf/logwatch.conf

Anacron

Runs cron jobs that did not complete when computer was down ( /etc/anacrontab)
 UNIT-5
Understanding Filesystem Management
Partition Type

5 or F Extended

82 Linux Swap

83 Linux

8e Linux LVM

Fd Linux Raid

You can have 63 IDE devices/15 SCSI Devices

echo "- - -" > /sys/class/scsi_host/host0/scan

CREATING LINUX PARTITIONS:

 Step-1 – Check the drive
 fdisk -l
 Step-2 – Create new partition
 fdisk /dev/hda
 Step-3 – Write the new table to running kernel configuration
 partprobe
 Step-4 – Format the new partition
 mkfs.ext3 /dev/hdaN ( or mke2fs /dev/sda1;tune2fs –
j /dev/sda1)
 Step-5 – Mount the new partition
 a) Temporary : Give the following command
 mount -t ext3 /dev/hdaN /mnt/newdata
 b) Permanent : vi /etc/fstab
 /dev/hdaN /mnt/newdata ext3 defaults
0 0
 Step-6 – Activate the mounting of new partition
 mount -a

DEFINING LABELS FOR PARTITION

 e2label /dev/hdaN newlabel
 Mount Temporary --
  mount LABEL=newlabel /mnt/newdata
 Mount Permanent --
 vi /etc/fstab
 LABEL=newlabel /mnt/newdata ext3 defaults 0 0

Blkid can be used to see labels and filesystem type of all devices

Tune2fs /dumpe2fs

- Adjust file system parameters ( Tune2fs)

o Reserved blocks
 Tune2fs –m 10 /dev/sda1
o Default mount options
 Tune2fs –o acl,user_xattr /dev/sda1
o Fsck frequency ( eg below disable mandatory Filesystem check)
 Tune2fs -i0 –c0 /dev/sda1
- Dump2fs can be used to view the current setting of the File system.

/etc/fstab entries

Device mountpoint fstype options dumpfrequency fsckorder

Dumpfrequencey –

Level0 dump frequency

0 never
1 daily
2 every other day etc

Mount –t vfstype –o options

Default options are rw,suid,dev,exec,async

Mount options

Rw read write

Suid suid or sgid file modes honoured

Dev device file permitted

Exec permit execution of binaries

Async file changes managed asynchronously

Acl Acls are hounored

Uid=UID,gid=GID all files are owned by UID and GID

Loop mount filesystem using loopback device

Owner Mount request & device should be owned by usr.

Fuser –cu /app report users using the file system

Fuser –ck /app kill the process using the filesystem

Fuser –v mountpoint to display what and who is accessing the FS

Fuser –km mountpoint kill the action on FS.

NFS Server

/etc/exports *(rw)

/etc/exports 192.168.1.0/24(rw)

/etc/exports 192.168.1.1(options)

Service nfs restart

Automounter

Daemon will check the FS usage for 60second by default

/etc/auto.master

/misc server:/export/home ( Direct Map)

/home /auto.home ( indirect map)

/etc/auto.home
‘* -fstype=nfs server:/export/home/&

CH-6

User administration

Useradd –u UID –G GID –g gid –C comment –s shell –m –d /export/home

username

Fields of the /etc/password & /etc/shadow

Usermod –L lock | -U unlock| -l loginname oldloginname

Userdel –r username( delete user’s home directory)

Chage is used to change the password aging policy

Chage options username

Options

-m min days between password change

-M Max days b/w password change

-I no of days inactivity since password expired before locking user

-E Date Expire date on YYYY-MM-DD

-W no of days before a required change to start warning

-l list the settings

Groupadd groupname

Groupmod –n newname oldname

Groupadd–r groupname ( -r to avoid using GID with in the range of pvt users
and groups 101 to 499 should be used)

Chgrp groupname filename

Chmod u+s filename – Setuid 4 ( s in rws) ( S in rwS – if execute bit is also set)

Chmod g+s filename – setgid 2 ( s in rwx:rws) ( S in rwS – if execute bit is also

set)

Chmod o+t filename – sticky bit 1 ( t in rwx:rwx:rwt) ( T in rwT – if execute bit is

also set)

4 – read

2 write

1 execute

Chmod 1777 filename will set sticky bit on the filename

Default umask is 002

So default file permission will be 666-002 = 664

Default directory permission will be 777-002=775

What is SWAP Space?

 Swap space in Linux is used when the amount of physical memory (RAM) is full. If the system
needs more memory resources and the RAM is full, inactive pages in memory are moved to the
swap space. While swap space can help machines with a small amount of RAM, it should not be
considered a replacement for more RAM. Swap space is located on hard drives, which have a
slower access time than physical memory.
 Swap should equal 2x physical RAM for up to 2 GB of physical RAM, and then an additional 1x
physical RAM for any amount above 2 GB, but never less than 32 MB.
CREATING SWAP PARTITION
 Step-1 – Create a partition type of “swap” using FDISK
 fdisk /dev/hda
 Step-2 – Change the System ID of partition and Format the partition as SWAP
 Press t for change the system ID of New Partition to linux SWAP
 Save and exit from fdisk command and run partprobe command
  mkswap /dev/hdaN
 Step-3 – Enable the SWAP space
 swapon -a
 Step-4 – Permanent availability to the system
 vi /etc/fstab
 /dev/hdaN swap swap defaults 00

CREATING SWAP FILE

 Step-1 – Creating a SWAP file
 dd if=/dev/zero of=/swapfile bs=1M count=300
 Step-2 – Configuring this file as SWAP
 mkswap /swapfile
 Step-3 – Enabling the SWAP file Temporary
 swapon /swapfile
 Step-4 – vi /etc/rc.d/rc.local Permanent
 swapon /swapfile
 Step-5 – Activating and confirming
 swapon -a
 swapon -s
Accessing ext2 / ext3 partitions in Windows
 www.chrysocome.net/virtualvolumes
A very beautiful tool “explore2fs” can be used to access your linux ext2fs and ext3fs partitions in
Windows.

Accessing NTFS partitions in Linux

 You need a tool like “ntfs-3g”
 Download it and mount the NTFS partition as instructions:
 Installation
./configure

Make

make install # or 'sudo make install' if you aren't root

 Usage
 [Temporary]
Mount -t ntfs-3g /dev/sda1 /mnt/windows

 [Permanent] vi /etc/fstab file:

/dev/sda1 /mnt/windows ntfs-3g defaults 00
What is Kernel?
 The kernel is the heart of the whole operating system. It manages communication with
hardware, decides which processes to run, and provides each process with an isolated, virtual
address space in which to run. The kernel is what your boot loader, GRUB , loads into memory.
The kernel loads device driver modules.

When you recompile your kernel, you can

 Greatly improve the speed at which kernel services operate.
 Build in direct support for commonly used drivers.
 Configure the dynamic loading of appropriate drivers as modules.
 Lower the memory consumption of your kernel by removing unneeded components.
 Configure support for high-end hardware, such as memory above 4GB, hardware array
controllers, symmetric multiprocessing (multiple CPU) support, and more.
Types of kernel
 Monolithic
 Modular
Monolithic versus Modular
 A monolithic kernel is a kernel where all the device modules are built directly into the kernel.
Modular kernels have many of their devices built as separate loadable modules. Monolithic
kernels can communicate with devices faster, since modular kernels can talk to the hardware
only indirectly through a module table. Unfortunately, monolithic Linux kernels are huge. Bigger
kernels reduce available RAM. In addition, some systems just can't boot a kernel that's too large.
 There used to be advantages to a monolithic kernel. Linux once had problems loading modular
kernels for some hardware. With a monolithic kernel, the drivers would already be there. But
now modular kernels load new drivers a lot more reliably.
 A modular kernel has greater flexibility. You can compile almost all your drivers as modules, and
then each module can be inserted into the kernel whenever you need it. Modules keep the
initial kernel size low, which decreases the boot time and improves overall performance. If Linux
has trouble loading a kernel module, you can use the modprobe or insmod commands to load
modules as needed.

The /proc filesystem

 /proc is a virtual filesystem containing information about the running kernel
 Contents of “files” under /proc may be viewed using cat
 Provides information on system hardware, networking settings and activity, memory usage and
more
 /proc/cpuinfo
  /proc/meminfo
 /proc/version
 /proc/partitions etc……..
kudzu
 The kudzu utility maintains a database of detected and configured hardware, found at
/etc/sysconfig/hwconf
 As a part of the boot process, kudzu compares the currently detected hardware to the stored
database
 If new hardware is detected , or previously existing hardware is removed, kudzu will attempt to
automatically reconfigure the system or steer the administrator to the appropriate interactive
configuration utility