e. day of the week (Sun, Mon, Tue, etc. OR 0-7)
f. command to execute (shell, perl, php, etc.)
3. Wakes up every minute in search of programs to execute
4. Reads cron entries from multiple files
5. Maintains per-user and system-wide (/etc/crontab
/etc:
cron.d/
cron.deny - denies cron executinb by user
cron.monthly/ - runs jobs monthly
cron.weekly/ - runs jobs weekly
cron.daily/ - runs jobs daily
cron.hourly/ - runs jobs hourly
crontab - contains system-wide scheduers
Note: ''*'' wildcard in a time column means to run for all values
Per-user Crontabs:
Stored in: /var/spool/cron
Task:
1. Create a cron entry for the user ''student1''
a. ''su student1''
b. ''crontab -e''
c. create an entry, minus the name of the user
Note: ''crontab -l'' enumerates per-user cront entries
System-wide Crontab:
Stored in: /etc/crontab
Task:
1. Create a cron entry in: /etc/crontab
Note: ''crontab -l -u username'' - enumerates per-usercron entries
###SyslogD###
Features:
1. Handles logging
2. Unix Domain sockets (/dev/log)
3. Internet Sockets (UDP:514)
4. Ability to log to local and remote targets
Implented as ''sysklogd'' package
Primary configure file: /etc/syslog.conf
Standard syslog.conf file contains:
1. Rules
a. facilities -> applications/daemons/network device/etc.
b. levels -> Importance of message
Range: 0-7
7 = emergency
6 = alert
5 = critical
拥有帝国一切,皆有可能。欢迎访问phome.net
4 = error
3 = warning
2 = notice
1 = info
0 = debug (more information)
2. Targets
a. file - /var/log/messages
b. tty - /dev/console
c. remotes host - @IP_ADDR_of_REMOTE_HOST
''*'' = catchall/wildcard to mean any facilities or level
''.none'' = exclusion rule
''man syslog.conf'' to learn about the support facilities.levels
Task:
1. Enable UDP logging for remote Cisco gateway (192.168.75.1)
a. netstat -nul | grep 514 - reveals UDP:514 listener
b. nano /etc/sysconfig/syslog
b1. ''SYSLOGD_OPTIONS="-m 0 -r"
c. restart syslog and confirm UDP:514 listener
c1. ''service syslog restart''
c2. ''netstat -nul | grep 514''
d. Configure the router using facility ''local0'' and level ''info''
e. configure /etc/syslog.conf to accept ''local0.info''
f. restart or reload ''syslog''
###Log Rotation###
Features:
1. Rotation of logs based on criteria
a. size
b. age (daily, weekly, monthly)
2. Compression
3. Maintain logs for a defined period
/etc/logrotate.conf - primary (global) config file for all logs
- can be overriden by context-sensitive files. i.e. apache
run ''man logrotate'' to get help paper
/etc/logrotate.d - directory for logs to be rotated
-httpd - used to rotate Apache logs
/var/log/httpd/*log {
missingok
notifempty
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
endscript
}
Task: Setup rotation rule for Cisco log
1. Create entry in: /etc/logrotate.d based on /etc/logrotate.d/syslog
拥有帝国一切,皆有可能。欢迎访问phome.net
2. Modified the entry to rotate based on new criteria
3. Rotated using ''logrotate /etc/logrotate.conf''
Note: Force using ''logrotate -f /etc/logrotate.conf''
###Common Network Utilities###
Features:
1. Useful for basic troubleshooting
PING:
Features:
1. ability to communicate with hosts using ICMP
a. PING sends ICMP echo-requests
b. PING expects to receive ICMP echo-replies
Task: PING some hosts and evaluate the output
1. ''ping localhost (127.0.0.1)''
2. ''ping -c 3 localhost'' - sends 3 ICMP echo-requests
Note: ''ping localhost'' performs name resolution using /etc/hosts
Note: ''/etc/hosts'' stores static name-to-IP mappings
Note: 127.0.0.0/8 is full-reserved to the loopback adapter of ALL IPv4 hosts
3. ''ping -c 3 192.168.75.199''
4. ''ping -c 3 -i 3 192.168.75.199'' - delays PINGs to 3 seconds apart
Note: PING defaults to a standard 1-sedond interval
Note: Firewall(s) may block ICMP traffic, causing PING to fail
TELNET:
Features:
1. Great for basic TCP port diagnosis
Task:
1. Connect to TCP ports on various hosts
a. ''telnet 192.168.75.100 22''
b. ''telnet www.linuxcbt.com 80''
NETSTAT:
Features:
1. Provides network connection informationfrom /proc/net/*
Task:
1. Return useful information for various protocols
a. ''netstat''
b. ''netstat -a'' - returns all protocols/sockets
c. ''netstat -ntlp'' - returns all TCP LISTENERS without name resolution
d. ''netstat -nulp'' - returns all UDP LISTENERS without name resolution
Note: netstat use /etc/services to translate ports to names
Note: ''0.0.0.0:514'' - this means that Syslog will accept traffic to any of the defined IP addresses/interfaces on the system
拥有帝国一切,皆有可能。欢迎访问phome.net
e. ''netstat -ntp'' - returns established connections (sockets)
f. ''netstat -rn'' - returns the route tables
ARP:
Features:
1. Resolves layer-2 (OSI model) MAC addresses to layer-3 IP
Task:
1. Examine MAC addresses using: ifconfig and arp
a. ''ifconfig'' - returns our local MAC addresses
HWaddr 08:00:27:CF:4C:DB
b. ''arp -an'' - returns MAC to IP mappings
Note: When 2 TCP/IP hosts communicate, ARP is performed to translate the IP address(v6/v4) to a MAC address
Note: If a one or more routers seqarate the communicating hosts, then the MAC address of the default router''s (gateway''s) interface is stored by each client
###IPv4 Configuration $ Network Settings###
Network Support:
1. Boot system into a mulit-user mode
2. /etc/modprobe.conf - contains alias and reference to module(s) to be loaded in order to provide netwo***ng
3. Linux decides if the interface is DHCP or static by viewing the contents of:
a. /etc/sysconfig/network - netwo***ng=yes|no, IPv6_Support, Default Gateway, etc.
b. /etc/sysconfig/network-scripts/ifcfg-eth0 - contains ifup, ifdown, and ifcfg-* scripts
c. /etc/init.d/network - main service
service network status - checks netwo***ng
system-config-network-* - network interface configuration
Note: Either update your net configuration manually from the shell, or using the ''system-config-network'' tools to avoid losing setttings
/etc/resolv.conf - DNS configuration file
/etc/hosts - static list of hosts
IPv4 Aliases:
1. ifconfig eth0:1 192.168.75.11
2. ifconfig eth0:2 10.168.76.11
Note: To ensure that aliases persist do the following:
1. cp /etc/sysconfig/network-scripts/ifcfg-eth0 ./ifcfg-eth0:1
拥有帝国一切,皆有可能。欢迎访问phome.net
2. Modify ifcfg-eth0:1 to reflect aliased IP
Note: Aliases do NOT work dDHCP interfaces
ifconfig eth0:2 del 10.168.76.11 - removes the virtual interface
IPv6 Config
Features:
1. Auto-configured by default gateway (router)
2. fe80:: - link-local address (loopback/local subnet address)
3. 2002:: - 6to4 address, that can be configured based on IPv4 embedded address, using HEX notation
ping6 -I eth0 fe80::a00:27ff:fecf:4cdb
traceroute6 - used to trace routes on IPv6 networks
### Kernel Upgrade ###
Features:
1. Provision of updated/patched kernel
Task:
1. Update the kernel
a. use ''uname -a'' to reveal current version
b. use ''rpm -qa | grep -i kernel'' - to reveal installed version
c. cat /etc/grub.conf -> /boot/grub/grub.conf
2. Proper installation method is as follows:
a. ''rpm -ivh kernel*.rpm'' - install a separate version
Note: Install the following kernel packages if necessary:
a. kernel-devel* - if module compilation is necessary
b. kernel-headers* - if recompilation is necessary
Install:
a. rpm -ivh kernle-2.6.18-53.el5.i686.rpm
Note: This will update GRUB (/boot/grub/grub.conf)
Note: Will also place the new kernel in the /boot file system
Examine traces in:
a. /boot
b. /boot/grub/grub.conf
3. Remove traces of former kernel using ''rpm -e [--nodeps]''
a. rpm -e kernel-2.6.18-8.el5 - remove older version
b. rpm -e --nodeps kernel-headers-2.6.18-8.el5 - force remove ignoring dependencies
c. rpm -e kernel-devel-2.6.18-8.el5
4. Install new ''kernel-headers'' and ''kernel-devel'' packages using YUM
a. yum -y install kernel-headers
b. yum -y install kernel-devel
拥有帝国一切,皆有可能。欢迎访问phome.net
5. Confirm that the 3 ''kernel-*'' packages are installed:
a. rpm -qa | grep -i kernel
Note: Removal of older kernel-* packages cleans up:
a. /boot
b. /boot/grub/grub.conf (menu.lst)
###Runlevel Service Management Tools###
Features:
1. The ability to indicate desired runlevels for services
2. Service
/usr/sbin/ntsysv
Usage:
1. ''ntsysv'' - manages services in the current run-level
2. ''ntsysv --level 35'' - manages service for run-levels 3 & 5
Note: ntsysv nor chkconfig starts|stops services
/sbin/chkconfig
Chkconfig Usage
1. chkconfig --list ntpd - returns run-level environment for ''ntpd''
Note: items listed as ''off'' have K (kill) scripts
Note: items listed as ''on'' have S (start) scripts
2. ''chkconfig --level 3 ntpd off'' - creates a K(kill) script in run-level 3
3. ''chkconfig --level 35 ntpd off''
4. ''chkconfig ntpd on'' - enables ''ntpd'' in levels 2-5
5. ''chkconfig ntpd off'' - disables ''ntpd'' in levels 0-6
Note: Use ''chkconfig'' from the shell or a script
Note: Use ''ntsysv'' from the shell in interactive mode
Note: When controlling services using ''chkconfig'', reference the name of the service as it''s specified in: /etc/init.d
system-config-services - GUI tools to manage services
###Network Time Protocol (NTP) Implementation###
Features:
1. The ability to synch your system''s clock
2. Also can be used to synch other clocks
3. Implemented as: ''ntp-4.2...rpm'' package
4. Is hierarchial, using strata levels to denote time accuracy
/etc/ntp.conf - primary configuration
NTP Strata:
Features:
1. The ability to denote clock accuracy based on stratum
拥有帝国一切,皆有可能。欢迎访问phome.net
/etc/httpd/conf.d/ssl.conf - includes key SSL directives
b. crypto-utils - provies /usr/bin/genkey
2. Generate SSL usage keys using: genkey
a. genkey site1.linuxcbt.internal - creates text-gui interface
3. Update /etc/httpd/conf.d/ssl.conf to reference the new keys (public/private)
4. Restart the HTTPD server
a. service httpd restart
b. httpd -S
5. Test HTTPS connectivity
a. https://192.168.75.199
Note: For mutliple SSL sites, copy the: /etc/httpd/confid/ssl.conf file to distinct file, that match your distinct IP-based VHosts
###MySQL###
Features:
1. DBMS Engine
2. Compabtible with various frout-ends:
a. Perl
b. PHP
c. ODBC
d. GUI Management
Tasks:
1. Install MySQL Client & Server
a. yum -y install mysql
/etc/my.cnf - primary config file
/usr/bin/mysql - primary client used to interact with the server
/usr/bin/mysqladmin - primary admin utility to returns sueful info, and perform admin tasks from the shell
|