Linux+ Certification Study Guide
NIS and NFS
Apache
Sendmail
Postfix
Firewalls
Samba
Ubuntu Server
Ubuntu Hacking
Overall Good Linux Administration Book
You might have to find a new Firewalls book as that one may be out of print. Its a really good firewalls book and most of the books on this subject are pretty weak. I have never read the Ubuntu books I just saw them and thought they looked pretty good. I have all of the other books including the firewalls book. These are my recommended books and I suggest you get the Linux+ Study Guide book and then take that certification and pass it.
Hope you enjoyed the class.
Sunday, November 16, 2008
Kernel Compiling
Kernel Compiling Chapter 15:
Follow the training videos in the order below and follow along in the blog. Between the two resources this will make doing the labs so much easier. Remember the compiling process for the kernel changes almost monthly. So refer to both sources for how to go about compiling the kernel.
1. DownloadingKernelFedora32Bit.ogg
2. FedoraCompilingKernelRPMSourceSetup.ogg
3. ComilingKernelFedora.ogg
Compiling Problems: Install Development Packages:
Install all of the development packages if you have not already. When you installed Red Hat 8 you were told to install all of the development packages also. In order to compile the kernel you must have the compiling tools installed. These are referred to as the development tools. If you can not compile the kernel then you are probably missing these development packages. You can download these packages from the graphical yum and not at the command line terminal. Select Add and Remove Software menu "I think its called" from the top left most menu on your desktop. It is the last menu option at the bottom. Select it then go to the development section and check all of the program packages in the list. Then select install for the graphical yum to install them. This will take awhile so if you have this problem please do this before class.
Installing the Kernel Source Code:
You should have already of FTPed the source directory from my FTP server. If you have not then you need to down load the kernel and create the symbolic link.
Red Hat Only Way:
su --
cd $HOME
yumdownloader --source kernel
yum install rpmdevtools
rpm -Uhv kernel*rpm
cd /root/rpmbuild/SPECS
yum install xmlto asciidoc
rpmbuild -bp --target $(arch) kernel.spec
cd /root/rpmbuild/BUILD/kernel*
ls
cp -Rfv linux* /usr/src/kernels
For all other distributions of linux not Red Hat. If you are using Centos then do it this way.
Download from www.kernel.org linux 3.0 stable
cd
cd Downloads
su --
cp ./linux-3.*.tar.bz2 /usr/src/kernels
cd /usr/src/kernels
bunzip2 linux-3.*.tar.bz2
tar xvf linux-3.2.2.tar
cd ..
Do not type yourkernelversion make sure you put in your kernel version number there in its place.
ln -s /usr/src/kernels/linux-yourkernelversion /usr/src/linux
an example of how to do the symbolic link is on page 528.
cd /usr/src/linux
Compiling The Graphical User Interface For The Kernel Custimization:
use the command use the command below in order to build the interface.
yum install gtk+ libglade2-devel glib
make gconfig
You will want to edit the makefile and add the special programming option at the top of the kernel for optimized compiling. We are going to compile at optimization level 4. Note that is an O as in Orange -O4 and not a -04 like 0 1 2 3.
Change:
HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer
HOSTCXXFLAGS = -O2
To:
HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O4 -fomit-frame-pointer
HOSTCXXFLAGS = -O4
Compiling The Kernel:
Once you have edited the makefile and configured the kernel then you are ready to start compiling. You can do all of the compiling commands on a single line in the terminal which will save you a lot of time and headaches.
make clean; make vmlinux; make modules; make modules_install; make;
Moving the Kernel To The Boot Directory:
the generated kernel to the /boot directory and then use the make install command. Page 532 shows in your book covers this step.
yum install mkinitrd
make install
Now edit the GRUB configuration file by hand or you can use Webmin which is much easier to add the new kernel entry for booting. To edit the file by hand look in your book at page 533-535.
Now reboot Linux and see your new entry in the boot loader. Go ahead and select it to see if it runs. If it does not thats ok you are done with this project, but in the real world you would have to go back and reconfigure your kernel until you fixed the problem go back and look at your hardware configuration.
Stoping Your Compile:
If you want to stop your compile you do
ctrl-c
at the terminal. When you want to start up your compile again you run the commands.
make vmlinux; make modules; make modules_install; make;
and then continue on with the rest of the tutorial following those commands from above.
Starting From Scratch Again:
cd /usr/src/kernels
rm -rf YourKernelYouWantToRemove
Example:
rm -rf linux-2.6.32.i686
Now do your cp -Rfv linux* /usr/src/kernels command from above
Fix Configuration Errors:
make CONFIG_DEBUG_SECTION_MISMATCH=y
Follow the training videos in the order below and follow along in the blog. Between the two resources this will make doing the labs so much easier. Remember the compiling process for the kernel changes almost monthly. So refer to both sources for how to go about compiling the kernel.
1. DownloadingKernelFedora32Bit.ogg
2. FedoraCompilingKernelRPMSourceSetup.ogg
3. ComilingKernelFedora.ogg
Compiling Problems: Install Development Packages:
Install all of the development packages if you have not already. When you installed Red Hat 8 you were told to install all of the development packages also. In order to compile the kernel you must have the compiling tools installed. These are referred to as the development tools. If you can not compile the kernel then you are probably missing these development packages. You can download these packages from the graphical yum and not at the command line terminal. Select Add and Remove Software menu "I think its called" from the top left most menu on your desktop. It is the last menu option at the bottom. Select it then go to the development section and check all of the program packages in the list. Then select install for the graphical yum to install them. This will take awhile so if you have this problem please do this before class.
Installing the Kernel Source Code:
You should have already of FTPed the source directory from my FTP server. If you have not then you need to down load the kernel and create the symbolic link.
Red Hat Only Way:
su --
cd $HOME
yumdownloader --source kernel
yum install rpmdevtools
rpm -Uhv kernel*rpm
cd /root/rpmbuild/SPECS
yum install xmlto asciidoc
rpmbuild -bp --target $(arch) kernel.spec
cd /root/rpmbuild/BUILD/kernel*
ls
cp -Rfv linux* /usr/src/kernels
For all other distributions of linux not Red Hat. If you are using Centos then do it this way.
Download from www.kernel.org linux 3.0 stable
cd
cd Downloads
su --
cp ./linux-3.*.tar.bz2 /usr/src/kernels
cd /usr/src/kernels
bunzip2 linux-3.*.tar.bz2
tar xvf linux-3.2.2.tar
cd ..
Do not type yourkernelversion make sure you put in your kernel version number there in its place.
ln -s /usr/src/kernels/linux-yourkernelversion /usr/src/linux
an example of how to do the symbolic link is on page 528.
cd /usr/src/linux
Compiling The Graphical User Interface For The Kernel Custimization:
use the command use the command below in order to build the interface.
yum install gtk+ libglade2-devel glib
make gconfig
You will want to edit the makefile and add the special programming option at the top of the kernel for optimized compiling. We are going to compile at optimization level 4. Note that is an O as in Orange -O4 and not a -04 like 0 1 2 3.
Change:
HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer
HOSTCXXFLAGS = -O2
To:
HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O4 -fomit-frame-pointer
HOSTCXXFLAGS = -O4
Compiling The Kernel:
Once you have edited the makefile and configured the kernel then you are ready to start compiling. You can do all of the compiling commands on a single line in the terminal which will save you a lot of time and headaches.
make clean; make vmlinux; make modules; make modules_install; make;
Moving the Kernel To The Boot Directory:
the generated kernel to the /boot directory and then use the make install command. Page 532 shows in your book covers this step.
yum install mkinitrd
make install
Now edit the GRUB configuration file by hand or you can use Webmin which is much easier to add the new kernel entry for booting. To edit the file by hand look in your book at page 533-535.
Now reboot Linux and see your new entry in the boot loader. Go ahead and select it to see if it runs. If it does not thats ok you are done with this project, but in the real world you would have to go back and reconfigure your kernel until you fixed the problem go back and look at your hardware configuration.
Stoping Your Compile:
If you want to stop your compile you do
ctrl-c
at the terminal. When you want to start up your compile again you run the commands.
make vmlinux; make modules; make modules_install; make;
and then continue on with the rest of the tutorial following those commands from above.
Starting From Scratch Again:
cd /usr/src/kernels
rm -rf YourKernelYouWantToRemove
Example:
rm -rf linux-2.6.32.i686
Now do your cp -Rfv linux* /usr/src/kernels command from above
Fix Configuration Errors:
make CONFIG_DEBUG_SECTION_MISMATCH=y
Monday, October 20, 2008
Samba Server
This server counts as 2 grades for a total of 100 points each. You may use the Red Hat graphical tools or Webmin.
Samba Server:
Make sure you install all of the required and optional programs for Samba at the beginning of chapter 23 in your book. Now you can follow along with your book and use the graphical tools and the command line tools in red hat to setup the Samba Server or you can use Webmin.
Webmin:
http://doxfer.com/Webmin/SambaWindowsFileSharing
Samba Client:
Now test your Samba Server in windows to see the Linux shares, printing, etc. Page 735 in your book will tell you how to do this.
Samba Server:
Make sure you install all of the required and optional programs for Samba at the beginning of chapter 23 in your book. Now you can follow along with your book and use the graphical tools and the command line tools in red hat to setup the Samba Server or you can use Webmin.
Webmin:
http://doxfer.com/Webmin/SambaWindowsFileSharing
Samba Client:
Now test your Samba Server in windows to see the Linux shares, printing, etc. Page 735 in your book will tell you how to do this.
Sendmail Server
This server is worth 2 grades of 100 points.
Sendmail:
You need to setup an IMAP as opposed to a POP3 server. Sendmail is one of the most complex servers and for this reason I would prefer that you setup this server with Webmin. Chapter 20 in your book talks about webmin and what you need to install in order to get it to run. You need to install all of the required and optional programs in order to get it to work.
Webmin Sendmail:
Tutorials:
http://doxfer.com/Webmin/SendmailBasicConfiguration
http://doxfer.com/Webmin/SendmailVirtualHosting
Webmin Sendmail Module:
http://doxfer.com/Webmin/SendmailConfiguration
Setup your mail reader with thunderbird to get your first emails from your webserver. Read and send mail to other users on your server.
Sendmail:
You need to setup an IMAP as opposed to a POP3 server. Sendmail is one of the most complex servers and for this reason I would prefer that you setup this server with Webmin. Chapter 20 in your book talks about webmin and what you need to install in order to get it to run. You need to install all of the required and optional programs in order to get it to work.
Webmin Sendmail:
Tutorials:
http://doxfer.com/Webmin/SendmailBasicConfiguration
http://doxfer.com/Webmin/SendmailVirtualHosting
Webmin Sendmail Module:
http://doxfer.com/Webmin/SendmailConfiguration
Setup your mail reader with thunderbird to get your first emails from your webserver. Read and send mail to other users on your server.
Apache
yum install httpd apr apr-util
/sbin/chkconfig httpd on
/sbin/service httpd start
now its running.
This server is worth 2 grades of 100 points.
Apache Web Server HTTP:
Chapter 26 in your book. You can use the graphical tools in Red Hat or you can use webmin.
Webmin:
Tutorials:
http://doxfer.com/Webmin/ApacheBasicConfiguration
http://doxfer.com/Webmin/Name-BasedVirtualHosting
Apache webmin module documentation:
http://doxfer.com/Webmin/ApacheWebserver
When Apache is properly setup you should be able to go to your server in your web browser by typing it in and you should see a webpage. Apache runs on port 80 since it is a web server. An example would be:
http://instructserver/
/sbin/chkconfig httpd on
/sbin/service httpd start
now its running.
This server is worth 2 grades of 100 points.
Apache Web Server HTTP:
Chapter 26 in your book. You can use the graphical tools in Red Hat or you can use webmin.
Webmin:
Tutorials:
http://doxfer.com/Webmin/ApacheBasicConfiguration
http://doxfer.com/Webmin/Name-BasedVirtualHosting
Apache webmin module documentation:
http://doxfer.com/Webmin/ApacheWebserver
When Apache is properly setup you should be able to go to your server in your web browser by typing it in and you should see a webpage. Apache runs on port 80 since it is a web server. An example would be:
http://instructserver/
SSH Server Client
Single grade of a possible 100 points. You can use webmin or the standard terminal commands to setup the server and client.
SSH Server:
Install openssh, and openssh-server if they are not already installed. Page 603 in your book tells you how to easily setup the server.
SSH Client:
Install openssh-clients if they are not already installed. Page 595 in your book tells how to setup the clients to test the server.
Webmin how to for SSH:
http://doxfer.com/Webmin/SSHServer
SSH Server:
Install openssh, and openssh-server if they are not already installed. Page 603 in your book tells you how to easily setup the server.
SSH Client:
Install openssh-clients if they are not already installed. Page 595 in your book tells how to setup the clients to test the server.
Webmin how to for SSH:
http://doxfer.com/Webmin/SSHServer
NIS
This project counts as 2 grades.
Setting Up The NIS Server:
Use Webmin to setup the NIS server. Install webmin by downloading it from http://www.webmin.com/ or from my FTP server. Please ask to be added to my NIS server if your user has not already been added before you download from my FTP server. You need to have ypserv installed before you can setup the NIS server. You can use yum install ypserv at the terminal command prompt if you are root. Launch webmin by starting firefox and then use http://localhost:10000/ if you are using Red Hat fedora 8 if you are using Red Hat Fedora 6 you need to use https://localhost:10000/ Please check you hosts file if this does not work as your hosts file is probably blank and will need loopback put into the file. Add the entry to the hosts file:
127.0.0.1 localhost
Also you need a name for your server so first off since we are being fed dhcp IP addresses so you will need to use ifconfig at the terminal prompt to find your ip address for your computer and put that into the hosts file along with the name of your server. The entry will look something like this.
10.78.108.32 instructorserver
where instructorserver is the name of my server but please use a good name for your own server. Save the hosts file. Go to Network in webmin and then click on NIS. Click on NIS server. Define the NIS domain this should not be a web domain like .com, .net, .biz, .gov, .org, etc. I have been using domain.nis for my domain. Also you need to enter the name of your server computer. You need to check the options for the server and for the NIS domain. When you are finished you only need to click save and apply.
Setting up the NIS Client:
Make sure that you have yp-tools and ypbind. These programs are probably already installed on your server. You can check them by using the commands at the terminal prompt.
rpm -q yp-tools
rpm -q ypbind
If these tools are not installed then you need to use yum to install them. To install these tools at the terminal prompt type the following.
yum install yp-tools
yum install ypbind
Now go to the client part for NIS in webmin and input the NIS domain from the NIS server and the server name. Click on save and apply and you are finished.
Setting Up The NIS Server:
Use Webmin to setup the NIS server. Install webmin by downloading it from http://www.webmin.com/ or from my FTP server. Please ask to be added to my NIS server if your user has not already been added before you download from my FTP server. You need to have ypserv installed before you can setup the NIS server. You can use yum install ypserv at the terminal command prompt if you are root. Launch webmin by starting firefox and then use http://localhost:10000/ if you are using Red Hat fedora 8 if you are using Red Hat Fedora 6 you need to use https://localhost:10000/ Please check you hosts file if this does not work as your hosts file is probably blank and will need loopback put into the file. Add the entry to the hosts file:
127.0.0.1 localhost
Also you need a name for your server so first off since we are being fed dhcp IP addresses so you will need to use ifconfig at the terminal prompt to find your ip address for your computer and put that into the hosts file along with the name of your server. The entry will look something like this.
10.78.108.32 instructorserver
where instructorserver is the name of my server but please use a good name for your own server. Save the hosts file. Go to Network in webmin and then click on NIS. Click on NIS server. Define the NIS domain this should not be a web domain like .com, .net, .biz, .gov, .org, etc. I have been using domain.nis for my domain. Also you need to enter the name of your server computer. You need to check the options for the server and for the NIS domain. When you are finished you only need to click save and apply.
Setting up the NIS Client:
Make sure that you have yp-tools and ypbind. These programs are probably already installed on your server. You can check them by using the commands at the terminal prompt.
rpm -q yp-tools
rpm -q ypbind
If these tools are not installed then you need to use yum to install them. To install these tools at the terminal prompt type the following.
yum install yp-tools
yum install ypbind
Now go to the client part for NIS in webmin and input the NIS domain from the NIS server and the server name. Click on save and apply and you are finished.
Friday, October 10, 2008
FTP Server
Setup the FTP Server:
Step 1: Create a directory in the /var/ftp and give it the proper permissions. You need to have your host file and your user, group accounts setup from the NFS server. This is the same process for the FTP server.
Step 2: Place some files into your new FTP server director that you just created.
Step 3: Now you can setup and run the FTP server. Look at page 612 in your book for how to do this.
Client FTP Login To Test The Server FTP:
Step 1: Test the server with the client login. Now that you have your server running you can do a test login with the proper user name and password. Look at page 603-607
Step 2: Now upload a file and download another file from your FTP server.
Step 1: Create a directory in the /var/ftp and give it the proper permissions. You need to have your host file and your user, group accounts setup from the NFS server. This is the same process for the FTP server.
Step 2: Place some files into your new FTP server director that you just created.
Step 3: Now you can setup and run the FTP server. Look at page 612 in your book for how to do this.
Client FTP Login To Test The Server FTP:
Step 1: Test the server with the client login. Now that you have your server running you can do a test login with the proper user name and password. Look at page 603-607
Step 2: Now upload a file and download another file from your FTP server.
Tuesday, October 7, 2008
NFS
Network File System:
You can review NFS in chapter 22. This project is worth two grades one grade for the NFS Server and one grade for the NFS Client.
Step 1:
install first
su --
yum install nfs-utils
chkconfig nfs on
service nfs start
cd /
mkdir sharenet
chown guest sharenet
chgrp guest sharenet
chmod 770 sharenet
Step 2:
download webmin.
RPM suitable for Redhat, Fedora, CentOS, SuSE or Mandrake Linux
http://prdownloads.sourceforge.net/webadmin/webmin-1.550-1.noarch.rpm 16.3 MB
put into your web browser localhost.localdomain:10000
logging into webmin your user is root
then the password is the root password to your system.
webmin setup from the video.
Step 3:
open a new terminal and type
su guest
cd
mkdir nfsclient
Step 4:
Go back to your terminal where you are root
mount localhost:/sharenet /home/guest/nfsclient
Step 5:
Go back to your terminal where you are guest
cd nfsclient
touch whatever
ls
Step 6:
Go back to your terminal where you are root
cd /sharenet
ls
your done show the instructor to be graded
You can review NFS in chapter 22. This project is worth two grades one grade for the NFS Server and one grade for the NFS Client.
Step 1:
install first
su --
yum install nfs-utils
chkconfig nfs on
service nfs start
cd /
mkdir sharenet
chown guest sharenet
chgrp guest sharenet
chmod 770 sharenet
Step 2:
download webmin.
RPM suitable for Redhat, Fedora, CentOS, SuSE or Mandrake Linux
http://prdownloads.sourceforge.net/webadmin/webmin-1.550-1.noarch.rpm 16.3 MB
put into your web browser localhost.localdomain:10000
logging into webmin your user is root
then the password is the root password to your system.
webmin setup from the video.
Step 3:
open a new terminal and type
su guest
cd
mkdir nfsclient
Step 4:
Go back to your terminal where you are root
mount localhost:/sharenet /home/guest/nfsclient
Step 5:
Go back to your terminal where you are guest
cd nfsclient
touch whatever
ls
Step 6:
Go back to your terminal where you are root
cd /sharenet
ls
your done show the instructor to be graded
Firewalls and Security
Firewalls:
Open the ports for all of the servers we are going to be doing this quarter. Do not open a port for telnet as this is dangerous for a server and can be used to easily hack a server. Open SSH, FTP, DNS, Apache will also be considered port 80 HTTP/HTTPS, NFS, NIS, SMTP, IMAP, POP3, CUPS, and Samba.
NSA Secure Linux: SELinux
Trouble Shoot SE Linux for each server that you setup. Your SELinux should be set to permissive mode.
Open the ports for all of the servers we are going to be doing this quarter. Do not open a port for telnet as this is dangerous for a server and can be used to easily hack a server. Open SSH, FTP, DNS, Apache will also be considered port 80 HTTP/HTTPS, NFS, NIS, SMTP, IMAP, POP3, CUPS, and Samba.
NSA Secure Linux: SELinux
Trouble Shoot SE Linux for each server that you setup. Your SELinux should be set to permissive mode.
Lab Installing Linux For Servers
Kickstart:
You will need to run the kickstart program and setup a server installation for the type of server you want to run as a server administrator for your make believe company. You will need to tell me why you choose the configuration that you have setup and how it will work best for your servers.
Kickstart is on page 63 in your book 3rd edition.
For a review on how to setup hard drive partitions please read pages. 58-69
Remember to setup your partitions according to your server configuration.
/boot partition is for the Linux kernels and this partition is where you boot the Linux system.
/ partition is the root directory which contains all of the files in the computer.
/home partition is where users personal directories and files are stored.
/opt partition is a special partition that is required by some programs out in the industry such as oracle.
/etc partition holds configuration files and logs so breaking this off as another directory can help guard against run away log files that eat up an entire system.
/var partition is where the WAN servers operating files are going to be stored such as web pages, web accounts etc.
/usr account is where programs and other such programs can be stored.
Installation of the system is outlined in chapters 2 and 3 in your book.
You will need to run the kickstart program and setup a server installation for the type of server you want to run as a server administrator for your make believe company. You will need to tell me why you choose the configuration that you have setup and how it will work best for your servers.
Kickstart is on page 63 in your book 3rd edition.
For a review on how to setup hard drive partitions please read pages. 58-69
Remember to setup your partitions according to your server configuration.
/boot partition is for the Linux kernels and this partition is where you boot the Linux system.
/ partition is the root directory which contains all of the files in the computer.
/home partition is where users personal directories and files are stored.
/opt partition is a special partition that is required by some programs out in the industry such as oracle.
/etc partition holds configuration files and logs so breaking this off as another directory can help guard against run away log files that eat up an entire system.
/var partition is where the WAN servers operating files are going to be stored such as web pages, web accounts etc.
/usr account is where programs and other such programs can be stored.
Installation of the system is outlined in chapters 2 and 3 in your book.
Subscribe to:
Comments (Atom)