- What is the present version of os (e.g. Redhat
7.2)?
A. To find the version of Red Hat Linux you are currently running, cat or
more the following file:
# more /etc/redhat-release
Red Hat Linux release 9 (Shrike)
- How can I tell what version of the kernel I'm running,
(e.g. 2.4)?
A. By typing the following:
# uname -r
2.4.20-8
# uname -a
Linux brevryss.whoi.edu 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686
i386 GNU/Linux
NOTE: This same information is also found on reboot. When rebooting your
system, there will be a window asking you to select version of RH OS to
run, type “e” for edit here. You will see another screen similar
to the first but will display the kernel version info similar to above.
-
How can I tell who is using a file?
A. By typing the following, (must be run as root):
# fuser -u /usr/bin/ssh
/usr/bin/ssh: 2338e(root) 7123e(root) 7191e(root)
- What task is using a port?
A. The following methods and commands can be used to determine this information:
Must be run as root, this will not work unless you are root, type;
# fuser -n tcp 25 (This command gives you the process id that is using
TCP port 25 )
-
How long since last reboot?
A. By running the command: 'uptime' You can determine how long the system
has been running between system reboots. Example:
# uptime
16:25:08 up 5:54, 8 users, load average: 0.12, 0.14, 0.11
“16:25:08” is current time, “5:54” is the time
in hours and minutes, 5 hour and 54 minutes, the rest is self explanatory.....
-
Where are packages stored?
A. This is not so easy to define. “There is no standardization” of
where Linux installs its packages. To find a particular package, lets say
Perl, it is suggested to do the following:
# rpm -ql perl (this lists all of the files added to the file system
when the Perl package was installed, and where they were placed).
So, you don't know the package name or you just want to know what packages
were installed and where you might be able to find them, you might try:
# rpm -qla | more (This will give you more information than you'll ever
want to know...).
This command will list ALL installed packages, where they were placed
and display them one screen at a time. There are a lot of them on an RPM
based system! See example:
[root@ernest root]# rpm -qla |more
/etc/X11/desktop-menus
/etc/X11/desktop-menus/applications.menu
/etc/X11/desktop-menus/preferences.menu
/etc/X11/desktop-menus/server-settings.menu
/etc/X11/desktop-menus/start-here.menu
/etc/X11/desktop-menus/system-settings.menu
/etc/X11/starthere
/etc/X11/starthere/applications.desktop
/etc/X11/starthere/preferences.desktop
/etc/X11/starthere/serverconfig.desktop
/etc/X11/starthere/sysconfig.desktop
/usr/share/applications
/usr/share/desktop-menu-files
/usr/share/desktop-menu-files/Accessibility.directory
/usr/share/desktop-menu-files/Accessories.directory
/usr/share/desktop-menu-files/Advanced.directory
/usr/share/desktop-menu-files/AllPrograms.directory
/usr/share/desktop-menu-files/Applications.directory
/usr/share/desktop-menu-files/Development.directory
/usr/share/desktop-menu-files/Documentation.directory
/usr/share/desktop-menu-files/Extras.directory
/usr/share/desktop-menu-files/Games.directory
- What packages are installed?
A. For distributions that use RPM format packages, use the command:
$ rpm -qa (q=querry, a=all packages)
You need to be logged in as root You can save the output to a text
file for future reference, by using a command like;
rpm -qa > installed-packages
-
What is my present shell?
A. By typing: 'echo $SHELL' at the prompt, you will get output similar
to the
following:
[root@ernest root]# echo $SHELL
/bin/bash
[root@ernest root]#
(depending on which shell you're using). To change your shell you can simply
type:
bash-$> setenv SHELL tcsh
bash-$> export SHELL
bash-$> echo $SHELL
tcsh
This will only change the shell for this login event. To change it to another
shell for every login, you'll need to edit your ~/.login file.
-
How do I alter the default global path?
A. By editing the /.login (/.profile, /.bashrc or tcshrc, etc) file and
editing the PATH=$PATH:line. Very similar to the answer for question
10.
- How to alter the user directory path?
A. First, lets see what's in your path; type $PATH. See the following example:
# [root@ernest root]# echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
Now for making changes to the user directory path. Edit /etc/.profile,
(for system- wide settings) or ~/.bash_profile (user specific settings,
may also be ~/.tcsh_profile) and add this line; 'export PATH=$PATH:[directory
to be added]'. On your next login this directory will become part of your
$PATH. If you only want that directory added for this login session type
the same line as above but at a command line prompt:
# set PATH=$PATH:[directory to be added] ; export PATH (this is for
bourn shell), for other shells i.e. bash or tcsh, try:
setenv PATH $PATH:[directory to be added]
- How do I set my prompt?
A. Various people and distributions set their $PS strings in different places.
The most common places are /etc/profile, /etc/bashrc, ~/.bash_profile,
and ~/.bashrc.
It should be stressed that PS1=..blah.. should be set in .bashrc and not
.profile.
The reason PS1 string should be set in .bashrc. is because non-interactive
bashes go out of their way to unset PS1. The bash man page tells how the
presence or absence of PS1 is a good way of knowing whether one is in an
interactive vs non- interactive (ie script) bash session.
Example:
[ayork@gladius]$more .bashrc
PS1="[\u@\h]\$" (which gives me the string: [ayork@gladius]$)
If I edit this file and change the line to read: PS1="[\w] \u:\h
-> " then I get the following PS1 prompt:
[~] ayork:gladius -> (my new prompt)
- Where are the routing tables stored?
A. The routing table is not a file, but the routing information is stored
in the kernel. You can use the command “route -n” to display
the table. The route table is empty on boot.
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
128.128.92.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 128.128.92.1 0.0.0.0 UG 0 0 0 eth0
You will need to configure the default route into the operating system,
which writes it to the kernel forwarding table when networking is started.
When making changes or modifying the route table, the /etc/sysconfig/network
gets modified. Once the file has been modified, rather than rebooting,
you can make your changes take effect by running:
# /etc/init.d/network restart
NOTE: Please do not use routed. CIS recommends that you turn off any
and all un- necessary processes for security reasons. Routed is not used
within the context of the WHOI domain.
- Where are the ifconfig's stored?
A. There are many Configuration tools for various network configuration:
They are:
netconf A GUI interactive interface available on Red Hat 6.1
linuxconf A GUI interactive interface available on Red Hat 6.1 which includes
netconf configuration.
netconfig A GUI step by step interface
ifconfig A text based program to configure the network interface. Type "man
ifconfig" for info.
The programs listed above will modify values in the following files:
/etc/sysconfig/network -Defines your network and some of its characteristics.
/etc/HOSTNAME - Shows the host name of this host. IF your name is "myhost" then
that is exactly the text this file will contain.
/etc/resolv.conf - Specifies the domain to be searched for host names to
connect to, the nameserver address, and the search order for the nameservers.
/etc/host.conf - Specifies the order nameservice looks to resolve names.
/etc/hosts - Shows addresses and names of local hosts.
/etc/networks - Provides a database of network names with network addresses
similar to the /etc/hosts file. This file is not required for operation.
/etc/sysconfig/network-scripts/ifcfg-eth* - There is a file for each network
interface. This file contains the IP address of the interface and many
other setup variables.
-
Where is the hostname stored?
A. You have to keep address translation and DNS in mind here to fully grasp
this answer. A host on a network is really known by it's IP address and
ethernet address... Now on a network, you may give a system a name, or
many names that match an IP address. So a machine may be known by several
DNS names but locally the machine may have a totally different hostname.
There is a command 'hostname' that when typed at the prompt, will return
something similar to the following:
[root@ernest root]# hostname
ernest.whoi.edu
The local host name will be found in the /etc/sysconfig/network file as
well as /etc/hosts. For example:
[root@ernest root]# more /etc/hosts
127.0.0.1 ernest.whoi.edu localhost
(This info is from a Red Hat 8 system.)
You can also run the following command:
[root@ernest root]# more /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=ernest.whoi.edu
-
Where is the domain name stored?
A. Without getting into a whole discussion about how DNS works and C-NAME
files, the following answer is a 'short' answer if you will, simply for
the purposes of this document. The domainname is in the /etc/resolv.conf.
It should be the first line of 3. In the case of WHOI if you were to 'more
/etc/resolv.conf ' you would see the following:
# more /etc/resolv.conf
domain whoi.edu
nameserver 128.128.16.1
nameserver 128.128.16.2
NOTE:
The 'domainname' is not necessary in a non-NIS network. For Linux purposes
here at WHOI, the above answer is correct. However if trying to discover
the answer to the question on an NIS network, then typing 'domainname'
at the prompt, should get a similar result to the following:
# domainname
whoi.edu
- How to start network services via xinetd?
A. xinetd "/etc/init.d/xinetd start" (stop and restart arguments
as well.)
- How to turn on security logging?
A. Syslogd is the daemon which does the actual logging. The configuration
file for syslogd is /etc/syslog.conf. Basically, syslogd puts time-stamped
messages into log files as designated by syslog.conf. The log files can
then be viewed to construct a history of the events occurring on your system.
Syslogd is started along with the other startup scripts in /etc/rc.d/rc3.d
or /etc/rc.d/rc5.d.
Security precautions to take:
Make sure the time is correct on your system. Otherwise you will have
trouble tracing problems and breakins. System logs are generally kept
in the /var partition, mainly /var/log. Make sure that /var is large
enough to hold much more than the basic log file. This is to prevent
accidental overflows, which could potentially erase important logging
info.
The default syslog.conf does not do a very good job of logging. Try
changing the entry for /var/log/messages to:
*.info /var/log/messages
If you start getting too much of a certain message (say from sendmail),
you can always bump that particular facility down by doing:
*.info;mail.none /var/log/messages
Many other security programs such as ssh and tcpwrappers will log to
syslogd. It is important that syslogd is always running on your system.
Additional security precautions to take:
Turn off inetd, sendmail, everything, but make sure you have basic
networking up. Make sure the time is always correct on the loghost. In
order to allow the loghost to receive syslog messages from other machines,
you may need to enable it to receive remote logging. (Find out first
by reading the syslogd man pages). Do this by adding the r command line
upon syslogd startup.
Edit /etc/rc.d/init.d/syslog, and find the line:
daemon syslogd
and change it to:
daemon syslogd -r
Next, tell all of your clients to log to this machine in addition to
their local files. This can by done by adding a line which designates
the action as the loghost, with an "@" sign in front of it
to the bottom of /etc/syslog.conf:
*.info @logboy.caltech.edu
Once you restart syslogd, the client will send all of its log messages
to logboy.caltech.edu, which will also then log the messages to its local
files. Be sure that the client is able to resolve logboy.caltech.edu
at all times. A suggestion is to add a special entry in /etc/hosts so
that logging is not interrupted if there is a resolving problem.
Again, make sure the loghost is as secure as possible: the only thing
it should be running is syslogd.
- How to maximize general logging output?
A. Linux logs are in plain text, so you can search and read them without
having to use special tools. You can also write scripts that scan through
logs and perform automatic functions based on the contents. Linux logs
are contained in the
/var/log directory. There are several log files that are maintained by the
system, but other services and programs may put their log files here too.
Most logs are only readable by root, but that can be changed by simply changing
the access rights to the file.
The /var/log/messages file is the core system log file. It contains the
boot messages when the system came up as well as other status messages
as the system runs. Errors with IO, networking, and other general system
errors are reported in this file. Other information, such as when someone
becomes root, is listed here as well. If services are running, such as
DHCP servers, you can watch the action in the messages file. /var/log/messages
is generally your first place to
look when you are troubleshooting.
Example:
[root@ernest root]# more /var/log/messages (or less, head, tail...)
ernest syslogd 1.4.1: restart.
Mar 1 11:16:23 ernest sshd(pam_unix)[11881]: session opened for user cstock
by (uid=500)
Mar 1 11:16:46 ernest sshd(pam_unix)[11881]: session closed for user cstock
Mar 1 11:28:04 ernest sshd(pam_unix)[12040]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser= rhost=saul.whoi.edu user=cstock
Mar 1 11:28:07 ernest sshd(pam_unix)[12042]: session opened for user cstock
by (uid=500)
Mar 1 11:28:07 ernest sshd(pam_unix)[12042]: session closed for user cstock
Mar 1 11:29:44 ernest sshd(pam_unix)[12083]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser= rhost=saul.whoi.edu user=cstock
Mar 1 11:29:47 ernest sshd(pam_unix)[12085]: session opened for user cstock
by (uid=500)
[root@ernest root]# dmesg (Kernel boot log).
This log is also available in the file /var/log/dmesg.
- How Do I Resize a Partition Non-Destructively?
A. GNU parted, a partition editor, is stable enough for non-guru, mere-mortal
use with relative confidence. Source code for the latest version is at:
ftp.gnu.org/pub/gnu/parted/.
There's also a boot disk image for resizing root partitions and for running
parted on non-Linux machines. The disk image may be easier for beginners.
Building from source could require some extra configuration. Parted also
has
tutorial-style, plain-text documentation for Linux and FAT (MS-DOS) file
systems.
Also, some commercial distributions come with their own partitioning
software, like Partition Magic.
- How to make a rescue floppy.
A. Make a file system on the floppy with bin. Etc, lib and dev directories,
everything you need. Install a kernel on it and arrange to have GRUB (or
LILO) boot it from the floppy, (see GRUB (or LILO) documentation). If you
build the kernel, (or tell GRUB (LILO) to tell the kernel...) to have a
RAM disk the same size as the floppy, the RAM disk will be loaded at boot
time and get mounted as root in place of the floppy. See the Bootdisk HOWTO.
- I forgot the root password, now what?
A. If your Linux distribution permits, try booting into single-user mode
by typing “single” at the BOOT prompt. With more recent distributions,
you can boot into single-user mode when prompted by typing “linux
1", "linux single”, or “init=/bin/bash”.
If the above doesn't work for you, boot from the installation or rescue
floppy, and switch to another virtual console with Alt-F1 – Alt-F8,
and then mount the root file system on /mnt. Then proceed with the steps
below to determine if your system has standard or shadow passwords, and
how to remove the password.
Using your favorite text editor, edit the root entry of the /etc/passwd
file to remove the password, which is located between the first and second
colons. '''Do this ONLY if the password field does not contain an 'x',
in which case see below.''
root:Yhgew13xs:0:0:...
Change this to:
root::0:0:...
If the password field contains an 'x', then you must remove the password
from the /etc/shadow file, which is in a similar format. Refer to the manual
pages:
man passwd, and man 5 shadow.
- What are Linux run levels and how can I see which
programs and applications are running in each run level?
A. Linux has 6 different run levels (or operating modes):
rc1.d - Single User Mode
rc2.d - Single User Mode with Networking
rc3.d - Multi-User Mode - boot up in text mode
rc4.d - Not yet Defined
rc5.d - Multi-User Mode - boot up in X Windows
rc6.d – Shutdown
Each mode has it's own list of settings for what services to start and what
services to shutdown. Not only does this list contain what is supposed to
be running, but also what order each service should be started in.
The 'chkconfig' command will list all the registered services and display
their status at each different run level. Most of the time when your server
boots up it will start in run level 3 or 5 depending on what it is set to.
This setting can be found in the file /etc/inittab. If you ever want to change
what mode your server defaults to on bootup, just edit that file, but NEVER
change it to run level 6 or else you will set your server to shutdown on
bootup.
Example:
[root@ernest root]# chkconfig –list (will list the following info,
including services info)
ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
random 0:off 1:off 2:on 3:on 4:on 5:on 6:off
.....etc.....
xinetd based services:
chargen-udp: off
chargen: off
daytime-udp: off
....etc.......
In the folder: /etc/rc.d are all the run level folders starting from rc1.d
to rc6.d and including init.d.
It is in each of these rc#.d folders where the service run settings are kept.
If you change directory into /etc/rc.d/rc3.d all the files that start with
a capital S are the services that will start at this run level. All the files
that start with a K are the services that will be killed at that run level.
- How can I make run level changes, such as stopping
and starting programs and applications?
A. First determine which run level a current application or program is in
by running the 'chkconfig' (Red Hat and Mandrake Linux systems )command with
the argument '--list'. Then edit the / etc/rc.d/{runlevel.d} file. For example,
in the answer above we ran the 'chkconfig --list' command and argument. Taking
the line from the output with 'syslog' we'll demonstrate how this changes.
Example:
# chkconfig --list
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
This shows us that syslog is currently turned off in run levels 1 and
6, and turned on in run levels 2, 3, 4, and 5. Lets say you want this turned
of for run levels 2 and 4 as well.
# cd /etc/rc.d/rc2.d
# pwd
/etc/rc.d/rc2.d
# ls
S12syslog
# mv S12syslog K12syslog
# ls
K12syslog
Do the same for run level 4. Now run chkconfig –list again.
# chkconfig –list
syslog 0:off 1:off 2:off 3:on 4:off 5:on 6:off
For other Linux Distributions:
A. (Debian): The program "update-rc.d" is a root-only program
in Debian for setting whether particular init.d scripts are run when entering
particular run levels. See the man page update-rc.d(8).
Its chief parameter is the name of an init.d script. This should be the
bare name (without directory) of a script in /etc/init.d. This script MUST
accept the "start" and "stop" parameters.
To cause an init.d script to be started in the default run levels (2,
3, 4, and 5) and stopped in the shutdown and single-user run levels (0,
1, and 6):
# update-rc.d scriptname defaults
To cause an init.d script to NOT be started or stopped:
update-rc.d scriptname remove
To specify which run levels to start and stop in, for instance, to start
in 5 and stop in all others:
update-rc.d scriptname start 5 stop 0 1 2 3 4 6
NOTE: Normally you do not need to use "update-rc.d" yourself,
as Debian packages for daemons run it for you with their own defaults when
added or removed. Because it is easy to add and remove packages in Debian,
the normal thing to do is to _uninstall_ a package if you do not want it
running. Note also that "update-rc.d" does NOT start or stop
the daemon itself. All it does is create or remove symlinks in the /etc/rc?.d
directories.
- What are some networking commands?
A. Network Analysis Tools:
netstat - Displays information about the systems network connections, including
port connections, routing tables, and more.
netstar -r" will display the routing table.
traceroute - This command can be used to determine the network route from
your computer to some other computer on your network or the internet. To
use it you can type "route IPaddress" of the computer you want
to see the route to.
nslookup - Used to query DNS servers for information about hosts.
arp - This program lets the user read or modify their arp cache.
tcpdump - This program allows the user to see TCP traffic on their network.
dig(1) - Send domain name query packets to name servers for debugging or
testing.
- Linux Boot Process.
A. Before Red Hat Linux can start up on your system, it must be told to boot
by special instructions placed on a boot loader, code that exists on your
primary hard drive or other media device that knows how to start the Linux
kernel.
If you only use one version of the Linux kernel, then the exact process
used by the boot loader to start Linux is not all that important. The
Linux installation program allows you to quickly and easily configure
the boot loader in your hard drive's Master Boot Record (MBR) to load
the operating system.
However, if you wish to have the choice to boot from multiple Linux
kernels or other operating systems, then knowledge of the method used
by Red Hat Linux to provide the necessary options to you, as well as
an understanding of the boot process and what to change, is essential.
How does the boot loader in the MBR know what to do when the MBR is
read? There are 2 files depending on which version or distribution of
Linux, LILO and GRUB. LILO actually has instructions written in the MBR
which can be edited through the use of 'lilo' command to edit the /etc/lilo.conf
configuration file. GRUB also has written the instructions in the /boot/grub/grub.conf
configuration file. Regardless of which Boot loader you use it first
loads the kernel into memory, then the kernel passes control to init.
The kernel finds init in /sbin and executes it, and init coordinates
the rest of the boot process. When init starts, it becomes the parent
or grandparent of all of the processes that start up automatically on
your Linux system. First, it runs the
/etc/rc.d/rc.sysinit script, which sets your path, starts swapping, checks
the filesystems, and so on. Then, init runs the /etc/inittab script, which
describes how the system should be set up in each runlevel and sets the
default runlevel.
Next, init starts all of the background processes necessary for the
system to run by looking in the appropriate rc directory for that runlevel,
/etc/rc.d/rc(x).d, where the xis numbered (0-6). After init has progressed
through all of the runlevels, the /etc/inittab script forks a getty process
for each virtual console (login prompts) for each runlevel (runlevels
2-5 get all six; runlevel 1, which is single user mode, only gets one
console; runlevels 0 and 6 get no virtual consoles). This allows users
to authenticate themselves to the system and begin to use it.
SysV init is the standard init process in the Linux world to control
the startup of software at boot time, because it is easier to use and
more powerful and flexible than the traditional BSD init. SysV init also
differs from BSD init in that the configuration files are in /etc/rc.d
instead of residing directly in /etc. SysV init represents each of the
init runlevels with a separate directory, using init and symbolic links
in each of the directories to actually stop and start the services as
the system moves from runlevel to runlevel. In summary, the chain of
events for a SysV init boot is as follows:
