Linux Bible 9th Ed (2015)
Part VII. Appendixes
Appendix B. Exercise Answers
This appendix provides answers to each of the chapter exercises. There are many ways to accomplish tasks in Linux. The answers provided here are suggestions.
Some of the exercises require that you modify system files that could change the basic functioning of your system, or even make it unbootable. Therefore, I recommend that you do the exercises on a Linux system that you are free to modify and erase if something should go wrong.
Chapter 2: Creating the Perfect Linux Desktop
The following section details some ways these tasks can be completed on both the GNOME 2 and GNOME 3 desktops.
1. To get started, you need a Linux system in front of you to do the procedures in this book. An installed system is preferable so you don't lose your changes when you reboot. To start out, you can use a Fedora Live CD (or installed system), an Ubuntu installed system, or a Red Hat Enterprise Linux installed system. Here are your choices:
· Fedora Live CD (GNOME 3)—Get a Fedora Live CD as described in Appendix A. Run it live, as described in the “Starting with the Fedora GNOME Desktop Live CD” section of Chapter 2, or install it and run it from hard disk as described in Chapter 9, “Installing Linux.”
· Ubuntu (GNOME 3)—Install Ubuntu, and install the GNOME Shell software as described in the beginning of Chapter 2.
· Red Hat Enterprise Linux 7 (GNOME 3)—Install Red Hat Enterprise Linux 7 as described in Chapter 9.
· Red Hat Enterprise Linux 6 or earlier (GNOME 2)—Install Red Hat Enterprise Linux 6 as described in Chapter 9.
2. To launch the Firefox web browser and go to the GNOME home page (http://gnome.org), there are some easy steps to take. If your networking is not working, refer to Chapter 14, “Administering Networking,” for help connecting to wired and wireless networks.
· For GNOME 3, you can press the Windows key to get to the Overview screen. Then type Firefox to highlight just the Firefox Web Browser icon. Press Enter to launch it. Type http://gnome.org in the location box, and press Enter.
· For GNOME 2, select the Firefox icon from the top menu bar. Type http://gnome.org in the location box, and press Enter.
3. To pick a background you like from the GNOME art site (http://gnome-look.org), download it to your Pictures folder, and select it as your current background on both GNOME 2 and GNOME 3 systems, do the following:
a. Type http://gnome-look.org/ in the Firefox location box, and press Enter.
b. Find a background you like and select it, and then click zoom to display it.
c. Right-click the image, and select Set as Desktop Background.
d. From the pop-up that appears, select the position and color of the background image.
e. Select the Set Desktop Background button. The image is used as your desktop background, and the image is copied to the file Firefox_wallpaper.png in your home directory.
4. To start a Nautilus File Manager window and move it to the second workspace on your desktop, do the following:
· For GNOME 3:
a. Press the Windows key.
b. Grab the Files icon from the Dash (left side) and drag it onto an unused workspace on the right side. A new instance of Nautilus starts in that workspace.
· For GNOME 2:
a. Open the Home folder from the GNOME 2 desktop (double-click).
b. Right-click in the Nautilus title bar that appears, and select either Move to Workspace Right or Move to Another Workspace (you can select which workspace you want from the list).
5. To find the image you downloaded to use as your desktop background and open it in any image viewer, first go to your Home folder.
The image should appear in that folder when you open Nautilus. Simply double-click the Firefox_wallpaper.png icon to open the image in the default image viewer. If you have multiple image viewers on your system, right-click the icon and select the application you want to use to open it.
6. Moving back and forth between the workspace with Firefox on it and the one with the Nautilus file manager is fairly straightforward.
If you did the previous exercises properly, Nautilus and Firefox should be in different workspaces. Here's how you can move between those workspaces in GNOME 3 and GNOME 2:
· In GNOME 3, press the Windows key, and double-click the workspace you want in the right column. As an alternative, you can go directly to the application you want by pressing Alt+Tab and pressing Tab again to highlight the application you want to open.
· In GNOME 2, select the workspace you want with your mouse by clicking the small representation of the workspace in the right side of the lower panel. If you happen to have Desktop Effects enabled (System 
Preferences Desktop Effects Compiz), try pressing Ctrl+Alt+right arrow (or left arrow) to spin to the next workspace.
7. To open a list of applications installed on your system and select an image viewer to open from that list using as few clicks or keystrokes as possible, do the following:
· In GNOME 3, move the mouse to the upper-left corner of the screen to get to the Overview screen. Select Applications, select Graphics from the right column, and then select Image Viewer.
· In GNOME 2, select Applications Graphics Image Viewer to open an image viewer window on the desktop.
8. To change the view of the windows on your current workspace to smaller views of those windows you can step through, do the following:
· In GNOME 3, with multiple windows open on multiple workspaces, press and hold the Alt+Tab keys. While continuing to hold the Alt key, press Tab until you highlight the application you want. Release the Alt key to select it. (Notice that applications that are not on the current workspace are to the right of a line dividing the icons.)
· In GNOME 2, with multiple windows open on multiple workspaces, press and hold the Ctrl+Alt+Tab keys. While continuing to hold the Ctrl+Alt keys, press Tab until you have highlighted the application you want. Release the Ctrl and Alt keys to select it.
9. To launch a music player from your desktop using only the keyboard, do the following:
· In GNOME 3:
a. Press the Windows key to go to the Overview screen.
b. Type Rhyth (until the icon appears and is highlighted), and press Enter. (In Ubuntu, if you don't have Rhythmbox installed, type Bansh to open the Banshee Media Player.)
· In GNOME 2:
Press Alt+F2. From the Run Application box that appears, type rhythmbox and press Enter.
10.To take a picture of your desktop using only keystrokes, press the Print Screen key to take a screenshot of your entire desktop in both GNOME 3 and GNOME 2. Press Alt+Print Screen to take a screenshot of just the current window. In both cases, the images are saved to the Pictures folder in your home folder.
Chapter 3: Using the Shell
1. To switch virtual consoles and return to the desktop:
a. Hold Ctrl+Alt and press F2 (Ctrl+Alt+F2). A text-based console should appear.
b. Type your username (press Enter) and password (press Enter).
c. Type a few commands, such as id, pwd, and ls.
d. Type exit to exit the shell and return to the login prompt.
e. Press Ctrl+Alt+F1 to return to the virtual console that holds your desktop. (On different Linux systems, the desktop may be on different virtual consoles. Ctrl+Alt+F7 is another common place to find it.)
2. For your Terminal window, to make the font red and the background yellow:
a. From the GNOME desktop, select Applications System Tools Terminal to open a Terminal window.
b. From the Terminal window, select Edit Profiles.
c. With Default highlighted from the Profiles window, select Edit.
d. Select the Colors Tab and deselect the Use colors from system theme box.
e. Select the box next to Text Color, click the color red you want from the color wheel, and click OK.
f. Select the box next to Background Color, click the color yellow you want from the color wheel, and click OK.
g. Click Close on each window to go back to the Terminal window with the new colors.
h. Go back and reselect the Use colors from system theme box to go back to the default Terminal colors.
3. To find the mount command and tracepath man page:
· Run type mount to see that the mount command's location is /bin/mount.
· Run locate tracepath to see that the tracepath man page is at /usr/share/man/man8/tracepath.8.gz.
4. To run, recall, and change these commands as described:
5. $ cat /etc/passwd
6. $ ls $HOME
$ date
. Press the up arrow until you see the cat /etc/passwd command. If your cursor is not already at the end of the line, press Ctrl+E to get there. Backspace over the word passwd, type the word group, and press Enter.
a. Type man ls and find the option to list by time (-t). Press the up arrow until you see the ls $HOME command. Use the left arrow key or Alt+B to position your cursor to the left of $HOME. Type -t, so the line appears as ls -t $HOME. Press Enter to run the command.
b. Type man date to view the date man page. Use the up arrow to recall the date command and add the format indicator you found. A single %D format indicator gets the results you need:
c. $ date +%D
12/08/11
7. Use tab completion to type basename /usr/share/doc/. Type basen<Tab> /u<Tab>sh<Tab>do<Tab> to get basename /usr/share/doc/.
8. Pipe /etc/services to the less command: $ cat /etc/services | less.
9. Make output from the date command appear in this format: Today is Thursday, December 10, 2015.
$ echo "Today is $(date +'%A, %B %d, %Y')"
10.View variables to find your current hostname, username, shell, and home directories.
11. $ echo $HOSTNAME
12. $ echo $USERNAME
13. $ echo $SHELL
$ echo $HOME
14.To add a permanent mypass alias that displays the contents of the /etc/passwd file:
. Type nano $HOME/.bashrc.
a. Move the cursor to an open line at the bottom of the page (press Enter to open a new line if needed).
b. On its own line, type alias m="cat /etc/passwd".
c. Type Ctrl+O to save and Ctrl+X to exit the file.
d. Type source $HOME/.bashrc.
e. Type alias m to make sure the alias was set properly: alias m='cat /etc/passwd'.
f. Type m (the /etc/passwd file displays on the screen).
15.To display the man page for the mount system call, use the man -k command to find man pages that include the word mount (using the ^ ensures that only commands beginning with the word mount are displayed). Then use the mount command with the correct section number (2) to get the proper mount man page:
16. $ man -k ^mount
17. mount (2) - mount file system
18. mount (8) - mount a filesystem
19. mountpoint (1) - see if a directory is a mountpoint
20. mountstats (8) - Displays NFS client per-mount statistics
21. $ man 2 mount
22. MOUNT(2) Linux Programmer's Manual MOUNT(2)
23. NAME
24. mount - mount file system
25. SYNOPSIS
26. #include <sys/mount.h>
27. .
28. .
.
Chapter 4: Moving around the Filesystem
1. Create the projects directory, create nine empty files (house1 to house9), and list just those files.
2. $ mkdir $HOME/projects/
3. $ touch $HOME/projects/house{1..9}
$ ls $HOME/projects/house{1..9}
4. Make the $HOME/projects/houses/doors/ directory path, and create some empty files in that path.
5. $ cd
6. $ mkdir projects/houses
7. $ touch $HOME/projects/houses/bungalow.txt
8. $ mkdir $HOME/projects/houses/doors/
9. $ touch $HOME/projects/houses/doors/bifold.txt
10. $ mkdir -p $HOME/projects/outdoors/vegetation/
$ touch projects/outdoors/vegetation/landscape.txt
11.Copy the files house1 and house5 to the $HOME/projects/houses/ directory.
$ cp $HOME/projects/house[15] $HOME/projects/houses
12.Recursively copy the /usr/share/doc/initscripts* directory to the $HOME/projects/ directory.
$ cp -ra /usr/share/doc/initscripts*/ $HOME/projects/
13.Recursively list the contents of the $HOME/projects/ directory. Pipe the output to the less command so you can page through the output.
$ ls -lR $HOME/projects/ | less
14.Remove the files house6, house7, and house8 without being prompted.
$ rm -f $HOME/projects/house[678]
15.Move house3 and house4 to the $HOME/projects/houses/doors directory.
$ mv projects/house{3,4} projects/houses/doors/
16.Remove the $HOME/projects/houses/doors directory and its contents.
$ rm -rf projects/houses/doors/
17.Change the permissions on the $HOME/projects/house2 file so it can be read and written to by the user who owns the file, only read by the group, and have no permission for others.
$ chmod 640 $HOME/projects/house2
18.Recursively change the permissions of the $HOME/projects/ directory so that nobody has write permission to any files or directory beneath that point in the file system.
19. $ chmod -R a-w $HOME/projects/
20. $ ls -lR /home/joe/projects/
21. /home/joe/projects/:
22. total 12
23. -r--r--r--. 1 joe joe 0 Jan 16 06:49 house1
24. -r--r-----. 1 joe joe 0 Jan 16 06:49 house2
25. -r--r--r--. 1 joe joe 0 Jan 16 06:49 house5
26. -r--r--r--. 1 joe joe 0 Jan 16 06:49 house9
27. dr-xr-xr-x. 2 joe joe 4096 Jan 16 06:57 houses
28. dr-xr-xr-x. 2 joe joe 4096 Jul 1 2014 initscripts-9.03.40
dr-xr-xr-x. 3 joe joe 4096 Jan 16 06:53 outdoors
Chapter 5: Working with Text Files
1. Follow these steps to create the /tmp/services file, and then edit it so that “WorldWideWeb” appears as “World Wide Web”.
2. $ cp /etc/services /tmp
3. $ vi /tmp/services
4. /WorldWideWeb<Enter>
cwWorld Wide Web<Esc>
The next two lines show the before and after.
http 80/tcp www www-http # WorldWideWeb HTTP
http 80/tcp www www-http # World Wide Web HTTP
5. One way to move the paragraph in your /tmp/services file is to search for the first line of the paragraph, delete five lines (5dd), go to the end of the file (G), and put in the text (p):
6. $ vi /tmp/services
7. /Note that it is<Enter>
8. 5dd
9. G
p
10.To use ex mode to search for every occurrence of the term tcp (case sensitive) in your /tmp/services file and change it to WHATEVER, you can type the following:
11. $ vi /tmp/services
:g/tcp/s//WHATEVER/g<Enter>
12.To search the /etc directory for every file named passwd and redirect errors from your search to /dev/null, you can type the following:
$ find /etc -name passwd 2> /dev/null
13.Create a directory in your home directory called TEST. Create files in that directory named one, two, and three that have full read/write/execute permissions on for everyone (user, group, and other). Construct a find command that would find those files and any other files that have write permission open to “others” from your home directory and below.
14. $ mkdir $HOME/TEST
15. $ touch $HOME/TEST/{one,two,three}
16. $ chmod 777 $HOME/TEST/{one,two,three}
17. $ find $HOME -perm -002 -type f -ls
18. 148120 0 -rwxrwxrwx 1 chris chris 0 Jan 1 08:56 /home/chris/TEST/two
19. 148918 0 -rwxrwxrwx 1 chris chris 0 Jan 1 08:56 home/chris/TEST/three
147306 0 -rwxrwxrwx 1 chris chris 0 Jan 1 08:56 /home/chris/TEST/one
20.Find files under the /usr/share/doc directory that have not been modified in more than 300 days.
$ find /usr/share/doc -mtime +300
21.Create a /tmp/FILES directory. Find all files under the /usr/share directory that are more than 5MB and less than 10MB and copy them to the /tmp/FILES directory.
22. $ mkdir /tmp/FILES
23. $ find /usr/share -size +5M -size -10M -exec cp {} /tmp/FILES \;
24. $ du -sh /tmp/FILES/*
25. 7.0M /tmp/FILES/cangjie5.db
26. 5.4M /tmp/FILES/cangjie-big.db
8.3M /tmp/FILES/icon-theme.cache
27.Find every file in the /tmp/FILES directory and make a backup copy of each file in the same directory. Use each file's existing name and just append .mybackup to create each backup file.
$ find /tmp/FILES/ -type f -exec cp {} {}.mybackup \;
28.Install the kernel-doc package in Fedora or Red Hat Enterprise Linux. Using grep, search inside the files contained in the /usr/share/doc/kernel-doc* directory for the term e1000 (case insensitive) and list the names of the files that contain that term.
NOTE: The kernel-doc package was dropped for Fedora 21. To complete this exercise for Fedora 21, install kernel-core and use the /usr/share/kcbench-data/linux-*/Documentation directory instead of /usr/share/doc/kernel-doc*.
# yum install kernel-doc
$ cd /usr/share/doc/kernel-doc*
$ grep -rli e1000 .
./Documentation/powerpc/booting-without-of.txt ./Documentation/networking/e100.txt
...
29.Search for the e1000 term again in the same location, but this time list every line that contains the term and highlight the term in color.
30. $ cd /usr/share/doc/kernel-doc-*
$ grep -ri --color e1000 .
Chapter 6: Managing Running Processes
1. To list all processes running on your system with a full set of columns, while piping the output to less, type the following:
$ ps -ef | less
2. To list all processes running on the system and sort those processes by the name of the user running each process, type the following:
$ ps -ef --sort=user | less
3. To list all processes running on the system with the column names process ID, user name, group name, nice value, virtual memory size, resident memory size, and command, type the following:
4. $ ps -eo 'pid,user,group,nice,vsz,rss,comm' | less
5. PID USER GROUP NI VSZ RSS COMMAND
6. 1 root root 0 19324 1236 init
7. 2 root root 0 0 0 kthreadd
8. 3 root root - 0 0 migration/0
4 root root 0 0 0 ksoftirqd/0
9. To run the top command and then go back and forth between sorting by CPU usage and memory consumption, type the following:
10. $ top
11. P
12. M
13. P
M
14.To start the gedit process from your desktop and use the System Monitor window to kill that process, type the following:
$ gedit &
Next, in GNOME 2 select Applications System Tools System Monitor, or in GNOME 3 type System Monitor from the Activities screen and press Enter. Find the gedit process on the Processes tab (you can sort alphabetically to make it easier by clicking the Process Name heading). Right-click the gedit command, and then select either End Process or Kill Process; the gedit window on your screen should disappear.
15.To run the gedit process and use the kill command to send a signal to pause (stop) that process, type the following:
16. $ gedit &
17. [1] 21532
$ kill -SIGSTOP 21578
18.To use the killall command to tell the gedit command (paused in the previous exercise) to continue working, do the following:
$ killall -SIGCONT gedit
Make sure the text you typed after gedit was paused now appears in the window.
19.To install the xeyes command, run it about 20 times in the background, and run killall to kill all 20 xeyes processes at once, type the following:
20. # yum install xorg-x11-apps
21. $ xeyes &
22. $ xeyes &
23. ...
$ killall xeyes
Remember, you need to be the root user to install the package. After that, remember to repeat the xeyes command 20 times. Spread the windows around on your screen, and move the mouse for fun to watch the eyes move. All the xeyes windows should disappear at once when you type killall xeyes.
24.As a regular user, run the gedit command so it starts with a nice value of 5.
25. $ nice -n 5 gedit &
[1] 21578
26.To use the renice command to change the nice value of the gedit command you just started to 7, type the following:
27. $ renice -n 7 21578
21578: old priority 0, new priority 7
Use any command you like to verify that the current nice value for the gedit command is now set to 7. For example, you could type this:
$ ps -eo 'pid,user,nice,comm' | grep gedit
21578 chris 7 gedit
Chapter 7: Writing Simple Shell Scripts
1. Here's an example of how to create a script in your $HOME/bin directory called myownscript. When the script runs, it should output information that looks as follows:
2. Today is Sat Dec 10 15:45:04 EDT 2016.
You are in /home/joe and your host is abc.example.com.
The following steps show one way to create the script named myownscript:
a. If it doesn't already exist, create a bin directory:
$ mkdir $HOME/bin
b. Using any text editor, create a script called $HOME/bin/myownscript that contains the following:
c. #!/bin/bash
d. # myownscript
e. # List some information about your current system
f. echo "Today is $(date)."
echo "You are in $(pwd) and your host is $(hostname)."
g. Make the script executable:
$ chmod 755 $HOME/bin/myownscript
3. To create a script that reads in three positional parameters from the command line, assigns those parameters to variables named ONE, TWO, and THREE, respectively, and then outputs that information in the specified format, do the following:
a. Replace X with the number of parameters and Y with all parameters entered. Then replace A with the contents of variable ONE, B with variable TWO, and C with variable THREE.
Here is an example of what that script could contain:
#!/bin/bash
# myposition
ONE=$1
TWO=$2
THREE=$3
echo "There are $# parameters that include: $@"
echo "The first is $ONE, the second is $TWO, the third is $THREE."
b. To create a script called $HOME/bin/myposition and make the script executable, type this:
$ chmod 755 $HOME/bin/myposition
c. To test it, run it with some command-line arguments, as in the following:
d. $ myposition Where Is My Hat Buddy?
e. There are 5 parameters that include: Where Is My Hat Buddy?
The first is Where, the second is Is, the third is My.
4. To create the script described, do the following:
a. To create a file called $HOME/bin/myhome and make it executable, type this:
b. $ touch $HOME/bin/myhome
$ chmod 755 $HOME/bin/myhome
c. Here's what the script myhome might look like:
d. #!/bin/bash
e. # myhome
f. read -p "What street did you grow up on? " mystreet
g. read -p "What town did you grow up in? " mytown
echo "The street I grew up on was $mystreet and the town was $mytown."
h. Run the script to check that it works. The following example shows what input and output for the script could look like:
i. $ myhome
j. What street did you grow up on? Harrison
k. What town did you grow up in? Princeton
The street I grew up on was Harrison and the town was Princeton.
5. To create the required script, do the following:
a. Using any text editor, create a script called $HOME/bin/myos and make the script executable:
b. $ touch $HOME/bin/myos
$ chmod 755 $HOME/bin/myos
c. The script could contain the following:
d. #!/bin/bash
e. # myos
f. read -p "What is your favorite operating system, Mac, Windows or
g. Linux? " opsys
h. if [ $opsys = Mac ] ; then
i. echo "Mac is nice, but not tough enough for me."
j. elif [ $opsys = Windows ] ; then
k. echo "I used Windows once. What is that blue screen for?"
l. elif [ $opsys = Linux ] ; then
m. echo "Great Choice!"
n. else
o. echo "Is $opsys an operating system?"
fi
6. To create a script named $HOME/bin/animals that runs the words moose, cow, goose, and sow through a for loop and have each of those words appended to the end of the line, “I have a...,” do the following:
a. Make the script executable:
b. $ touch $HOME/bin/animals
$ chmod 755 $HOME/bin/animals
c. The script could contain the following:
d. #!/bin/bash
e. # animals
f. for ANIMALS in moose cow goose sow ; do
g. echo "I have a $ANIMALS"
done
h. When you run the script, the output should look as follows:
i. $ animals
j. I have a moose
k. I have a cow
l. I have a goose
I have a sow
Chapter 8: Learning System Administration
1. You can open the Date & Time window from a GNOME desktop in RHEL or Fedora by doing one of the following:
· If it isn't already installed, install the system-config-date package (yum install system-config-date).
· Open a Terminal window and type system-config-date. If you do that as a regular user, you are prompted for the root password.
· From a GNOME 2.X desktop, select System Administration Date & Time.
· From a GNOME 3 desktop, select Activities and type System-Config-Date. When the Date & Time window opens, select the Time Zone tab to check your time zone.
2. To use System Monitor to sort all processes running on your system by username, type System Monitor from the Activities screen and press Enter. Click the settings button (icon with three lines), click All Processes, and click the User column. This sorts the processes by user name. Scroll down to see the processes.
3. To find all files under the /var/spool directory that are owned by users other than root and do a long listing of them, type the following (I recommend becoming root to find files that might be closed off to other users):
4. $ su -
5. Password: *********
# find /var/spool -not -user root -ls | less
6. To become root user and create an empty or plain text file named /mnt/test.txt, type the following:
7. $ su -
8. Password: *********
9. # touch /mnt/test.txt
10. # ls -l /mnt/test.txt
-rw-r--r--. 1 root root 0 Jan 9 21:51 /mnt/test.txt
11.To become root and edit the /etc/sudoers file to allow your regular user account (for example, bill) to have full root privilege via the sudo command, do the following:
12. $ su -
13. Password: *********
14. # visudo
15. o
16. bill ALL=(ALL) ALL
Esc ZZ
Because visudo opens the /etc/sudoers file in vi, the example types o to open a line, and then types in the line to allow bill to have full root privilege. After the line is typed, press ESC to return to command mode and type ZZ to write and quit.
17.To use the sudo command to create a file called /mnt/test2.txt and verify that the file is there and owned by the root user, type the following:
18. [bill]$ sudo touch /mnt/test2.txt
19. We trust you have received the usual lecture from the local System
20. Administrator. It usually boils down to these three things:
21. #1) Respect the privacy of others.
22. #2) Think before you type.
23. #3) With great power comes great responsibility.
24. [sudo] password for bill:
25. *********
26. [bill]$ ls -l /mnt/text2.txt
-rw-r--r--. 1 root root 0 Jan 9 23:37 /mnt/text2.txt
27.Do the following to mount and unmount a USB drive and watch the system journal during this process:
a. Run the journalctl -f command as root in a Terminal window and watch the output from here for the next few steps.
b. # journalctl -f
c. Jan 25 16:07:59 host2 kernel: usb 1-1.1: new high-speed USB device
d. number 16 using ehci-pci
e. Jan 25 16:07:59 host2 kernel: usb 1-1.1: New USB device found,
f. idVendor=0ea0, idProduct=2168
g. Jan 25 16:07:59 host2 kernel: usb 1-1.1: New USB device strings:
h. Mfr=1, Product=2, SerialNumber=3
i. Jan 25 16:07:59 host2 kernel: usb 1-1.1: Product: Flash Disk
j. Jan 25 16:07:59 host2 kernel: usb 1-1.1: Manufacturer: USB
k. ...
l. Jan 25 16:08:01 host2 kernel: sd 18:0:0:0: [sdb] Write Protect is off
m. Jan 25 16:08:01 host2 kernel: sd 18:0:0:0: [sdb]
n. Assuming drive cache: write through
o. Jan 25 16:08:01 host2 kernel: sdb: sdb1
p. Jan 25 16:08:01 host2 kernel: sd 18:0:0:0: [sdb]
Attached SCSI removable disk
q. Plug in a USB storage drive, which should mount a filesystem from that drive automatically. If it does not, run the following commands in a second terminal (as root) to create a mount point directory and mount the device:
r. # mkdir /mnt/test
# mount /dev/sdb1 /mnt/test
s. Unmount the device and unplug the USB drive:
# umount /dev/sdb1
28.To see what USB devices are connected to your computer, type the following:
$ lsusb
29.To load the bttv module, list the modules that were loaded, and unload it, type the following:
30. # modprobe -a bttv
31. # lsmod | grep bttv
32. bttv 124516 0
33. v4l2_common 10572 1 bttv
34. videobuf_dma_sg 9814 1 bttv
35. videobuf_core 20076 2 bttv,videobuf_dma_sg
36. btcx_risc 4416 1 bttv
37. rc_core 19686 7 ir_lirc_codec,ir_sony_decoder,
38. ir_jvc_decoder,ir_rc6_decoder
39. tveeprom 14042 1 bttv
40. videodev 76244 3 bttv,v4l2_common,uvcvideo
41. i2c_algo_bit 5728 2 bttv,i915
42. i2c_core 31274 9 bttv,v4l2_common,tveeprom,videodev,
i2c_i801,i915,drm_kms_helper
Notice that other modules (v4l2_common, videodev, and others) were loaded when you loaded bttv with modprobe -a.
43.Type the following to remove the bttv module along with any other modules that were loaded with it. Notice that they were all gone after running modprobe -r.
44. # modprobe -r bttv
# lsmod | grep bttv
Chapter 9: Installing Linux
1. To install a Fedora system from Fedora live media, follow the instructions in the “Installing Fedora from Live Media” section. In general, those steps include:
a. Booting the Live media.
b. Selecting to install to hard drive when the system boots up.
c. Adding information from the summary page about your language, storage, hostname, time zone, root password, and other items needed to initially configure your system.
d. Rebooting your computer, removing the Live medium, so the newly installed system boots from hard disk.
2. To update the packages, after the Fedora Live media installation is complete, do the following:
a. Reboot the computer and fill in the first boot questions as prompted.
b. Using a wired or wireless connection, make sure you have a connection to the Internet. Refer to Chapter 14, “Administering Networking,” if you have trouble getting your networking connection to work properly. Open a shell as the root user and type yum update.
c. When prompted, type y to accept the list of packages displayed. The system begins downloading and installing the packages.
3. To run the RHEL installation in text mode, do the following:
a. Boot the RHEL DVD.
b. When you see the boot menu, highlight one of the installation boot entries and press Tab. Move the cursor right to the end of the kernel line and type the literal option text at the end of that line. Press Enter to start the installer.
c. Try out the rest of the installation in text mode.
4. To set the disk partitioning as described in Question 4 for a Red Hat Enterprise Linux DVD installation, do the following:
CAUTION
This procedure ultimately deletes all content on your hard disk. If you want to just use this exercise to practice partitioning, you can reboot your computer before clicking Next at the very end of this procedure without harming your hard disk. After you go forward and partition your disk, assume that all data has been deleted.
a. On a computer you can erase with at least 10GB of disk space, insert a RHEL installation DVD, reboot, and begin stepping through the installation screens.
b. When you get to the Installation Summary screen, select Installation Destination.
c. From the Installation Destination screen, select the device to use for the installation (probably sda if you have a single hard disk that you can completely erase or vda for a virtual install).
d. Select the “I will configure partitioning” button.
e. Select Done to get to the Manual Partitioning screen.
f. If the existing disk space is already consumed, you need to delete the partitions before proceeding.
g. Click the plus (+) button at the bottom of the screen. Then add each of the following mount points:
h. /boot - 400M
i. / - 3G
j. /var - 2G
/home -2G
k. Select Done. You should see a summary of changes.
l. If the changes look acceptable, select Accept Changes. If you are just practicing and don't actually want to change your partitions, select Cancel & Return to Custom Partitioning. Then simply exit the installer.
Chapter 10: Getting and Managing Software
1. To search the YUM repository for the package that provides the mogrify command, type the following:
# yum provides mogrify
2. To display information about the package that provides the mogrify command and determine what that package's home page (URL) is, type the following:
# yum info ImageMagick
You will see that the URL to the home page for ImageMagick is http://www .imagemagick.org.
3. To install the package containing the mogrify command, type the following:
# yum install ImageMagick
4. To list all the documentation files contained in the package that provides the mogrify command, type the following:
5. # rpm -qd ImageMagick
6. ...
7. /usr/share/doc/ImageMagick/README.txt
8. ...
9. /usr/share/man/man1/identify.1.gz
10. /usr/share/man/man1/import.1.gz
/usr/share/man/man1/mogrify.1.gz
11.To look through the change log of the package that provides the mogrify command, type the following:
# rpm -q --changelog ImageMagick | less
12.To delete the mogrify command from your system and verify its package against the RPM database to see that the command is indeed missing, type the following:
13. # type mogrify
14. mogrify is /usr/bin/mogrify
15. # rm /usr/bin/mogrify
16. rm remove regular file '/usr/bin/mogrify'? y
17. # rpm -V ImageMagick
missing /usr/bin/mogrify
18.To reinstall the package that provides the mogrify command and make sure the entire package is intact again, type the following:
19. # yum reinstall ImageMagick
# rpm -V ImageMagick
20.To download the package that provides the mogrify command to your current directory, type the following:
21. # yumdownloader ImageMagick
ImageMagick-6.8.8.10-5.fc21.x86_64.rpm
22.To display general information about the package you just downloaded by querying the package's RPM file in the current directory, type the following:
23. # rpm -qip ImageMagick-6.8.8.10-5.fc21.x86_64.rpm
24. Name : ImageMagick
25. Version : 6.8.8.10
26. Release : 5.fc21
27. Architecture: x86_64
...
28.To remove the package containing the mogrify command from your system, type the following:
# yum remove ImageMagick
Chapter 11: Managing User Accounts
For questions that involve adding and removing user accounts, you can use the Users window, the User Manager window, or command-line tools such as useradd and usermod. The point is to make sure that you get the correct results shown in the answers that follow, not necessarily do it exactly the same way I did. There are multiple ways you can achieve the same results. The answers here show how to complete the exercises from the command line. (Become root user when you see a # prompt.)
1. To add a local user account to your Linux system that has a username of jbaxter and a full name of John Baxter, that uses /bin/sh as its default shell, and that is the next available UID (yours may differ from the one shown here), type the following. You can use thegrep command to check the new user account. Then set the password for jbaxter to: My1N1te0ut!
2. # useradd -c "John Baxter" -s /bin/sh jbaxter
3. # grep jbaxter /etc/passwd
4. jbaxter:x:1001:1001:John Baxter:/home/jbaxter:/bin/sh
5. # passwd jbaxter
6. Changing password for user jbaxter
7. New password: My1N1te0ut!
8. Retype new password: My1N1te0ut!
passwd: all authentication tokens updated successfully
9. To create a group account named testing that uses group ID 315, type the following:
10. # groupadd -g 315 testing
11. # grep testing /etc/group
testing:x:315:
12.To add jbaxter to the testing group and the bin group, type the following:
13. # usermod -aG testing,bin jbaxter
14. # grep jbaxter /etc/group
15. bin:x:1:bin,daemon,jbaxter
16. jbaxter:x:1001:
testing:x:315:jbaxter
17.To become jbaxter and temporarily have the testing group be jbaxter's default group, run touch /home/jbaxter/file.txt—so the testing group is assigned as the file's group—and do the following:
18. $ su - jbaxter
19. Password: My1N1te0ut!
20. sh-4.2$ newgrp testing
21. sh-4.2$ touch /home/jbaxter/file.txt
22. sh-4.2$ ls -l /home/baxter/file.txt
23. -rw-rw-r--. 1 jbaxter testing 0 Jan 25 06:42 /home/jbaxter/file.txt
sh-4.2$ exit ; exit
24.Note what user ID has been assigned to jbaxter, and then delete the user account without deleting the home directory assigned to jbaxter.
$ userdel jbaxter
25.Use the following command to find any files in the /home directory (and any subdirectories) that are assigned to the user ID that recently belonged to the user named jbaxter (when I did it, the UID/GID were both 1001; yours may differ). Notice that the usernamejbaxter is no longer assigned on the system, so any files that user created are listed as belonging to UID 1001 and GID 1001, except for a couple of files that were assigned to the testing group, because of the newgrp command run earlier:
26. # find /home -uid 1001 -ls
27. 262184 4 drwx------ 4 1001 1001 4096 Jan 25 08:00 /home/jbaxter
28. 262193 4 -rw-r--r-- 1 1001 1001 176 Jan 27 2011 /home/jbaxter/
29. .bash_profile
30. 262196 4 -rw------- 1 13602 testing 93 Jan 25 08:00 /home/jbaxter/
31. .bash_history
32. 262194 0 -rw-rw-r-- 1 13602 testing 0 Jan 25 07:59 /home/jbaxter/
33. file.txt
...
34.Run these commands to copy the /etc/services file to the /etc/skel/ directory; then add a new user to the system named mjones, with a full name of Mary Jones and a home directory of /home/maryjones. List her home directory to make sure the services file is there.
35. # cp /etc/services /etc/skel/
36. # useradd -d /home/maryjones -c "Mary Jones" mjones
37. # ls -l /home/maryjones
38. total 628
-rw-r--r--. 1 mjones mjones 640999 Jan 25 06:27 services
39.Run the following command to find all files under the /home directory that belong to mjones. If you did the exercises in order, notice that after you deleted the user with the highest user ID and group ID, those numbers were assigned to mjones. As a result, any files left on the system by jbaxter now belong to mjones. (For this reason, you should remove or change ownership of files left behind when you delete a user.)
40. # find /home -user mjones -ls
41. 262184 4 drwx------ 4 mjones mjones 4096 Jan 25 08:00 /home/jbaxter
42. 262193 4 -rw-r--r-- 1 mjones mjones 176 Jan 27 2011 /home/jbaxter/
43. .bash_profile
44. 262189 4 -rw-r--r-- 1 mjones mjones 18 Jan 27 2011 /home/jbaxter/
45. .bash_logout
46. 262194 0 -rw-rw-r-- 1 mjones testing 0 Jan 25 07:59 /home/jbaxter/
47. file.txt
48. 262188 4 -rw-r--r-- 1 mjones mjones 124 Jan 27 2011 /home/jbaxter/
49. .bashrc
50. 262197 4 drwx------ 4 mjones mjones 4096 Jan 25 08:27 /home/
51. maryjones
52. 262207 4 -rw-r--r-- 1 mjones mjones 176 Jan 27 2011 /home/maryjones/
53. .bash_profile
54. 262202 4 -rw-r--r-- 1 mjones mjones 18 Jan 27 2011 /home/maryjones/
55. .bash_logout
56. 262206 628 -rw-r--r-- 1 mjones mjones 640999 Jan 25 08:27 /home/
57. maryjones/services
58. 262201 4 -rw-r--r-- 1 mjones mjones 124 Jan 27 2011 /home/
maryjones/.bashrc
59.As the user mjones, you can use the following to create a file called /tmp/maryfile .txt and use ACLs to assign the bin user read/write permission and the lp group read/write permission to that file.
60. [mjones]$ touch /tmp/maryfile.txt
61. [mjones]$ setfacl -m u:bin:rw /tmp/maryfile.txt
62. [mjones]$ setfacl -m g:lp:rw /tmp/maryfile.txt
63. [mjones]$ getfacl /tmp/maryfile.txt
64. # file: tmp/maryfile.txt
65. # owner: mjones
66. # group: mjones
67. user::rw-
68. user:bin:rw-
69. group::rw-
70. group:lp:rw-
71. mask::rw-
other::r —
72.Run this set of commands (as mjones) to create a directory named /tmp/mydir and use ACLs to assign default permissions to it so that the adm user has read/write/execute permission to that directory and any files or directories created in it. Test that it worked by creating the /tmp/mydir/testing/ directory and /tmp/mydir/newfile.txt.
73. [mary]$ mkdir /tmp/mydir
74. [mary]$ setfacl -m d:u:adm:rwx /tmp/mydir
75. [mjones]$ getfacl /tmp/mydir
76. # file: tmp/mydir
77. # owner: mjones
78. # group: mjones
79. user::rwx
80. group::rwx
81. other::r-x
82. default:user::rwx
83. default:user:adm:rwx
84. default:group::rwx
85. default:mask::rwx
86. default:other::r-x
87. [mjones]$ mkdir /tmp/mydir/testing
88. [mjones]$ touch /tmp/mydir/newfile.txt
89. [mjones]$ getfacl /tmp/mydir/testing/
90. # file: tmp/mydir/testing/
91. # owner: mjones
92. # group: mjones
93. user::rwx
94. user:adm:rwx
95. group::rwx
96. mask::rwx
97. other::r-x
98. default:user::rwx
99. default:user:adm:rwx
100. default:group::rwx
101. default:mask::rwx
102. default:other::r-x
103. [mjones]$ getfacl /tmp/mydir/newfile.txt
104. # file: tmp/mydir/newfile.txt
105. # owner: mjones
106. # group: mjones
107. user::rw-
108. user:adm:rwx #effective:rw-
109. group::rwx #effective:rw-
110. mask::rw-
other::r--
Notice that the adm user effectively has only rw- permission. To remedy that, you need to expand the permissions of the mask. One way to do that is with the chmod command, as follows:
[mjones]$ chmod 775 /tmp/mydir/newfile.txt
[mjones]$ getfacl /tmp/mydir/newfile.txt
# file: tmp/mydir/newfile.txt
# owner: mjones
# group: mjones
user::rwx
user:adm:rwx
group::rwx
mask::rwx
other::r-x
Chapter 12: Managing Disks and Filesystems
1. To determine the device name of a USB flash drive that you want to insert into your computer, type the following and insert the USB flash drive (press Ctrl+C after you have seen the appropriate messages).
2. # tail -f /var/log/messages
3. kernel: [sdb] 15667200 512-byte logical blocks:
4. (8.02 GB/7.47 GiB)
5. Feb 11 21:55:59 cnegus kernel: sd 7:0:0:0:
6. [sdb] Write Protect is off
7. Feb 11 21:55:59 cnegus kernel: [sdb] Assuming
8. drive cache: write through
9. Feb 11 21:55:59 cnegus kernel: [sdb] Assuming
drive cache: write through
10.To list partitions on the USB flash drive on a RHEL 6 system, type the following:
# fdisk -c -u -l /dev/sdb
To list partitions on a RHEL 7 or Fedora system, type the following:
# fdisk -l /dev/sdb
11.To delete partitions on the USB flash drive, assuming device /dev/sdb, do the following:
12. # fdisk /dev/sdb
13. Command (m for help): d
14. Partition number (1-6): 6
15. Command (m for help): d
16. Partition number (1-5): 5
17. Command (m for help): d
18. Partition number (1-5): 4
19. Command (m for help): d
20. Partition number (1-4): 3
21. Command (m for help): d
22. Partition number (1-4): 2
23. Command (m for help): d
24. Selected partition 1
25. Command (m for help): w
# partprobe /dev/sdb
26.To add a 100MB Linux partition, 200MB swap partition, and 500MB LVM partition to the USB flash drive, type the following:
27. # fdisk /dev/sdb
28. Command (m for help): n
29. Command action
30. e extended
31. p primary partition (1-4)
32. p
33. Partition number (1-4): 1
34. First sector (2048-15667199, default 2048): <ENTER>
35. Last sector, +sectors or +size{K,M,G} (default 15667199): +100M
36. Command (m for help): n
37. Command action
38. e extended
39. p primary partition (1-4)
40. p
41. Partition number (1-4): 2
42. First sector (616448-8342527, default 616448): <ENTER>
43. Last sector, +sectors or +size{K,M,G} (default 15667199): +200M
44. Command (m for help): n
45. Command action
46. e extended
47. p primary partition (1-4)
48. p
49. Partition number (1-4): 3
50. First sector (616448-15667199, default 616448): <ENTER>
51. Using default value 616448
52. Last sector, +sectors or +size{K,M,G} (default 15667199): +500M
53. Command (m for help): t
54. Partition number (1-4): 2
55. Hex code (type L to list codes): 82
56. Changed system type of partition 2 to 82 (Linux swap / Solaris)
57. Command (m for help): t
58. Partition number (1-4): 3
59. Hex code (type L to list codes): 8e
60. Changed system type of partition 3 to 8e (Linux LVM)
61. Command (m for help): w
62. # partprobe /dev/sdb
63. # grep sdb /proc/partitions
64. 8 16 7833600 sdb
65. 8 17 102400 sdb1
66. 8 18 204800 sdb2
8 19 512000 sdb3
67.To put an ext3 filesystem on the Linux partition, type the following:
# mkfs -t ext3 /dev/sdb1
68.To create a mount point called /mnt/mypart and mount the Linux partition on it temporarily, do the following:
69. # mkdir /mnt/mypart
# mount -t ext3 /dev/sdb1 /mnt/mypart
70.To enable the swap partition and turn it on so additional swap space is immediately available, type the following:
71. # mkswap /dev/sdb2
# swapon /dev/sdb2
72.To create a volume group called abc from the LVM partition, create a 200MB logical volume from that group called data, create a VFAT filesystem on it, temporarily mount the logical volume on a new directory named /mnt/test, and then check that it was successfully mounted, type the following:
73. # pvcreate /dev/sdb3
74. # vgcreate abc /dev/sdb3
75. # lvcreate -n data -L 200M abc
76. # mkfs -t vfat /dev/mapper/abc-data
77. # mkdir /mnt/test
# mount /dev/mapper/abc-data /mnt/test
78.To grow the logical volume from 200MB to 300MB, type the following:
79. # lvextend -L +100M /dev/mapper/abc-data
# resize2fs -p /dev/mapper/abc-data
80.To safely remove the USB flash drive from the computer, do the following:
81. # umount /dev/sdb1
82. # swapoff /dev/sdb2
83. # umount /mnt/test
84. # lvremove /dev/mapper/abc-data
85. # vgremove abc
# pvremove /dev/sdb3
You can now safely remove the USB flash drive from the computer.
Chapter 13: Understanding Server Administration
1. To log in to any account on another computer using the ssh command, type the following, and then enter the password when prompted:
2. $ ssh joe@localhost
3. joe@localhost's password:
4. *********
[joe]$
5. To display the contents of a remote /etc/system-release file and have its contents displayed on the local system using remote execution with the ssh command, do the following:
6. $ ssh joe@localhost "cat /etc/system-release"
7. joe@localhost's password: *********
Fedora release 21 (Twenty One)
8. To use X11 forwarding to display a gedit window on your local system and then save a file on the remote home directory, do the following:
9. $ ssh -X joe@localhost "gedit newfile"
10. joe@localhost's password: ********
11. $ ssh joe@localhost "cat newfile"
12. joe@localhost's password: ********
This is text from the file I saved in joe's remote home directory
13.To recursively copy all the files from the /usr/share/selinux directory on a remote system to the /tmp directory on your local system in such a way that all the modification times on the files are updated to the time on the local system when they are copied, do the following:
14. $ scp -r joe@localhost:/usr/share/selinux /tmp
15. joe@localhost's password: ********
16. irc.pp.bz2 100% 9673 9.5KB/s 00:00
17. dcc.pp.bz2 100% 15KB 15.2KB/s 00:01
18. $ ls -l /tmp/selinux | head
19. total 20
20. drwxr-xr-x. 3 root root 4096 Apr 18 05:52 devel
21. drwxr-xr-x. 2 root root 4096 Apr 18 05:52 packages
drwxr-xr-x. 2 root root 12288 Apr 18 05:52 targeted
22.To recursively copy all the files from the /usr/share/logwatch directory on a remote system to the /tmp directory on your local system in such a way that all the modification times on the files from the remote system are maintained on the local system, try this:
23. $ rsync -av joe@localhost:/usr/share/logwatch /tmp
24. joe@localhost's password: ********
25. receiving incremental file list
26. logwatch/
27. logwatch/default.conf/
28. logwatch/default.conf/logwatch.conf
29. $ ls -l /tmp/logwatch | head
30. total 16
31. drwxr-xr-x. 5 root root 4096 Apr 19 2011 default.conf
32. drwxr-xr-x. 4 root root 4096 Feb 28 2011 dist.conf
drwxr-xr-x. 2 root root 4096 Apr 19 2011 lib
33.To create a public/private key pair to use for SSH communications (no passphrase on the key), copy the public key file to a remote user's account with ssh-copy-id, and use key-based authentication to log in to that user account without having to enter a password, use the following code:
34. $ ssh-keygen
35. Generating public/private rsa key pair.
36. Enter file in which to save the key (/home/joe/.ssh/id_rsa): ENTER
37. /home/joe/.ssh/id_rsa already exists.
38. Enter passphrase (empty for no passphrase): ENTER
39. Enter same passphrase again: ENTER
40. Your identification has been saved in /home/joe/.ssh/id_rsa.
41. Your public key has been saved in /home/joe/.ssh/id_rsa.pub.
42. The key fingerprint is:
43. 58:ab:c1:95:b6:10:7a:aa:7c:c5:ab:bd:f3:4f:89:1e joe@cnegus.csb
44. The key's randomart image is:
45. $ ssh-copy-id -i ~/.ssh/id_rsa.pub joe@localhost
46. joe@localhost's password: ********
47. Now try logging into the machine, with "ssh 'joe@localhost'",
48. and check in:
49. .ssh/authorized_keys
50. to make sure we haven't added extra keys that you weren't expecting.
51. $ ssh joe@localhost
52. $ cat .ssh/authorized_keys
53. ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyN2Psp5/LRUC9E8BDCx53yPUa0qoOPd
54. v6H4sF3vmn04V6E7D1iXpzwPzdo4rpvmR1ZiinHR2xGAEr2uZag7feKgLnww2KPcQ6S
55. iR7lzrOhQjV+SGb/a1dxrIeZqKMq1Tk07G4EvboIrq//9J47vI4l7iNu0xRmjI3TTxa
56. DdCTbpG6J3uSJm1BKzdUtwb413x35W2bRgMI75aIdeBsDgQBBiOdu+zuTMrXJj2viCA
57. XeJ7gIwRvBaMQdOSvSdlkX353tmIjmJheWdgCccM/1jKdoELpaevg9anCe/yUP3so31
tTo4I+qTfzAQD5+66oqW0LgMkWVvfZI7dUz3WUPmcMw== chris@abc.example.com
58.To create an entry in /etc/rsyslog.conf that stores all authentication messages at the info level and higher into a file named /var/log/myauth, do the following. Watch from one terminal as the data comes in.
59. # vim /etc/rsyslog.conf
60. authpriv.info /var/log/myauth
61. # service rsyslog restart
62. or
63. # systemctl restart rsyslog.service
64. <Terminal 1> <Terminal 2>
65. # tail -f /var/log/myauth $ ssh joe@localhost
66. Apr 18 06:19:34 abc unix_chkpwd[30631] joe@localhost's password:
67. Apr 18 06:19:34 abc sshd[30631] Permission denied,try again
68. :pam_unix(sshd:auth):
69. authentication failure;logname= uid=501
70. euid=501 tty=ssh ruser= rhost=localhost
71. user=joe
72. Apr 18 06:19:34 abc sshd[30631]:
73. Failed password for joe from
127.0.0.1 port 5564 ssh2
74.To determine the largest directory structures under /usr/share, sort them from largest to smallest, and list the top 10 of those directories in terms of size using the du command, type the following:
75. $ du -s /usr/share/* | sort -rn | head
76. 527800 /usr/share/locale
77. 277108 /usr/share/fonts
78. 265772 /usr/share/icons
79. 253844 /usr/share/doc
...
80.To show the space that is used and available from all the filesystems currently attached to the local system, but exclude any tmpfs or devtmpfs filesystems by using the df command, type the following:
81. $ df -h -x tmpfs -x devtmpfs
82. Filesystem Size Used Avail Use% Mounted on
/deev/sda4 20G 4.2G 16G 22% /
83.To find any files in the /usr directory that are more than 10MB in size, do the following:
84. $ find /usr -size +10M
85. /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/lib/rt.jar
86. /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.3/jre/lib/rt.jar
87. /usr/lib/llvm/libLLVM-2.9.so
/usr/lib/flash-plugin/libflashplayer.so
Chapter 14: Administering Networking
1. To use the desktop to check that NetworkManager has successfully started your network interface (wired or wireless), do the following:
Left-click the NetworkManager icon in your top panel. Any active wired or wireless network connections should be highlighted in bold.
If it has not connected to the network, select from the list of wired or wireless networks available, and then enter the username and password, if prompted, to start an active connection.
2. To run a command to check the active network interfaces available on your computer, type:
$ ifconfig
or
$ ip addr show
3. Try to contact google.com from the command line in a way that ensures that DNS is working properly:
4. $ ping google.com
Ctrl-C
5. To run a command to check the routes being used to communicate outside your local network, type:
$ route
6. To trace the route being taken to connect to google.com, use the traceroute command:
$ traceroute google.com
7. To turn off and disable NetworkManager and start the network service, do the following:
From an RHEL 6 system, type:
# service NetworkManager stop
# service network restart
# chkconfig NetworkManager off
# chkconfig network on
For RHEL 7 or newer Fedora systems, type:
# systemctl stop NetworkManager.service
# systemctl disable NetworkManager.service
# service network restart
# chkconfig network on
8. To create a host entry that allows you to communicate with your local host system using the name myownhost, do the following:
Edit the /etc/hosts file (vi /etc/hosts) and add myownhost to the end of the localhost entry so it appears as follows (then ping myownhost to see if it worked):
127.0.0.1 localhost.localdomain localhost myownhost
# ping myownhost
Ctrl+C
9. To add the public Google DNS server (IP address 8.8.8.8) as the last in your list of DNS servers, take the following action:
Make a copy of your resolv.conf file before proceeding (then copy it back after the procedure is done):
# cp /etc/resolv.conf $HOME
If you are using the NetworkManager service, left-click the NetworkManager icon and select Network Settings. Select the IPv4 Settings. Then select the Method box and choose Automatic (DHCP) addresses only and fill in 8.8.8.8 in the DNS servers box (along with any other DNS servers you need). If that doesn't work, try one of the DNS servers listed in the resolv.conf file you just copied to your home directory.
Or, if you are using the network service, edit the /etc/resolv.conf file directly, so the file includes at least the following line:
nameserver 8.8.8.8
In either case, use the dig command to check that the DNS server was able to resolve an address:
# dig google.com
...
google.com. 91941 IN NS ns3.google.com.
;; Query time: 0 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Apr 30 13:57:44 2012
;; MSG SIZE rcvd: 276
10.To create a custom route that directs traffic destined for the 192.168.99.0/255.255.255.0 network to some IP address on your local network, such as 192.168.0.5 (first ensuring that the 10.0.99 network is not being used at your location), do the following:
Determine the name of your network interface. For RHEL, your first network interface is probably eth0. In that case, as root run the following commands:
# cd /etc/sysconfig/network-scripts
# vi route-eth0
Add the following lines to that file:
ADDRESS0=192.168.99.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.0.5
Restart networking and run route to see that the route is active:
# service network restart
# route
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
192.168.0.0 * 255.255.255.0 U 1 0 0 eth0
192.168.99.0 192.168.0.5 255.255.255.0 UG 0 0 0 eth0
To check to see if your system has been configured to allow IPv4 packets to be routed between network interfaces on your system, type the following:
# cat /proc/sys/net/ipv4/ip_forward
0
A 0 shows that IPv4 packet forwarding is disabled; a 1 shows it is enabled.
Chapter 15: Starting and Stopping Services
1. To determine which initialization daemon your server is currently using, consider the following:
· You have Upstart if your Linux server runs one of the following distributions: RHEL version 6, Fedora versions 9 through 14, Ubuntu versions 6–14.10, or openSUSE versions 11.3–12.1, and the strings command shows the Upstart init process in use as demonstrated in the following example:
· $ strings /sbin/init | grep -i upstart
· upstart-devel@lists.ubuntu.com
· UPSTART_CONFDIR
· UPSTART_NO_SESSIONS
...
· You have the systemd daemon if your Linux server runs Fedora version 15 or greater, RHEL 7, Ubuntu 15.04 or OpenSUSE 12.02 or greater. In some cases, PID 1 is the systemd process. In earlier cases, PID 1 is the init daemon. To tell if it is a systemd initdaemon, you can run the following strings command to show systemd in use:
· # strings /sbin/init | grep -i systemd
· systemd.unit=
· systemd.log_target=
· systemd.log_level=
...
· Most likely, you have the SysVinit or BSD init daemon if your init daemon is not the Upstart init daemon or systemd. But double-check at http://wikipedia .org/wiki/Init.
2. The tools you use to manage services depend primarily on which initialization system is in use. Try to run the initctl, systemctl, and service commands to determine the type of initialization script in use for the ssh service on your system:
· A positive result, shown here, means the sshd has been converted to Upstart:
· # initctl status ssh
ssh start/running, process 2390
· For systemd, a positive result, shown here, means the sshd has been converted to systemd:
· # systemctl status sshd.service
· sshd.service - OpenSSH server daemon
· Loaded: loaded (/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Mon, 30 Apr 2015 12:35:20...
· If you don't see positive results for the preceding tests, try the following command for the SysVinit init daemon. A positive result here, along with negative results for the preceding tests, means sshd is still using the SysVinit daemon.
· # service ssh status
sshd (pid 2390) is running...
3. To determine your server's previous and current runlevel, use the runlevel command. It still works on all init daemons:
4. $ runlevel
N 3
5. To change the default runlevel or target unit on your Linux server, you can do one of the following (depending upon your server's init daemon):
· For SysVinit, edit the file /etc/inittab and change the # in the line id:#:initdefault: to either 2, 3, 4, or 5.
· For Upstart daemon, edit the file /etc/inittab and change the # in the line id:#:initdefault: to either 2, 3, 4, or 5.
· For systemd, change the default.target symbolic link to the desired runlevel#.target, where # is either 2, 3, 4, or 5. The following shows you how to change the symbolic link for the target unit to runlevel3.target.
· # ln -sf /lib/systemd/system/runlevel3.target \
· /etc/systemd/system/default.target
/lib/systemd/system/runlevel3.target
6. To list out services running (or active) on your server, you need to use different commands, depending upon the initialization daemon you are using.
· For SysVinit, use the service command as shown in this example:
· # service --status-all | grep running... | sort
· anacron (pid 2162) is running...
· atd (pid 2172) is running...
...
· For Upstart, use the initctl command. However, also be sure to use the service command, because not all services may have been ported to Upstart:
· # initctl list | grep start/running
· tty (/dev/tty3) start/running, process 1163
· ...
· # service --status-all | grep running
· abrtd (pid 1118) is running...
...
· For systemd, use the systemctl command, as follows:
· # systemctl list-unit-files --type=service | grep -v disabled
· UNIT FILE STATE
· abrt-ccpp.service enabled
· abrt-oops.service enabled
...
7. To list out the running (or active) services on your Linux server, use the appropriate command(s) determined in Answer 5 for the initialization daemon your server is using.
8. For each initialization daemon, the following command(s) show a particular service's current status:
· For SysVinit, the service service_name status command is used.
· For Upstart, the initctl status service_name command is used.
· For systemd, the systemctl status service_name command is used.
9. To show the status of the cups daemon on your Linux server, use the following:
· For SysVinit:
· # service cups status
cupsd (pid 8236) is running...
· For Upstart:
· # initctl status cups
cups start/running, process 2390
· Remember that if a service has not yet been ported to Upstart, you need to use the service command instead of initctl.
· For systemd:
· # systemctl status cups.service
· cups.service - CUPS Printing Service
· Loaded: loaded (/lib/systemd/system/cups.service; enabled)
· Active: active (running) since Tue, 01 May 2015 04:43:5...
· Main PID: 17003 (cupsd)
· CGroup: name=systemd:/system/cups.service
17003 /usr/sbin/cupsd -f
10.To attempt to restart the cups daemon on your Linux server, use the following:
· For SysVinit:
· # service cups restart
· Stopping cups: [ OK ]
Starting cups: [ OK ]
· For Upstart:
· # initctl restart cups
cups start/running, process 2490
· Remember that if a service has not yet been ported to Upstart, you need to use the service command instead of initctl.
· For systemd:
# systemctl restart cups.service
11.To attempt to reload the cups daemon on your Linux server, use the following:
· For SysVinit:
· # service cups reload
Reloading cups: [ OK ]
· For Upstart:
# initctl reload cups
12.Remember that if a service has not yet been ported to Upstart, you need to use the service command instead of initctl.
· For systemd, this is a trick question. You cannot reload the cups daemon on a systemd Linux server!
· # systemctl reload cups.service
· Failed to issue method call: Job type reload is
not applicable for unit cups.service.
Chapter 16: Configuring a Print Server
1. To use the Print Settings window to add a new printer called myprinter to your system (generic PostScript printer, connected to a port), do the following from Fedora 21:
a. Install the system-config-printer package:
# yum install system-config-printer
b. From the GNOME 3 desktop, select Print Settings from the Activities screen.
c. Unlock the interface and enter the root password.
d. Select the Add button.
e. Select an LPT or other port as the device and click Forward.
f. For the driver, choose Generic and click Forward; then choose PostScript and click Forward.
g. Click Forward to skip any installable options, if needed.
h. For the printer name, call it myprinter, give it any Description and Location you like, and click Apply.
i. Click Cancel to not print a test page. The printer should appear in the Print Settings window.
2. To use the lpc command to see the status of all your printers, type the following:
3. # lpc status
4. myprinter:
5. queuing is enabled
6. printing is enabled
7. no entries
daemon present
8. To use the lpr command to print the /etc/hosts file, type the following:
$ lpr /etc/hosts -P myprinter
9. To check the print queue for that printer, type the following:
10. # lpq -P myprinter
11. myprinter is not ready
12. Rank Owner Job File(s) Total Size
1st root 655 hosts 1024 bytes
13.To remove the print job from the queue (cancel it), type the following.
# lprm -P myprinter
14.To use the printing window to set the basic server setting that publishes your printers so other systems on your local network can print to your printers, do the following:
a. On a GNOME 3 desktop, from the Activities screen, type Print Settings and press Enter.
b. Select Server 
Settings and type the root password if prompted.
c. Click the check box next to Publish shared printers connected to this system, and click OK.
15.To allow remote administration of your system from a web browser, follow these steps:
a. On a GNOME 3 desktop, from the Activities screen, type Print Settings and press Enter.
b. Select Server Settings and type the root password if prompted.
c. Click the check box next to Allow remote administration, and click OK.
16.To demonstrate that you can do remote administration of your system from a web browser on another system, do the following:
a. In the location box from a browser window from another computer on your network, type the following replacing hostname with the name or IP address of the system running your print service: http://hostname:631.
b. Type root as the user and the root password, when prompted. The CUPS home page should appear from that system.
17.To use the netstat command to see which addresses the cupsd daemon is listening on, type the following:
18. # netstat -tupln | grep 631
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 6492/cupsd
19.To delete the myprinter printer entry from your system, do the following:
a. Click the Unlock button and type the root password when prompted.
b. From the Print Settings window, right-click the myprinter icon and select Delete.
c. When prompted, select Delete again.
Chapter 17: Configuring a Web Server
1. To install all the packages associated with the Web Server group on a Fedora system, do the following:
# yum groupinstall "Web Server"
2. To create a file called index.html in the directory assigned to DocumentRoot in the main Apache configuration file (with the words My Own Web Server inside), do the following:
a. Determine the location of DocumentRoot:
b. # grep ^DocumentRoot /etc/httpd/conf/httpd.conf
DocumentRoot "/var/www/html"
c. Echo the words “My Own Web Server” into the index.html file located in DocumentRoot:
# echo "My Own Web Server" > /var/www/html/index.html
3. To start the Apache web server and set it to start up automatically at boot time, then check that it is available from a web browser on your local host, do the following (you should see the words “My Own Web Server” displayed if it is working properly):
The httpd service is started and enabled differently on different Linux systems. In recent Fedora or RHEL 7 or later, type the following:
# systemctl start httpd.service
# systemctl enable httpd.service
In RHEL 6 or earlier, type:
# service httpd start
# chkconfig httpd on
4. To use the netstat command to see which ports the httpd server is listening on, type the following:
5. # netstat -tupln | grep httpd
6. tcp6 0 0 :::80 :::* LISTEN 2496/httpd
tcp6 0 0 :::443 :::* LISTEN 2496/httpd
7. Try to connect to your Apache web server from a web browser that is outside the local system. If it fails, correct any problems you encounter by investigating the firewall, SELinux, and other security features.
If you don't have DNS set up yet, use the IP address of the server to view your Apache server from a remote web browser, such as http://192.168.0.1. If you are not able to connect, retry connecting to the server from your browser after performing each of the following steps on the system running the Apache server:
# iptables -F
# setenforce 0
# chmod 644 /var/www/html/index.html
The iptables -F command flushes the firewall rules temporarily. If connecting to the web server succeeds after that, you need to add new firewall rules to open tcp ports 80 and 443 on the server. On a system using the firewalld service, do this by clicking the check box next to those ports on the Firewall window. For systems running the iptables service, add the following rules before the last DROP or REJECT rule.
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
The setenforce 0 command puts SELinux in permissive mode temporarily. If connecting to the web server succeeds after that, you need to correct SELinux file context and/or Boolean issues (probably file context in this case). The following should work:
# chcon --reference=/var/www/html /var/www/html/index.html
If the chmod command works, it means that the apache user and group did not have read permission to the file. You should be able to leave the new permissions as they are.
8. To use the openssl or similar command to create your own private RSA key and self-signed SSL certificate, do the following:
9. # yum install openssl
10. # cd /etc/pki/tls/private
11. # openssl genrsa -out server.key 1024
12. # chmod 600 server.key
13. # cd /etc/pki/tls/certs
14. # openssl req -new -x509 -nodes -sha1 -days 365 \
15. -key /etc/pki/tls/private/server.key \
16. -out server.crt
17. Country Name (2 letter code) [AU]: US
18. State or Province Name (full name) [Some-State]: NJ
19. Locality Name (eg, city) []: Princeton
20. Organization Name (eg, company) [Internet Widgits Pty
21. Ltd]:TEST USE ONLY
22. Organizational Unit Name (eg, section) []:TEST USE ONLY
23. Common Name (eg, YOUR name) []:secure.example.org
Email Address []:dom@example.org
You should now have a /etc/pki/tls/private/server.key key file and a /etc/pki/tls/certs/server.crt certificate file.
24.To configure your Apache web server to use your key and self-signed certificate to serve secure (HTTPS) content, do the following:
a. Edit the /etc/httpd/conf.d/ssl.conf file to change the key and certificate locations to use the ones you just created:
b. SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
c. Restart the httpd service:
# systemctl restart httpd.service
25.To use a web browser to create an HTTPS connection to your web server and view the contents of the certificate you created, do the following:
From the system running the Apache server, type https://localhost in the browser's location box. You should see a message that reads, “This Connection is Untrusted.” To complete the connection, do the following:
a. Click I Understand the Risks.
b. Click Add Exception.
c. Click Get Certificate.
d. Click Confirm Security Exception.
26.To create a file named /etc/httpd/conf.d/example.org.conf, which turns on name-based virtual hosting and creates a virtual host that 1) listens on port 80 on all interfaces, 2) has a server administrator of joe@example.org, 3) has a server name of joe.example.org, 4) has a DocumentRoot of /var/www/html/joe.example.org, and 5) has a DirectoryIndex that includes at least index.html, and create an index.html file in DocumentRoot that contains the words “Welcome to the House of Joe” inside, do the following:
Create an example.org.conf file that looks like the following:
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin joe@
example.org
ServerName joe.
example.org
ServerAlias web.example.org
DocumentRoot /var/www/html/joe.example.org/
DirectoryIndex index.html
</VirtualHost>
This is how you could create the text to go into the index.html file:
# echo "Welcome to the House of Joe" > /var/www/html/joe.example
.org/index.html
27.To add the text joe.example.org to the end of the localhost entry in your /etc/hosts file on the machine that is running the web server, and check it by typing http://joe.example.org into the location box of your web browser to see “Welcome to the House of Joe” when the page is displayed, do the following:
a. Reload the httpd.conf file modified in the previous exercise:
# apachectl graceful
b. Edit the /etc/hosts file with any text editor so the local host line appears as follows:
127.0.0.1 localhost.localdomain localhost joe.example.org
c. From a browser on the local system where httpd is running, you should be able to type http://joe.example.org into the location box to access the Apache web server using name-based authentication.
Chapter 18: Configuring an FTP Server
CAUTION
Don't do the tasks described here on a working, public FTP server, because these tasks will interfere with its operations. (You could, however, use these tasks to set up a new FTP server.)
1. To determine which package provides the Very Secure FTP Daemon service, type the following as root:
2. # yum search "Very Secure FTP"
3. ...
4. ================== N/S Matched: Very Secure FTP ==================
vsftpd.i686 : Very Secure Ftp Daemon
The search found the vsftpd package.
5. To install the Very Secure FTP Daemon package on your system and search for the configuration files in that package, type the following:
6. # yum install vsftpd
# rpm -qc vsftpd | less
7. To start the Very Secure FTP Daemon service and set it to start when the system boots, type the following on a Fedora or Red Hat Enterprise Linux 7 system:
8. # systemctl start vsftpd.service
# systemctl enable vsftpd.service
On a Red Hat Enterprise Linux 6 system, type the following:
# service vsftpd start
# chkconfig vsftpd on
9. On the system running your FTP server, type the following to create a file named test in the anonymous FTP directory that contains the words “Welcome to your vsftpd server”:
# echo "Welcome to your vsftpd server" > /var/ftp/test
10.To open the test file from the anonymous FTP home directory, using a web browser on the system running your FTP server, do the following:
Start the Firefox web browser, type the following in the location box, and press Enter:
ftp://localhost/test
The text “Welcome to your Very Secure FTP Daemon server” should appear in the Firefox window.
11.To access the test file in the anonymous FTP home directory, do the following. (If you cannot access the file, check that your firewall, SELinux, and TCP wrappers are configured to allow access to that file, as described here.)
a. Type the following into the location box of a browser on a system on your network that can reach the FTP server (replace host with your system's fully qualified hostname or IP address):
ftp://host/test
If you cannot see the welcome message in your browser window, check what may be preventing access. To temporarily turn off your firewall (flush your iptables rules), type the following command as the root user from a shell on your FTP server system and then try to access the site again:
# iptables -F
b. To temporarily disable SELinux, type the following, and then try to access the site again:
# setenforce 0
c. To temporarily disable TCP wrappers, add the following to the beginning of the /etc/hosts.allow file (be sure to remove this line again when the test is done):
ALL: ALL
After you have determined what is causing the file on your FTP server to be unavailable, go back to the “Securing Your FTP Server” section and go through the steps to determine what might be blocking access to your file. These are likely possibilities:
§ For iptables, make sure there is a rule opening TCP port 21 on the server.
§ For SELinux, make sure the file context is set to public_content_t.
§ For TCP wrappers, make sure that there is a vsftpd: ALL or similar line in the /etc/hosts.allow file. An entry such as this should be needed only if there is a line in the /etc/hosts.deny file that denies access to services that are not explicitly allowed.
12.To configure your Very Secure FTP Daemon server to allow file uploads by anonymous users to a directory named in, do the following as root on your FTP server:
a. Create the in directory as follows:
b. # mkdir /var/ftp/in
c. # chown ftp:ftp /var/ftp/in
# chmod 770 /var/ftp/in
d. Inside the /etc/vsftpd/vsftpd.conf file, make sure that the following variables are set:
e. anonymous_enable=YES
f. write_enable=YES
anon_upload_enable=YES
g. For Fedora 20 or RHEL 7, open the Firewall Configuration window and check the FTP box under services to open access to your FTP service. For earlier RHEL and Fedora systems, configure your iptables firewall to allow new requests on TCP port 21 by adding the following rule at some point before a final DROP or REJECT rule in your /etc/sysconfig/iptables file:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
h. Configure your iptables firewall to do connection tracking by loading the appropriate module to the /etc/sysconfig/iptables-config file:
IPTABLES_MODULES="nf_conntrack_ftp"
i. For SELinux to allow uploading to the directory, first set file contexts properly:
j. # semanage fcontext -a -t public_content_rw_t "/var/ftp/in(/.*)?"
# restorecon -F -R -v /var/ftp/in
k. Next, set the SELinux Boolean to allow uploading:
# setsebool -P allow_ftpd_anon_write on
l. Restart the vsftpd service (service vsftpd restart or systemctl restart vsftpd.service).
13.To install the lftp FTP client (if you don't have a second Linux system, install lftp on the same host running the FTP server) and try to upload the /etc/hosts file to the incoming directory on the server, run the following commands as the root user:
14. # yum install lftp
15. # lftp localhost
16. lftp localhost:/> cd in
17. lftp localhost:/in> put /etc/hosts
18. 89 bytes transferred
lftp localhost:/in> quit
You won't be able to see that you copied the hosts file to the incoming directory. However, type the following from a shell on the host running the FTP server to make sure the hosts file is there:
# ls /var/ftp/in hosts
If you cannot upload the file, troubleshoot the problem as described in Exercise 7, recheck your vsftpd.conf settings, and review the ownership and permissions on the /var/ftp/in directory.
19.Using any FTP client you choose, visit the /pub/linux/docs/man-pages directory on the ftp://kernel.org site and list the contents of that directory. Here's how to do that with the lftp client:
20. # lftp ftp://kernel.org/pub/linux/docs/man-pages
21. cd ok, cwd=/pub/linux/docs/man-pages
22. lftp kernel.org:/pub/linux/docs/man-pages> ls
23. drwxrwsr-x 2 536 536 24576 May 10 20:29 Archive
24. -rw-rw-r-- 1 536 536 1135808 Feb 09 23:23 man-pages-3.34.tar.bz2
25. -rw-rw-r-- 1 536 536 1674738 Feb 09 23:23 man-pages-3.34.tar.gz
26. -rw-rw-r-- 1 536 536 543 Feb 09 23:23 man-pages-3.34.tar.sign
...
27.Using any FTP client you choose, download the man-pages-3.78.tar.gz file from the kernel.org directory you just visited to the /tmp directory on your local system.
28. # lftp ftp://kernel.org/pub/linux/docs/man-pages
29. cd ok, cwd=/pub/linux/docs/man-pages
30. lftp kernel.org:man-pages> get man-pages-3.78.tar.gz
31. 1739208 bytes transferred in 4 seconds (481.0K/s)
lftp kernel.org:man-pages> quit
Chapter 19: Configuring a Windows File Sharing (Samba) Server
1. To install the samba and samba-client packages, type the following as root from a shell on the local system:
# yum install samba samba-client
2. To start and enable the smb and nmb services, type the following as root from a shell on the local system:
3. # systemctl enable smb.service
4. # systemctl start smb.service
5. # systemctl enable nmb.service
# systemctl start nmb.service
or
# chkconfig smb on
# service smb start
# chkconfig nmb on
# service nmb start
6. To set the Samba server's workgroup to TESTGROUP, the netbios name to MYTEST, and the server string to Samba Test System, as root user in a text editor, open the /etc/samba/smb.conf file and change three lines so they appear as follows:
7. workgroup = TESTGROUP
8. netbios name = MYTEST
server string = Samba Test System
9. To add a Linux user named phil to your system and add a Linux password and Samba password for phil, type the following as root user from a shell (be sure to remember the passwords you set):
10. # useradd phil
11. # passwd phil
12. New password: *******
13. Retype new password: *******
14. # smbpasswd -a phil
15. New SMB password: *******
16. Retype new SMB password: *******
Added user phil.
17.To set the [homes] section so that home directories are browseable (yes) and writable (yes), and that phil is the only valid user, open the /etc/samba/smb.conf file as root and change the [homes] section so it appears as follows:
18. [homes]
19. comment = Home Directories
20. browseable = yes
21. writable = yes
valid users = phil
22.To set SELinux Booleans that are necessary to make it so phil can access his home directory via a Samba client, type the following as root from a shell:
# setsebool -P samba_enable_home_dirs on
23.From the local system, use the smbclient command to list that the homes share is available.
24. # smbclient -L localhost
25. Enter root's password:
26. <ENTER>
27. Anonymous login successful
28. Domain=[DATAGROUP] OS=[Unix] Server=[Samba 4.1.15]
29. Sharename Type Comment
30. --------- ---- -------
31. homes Disk Home Directories
...
32.To connect to the homes share from a Nautilus (file manager) window on the Samba server' local system for the user phil in a way that allows you to drag and drop files to that folder, do the following:
a. Open the Nautilus window (select the files icon).
b. Under the Network heading in the left pane, select Connect to Server.
c. Type the Server address. For example, smb://localhost/phil/.
d. When prompted, type phil as the username and enter phil's password.
e. Open another Nautilus window and drop a file to phil's homes folder.
33.To open up the firewall so anyone who has access to the server can access the Samba service (smbd and nmbd daemons), you can simply open the Firewall Configuration window and check the samba and samba-client check boxes. If your system is running basiciptables (and not the firewalld service), change the /etc/sysconfig/iptables file so the firewall appears like the following (the rules you add being those in bold):
34. *filter
35. :INPUT ACCEPT [0:0]
36. :FORWARD ACCEPT [0:0]
37. :OUTPUT ACCEPT [0:0]
38. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
39. -A INPUT -p icmp -j ACCEPT
40. -A INPUT -i lo -j ACCEPT
41. -I INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
42. -I INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
43. -I INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
44. -I INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
45. -A INPUT -j REJECT --reject-with icmp-host-prohibited
46. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Then type the following for the firewall rules to be reloaded:
# service iptables restart
47.To open the homes share again as the user phil from another system on your network (Windows or Linux), and make sure you can drag and drop files to it, do the following:
This step is really just repeating the Nautilus example described previously or accessing a Windows Explorer window and opening the share (by selecting Network, then the Samba server). The trick is to make sure the service has been made available through the Linux server security features.
If you cannot access the Samba share, try disabling your firewall and then disabling SELinux. If the share is accessible when you turn off either of those services, go back and debug the problems with the service that is not working:
# setenforce 0
# service iptables stop
When you have fixed the problem, set SELinux back to Enforcing mode and restart iptables:
# setenforce 1
# service iptables start
Chapter 20: Configuring an NFS File Server
1. To install the packages needed to configure the NFS service on the Linux system you choose, type the following as root user at a shell (Fedora or RHEL):
# yum install nfs-utils
2. To list the documentation files that come in the package that provides the NFS server software, type the following:
3. # rpm -qd nfs-utils
4. /usr/share/doc/nfs-utils-1.2.5/ChangeLog
5. ...
6. /usr/share/man/man5/exports.5.gz
7. /usr/share/man/man5/nfs.5.gz
8. /usr/share/man/man5/nfsmount.conf.5.gz
9. /usr/share/man/man7/nfsd.7.gz
10. /usr/share/man/man8/blkmapd.8.gz
11. /usr/share/man/man8/exportfs.8.gz
...
12.To start and enable the NFS service, type the following as root user on the NFS server:
13. # systemctl start nfs-server.service
# systemctl enable nfs-server.service
14.To check the status of the NFS service you just started on the NFS server, type the following as root user:
# systemctl status nfs-server.service
15.To share a directory /var/mystuff from your NFS server as available to everyone, read-only, and with the root user on the client having root access to the share, first create the mount directory as follows:
# mkdir /var/mystuff
Then create an entry in the /etc/exports file that is similar to the following:
/var/mystuff *(ro,no_root_squash,insecure)
To make the share available, type the following:
# exportfs -v -a
exporting *:/var/mystuff
16.To make sure the share you created is accessible to all hosts, first check that rpcbind is not blocked by TCP wrappers by adding the following entry to the beginning of the /etc/hosts.allow file:
rpcbind: ALL
To open the firewall in systems that use firewalld (RHEL 7 and recent Fedora systems), install the firewall-config package. Then run firewall-config and from the Firewall Configuration window that appears, make sure that nfs and rpc-bind are checked on for the Permanent firewall settings.
To open the ports needed to allow clients to reach NFS through the iptables firewall (RHEL 6 and earlier Fedora systems without firewalld), you need to open at least TCP and UDP ports 111 (rpcbind), 20048 (mountd), and 2049 (nfs) by adding the following rules to the /etc/sysconfig/iptables file and starting the iptables service:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 20048 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 20048 -j ACCEPT
SELinux should be able to share NFS filesystems while in Enforcing mode without any changes to file contexts or Booleans. To make sure the share you created can be shared read-only, run the following command as root user on the NFS server:
# setsebool -P nfs_export_all_ro on
17.To view the shares available from the NFS server, assuming the NFS server is named nfsserver, type the following from the NFS client:
18. # showmount -e nfsserver
19. Export list for nfsserver:
/var/mystuff *
20.To create a directory called /var/remote and temporarily mount the /var/mystuff directory from the NFS server (named nfsserver in this example) on that mount point, type the following as root user from the NFS client:
21. # mkdir /var/remote
# mount -t nfs nfsserver:/var/mystuff /var/remote
22.To add an entry so that the same mount is done automatically when you reboot, first unmount /var/remote as follows:
# umount /var/remote
Then add an entry like the following to the /etc/fstab on the client system:
/var/remote nfsserver:/var/mystuff nfs bg,ro 0 0
To test that the share is configured properly, type the following on the NFS client as the root user:
# mount -a
# mount -t nfs
nfsserver:/var/mystuff on /var/remote type nfs4
(ro,vers=4,rsize=524288...
23.To copy some files to the /var/mystuff directory, type the following on the NFS server:
# cp /etc/hosts /etc/services /var/mystuff
From the NFS client, to make sure you can see the files just added to that directory and to make sure you can't write files to that directory from the client, type the following:
# ls /var/remote
hosts services
# touch /var/remote/file1
touch: cannot touch '/var/remote/file1': Read-only file system
Chapter 21: Troubleshooting Linux
1. To go into Setup mode from the BIOS screen on your computer, do the following:
a. Reboot your computer.
b. Within a few seconds, you should see the BIOS screen, with an indication of which function key to press to go into Setup mode. (On my Dell workstation, it's the F2 function key.)
c. The BIOS screen should appear. (If the system starts booting Linux, you didn't press the function key fast enough.)
2. From the BIOS setup screen, do the following to determine whether your computer is 32-bit or 64-bit, whether it includes virtualization support, and whether your network interface card is capable of PXE booting.
Your experience may be a bit different from mine, depending on your computer and Linux system. The BIOS setup screen is different for different computers. In general, however, you can use arrow keys and tab keys to move between different columns and press Enter to select an entry.
· On my Dell workstation, under the System heading, I highlight Processor Info to see that mine is a 64-bit Technology computer. Look in the Processor Info, or similar, section on your computer to see the type of processor you have.
· On my Dell workstation, under the Onboard Devices heading, I highlight Integrated NIC and press Enter. The Integrated NIC screen that appears to the right lets me choose to enable or disable the NIC (On or Off) or enable with PXE or RPL (if I intend to boot the computer over the network).
3. To interrupt the boot process to get to the GRUB boot loader, do the following:
. Reboot the computer.
a. Just after the BIOS screen disappears, when you see the countdown to booting the Linux system, press any key (perhaps the spacebar).
b. The GRUB boot loader menu should appear, ready to allow you to select which operating system kernel to boot.
4. To boot up your computer to runlevel 1 so you can do some system maintenance, get to the GRUB boot screen (as described in the previous exercise), and then do the following:
. Use the arrow keys to highlight the operating system and kernel you want to boot.
a. Type e to see the entries needed to boot the operating system.
b. Move your cursor to the line that included the kernel. (It should include the word vmlinuz somewhere on the line.)
c. Move the cursor to the end of that line, add a space, and then type the number 1 or init=/bin/bash.
d. Follow the instructions to boot the new entry. You will probably either press Ctrl+X or press Enter; then when you see the next screen, type b.
If it worked, your system should bypass the login prompt and boot up directly to a root user shell, where you can do administrative tasks without providing a password.
5. To start up Red Hat Enterprise Linux (through RHEL 6.x) so you can confirm each service as it is started, do the following:
. Follow the previous two exercises, but instead of putting a 1 at the end of a kernel line, put the word confirm.
a. When the boot process gets to the point where it is starting runlevel services, you are prompted to confirm (Y) or deny (N) each service, or continue (C) to simply start all the rest of the services.
Note that this option is not available with the latest Fedora and Ubuntu releases.
6. To look at the messages that were produced in the kernel ring buffer (which shows the activity of the kernel as it booted up), type the following from the shell after the system finishes booting:
# dmesg | less
Or on a system using systemd, type the following:
# journalctl -k
7. To run a trial yum update from Fedora or RHEL and exclude any kernel package that is available, type the following (when prompted, type N to not actually go through with the update, if updates are available):
# yum update --exclude='kernel*'
8. To check to see what processes are listening for incoming connections on your system, type the following:
# netstat -tupln | less
9. To check to see what ports are open on your external network interface, do the following:
If possible, run the nmap command from another Linux system on your network, replacing yourhost with the hostname or IP address of your system:
# nmap yourhost
10.To clear your system's page cache and watch the effect it has on your memory usage, do the following:
. Select Terminal from an application menu on your desktop (it is located on different menus for different systems).
a. Run the top command (to watch processes currently running on your system), and then type a capital M to sort processes by those consuming the most memory.
b. From the Terminal window, select File and Open Terminal to open a second Terminal window.
c. From the second Terminal window, become root user (su -).
d. While watching the Mem line (used column) in the first Terminal window, type the following from the second Terminal window:
# echo 3 > /proc/sys/vm/drop_caches
e. The used RES memory should go down significantly on the Mem line. The numbers in the RES column for each process should go down as well.
Chapter 22: Understanding Basic Linux Security
1. To check log messages from the systemd journal for the NetworkManager.service, sshd.service, and auditd.service services, type the following:
2. # journalctl -u NetworkManager.service
3. ...
4. # journalctl -u sshd.service
5. ...
6. # journalctl -u auditd.service
...
7. User passwords are stored in the /etc/shadow file. To see its permissions, type ls -l /etc/shadow at the command line. (If no shadow file exits, then you need to run pwconv.)
The following are the appropriate settings:
# ls -l /etc/shadow
----------. 1 root root 1049 Feb 10 09:45 /etc/shadow
8. To determine your account's password aging and whether it will expire using a single command, type chage -l user_name . For example:
# chage -l chris
9. To start auditing writes to the /etc/shadow with the auditd daemon, type the following at the command line:
# auditctl -w /etc/shadow -p w
To check your audit settings, type in auditctl -l at the command line.
10.To create a report from the auditd daemon on the /etc/shadow file, type ausearch -f /etc/shadow at the command line. To turn off the auditing on that file, type auditctl -W /etc/shadow -p w at the command line.
11.To install the lemon package, damage the /usr/bin/lemon file, verify that the file has been tampered with, and remove the lemon package, type the following:
12. # yum install -y lemon
13. # cp /etc/services /usr/bin/lemon
14. # rpm -V lemon
15. S.5....T. /usr/bin/lemon
# yum erase lemon
From the original lemon file, the file size (S), the md4sum (5), and the modification times (T) all differ. For Ubuntu, install the package with apt-get install lemon and type debsums lemon to check it.
16.If you suspect you have had a malicious attack on your system today and important binary files have been modified, you can find these modified files by typing the following at the command line: find directory -mtime -1 for the directories, /bin, /sbin, /usr/bin, and/usr/sbin.
17.To install and run chkrootkit to see if the malicious attack from the exercise above installed a rootkit, choose your distribution and do the following:
a. To install on a Fedora or RHEL distribution, type yum install chkrootkit at the command line.
b. To install on a Ubuntu or debian-based distribution, type sudo apt-get install chkrootkit at the command line.
c. To run the check, type chkrootkit at the command line and review the results.
18.To find files anywhere in the system with the SetUID or SetGID permission set, type find / -perm /6000 at the command line.
19.Install the aide package, run the aide command to initialize the aide database, copy the database to the correct location, and run the aide command to check whether any important files on your system have been modified.
20. # yum install aide
21. # aide -i
22. # cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
# aide -C
To make the output more interesting, you could install the lemon package (described in an earlier exercise) before you run aide -i and modify it before running aide -C to see how a modified binary looks from aide.
Chapter 23: Understanding Advanced Linux Security
To do the first few exercises, you must have the gnupg2 package installed. This is not installed by default in Ubuntu, although it is for recent Fedora and RHEL releases.
1. To encrypt a file using the gpg2 utility and a symmetric key, type the following command (the gpg2 utility asks for a passphrase to protect the symmetric key):
$ gpg2 -c filename
2. To generate a keypair using the gpg2 utility, type the following:
$ gpg2 --gen-key
You must provide the following information:
a. What kind of asymmetric key you want:
§ RSA and RSA (default)
§ DSA and Elgamal
§ DSA (sign only)
§ RSA (sign only)
b. What key size (in number of bits) you want
c. How many days, weeks, months, years the key should be valid. (You can also request that the key be valid permanently.)
d. Your real name, e-mail address, and a comment to create the User ID for the public key
e. A passphrase for the private key
3. To list out the keys you generated, type:
$ gpg2 --list-keys
4. To encrypt a file and add your digital signature using the gpg2 utility, do the following:
a. You must have first generated a key ring (Exercise 2).
b. After you have generated the key ring, type:
$ gpg2 --output EncryptedSignedFile --sign FiletoEncryptSign
5. To use the appropriate message digest utility to ensure that the downloaded file is not corrupted, you must do the following. (Remember that a message digest is also called a checksum.)
a. Review the download website for the MD5 or SHA-1 file or number.
§ If it is a checksum number, you need to go to the next step.
§ If it is a checksum file, you need to download that file too and then use the cat command to display the checksum file's contents to your screen.
b. If it is an MD5, type the following at the command line and compare the numbers to the MD5 checksum file or number on the website:
$ md5sum FirstDownloadedFile
c. If it is an SHA-1 hash, type the following at the command line and compare the numbers to the SHA-1 checksum file or number on the website:
$ sha1sum FirstDownloadedFile
6. To determine if the su command on your Linux system is PAM-aware, type:
7. $ ldd $(which su) | grep pam
8. libpam.so.0 => /lib64/libpam.so.0 (0x00007fac89d48000)
libpam_misc.so.0 => /lib64/libpam_misc.so.0 (0x00007fac89b44000)
If the su command on your Linux system is PAM-aware, you see a PAM library name listed when you issue the ldd command.
9. To determine if the su command has a PAM configuration file, type:
$ ls /etc/pam.d/su
If the file exists, type at the command line to display its contents. The PAM contexts it uses is any of the following: auth, account, password, session.
$ cat /etc/pam.d/su
10.To list out the various PAM modules on your Fedora or RHEL system, type:
$ ls /lib/security/pam*.so
To list out the various PAM modules on your Ubuntu Linux system, type:
$ sudo find / -name pam*.so.
11.To find the PAM “other” configuration file on your system, type ls /etc/pam.d/other at the command line. An “other” configuration file that enforces Implicit Deny should look similar to the following code:
12. $ cat /etc/pam.d/other
13. #%PAM-1.0
14. auth required pam_deny.so
15. account required pam_deny.so
16. password required pam_deny.so
session required pam_deny.so
17.To find the PAM limits configuration file, type:
$ ls /etc/security/limits.conf
Display the file's contents by typing the following:
$ cat /etc/security/limits.conf
Settings in this file to prevent a fork bomb look like the following:
@staff hard nproc 50
@staff hard maxlogins 1
Chapter 24: Enhancing Linux Security with SELinux
1. To set your system into the permissive mode for SELinux, type setenforce permissive at the command line. It would also be acceptable to type setenforce 0 at the command line.
2. To set your system into the enforcing Operating mode for SELinux without changing the SELinux primary configuration file, use caution. It is best not to run this command on your system for an exercise until you are ready for the SELinux to be enforced. Use the following command: setenforce enforcing at the command line. It would also be acceptable to type setenforce 1 at the command line.
3. To find and view the permanent SELinux policy type (set at boot time), go to the main SELinux configuration file, /etc/selinux/config. To view it, type cat /etc/selinux/config | grep SELINUX= at the command line. To be sure how it is currently set, type thegetenforce command.
4. To list the /etc/hosts file security context and identify the different security context attributes, type ls -Z /etc/hosts at the command line:
5. $ ls -Z /etc/hosts
-rw-r--r--. root root system_u:object_r:net_conf_t:s0 /etc/hosts
a. The file's user context is system_u, indicating a system file.
b. The file's role is object_r, indicating an object in the file system (a text file, in this case).
c. The file's type is net_conf_t, because the file is a network configuration file.
d. The file's sensitivity level is s0, indicating the lowest security level. (This number may be listed in a range of numbers from s0-s3.)
e. The file's category level starts with a c and ends with a number. It may be listed in a range of numbers, such as c0-c102. This is not required except in highly secure environments and is not set here.
6. To create a file called test.html and assign its type as httpd_sys_content_t, type the following:
7. $ touch test.html
8. $ chcon -t httpd_sys_content_t test.html
9. $ ls -Z test.html
10. -rw-rw-r--. chris chris unconfined_u:object_r:httpd_sys_content_t:s0
test.html
11.To list a current process's security context and identify the different security context attributes, type this at the command line:
12. $ ps -efZ | grep crond
13. system_u:system_r:crond_t:s0-s0:c0.c1023 root 665 1 0
Sep18 ? 00:00:00 /usr/sbin/crond -n
a. The process's user context is system_u, indicating a system process.
b. The process's role is system_r, indicating a system role.
c. The process's type or domain is crond_t.
d. The process's sensitivity level starts s0-s0, indicating that it is not highly sensitive. (It is secure by normal Linux standards, however, because the process is run as the root user.)
e. The process's category level is c0.c1023, with the c0 indicating that the category is also not highly secure from an SELinux standpoint.
14.To create an /etc/test.txt file, change its file context to user_tmp_t, restore it to its proper content (the default context for the /etc directory), and remove the file, type the following:
15. # touch /etc/test.txt
16. # ls -Z /etc/test.txt
17. -rw-r--r--. root root unconfined_u:object_r:etc_t:s0 /etc/test.txt
18. # chcon -t user_tmp_t /etc/test.txt
19. # ls -Z /etc/test.txt
20. -rw-r--r--. root root unconfined_u:object_r:user_tmp_t:s0 /etc/
21. test.txt
22. # restorecon /etc/test.txt
23. # ls -Z /etc/test.txt
24. -rw-r--r--. root root unconfined_u:object_r:etc_t:s0 /etc/test.txt
25. # rm /etc/test.txt
rm: remove regular empty file '/etc/test.txt'? y
26.To determine what Boolean allows users to access their home directories via FTP and turn that Boolean on permanently, type the following commands:
27. # getsebool -a | grep ftp
28. ftp_home_dir --> off
29. ftpd_anon_write --> off
30. ...
31. # setsebool -P ftp_home_dir=on
32. # getsebool ftp_home_dir
ftp_home_dir --> on
33.To list all SELinux policy modules on your system, along with their version numbers, type semodule –l.
NOTE
If you chose ls /etc/selinux/targeted/modules/active/modules/*.pp as your answer to Question 9, that is okay, but this command doesn't give you the version numbers of the policy modules. Only semodule -l gives the version numbers.
34.To prepare your system to run a vsftpd FTP server that is protected by SELinux, log in as a regular (we use chris in this example) and try to copy a file (which should cause an AVC denial), type the following:
35. # getenforce
36. Enforcing
37. # yum install vsftpd lftp rsyslog setroubleshoot-server
38. # systemctl start syslog
39. # systemctl start vsftpd
40. # semodule -DB
41. # getsebool ftp_home_dir
42. ftp_home_dir --> off
43. # lftp -u chris localhost
44. Password: ********
45. lftp chris@localhost:~> put /etc/services
46. put: Access failed: 553 Could not create file. (services)
lftp chris@localhost:~> quit
To view information about the denial, and change the Boolean to allow FTP access, do the following:
# ausearch -m avc
type=AVC msg=audit(1411217594.188:70555): avc: denied { create } for
pid=25470 comm="vsftpd" name="services"
scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:user_home_t:s0 tclass=file
# journalctl | grep "SELinux is preventing"
Sep 20 08:53:18 fedora20 setroubleshoot: SELinux is preventing /usr/
sbin/vsftpd from create access on the file services. For
complete SELinux messages. run
sealert -l 2ad99cba-13d8-4bb1-8d74-bbfc31b68f8b
# sealert -l 2ad99cba-13d8-4bb1-8d74-bbfc31b68f8b
SELinux is preventing /usr/sbin/vsftpd from create access on the file
gshadow.
*** Plugin catchall_boolean (47.5 confidence) suggests *********
If you want to determine whether ftpd can read and write files
in user home directories.
Then you must tell SELinux about this by enabling
the 'ftp_home_dir' boolean.
You can read 'user_selinux' man page for more details.
Do setsebool -P ftp_home_dir 1
Chapter 25: Securing Linux on a Network
1. To install the Network Mapper (aka nmap) utility on your local Linux system:
a. On Fedora or RHEL, type yum install nmap at the command line.
b. On Ubuntu, nmap may come pre-installed. If not, type sudo apt-get install nmap at the command line.
2. To run a TCP Connect scan on your local loopback address, type nmap -sT 127.0.0.1 at the command line. The ports you have running on your Linux server will vary. However, they may look similar to the following:
3. # nmap -sT 127.0.0.1
4. ...
5. PORT STATE SERVICE
6. 25/tcp open smtp
631/tcp open ipp
7. To run a UDP Connect scan on your Linux system from a remote system:
a. Determine your Linux server's IP address by typing ifconfig at the command line. The output will look similar to the following and your system's IP address follows “inet addr:” in the ifconfig command's output.
b. # ifconfig
c. ...
d. p2p1 Link encap:Ethernet HWaddr 08:00:27:E5:89:5A
inet addr:10.140.67.23
e. From a remote Linux system, type the command nmap -sU IP address at the command line, using the IP address you obtained from above. For example:
# nmap -sU 10.140.67.23
8. To check whether the ssh daemon on your Linux system uses TCP Wrapper support, type ldd /usr/sbin/sshd | grep libwrap at the command line. The output will look similar to the following if it does use TCP Wrapper support. If it does not, there will be no output.
9. $ ldd /usr/sbin/sshd | grep libwrap
libwrap.so.0 => /lib/libwrap.so.0 (0x0012f000)
10.To allow access to the ssh tools on your Linux system from a designated remote system and deny all other access using TCP Wrappers, you need to modify both the /etc/hosts.allow file and the /etc/hosts.deny file. The modifications will look similar to the following:
11. # cat /etc/hosts.allow
12. ...
13. sshd: 10.140.67.32
14. #
15. # cat /etc/hosts.deny
16. #...
ALL: ALL
17.To determine your Linux system's current netfilter/iptables firewall policies and rules, type iptables -vnL at the command line.
18.To flush your Linux system's current firewall rules, type iptables -F at the command line. To restore the firewall's rules on older Fedora systems or RHEL 6 systems, type iptables-restore < /etc/sysconfig/iptables. On a RHEL 7 or recent Fedora system, typesystemctl restart firewalld.service to reinstate your system's permanent firewall rules.
19.This is a trick question! You cannot set a Linux system's firewall policy to reject. You can set it to drop, but not reject. To set your Linux system's firewall filter table for the input chain to a policy of DROP, type iptables -P INPUT DROP at the command line.
20.To change your Linux system firewall's filter table policy back to accept for the input chain, type iptables -P INPUT ACCEPT at the command line. To add a rule to drop all network packets from the IP address, 10.140.67.23, type iptables -A INPUT -s 10.140.67.23 -j DROP at the command line.
21.To remove the rule you added above, without flushing or restoring your Linux system firewall's rules, type iptables -D INPUT 1 at the command line. This is assuming that the rule you added above is rule 1. If not, change the 1 to the appropriate rule number in your iptables command.
Chapter 26: Using Linux for Cloud Computing
1. To check your computer to see if it can support KVM virtualization, type the following:
2. # cat /proc/cpuinfo | grep --color -E "vmx|svm|lm"
3. flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
4. cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall
5. nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good
6. xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor
7. ds_cpl vmx smx es...
...
The CPU must support either vmx or svm. The lm indicates that it is a 64-bit computer.
8. To install a Linux system along with the packages needed to use it as a KVM host and to run the Virtual Machine Manager application, do the following:
a. Get a live or installation image from a Linux site (such as getfedora.org), and burn it to a DVD (or otherwise make it available to install).
b. Boot the installation image, and select to install it to a hard disk.
c. For a Fedora Workstation, after the install is complete and you have rebooted, install the following package (for different Linux distributions, you might need to install a package that provides libvirtd as well):
# yum install virt-manager libvirt-daemon-config-network
9. To make sure that the sshd and libvirtd services are running on the system, type the following:
10. # systemctl start sshd.service
11. # systemctl enable sshd.service
12. # systemctl start libvirtd.service
# systemctl enable libvirtd.service
13.Get a Linux installation ISO image that is compatible with your hypervisor, and copy it to the default directory used by Virtual Machine Manager to store images. For example, if the Fedora Workstation DVD is in the current directory, you can type the following:
# cp Fedora-Live-Workstation-x86_64-21-5.iso /var/lib/libvirt/images/
14.To check the settings on the default network bridge (virbr0), type the following:
15. # brctl show
16. bridge name bridge id STP enabled interfacesvirbr0 8000.000000000000 yes
17. # ip addr show virbr0
18. 4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc
19. noqueue state UP group default
20. link/ether de:21:23:0e:2b:c1 brd ff:ff:ff:ff:ff:ff
21. inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
22.To install a virtual machine using the ISO image you copied earlier, do the following.
a. Type this command:
# virt-manager &
b. Select File, and then select New Virtual Machine.
c. Select Local install media, and click Forward.
d. Select Browse, choose the live or install ISO, click Choose Volume, and click Forward.
e. Select memory and CPUs, and click Forward.
f. Select the size of disk you want to use, and click Forward.
g. Select “Virtual network default: NAT” (it may already be selected).
h. If it all looks okay, click Finish.
i. Follow the installation process indicated by the installation ISO.
23.To make sure you can log in to and use the virtual machine, do the following:
a. Double-click the entry for the new virtual machine.
b. When the viewer window appears, log in as you would normally.
24.To check that your virtual machine can connect to the Internet or other network outside the hypervisor, do one of the following:
· Open a web browser and try to connect to a website on the Internet.
· Open a Terminal window, type ping redhat.com, and then press Ctrl+C to exit.
25.Stop the virtual machine so it is no longer running.
. Right-click the entry for the VM in the virt-manager window.
a. Select Shut Down, and then select Shut down again.
b. If the VM doesn't shut down immediately, you can select Force Off instead, but that is like pulling the plug out and risks data loss.
26.Start the virtual machine again so it is running and available.
Right-click the virtual machine entry, and select Run.