2008 November « Mohammad Mahmudul Hasan

Archive for November, 2008

etc directory

November 9, 2008

Ø System configuration files, user information are store in etc directory.

Ø /etc/password – User’s information in plaintext.

Ø /etc/shadow – User’s information + password in Encrypted format.

Run level

I. init 0 – Shutdown

II. init 1 – Single user mode (close all consol except current working consol.
We can enter single user mode without root using password.)

III. init 2 – Multi user mode without NFS (Network file system)

IV. init 3 – Full Multi user mode (text mode).

V. init 4 – Unused.

VI. init 5 – X window (Graphical mode)

VII. init 6 – Reboot

1. [#] runlevel – Display init level. It will display
N 3 à N = none, 3 = current init level.
1 S à 1 = Current init level, S = single user mode.

2. [#] vi /etc/inittab – Change run (init) level
id: 3: initdefault – i – change 3 (full multi user mode) to 1 (single user mode)
– Esc – : x!

3. Create virtual terminal (consol)

[#] vi /etc/inittab – go to 50 number line (by 50 gg)

1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
…………………………………………
6:2345:respawn:/sbin/mingetty tty3
8:2345:respawn:/sbin/mingetty tty8
!
[#] reboot – Reboot the machine to work added F8 console
[#] init q – Reload the inittab file. (It is better than reboot the machine)

4. Datives the Alt+Ctrl+Del command to reboot a machine and display a message.

[#] vi test
#!/bin/bash
echo “This feature is disable by the system admin”
!
[#] chmod +x test
[#] cp test /usr/bin/test
[#] vi /etc/inittab

#Trap CTRL-ALT-DELETE
#Ca: : ctrlaltdel:/sbin/shoutdown -t3 -r now – comment out the line.
Ca: : ctrlaltdel:usr/bin/test – add the line
!
[#] init q – Reload the inittab file.

There are two type Boot Loader

Ø Grub – grand Unified Boot Loader.

Ø LiLo – Linux Loader (old version)

5. Set password to enter kernel boot loader.

[#] vi /etc/grub.conf

title fedora core 0
title others 1
default =1 – default booting OS
timeout = 5 – 5 second wait for choosing booting OS
passwd=123
hidemenue – give password of editing kernel by e during booting session
passwd=123

6. [#] vi /etc/passwd
root: x: 0:0: root: /root/bin/bash
mahmud: x: 500:500: Mahmudul Hasan/home/bin/bash

Here ……
root – User name.
x – User password in shadow file.
0 – User id (always root user id and password is 0:0, system created user id is
form 0 to 499 and Normal created user id is start form 500.
0 – Group id
root – User’s full name and other information (address, phone number etc.)
/root – Home directory of root.
/bin/bash – Shell. If here /bin/no login or /bin/false display then the user can
not login

7. [#] vi /etc/shadow à information are shown in encrypted format
root: lkdfhalkfj94u8392kldfna: 0:0: root: /root/bin/bash

8. [#] vi /etc/passwd
root:! x: 0:0: root: /root/bin/bash à The user is locked.
root: x: 0:0: root: /root/bin/bash à The user is unlocked.

We can also lock the user by command: –
[#] passwd –l mahmud à Lock the user named mahmud.
[#] passwd –u mahmud à Unlock the user named mahmud.

9. [#] vi/etc/motd à [motd – message of the day]. When login the message is
displayed in the screen.
Welcome to linux pathshala
!

10. [#] vi /etc/issue à Give message before login.

hello this is me
!

11. [#] vi /etc/rc.local à Run the file during start the machine.
reboot à Reboot the server when start the machine every time.
!

12. Deny services to the hosts

[#] vi /etc/hosts.deny

ALL:ALL or all:all – Deny all service to all hosts [1^st ALL is service name &
2^nd ALL is host name].
sshd:ALL or sshd : ALL – Deny sshd service to all hosts.
sshd,telnet:ALL – Deny sshd and telnet service to all hosts.
sshd:sum,mum – Deny sshd service to host sum and mum
sshd:192.168.1.1 192.168.1.2 – Deny sshd service to the IP
sshd:192.168.1.1,192.168.1.2 – Deny sshd service to the IP
sshd:ALL EXCEPT 192.168.1.1 – Deny sshd service to all host except the IP.
!

13. Allow services to the hosts

[#] vi /etc/hosts.allow
ALL:ALL or all:all – Allow all service to all hosts [1^st ALL is service name &
2^nd ALL is host name].
sshd:192.168.1.2 – Allow sshd service to IP 192.168.1.2
sshd:linux2 – Allow sshd service to host linux2
sshd:192.168.1. – Allow sshd service to IP 192.168.1. all networks.
sshd:192.168.1.0/24 – Allow sshd service to IP 192.168.1.2/24 all networks.
snmpd: 221.120.96. – Allow snmpd to this block.
!

[#] cat /etc/service – Display the port number of different protocol.

Posted in etc | Leave a Comment »

Interface Setup

November 6, 2008

LAN – Local Area Network

NIC – Network Interface Card

MAC – Media Access Control [00:21:03:A1:15:C6]
[00:21:03 – vendor ID, A1:15:C6 – Serial Number]

Ethernet Adapter – eth0 (LAN 1), eth1 (LAN 2)

ARP – Address Resolution Protocol. [IP to MAC]

Ping – Packet Internet Gopher.
init.d – d – Demon (service)

1. [#$] dmesg – Display Kernel Log message.

2. [#$] dmesg | grep eth0 – Search eth0 is connected or not.

3. [#$] dmesg | grep * – Display all Ethernet interface.

4. [#$] ifconfig – Display the interface properties.

5. [#$] ifconfig eth0 – Display the interface properties of eth0 (1^st LAN).

6. [#$] ifconfig –a – [a-all]. Display the interface properties.

7. [#$] system-config-network-cmd – Display LAN information.

8. [#$] mii-tool – Check cable of all interface is connected or not. It has some output:

– Link OK

– Auto negation failed, Link Ok

– No MII Transceiver present

– No link.

9. [#$] mii-tool eth0 – Display the cable is connected or not in eth0 interface.

10. [#$] mii-tool -r – Reset all interface (disable then enable).

11. [#$] mii-tool -r eth0 – Reset eth0 interface (disable then enable).

12. [#$] route –n – Display the Gateway.

Change host Name

13. [#] hostname sum – Change hostname to sum temporary. After restart the
machine the hostname (sum) will not exists.

14. Permanently set host name (this will effect after restart the server)
[#] vi /etc/sysconfig/network
Networking = yes
Hostname = sum
!

15. Input IP and host name in host file. Host file is working locally and it work before DNS. We can ping a machine by host in replace of IP. In that case the host name should be written against IP address in host file.

[#] vi /etc/hosts

127.0.0.1 Localhost.localdomain Localhost à This create during installation
192.168.100.1 sum.com ns1 – Domain – sum.com Host name – ns1
192.168.100.1 ns1.sum.com.bd ns1 – FQDN -Full Qualified Domain Name
(host name. Domain name)
192.168.1.1 Linux1 Mahmud – 2 host name and not case sensitive.
!

[#] ping 192.168.1.2
or
[#] ping Linux1
or
[#] ping Mahmud

Set IP address

Static IP – Put IP manually
Dynamic IP – Pull an IP from DHCP server.
[*] Use Dynamic IP configuration (BOOTP/DHCP) – [* - space bar]

IP Address: 192.168.1.2
Net Mask: 255.255.255.0
Default Gateway (IP): 192.168.1.254
Primary Name Server (DNS): 192.168.1.1

Set IP in LAN card

16. Debina [ vi /etc/network/interface ]

auto eth0

iface eth0 inet static

address 221.120.96.254

netmask 255.255.255.224

network 221.120.96.224

broadcast 221.120.96.255

gateway 221.120.96.225

# For Office AP

auto eth0:0

iface eth0:0inet static

address 172.16.119.1

netmask 255.255.255.224

RedHat

[#$] netconfig – By default set IP in eth0.

[#$] netconfig –d eth1 – Set IP in eth1.

[#$] netconfig - -device eth1 – Set IP in eth1.

[#$] system-config-network – Set IP in eth0 or eth1.

[#$] setup – Network Configuration, Set IP address in eth0 or eth1

[#$] vi /etc/sysconfig/network-scripts/ifcfg-eth0

Device = eth0
ONBoot = yes
BOOT PROTO = static
IPADDRESS = 192.168.1.2
NETMASK = 255.255.255.0
GATEWAY = 192.168.1.254
DNS = 192.168.1.1
If ifcfg-eth0 file is not in network-scripts directory then-

[#] cd /etc/sysconfig/network-scripts
[#] ls – see the file under network-scripts directory.
[#] cp ifcfg-lo ifcfg-eth0 – Create a file named ifcfg-eth0 from lo (loop back)
[#] vi /eht0

17. After set the IP should be restart the service network

[#$] service network restart
[#$] /etc/init.d/network restart

18. IP Aliasing (set more than one IP in a single LAN card)

Temporary (After rebooting the machine the IP will release)

ifconfig eth1 192.168.10.1
ifconfig eth1:0 192.168.10.1 – By default get subnet mask of that IP (2^nd IP in a NIC)
ifconfig eth1:1 192.168.10.2 netmask 255.255.255.0 – Give the subnet mask. (3^rd IP)

Permanent

[#] vi /etc/rc.local

ifconfig eth1:0 192.168.10.1 netmask 255.255.255.0 – 2^nd IP
ifconfig eth1:1 192.168.20.2 netmask 255.255.255.0 – 3^rd IP
!

[#] service network restart – After restart the Network service the extra IP will release.
[#] /etc/rc.local – After this command the IP will add in LAN card.

ICMP REQUEST

19. Temporary block replay of ping request (this will deactivate after reboot machine)
[#] cat /proc/sys/net/ipv4/icmp_echo_ignore_all – Display ICMP request is
Blocked or not [0-not block replay of ping request, 1or other is value – block]

[#] echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all – Write 1 to the file for
block the replay of ping request.

20. Permanently block replay of ping request
[#] vi /etc/re.local – this file will execute when PC getting start)
touch à after the touch write the line.
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
!
[#] /etc/rc.local – Run the rc.local file without reboot the machine.

21. Linux and Windows Ping properties
[#$] ping 192.168.1.1 – [Linux] Continuous Ping request
[#$] ping 192.168.1.1 – [Windows] 4 ping request.
[#$] ping 192.168.1.1 –t or /t – [Windows] Continuous Ping request.
[#$] Ctrl + C – [Linux, Windows] Quit form ping request.
[#$] ping 192.168.1.1 –c 10 – [Linux] 10 packet send

[#$] ping 192.168.1.1 –n 10 – [Windows] 10 packet send

[#$] ping 192.168.1.1 –i 5 – [Linux] Send packet after each 5 second.
[#$] ping 192.168.1.1 –s 128 – [Linux] Packet Size change to 128 byte (default 64)
[#$] ping 192.168.1.1 –l 128 – [Win] Packet Size change to 128 byte (default 32)
[Linux by default TTL - 64] [Windows by default TTL - 128]

23. Display the hop to reach the destination and packet loss of each hop.
[#$] traceroute 4.2.2.2 (linux)
mtr 4.2.2.2 (linux)
tracert 4.2.2.2 (win)

pathping 4.2.2.2 (win)

ARP – Address Resolution Protocol. [IP to MAC]

22. [#] arp – a – [a-all]. If the machine has IP 192.168.1.2 then it takes MAC of all IP
holder machine of 192.168.3.0 block.

23. [#] arp 122.247.47.11 – Get the MAC of the IP and check the physical link.

24. [#] arp –i eth1 – [i-interface]. Take MAC of pc’s that are connected by eth1.

25. [#] arp –i eth1 -nv – [i-interface, n- number, v- verbose]. Take MAC of pc’s that
are connected by eth1 and show the number of pc connected by eth1.

MAC Clone

26. Temporary (after reboot the machine the new cloned MAC flashed)

[#] ifconfig eth0 down – Down the eth0 interface
or
[#] ifdown eht0

[#] ifconfig eth0 hw ether 00:21:03:A1:15:C6 – Old MAC

[#] ifconfig eth0 up – Up the eth0 interface
or
[#] ifup eht0

27. Permanently Change the MAC

[#] vi /etc/rc.local

ifdown eht0
ifconfig eth0 hw ether 00:21:03:A1:15:C6 à Old MAC

ifconfig eth0 up – Up the eth0 interface

: x!

Posted in Interface Setup | Leave a Comment »

Remote Login

November 6, 2008

1. Telnet – port 23. (Can’t change the port number). Data transfer in Plaintext.

2. SSH – port 2. (Can change the port number). Data transfer in Encrypted mode.

· Select which service run during startup a machine

1. [#] nmap 192.168.1.1 – Display which port (service) is open in 192.168.1.1 PC

2. [#] ntsysv – Select a service by pressing space bar. Work for the console by
which the command given.

3. [#] setup then go to system services – Select a service by pressing space bar.
Work for the console by which the command given.

4. [#] chkconfig sshd on – ON the SSH service. Work for current run level.

5. [#] chkconfig –level 5 sshd off – Off the SSH service for run level 5.

6. [#] chkconfig –level 2345 sendmail off – off the sendmail service for run
level 2345.

7. [#] chkconfig –list sshd – Display SSH service is running in which run level.

8. [#] cd /etc – ls – There are 6 directory of each run level named

run level 0 – init 0 – rc0.d
run level 1 – init 1 – rc1.d
run level 2 – init 2 – rc2.d
run level 3 – init 3 – rc3.d
run level 4 – init 4 – rc4.d
run level 5 – init 5 – rc5.d
run level 6 – init 6 – rc6.d

Under each directory there are many file of different service. There is K or S before each service name [K- kill, do not run the service during startup the machine] [S – start, run the service during startup the machine] if we rename the file K25sshd to S25sshd [25 is the process id] the SSH process will start at run level.

[#] mv K25sshd S25sshd – Rename the file to S25sshd

[#] ls –l – Show the file included link file. /etc/rc0.d/S25sshd is link file. The
original file of /etc/rc0.d/S25sshd is in /etc/init.d/sshd location.

9. Manually script run at run level

[#] vi /etc/init.d/test – create a file
[#] chmod +x /etc/init.d/test – Give it executive permission
[#] ln –s /etc/init.d/test /etc/rc3.d/S30test – make link to /etc/rc3.d file

Telnet server configuration

Server end

1. [#] vi /etc/xinetd.d/krb5-telnet

disable = no – “no” is not case sensitive
!

2. [#] service xinetd restart

3. [#] service xinetd status – See the server is running or not.

Client end

In Telnet the data are transfer in plaintext (not encrypted) and it is not secure. For this reason we have to login telnet server by normal user [$] 1^st then switch to root user [#]. Telnet do not support root user to login.

4. [$] telnet 192.168.1.2 – by IP
or
[$] telnet Linux1 – By Host name of server.

Login: mahmud – user mahmud should be exist in server PC.
Password: ****

5. [$] su - – Switch to root user.
Password: *** – Give password of root user.

6. For windows – cmd – telnet 192.168.1.2

7. [#] logout – Exit from telnet root user.
[$] logout – Exit from telnet normal user.

SSH (Secured Shell) server configuration

Server end

1. [#] rpm –qa | grep openssh-server – See the ssh package is installed or not

2. [#] rpm –ivh openssh-server* – Install all ssh package from 2^nd CD.

3. [#] service sshd restart – Restart the demon service of ssh.
OR

4. [#] /etc/init.d/sshd restart – Restart the demon service of ssh.

5. [#] service sshd status – See the sshd service is running or not.

Client End

In SSH the data are transfer in encrypted mode and it is secure. For this reason we can login telnet server by both root user [#] and normal user [$].

6. [#$] ssh root@192.168.1.2 or ssh –l root 192.168.1.2 – Remotely login by root user
Password: **** – Give password of root.

7. [#$] ssh Alvi@192.168.1.2 or ssh –l root 192.168.1.2 – Remotely login by user Alvi.
Password: **** – Give password of user Alvi (server pc user).

8. [root@ns~]# ssh 192.168.1.2 – Try to remotely login as root user because currently client machine login user is root.
Password: **** – Give password of root

9. [Alvi@ns]$ ssh 192.168.1.2 – Try to remotely login as normal user Alvi because currently client machine login user is normal user. User Alvi must be existing in both server pc and client pc
Password: **** – Give password of user Alvi (server pc user).

10. Deny root user login by SSH

[#] vi /etc/ssh/sshd_config
#PermitRootLogin yes – erase the # and set no
:wq
[#] service sshd restart

11. Give SSH login permission to specific user

[#] vi /etc/ssh/sshd_config – Go to the last line by G and write-

AllowUsers mahmud suvo – Give SSH logging permission to only 2 users
(mahmud and suvo) can allow more user. AllowUsers are key sensitive
:wq
[#] service sshd restart

12. Deny SSH login permission to specific user

[#] vi /etc/ssh/sshd_config – Go to the last line by G and write-

DenyUsers mahmud suvo – Deny SSH logging permission to only 2 users
(mahmud and suvo) can deny more user. DenyUsers are key sensitive
:wq

[#] service sshd restart

13. Change SSH port number

[#] vi /etc/ssh/sshd_config – Search port by /port

port 27 – Erase # before the port and change the port from 22 to 27
!
[#] service sshd restart
[#] ssh root@192.168.1.1 – This command doesn’t work now because the default port of
SSH (22) is changed to 27
[#] ssh -p27 root@192.168.1.1 – [p-port, -p 27 also work]. This command is work.

14. SCP (secure copy) over SSH

[#] command sourcefile destination user@IP:directory

[#] scp /etc/passwd [client] root@192.168.1.1:home/Alex [server] – When I am in
client machine Give passwd file from etc/passwd [client] to /home/Alex directory of
192.168.1.1 [server]. Server machine must have to running the SSH service.

[#] scp -r /temp root@192.168.1.1:home/Alex – Directory transfer.

[#] scp root@192.168.1.1:/etc/passwd [server] /home/Alex [client] – When I am
in client machine Take passwd file from etc/passwd [server] to /home/Alex [client]
directory of 192.168.1.1 [server]. Server machine must have to running the SSH
service.

Posted in Remote Login | Leave a Comment »

Mohammad Mahmudul Hasan

Archive for November, 2008

etc directory

Interface Setup

Pages

Archives

Categories