10-10-2020

Edge Data Centers: What Service Providers Should Consider First

CLI – Command Line Interface

root – Administrator – Super user

- Root user has full access

- Root user cannot be renamed

- Never share the password with anybody

- Don’t put in email, chats or text messages, don’t share it

/root

- Root user home directory or

- When root user logs in to system this is his landing space

- Root directory

- This is the topmost directory

File = file

Directory = Folder

For Linux a file and a directory is also file

pwd

- Print working directory

- Present working directory

[root@localhost ~]# pwd

/root

clear

- Clears the screen

Input

[root@localhost ~]# pwd < ---input command to OS

Output

/root < --- Response from OS

- allows you to change the directory

[root@localhost ~]# cd /

[root@localhost /]#

- Simply type cd and hit enter

- You jump back to home directory

[root@localhost /]# cd

[root@localhost ~]#

- this command list the content of the pwd directory

[root@localhost ~]# ls

anaconda-ks.cfg

ls –l

- long list switch with ls command

- it provides the details of the list contents

[root@localhost ~]# ls -l

total 4

-rw-------. 1 root root 1407 Oct 4 16:07 anaconda-ks.cfg

Ls –a

- shows you the list of files as well as hidden files/ folder

- hidden file or folder starts with . (period)

. anaconda-ks.cfg .bash_logout .bashrc .tcshrc

.. .bash_history .bash_profile .cshrc

Ls –la

- this combination of command provides the long list with hidden files

[root@localhost ~]# ls -la

total 28

dr-xr-x---. 2 root root 135 Oct 4 16:57 .

dr-xr-xr-x. 17 root root 224 Oct 4 15:50 ..

-rw-------. 1 root root 1407 Oct 4 16:07 anaconda-ks.cfg

-rw-------. 1 root root 209 Oct 4 17:54 .bash_history

-rw-r--r--. 1 root root 18 Dec 28 2013 .bash_logout

-rw-r--r--. 1 root root 176 Dec 28 2013 .bash_profile

-rw-r--r--. 1 root root 176 Dec 28 2013 .bashrc

-rw-r--r--. 1 root root 100 Dec 28 2013 .cshrc

-rw-r--r--. 1 root root 129 Dec 28 2013 .tcshrc

history

- displays the history of commands you been using

[root@localhost ~]# history

1 ip a

2 cd /etc/sysconfig/network-scripts/

3 ls

4 vi ifcfg-enp0s3

5 clear

6 ls

7 vi ifcfg-enp0s3

8 clear

9 ls

10 vi ifcfg-enp0s8

11 vi ifcfg-enp0s9

12 vi ifcfg-enp0s3

13 clear

14 ls

15 ls -l

16 clear

17 init 6

18 ip a

19 init 0

20 ip a

21 whoami

22 ls

23 lsblk

24 init 0

25 clear

26 pwd

27 clear

28 pwd

29 clear

30 pwd

31 cd /

32 cd

33 ls

34 ls -l

35 ls -a

36 clear

37 ls -a

38 ls -la

39 clear

40 history

!34

- run the specific command number from the history

[root@localhost ~]# !34

ls -l

total 4

-rw-------. 1 root root 1407 Oct 4 16:07 anaconda-ks.cfg

Run multiple command

;

[root@localhost ~]# ls -la;pwd;cd /

touch

- it create a file for you

[root@localhost ~]# touch file1

[root@localhost ~]# ls

anaconda-ks.cfg file1

[root@localhost ~]# ls -l

total 4

-rw-r--r--. 1 root root 0 Oct 10 16:20 file1 < --- creates file

touch file2 file3 file4

- Create multiple files

[root@localhost ~]# touch file2 file3 file4

[root@localhost ~]# ls

anaconda-ks.cfg file1 file2 file3 file4

[root@localhost ~]# ls -l

total 4

-rw-------. 1 root root 1407 Oct 4 16:07 anaconda-ks.cfg

-rw-r--r--. 1 root root 0 Oct 10 16:20 file1

-rw-r--r--. 1 root root 0 Oct 10 16:26 file2

-rw-r--r--. 1 root root 0 Oct 10 16:26 file3

-rw-r--r--. 1 root root 0 Oct 10 16:26 file4

touch .file5

- Creates a hidden file

[root@localhost ~]# ls –la

-rw-r--r--. 1 root root 0 Oct 10 16:27 .file5 < --- Hidden file is created

mkdir folder1

- Creates the folder with specified name in pwd

[root@localhost ~]# mkdir folder1

[root@localhost ~]# ls –l

drwxr-xr-x. 2 root root 6 Oct 10 16:29 folder1

mkdir folder2 folder3 folder4

- Creates multiple folders

drwxr-xr-x. 2 root root 6 Oct 10 16:29 folder1

drwxr-xr-x. 2 root root 6 Oct 10 16:33 folder2

drwxr-xr-x. 2 root root 6 Oct 10 16:33 folder3

drwxr-xr-x. 2 root root 6 Oct 10 16:33 folder4

[root@localhost ~]# yum install tree -y

mkdir -p redhat/whitehat/blackhat

- Create directory inside directory

- -p means parent directory

- This will also check the existing directory, it ignores it its already there

[root@localhost ~]# mkdir -p redhat/whitehat/blackhat

[root@localhost ~]# tree

├── anaconda-ks.cfg

├── file1

├── file2

├── file3

├── file4

├── folder1

├── folder2

├── folder3

├── folder4

└── redhat

└── whitehat

└── blackhat

7 directories, 5 files

Changing directory using cd

- Changes the directory

[root@localhost ~]# cd redhat/whitehat/blackhat/

Tab key auto completes the file or directory

[root@localhost blackhat]# pwd

/root/redhat/whitehat/blackhat

[root@localhost blackhat]# cd

[root@localhost ~]# pwd

/root < ---takes you back to home directory

Jump to previous working directory

[root@localhost ~]# cd -

/root/redhat/whitehat/blackhat < ---Takes you back to previous working directory

[root@localhost blackhat]# ls -la

total 0

drwxr-xr-x. 2 root root 6 Oct 10 16:40 . < --- Single dot is link to its self

drwxr-xr-x. 3 root root 22 Oct 10 16:40 .. < --- two dots are link to parent directory

- This is representation of present working directory

- It is a link to current working directory

- Hidden

- This the representation of parent directory

- This will take you back one level up directory

- Hidden

cd ..

[root@localhost ~]# cd redhat/whitehat/blackhat/

/root/redhat/whitehat/blackhat

[root@localhost blackhat]# cd ..

[root@localhost whitehat]# pwd

/root/redhat/whitehat

[root@localhost whitehat]# cd ..

[root@localhost redhat]# pwd

/root/redhat

[root@localhost redhat]# cd whitehat/blackhat/

[root@localhost blackhat]# pwd

/root/redhat/whitehat/blackhat

[root@localhost blackhat]# cd ../../..

[root@localhost ~]# pwd

/root

Relative path

└── redhat

└── whitehat

└── blackhat

[root@localhost ~]# cd redhat/whitehat/blackhat/ < ---used relative to go in the directory ‘blackhat’

[root@localhost blackhat]# pwd

/root/redhat/whitehat/blackhat

Absolute path

/root/redhat/whitehat/blackhat

[root@localhost blackhat]# cd /root/redhat

[root@localhost redhat]# pwd

/root/redhat

pwd provides you absolute path of the present working directory

- Removes the file

[root@localhost ~]# rm anaconda-ks.cfg

rm: remove regular file ‘anaconda-ks.cfg’? y

rm –rf

- Removes file forcefully without confirmation

[root@localhost ~]# rm -rf file1

Wild card

[root@localhost ~]# rm -rf fi*

[root@localhost ~]# ls

folder1 folder2 folder3 folder4 redhat

[root@localhost ~]# rm -rf fo*

[root@localhost ~]# ls

Redhat

Removing folder

[root@localhost ~]# rm folder1

rm: cannot remove ‘folder1’: Is a directory < --- Folder has delete protection

[root@localhost ~]# rm -rf folder1/

[root@localhost ~]# ls

-rf – recursively and forcefully

Remove hidden files and folders

[root@localhost ~]# ls -a

. .bash_history .bash_profile .cshrc .tcshrc

.. .bash_logout .bashrc .file5

[root@localhost ~]# rm -rf .*

rm: refusing to remove ‘.’ or ‘..’ directory: skipping ‘.’ < ---this will not be removed

rm: refusing to remove ‘.’ or ‘..’ directory: skipping ‘..’ < ---this will not be removed

[root@localhost ~]# ls -a

. ..

- Copy files and folders to specified location

- You can use absolute and relative path to copy

[root@localhost ~]# mkdir -p redhat/whitehat/blackhat

[root@localhost ~]# tree

├── file1

├── file2

└── redhat

└── whitehat

└── blackhat

3 directories, 2 files

[root@localhost ~]# cp file1 redhat/whitehat/blackhat/

[root@localhost ~]# tree

├── file1

├── file2

└── redhat

└── whitehat

└── blackhat

└── file1

3 directories, 3 files

cp file1 redhat/whitehat/blackhat/

Command	source	destination
cp	File1	redhat/whitehat/blackhat/

cp file2 /root/redhat/whitehat/

- Copy using ablsoute path

[root@localhost ~]# cp file2 /root/redhat/whitehat/

[root@localhost ~]# tree

├── file1

├── file2

└── redhat

└── whitehat

├── blackhat

│ └── file1

└── file2

10-11-2020

-bash-4.2# cp /etc/skel/.b* /root

cp /etc/skel/.b* .

[root@localhost ~]# ls -a

. .bash_history .bash_profile file1 redhat

.. .bash_logout .bashrc file2

[root@localhost ~]# tree

└── redhat

└── whitehat

├── blackhat

│ └── file1

└── file2

Copy files from foreign directory

[root@localhost ~]# cp redhat/whitehat/file2 . < ---using relative path

[root@localhost ~]# ls

file2 redhat

[root@localhost ~]# cp /root/redhat/whitehat/blackhat/file1 /root < ---using absolute path

[root@localhost ~]# ls

file1 file2 redhat

[root@localhost ~]# cd redhat/whitehat/

[root@localhost whitehat]# cp file2 ../.. < ---Using relative path

[root@localhost whitehat]# cd

[root@localhost ~]# ls

file1 file2 redhat

Copy directory

[root@localhost ~]# cp -rf redhat ibm < --- -rf is needed for directory, recursively, force

[root@localhost ~]# ls

file1 file2 ibm redhat

[root@localhost ~]# tree

├── file1

├── file2

├── ibm

│ └── whitehat

│ ├── blackhat

│ │ └── file1

│ └── file2

└── redhat

└── whitehat

├── blackhat

│ └── file1

└── file2

6 directories, 6 files

Copy directory into another directory

[root@localhost ~]# mkdir archive

[root@localhost ~]# cp -rf ibm archive

[root@localhost ~]# ls -l archive/

total 0

drwxr-xr-x. 3 root root 22 Oct 11 15:59 ibm

[root@localhost ~]# ls archive/

ibm

[root@localhost ~]# cd archive/

[root@localhost archive]# ls

Ibm

Moving file

[root@localhost ~]# ls

archive file1 file2 ibm redhat

[root@localhost ~]# mv file1 archive

Command	Source	Destination
mv	File1	archive

[root@localhost ~]# ls

archive file2 ibm redhat

[root@localhost ~]# cd archive/

[root@localhost archive]# ls

file1 ibm

Moving directory

[root@localhost archive]# cd

[root@localhost ~]# mv -f redhat archive

Command	Source	Destination
mv –f	redhat	archive

[root@localhost ~]# ls

archive file2 ibm

Renaming file

[root@localhost ~]# mv file2 xfile

Command	Old name	New name
mv	file2	xfile

[root@localhost ~]# ls

archive ibm xfile

Renaming directory

[root@localhost ~]# mv ibm aws

Command	Old name	New name
mv	Ibm	aws

[root@localhost ~]# ls

archive aws xfile

man

[root@localhost ~]# man

What manual page do you want?

man - an interface to the on-line reference manuals

Echo

- Repeats after the command and displays on screen

[root@localhost ~]# echo

[root@localhost ~]# echo this is linux course

this is linux course

[root@localhost ~]# echo this is linux course and I am enjoying this course

this is linux course and I am enjoying this course

Redirectors

Standard input

Standard out put

echo this is linux course and I am enjoying this course 1> file1

Standard error

lkskfsl 2> file2

[root@localhost ~]# echo this is linux course 1> file1

Command	Content	Redirector – output	File name
Echo	this is linux course	1>	File1

[root@localhost ~]# cat 0< file1 < --- 0< is a input redirection

this is linux course

Command	Redirector – input	File name
Cat	0<	File1

[root@localhost ~]# cat < file1 < --- < is a input redirection

this is linux course

[root@localhost ~]# cat file1 < --- is a input redirection

this is linux course

final word: you don’t really need to specify 0< or <, the system will automatically read the file

- This will catch only the errors and redirects to the file

- You can also redirect errors to /dev/null – discarded location, not retrievable

[root@localhost ~]# dfkjlks

-bash: dfkjlks: command not found

[root@localhost ~]# dfkjlks 2>/dev/null

cat – concatenate

- Most basic use is to read a file

Read the file

[root@localhost ~]# cat file1

this is linux course

read multiple files at the same time

[root@localhost ~]# cat file1 file2

this is linux course

ls: cannot access nothing: No such file or directory

redirect the output another file

[root@localhost ~]# cat file1 file2 > file3 < --- redirects using >, over writes existing content also creates new file if does not exits

[root@localhost ~]# cat file3

this is linux course

ls: cannot access nothing: No such file or directory

Add to

[root@localhost ~]# cat file1 file2 >> file3 < --- user double >> to add to file

[root@localhost ~]# cat file3

this is linux course

ls: cannot access nothing: No such file or directory

this is linux course

ls: cannot access nothing: No such file or directory

Enter into quick edit mode

[root@localhost ~]# cat > file4 <--- over rides the content, also create new file if it does not exits

This is line1

this is line2

this is line3

[root@localhost ~]# cat file4

This is line1

this is line2

this is line3

Add additional lines

[root@localhost ~]# cat >> file4 < ---add additional lines

this is line4

this is line5

[root@localhost ~]# cat file4

This is line1

this is line2

this is line3

this is line4

this is line5

grep

- Filters the line with matching word in it

[root@localhost ~]# cat file4

This is line1

this is line2

this is line3

this is line4

this is line5

This is Linux

This is Redhat Linux

This is linux course

this is interesting

[root@localhost ~]# cat file4 | grep linux < ---greps match, case sensitive

This is linux course

[root@localhost ~]# cat file4 | grep -i linux < ---ignores the case

This is Linux

This is Redhat Linux

This is linux course

You can use grep directly without cat

[root@localhost ~]# grep -i linux file4

This is Linux

This is Redhat Linux

This is linux course

- Pipe is used for running multiple commands

- Primary command | secondary command | third command

[root@localhost ~]# cat file4

This is line1

this is line2

this is line3

this is line4

this is line5

This is Linux

This is Redhat Linux

This is linux course

this is interesting

[root@localhost ~]# cat file4 | grep -i linux

This is Linux

This is Redhat Linux

This is linux course

[root@localhost ~]# cat file4 | grep -i linux | grep Red

This is Redhat Linux

Multiple word search

[root@localhost ~]# cat file4 | grep -i 'linux\|line4'

this is line4

This is Linux

This is Redhat Linux

This is linux course

- This is a word count

[root@localhost ~]# wc file4

9 29 146 file4

Number of lines	Words	Characters includes spaces	Name of the file
9	29	146	File4

[root@localhost ~]# cat file4

This is line1

this is line2

this is line3

this is line4

this is line5

This is Linux

This is Redhat Linux

This is linux course

this is interesting

[root@localhost ~]# wc -l file4 < --- -l is for lines

9 file4

[root@localhost ~]# wc -c file4 < --- -c is for characters

146 file4

[root@localhost ~]# wc -w file4 < --- -w is for words

29 file4

Head

- Read top ten lines of the file

[root@localhost ~]# head file4

This is line1

this is line2

this is line3

this is line4

this is line5

This is Linux

This is Redhat Linux

This is linux course

this is interesting

this is line10

[root@localhost ~]# head -5 file4

[root@localhost ~]# head -12 file4

[root@localhost ~]# head -100 error.log

Tail

- This command reads bottow ten lines

[root@localhost ~]# tail file4

this is line5

This is Linux

This is Redhat Linux

This is linux course

this is interesting

this is line10

this is line11

this is line12

this is line13

this si line14

[root@localhost ~]# tail -5 file4

[root@localhost ~]# tail -12 file4

[root@localhost ~]# tail -100 error.log

- Primary use is to read huge file

- This will load the entire file into memory

- Use ‘enter’ on keyboard to scroll line by line

- Use ‘spacebar’ on keyboard to scroll page by page

- ‘q’ to quit the file

- Not good when memory is low

/var/log

[root@localhost log]# more messages

Less

- This is similar to more command

- But it will only load the output as needed into memory

- Use ‘enter’ on keyboard to scroll line by line

- Use ‘spacebar’ on keyboard to scroll page by page

- ‘q’ to quit the file

- good when memory is low

/var/log

[root@localhost log]# less messages

Sort

- sorts the file alphabetically

[root@localhost ~]# sort file5

[root@localhost ~]# sort -n file5 < --- sorts using numbers

Uniq

- removes duplicates

[root@localhost ~]# cat > file5

apple

berry

strawberry

pineapple

mango

[root@localhost ~]# uniq file5

apple

berry

strawberry

pineapple

mango

Date

[root@localhost ~]# date

Sat Oct 17 15:25:19 EDT 2020

Cal

[root@localhost ~]# cal

October 2020

Su Mo Tu We Th Fr Sa

1 2 3

4 5 6 7 8 9 10

11 12 13 14 15 16 17

18 19 20 21 22 23 24

25 26 27 28 29 30 31

[root@localhost ~]# cal 12 1969

December 1969

Su Mo Tu We Th Fr Sa

1 2 3 4 5 6

7 8 9 10 11 12 13

14 15 16 17 18 19 20

21 22 23 24 25 26 27

28 29 30 31

Who

- Displays users logged into system

[zafar@assignment01 ~]$ who

zafar pts/0 2020-10-17 15:29 (73.110.42.133)

adil pts/1 2020-10-17 15:34 (162-226-246-197.lightspeed.cicril.sbcglobal.net)

zafar pts/2 2020-10-17 15:34 (73.110.42.133)

Last

- Displays the login and reboot

[root@localhost ~]# last

root tty1 Sat Oct 17 14:59 sti

root pts/0 192.168.56.1 Sat Oct 17 14:59 sti

reboot system boot 3.10.0-1062.el7. Sat Oct 17 14:57 - 15:

Free –h

- Displays the System RAM and SWAP[virtual memory] information

[root@localhost ~]# free -h

total used free shared buff/cache available

Mem: 991M 142M 744M 6.8M 103M 723M

Swap: 1.6G 0B 1.6G

- Disk usage information of the file or folder

[root@localhost ~]# du -h file4

4.0K file4

Top

- Displays the real time information about the system

- Cpu, memory, processes

top - 15:51:08 up 53 min, 2 users, load average: 0.00, 0.01, 0.05

Tasks: 99 total, 2 running, 97 sleeping, 0 stopped, 0 zombie

%Cpu(s): 0.3 us, 0.7 sy, 0.0 ni, 99.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st

KiB Mem : 1014824 total, 761684 free, 146624 used, 106516 buff/cache

KiB Swap: 1679356 total, 1679356 free, 0 used. 740012 avail Mem

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

1868 root 20 0 161888 2172 1544 R 0.7 0.2 0:00.34 top

25 root 20 0 0 0 0 S 0.3 0.0 0:04.63 kworker/0:1

1 root 20 0 127964 6536 4108 S 0.0 0.6 0:01.97 systemd

Lscpu

- List the number of CPU system has

[root@assignment01 ~]# lscpu

Architecture: x86_64

CPU op-mode(s): 32-bit, 64-bit

Byte Order: Little Endian

CPU(s): 2

Which

- Displays if the command or package is installed

[root@localhost ~]# which tree

/usr/bin/tree

[root@localhost ~]# which firefox < ---Not installed

/usr/bin/which: no firefox in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/.local/bin:/root/bin)

Gzip

- Zips and compresses the file

- It adds the extension with .gz

[root@localhost ~]# gzip error.log

[root@localhost ~]# du -h error.log.gz

4.0K error.log.gz

Gunzip

- Unzips and uncompresses the file

[root@localhost ~]# gunzip error.log.gz

[root@localhost ~]# ls -l

total 92

-rw-r--r--. 1 root root 72295 Oct 11 17:30 error.log

Tar

- It saves the folder to single file

- It does not compress the tar file

- It keeps the orginal folder and creates is a new file

[root@localhost ~]# mkdir folder1

[root@localhost folder1]# ls -lh

total 4.6M

-rw-------. 1 root root 4.6M Oct 17 16:12 messages

[root@localhost folder1]# cp messages messages2

[root@localhost folder1]# cp messages messages4

[root@localhost folder1]# cp messages messages3

[root@localhost folder1]# cp messages messages5

[root@localhost ~]# du -h folder1/

23M folder1/

[root@localhost ~]# tar -cvf folder1.tar folder1

folder1/

folder1/messages

folder1/messages2

folder1/messages4

folder1/messages3

folder1/messages5

-cvf for the folder

drwxr-xr-x. 2 root root 90 Oct 17 16:13 folder1

-rw-r--r--. 1 root root 24074240 Oct 17 16:18 folder1.tar

- This makes copying or moving folder easy

- This keeps the data integrity of the content, especially copied over network

*** you can used gzip and gunzip to compress and uncompress the folder

[root@localhost ~]# gzip folder1.tar

[root@localhost ~]# du -h fo*

23M folder1

1.3M folder1.tar.gz

Stat

- Displays detailed information

[root@localhost ~]# stat file1

File: ‘file1’

Size: 21 Blocks: 8 IO Block: 4096 regular file

Device: fd00h/64768d Inode: 16797776 Links: 1

Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)

Context: unconfined_u:object_r:admin_home_t:s0

Access: 2020-10-17 16:26:24.332018946 -0400

Modify: 2020-10-11 16:37:25.730845836 -0400

Change: 2020-10-11 16:37:25.730845836 -0400

Birth: -

Inode

- It is table on the disk holding the file information

- Owner of the file

- Group of the file

- Type of the file

- Permissions

- Date and time of the file modified and accessed

- Number of links

- Size of the file

- Block information

To find inode of a file

[root@localhost ~]# ls -i file1

16797776 file1

Block information

One bit is bit = 1 bit

Eight bit is byte = 1 byte

Kilo bytes = 1024 = 1 kilo byte

4096 bytes = 4kb

4096 = 4kb minimum useable

File Size	Disk Space used 4K
0	4 kb
1 kb	4kb
2 kb	4 kb
4 kb	4 kb
6 kb	8 kb
13 kb	16 kb
21	24 kb

Find

- It fins the files in specified directory

- You can use absolute or relative path

- You can use name or inode number

Using name

[root@localhost ~]# find / -name file1

/root/file1

/root/folder1/file1

[root@localhost ~]# find / -inum 16797776 < --- Using inum

/root/file1

10-17-2020

https://youtu.be/QP7LE9LPMeM

VI Editor

Vi is a text editor originally created with UNIX, widely used for editing configuration files

[root@localhost ~]# vi file1

- It opens the editor with specified file name

- If the file does not exits it will create one

- You will vi eidtor in command mode

- Push ‘i’ to enter the insert mode

- Push ‘esc’ to get out of the edit mode

- Once you have edited or put some text in the file

- Shift + :x will save and exit

[root@localhost ~]# cat file1

vi commands

:	This is ready for commands
:x	Save and exit
:q	Quit – if you have not made changes
:q!	Quit – without saving even if you made changes
i	Insert mode
l	Moves cursor one character to left
h	Moves cursor one character to right
K	Moves cursor one line up
J	Moves cursor one line down
o	Opens the new line in insert mode below the cursor
yy	Copies the line - 3yy or 2yy copies that many lines - You got the idea
‘u’	Undo
‘dd’	This works as cut – you can paste else where
:/RHEL	Searches the pattern – cursor will jump to first instance ‘n’ to jump between results
:%s/linux/LINUX	Replaces the patter
:wq	Save and quit – official way

‘:e file1’	Loads the specified file for editing - You can also specifi absolute and relative path
‘:r’	Load the file content of the file again
:!	Allows you to run shell commands from within vi example: !ls /etc
i	insert text and not replace it
R	over write existing text when new text added
cw	remove current word cursor is on and insert into insert mode to add text
cc	replace the entire of line of text
l	moves cursor one character to the right
h	moves cursor one character to the left
j	moves cursor down one line
k	moves cursor up one line Yank – Term used to copy text. Use YY to “yank” a line of text.
yy	will yank/copy entire line the cursor is currently on
2yy	will copy the current line of text as well as the line underneath it (2lines)
3yy	will copy three lines, 4yy 4 lines of text 5yy…
p	will paste the contents from yanked yy text, starting on the line after your cursor
P	uppercase P will paste the yanked line(s) starting on the line before the cursor
5G	moves your cursor to line 5
5gg	moves your cursor to line 5 (note case sensitive)
G	Moves the cursor to the beginning of the last line in the file
1G	Moves the cursor to the first line of the file
L	Also moves the cursor to the beginning of the last line on the terminal screen
H	Moves the cursor to the first line on the terminal screen
o	opens insert mode to insert text, creates a new line below your current cursor position
u	undo
cc	Removes the entire line and places you into insert mode
/ - search, /root	will search the file for root you can navigate to the next occurrence using the n key
?	is the same as / as it relates to searching

cut

- It cuts the fields or characters in a file

- You have to use a delimiter [; : ? . space]

[root@localhost ~]# cut -d " " -f1,3 file1

Cut	-d	“ “	-f1, 3	File1
Command	Using delimiter	Actual demimiter itself	Fields	File name

[root@localhost ~]# cat file2

column1;column2;column3

[root@localhost ~]# cut -d ";" -f1,3 file2

column1;column3

awk

- Similar to cut command, but gives out clean output

[root@localhost ~]# awk -F';' '{print $2, $1}' file2

Awk	-F	‘;‘	‘{print $1 $3}’	File2
Command	Fields	Delimiter (space)	Column	Filename

[root@localhost ~]# awk -F';' '{print $2, $1}' file2

column2 column1

[root@localhost ~]# awk -F' ' '{print $1, $2}' file2

exce

- This command works with find command

[root@localhost ~]# find / -name file1 -exec cp {} /tmp \;

[root@localhost tmp]# ls

file1

exec	Cp	{}	/tmp	\;
Command	Command	Syntax	Destination	syntax

Alias

- You can create a shortvut for the command you are using

- Usually good if you have multiple commands

[root@localhost ~]# alias zwd='pwd' < ---Create your own Alias

[root@localhost ~]# zwd

/root

[root@localhost ~]# alias < ---see the list of Alias in your system

alias egrep='egrep --color=auto'

alias fgrep='fgrep --color=auto'

alias grep='grep --color=auto'

alias l.='ls -d .* --color=auto'

alias ll='ls -l --color=auto'

alias ls='ls --color=auto'

alias which='alias | /usr/bin/which --tty-only --read-alias --show-dot --show-tilde'

alias zwd='pwd'

[root@localhost ~]# unalias zwd < ---unalias the command

[root@localhost ~]# alias mybasic='uptime;who;free -h;date;c

[root@localhost ~]# alias

alias mybasic='uptime;who;free -h;date;cal'

[root@localhost ~]# mybasic

/dev/null

- This is considered a device

- This is usually user for filtering out the errors

- It is built in blank space – not same as recycle bin in windows

- Anything sent here will be not be retrieved

[root@localhost ~]# mybasic;ajfkljs 2>/dev/null

10-24-2020

https://youtu.be/G6DDJPAjnr0

- This command is used for creating links

- There are two type of links

Hard link

- it has same inode number

- you have to provide absolute path for source and destination

- any changes to either files, it will be updated on either side

- hard link is essentially a duplicate copy

- if the original file is deleted, hard linked file still survives

- you can also use this as backup file

- hard link is not allowed for directories

Soft link

- Symbolic link – sym link

- you have to provide absolute path for source and destination

- has different inode number

- most of the time soft link is used for reading data

- any changes to either files, it will be updated on either side

- if the original file is deleted, soft linked file is useless

- soft is allowed for directories

- inode is same for the original and soft link for directories

Hard link

[root@localhost ~]# stat file1

File: ‘file1’

Size: 0 Blocks: 0 IO Block: 4096 regular empty file

Device: fd00h/64768d Inode: 16797776 Links: 1

[root@localhost ~]# ln /root/file1 /root/folder1/xfile1

[root@localhost ~]# stat file1

Device: fd00h/64768d Inode: 16797776 Links: 2

[root@localhost ~]# stat folder1/xfile1

Device: fd00h/64768d Inode: 16797776 Links: 2

Deleting original file

[root@localhost ~]# rm -rf file1

-rw-r--r--. 1 root root 74 Oct 24 15:52 xfile1 < ---hard linked file survives and keeps the data, becomes independent

Soft link

[root@localhost ~]# ln -s /root/file1 /root/folder1/sfile1

lrwxrwxrwx. 1 root root 11 Oct 24 15:47 folder1/sfile1 -> /root/file1

[root@localhost ~]# stat file1

Device: fd00h/64768d Inode: 16797776 Links: 2

[root@localhost ~]# stat folder1/sfile1

Size: 11 Blocks: 0 IO Block: 4096 symbolic link

Device: fd00h/64768d Inode: 16864309 Links: 1

Deleting original file

[root@localhost ~]# rm -rf file1

lrwxrwxrwx. 1 root root 11 Oct 24 15:47 sfile1 -> /root/file1 < ---Soft linked file is useless

Hard link - Directory

Directory

[root@localhost ~]# ln /root/dir1 /root/folder1/xdir1

ln: ‘/root/dir1’: hard link not allowed for directory < ---hard link for the directory not allowed

Soft Link – Directory

[root@localhost ~]# ln -s /root/dir1 /root/folder1/xdir1

[root@localhost folder1]# ls -l

lrwxrwxrwx. 1 root root 10 Oct 24 16:05 xdir1 -> /root/dir1

[root@localhost ~]# rm -rf dir1

lrwxrwxrwx. 1 root root 10 Oct 24 16:05 xdir1 -> /root/dir1

[root@localhost folder1]# ls –l

lrwxrwxrwx. 1 root root 10 Oct 24 16:05 xdir1 -> /root/dir1 < ---Soft linked dir is userless

[root@localhost folder1]# cd xdir1

-bash: cd: xdir1: No such file or directory

10-24-2020

https://youtu.be/G6DDJPAjnr0

Directory Structure

[root@localhost /]# ls -l

total 16

lrwxrwxrwx. 1 root root 7 Oct 4 15:44 bin -> usr/bin

dr-xr-xr-x. 5 root root 4096 Oct 4 16:07 boot

drwxr-xr-x. 20 root root 3160 Oct 23 19:51 dev

drwxr-xr-x. 75 root root 8192 Oct 23 19:51 etc

drwxr-xr-x. 2 root root 6 Apr 11 2018 home

lrwxrwxrwx. 1 root root 7 Oct 4 15:44 lib -> usr/lib

lrwxrwxrwx. 1 root root 9 Oct 4 15:44 lib64 -> usr/lib64

drwxr-xr-x. 2 root root 6 Apr 11 2018 media

drwxr-xr-x. 2 root root 19 Oct 18 15:25 mnt

drwxr-xr-x. 2 root root 6 Apr 11 2018 opt

dr-xr-xr-x. 110 root root 0 Oct 23 19:51 proc

dr-xr-x---. 3 root root 98 Oct 24 16:18 root

drwxr-xr-x. 24 root root 760 Oct 23 19:51 run

lrwxrwxrwx. 1 root root 8 Oct 4 15:44 sbin -> usr/sbin

drwxr-xr-x. 2 root root 6 Apr 11 2018 srv

dr-xr-xr-x. 13 root root 0 Oct 23 19:50 sys

drwxrwxrwt. 8 root root 185 Oct 24 03:55 tmp

drwxr-xr-x. 13 root root 155 Oct 4 15:44 usr

drwxr-xr-x. 19 root root 267 Oct 4 16:08 var

- this is root directory

- it is top most directory

/bin

- it contains all the dinary user commands

/boot

- it contains system bootable files

/dev

- it contails all the attached devices information

/etc

- it contains all the configuration files

- short etsy

/home

- this is the home directory for the regular users

- example: /home/zafar

/lib /lib64

- it contains system library files shared by applications

/media

- unused

/mnt

- usually emply

- but used for mountin CD drives, hard drives etc.,

/opt

- its contain third party application/ software files

- examle, Orcale DB, SAP, Postfres DB etc.,

/proc

- it contains the active memory information [system processes, etc]

/root

- root user home directory

/run

- unused

/sbin

- it contains root user commands

/sys

- unused

/tmp

- this is used to keep temporary files

- regular user has access to this directory

/var

- it contains system logs and logs generated by any installed software

/usr

- its contains the backup of some fo the sysem files and olders containing optional commands

10-24-2020

https://youtu.be/G6DDJPAjnr0

Brief History

ATT – Bell labs – they developed OS Unix

Release UNIX on Dec 31, 1969

It was to be used for internal use

They though UNIX is no good and can’t use or make profit

1987 – Released to the source code to Open Source OS

IBM – AIX – its used IBM Hardware

HP – HPUX – its used HP Hardware

Sun – Solaris – it uses Sun Platform

1991 – Linus Trivold took the source code and created Linux – free

- Hardware independent

- Free for anybody

- Anybody can take and Linux Soruce Code and create your own OS

- OS must be free to the public

- Organizations, Universities and Individuals contribute to the code

- New tools and security is added for free

- Linus – Unbreakable Linux

Linux Based Distributions – Distro

- RedHat – RHEL, CentOS, Fedora

- Oracle – OEL – Oracle Enterprise Linux

- SuSE – Suse Linux – SAP

- Debian – Debian

- Ubuntu – South African – Desktop Enviornment

- Apple – iOS, macOS

- Google – Andriod

RPM – Redhat Package Manager – rpm distros

- RedHat

- Orcacle

- SuSe

- Debian

10-24-2020

https://youtu.be/G6DDJPAjnr0

Hostname

[root@localhost ~]# vi /etc/hostname

zmpt01.prod.zmprotech.com

Reboot

[root@zmpt01 ~]# hostname

zmpt01.prod.zmprotech.com

[root@zmpt01 ~]# hostnamectl

Static hostname: zmpt01.prod.zmprotech.com

Icon name: computer-vm

Chassis: vm

Machine ID: 47384aabe2f84a189b94eba36b48046c

Boot ID: 36fe385645ff48609296af23a491becd

Virtualization: kvm

Operating System: CentOS Linux 7 (Core)

CPE OS Name: cpe:/o:centos:centos:7

Kernel: Linux 3.10.0-1062.el7.x86_64

Architecture: x86-64

10-24-2020

https://youtu.be/G6DDJPAjnr0

Kernel

Unix / Linux - Getting Started - Tutorialspoint

Kernel is central component of an operating system that manages operations of computer and hardware. It basically manages operations of memory and CPU time. It is core component of an operating system

Kernel: Linux 3.10.0-1062.el7.x86_64

Major Version	Major Release	Patch	Rehat Version	Linux Verion	64 bit Arch
3	10	0	1062	el7	x86_64

You can use this to look at any package information

10-24-2020

https://youtu.be/G6DDJPAjnr0

10-25-2020

https://youtu.be/BaAolHcypdc

NIC – Network Ethernet Adapter

[root@zmpt01 ~]# cd /etc/sysconfig/network-scripts/

[root@zmpt01 network-scripts]# ls

ifcfg-enp0s3

ifcfg-enp0s8

ifcfg-enp0s9

Example of NIC configuration file - ifcfg-enp0s3

[root@zmpt01 network-scripts]# vi ifcfg-enp0s3

TYPE=Ethernet

BOOTPROTO=dhcp

NAME=enp0s3

DEVICE=enp0s3

ONBOOT=yes

TYPE=Ethernet	Connection
BOOTPROTO=dhcp	Protocol[dhcp is random ] [static is assigned]
NAME=enp0s3	This NiC name, matches with config file
DEVICE=enp0s3	This NiC device, matches with Config file
ONBOOT=yes	If yes system will automatically enable ip

DHCP

- Dynamic Host Control Protocol – IP is assigned randomly by router

- DCHP IP can change anytime

- t/s check to see if the IP address has changed

2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 08:00:27:28:09:c4 brd ff:ff:ff:ff:ff:ff

inet 192.168.56.105/24 brd 192.168.56.255 scope global noprefixroute dynamic enp0s3

valid_lft 1137sec preferred_lft 1137sec

inet6 fe80::a00:27ff:fe28:9c4/64 scope link

valid_lft forever preferred_lft forever

Static

- the IP address is assigned manually to the host/ server/ computer/ box

[root@zmpt01 network-scripts]# vi ifcfg-enp0s3

TYPE=Ethernet

BOOTPROTO=static

NAME=enp0s3

DEVICE=enp0s3

ONBOOT=yes

HWADDR=08:00:27:28:09:c4

IPADDR=192.168.56.110

NETMASK=255.255.255.0

TYPE=Ethernet	Connection
BOOTPROTO=static	Protocol[dhcp is random ] [static is assigned]
NAME=enp0s3	This NiC name, matches with config file
DEVICE=enp0s3	This NiC device, matches with Config file
ONBOOT=yes	If yes system will automatically enable ip
HWADDR=08:00:27:79:66:e0	Hardware Address or MAC Address
IPADDR=192.168.56.110	Static IP of your choice
NETMASK=255.255.255.0	Sub Network Mask

Restart the system

2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 08:00:27:28:09:c4 brd ff:ff:ff:ff:ff:ff

inet 192.168.56.110/24 brd 192.168.56.255 scope global noprefixroute enp0s3

valid_lft forever preferred_lft forever

inet6 fe80::a00:27ff:fe28:9c4/64 scope link

valid_lft forever preferred_lft forever

10-25-2020

https://youtu.be/BaAolHcypdc

NiC Bonding

Linux allows binding of multiple network interfaces into a single channel/NIC using special kernel module called bonding.

Edit files as needed and input following informaiton

[root@zmpt01 network-scripts]# cat ifcfg-enp0s3

DEVICE=enp0s3

ONBOOT=yes

BOOTPROTO=none

SLAVE=yes

MASTER=bond0

[root@zmpt01 network-scripts]# cat ifcfg-enp0s8

DEVICE=enp0s8

ONBOOT=yes

BOOTPROTO=none

SLAVE=yes

MASTER=bond0

Create file ifcfg-bond0

[root@zmpt01 network-scripts]# cat ifcfg-bond0

DEVICE=bond0

TYPE=Bond

ONBOOT=yes

BOOTPROTO=static

IPADDR=192.168.56.250

NETMASSK=255.255.255.0

Create bond configuration file

[root@zmpt01 ~]# cd /etc/modprobe.d/

[root@zmpt01 modprobe.d]# vi bonding.conf

alias bond0 bonding

Activate Bonding

[root@zmpt01 ~]# modprobe bonding

Check if the bonding is active in memory

[root@zmpt01 ~]# lsmod | grep bonding

bonding 152979 0

Restart network

[root@zmpt01 ~]# systemctl restart network

2: enp0s3: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000

link/ether 08:00:27:28:09:c4 brd ff:ff:ff:ff:ff:ff

3: enp0s8: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000

link/ether 08:00:27:28:09:c4 brd ff:ff:ff:ff:ff:ff

4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 08:00:27:f5:49:e8 brd ff:ff:ff:ff:ff:ff

inet 10.0.2.6/24 brd 10.0.2.255 scope global noprefixroute dynamic enp0s9

valid_lft 1131sec preferred_lft 1131sec

inet6 fe80::dc0b:5bd8:ba77:427f/64 scope link noprefixroute

valid_lft forever preferred_lft forever

5: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000

link/ether 08:00:27:28:09:c4 brd ff:ff:ff:ff:ff:ff

inet 192.168.56.250/24 brd 192.168.56.255 scope global noprefixroute bond0

valid_lft forever preferred_lft forever

inet6 fe80::a00:27ff:fe28:9c4/64 scope link

valid_lft forever preferred_lft forever

10-25-2020

https://youtu.be/BaAolHcypdc

Software and package Management

RPM and YUM

RPM – Redhat Package manager

This is used to manage a package – add, remove, update – not efficient

Rpm base Linux – RHEL, OEL, CentOs, Fedora, SuSE

The package extension is .rpm

YUM – Yellowdog, Updater, Modifier

Yum is the primary tool for getting, installing, deleting, querying, and managing RPM software packages

RPM

Wuery the installed packages on the system

[root@zmpt01 ~]# rpm -qa | sort

To check detailed specific dteails of package

[root@zmpt01 ~]# rpm -qi tree

Name : tree

Version : 1.6.0

Release : 10.el7

Architecture: x86_64

Install Date: Sat 10 Oct 2020 04:37:34 PM EDT

Group : Applications/File

Size : 89505

License : GPLv2+

Signature : RSA/SHA256, Fri 04 Jul 2014 01:36:46 AM EDT, Key ID 24c6a8a7f

Source RPM : tree-1.6.0-10.el7.src.rpm

Build Date : Mon 09 Jun 2014 03:28:53 PM EDT

Build Host : worker1.bsys.centos.org

Relocations : (not relocatable)

Packager : CentOS BuildSystem <http://bugs.centos.org>

Vendor : CentOS

URL : http://mama.indstate.edu/users/ice/tree/

Summary : File system tree viewer

Description :

The tree utility recursively displays the contents of directories in a

tree-like format. Tree is basically a UNIX port of the DOS tree

utility.

View by date

[root@zmpt01 ~]# rpm -qa -last | grep tree

tree-1.6.0-10.el7.x86_64 Sat 10 Oct 2020 04:37:34 PM EDT

[root@zmpt01 ~]# rpm -qa –last

View the package Location

[root@zmpt01 ~]# rpm -ql tree

/usr/bin/tree

/usr/share/doc/tree-1.6.0

/usr/share/doc/tree-1.6.0/LICENSE

/usr/share/doc/tree-1.6.0/README

/usr/share/man/man1/tree.1.gz

View the package documentation

[root@zmpt01 ~]# rpm -qld tree

/usr/share/doc/tree-1.6.0/LICENSE

/usr/share/doc/tree-1.6.0/README

/usr/share/man/man1/tree.1.gz

Check the configuration files of a package

[root@zmpt01 ~]# rpm -qlc firewalld

/etc/dbus-1/system.d/FirewallD.conf

/etc/firewalld/firewalld.conf

/etc/firewalld/lockdown-whitelist.xml

/etc/sysconfig/firewalld

Check file or folder belongs to using name

[root@zmpt01 ~]# rpm -qf /etc/firewalld/firewalld.conf

firewalld-0.6.3-2.el7.noarch

Find the documentation using the file name

[root@zmpt01 ~]# rpm -qfd /etc/firewalld

/usr/share/doc/firewalld-0.6.3/COPYING

/usr/share/doc/firewalld-0.6.3/README

/usr/share/man/man1/firewall-cmd.1.gz

/usr/share/man/man1/firewall-offline-cmd.1.gz

/usr/share/man/man1/firewalld.1.gz

/usr/share/man/man5/firewalld.conf.5.gz

/usr/share/man/man5/firewalld.dbus.5.gz

/usr/share/man/man5/firewalld.direct.5.gz

/usr/share/man/man5/firewalld.helper.5.gz

/usr/share/man/man5/firewalld.icmptype.5.gz

/usr/share/man/man5/firewalld.ipset.5.gz

/usr/share/man/man5/firewalld.lockdown-whitelist.5.gz

/usr/share/man/man5/firewalld.richlanguage.5.gz

/usr/share/man/man5/firewalld.service.5.gz

/usr/share/man/man5/firewalld.zone.5.gz

/usr/share/man/man5/firewalld.zones.5.gz

Query what package provides

[root@zmpt01 ~]# rpm -q --provides firewalld

config(firewalld) = 0.6.3-2.el7

firewalld = 0.6.3-2.el7

[root@zmpt01 ~]# rpm -q --provides tree

tree = 1.6.0-10.el7

tree(x86-64) = 1.6.0-10.el7

Package dependencies

[root@zmpt01 ~]# rpm -q --requires tree

libc.so.6()(64bit)

libc.so.6(GLIBC_2.14)(64bit)

libc.so.6(GLIBC_2.2.5)(64bit)

libc.so.6(GLIBC_2.3)(64bit)

libc.so.6(GLIBC_2.3.4)(64bit)

libc.so.6(GLIBC_2.4)(64bit)

rpmlib(CompressedFileNames) <= 3.0.4-1

rpmlib(FileDigests) <= 4.6.0-1

rpmlib(PayloadFilesHavePrefix) <= 4.0-1

rtld(GNU_HASH)

rpmlib(PayloadIsXz) <= 5.2-1

To get a list of loactions where the package will be written – when the packages in downloaded locally

[root@zmpt01 ~]# rpm -qlp firefox-68.12.0-1.el7.centos.x86_64.rpm

Man pages

[root@zmpt01 ~]# man rpm

10-25-2020

https://youtu.be/BaAolHcypdc

YUM

- YUM uses .rpm to install packages on RPM base OS [RHEL]

- YUM resolves dependencies automatically

- YUM uses repositories < --- centralized location to download software from [org, universities, companies]

- You can manitain your own local repo or use from internet

- YUM local repos is maintained by Administrator

- YUM also has a concept of group packages

- YUM group packages contain multiple packages

- Group packages can be installed and removed a group

- Groups can contain optional packages

- Installing group packages is easier and fast

- YUM check preinstalled package – system will not corrupted if you accidentally install again

- Location of local repo on the system

- /etc/yum.repos.d

- YUM gets the list of available software packages

- YUM downloads the pakcges and isntall them using .rpm libraries

- YUM updates RPM database lcoally afer installation

- *** Installing using YUM is easy

If you want to see if the package is savilable

[root@zmpt01 ~]# yum provides firefox

firefox-68.12.0-1.el7.centos.x86_64 : Mozilla Firefox Web browser

Repo : updates

To check the package dependencies

[root@zmpt01 ~]# yum deplist firefox | wc -l

Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast

551

Install using yum

[root@zmpt01 ~]# yum install firefox < ---This will install the latest availble packaged/ software

Transaction Summary

=============================================================================

Install 1 Package (+83 Dependent packages)

Total download size: 126 M

Installed size: 324 M

Is this ok [y/d/N]:

Remove package

This will not remove the dependencies

[root@zmpt01 ~]# yum remove firefox –y

Remove package and Dependencies

[root@zmpt01 ~]# yum autoremove firefox –y

10-31-2020

Check obsolete packages on your system

[root@zmpt01 ~]# yum list obsoletes

Get the list of packages which are avaible to install from repo – and still supported

[root@zmpt01 ~]# yum --showduplicates list available

firefox.i686 68.5.0-2.el7.centos base

firefox.x86_64 68.5.0-2.el7.centos base

firefox.i686 68.6.0-1.el7.centos updates

firefox.x86_64 68.6.0-1.el7.centos updates

firefox.i686 68.6.1-1.el7.centos updates

firefox.x86_64 68.6.1-1.el7.centos updates

firefox.i686 68.7.0-2.el7.centos updates

firefox.x86_64 68.7.0-2.el7.centos updates

firefox.i686 68.8.0-1.el7.centos updates

firefox.x86_64 68.8.0-1.el7.centos updates

firefox.i686 68.9.0-1.el7.centos updates

firefox.x86_64 68.9.0-1.el7.centos updates

firefox.i686 68.10.0-1.el7.centos updates

firefox.x86_64 68.10.0-1.el7.centos updates

firefox.i686 68.11.0-1.el7.centos updates

firefox.x86_64 68.11.0-1.el7.centos updates

firefox.i686 68.12.0-1.el7.centos updates

firefox.x86_64 68.12.0-1.el7.centos updates < ---if you see package underline, its installed

If you want to search the package using term

[root@zmpt01 ~]# yum search firefox

============================= N/S matched: firefox =============================

firefox.i686 : Mozilla Firefox Web browser

firefox.x86_64 : Mozilla Firefox Web browser

If you want to list all the packages from repo – ONLY LATEST PACKAGES

[root@zmpt01 ~]# yum list all | grep firefox

firefox.x86_64 68.12.0-1.el7.centos @updates

firefox.i686 68.12.0-1.el7.centos updates

Install the download only plugin

[root@zmpt01 ~]# yum install yum-plugin-downloadonly

Download locally specifiying the directory – THIS WILL ALSO DOWNLOAD THE DEPENDENT PACKAGES

[root@zmpt01 ~]# yum install --downloadonly --downloaddir=. Firefox

TO CHECK the files and directories updated by the package

[root@zmpt01 ~]# rpm -qlp firefox-68.12.0-1.el7.centos.x86_64.rpm

Reinstall the package – good when package is corrupted or configuration file is missing

[root@zmpt01 ~]# yum reinstall firefox –y < ---from repo

[root@zmpt01 ~]# yum reinstall firefox-68.12.0-1.el7.centos.x86_64.rpm –y < --- from local download

Yum detects installed files and only install corrupted files, missing and files and folder

[root@zmpt01 lib64]# rm -rf firefox

[root@zmpt01 lib64]# yum reinstall firefox-68.12.0-1.el7.centos.x86_64.rpm -y

skip package which are causing issue

--skip-broken

Resolve depsolve problems by removing packages that are causing

problems from the transaction.

[root@zmpt01 ~]# yum install --skip-broken firefox-68.12.0-1.el7.centos.x86_64.rpm -y

10-31-2020

https://youtu.be/Ds7UJ_lLG7s

System wide update

To see the installed packages

[root@zmpt01 ~]# yum list installed

Bold	Upate in repo avaiable
Bold and Underline	Current installed Kernel
Red	Package is installed but its not in repo -
Yellow	New package is available in repo

Check for updates

[root@zmpt01 ~]# yum check-updates

This will provide the current listed packes that will updated

kernel.x86_64 3.10.0-1127.19.1.el7 updates < ---Careful with the kernel update – this will system upgrade

7.1 kernel 3.10.0-229	7.1.1503/
7.2 kernel 3.10.0-327	7.2.1511/
7.3 kernel 3.10.0-514	7.3.1611/
7.4 kernel kernel 3.10.0-693	7.4.1708/
7.5 kernel 3.10.0-862	7.5.1804/
7.6 kernel 3.10.0-957	7.6.1810/
7.7 kernel 3.10.0-1062 < ---current Kernel Version	7.7.1908/
7.8 kernel 3.10.0-1127 < ---update version < ---this will be considered upgrade	7.8.2003/

7.9 kernel 3.10.0-1160

Kernel: Linux 3.10.0-1062.el7.x86_64

Major Version	Major Release	Patch	Rehat Version	Linux Verion	64 bit Arch
3	10	0	1062	el7	x86_64
3	10	0	1127	el7	X86_64

You can use this to look at any package information

[root@zmpt01 ~]# yum update –y < ---System Update

Install 2 Packages

Upgrade 141 Packages

Total download size: 258 M

Complete!

NOTE: you can see new kernel as well as old kernel

If you want you can use old kernel if there is issue after the kernel UPDATE

Kernel update is considered as security update –

Unix / Linux - Getting Started - Tutorialspoint

Kernel: Linux 3.10.0-1062.el7.x86_64

Major Version	Major Release	Patch	Rehat Version	Linux Verion	64 bit Arch
3	10	0	1062	el7	x86_64

You can use this to look at any package information

Kernel ONLY UPGrade

If only kernel update is required – Kernel update is considered Security Update

Check for available kernel

[root@zmpt01 ~]# yum list available kernel

kernel.x86_64 3.10.0-1127.19.1.el7 updates

Current version

[root@zmpt01 ~]# uname -r

3.10.0-1062.el7.x86_64

Update kernel now

================================================================================

Package Arch Version Repository Size

================================================================================

Installing:

kernel x86_64 3.10.0-1127.19.1.el7 updates 50 M

Transaction Summary

================================================================================

Install 1 Package

Total download size: 50 M

Installed size: 64 M

Is this ok [y/d/N]: y

Reboot

[root@zmpt01 ~]# init 6

The new kernel will be set as default Kernel

[root@zmpt01 ~]# uname -r

3.10.0-1127.19.1.el7.x86_64

Kernal physical location on Hard disk

[root@zmpt01 boot]# pwd

/boot

[root@zmpt01 boot]# ls -ltrh | grep vm

-rwxr-xr-x. 1 root root 6.5M Aug 7 2019 vmlinuz-3.10.0-1062.el7.x86_64 < ---Old Kernel

-rwxr-xr-x. 1 root root 6.5M Aug 25 13:27 vmlinuz-3.10.0-1127.19.1.el7.x86_64 < ---New Kernel

-rwxr-xr-x. 1 root root 6.5M Oct 4 15:49 vmlinuz-0-rescue-47384aabe2f84a189b94eba36b48046c < ---Rescue Kernel

List of installed kernels using awk command

[root@zmpt01 ~]# awk -F\' '$1=="menuentry "{print $2}' /etc/grub2.cfg

CentOS Linux (3.10.0-1127.19.1.el7.x86_64) 7 (Core) < ---This is position 0

CentOS Linux (3.10.0-1062.el7.x86_64) 7 (Core) < ---This is position 1

CentOS Linux (0-rescue-47384aabe2f84a189b94eba36b48046c) 7 (Core)

Default kernel is set in following file

[root@zmpt01 ~]# grub2-set-default 1

Old version is now default

[root@zmpt01 ~]# uname -r

3.10.0-1062.el7.x86_64

Change it to new version

[root@zmpt01 ~]# grub2-set-default 0

If you want to set BIOS based or UEFI base GRUB

BIOS based system

Grub2.mkconfig /boot/grub2/grub.cfg < ----if you see this file in this folder then it’s a BIOS based OS

----------------------------------------------------------------------------------------

UEFI based system

Grub2.mkconfig –o /boot/efi/EFI/centos/grub.cfg < ---if you see this file in this folder then it’s a UEFI based OS

10-31-2020

https://youtu.be/Ds7UJ_lLG7s

GUI Install

[root@zmpt01 ~]# uname -r

3.10.0-1062.el7.x86_64

[root@zmpt01 ~]# df -h

Filesystem Size Used Avail Use% Mounted on

devtmpfs 484M 0 484M 0% /dev

tmpfs 496M 0 496M 0% /dev/shm

tmpfs 496M 6.8M 489M 2% /run

tmpfs 496M 0 496M 0% /sys/fs/cgroup

/dev/mapper/centos-root 14G 1.8G 12G 14% / < ---Size is just about 2GB, at this point its full functioning OS

/dev/sda1 1014M 136M 879M 14% /boot

tmpfs 100M 0 100M 0% /run/user/0

GUI Installation is a major upgrade

[root@zmpt01 ~]# yum group install gnome-desktop x11 fonts –y

Install 286 Packages (+740 Dependent packages)

Upgrade ( 21 Dependent packages)

Total download size: 720 M

Complete

11-01-2020

https://www.youtube.com/watch?v=UxK_uzWrc10

Reboot

[root@zmpt01 ~]# uname -r

3.10.0-1127.19.1.el7.x86_64 < ---Kernel is updated

[root@zmpt01 ~]# df -h

Filesystem Size Used Avail Use% Mounted on

devtmpfs 479M 0 479M 0% /dev

tmpfs 496M 0 496M 0% /dev/shm

tmpfs 496M 7.2M 489M 2% /run

tmpfs 496M 0 496M 0% /sys/fs/cgroup

/dev/mapper/centos-root 14G 4.2G 9.3G 32% / < ---Size of the OS disk increased

/dev/sda1 1014M 185M 830M 19% /boot

tmpfs 100M 0 100M 0% /run/user/0

Security updates

[root@zmpt01 ~]# yum update --security

[root@zmpt01 ~]# yum update-minimal –security

Group packages

List of packages which are groouped together, usually similar packages

[root@zmpt01 ~]# yum group list

You will ge al list of group packges

Example: Security Tools, Development Tools

List of packages in the group package

[root@zmpt01 ~]# yum group info "Development Tools"

Prefix	Description
-	Pacakage was not installed and won’t be installed as par tof group
+	Package was not installed but will be installed when you install as group
=	Package was installed as part of group
Blank Space	Package was installed but not as part of the group

If you want to install a group package

[root@zmpt01 ~]# yum group install "Development Tools"

If you want to update the group package

[root@zmpt01 ~]# yum group update "Development Tools"

If you want to remvoe the group package

[root@zmpt01 ~]# yum group remove "Development Tools"

NOTE: There is no autoremove available for group uninstall

11-01-2020

https://youtu.be/UxK_uzWrc10

Runlevels

Runlevel is a operating state of a system

[root@zmpt01 ~]# who -r

run-level 3 2020-11-01 15:22

[root@zmpt01 ~]# runlevel

N 3

[root@zmpt01 ~]# systemctl get-default

multi-user.target

Linux has 7 runlevels

Runlevel 0	Shutdown mode	Init 0
Runlevel 1	Rescue, Emergency Mode – No Network	Init 1
Runlevel 2	Multi-UserMode – No NFS	Init 2
Runlevel 3	Mult-UserMode with NFS – default	Init 3
Runlevel 4	Not Used
Runlevel 5	Graphical User Mode – GUI	Init 5
Runlevel 6	Reboot	Init 6

Unless you the default runlevel, the system will boot into whatever default runlevel is

Set the default run level

systemctl set-default

- This command is used for changing default run level

- Whenever you use this command

- The symbolic link for the file /etc/systemd/system/default.target

- Is changed to the the file associated with the desired runlevel file

- Runlevel files are sitting in this location

- Most of the time you are only setting default either Multi-User or Graphical

- Runlevel 3 or Runlevel 5

During the system boot process

/etc/systemd/system/default.target

This file is actually a symlink of the targeted runlevel file

Most common is either 3 or 5

Main file read during system boot	/etc/systemd/system/default.target

Systemctl set-default	This command will chaged the symlink to either one fo the file
Multi-user.target	/usr/lib/systemd/system/multi-user.target
Graphical.target	/usr/lib/systemd/system/graphical.target.

Set the default to graphical

[root@zmpt01 ~]# systemctl set-default graphical.target

Removed symlink /etc/systemd/system/default.target.

Created symlink from /etc/systemd/system/default.target to /usr/lib/systemd/system/graphical.target.

[root@zmpt01 ~]# systemctl get-default

graphical.target

[root@zmpt01 ~]# stat /etc/systemd/system/default.target

File: ‘/etc/systemd/system/default.target’ -> ‘/usr/lib/systemd/system/graphical.target’

Size: 40 Blocks: 0 IO Block: 4096 symbolic link

Device: fd00h/64768d Inode: 2965052 Links: 1

Access: (0777/lrwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root)

Context: system_u:object_r:systemd_unit_file_t:s0

Access: 2020-11-01 16:05:23.881107580 -0600

Modify: 2020-11-01 16:05:23.702105238 -0600

Change: 2020-11-01 16:05:23.702105238 -0600

Birth: -

Set the default to multi-user

[root@zmpt01 ~]# systemctl set-default multi-user.target

Removed symlink /etc/systemd/system/default.target.

Created symlink from /etc/systemd/system/default.target to /usr/lib/systemd/system/multi-user.target.

[root@zmpt01 ~]# systemctl get-default

multi-user.target

[root@zmpt01 ~]# stat /etc/systemd/system/default.target

File: ‘/etc/systemd/system/default.target’ -> ‘/usr/lib/systemd/system/multi-user.target’

Size: 41 Blocks: 0 IO Block: 4096 symbolic link

Device: fd00h/64768d Inode: 2965067 Links: 1

Access: (0777/lrwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root)

Context: system_u:object_r:systemd_unit_file_t:s0

Access: 2020-11-01 16:10:03.827399630 -0600

Modify: 2020-11-01 16:10:03.645397251 -0600

Change: 2020-11-01 16:10:03.645397251 -0600

Birth: -

11-01-2020

https://youtu.be/UxK_uzWrc10

System boot process

System Initialization

Boot process

System goes through the following steps before OS is ready for the user

1. The computer is powered on

2. It read the BIOS – it is a physcial chip sitting on motherboard

3. BIOS – Basic Input/Ouput System

4. BIOS performs POST – Power On Self Test – System Hardware Health Check

5. Then BIOS passes control to first stage of BOOTLOADER

BOOTLOADER sits in MBR (Master Boot Record) on hard drive

BOOTLOADER has two stages

6. First stage of BOOTLOADER passes control to Second Stage of BOOTLOADER

Second stage of BOOTLOADER resides in /boot folder

7. Second stage of BOOTLOADER load vmlinuz kernel file

8. Also extracts the content of the file initramfs image file

9. Vmlinuz kernel file also load the drivers from the initramfs images

10. The kernel files starts the first process of SystemD

Now SyestemD is in comtrol

11. SystemD process

a. Reads the configuration files from /etc/systemd directory

b. While there it also reads runlevel file /etc/systemd/system/default.target

c. So whatever /etc/systemd/system/default.target is set as (Multi-user or Graphical)

d. Runlevel is loaded based on this /etc/systemd/system/default.target

e. It executes /etc/rc.local

11-01-2020

https://youtu.be/UxK_uzWrc10

Password Recovery for root user

Reboot

Interrupt boot using ‘any key’ on the keyboard to stop the countdown

‘e’ to edit the selected item

Using the arrow key, scroll to the line that starts with linux16, then go to the end of this line right side arrow key or push end key on the keyboard to jump to the end of the line.

At the end of the line give space and type ‘rd.break’

And hit left ‘ctrl + x’ on keyboard

11-07-2020

https://youtu.be/-rEm3lopuhw

Type as shown

- mount –o remount, rw /sysroot – Enter

- chroot /sysroot – Enter

- passwd – Enter

- touch /.autorelabel – Enter

- exit

- reboot

Connecting to console in VMWare

What is VMware Remote Console and how do you run it?

For IBM, HP, DELL

- HP – ILO – Integrated liteout

- IBM – HMC – Hardware Management Console

- Dell – IDRAC – Integrated Dell remote Access Control

HP – ILO – Integrated liteout

HP iLO 4 Review - StorageReview.com

IBM – HMC – Hardware Management Console

How to Initiate a Resource Dump from the HMC

Dell – IDRAC – Integrated Dell remote Access Control

For Dell User] How to open DELL iDRAC Virtual console : HKTI - Support Center

11-07-2020

https://youtu.be/-rEm3lopuhw

Disk Management

Hard Disk (Hard Drive)

IDE – Linux will handle these kind fo devices /dev/hda

SCSI – Linux will handle these kind of devices /dev/sda

Virtual drive – Linux will handle these kind of devices /dev/vda

SCSI –

Small Computer System Interface is a set of standards for physically connecting and transferring data between computers and peripheral devices. The SCSI standards define commands, protocols, electrical, optical and logical interfaces

Very first drive	/dev/sda
Second drive	/dev/sdb
Third drive	/dev/sdc

26th drive	/dev/sdz
27th drive	/dev/sdaa
28th drive	/dev/sdab

List the disk

Lsblk

[root@zmpt01 ~]# lsblk

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

sda 8:0 0 16G 0 disk

├─sda1 8:1 0 1G 0 part /boot

└─sda2 8:2 0 15G 0 part

├─centos-root 253:0 0 13.4G 0 lvm /

└─centos-swap 253:1 0 1.6G 0 lvm [SWAP]

sdb 8:16 0 16G 0 disk

sdc 8:32 0 8G 0 disk

sr0 11:0 1 1024M 0 rom

Linux handles the devices as files

[root@zmpt01 ~]# ls -l /dev/sd*

brw-rw----. 1 root disk 8, 0 Nov 7 16:54 /dev/sda

brw-rw----. 1 root disk 8, 1 Nov 7 16:54 /dev/sda1

brw-rw----. 1 root disk 8, 2 Nov 7 16:54 /dev/sda2

brw-rw----. 1 root disk 8, 16 Nov 7 16:54 /dev/sdb < ---Working on this disk

brw-rw----. 1 root disk 8, 32 Nov 7 16:54 /dev/sdc

Three comman ways to manage the disk

- Fdisk – Fixed disk setup program

- Gdisk – Same as fdisk, but uses GPT

- LVM – Logical Volume Manager

FDISK

Fixed Disk Setup Program

/dev/sdb – 16GB

8GB

/dev/sdb1

[root@zmpt01 ~]# fdisk /dev/sdb

Command (m for help): m

Command (m for help): n

Select (default p): p

Partition number (1-4, default 1): 1

First sector (2048-33554431, default 2048): < ---hit enter

Last sector, +sectors or +size{K,M,G} (2048-33554431, default 33554431): +8G

Command (m for help): w

The partition table has been altered!

10-08-2020

https://youtu.be/QLM0NTsxtwA

Run partprobe

[root@zmpt01 ~]# partprobe

[root@zmpt01 ~]# lsblk

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

sda 8:0 0 16G 0 disk

├─sda1 8:1 0 1G 0 part /boot

└─sda2 8:2 0 15G 0 part

├─centos-root 253:0 0 13.4G 0 lvm /

└─centos-swap 253:1 0 1.6G 0 lvm [SWAP]

sdb 8:16 0 16G 0 disk

└─sdb1 8:17 0 8G 0 part < ---New created partition

sdc 8:32 0 8G 0 disk

sr0 11:0 1 1024M 0 rom

Creating the file system

In computing, a file system or filesystem controls how data is stored(writing) and retrieved(access)

[root@zmpt01 ~]# mkfs.ext4 /dev/sdb1 < ---Command to create EXT4 file system

mke2fs 1.42.9 (28-Dec-2013)

Filesystem label=

OS type: Linux

Block size=4096 (log=2) < ---4KB is the default black space (smallest useable block)

Fragment size=4096 (log=2)

Stride=0 blocks, Stripe width=0 blocks

524288 inodes, 2097152 blocks

104857 blocks (5.00%) reserved for the super user

First data block=0

Maximum filesystem blocks=2147483648

64 block groups

32768 blocks per group, 32768 fragments per group

8192 inodes per group

Superblock backups stored on blocks:

32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Allocating group tables: done

Writing inode tables: done

Creating journal (32768 blocks): done

Writing superblocks and filesystem accounting information: done

Binary is base 2 = 1 0

1 = on

0 = off

2^8

4096 = 4kb minimum useable

File Size	Disk Space used 4K
0	4 kb
1 kb	4kb
2 kb	4 kb
4 kb	4 kb
6 kb	8 kb
13 kb	16 kb
21	24 kb

File System structure

File System	Max Disk Size	Single file size
Ext2	32 TB	2 TB
Ext3	32 TB	2 TB
Ext4	1 Eib	16 TB
XFS	16 Eib	500 TB for RHEL - 7 100 TB for RHEL - 8

Mount the file system – makign it available for useage

[root@zmpt01 ~]# mkdir /DATA

[root@zmpt01 ~]# mount /dev/sdb1 /DATA/ < ---you have to provide absolute path when mounting

Command	Filesystem	Mount point/ location
Mount	/dev/sdb1	/DATA

To see the disk and mount point being used

[root@zmpt01 ~]# df -h

Filesystem Size Used Avail Use% Mounted on

devtmpfs 484M 0 484M 0% /dev

tmpfs 496M 0 496M 0% /dev/shm

tmpfs 496M 6.8M 489M 2% /run

tmpfs 496M 0 496M 0% /sys/fs/cgroup

/dev/mapper/centos-root 14G 1.8G 12G 14% /

/dev/sda1 1014M 136M 879M 14% /boot

tmpfs 100M 0 100M 0% /run/user/0

/dev/sdb1 7.8G 36M 7.3G 1% /DATA

[root@zmpt01 ~]# lsblk

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

sda 8:0 0 16G 0 disk

├─sda1 8:1 0 1G 0 part /boot

└─sda2 8:2 0 15G 0 part

├─centos-root 253:0 0 13.4G 0 lvm /

└─centos-swap 253:1 0 1.6G 0 lvm [SWAP]

sdb 8:16 0 16G 0 disk

└─sdb1 8:17 0 8G 0 part /DATA

sdc 8:32 0 8G 0 disk

sr0 11:0 1 1024M 0 rom

Unmount the disk

[root@zmpt01 ~]# umount /DATA/

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

sda 8:0 0 16G 0 disk

├─sda1 8:1 0 1G 0 part /boot

└─sda2 8:2 0 15G 0 part

├─centos-root 253:0 0 13.4G 0 lvm /

└─centos-swap 253:1 0 1.6G 0 lvm [SWAP]

sdb 8:16 0 16G 0 disk

└─sdb1 8:17 0 8G 0 part

sdc 8:32 0 8G 0 disk

sr0 11:0 1 1024M 0 rom

Reboot

[root@zmpt01 ~]# df –h

The file system is not mounted

FSTAB – File System Table

Configuration file helpful during boot for mounting disks

/etc/fstab

[root@zmpt01 ~]# vi /etc/fstab

Copy th existing line and paset into new line and edit as needed

Filesystem	Mount point	Filesystem type	OS handles this	priority
/dev/sdb1	/DATA	ext4	defaults	0 0

[root@zmpt01 ~]# mount –a < ---this command will read /etc/fstab and mounts the files if not already mounted

The file system will be mounted during boot up

***persistence with the reboot***

Changing the mount point

[root@zmpt01 DATA]# touch file{1..100}

/dev/sdb1 7.8G 36M 7.3G 1% /DATA < ---Files are actually written to /dev/sdb1

[root@zmpt01 ~]# umount /DATA

[root@zmpt01 ~]# df –h

[root@zmpt01 ~]# cd /DATA/

[root@zmpt01 DATA]# ls

[root@zmpt01 ~]# mount /dev/sdb1 /IBM

[root@zmpt01 ~]# df -h

Filesystem Size Used Avail Use% Mounted on

devtmpfs 484M 0 484M 0% /dev

tmpfs 496M 0 496M 0% /dev/shm

tmpfs 496M 6.8M 489M 2% /run

tmpfs 496M 0 496M 0% /sys/fs/cgroup

/dev/mapper/centos-root 14G 1.8G 12G 14% /

/dev/sda1 1014M 136M 879M 14% /boot

tmpfs 100M 0 100M 0% /run/user/0

/dev/sdb1 7.8G 36M 7.3G 1% /IBM < ---mount point is changed to IBM, but data will still be available

[root@zmpt01 IBM]# ls

file1 file2 file30 file41 file52 file63 file74 file85 file96

UUID – Universal Unique Identifier

[root@zmpt01 ~]# blkid

/dev/sdb1: UUID="1dfbb3a5-8b04-4883-89e7-ceb9e78db6e4" TYPE="ext4"

[root@zmpt01 ~]# vi /etc/fstab

#/dev/sdb1 /DATA ext4 defaults 0 0

UUID=1dfbb3a5-8b04-4883-89e7-ceb9e78db6e4 /DATA ext4 defaults 0 0

[root@zmpt01 ~]# mount –a

[root@zmpt01 ~]# df –h

/dev/sdb1 7.8G 36M 7.3G 1% /DATA < ---UUID is associated with /dev/sdb1

Mount using label

[root@zmpt01 ~]# e2label /dev/sdb1 zmpt01

[root@zmpt01 ~]# blkid

/dev/sda1: UUID="160e6caa-b0a9-468b-9de1-04189acc84ce" TYPE="xfs"

/dev/sda2: UUID="oLnQZF-bJU0-02T3-t0wF-DhnB-2JI6-CQI9f2" TYPE="LVM2_member"

/dev/sdb1: LABEL="zmpt01" UUID="1dfbb3a5-8b04-4883-89e7-ceb9e78db6e4" TYPE="ext4"

/dev/mapper/centos-root: UUID="5c79b16a-cfd4-4d5a-8e9c-b9b1a37b4936" TYPE="xfs"

/dev/mapper/centos-swap: UUID="c7801c38-9828-49b2-8a12-7610376d8b8a" TYPE="swap"

[root@zmpt01 ~]# vi /etc/fstab

LABEL="zmpt01" /DATA ext4 defaults 0 0 < ---using the LABEL

[root@zmpt01 ~]# mount -a

[root@zmpt01 ~]# df –h

/dev/sdb1 7.8G 36M 7.3G 1% /DATA < ---Mounted using LABEL

Multiple filesystem on same disk

/dev/sdb – 16GB

8GB

/dev/sdb1

Ext4

2GB

/dev/sdb2

XFS

2GB

/dev/sdb2

XFS

2GB

/de/sdb3

swap

[root@zmpt01 ~]# fdisk /dev/sdb

Command (m for help): m

Command (m for help):

Command (m for help): n

Select (default p): p

Partition number (2-4, default 2): 2

First sector (16779264-33554431, default 16779264): < ---hit “Enter” – use default value

Last sector, +sectors or +size{K,M,G} (16779264-33554431, default 33554431): +2G

Command (m for help): p

Disk /dev/sdb: 17.2 GB, 17179869184 bytes, 33554432 sectors

Units = sectors of 1 * 512 = 512 bytes

Sector size (logical/physical): 512 bytes / 512 bytes

I/O size (minimum/optimal): 512 bytes / 512 bytes

Disk label type: dos

Disk identifier: 0x5460be06

Device Boot Start End Blocks Id System

/dev/sdb1 2048 16779263 8388608 83 Linux

/dev/sdb2 16779264 20973567 2097152 83 Linux < ---New partition is created

Command (m for help): w

[root@zmpt01 ~]# lsblk

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

sda 8:0 0 16G 0 disk

├─sda1 8:1 0 1G 0 part /boot

└─sda2 8:2 0 15G 0 part

├─centos-root 253:0 0 13.4G 0 lvm /

└─centos-swap 253:1 0 1.6G 0 lvm [SWAP]

sdb 8:16 0 16G 0 disk

├─sdb1 8:17 0 8G 0 part /DATA

└─sdb2 8:18 0 2G 0 part < ---Newly created partition 2GB

sdc 8:32 0 8G 0 disk

[root@zmpt01 ~]# mkfs.xfs /dev/sdb2

[root@zmpt01 ~]# mount /dev/sdb2 /IBM/

[root@zmpt01 ~]# df -h

Filesystem Size Used Avail Use% Mounted on

devtmpfs 484M 0 484M 0% /dev

tmpfs 496M 0 496M 0% /dev/shm

tmpfs 496M 6.8M 489M 2% /run

tmpfs 496M 0 496M 0% /sys/fs/cgroup

/dev/mapper/centos-root 14G 1.8G 12G 14% /

/dev/sda1 1014M 136M 879M 14% /boot

tmpfs 100M 0 100M 0% /run/user/0

/dev/sdb1 7.8G 36M 7.3G 1% /DATA

/dev/sdb2 2.0G 33M 2.0G 2% /IBM < ---disk is mounted to /IBM

Make appropriate entry into /etc/fstab

/dev/sdb2 /IBM xfs defaults 0 0

[root@zmpt01 ~]# mount –a

[root@zmpt01 ~]# df -h

Filesystem Size Used Avail Use% Mounted on

devtmpfs 484M 0 484M 0% /dev

tmpfs 496M 0 496M 0% /dev/shm

tmpfs 496M 6.8M 489M 2% /run

tmpfs 496M 0 496M 0% /sys/fs/cgroup

/dev/mapper/centos-root 14G 1.8G 12G 14% /

/dev/sda1 1014M 136M 879M 14% /boot

tmpfs 100M 0 100M 0% /run/user/0

/dev/sdb1 7.8G 36M 7.3G 1% /DATA

/dev/sdb2 2.0G 33M 2.0G 2% /IBM < ---disk is mounted to /IBM using mount -a

11-14-2020

https://youtu.be/AneCZr5-tLA

Extending inodes

To create random amount of blank files

touch file{1..110000}

[root@zmpt01 IBM]# df –h

/dev/sdb2 2.0G 582M 1.5G 29% /IBM

[root@zmpt01 IBM]# df –I < ---this is used for checking the iNodes

/dev/sdb2 1048640 1048640 0 100% /IBM

Ext4 file system

[root@zmpt01 ~]# df -i /dev/sdb1

Filesystem Inodes IUsed IFree IUse% Mounted on

/dev/sdb1 524288 110 524178 1% /DATA

[root@zmpt01 ~]# umount /dev/sdb1

[root@zmpt01 ~]# mkfs.ext4 -N 1000000 /dev/sdb1 < ---ALL DATA will be deleted

[root@zmpt01 ~]# mount /dev/sdb1 /DATA/

[root@zmpt01 ~]# df -i

/dev/sdb1 1000448 11 1000437 1% /DATA

Increase the partition size

[root@zmpt01 ~]# df –h

/dev/sdb2 2.0G 582M 1.5G 29% /IBM < --- Increase size of file system to 4GB

Unmount the partition that needs to be extended

[root@zmpt01 ~]# umount /IBM/

[root@zmpt01 ~]# fdisk /dev/sdb

Command (m for help): m

Command (m for help): d

Command (m for help): w

[root@zmpt01 ~]# fdisk /dev/sdb

Command (m for help): p

Command (m for help): n

Partition type:

p primary (1 primary, 0 extended, 3 free)

e extended

Select (default p): p

Partition number (2-4, default 2): 2

First sector (16779264-33554431, default 16779264):

Using default value 16779264

Last sector, +sectors or +size{K,M,G} (16779264-33554431, default 33554431): +4G

Partition 2 of type Linux and of size 4 GiB is set

Command (m for help): p

Device Boot Start End Blocks Id System

/dev/sdb1 2048 16779263 8388608 83 Linux

/dev/sdb2 16779264 25167871 4194304 83 Linux

Command (m for help): w

[root@zmpt01 ~]# partprobe

[root@zmpt01 ~]# mount –a

[root@zmpt01 ~]# df –h

/dev/sdb2 2.0G 582M 1.5G 29% /IBM

[root@zmpt01 ~]# xfs_growfs /dev/sdb2

[root@zmpt01 IBM]# df –h

/dev/sdb2 4.0G 582M 3.5G 15% /IBM

Patititon Inforamtion

- You can have maximum of four primary partitions on single disk

- If you want to create more than four partitions

- Then you need to create extended partion, then you can nest multiple partitions inside extended partition

SWAP

Swap is a space on a disk that is used when the amount of physical memory (RAM ) is full. When a lunux system runs out of RAM, inactive pages are moved from RAM to swap space. Swap space can take the form of either a dedicated swap partition or a swap file.

- What is swap? Swap is standby memory

- It’s a virtual memory used from hard drive

- Real memory is 1GB

- SWAP memory is 1.6 GB

- Total useable size is 2.6 GB

- If the real memory is full the swap is utilized

- OS will mvoe inactive processes to the swap memory

- Think of it as a safety net for Physical Memory.

[root@zmpt01 ~]# fdisk /dev/sdb

Command (m for help): p

Device Boot Start End Blocks Id System

/dev/sdb1 2048 16779263 8388608 83 Linux

/dev/sdb2 16779264 25167871 4194304 83 Linux

Command (m for help): m

Command (m for help): n

Partition type:

p primary (2 primary, 0 extended, 2 free)

e extended

Select (default p): p

Partition number (3,4, default 3): 3

First sector (25167872-33554431, default 25167872):

Using default value 25167872

Last sector, +sectors or +size{K,M,G} (25167872-33554431, default 33554431): +2G

Partition 3 of type Linux and of size 2 GiB is set

Command (m for help): m

Command (m for help): t

Partition number (1-3, default 3): 3

Hex code (type L to list all codes): 82

Changed type of partition 'Linux' to 'Linux swap / Solaris'

Command (m for help): p

Disk /dev/sdb: 17.2 GB, 17179869184 bytes, 33554432 sectors

Units = sectors of 1 * 512 = 512 bytes

Sector size (logical/physical): 512 bytes / 512 bytes

I/O size (minimum/optimal): 512 bytes / 512 bytes

Disk label type: dos

Disk identifier: 0x5460be06

Device Boot Start End Blocks Id System

/dev/sdb1 2048 16779263 8388608 83 Linux

/dev/sdb2 16779264 25167871 4194304 83 Linux

/dev/sdb3 25167872 29362175 2097152 82 Linux swap / Solaris

Command (m for help): w

[root@zmpt01 ~]# partprobe

[root@zmpt01 ~]# mkswap /dev/sdb3 < ---creates the swap partition

[root@zmpt01 ~]# swapon /dev/sdb3 < ----make the swap useable

[root@zmpt01 ~]# vi /etc/fstab

/dev/sdb3 swap swap defaults 0 0

[root@zmpt01 ~]# free -h

total used free shared buff/cache available

Mem: 991M 284M 345M 1.6M 360M 549M

Swap: 3.6G 279M 3.3G

[root@zmpt01 ~]# swapoff /dev/sdb3

[root@zmpt01 ~]# free -h

total used free shared buff/cache available

Mem: 991M 283M 347M 1.6M 360M 550M

Swap: 1.6G 278M 1.3G

[root@zmpt01 ~]# free -h

total used free shared buff/cache available

Mem: 991M 283M 347M 1.6M 360M 550M

Swap: 1.6G 278M 1.3G

[root@zmpt01 ~]# vi /etc/fstab

[root@zmpt01 ~]# swapon –a

[root@zmpt01 ~]# free -h

total used free shared buff/cache available

Mem: 991M 284M 345M 1.6M 360M 549M

Swap: 3.6G 278M 3.3G

10-14-2020

https://youtu.be/AneCZr5-tLA

LVM – Logcial Volume Manager

11-15-2020

https://youtu.be/3oC5SgcoBf0

/dev/sdc

8GB

/dev/sdd

16GB

/dev/sde

24GB

Logical Volume Group – zmpt1

48GB

Accounting

4GB

Finance

6GB

2GB

+6G

Recruiting

4 GB

Free space 26GB

LVM stand for Logical Volume Management, it’s a system of managing logical voumes or file systems, that is much more advanced and flexlible than the traditional method of partitioning a disk into one or more segments and formatting that parition with filesystem.

File system – ext4 or xfs

[root@zmpt01 ~]# lsblk

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

sda 8:0 0 16G 0 disk

├─sda1 8:1 0 1G 0 part /boot

└─sda2 8:2 0 15G 0 part

├─centos-root 253:0 0 13.4G 0 lvm /

└─centos-swap 253:1 0 1.6G 0 lvm [SWAP]

sdb 8:16 0 16G 0 disk

├─sdb1 8:17 0 8G 0 part

├─sdb2 8:18 0 4G 0 part

└─sdb3 8:19 0 2G 0 part

sdc 8:32 0 8G 0 disk

sdd 8:48 0 16G 0 disk

sde 8:64 0 24G 0 disk

[root@zmpt01 ~]# pvcreate /dev/sdc /dev/sdd /dev/sde

Physical volume "/dev/sdc" successfully created.

Physical volume "/dev/sdd" successfully created.

Physical volume "/dev/sde" successfully created.

Command	Disk1	Disk 2	Disk 3
Pvcreate	/dev/sdc	/dev/sdd	/dev/sde

[root@zmpt01 ~]# blkid

/dev/sdc: UUID="pYcEYd-WWPb-cwhu-7dn5-lMIk-vWhk-7B9x6x" TYPE="LVM2_member"

/dev/sdd: UUID="MnAGcr-jORK-JhHN-1vBB-xFtf-ECl6-uWYRS3" TYPE="LVM2_member"

/dev/sde: UUID="FpAXdB-xeBK-Hdrq-HKZa-rmF0-l0PF-sK1sGt" TYPE="LVM2_member"

[root@zmpt01 ~]# pvs

PV VG Fmt Attr PSize PFree

/dev/sda2 centos lvm2 a-- <15.00g 0

/dev/sdc lvm2 --- 8.00g 8.00g

/dev/sdd lvm2 --- 16.00g 16.00g

/dev/sde lvm2 --- 24.00g 24.00g

[root@zmpt01 ~]# vgcreate zmpt1 /dev/sdc /dev/sdd /dev/sde

Volume group "zmpt1" successfully created

zmpt1 now acts as a single disk

Command	Volume group name	Disk 1	Disk 2	Diesk 3
vgcreate	zmpt1	/dev/sdc	/dev/sdd	/dev/sde

[root@zmpt01 ~]# vgs

VG #PV #LV #SN Attr VSize VFree

centos 1 2 0 wz--n- <15.00g 0

zmpt1 3 0 0 wz--n- <47.99g <47.99g

[root@zmpt01 ~]# vgdisplay zmpt1

--- Volume group ---

VG Name zmpt1

System ID

Format lvm2

Metadata Areas 3

Metadata Sequence No 1

VG Access read/write

VG Status resizable

MAX LV 0

Cur LV 0

Open LV 0

Max PV 0

Cur PV 3

Act PV 3

VG Size <47.99 GiB

PE Size 4.00 MiB

Total PE 12285

Alloc PE / Size 0 / 0

Free PE / Size 12285 / <47.99 GiB

VG UUID pC41AQ-xwrj-NlkE-3B1i-eXcL-tTEF-NedVpe

Accounting	4GB
Finance	6GB
HR	2GB
Recruiting	4GB

[root@zmpt01 ~]# lvcreate -n Accounting -L 4G zmpt1

Logical volume "Accounting" created.

command	New	Logical volume name	Logical	Size	Volume Group
Lvcreate	-n	Accounting	-L	4G	Zmpt1

[root@zmpt01 ~]# vgs

VG #PV #LV #SN Attr VSize VFree

centos 1 2 0 wz--n- <15.00g 0

zmpt1 3 1 0 wz--n- <47.99g <43.99g

[root@zmpt01 ~]# lvdisplay zmpt1

--- Logical volume ---

LV Path /dev/zmpt1/Accounting

LV Name Accounting

VG Name zmpt1

LV UUID EnuV1G-5Suf-PfYM-KMAH-XY3O-as1A-K2rT0W

LV Write Access read/write

LV Creation host, time zmpt01.prod.zmprotech.com, 2020-11-15 16:23:14 -0500

LV Status available

# open 0

LV Size 4.00 GiB

Current LE 1024

Segments 1

Allocation inherit

Read ahead sectors auto

- currently set to 8192

Block device 253:2

[root@zmpt01 ~]# lvs zmpt1

LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert

Accounting zmpt1 -wi-a----- 4.00g

Mount the LVM paritition

[root@zmpt01 ~]# mkdir /accounting

[root@zmpt01 ~]# mount /dev/zmpt1/Accounting /accounting

[root@zmpt01 ~]# df –h

/dev/mapper/zmpt1-Accounting 4.0G 33M 4.0G 1% /accounting

[root@zmpt01 ~]# lvcreate -n Finance -L 6G zmpt1

Logical volume "Finance" created.

[root@zmpt01 ~]# lvcreate -n HR -L 2G zmpt1

Logical volume "HR" created.

[root@zmpt01 ~]# lvcreate -n Recruiting -L 4G zmpt1

Logical volume "Recruiting" created.

[root@zmpt01 ~]# mkdir /finance

[root@zmpt01 ~]# mkdir /hr

[root@zmpt01 ~]# mkdir /recruiting

[root@zmpt01 ~]# mkfs.xfs /dev/zmpt1/Finance

[root@zmpt01 ~]# mkfs.xfs /dev/zmpt1/HR

[root@zmpt01 ~]# mkfs.xfs /dev/zmpt1/Recruiting

[root@zmpt01 ~]# mount /dev/zmpt1/Finance /finance/

[root@zmpt01 ~]# mount /dev/zmpt1/HR /hr/

[root@zmpt01 ~]# mount /dev/zmpt1/Recruiting /recruiting/

[root@zmpt01 ~]# df –h

/dev/mapper/zmpt1-Accounting 4.0G 33M 4.0G 1% /accounting

/dev/mapper/zmpt1-Finance 6.0G 33M 6.0G 1% /finance

/dev/mapper/zmpt1-HR 2.0G 33M 2.0G 2% /hr

/dev/mapper/zmpt1-Recruiting 4.0G 33M 4.0G 1% /recruiting

The partitions are created randomly

[root@zmpt01 ~]# lsblk

sdc 8:32 0 8G 0 disk

├─zmpt1-Accounting 253:2 0 4G 0 lvm /accounting

└─zmpt1-HR 253:4 0 2G 0 lvm /hr

sdd 8:48 0 16G 0 disk

├─zmpt1-Finance 253:3 0 6G 0 lvm /finance

└─zmpt1-Recruiting 253:5 0 4G 0 lvm /recruiting

sde 8:64 0 24G 0 disk

[root@zmpt01 ~]# vi /etc/fstab

/dev/mapper/zmpt1-Accounting /accounting xfs defaults 0 0

/dev/mapper/zmpt1-Finance /finance xfs defaults 0 0

/dev/mapper/zmpt1-HR /hr xfs defaults 0 0

/dev/mapper/zmpt1-Recruiting /recruiting xfs defaults 0 0

[root@zmpt01 ~]# mount -a

[root@zmpt01 ~]# init 6

[root@zmpt01 ~]# df -h

Filesystem Size Used Avail Use% Mounted on

devtmpfs 484M 0 484M 0% /dev

tmpfs 496M 0 496M 0% /dev/shm

tmpfs 496M 6.8M 489M 2% /run

tmpfs 496M 0 496M 0% /sys/fs/cgroup

/dev/mapper/centos-root 14G 1.8G 12G 14% /

/dev/mapper/zmpt1-Accounting 4.0G 33M 4.0G 1% /accounting

/dev/mapper/zmpt1-HR 2.0G 33M 2.0G 2% /hr

/dev/mapper/zmpt1-Recruiting 4.0G 33M 4.0G 1% /recruiting

/dev/mapper/zmpt1-Finance 6.0G 33M 6.0G 1% /finance

/dev/sda1 1014M 136M 879M 14% /boot

tmpfs 100M 0 100M 0% /run/user/0

Extedning the Logical Volume

Simulate the disk is full HR

[root@zmpt01 hr]# dd if=/dev/zero of=zafar1 bs=4096 count=+2G

/dev/mapper/zmpt1-HR 2.0G 2.0G 20K 100% /hr

Determine the free space available

[root@zmpt01 ~]# vgs

VG #PV #LV #SN Attr VSize VFree

centos 1 2 0 wz--n- <15.00g 0

zmpt1 3 4 0 wz--n- <47.99g <31.99g < ----available disk space

[root@zmpt01 ~]# vgdisplay zmpt1

Alloc PE / Size 4096 / 16.00 GiB

Free PE / Size 8189 / <31.99 GiB < ---available disk space

[root@zmpt01 ~]# lvextend -L +6G /dev/mapper/zmpt1-HR

Size of logical volume zmpt1/HR changed from 2.00 GiB (512 extents) to 8.00 GiB (2048 extents).

Logical volume zmpt1/HR successfully resized.

Command	Logical	Size	Logical Volume
lvextend	-L	+6G	/dev/mapper/zmpt1-HR

[root@zmpt01 ~]# xfs_growfs /dev/mapper/zmpt1-HR

[root@zmpt01 ~]# df –h

/dev/mapper/zmpt1-HR 8.0G 2.0G 6.0G 25% /hr < ---now you can see the new size

[root@zmpt01 ~]# lvcreate -n LVSWAP -L 4G zmpt1

Logical volume "LVSWAP" created.

[root@zmpt01 ~]# mkswap /dev/zmpt1/LVSWAP

Setting up swapspace version 1, size = 4194300 KiB

no label, UUID=e0908f33-9f5f-461f-9ed1-f702ff06160d

[root@zmpt01 ~]# free -h

total used free shared buff/cache available

Mem: 991M 137M 75M 6.8M 777M 702M

Swap: 1.6G 0B 1.6G

[root@zmpt01 ~]# swapon /dev/mapper/zmpt1-LVSWAP

[root@zmpt01 ~]# free -h

total used free shared buff/cache available

Mem: 991M 141M 72M 6.8M 777M 699M

Swap: 5.6G 0B 5.6G

Make entry into /etc/fstab

Adding Physical Disk

Add 40GB disk

11-22-2020

https://youtu.be/bs0FE_VAUvs

[root@zmpt01 ~]# lsblk

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

sda 8:0 0 16G 0 disk

├─sda1 8:1 0 1G 0 part /boot

└─sda2 8:2 0 15G 0 part

├─centos-root 253:0 0 13.4G 0 lvm /

└─centos-swap 253:1 0 1.6G 0 lvm [SWAP]

sdb 8:16 0 16G 0 disk

├─sdb1 8:17 0 8G 0 part

├─sdb2 8:18 0 4G 0 part

└─sdb3 8:19 0 2G 0 part

sdc 8:32 0 8G 0 disk

├─zmpt1-Accounting 253:2 0 4G 0 lvm /accounting

└─zmpt1-HR 253:4 0 8G 0 lvm /hr

sdd 8:48 0 16G 0 disk

├─zmpt1-Finance 253:3 0 6G 0 lvm /finance

├─zmpt1-HR 253:4 0 8G 0 lvm /hr

└─zmpt1-Recruiting 253:5 0 4G 0 lvm /recruiting

sde 8:64 0 24G 0 disk

└─zmpt1-LVSWAP 253:6 0 4G 0 lvm

sdf 8:80 0 40G 0 disk < ---New Disk Added

sr0 11:0 1 1024M 0 rom

/dev/sdf is not part of any group yet

[root@zmpt01 ~]# vgs

VG #PV #LV #SN Attr VSize VFree

centos 1 2 0 wz--n- <15.00g 0

zmpt1 3 5 0 wz--n- <47.99g <21.99g

[root@zmpt01 ~]# pvs

PV VG Fmt Attr PSize PFree

/dev/sda2 centos lvm2 a-- <15.00g 0

/dev/sdc zmpt1 lvm2 a-- <8.00g 0

/dev/sdd zmpt1 lvm2 a-- <16.00g 1.99g

/dev/sde zmpt1 lvm2 a-- <24.00g <20.00g

Make /dev/sdf LVM formattable

[root@zmpt01 ~]# pvcreate /dev/sdf

Physical volume "/dev/sdf" successfully created.

[root@zmpt01 ~]# pvs

PV VG Fmt Attr PSize PFree

/dev/sda2 centos lvm2 a-- <15.00g 0

/dev/sdc zmpt1 lvm2 a-- <8.00g 0

/dev/sdd zmpt1 lvm2 a-- <16.00g 1.99g

/dev/sde zmpt1 lvm2 a-- <24.00g <20.00g

/dev/sdf lvm2 --- 40.00g 40.00g < ---formatted as LVM, but not part of vg – Volume Group

Add /dev/sdf to the VG – zmpt1

[root@zmpt01 ~]# vgextend zmpt1 /dev/sdf

Volume group "zmpt1" successfully extended

[root@zmpt01 ~]# pvs

PV VG Fmt Attr PSize PFree

/dev/sda2 centos lvm2 a-- <15.00g 0

/dev/sdc zmpt1 lvm2 a-- <8.00g 0

/dev/sdd zmpt1 lvm2 a-- <16.00g 1.99g

/dev/sde zmpt1 lvm2 a-- <24.00g <20.00g

/dev/sdf zmpt1 lvm2 a-- <40.00g <40.00g < ----/dev/sdf is part of zmpt1

[root@zmpt01 ~]# vgs

VG #PV #LV #SN Attr VSize VFree

centos 1 2 0 wz--n- <15.00g 0

zmpt1 4 5 0 wz--n- 87.98g 61.98g

/dev/sdd is corrupted – it need to be removed

[root@zmpt01 ~]# lsblk

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

sda 8:0 0 16G 0 disk

├─sda1 8:1 0 1G 0 part /boot

└─sda2 8:2 0 15G 0 part

├─centos-root 253:0 0 13.4G 0 lvm /

└─centos-swap 253:1 0 1.6G 0 lvm [SWAP]

sdb 8:16 0 16G 0 disk

├─sdb1 8:17 0 8G 0 part

├─sdb2 8:18 0 4G 0 part

└─sdb3 8:19 0 2G 0 part

sdc 8:32 0 8G 0 disk

├─zmpt1-Accounting 253:2 0 4G 0 lvm /accounting

└─zmpt1-HR 253:4 0 8G 0 lvm /hr

sdd 8:48 0 16G 0 disk

├─zmpt1-Finance 253:3 0 6G 0 lvm /finance

├─zmpt1-HR 253:4 0 8G 0 lvm /hr

└─zmpt1-Recruiting 253:5 0 4G 0 lvm /recruiting

sde 8:64 0 24G 0 disk

└─zmpt1-LVSWAP 253:6 0 4G 0 lvm

sdf 8:80 0 40G 0 disk

sr0 11:0 1 1024M 0 rom

This command will move LVM structure, Data and Block information from /dev/sdd to /dev/sdf – link cloning

[root@zmpt01 ~]# pvmove /dev/sdd /dev/sdf

/dev/sdd: Moved: 0.14%

/dev/sdd: Moved: 42.85%

/dev/sdd: Moved: 71.44%

/dev/sdd: Moved: 100.00%

[root@zmpt01 ~]# lsblk

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

sda 8:0 0 16G 0 disk

├─sda1 8:1 0 1G 0 part /boot

└─sda2 8:2 0 15G 0 part

├─centos-root 253:0 0 13.4G 0 lvm /

└─centos-swap 253:1 0 1.6G 0 lvm [SWAP]

sdb 8:16 0 16G 0 disk

├─sdb1 8:17 0 8G 0 part

├─sdb2 8:18 0 4G 0 part

└─sdb3 8:19 0 2G 0 part

sdc 8:32 0 8G 0 disk

├─zmpt1-Accounting 253:2 0 4G 0 lvm /accounting

└─zmpt1-HR 253:4 0 8G 0 lvm /hr

sdd 8:48 0 16G 0 disk

sde 8:64 0 24G 0 disk

└─zmpt1-LVSWAP 253:6 0 4G 0 lvm

sdf 8:80 0 40G 0 disk

├─zmpt1-Finance 253:3 0 6G 0 lvm /finance

├─zmpt1-HR 253:4 0 8G 0 lvm /hr

└─zmpt1-Recruiting 253:5 0 4G 0 lvm /recruiting

sr0 11:0 1 1024M 0 rom

[root@zmpt01 ~]# lvs

LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert

root centos -wi-ao---- 13.39g

swap centos -wi-ao---- 1.60g

Accounting zmpt1 -wi-ao---- 4.00g

Finance zmpt1 -wi-ao---- 6.00g

HR zmpt1 -wi-ao---- 8.00g

LVSWAP zmpt1 -wi-a----- 4.00g

Recruiting zmpt1 -wi-ao---- 4.00g

[root@zmpt01 ~]# pvs

PV VG Fmt Attr PSize PFree

/dev/sda2 centos lvm2 a-- <15.00g 0

/dev/sdc zmpt1 lvm2 a-- <8.00g 0 < --- Remove the corrupted disk

/dev/sdd zmpt1 lvm2 a-- <16.00g <16.00g

/dev/sde zmpt1 lvm2 a-- <24.00g <20.00g

/dev/sdf zmpt1 lvm2 a-- <40.00g 25.99g

[root@zmpt01 ~]# vgreduce zmpt1 /dev/sdd

Removed "/dev/sdd" from volume group "zmpt1"

[root@zmpt01 ~]# pvs

PV VG Fmt Attr PSize PFree

/dev/sda2 centos lvm2 a-- <15.00g 0

/dev/sdc zmpt1 lvm2 a-- <8.00g 0

/dev/sdd lvm2 --- 16.00g 16.00g < --- Remove completed

/dev/sde zmpt1 lvm2 a-- <24.00g <20.00g

/dev/sdf zmpt1 lvm2 a-- <40.00g 25.99g

/dev/sdc 8GB			/dev/sde 24GB			/dev/sdf 40GB
Logical Volume Group – zmpt1 72GB
Accounting 4GB	Finance 6GB	HR 2GB		HR +6G	Recruiting 4 GB		SWAP 4GB	Free space 46GB

Increase inodes to xfs files system /dev/sdd1

[root@zmpt01 ~]# df -i /dev/sdc

Filesystem Inodes IUsed IFree IUse% Mounted on

devtmpfs 123861 446 123415 1% /dev

[root@zmpt01 mnt]# df -i /dev/sdd1

Filesystem Inodes IUsed IFree IUse% Mounted on

/dev/sdd1 1048576 10003 1038573 1% /mnt

[root@zmpt01 ~]# xfs_growfs -m 40 /dev/sdd1

[root@zmpt01 ~]# xfs_db -f -c "sb 0" -c "p" /dev/sdd1 | grep imax_pct

imax_pct = 40

[root@zmpt01 ~]# df -i /dev/sdd1

Filesystem Inodes IUsed IFree IUse% Mounted on

/dev/sdd1 1677720 10003 1667717 1% /mnt

There is no data loss

Delete LV and VG – decommisioning of Physcial Harware

[root@zmpt01 ~]# vgs

VG #PV #LV #SN Attr VSize VFree

centos 1 2 0 wz--n- <15.00g 0

zmpt1 3 5 0 wz--n- <71.99g <45.99g < ---Target LVM to delete

[root@zmpt01 ~]# pvs

PV VG Fmt Attr PSize PFree

/dev/sda2 centos lvm2 a-- <15.00g 0

/dev/sdc zmpt1 lvm2 a-- <8.00g 0

/dev/sde zmpt1 lvm2 a-- <24.00g <20.00g

/dev/sdf zmpt1 lvm2 a-- <40.00g 25.99g

[root@zmpt01 ~]# umount –a

[root@zmpt01 ~]# vgremove zmpt1 -y

Logical volume "Accounting" successfully removed

Logical volume "Finance" successfully removed

Logical volume "HR" successfully removed

Logical volume "Recruiting" successfully removed

Logical volume "LVSWAP" successfully removed

Volume group "zmpt1" successfully removed

[root@zmpt01 ~]# blkid

/dev/sda1: UUID="160e6caa-b0a9-468b-9de1-04189acc84ce" TYPE="xfs"

/dev/sda2: UUID="oLnQZF-bJU0-02T3-t0wF-DhnB-2JI6-CQI9f2" TYPE="LVM2_member"

/dev/sdb1: UUID="47d30ab1-92ee-4dc8-8c79-ef9dd898e1f0" TYPE="ext4"

/dev/sdb2: UUID="e5a18729-daf6-4c7b-89db-3a5979d3c254" TYPE="xfs"

/dev/sdb3: UUID="7d459795-930e-4cc5-b737-a84b452ff04a" TYPE="swap"

/dev/sdc: UUID="pYcEYd-WWPb-cwhu-7dn5-lMIk-vWhk-7B9x6x" TYPE="LVM2_member"

/dev/sde: UUID="FpAXdB-xeBK-Hdrq-HKZa-rmF0-l0PF-sK1sGt" TYPE="LVM2_member"

/dev/sdf: UUID="ZoCio8-qWEh-NG7u-HlLR-hLph-Rpl5-d9x6mr" TYPE="LVM2_member"

/dev/mapper/centos-root: UUID="5c79b16a-cfd4-4d5a-8e9c-b9b1a37b4936" TYPE="xfs"

/dev/mapper/centos-swap: UUID="c7801c38-9828-49b2-8a12-7610376d8b8a" TYPE="swap"

/dev/sdd1: UUID="5588ebda-0031-4b2b-b80e-a5a1a68e0bf7" TYPE="xfs"

[root@zmpt01 ~]# pvs

PV VG Fmt Attr PSize PFree

/dev/sda2 centos lvm2 a-- <15.00g 0

/dev/sdc lvm2 --- 8.00g 8.00g

/dev/sde lvm2 --- 24.00g 24.00g

/dev/sdf lvm2 --- 40.00g 40.00g

[root@zmpt01 ~]# pvremove /dev/sdc /dev/sde /dev/sdf

Labels on physical volume "/dev/sdc" successfully wiped.

Labels on physical volume "/dev/sde" successfully wiped.

Labels on physical volume "/dev/sdf" successfully wiped.

11-22-2020

https://youtu.be/bs0FE_VAUvs

Emergency Mode

- The system boot to emergency mode. But why?

a. Missing drives

b. The file system is corrupted

c. The file system is unmountable

- During boot process /etc/fstab read by system

- This will halt the system going into default mode

- Enter password

- Edit /etc/fstab

- Comment out the missing disks

Filesystem	Mount point	Filesystem type	OS handles this	Priority – 0 1 or 2
/dev/sdb1	/DATA	ext4	defaults	0 0

File System Check
0	skip
1	1 higher priority
2	2 lesser priority

For demo purpose lests corrupt file system – triggring

[root@zmpt01 ~]# dd if=/dev/zero of=/dev/sdd1 bs=1k count=1024 < ---corrupted on block size

1024+0 records in

1024+0 records out

1048576 bytes (1.0 MB) copied, 0.00584049 s, 180 MB/s

System will halt and goes into emergency mode

Emergency mode is in Read Only mode

mount –o remount, rw / #< --- Command to load system in read/ write mode, so you can edit /etc/fstab

Putty is disabled – because Emergency mode is without network

Run mount –a

xfs_repair /dev/sdd1 #< ----run this command to repair in real world scenerio

90% successful – Quaratine the bad sectors

For ext4

fsck /dev/sdd1

fsck – file system check

11-28-2020

https://youtu.be/fQlqwMi7JQQ

DD - Disk Duplication

DD command does the exact photo copy of source to destination

Source

sdb 8:16 0 16G 0 disk

├─sdb1 8:17 0 8G 0 part

├─sdb2 8:18 0 4G 0 part

└─sdb3 8:19 0 2G 0 part

Destination

sdf 8:80 0 40G 0 disk

[root@zmpt01 ~]# dd if=/dev/sdb of=/dev/sdf

Command	If = stands for InPut File	Of – stands for Out Put File
dd	if=/dev/sdb	of=/dev/sdf

The destination disk must be same size or higher in capacity

Disk Duplication is independent of file system

Example, you can disk duplicate a Windows file system

33554432+0 records in # < ----Exact match of in and out

33554432+0 records out # < ----Exact match of in and out

17179869184 bytes (17 GB) copied, 608.854 s, 28.2 MB/s

sdb 8:16 0 16G 0 disk

├─sdb1 8:17 0 8G 0 part

├─sdb2 8:18 0 4G 0 part

└─sdb3 8:19 0 2G 0 part

/dev/sdb1: UUID="47d30ab1-92ee-4dc8-8c79-ef9dd898e1f0" TYPE="ext4"

/dev/sdb2: UUID="e5a18729-daf6-4c7b-89db-3a5979d3c254" TYPE="xfs"

/dev/sdb3: UUID="7d459795-930e-4cc5-b737-a84b452ff04a" TYPE="swap"

Exact replica – even the UUID is duplicated

sdf 8:80 0 40G 0 disk

├─sdf1 8:81 0 8G 0 part

├─sdf2 8:82 0 4G 0 part

└─sdf3 8:83 0 2G 0 part

/dev/sdf1: UUID="47d30ab1-92ee-4dc8-8c79-ef9dd898e1f0" TYPE="ext4"

/dev/sdf2: UUID="e5a18729-daf6-4c7b-89db-3a5979d3c254" TYPE="xfs"

/dev/sdf3: UUID="7d459795-930e-4cc5-b737-a84b452ff04a" TYPE="swap"

Create Large file

[root@zmpt01 ~]# dd if=/dev/zero of=zafar1 count=1 bs=2G

0+1 records in

0+1 records out

2147479552 bytes (2.1 GB) copied, 75.7903 s, 28.3 MB/s

Command	If = stands for InPut File	Of – stands for Out Put File	Count	Byte Size
Dd	If=/dev/zero	Of=zafar1	count=1	bs=2G

[root@zmpt01 ~]# ls -ltrh

total 2.0G

-rw-r--r--. 1 root root 2.0G Nov 28 16:01 zafar1

Good for network t/s

Wipe the disk

This is the lowest level of disk wipe

[root@zmpt01 ~]# dd if=/dev/zero of=/dev/sdb

dd: writing to ‘/dev/sdb’: No space left on device

33554433+0 records in

33554432+0 records out

17179869184 bytes (17 GB) copied, 610.231 s, 28.2 MB/s

11-28-2020

https://youtu.be/fQlqwMi7JQQ

Hostname

[root@localhost ~]# vi /etc/hostname

zmpt01.prod.zmprotech.com

Reboot

[root@zmpt01 ~]# hostname

zmpt01.prod.zmprotech.com

[root@zmpt01 ~]# hostnamectl

Static hostname: zmpt01.prod.zmprotech.com

Icon name: computer-vm

Chassis: vm

Machine ID: 47384aabe2f84a189b94eba36b48046c

Boot ID: 36fe385645ff48609296af23a491becd

Virtualization: kvm

Operating System: CentOS Linux 7 (Core)

CPE OS Name: cpe:/o:centos:centos:7

Kernel: Linux 3.10.0-1062.el7.x86_64

Architecture: x86-64

zmpt01.prod.zmprotech.com

zmpt02.prod.zmprotech.com

zmpt03.prod.zmprotech.com < --- Production, needs ticket and change request to work on

zmpt01.dev.zmprotech.com < --- Development

zmpt01.test.zmprotech.com < --- Test

zmpt01.dep.zmprotech.com < --- deployment

zmpt01.snd.zmprotech.com < --- Sandbox

11-28-2020

https://youtu.be/fQlqwMi7JQQ

SSH – Secure Shell

[root@zmpt01 ~]# ssh 192.168.56.109

The authenticity of host '192.168.56.109 (192.168.56.109)' can't be established.

ECDSA key fingerprint is SHA256:e3LN1URGQEPwXaMbDeo+aTYev2cOOWnP3WKmaRG9gRU. < --- #1

ECDSA key fingerprint is MD5:de:11:30:dd:ef:9e:ae:0a:ab:49:16:29:c9:08:36:8f. < --- #2

Are you sure you want to continue connecting (yes/no)? yes < --- #3

Warning: Permanently added '192.168.56.109' (ECDSA) to the list of known hosts.

root@192.168.56.109's password: < --- #4

11-29-2020

https://youtu.be/DVtaIAskm3Y

Now logged into the remote server

Last login: Sun Nov 29 15:31:38 2020 from 192.168.56.250

[root@zmpt02 ~]# hostname

zmpt02.prod.zmprotech.com

Connecting as non-root user

[root@zmpt01 ~]# ssh zafar@71.57.95.5

The authenticity of host '71.57.95.5 (71.57.95.5)' can't be established.

ECDSA key fingerprint is SHA256:6C8O0slMqNbzLMaV2Lm4OrBh29qCtTHeoFi1bgRY6BQ.

ECDSA key fingerprint is MD5:bb:19:a3:ed:01:6d:8e:c5:6a:b7:3c:35:8b:ea:3f:97.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '71.57.95.5' (ECDSA) to the list of known hosts.

zafar@71.57.95.5's password:

[root@zmpt01 .ssh]# pwd

/root/.ssh

[root@zmpt01 .ssh]# cat known_hosts

192.168.56.109 ecdsa-sha2-nistp256

AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOPP3wf/x3cI2qcKmTcH4KPch

JHdTAHRnnO4ASznR9xZ06KCsbWyXQoj/5p+E85DH9cFmCKh+5rFED8bQZfKH2Q=

71.57.95.5 ecdsa-sha2-nistp256

AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNXZK5HP3F1AdNYJ5gKTio6z/

uJcDzAAdDPIcolYXUBd+r6Qv2PJqXiSq6OlMJrXUDxdTsfr4SofXL6bQWCX59Y=

Passwordless sSH

[root@zmpt01 .ssh]# ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa): < --- Hit Enter

Enter passphrase (empty for no passphrase): < --- Hit Enter

Enter same passphrase again: < --- Hit Enter

Your identification has been saved in /root/.ssh/id_rsa. < --- Generates Private Key

Your public key has been saved in /root/.ssh/id_rsa.pub. < --- Gererates Public Key

The key fingerprint is:

SHA256:PFH7mLOaE/vac1SEZ867YhYKusl1PwNJ7UpSzHI3RSE root@zmpt01.prod.zmprotech.com

The key's randomart image is:

+---[RSA 2048]----+

| . Eoo. |

| . ...= |

| .o.. B |

| ...*++ + |

| S=++.o . |

| +.+o+ . |

| ..*o= . . |

| ..oo=+.B . |

| +.++o=.+ |

+----[SHA256]-----+

[root@zmpt01 .ssh]#

[root@zmpt01 .ssh]# pwd

/root/.ssh

[root@zmpt01 .ssh]# ls -la

total 12

drwx------. 2 root root 57 Nov 29 16:02 .

dr-xr-x---. 3 root root 123 Nov 28 17:46 ..

-rw-------. 1 root root 1675 Nov 29 16:02 id_rsa < --- Private Key

-rw-r--r--. 1 root root 412 Nov 29 16:02 id_rsa.pub < --- Public Key

-rw-r--r--. 1 root root 348 Nov 29 15:52 known_hosts < --- Saves Public key of previously connected hosts

[root@zmpt01 .ssh]# ssh-copy-id 192.168.56.109

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"

The authenticity of host '192.168.56.109 (192.168.56.109)' can't be established.

ECDSA key fingerprint is SHA256:e3LN1URGQEPwXaMbDeo+aTYev2cOOWnP3WKmaRG9gRU.

ECDSA key fingerprint is MD5:de:11:30:dd:ef:9e:ae:0a:ab:49:16:29:c9:08:36:8f.

Are you sure you want to continue connecting (yes/no)? yes

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

root@192.168.56.109's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh '192.168.56.109'"

and check to make sure that only the key(s) you wanted were added.

[root@zmpt01 ~]# ssh 192.168.56.109

Last login: Sun Nov 29 16:49:50 2020 from 192.168.56.250

[root@zmpt02 ~]# hostname

zmpt02.prod.zmprotech.com

[root@zmpt02 ~]# cd .ssh/

[root@zmpt02 .ssh]# ls -la

total 4

drwx------. 2 root root 29 Nov 29 16:20 .

dr-xr-x---. 3 root root 123 Nov 29 16:20 ..

-rw-------. 1 root root 412 Nov 29 16:20 authorized_keys < --- New file with authorized keys of known hosts

[root@zmpt01 .ssh]# cat id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4xSOCeATZnKwEUTzSoKns4zEioGBP3uUq9bXVZ1CTIKtGMx4snIq6q

+/q331sGFKZsEMdgxMaGLy3/mp6bl5Nv2D1LeqCVvkmoeW5+rEWn853ggV2Syjigo2UrXqnVUK05Ks6cAmlqPYC3TWvmTH

nbSMKqbfQGKykxEkF0Xv/CRm3FSyVW7S1Aq5yPavAQa0+TFkaxBUO7Ooy+3QZ6Jolb8UiQROo7WdPAkITAOUJoYTVHujKBh

D9Pf21PutmdiKhqHUX2rlw1HJmUJQFYRBwlJ3INd+Q9qDjllQ1wiPyi/XpmoenGkHjqEXjsQzJGEAQtFd9ayMybdh+TNnb/

xCX root@zmpt01.prod.zmprotech.com

[root@zmpt02 .ssh]# cat authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4xSOCeATZnKwEUTzSoKns4zEioGBP3uUq9bXVZ1CTIKtGMx4snIq6q

+/q331sGFKZsEMdgxMaGLy3/mp6bl5Nv2D1LeqCVvkmoeW5+rEWn853ggV2Syjigo2UrXqnVUK05Ks6cAmlqPYC3TWvmTH

nbSMKqbfQGKykxEkF0Xv/CRm3FSyVW7S1Aq5yPavAQa0+TFkaxBUO7Ooy+3QZ6Jolb8UiQROo7WdPAkITAOUJoYTVHujKBh

D9Pf21PutmdiKhqHUX2rlw1HJmUJQFYRBwlJ3INd+Q9qDjllQ1wiPyi/XpmoenGkHjqEXjsQzJGEAQtFd9ayMybdh+TNnb/

xCX root@zmpt01.prod.zmprotech.com

NOTE: This is good only for each specific user, you have to establish same connection for each user

Configure Host security – Deny direct root connection

How to Record SSH Sessions Established Through a Bastion Host | AWS Security Blog

Secure the server

zmpt02.prod.zmprotech.com

[root@zmpt02 ~]# vi /etc/ssh/sshd_config

PermitRootLogin no < ---root login line is uncommented and changed to no from yes

Restart the service

[root@zmpt02 ~]# systemctl restart sshd < --- Change will take affect after restart of service

[root@zmpt01 ~]# ssh 192.168.56.109

root@192.168.56.109's password:

Permission denied, please try again.

Deny access fro mspecific network

[root@zmpt02 ~]# vi /etc/ssh/sshd_config

ListenAddress 0.0.0.0

ListenAddress 192.168.56.0/24

[root@zmpt01 ~]# ssh 192.168.56.109

ssh: connect to host 192.168.56.109 port 22: Connection refused

Allow only specific users

[root@zmpt02 ~]# vi /etc/ssh/sshd_config #< --- Add line at the end of file

AllowUsers terminator

12-05-2020

Daemon

A Daemon (back ground process) is Linux program that runs in the background. Almost all daemons have names that end with “d”. for example httpd – handles the Apaceh web server, sshd – handles the SSH connection. Daemons are started when the system is rebooted, it its enabled to be active when the system is up.

Daemon means a service running in background – example sshd

[root@zmpt02 ~]# systemctl status sshd

● sshd.service - OpenSSH server daemon

Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)

Active: active (running) since Sat 2020-12-05 13:27:39 EST; 1min 5s ago

Docs: man:sshd(8)

man:sshd_config(5)

Main PID: 23357 (sshd)

CGroup: /system.slice/sshd.service

└─23357 /usr/sbin/sshd -D

Check status of service

[root@zmpt02 ~]# systemctl status sshd

Stop the service

[root@zmpt02 ~]# systemctl stop sshd

Start the service

[root@zmpt02 ~]# systemctl start sshd

Disable the service – the service will not start after reboot

[root@zmpt02 ~]# systemctl disable sshd

Removed symlink /etc/systemd/system/multi-user.target.wants/sshd.service.

● sshd.service - OpenSSH server daemon

Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled)

Enable the service – this service will be started/ active once the system boots up

[root@zmpt02 ~]# systemctl enable sshd

Created symlink from /etc/systemd/system/multi-user.target.wants/sshd.service to /usr/lib/systemd/syste

12-05-2020

https://youtu.be/j7GrSo7XFdQ

User Administration

Root – Administrator – super user

- Root user has highest level of access

- Root user cannot be renamed

- Never share root password

- Don’t put password in chats or text messages

- Root user access to Company Data

Creat a user

[root@zmpt01 ~]# useradd terminator

The file /etc/passwd gets updated

terminator:x:1000:1000::/home/terminator:/bin/bash

User	Check for password	User id –UID	Group id – GID	User info text	User home	Shell type
Terminator	x	1000	1000		/home/terminator	/bin/bash

[root@zmpt01 ~]# id terminator

uid=1000(terminator) gid=1000(terminator) groups=1000(terminator)

UID – User Id	GID – user primary group	Group User is part of
uid=1000(terminator)	gid=1000(terminator)	groups=1000(terminator)

[root@zmpt01 ~]# id 1000

uid=1000(terminator) gid=1000(terminator) groups=1000(terminator)

Switching to regular user from root

[root@zmpt01 ~]# su terminator

[terminator@zmpt01 root]$ whoami

Terminator

Set the user password

[root@zmpt01 ~]# passwd terminator

Changing password for user terminator.

New password:

BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word

Retype new password:

passwd: all authentication tokens updated successfully.

Note: root user don’t have follow password restrictions, any password will be allowed

Set password as user terminatior

[terminator@zmpt01 ~]$ passwd

Changing password for user terminator.

Changing password for terminator.

(current) UNIX password:

New password:

BAD PASSWORD: The password is too similar to the old one

New password:

BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word

New password:

Retype new password:

passwd: all authentication tokens updated successfully.

Password file - Shadow file

[root@zmpt01 ~]# vi /etc/shadow

terminator:$6$pF2bCs4Z$Yifb7T/yi5uUkGm9lSpGRWxWPrXR.hwYEqbQkxOQ7npyTJpoTtjV

cWfxutdD0W4233i791Ud3Zt7Ec5t1/69C.:18601:0:99999:7:::

User	Password	Dec 31 1969	Grace Period	Expiration date from last update	Warning days
terminator	$6$pF2bCs4Z..	18601	0	60	7

Group file

[root@zmpt01 ~]# vi /etc/group

terminator:x:1000:

Group Name	Check for password	Group id - GID
Terminator	x	1000

Where is all the setting defined for users, groups and passwords?

[root@zmpt01 ~]# vi /etc/login.defs

PASS_MAX_DAYS 60

PASS_MIN_DAYS 0

PASS_MIN_LEN 5

PASS_WARN_AGE 7

UID_MIN 3000

UID_MAX 60000

GID_MIN 4000

GID_MAX 60000

[root@zmpt01 ~]# useradd xmen

[root@zmpt01 ~]# id xmen

uid=3000(xmen) gid=4000(xmen) groups=4000(xmen)

Assigning same password as a another user

[root@zmpt01 ~]# vi /etc/shadow

terminator:$6$87Fs/vJF$EHqhBznCvyU

5w4d3XsL6tfsaB7Q3WcDnf8xVB0.NwO

bSnBZo/Sw6KTG.qpBfvwvo.AkOajFd.PiKjuE1IAytQ.:18601:0:99999:7:::

xmen:$6$87Fs/vJF$EHqhBznCvyU

5w4d3XsL6tfsaB7Q3WcDnf8xVB0.NwO

bSnBZo/Sw6KTG.qpBfvwvo.AkOajFd.PiKjuE1IAytQ.:18601:0:60:1:::

xmen@192.168.56.250's password:

Last login: Sat Dec 5 14:57:51 2020 from 192.168.56.1

Create user manually

Copy the existing line and paste in new line

[root@zmpt01 ~]# vi /etc/passwd

spiderman:x:5005:6005::/home/spiderman:/bin/bash

Create group manually

spiderman:x:6005:

Create password maually

[root@zmpt01 ~]# vi /etc/passwd

spiderman:$6$87Fs/vJF$EHqhBznCvyU5w4d3XsL6tfsaB7Q3WcDnf8xVB0.

NwObSnBZo/Sw6KTG.qpBfvwvo.AkOajFd.PiKjuE1IAytQ.:18601:0:60:7:::

Create user home directory manually

[root@zmpt01 home]# mkdir spiderman

Change the permissions for spiderman home directory

[root@zmpt01 home]# chown spiderman:spiderman spiderman

[root@zmpt01 home]# chown 5005:6005 spiderman

Change the permissions either user the name or the id’s

[root@zmpt01 home]# ls -ls

total 0

0 drwxr-xr-x. 2 spiderman spiderman 6 Dec 5 15:16 spiderman

spiderman@192.168.56.250's password:

Last login: Sat Dec 5 15:15:37 2020 from 192.168.56.1

-bash-4.2$ pwd

/home/spiderman

.bashrc - .bash_profile - .bash_history are missing

-bash-4.2$ cp /etc/skel/.bash* .

-bash-4.2$ ls -la

total 12

drwxr-xr-x. 2 spiderman spiderman 62 Dec 5 15:26 .

drwxr-xr-x. 5 root root 53 Dec 5 15:16 ..

-rw-r--r--. 1 spiderman spiderman 18 Dec 5 15:26 .bash_log out

-rw-r--r--. 1 spiderman spiderman 193 Dec 5 15:26 .bash_pro file

-rw-r--r--. 1 spiderman spiderman 231 Dec 5 15:26 .bashrc

Difference between root user and regular user

[root@zmpt01 ~]# < --- # root user

[spiderman@zmpt01 ~]$ < --- $ regular user

SuDO access

SuDO = Super User DO

Super user access – but not full root access.

- It allows regular user to perform taks wich requires admin access

User without SuDO access

[terminator@zmpt01 ~]$ yum install firefox -y

Loaded plugins: fastestmirror

You need to be root to perform this command.

[terminator@zmpt01 ~]$

Informational

[root@zmpt01 ~]# visudo

## Allows people in group wheel to run all commands

%wheel ALL=(ALL) ALL < --- making sure wheel group is not commented out

Grant Access to SuDO

[root@zmpt01 ~]# usermod -aG wheel terminator

[root@zmpt01 ~]# id terminator

uid=1000(terminator) gid=1000(terminator) groups=1000(terminator),10(wheel)

usermod -aG wheel terminator

Command

Adding to group

-a add

-G secondary group

Groupd name/ id

User name/ user id

Usermod

-aG

Wheel

Terminator

Run sudo commands

[terminator@zmpt01 ~]$ sudo yum install firefox -y

[sudo] password for terminator:

Successfully completed

Complete!

Switch to root

[terminator@zmpt01 ~]$ sudo su -

Last login: Sat Nov 28 17:01:34 EST 2020 from 192.168.56.1 on pts/0

[root@zmpt01 ~]#

12-06-2020

https://youtu.be/dnuAu24KUuE

Permissions

File permission

[root@zmpt01 ~]# ls -l

total 0

-rw-r--r--. 1 root root 0 Dec 6 13:22 file

Ver first ‘-‘ is not part of permissions, but indicates it’s a file1

User – u			Group – g			Other – o
Read	Write	Execute	Read	Write	Execute	Read	Write	Execute
r	w	x	r	w	x	r	w	x
4	2	1	4	2	1	4	2	1

Read = 4

Write = 2

Execute = 1

Read = read the file, read permissions

Write = write into the file, edit permissions

Execute = for script file, execute file, deleting file or folder

Number value of permission for file1

-rw-r--r--. 1 root root 0 Dec 6 13:22 file

User	Group	Others
rw-	r- -	r- -
6	4	4

So the final permission number for file1 is 644

644 is also default permission for file in Linux System

Modify the permissions

Grant ‘rw’ permission for all

Number for read write is 6 = 4 + 2

rw- = 6

[root@zmpt01 ~]# chmod 666 file1 #< ---chmod will modify the permissions

[root@zmpt01 ~]# ls -l

total 0

-rw-rw-rw-. 1 root root 0 Dec 6 13:34 file1

Grant additional execute permission to group

rw-rwxrw-

rw- = 6

rwx = 7

rw- = 6

[root@zmpt01 ~]# chmod 676 file1

[root@zmpt01 ~]# ls -l

total 0

-rw-rwxrw-. 1 root root 0 Dec 6 13:34 file1

Take away all the permissions from everybody

--------- = 000

[root@zmpt01 ~]# chmod 000 file1

[root@zmpt01 ~]# ls -l

total 0

----------. 1 root root 0 Dec 6 13:34 file1

regardless of permissions set, root user has unrestricted permisions

Note: if you are modifying permissions using number, it must be three digits

Changing permissions using associated letter

Grant read and write permission only User/ owner

-rw------- = 600 = u+rw

[root@zmpt01 ~]# chmod u+rw file1

[root@zmpt01 ~]# ls -l

total 0

-rw-------. 1 root root 0 Dec 6 13:34 file1

Grant everybody read write permissions

-rw-rw-rw- = 666 = ugo+rw

[root@zmpt01 ~]# chmod ugo+rw file1

[root@zmpt01 ~]# ls -l

total 0

-rw-rw-rw-. 1 root root 0 Dec 6 13:34 file1

-rw-rw-rw-

Remove write permission for others

-rw-rw-r-- = 664 = o-w

[root@zmpt01 ~]# chmod o-w file1

[root@zmpt01 ~]# ls -l

total 0

-rw-rw-r--. 1 root root 0 Dec 6 13:34 file1

Full permissions

[root@zmpt01 ~]# chmod ugo+rwx file1

[root@zmpt01 ~]# ls -l

total 0

-rwxrwxrwx. 1 root root 0 Dec 6 13:34 file1

Informational

[root@zmpt01 ~]# ls -l

total 0

d---------. 2 root root 6 Dec 6 14:09 dir1

-rwxrwxrwx. 1 root root 0 Dec 6 13:34 file1

Look at the permissions you can only see the user and groups, other are not listed

User – Yellow

Group - Orange

Directory Permissions

drwxr-xr-x. 2 root root 6 Dec 6 14:09 dir1

very first ‘d’ is not part of permission – it indicates directory

User – u			Group – g			Other – o
Read	Write	Execute	Read	Write	Execute	Read	Write	Execute
r	w	x	r	w	x	r	w	x
4	2	1	4	2	1	4	2	1

Read = 4

Write = 2

Execute = 1

Read = read the files in the directory

Write = creating new files in the directory

Execute = going inside the directory

Number value of permission for file1

drwxr-xr-x. 2 root root 6 Dec 6 14:09 dir1

User	Group	Others
rwx	r- x	r- x
7	5	5

So the final permission number for dir1 is 755

755 is also default permission for file in Linux System

[root@zmpt01 ~]# mkdir /userdir

Remove all access to directory

drwxr-xr-x. 2 root root 6 Dec 6 14:25 /userdir

[root@zmpt01 ~]# chmod 000 /userdir

[root@zmpt01 ~]# ls -ld /userdir/

d---------. 2 root root 6 Dec 6 14:25 /userdir/

regardless of permissions set, root user has unrestricted permisions

[terminator@zmpt01 ~]$ cd /userdir/

-bash: cd: /userdir/: Permission denied

--------x = 001 = o+x

Grant execute permissions only to others

[root@zmpt01 ~]# chmod o+x /userdir/

[root@zmpt01 ~]# ls -ld /userdir/

d--------x. 2 root root 6 Dec 6 14:25 /userdir/

[terminator@zmpt01 ~]$ cd /userdir/

[terminator@zmpt01 userdir]$ pwd

/userdir

UMASK

total 0

drwxr-xr-x. 2 root root 6 Dec 6 14:59 dir2 #< ---755 is the default Directory permission

-rw-r--r--. 1 root root 0 Dec 6 14:59 file2 #< ---644 is the default File permission

This is set by default umask

By default system provides 644 permissions to file

By default system provides 755 permissions to directory

[root@zmpt01 ~]# umask

0022

Symbolic	Users	Group	Others
0	0	2	2

File permission

File permission are based on 666

	Users	Group	Others	Default
System provided permissions	6	6	6	666
Umask – removes the permission	0	2	2	022
Final defualt permissions	6	4	4	644

Directory permission

Directory permission are on 777

	Users	Group	Others	Default
System provided permissions	7	7	7	777
Umask – removes the permission	0	2	2	022
Final defualt permissions	7	5	5	755

Lets set umask to 0000

[root@zmpt01 ~]# umask 0000

[root@zmpt01 ~]# umask

0000

Note: system goes back to default umask when the system reboots

[root@zmpt01 ~]# touch file3

[root@zmpt01 ~]# ls –l

-rw-rw-rw-. 1 root root 0 Dec 6 15:11 file3

Permission is 666

[root@zmpt01 ~]# mkdir dir3

[root@zmpt01 ~]# ls –l

drwxrwxrwx. 2 root root 6 Dec 6 15:12 dir3

permission is 777

Group permissions

Linux groups is a mechanism to manage a large collection of users and mange their permissions. All linux users have a User ID (UID) as well as Group ID (GID) by default

[root@zmpt01 ~]# id terminator

uid=1000(terminator) gid=1000(terminator) groups=1000(terminator),10(wheel)

UID – User Id

GID – user primary group

Group User is part of

uid=1000(terminator)

gid=1000(terminator)

groups=1000(terminator),

10(wheel)

Create new group

[root@zmpt01 ~]# groupadd -g 9000 machine

Command	Primary group	GID	Group Name
groupadd	-g	9000	machine

Add user to the group

[root@zmpt01 ~]# usermod -aG machine terminator

Command

-a Add

-G secondary groug

GID/ name

UID/ name

usermod

-aG

Machine

terminator

[root@zmpt01 ~]# usermod -g 9000 terminator < ---Set primary group using -g

[root@zmpt01 ~]# id terminator

uid=1000(terminator) gid=9000(machine) groups=9000(machine),10(wheel)

[root@zmpt01 ~]# id terminator

uid=1000(terminator) gid=1000(terminator) groups=1000(terminator),10(wheel),9000(machine)

UID – User Id

GID – user primary group

Group User is part of

uid=1000(terminator)

gid=1000(terminator)

groups=1000(terminator),

10(wheel)

9000(machine)

Assign folder permisions

Create folder

[root@zmpt01 ~]# mkdir /assignment

[root@zmpt01 ~]# ls -ld /assignment/

drwxr-xr-x. 2 root root 6 Dec 6 15:31 /assignment/

Terminator is unable to create file1 in /assignment

[terminator@zmpt01 assignment]$ touch file1

touch: cannot touch ‘file1’: Permission denied

Change the group ownership to machine

[root@zmpt01 ~]# chgrp 9000 /assignment/

[root@zmpt01 ~]# ls -ld /assignment/

drwxr-xr-x. 2 root machine 6 Dec 6 15:31 /assignment/ #< ---Machine is group owner of /assignment

Command	GID	Folder
Chgrp	9000	/assignment

[root@zmpt01 ~]# chown :machine /assignment/ #< --- another way of changing group owner of /assignment

[root@zmpt01 ~]# ls -ld /assignment/

Change the group permissions

[root@zmpt01 ~]# chmod 775 /assignment/

[root@zmpt01 ~]# ls -ld /assignment/

drwxrwxr-x. 2 root machine 6 Dec 6 15:31 /assignment/ #< ---Machine group has rwx permissions

[terminator@zmpt01 assignment]$ touch file1

[terminator@zmpt01 assignment]$ ls -l

total 0

-rw-rw-r--. 1 terminator terminator 0 Dec 6 15:38 file1

Remove user from the group

[root@zmpt01 ~]# gpasswd -d terminator wheel

Removing user terminator from group wheel

Command	Delete	User id	Group id
Gpasswd	-d	Terminator	Wheel

[root@zmpt01 ~]# id terminator

uid=1000(terminator) gid=9000(machine) groups=9000(machine)

[terminator@zmpt01 ~]$ sudo su -

[sudo] password for terminator:

terminator is not in the sudoers file. This incident will be reported.

12-12-2020

https://youtu.be/gCipZh-NsSs

Set Group ID

SGID: all the files that are created in a directory with SGID set belongs to the group to with the directory belongs. Not the group user belong.

- Special permission set for directories

- When ever the user creates a file and direcories insde the SGID configure folder, it will inherit the Group Ownership of the SGID directory

- The group ownership is not rectro active.

[root@zmpt01 ~]# ls -ld /DATA/

drwxr-xrwx. 2 root humans 6 Dec 12 14:21 /DATA/

[terminator@zmpt01 DATA]$ ls -l

total 0

-rw-r--r--. 1 terminator machine 0 Dec 12 14:22 file1

[root@zmpt01 ~]# chmod g+s /DATA/ #< --- set the SGID

[root@zmpt01 ~]# ls -ld /DATA/

drwxr-srwx. 2 root humans 19 Dec 12 14:22 /DATA/ #< --- ‘s’ is indication the SGID is on folder /DATA

[terminator@zmpt01 DATA]$ touch file2

[terminator@zmpt01 DATA]$ ls –l

-rw-r--r--. 1 terminator humans 0 Dec 12 14:26 file2

[spiderman@zmpt01 DATA]$ ls –l

-rw-rw-r--. 1 spiderman humans 0 Dec 12 14:38 file4

[root@zmpt01 ~]# chmod g-x /DATA/

[root@zmpt01 ~]# ls -ld /DATA/

drwxr-Srwx. 2 root humans 97 Dec 12 15:07 /DATA/ #< --- ‘S’ upper case S without group execute permission

Set UID - SUID

SUID: the command inherits the owners execute permissions

- SUID is used for the files for the execution purpose

- It inherits the owners/root execute permission

- Regular user does not have permissions

- But still can update the file when executing the command

[root@zmpt01 ~]# ls -l /usr/bin/passwd

-rwsr-xr-x. 1 root root 27856 Aug 8 2019 /usr/bin/passwd #< --Typical example for user running with root permission

Generally passwd command is allowed for regular user, but this command is editing /etc/shadow file

[root@zmpt01 ~]# ls -l /etc/shadow

----------. 1 root root 979 Dec 12 15:28 /etc/shadow #< ---Looking at the permission, no one has write permissions

[terminator@zmpt01 ~]$ passwd

Changing password for user terminator.

Changing password for terminator.

(current) UNIX password:

New password:

Retype new password:

passwd: all authentication tokens updated successfully.

[root@zmpt01 ~]# ls -l /etc/shadow

----------. 1 root root 979 Dec 12 15:43 /etc/shadow #< --- file got update even though Terminator does not have any perm

[root@zmpt01 ~]# ls -l /usr/bin/passwd

-rwsr-xr-x. 1 root root 27856 Aug 8 2019 /usr/bin/passwd

[root@zmpt01 ~]# chmod u-s /usr/bin/passwd

[root@zmpt01 ~]# ls -l /usr/bin/passwd

-rwxr-xr-x. 1 root root 27856 Aug 8 2019 /usr/bin/passwd

User is unable to change the password

[terminator@zmpt01 ~]$ passwd

Changing password for user terminator.

Changing password for terminator.

(current) UNIX password:

New password:

Retype new password:

passwd: Authentication token manipulation error

[root@zmpt01 ~]# chmod u+s /usr/bin/passwd

User is able change the password now

[terminator@zmpt01 ~]$ passwd

Changing password for user terminator.

Changing password for terminator.

(current) UNIX password:

New password:

Retype new password:

passwd: all authentication tokens updated successfully.

[root@zmpt01 ~]# ls -l /usr/bin/sudo

---s--x--x. 1 root root 147320 Aug 8 2019 /usr/bin/sudo

[root@zmpt01 ~]# chmod u-s /usr/bin/sudo

[root@zmpt01 ~]# ls -l /usr/bin/sudo

---x--x--x. 1 root root 147320 Aug 8 2019 /usr/bin/sudo

[root@zmpt01 ~]# id terminator

uid=1000(terminator) gid=9000(machine) groups=9000(machine)

[root@zmpt01 ~]# usermod -aG wheel terminator

[root@zmpt01 ~]# id terminator

uid=1000(terminator) gid=9000(machine) groups=9000(machine),10(wheel)

[terminator@zmpt01 ~]$ sudo su -

sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

[root@zmpt01 ~]# chmod u+s /usr/bin/sudo

[terminator@zmpt01 ~]$ sudo su -

[sudo] password for terminator:

Last login: Sat Dec 12 16:05:56 EST 2020 on pts/1

12-13-2020

https://youtu.be/A7uNJFZhTro

Sticky Bit

Sticky Bit – it is a delete protection, if you are not root or owner of the file you cannot delete a file. This is folder level permission

[root@zmpt01 ~]# ls -ld /tmp

drwxrwxrwt. 8 root root 172 Dec 13 03:19 /tmp

by default /tmp folder is set with stick bit permissions

[root@zmpt01 ~]# mkdir /DATA1

[root@zmpt01 ~]# chmod 777 /DATA1/

[terminator@zmpt01 DATA1]$ touch file1

[terminator@zmpt01 DATA1]$ ls -l

total 0

-rw-r--r--. 1 terminator machine 0 Dec 13 13:45 file1

[spiderman@zmpt01 DATA1]$ rm file1

rm: remove write-protected regular empty file ‘file1’? y #< ---Spiderman successfully detelet the file

[spiderman@zmpt01 DATA1]$ ls -l

total 0

Assign sticky bit to /DATA1

[root@zmpt01 ~]# chmod o+t /DATA1/

[root@zmpt01 ~]# ls -ld /DATA1/

drwxrwxrwt. 2 root root 6 Dec 13 13:45 /DATA1/ < -- now the folder protech with sticky bit

[terminator@zmpt01 DATA1]$ touch file1

[terminator@zmpt01 DATA1]$ touch file2

[terminator@zmpt01 DATA1]$ touch file3

[spiderman@zmpt01 DATA1]$ rm file1

rm: remove write-protected regular empty file ‘file1’? y

rm: cannot remove ‘file1’: Operation not permitted

FACL – File Access Control List

[root@zmpt01 ~]# mkdir /BANK

[root@zmpt01 ~]# ls -ld /BANK/

drwxr-xr-x. 2 root root 6 Dec 13 13:54 /BANK/

[root@zmpt01 ~]# getfacl /BANK/

getfacl: Removing leading '/' from absolute path names

# file: BANK/

# owner: root

# group: root

user::rwx

group::r-x

other::r-x

[terminator@zmpt01 DATA1]$ cd /BANK/

[terminator@zmpt01 BANK]$ ls -l

total 0

[terminator@zmpt01 BANK]$ touch file1

touch: cannot touch ‘file1’: Permission denied #< --- expected denial for other users

Grant permission to specific user on folder

[root@zmpt01 ~]# setfacl -m u:terminator:rwx /BANK/

[root@zmpt01 ~]# getfacl /BANK/

getfacl: Removing leading '/' from absolute path names

# file: BANK/

# owner: root

# group: root

user::rwx

user:terminator:rwx

group::r-x

mask::rwx

other::r-x

[root@zmpt01 ~]# ls -ld /BANK/

drwxrwxr-x+ 2 root root 19 Dec 13 14:00 /BANK/ #< --- + is indication of FACL

[terminator@zmpt01 BANK]$ touch file1

[terminator@zmpt01 BANK]$ ls -l

total 0

-rw-r--r--. 1 terminator machine 0 Dec 13 14:00 file1

Grant permission on individual file

[terminator@zmpt01 BANK]$ setfacl -m u:spiderman:rwx file1

[terminator@zmpt01 BANK]$ getfacl file1

# file: file1

# owner: terminator

# group: machine

user::rw-

user:spiderman:rwx

group::r--

mask::rwx

other::r--

[terminator@zmpt01 BANK]$ ls -l

total 0

-rw-rwxr--+ 1 terminator machine 0 Dec 13 14:00 file1

[spiderman@zmpt01 BANK]$ cat file1

this is file1 content

[spiderman@zmpt01 BANK]$ vi file1 #< ---user spiderman is able read and write to the file

Permissions

Identity
User	u
Group	g
Other	o
All	a

Permission
Read	r	4
Write	w	2
Execute	x	1

Actions
+	Add permission
‘-‘	Remove permission
=	Make it only permission

Examples

Permission	Information
g+w	adds write access for the group
o-rwx	removes all permissions for others
u+x	allows the file owner to execute the file
a+rw	allows everyone to read and write to the file
ug+r	allows the owner and group to read the file
g=rx	allows only the group to read and execute (not write
g+w	adds write access for the group
g=rx	allows only the group to read and execute (not write)

Permission	Numerical	Information
-rw-------	600	Only the owner has read and write permissions.
-rw-r--r--	644	Only the owner has read and write permissions; the group and others have read only. DEFAULT
-rwx------	700	Only the owner has read, write, and execute permissions.
-rwxr-xr-x	755	The owner has read, write, and execute permissions; the group and others have only read and execute.
-rwx--x--x	711	The owner has read, write, and execute permissions; the group and others have only execute.
-rw-rw-rw-	666	Everyone can read and write to the file. (Be careful with these permissions.)
-rwxrwxrwx	777	Everyone can read, write, and execute. (Again, this permissions setting can be hazardous.)

Chmod

[root@zmpt01 ~]# ls -l

total 0

----------. 1 root root 0 Oct 11 12:17 file1

[root@zmpt01 ~]# chmod o+w file1

[root@zmpt01 ~]# ls -l

total 0

--------w-. 1 root root 0 Oct 11 12:17 file1

[root@zmpt01 ~]# chmod a+r file1

[root@zmpt01 ~]# ls -l

total 0

-r--r--rw-. 1 root root 0 Oct 11 12:17 file1

[root@zmpt01 ~]# chmod a+rwx file1

[root@zmpt01 ~]# ls -l

total 0

-rwxrwxrwx. 1 root root 0 Oct 11 12:17 file1

[root@zmpt01 ~]# chmod a-x file1

[root@zmpt01 ~]# ls -l

total 0

-rw-rw-rw-. 1 root root 0 Oct 11 12:17 file1

[root@zmpt01 ~]# chmod a-rwx file1

[root@zmpt01 ~]# ls -l

total 0

----------. 1 root root 0 Oct 11 12:17 file1

[root@zmpt01 ~]# chmod 002 file1

[root@zmpt01 ~]# ls -l

total 0

--------w-. 1 root root 0 Oct 11 12:17 file1

[root@zmpt01 ~]# chmod 446 file1

[root@zmpt01 ~]# ls -l

total 0

-r--r--rw-. 1 root root 0 Oct 11 12:17 file1

[root@zmpt01 ~]# chmod 777 file1

[root@zmpt01 ~]# ls -l

total 0

-rwxrwxrwx. 1 root root 0 Oct 11 12:17 file1

[root@zmpt01 ~]# chmod 666 file1

[root@zmpt01 ~]# ls -l

total 0

-rw-rw-rw-. 1 root root 0 Oct 11 12:17 file1

[root@zmpt01 ~]# chmod 000 file1

[root@zmpt01 ~]# ls -l

total 0

----------. 1 root root 0 Oct 11 12:17 file1

Chage

[root@zmpt01 ~]# chage -l terminator

Last password change : Dec 12, 2020

Password expires : never

Password inactive : never

Account expires : never

Minimum number of days between password change : 0

Maximum number of days between password change : 99999

Number of days of warning before password expires : 7

Last password change : Dec 12, 2020	Date of the password was changed
Password expires : never	Password expirartion date
Password inactive : never	Password inactive date
Account expires : never	Id expiration date
Minimum number of days between password change : 0	When will next password be force to change
Maximum number of days between password change : 99999	Maximum days between the next password change
Number of days of warning before password expires : 7	Warning period

Default setting for the pasword age

PASS_MAX_DAYS 99999

PASS_MIN_DAYS 0

PASS_MIN_LEN 5

PASS_WARN_AGE 7

[root@zmpt01 ~]# vi /etc/login.defs

PASS_MAX_DAYS 60

PASS_MIN_DAYS 0

PASS_MIN_LEN 5

PASS_WARN_AGE 7

[root@zmpt01 ~]# useradd ironman

[root@zmpt01 ~]# chage -l ironman

Last password change : Dec 13, 2020

Password expires : Feb 11, 2021

Password inactive : never

Account expires : never

Minimum number of days between password change : 0

Maximum number of days between password change : 60

Number of days of warning before password expires : 7

Set passwordl to never expire

[root@zmpt01 ~]# chage -m 0 -M 99999 -I -1 -E -1 ironman

[root@zmpt01 ~]# chage -l ironman

Last password change : Dec 13, 2020

Password expires : never

Password inactive : never

Account expires : never

Minimum number of days between password change : 0

Maximum number of days between password change : 99999

Number of days of warning before password expires : 7

Chown- change ownership

Chown is to change/assign ownership of the files and folders to users and groups

[root@zmpt01 ~]# mkdir /DATA2

drwxr-xr-x. 2 root root 6 Dec 13 15:14 /DATA2/

Change the file ownership

[root@zmpt01 DATA2]# touch file1

[root@zmpt01 DATA2]# ls -l file1

-rw-r--r--. 1 root root 0 Dec 13 15:15 file1

[root@zmpt01 DATA2]# chown terminator file1

[root@zmpt01 DATA2]# ls -l file1

-rw-r--r--. 1 terminator root 0 Dec 13 15:15 file1

Change the gorup ownership

[root@zmpt01 DATA2]# chown :machine file1

[root@zmpt01 DATA2]# ls -l file1

-rw-r--r--. 1 terminator machine 0 Dec 13 15:15 file1

Change user and group ownership

[root@zmpt01 DATA2]# chown spiderman:superhero file1

[root@zmpt01 DATA2]# ls -l file1

-rw-r--r--. 1 spiderman superhero 0 Dec 13 15:15 file1

Change the user ownership of Folder

[root@zmpt01 ~]# chown spiderman /DATA2/

[root@zmpt01 ~]# ls -ld /DATA2/

drwxr-xr-x. 2 spiderman root 19 Dec 13 15:15 /DATA2/

Chgrp – change group

Chgrp – allow to change group only

[root@zmpt01 DATA2]# ls -l file1

-rw-r--r--. 1 spiderman machine 0 Dec 13 15:15 file1

Change group ownerhsip of folder

[root@zmpt01 ~]# chgrp machine /DATA2/

[root@zmpt01 ~]# ls -ld /DATA2/

drwxr-xr-x. 2 spiderman machine 19 Dec 13 15:15 /DATA2/

12-13-2020

https://youtu.be/A7uNJFZhTro

Network

A Network is a collection of computers, servers, network devices, peripherals or any other device connected to one another to allow the sharing of data. Example is Internet

Basic requirement

- NIC, Media, Topology, Protocol, IP Address

NIC

- Hardware/ MAC address: 08:00:27:bd:99:25 # < ---burnt into the hard ware and you cannot change it

- IP Address IPv4: 192.168.137.236

- IP Address IPv6: fe80::a00:27ff:febd:9925

Media

- Cables

- RJ45 –

- CAT5 or CAT6 etheret calbes

- WiFI

- HotSpots

Topology

Ring

Network Topology: 6 Network Topologies Explained [Including Diagrams]

Bus

Star

Mesh

Tree

Network topology definition | topologies advantages and disadvantages

- You have a network

- Each router you add becomes subnet

- Max of 256 devices

- 2^8 = 2x2x2x2x2x2x2x2

Protocol

In computer world, Protocol is set of rules or procedures for transmitting data between electronic devices such as computers.

OSI Layers

OSI – Open Standard interconnection – 7 layer model

- Physcial layer – Hardware

- Data layer – Data Being generated

- Network layer – working network – switches, router etc

- Transport layer – communication is being done using serveral methods

- Session layer – session established between two hosts

- Presentation layer – data is presented to application

- Application layer – exam ms office

TCP – Transport Control Protocol

- Connection protocol

- DATA, Network, Transport, Application – DNTA

- Connection oriented protocol

- TCP protocol makes 3way hanshake connection

TCP makes a 3way Handshake connection established

what is TCP Half Open Connection and TCP half closed connection ...

Establishing Connection

- A to B – Syncronization signal is sent

- B to A – Syncronization signal and Acknowledgement signal

- A to B – Acknowledgement

- Connection is established and DATA is transferred

- Sync – Sync Ack – Ack

TCP connection Termininaiton

Zeltser, et al., 2005): Closing TCP connection | Download ...

Closing the connection

- A to B – Fisinshed – complete connection

- B to A – Acknowledge to Finish connection

- B to A – Send the Finsh signal

- A to B - Acknowledge the final signal

- Fin - Fin Ack – Ack

2^16 = 65536 ports

Exmaple

SSH connection is using TCP protocol and is connection oriented

[root@localhost ~]# netstat -anp | grep -w 22

tcp 0 0 192.168.137.20:22

UDP

UDP – User Datagram Protocol

- Connection less protocol

- Just sends the Data to the host without confirmation

- Connection is faster

Two types of UDP
Boradcast	Multicast

Signal is sent on network without confirmation	Singal is sent only the host which are part of group without confirmation

Differences between TCP and UDP

TCP	UDP
Connection oriented	Connection less
Reliable	Unreliable
Slow	Fast
SSH, HTTP, FTP, SMTP	DNS, DHCP, Broadcast

12-19-2020

https://youtu.be/NfzvBHVBD0M

IP Address

An Internet Protocol address is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. An IP address serves two main functions: host or network interface identification and location addressing.

192.168.56.108

Computers work on Binary system – it can only recognize two digits – base 2

Zero = 0 = off

One = 1 = on

To 1, or To 0: Translating Binary in Fiction - A Writer's Journey

IP address is based on 32 binary bits structure – 2^8 octects

Information is written in Binary

192	168	56	108
8 bits	8 bits	8 bits	8 bit

Total = 32

2^7 = 1

1 bit 2^0

4 bit = nibble = 2^2

8 bit = octet = 1 byte = 2^3

2^0 = 1

2^1 = 2

2^2 = 4

2^3 = 8 = 1 Byte

8	7	6	5	4	3	2	1
7	6	5	4	3	2	1	0
2^7	2^6	2^5	2^4	2^3	2^2	2^1	2^0
128	64	32	16	8	4	2	1

192.168.56.108

192 – 11000000 #< --- right to left

8	7	6	5	4	3	2	1
7	6	5	4	3	2	1	0
2^7	2^6	2^5	2^4	2^3	2^2	2^1	2^0
128	64	32	16	8	4	2	1
192 -128	64 - 64	0 - 32	0 - 16	0 - 8	0 - 8	0 - 2	0 - 1
1	1	0	0	0	0	0	0

168 - 10101000

8	7	6	5	4	3	2	1
7	6	5	4	3	2	1	0
2^7	2^6	2^5	2^4	2^3	2^2	2^1	2^0
128	64	32	16	8	4	2	1
168 -128	40 - 64	40 - 32	8-16	8-8	0-4	0-2	0-1
1	0	1	0	1	0	0	0

56 – 00111000

8	7	6	5	4	3	2	1
7	6	5	4	3	2	1	0
2^7	2^6	2^5	2^4	2^3	2^2	2^1	2^0
128	64	32	16	8	4	2	1
56 -128	56-64	56-32	24-16	8-8	0-4	0-2	0-1
0	0	1	1	1	0	0	0

108 – 01101100

8	7	6	5	4	3	2	1
7	6	5	4	3	2	1	0
2^7	2^6	2^5	2^4	2^3	2^2	2^1	2^0
128	64	32	16	8	4	2	1
108-128	108-64	44-32	12-16	12-8	4-4	0-2	0-1
0	1	1	0	1	1	0	0

192.168.56.108 = 11000000101010000011100001101100

Numbers are from right to left

9-0

Arabic numbers

Gateway

router	switch

- Router gives out IP address to each connected devices

- Total maximu of 256 IP addresses are available

- 2^8 = 256

- Each router added becomes a subnet (network in its self)

- 1 IP is reserverd for router itself

- This reserved IP is entry point for the network to communicate with other networks

- Reserved ip is referred to as default gateway

- [root@zmpt01 ~]# netstat -rn

- Kernel IP routing table

- Destination Gateway Genmask Flags MSS Window irtt Iface

- 0.0.0.0 10.0.2.1 0.0.0.0 UG 0 0 0 enp0s9

Ports – connection on with a application is connected to another device

65,536 – ports on OS

Linux or Windows

Commonly used ports

Port Number	Usage
20	File Transfer Protocol (FTP) Data Transfer
21	File Transfer Protocol (FTP) Command Control
22	Secure Shell (SSH)
23	Telnet - Remote login service, unencrypted text messages
25	Simple Mail Transfer Protocol (SMTP) E-mail Routing
53	Domain Name System (DNS) service
80	Hypertext Transfer Protocol (HTTP) used in World Wide Web
110	Post Office Protocol (POP3) used by e-mail clients to retrieve e-mail from a server
119	Network News Transfer Protocol (NNTP)
123	Network Time Protocol (NTP)
143	Internet Message Access Protocol (IMAP) Management of Digital Mail
161	Simple Network Management Protocol (SNMP)
194	Internet Relay Chat (IRC)
443	HTTP Secure (HTTPS) HTTP over TLS/SSL

IP Address Classess

192.168.56.108

- There are 4 subnets information in each ip address

- 192.168.56.108

192

168

108

- 2^8 = 256 = each subnet

256	256	256	256
0	0	0	0

256x256x256x256	4,294,967,296	Maximum for IPv4
0x0x0x0	0	2^32

- 0.0.0.1 =

- My Public IPv6 is: 2607:fb90:a345:19f9:c171:a28e:9a34:571f

- IPv6 capacity = 340,282,366,920,938,463,463,374,607,431,768,211,456

CIDR notation explained: CIDR format,CIDR table and examples - IONOS

01-09-2021

https://youtu.be/vhx7s3psguU

DNS

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

888-236-2620	ZM PROTech
IP address	Hostname [Server Name]

DNS Primary Server Setup

Primary DNS Server

Hostname: dnsprimary.zmpt.com

IP: 192.168.56.112

dnsprimary.zmpt.com

dnssecondary.zmpt.com

Setup Hostname

[root@localhost ~]# vi /etc/hostname

dnsprimary.zmpt.com

[root@localhost ~]# init 6

[root@dnsprimary ~]# hostname

dnsprimary.zmpt.com

dnsprimary.zmpt.com 192.168.56.112

[root@dnsprimary network-scripts]# vi /etc/sysconfig/network-scripts/ifcfg-enp0s3

[root@dnsprimary network-scripts]# vi ifcfg-enp0s3

TYPE=Ethernet

BOOTPROTO=static

NAME=enp0s3

UUID=b0b60c28-849b-4dde-b3a1-8fa1dbd1cedc

DEVICE=enp0s3

ONBOOT=yes

IPADDR=192.168.56.112

NETMASK=255.255.255.0

[root@dnsprimary ~]# init 6

Package needed by DNS

Bind

Bind-utils

Bind-chroot

Berkley Internet Name Domain – USC Berkeley, CA

[root@dnsprimary ~]# yum install bind bind-utils bind-chroot -y

[root@dnsprimary ~]# vi /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=dnsprimary.zmpt.com

[root@dnsprimary ~]# vi /etc/hosts

192.168.56.112 dnsprimary.zmpt.com

[root@dnsprimary ~]# vi /etc/named.conf

options {

listen-on port 53 { 127.0.0.1; 192.168.56.112;};

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

recursing-file "/var/named/data/named.recursing";

secroots-file "/var/named/data/named.secroots";

allow-query { localhost; 192.168.56.0/24;};

Create forward lookup

[root@dnsprimary ~]# cd /var/named/

[root@dnsprimary named]# ls

chroot dynamic named.empty named.loopback

data named.ca named.localhost slaves

[root@dnsprimary named]# cp named.localhost forward.zmpt

[root@dnsprimary named]# vi forward.zmpt

$TTL 1D

@ IN SOA dnsprimary.zmpt.com. root.zmpt.com. (

1 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ; minimum

)

@ IN NS dnsprimary.zmpt.com.

dnsprimary IN A 192.168.56.112

Create Reverse lookup

[root@dnsprimary named]# cp forward.zmpt reverse.zmpt

[root@dnsprimary named]# vi reverse.zmpt

$TTL 1D

@ IN SOA dnsprimary.zmpt.com. root.zmpt.com. (

1 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ; minimum

)

@ IN NS dnsprimary.zmpt.com.

dnsprimary IN A 192.168.56.112

112 IN PTR dnsprimary.zmpt.com.

Edit named.conf file again

[root@dnsprimary ~]# vi /etc/named.conf

Copy these lines and paste at the end of file

zone "." IN {

type hint;

file "named.ca";

};

#######################

zone "zmpt.com" IN {

type master;

file "forward.zmpt";

};

zone "56.168.192.in-addr.arpa" IN {

type master;

file "reverse.zmpt";

};

#######################

Disable firewall

[root@dnsprimary ~]# systemctl stop firewalld

[root@dnsprimary ~]# systemctl disable firewalld

Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.

Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

[root@dnsprimary ~]# systemctl status firewalld

Enable named

[root@dnsprimary ~]# systemctl start named

[root@dnsprimary ~]# systemctl enable named.service

Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

[root@dnsprimary named]# ps -ef|grep named < ---to confirm named service is running

named 2067 1 0 Aug22 ? 00:00:00 /usr/sbin/named -u named -c /etc/named.conf

root 14757 1514 0 08:20 pts/0 00:00:00 grep --color=auto named

Change the group and ownership

[root@dnsprimary ~]# cat /etc/passwd

[root@dnsprimary ~]# cat /etc/group

[root@dnsprimary ~]# chgrp named -R /var/named

[root@dnsprimary ~]# chown -Rv root:named /etc/named.conf

-R – recursively, meaning previously created files or folder

-v – Verbose, meaning display as the change is being made

SELinux

[root@dnsprimary named]# restorecon -rv /var/named

[root@dnsprimary named]# restorecon /etc/named.conf

Check forward and reverse lookup zones

[root@dnsprimary named]# named-checkzone zmpt.com /var/named/forward.zmpt

zone zmpt.com/IN: loaded serial 0

[root@dnsprimary named]# named-checkzone zmpt.com /var/named/reverse.zmpt

zone zmpt.com/IN: loaded serial 0

Make entry into Ethernet file

[root@dnsprimary network-scripts]# vi ifcfg-enp0s3

TYPE=Ethernet

BOOTPROTO=static

NAME=enp0s3

UUID=7af95a73-a7bf-4925-8e44-1c4e2219d314

DEVICE=enp0s3

ONBOOT=yes

IPADDR=192.168.56.112

NETMASK=255.255.255.0

DNS="192.168.56.112" #< ---NEW ENTRY

Edit resolve.conf file < ---what is DNS resolution file?

[root@dnsprimary ~]# vi /etc/resolv.conf

search mshome.net zmpt.com

nameserver 192.168.137.1 192.168.56.112

Test the DNS Primary

Dig stands for (Domain Information Groper) is a network administration command-line tool for querying Domain Name System (DNS) name servers.

[root@dnsprimary ~]# hostname

dnsprimary.zmpt.com

[root@dnsprimary ~]# dig dnsprimary.zmpt.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> dnsprimary.zmpt.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56635

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dnsprimary.zmpt.com. IN A

;; Query time: 0 msec

;; SERVER: 192.168.56.112#53(192.168.56.112)

;; WHEN: Sat Jan 09 15:32:33 EST 2021

;; MSG SIZE rcvd: 48

Configure DNS Secondary

Primary DNS Server

Hostname: dnsprimary.zmpt.com

IP: 192.168.56.114

Install the required DNS package

[root@localhost ~]# yum install bind bind-utils -y

Disable the NAT after installation

Setup Hostname

[root@localhost ~]# vi /etc/hostname

dnssecondary.zmpt.com

Set the static IP

[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-enp0s3

TYPE=Ethernet

BOOTPROTO=static

NAME=enp0s3

DEVICE=enp0s3

ONBOOT=yes

IPADDR=192.168.56.114

NETMASK=255.255.255.0

Edit Network file

[root@dnssecondary ~]# vi /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=dnssecondary.zmpt.com

Edit hosts file

[root@dnssecondary ~]# vi /etc/hosts

192.168.56.114 dnssecondary.zmpt.com #< --TAB between ip and hostname

Reboot

192.168.56.200 dnssecondary.zmpt.com

[root@localhost ~]# init 6

Add information to named.conf

[root@localhost ~]# vi /etc/named.conf

options {

listen-on port 53 { 127.0.0.1; 192.168.56.114;};

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

recursing-file "/var/named/data/named.recursing";

secroots-file "/var/named/data/named.secroots";

allow-query { localhost; 192.168.56.0/24;};

#######################

zone "zmpt.com" IN {

type slave;

file "slaves/forward.zmpt";

masters{192.168.56.112;};

};

zone "56.168.192.in-addr.arpa" IN {

type slave;

file "slaves/reverse.zmpt";

masters{192.168.56.112;};

};

#######################

Start and enable named service

[root@dnssecondary ~]# systemctl start named

[root@dnssecondary ~]# systemctl enable named

Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

configure the Ethernet file again

TYPE=Ethernet

BOOTPROTO=static

NAME=enp0s3

DEVICE=enp0s3

ONBOOT=yes

IPADDR=192.168.56.200

NETMASK=255.255.255.0

DNS1="192.168.56.112"

DNS2="192.168.56.114"

Up the DNS resolution file

[root@dnssecondary ~]# vi /etc/resolv.conf

search zmpt.com

nameserver 192.168.56.112

nameserver 192.168.56.114

Disable firewall

[root@dnssecondary ~]# systemctl stop firewalld

[root@dnssecondary ~]# systemctl disable firewalld

Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.

Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

Configure the permissions and ownership

[root@dnsprimary ~]# cat /etc/passwd

[root@dnsprimary ~]# cat /etc/group

[root@dnsprimary ~]# chgrp named -R /var/named

[root@dnsprimary ~]# chown -Rv root:named /etc/named.conf

-R – recursively, meaning previously created files or folder

-v – Verbose, meaning display as the change is being made

SELinux

[root@dnssecondary ~]# restorecon -rv /var/named/

[root@dnssecondary ~]# restorecon /etc/named.conf

ON DNS Primary

Edit forward lookup zone

- [root@dnsprimary ~]# vi /var/named/forward.zmpt

$TTL 1D

@ IN SOA dnsprimary.zmpt.com. root.zmpt.com. (

1 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ; minimum

)

@ IN NS dnsprimary.zmpt.com.

dnsprimary IN A 192.168.56.112

dnssecondary IN A 192.168.56.114

Edit reverse lookup zone

$TTL 1D

@ IN SOA dnsprimary.zmpt.com. root.zmpt.com. (

1 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ; minimum

)

@ IN NS dnsprimary.zmpt.com.

dnsprimary IN A 192.168.56.112

dnssecondary IN A 192.168.56.114

100 IN PTR dnsprimary.zmpt.com.

200 IN PTR dnssecondary.zmpt.com.

Perform Dig and nslookup on both servers

[root@dnsprimary ~]# dig dnsprimary.zmpt.com

[root@dnsprimary ~]# dig dnssecondary.zmpt.com

[root@dnsprimary ~]# nslookup dnsprimary.zmpt.com

[root@dnsprimary ~]# nslookup dnssecondary.zmpt.com

[root@dnsprimary ~]# systemctl restart named

[root@dnssecondary ~]# dig dnsprimary.zmpt.com

[root@dnssecondary ~]# dig dnssecondary.zmpt.com

[root@dnssecondary ~]# nslookup dnssecondary.zmpt.com

[root@dnssecondary ~]# nslookup dnsprimary.zmpt.com

On the DNS secondary forward.zmpt and reverse.zmpt will get transferred

DNS – Secondary (SLAVE)

dnssecondary.zmpt.com

[root@dnssecondary ~]# cd /var/named/slaves/

[root@dnssecondary slaves]# ls -l

total 8

-rw-r--r--. 1 named named 261 Jan 10 13:48 forward.zmpt #< This file get updated from DNS primary

-rw-r--r--. 1 named named 467 Jan 10 11:07 reverse.zmpt #< This file get updated from DNS primary

01-10-2021

https://youtu.be/gzTJ_T3Ttus

On any other server

Edit the following files

[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-enp0s3

[root@localhost ~]# vi /etc/hostname

[root@localhost ~]# vi /etc/networks

[root@localhost ~]# vi /etc/hosts

[root@localhost ~]# vi /etc/resolv.conf

Set static IP DNS info

[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-enp0s3

TYPE=Ethernet

BOOTPROTO=static

NAME=enp0s3

#UUID=b0b60c28-849b-4dde-b3a1-8fa1dbd1cedc

DEVICE=enp0s3

ONBOOT=yes

IPADDR=192.168.56.116

NETMASK=255.255.255.0

DNS1="192.168.56.112" #< ---Primary DNS

DNS2="192.168.56.114" #< ---Secondary DNS

Set the Hostname

[root@localhost ~]# vi /etc/hostname

ansiblemaster.zmpt.com

Edit Network file

[root@localhost ~]# vi /etc/networks

NETWORKING=yes

HOSTNAME=ansiblemaster.zmpt.com

Edit hosts file

[root@localhost ~]# vi /etc/hosts

192.168.56.150 ansiblemaster.zmpt.com

Edit DNS resolution file

[root@localhost ~]# vi /etc/resolv.conf

servers info search zmpt.com

nameserver 192.168.56.112 #< ---DNS MASTER

nameserver 192.168.56.114 #< ---DNS SLAVE

On DNS Master

Edit forward and Reverse lookup zone

Forward lookup zone

[root@dnsprimary ~]# vi /var/named/forward.zmpt

$TTL 60

@ IN SOA dnsprimary.zmpt.com. root.zmpt.com. (

7 ; serial

60 ; refresh

60 ; retry

604800 ; expire

60 ; minimum

)

@ IN NS dnsprimary.zmpt.com.

dnsprimary IN A 192.168.56.112

dnssecondary IN A 192.168.56.114

ansiblemaster IN A 192.168.56.116

oracle IN A 192.168.56.151

database IN A 192.168.56.152

production IN A 192.168.56.153

Reverse lookup zone

[root@dnsprimary ~]# vi /var/named/reverse.zmpt

$TTL 60

@ IN SOA dnsprimary.zmpt.com. root.zmpt.com. (

7 ; serial

60 ; refresh

60 ; retry

604800 ; expire

60 ; minimum

)

@ IN NS dnsprimary.zmpt.com.

dnsprimary IN A 192.168.56.112

dnssecondary IN A 192.168.56.114

ansiblemaster IN A 192.168.56.116

oracle IN A 192.168.56.151

database IN A 192.168.56.152

production IN A 192.168.56.153

100 IN PTR dnsprimary.zmpt.com.

200 IN PTR dnssecondary.zmpt.com.

150 IN PTR ansiblemaster.zmpt.com.

151 IN PTR oracle.zmpt.com.

152 IN PTR database.zmpt.com.

153 IN PTR production.zmpt.com.

Successfully demonstrated DNS setup and Ansible commands using the Hostname

01-23-2021

https://youtu.be/OY6ODRsp0Sc

SCP – Secure Copy

Used to copy files and folders over the network to another host

[root@client01 ~]# ls

anaconda-ks.cfg lvmscript.scr

[root@client01 ~]# scp lvmscript.scr 192.168.56.120:/tmp

Command	Source file	Destination and directory location
Scp	Lvmscrip.scr	192.168.56.120:/tmp

[root@client01 .ssh]# scp lvmscript.scr 192.168.56.120:/tmp

The authenticity of host '192.168.56.120 (192.168.56.120)' can't be established.

ECDSA key fingerprint is SHA256:e3LN1URGQEPwXaMbDeo+aTYev2cOOWnP3WKmaRG9gRU.

ECDSA key fingerprint is MD5:de:11:30:dd:ef:9e:ae:0a:ab:49:16:29:c9:08:36:8f.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.56.120' (ECDSA) to the list of known hosts.

root@192.168.56.120's password:

Transfering folder

You must make it a .tar file then transfer as single file to preserve Data Integrity

[root@client01 ~]# mkdir transfer

[root@client01 ~]# touch file{1..1000}

[root@client01 ~]# tar -cvf transfer.tar tranfer/

[root@client01 ~]# scp transfer.tar 192.168.56.120:/tmp

You can still transfer folders

[root@client01 ~]# scp -r tranfer 192.168.56.120:/tmp

Untar the file after transfer

[root@client02 tmp]# tar xvf transfer.tar

01-24-2021

https://youtu.be/t8z-na-ZFbI

NFS – NETWORK FILE SYSTEM

Network File System – it is a client/server application that lest a computer user view and store and update files on remote system as though they were on the user’s own computer. The NFS protocol is one of the several distributed files system standards for NAS – Network Attached Storage

Clone a host and name it NFS - Server

Hostname

nfs01.zmpt.com

Install packages

[root@nfs01 ~]# yum install nfs-utils –y

[root@nfs01 ~]# systemctl start nfs-server

[root@nfs01 ~]# systemctl enable nfs-server

Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.

Create share

[root@nfs01 ~]# lsblk

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

sda 8:0 0 16G 0 disk

├─sda1 8:1 0 1G 0 part /boot

└─sda2 8:2 0 15G 0 part

├─centos-root 253:0 0 13.4G 0 lvm /

└─centos-swap 253:1 0 1.6G 0 lvm [SWAP]

sdb 8:16 0 16G 0 disk

sdc 8:32 0 8G 0 disk

├─zmpt1-Accounting 253:2 0 4G 0 lvm /accounting

└─zmpt1-HR 253:4 0 2G 0 lvm /hr

sdd 8:48 0 8G 0 disk

└─zmpt1-Finance 253:3 0 6G 0 lvm /finance

sde 8:64 0 8G 0 disk

└─zmpt1-Recruiting 253:5 0 4G 0 lvm

sr0 11:0 1 1024M 0 rom

[root@nfs01 ~]# pvcreate /dev/sdb

Physical volume "/dev/sdb" successfully created.

[root@nfs01 ~]# vgcreate SHARE-01 /dev/sdb

Volume group "SHARE-01" successfully created

[root@nfs01 ~]# lvcreate -n NFS_SHARE -L 15G SHARE-01

Logical volume "NFS_SHARE" created.

[root@nfs01 ~]# mkfs.xfs /dev/mapper/SHARE--01-NFS_SHARE

[root@nfs01 ~]# lsblk

sdb 8:16 0 16G 0 disk

└─SHARE--01-NFS_SHARE 253:6 0 15G 0 lvm

Mount to the directory

[root@nfs01 ~]# mount /dev/mapper/SHARE--01-NFS_SHARE /SHARED/

Make /etc/fstab entries

/dev/mapper/SHARE--01-NFS_SHARE /SHARED xfs defaults 0 0

Vi /etc/default/nfs-share – create file if not present

Make entry as shown

NEED_IDMAPD=YES

vi /etc/default/idmapd.conf

#type exactly as shown

nfs01.zmpt.com

Change the permissions for the shared folder

[root@nfs01 ~]# chmod 777 /SHARED/

[root@nfs01 ~]# ls -ld /SHARED/

drwxrwxrwx. 2 root root 6 Jan 24 14:26 /SHARED/

Enter vi /etc/exports

#enter the list of servers or client to grant access

/SHARED 192.168.56.117(rw,async)

/SHARED 192.168.56.120(rw,async)

Test

[root@nfs01 ~]# showmount -e

Export list for nfs01.zmpt.com:

[root@nfs01 ~]#

[root@nfs01 ~]# exportfs -a

[root@nfs01 ~]# exportfs –r

[root@nfs01 ~]# showmount -e

Export list for nfs01.zmpt.com:

/SHARED 192.168.56.120,192.168.56.117

Open NFS port in firewall

[root@nfs01 ~]# firewall-cmd --permanent --add-port=2049/tcp

success

[root@nfs01 ~]# firewall-cmd --list-ports

[root@nfs01 ~]# firewall-cmd --reload

success

[root@nfs01 ~]# firewall-cmd --list-ports

2049/tcp

[root@nfs01 ~]# rpcinfo -p | grep nfs

100003 3 tcp 2049 nfs

100003 4 tcp 2049 nfs

100227 3 tcp 2049 nfs_acl

100003 3 udp 2049 nfs

100003 4 udp 2049 nfs

100227 3 udp 2049 nfs_acl

NFS Server is done configuration

Enter these configuration on any other server

You can use anisble to make entires

Install the needed package

[root@ansiblemaster ~]# ansible all -i nfs-clients -m shell -a "yum install nfs-utils -y"

[root@ansiblemaster ~]# ansible all -i nfs-clients -m shell -a "systemctl start nfs-server"

[root@ansiblemaster ~]# ansible all -i nfs-clients -m shell -a "systemctl enable nfs-server"

Make the directory

[root@ansiblemaster ~]# ansible all -i nfs-clients -m shell -a "mkdir /NETWORK_FOLDER"

[root@ansiblemaster ~]# ansible all -i nfs-clients -m shell -a "chmod -R 777 /NETWORK_FOLDER

Mount NFS

[root@ansiblemaster ~]# ansible all -i nfs-clients -m shell -a "mount -t nfs 192.168.56.126:/SHARED /NETWORK_FOLDER"

[root@ansiblemaster ~]# ansible all -i nfs-clients -m shell -a "df -h"

Make entry for /etc/fstab

[root@ansiblemaster ~]# ansible all -i nfs-clients -m shell -a "echo '192.168.56.126:/SHARED /NETWORK_FOLDER nfs defaults 0 0' >> /etc/fstab"

What is the difference between hard mount and soft mount?

The NFS mount can be a “soft mount” or a “hard mount” – mount option define the way how NFS

client should handle NFS crash/failure

Soft mount: suppose you have mounted the NFS by using ‘soft mount’ when a application request a

file from NFS server, NFS server Deamon will try to retrieve the data from the NFS server. If it doesn’t

get any response from NFS server due to failure or crash on the NFS server. Then NFS client report an

error to the process on the client machine requesting the file access.

- Advantage: fast response, it doesn’t wait for the NFS server to respond.

- Disadvantage is this method is data corruption or data loss – so this option is not Recommended

Hard Mount: if you have mounted the NFS by ‘hard mount’, during crash it will repeatedly try to

connect to the NFS server. Once the server is back online the application will continue to execute

undisturbed where it was during the crash. You can add mount option ‘intr’ which allows NFS request

to interrupt if the server goes down or cannot be accessible.

01-30-2021

https://youtu.be/cEL7MmeOSic

SFTP- SSH File Transfer Protocol

- Use case for this SFTP - Application team to copy data back and forth

- Clone base image

Directory:

Config file:

Port #:

Package:

Services:

Protocol:

Command:

URL:

SFTP Server – 192.168.56.129

[root@zmpt01 ~]# yum install openssh-server –y

[root@zmpt01 ~]# systemctl start sshd

[root@zmpt01 ~]# systemctl enable sshd

Add user

[root@zmpt01 ~]# id terminator

uid=1000(terminator) gid=9000(machine) groups=9000(machine),10(wheel)

Done with configuration of server

Client: 192.168.56.117

[root@client01 ~]# which sftp

/usr/bin/sftp

[terminator@client01 ~]$ sftp terminator@192.168.56.129

The authenticity of host '192.168.56.129 (192.168.56.129)' can't be established.

ECDSA key fingerprint is SHA256:e3LN1URGQEPwXaMbDeo+aTYev2cOOWnP3WKmaRG9gRU.

ECDSA key fingerprint is MD5:de:11:30:dd:ef:9e:ae:0a:ab:49:16:29:c9:08:36:8f.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.56.129' (ECDSA) to the list of known hosts.

terminator@192.168.56.129's password:

Connected to 192.168.56.129.

sftp> < --- This is a restricted CLI for user

SFTP Commands

bye	Quit sftp
cd path	Change remote directory to 'path'
chgrp grp path	Change group of file 'path' to 'grp '
chmod mode path	Change permissions of file 'path' t o 'mode'
chown own path	Change owner of file 'path' to 'own '
df [-hi] [path]	Display statistics for current dire ctory or
	filesystem containing 'path'
exit	Quit sftp
get [-afPpRr] remote [local]	Download file
reget [-fPpRr] remote [local]	Resume download file
reput [-fPpRr] [local] remote	Resume upload file
help	Display this help text
lcd path	Change local directory to 'path'
lls [ls-options [path]]	Display local directory listing
lmkdir path	Create local directory
ln [-s] oldpath newpath	Link remote file (-s for symlink)
lpwd	Print local working directory
ls [-1afhlnrSt] [path]	Display remote directory listing
lumask umask	Set local umask to 'umask'
mkdir path	Create remote directory
progress	Toggle display of progress meter
put [-afPpRr] local [remote]	Upload file
pwd	Display remote working directory
quit	Quit sftp
rename oldpath newpath	Rename remote file
rm path	Delete remote file
rmdir path	Remove remote directory
symlink oldpath newpath	Symlink remote file
version	Show SFTP version
!command	Execute 'command' in local shell
!	Escape to local shell
?	Synonym for help

01-30-2021

https://youtu.be/cEL7MmeOSic

CronJob

The software utility cron also known as cron job is a time-based job scheduler in Unix-like computer operating systems. Users that set up and maintain software environments use cron to schedule jobs to run periodically at fixed times, dates, or intervals

Directory:

Config file:

Port #:

Package:

Services: crond

Protocol:

Command: crontab -e;

URL:

* * * * *

*	*	*	*	*	Command
Minutes	Hours	Day of the month	Month	Day of the week	Script and command
0-59	0-23	1-31	1-12	0-6	Whatever you want here

[root@client01 ~]# crontab –e

01 * * * * touch file{1..20}

11 * * * * /root/script.sh >> output

Note: Script runs in the back ground

You can put multiple cron job in the crontab to execute

To allow users to run crontab

[root@zmpt01 ~]# vi /etc/cron.allow

rocky

01-30-2021

https://youtu.be/cEL7MmeOSic

02-13-2021

https://youtu.be/4LTNixANuoU

VSFTP – Very Secure File Tranfer Protocol

Directory:

Config file: /etc/vsftpd/user_list, /etc/vsftpd/vsdtpd.conf,

Port #: 20, 21, 30000- 31000,

Package: vsftpd, openssl

Services: vsftpd, firewalld

Protocol: tcp, udp

Command: yum, systemctl, lvm, openssl, firewall-cmd, selinux,

URL:

Rhel 8

Installed the package

[root@vsftp01 ~]# yum install vsftpd

Start vsftpd

[root@rhel08 ~]# systemctl start vsftpd

[root@rhel08 ~]# systemctl enable vsftpd

Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.

[root@rhel08 ~]# systemctl status vsftpd

● vsftpd.service - Vsftpd ftp daemon

Loaded: loaded (/usr/lib/systemd/system/vsftpd.se>

Active: active (running) since Sat 2021-02-13 14:>

Main PID: 25275 (vsftpd)

Tasks: 1 (limit: 11251)

Memory: 576.0K

CGroup: /system.slice/vsftpd.service

└─25275 /usr/sbin/vsftpd /etc/vsftpd/vsft>

Feb 13 14:33:07 rhel08.zmpt.com systemd[1]: Starting>

Feb 13 14:33:07 rhel08.zmpt.com systemd[1]: Started >

Create the user for FTP

[root@rhel08 ~]# id zafar

uid=1000(zafar) gid=1000(zafar) groups=1000(zafar)

Create LVM for ftp users

[root@rhel08 ~]# pvcreate /dev/sdb

Physical volume "/dev/sdb" successfully created.

[root@rhel08 ~]# vgcreate FTP_Volume /dev/sdb

Volume group "FTP_Volume" successfully created

[root@rhel08 ~]# lvcreate -n FTP-DATA -L 10G FTP_Volume

Logical volume "FTP-DATA" created.

[root@rhel08 ~]# mkdir /FTP-USER-DATA

[root@rhel08 ~]# mkfs.xfs /dev/FTP_Volume/FTP-DATA

[root@rhel08 ~]# mount /dev/FTP_Volume/FTP-DATA /FTP-USER-DATA

[root@rhel08 ~]# df –h

/dev/mapper/FTP_Volume-FTP--DATA 10G 104M 9.9G 2% /FTP-USER-DATA

[root@rhel08 ~]# vi /etc/fstab

[root@rhel08 ~]# /dev/mapper/FTP_Volume-FTP--DATA /FTP-USER-DATA xfs defaults 0 0

Set the permissions and ownership

[root@rhel08 ~]# ls -ld /FTP-USER-DATA/

drwxr-xr-x. 2 root root 6 Feb 13 14:42 /FTP-USER-DATA/

[root@rhel08 ~]# chmod -R 750 /FTP-USER-DATA/

[root@rhel08 ~]# ls -ld /FTP-USER-DATA/

drwxr-x---. 2 root root 6 Feb 13 14:42 /FTP-USER-DATA/

[root@rhel08 ~]# chown -R zafar: /FTP-USER-DATA

[root@rhel08 ~]# ls -ld /FTP-USER-DATA

drwxr-x---. 2 zafar zafar 6 Feb 13 14:42 /FTP-USER-DATA

Change FTP user default directory

[root@rhel08 ~]# vi /etc/passwd

zafar:x:1000:1000:zafar:/FTP-USER-DATA:/bin/bash

[zafar@rhel08 ~]$ pwd

/FTP-USER-DATA

Add user to allow list

[root@rhel08 ~]# vi /etc/vsftpd/user_list

# vsftpd userlist

# If userlist_deny=NO, only allow users in this file

# If userlist_deny=YES (default), never allow users in this file, and

# do not even prompt for a password.

# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers

# for users that are denied.

root

bin

daemon

adm

sync

shutdown

halt

mail

news

uucp

operator

games

nobody

zafar

Create the .pem key – encryption keys

[root@rhel08 ~]# openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout /etc/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

Generating a RSA private key

..........................................................................+++++

........................+++++

writing new private key to '/etc/vsftpd.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:US

State or Province Name (full name) []:IL

Locality Name (eg, city) [Default City]:SKOKIE

Organization Name (eg, company) [Default Company Ltd]:ZMPT

Organizational Unit Name (eg, section) []:IT

Common Name (eg, your name or your server's hostname) []:FTP-SERVER

Email Address []:linux@zmprotech.com

Open firewall for the ports

Port 20 – to allow FTP traffic

Port 21 – to allow DATA transfer

Port 30000 – 31000 – vairable port that is used ramdomly each time

[root@rhel08 ~]# firewall-cmd --permanent --add-port=20-21/tcp

success

[root@rhel08 ~]# firewall-cmd --permanent --add-port=30000-31000/tcp

success

[root@rhel08 ~]# firewall-cmd --reload

success

[root@rhel08 ~]# firewall-cmd --list-port

20-21/tcp 30000-31000/tcp

Enable through SELinux

[root@FTP-SERVER ~]# setsebool -P allow_ftpd_full_access on

Configure VSFTPD config file – add or edit as needed

anonymous_enable=NO

local_enable=YES

write_enable=YES

chroot_local_user=YES

listen_ipv6=YES

pam_service_name=vsftpd

userlist_enable=YES

userlist_file=/etc/vsftpd/user_list

userlist_deny=NO

allow_writeable_chroot=YES

pasv_min_port=30000

pasv_max_port=31000

rsa_cert_file=/etc/vsftpd/vsftpd.pem

rsa_private_key_file=/etc/vsftpd.pem

ssl_enable=YES

[root@rhel08 ~]# systemctl status vsftpd

● vsftpd.service - Vsftpd ftp daemon

Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor >

Active: active (running) since Sat 2021-02-13 15:26:39 EST; 13s ago

Process: 32347 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=e>

Main PID: 32348 (vsftpd)

Tasks: 1 (limit: 11251)

Memory: 780.0K

CGroup: /system.slice/vsftpd.service

└─32348 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

Feb 13 15:26:39 rhel08.zmpt.com systemd[1]: Starting Vsftpd ftp daemon...

Feb 13 15:26:39 rhel08.zmpt.com systemd[1]: Started Vsftpd ftp daemon.

Connect using File-Zilla

[root@FTP-SERVER FTP-USER-DATA]# pwd

/FTP-USER-DATA

[root@FTP-SERVER FTP-USER-DATA]# ls

'New Microsoft Access Database.accdb'

'New Microsoft Excel Worksheet (2).xlsx'

'New Microsoft Excel Worksheet.xlsx'

'New Microsoft Word Document.docx'

02-06-2021

https://youtu.be/-HK1KLbisNY

SELinux

Directory: /etc/sysconfig/selinux;

Config file: vi /etc/sysconfig/selinux;

Port #: 22; 2222

Package: policycoreutils-python;

Services: sshd

Protocol: tcp

Command: semanage, getenforce, setenforce, sestatus

URL:

Unusual activity is blocked by SELinux

What exactly SELinux does? – it protects the system from unusual activity.

For example, SSH works on port 22, but is SSH tries to use any other port it will be blocked, even after allowing through firewall.

If a person has access to building going through front door using the badge – this is normal activity for this person.

If the same person tries enter building from the side door using same badge, he will be denied access.

Mandatory Access Control

- An additional security layer over discretionary access control limiting who can do to what

Discretionary access control

- Traditional

o File permissions

o Access control List

o setuid

o setguid

o su/sudo previlages

- if you own the file or folder – you get to determine who get the access to it.

- This is known a discretionary

Subject

- A user or process that accesses an object

Object

- A resource such as a file, directory, device, ports etc.,

Access

- An action performed by a subject on an object, example read write or create

Security policy

- System-wide policy of rules defining which subject can access which object

- Two policies in Enterprise Linux – Targeted and Strict – targeted is default

Security context

- Tag used by SELinux to store security attributes of subject and objects

SELinux modes

Enforcing mode

- Security policy is enforced

- That means SELinux security is active

[root@zmpt01 ~]# getenforce

Enforcing

Permissive mode

- Security policy is observed and warning will be displayed, but policy is not enforced

[root@zmpt01 ~]# setenforce 0

[root@zmpt01 ~]# getenforce

Permissive

If the system reboots the enforcing will turn on

[root@zmpt01 ~]# sestatus

SELinux status: enabled

SELinuxfs mount: /sys/fs/selinux

SELinux root directory: /etc/selinux

Loaded policy name: targeted

Current mode: permissive

Mode from config file: enforcing

Policy MLS status: enabled

Policy deny_unknown status: allowed

Max kernel policy version: 31

[root@zmpt01 sysconfig]# init 6

[root@zmpt01 sysconfig]# vi selinux

[root@zmpt01 sysconfig]# getenforce

Permissive

Disable SELinux

[root@zmpt01 ~]# vi /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of enforcing.

# disabled - No SELinux policy is loaded.

#SELINUX=enforcing

SELINUX=disabled

# SELINUXTYPE= can take one of three values:

# targeted - Targeted processes are protected,

# minimum - Modification of targeted policy. Only selected processes are protected.

# mls - Multi Level Security protection.

SELINUXTYPE=targeted

[root@zmpt01 ~]# init 6

[root@zmpt01 ~]# getenforce

Disabled

Note: Never set SELinux disabled

Lest change the SSH Port to use port number 2222

Note: number of ports in OS – 2^16 = 2x2x…16 = 65,536

Ports are nothing but door of the operating system

Normal SSH port – 22

Change SSH port – 2222

Install semanage package

[root@zmpt01 ~]# yum install policycoreutils-python

Grep for port 22

[root@zmpt01 ~]# semanage port -l | grep 22

ssh_port_t tcp 22

Check the status of port 22

[root@zmpt01 ~]# grep SSH /etc/services

ssh 22/tcp # The Secure Shell (SSH) Protocol

ssh 22/udp # The Secure Shell (SSH) Protocol

ssh 22/sctp # SSH

Change the port 2222

[root@zmpt01 ~]# vi /etc/ssh/sshd_config

Port=2222

[root@zmpt01 ~]# firewall-cmd --permanent --zone=public --add-port=2222/tcp

success

[root@zmpt01 ~]# firewall-cmd --reload

success

[root@zmpt01 ~]# firewall-cmd --list-port

2222/tcp

[root@zmpt01 ~]# systemctl restart sshd

Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.

Connection is still denied, even though the port 2222 is open through firewall

Also regular port 22 will not work either after we perform semanage update through SELinux

Now allow through the SELinux

[root@zmpt01 ~]# semanage port -l | grep -i 22

ssh_port_t tcp 22

[root@zmpt01 ~]# semanage port -a -t ssh_port_t -p tcp 2222 #< --- adding port 2222 to SELinux

ssh_port_t tcp 2222, 22

Note: port 22 is disabled, only port 2222 will work

To make port 22 work again, add to /etc/ssh/sshd_config

port=2222

port=22

Set it back to original setting

[root@zmpt01 ~]# semanage port -d -t ssh_port_t -p tcp 2222

Port 2222 is removed

[root@zmpt01 ~]# semanage port -l | grep 22

ssh_port_t tcp 22

[root@zmpt01 ~]# vi /etc/ssh/sshd_config

#Port 22

[root@zmpt01 ~]# systemctl restart sshd

No errors

[root@zmpt01 ~]# systemctl status sshd

● sshd.service - OpenSSH server daemon

Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)

Active: active (running) since Sat 2021-02-06 15:26:01 EST; 36s ago

Docs: man:sshd(8)

man:sshd_config(5)

Main PID: 2152 (sshd)

CGroup: /system.slice/sshd.service

└─2152 /usr/sbin/sshd -D

Feb 06 15:26:01 zmpt01.prod.zmprotech.com systemd[1]: Stopped OpenSSH server daemon.

Feb 06 15:26:01 zmpt01.prod.zmprotech.com systemd[1]: Starting OpenSSH server daemon...

Feb 06 15:26:01 zmpt01.prod.zmprotech.com sshd[2152]: Server listening on 0.0.0.0 port 22.

Feb 06 15:26:01 zmpt01.prod.zmprotech.com sshd[2152]: Server listening on :: port 22.

Feb 06 15:26:01 zmpt01.prod.zmprotech.com systemd[1]: Started OpenSSH server daemon.

02-06-2021

https://youtu.be/-HK1KLbisNY

https://youtu.be/4LTNixANuoU

PXE-Server

What is a PXE server? A Preboot eXecution Environment, pronounce pixie. PXE is one of the components of the server installation, which allows a server to boot from a PXE server on a network prior to booting from OS on the local hard drive. This is used for mass installation of the servers without the need for DVD or USB.

Directory: /etc/sysconfig/network-scripts, / etc/xinetd.d/tftp, /usr/share/syslinux/pxelinux.0, /var/lib/tftpboot, /var/lib/tftpboot/pxelinux.cfg, networkboot, /mnt/images/pxeboot/

Config file: /etc/sysconfig/network-scripts/ifcfg-enp0s3, /etc/hostname, /etc/dhcp/dhcpd.conf, etc/xinetd.d/tftp, CentOS-7-x86_64-DVD-1908.iso, andaconda.cfg, centos7.cfg, /var/lib/tftpboot/pxelinux.cfg

Port #:

Package: dhcp tftp tftp-server syslinux vsftpd xinetd

Services: xinetd, dhcpd, vsftpd, tftp, firewalld

Protocol:

Command:

URL:

Configure PXE [network boot] installation server

Server ip = 192.168.56.133

Hostname = pxe01.zmpt.com

Set static ip and hostname

[root@pxe01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-enp0s3

TYPE=Ethernet

DEVICE=enp0s3

NAME=enp0s3

ONBOOT=yes

BOOTPROTO=static

IPADDR=192.168.56.133

NETMASK=255.255.255.0

HWADDR=08:00:27:27:7f:f7

[root@zmpt01 ~]# vi /etc/hostname

pxe01.zmpt.com

Install the required packages

[root@pxe01 ~]# yum install -y dhcp tftp tftp-server syslinux vsftpd xinetd

Configure DHCP server – Dynamic host control Protocol

The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks, whereby a DHCP server dynamically assigns an IP address

Configure the DHCP configuration file – copy and paste – edit as needed

[root@pxe01 ~]# vi /etc/dhcp/dhcpd.conf #< ---delete content and start from scratch

ddns-update-style interim;

ignore client-updates;

authoritative;

allow booting;

allow bootp;

allow unknown-clients;

subnet 192.168.56.0 netmask 255.255.255.0 {

range 192.168.56.171 192.168.56.200;

option domain-name-servers 192.168.56.133;

option domain-name "pxeboot.zmpt.com";

option routers 192.168.56.133;

option broadcast-address 192.168.56.255;

default-lease-time 600;

max-lease-time 7200;

# IP of PXE Server

next-server 192.168.56.133;

filename "pxelinux.0";

}

Config TFTP server file – Trivial File Transfer Protocol

No edit required

[root@pxe01 ~]# vi /etc/xinetd.d/tftp

{

socket_type = dgram

protocol = udp

wait = yes

user = root

server = /usr/sbin/in.tftpd

server_args = -s /var/lib/tftpboot #< --- Network boot related file goes here

disable = yes

per_source = 11

cps = 100 2

flags = IPv4

}

Copy network boot related files to /var/lib/tftpboot – 5 files

[root@pxe01 tftpboot]# cp -v /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/

[root@pxe01 tftpboot]# cp -v /usr/share/syslinux/menu.c32 /var/lib/tftpboot/

[root@pxe01 tftpboot]# cp -v /usr/share/syslinux/memdisk /var/lib/tftpboot/

[root@pxe01 tftpboot]# cp -v /usr/share/syslinux/mboot.c32 /var/lib/tftpboot/

[root@pxe01 tftpboot]# cp -v /usr/share/syslinux/chain.c32 /var/lib/tftpboot/

[root@pxe01 tftpboot]# pwd

/var/lib/tftpboot

[root@pxe01 tftpboot]# ls

chain.c32 mboot.c32 memdisk menu.c32 pxelinux.0

Make a directory in tftpboot folder

[root@pxe01 tftpboot]# pwd

/var/lib/tftpboot

[root@pxe01 tftpboot]# mkdir pxelinux.cfg

[root@pxe01 tftpboot]# mkdir networkboot

[root@pxe01 tftpboot]# ls -l

total 172

-rw-r--r--. 1 root root 20832 Feb 6 16:20 chain.c32

-rw-r--r--. 1 root root 33628 Feb 6 16:20 mboot.c32

-rw-r--r--. 1 root root 26140 Feb 6 16:19 memdisk

-rw-r--r--. 1 root root 55140 Feb 6 16:19 menu.c32

drwxr-xr-x. 2 root root 6 Feb 6 16:23 networkboot

-rw-r--r--. 1 root root 26759 Feb 6 16:19 pxelinux.0

drwxr-xr-x. 2 root root 6 Feb 6 16:23 pxelinux.cfg

Copy the iso file to the server

[root@pxe01 ~]# ls -ltrh

total 4.4G

-rw-r--r--. 1 root root 4.4G Dec 27 2019 CentOS-7-x86_64-DVD-1908.iso

drwxr-xr-x. 2 root root 6 Dec 6 14:59 dir2

-rw-r--r--. 1 root root 0 Dec 6 14:59 file2

-rw-rw-rw-. 1 root root 0 Dec 6 15:11 file3

drwxrwxrwx. 2 root root 6 Dec 6 15:12 dir3

[root@pxe01 ~]# mount -o loop CentOS-7-x86_64-DVD-1908.iso /mnt

mount: /dev/loop0 is write-protected, mounting read-only

[root@pxe01 ~]# df -h

Filesystem Size Used Avail Use% Mounted on

devtmpfs 484M 0 484M 0% /dev

tmpfs 496M 0 496M 0% /dev/shm

tmpfs 496M 6.9M 489M 2% /run

tmpfs 496M 0 496M 0% /sys/fs/cgroup

/dev/mapper/centos-root 14G 6.1G 7.4G 46% /

/dev/loop0 4.4G 4.4G 0 100% /mnt

/dev/sda1 1014M 136M 879M 14% /boot

tmpfs 100M 0 100M 0% /run/user/0

Now copy to /var/ftp/pub – directory

[root@pxe01 mnt]# pwd

/mnt

[root@pxe01 mnt]# cp -av * /var/ftp/pub

Copy Kernel Files

[root@pxe01 mnt]# cd /mnt/images/pxeboot/

[root@pxe01 pxeboot]# ls -l

total 60360

-rw-r--r--. 2 root root 55073584 Sep 6 2019 initrd.img

-r--r--r--. 1 root root 441 Sep 11 2019 TRANS.TBL

-rwxr-xr-x. 2 root root 6734016 Aug 7 2019 vmlinuz

[root@pxe01 pxeboot]# cp initrd.img /var/lib/tftpboot/networkboot/

[root@pxe01 pxeboot]# cp vmlinuz /var/lib/tftpboot/networkboot/

Unmount the cd

[root@pxe01 ~]# umount /mnt

Set the encription - SSL (Secure Sockets Layer) – save the generated encryption key

[root@pxe01 ~]# openssl passwd -1 redhat

$1$qvYA3uE2$jFmQN3bDPC13U41b8OegF/

Copy anaconda-ks.cfg from the /root folder, if not available , copy from another computer or online

[root@pxe01 ~]# cp anaconda-ks.cfg /var/ftp/pub/

Rename anacomda-ks.cfg to centos7.cfg

[root@pxe01 pub]# mv anaconda-ks.cfg centos7.cfg

Modify the fiels as shown

[root@pxe01 pub]# vi centos7.cfg

#platform=x86, AMD64, or Intel EM64T

#version=DEVEL

#Firewall configuration

firewall --disabled

#Install OS

install

#Use FTP Installation Media

url --url="ftp://192.168.56.133/pub"

#Root password

rootpw --iscrypted $1$qvYA3uE2$jFmQN3bDPC13U41b8OegF/

# System authorization information

auth --enableshadow --passalgo=sha512

# Use graphical install

graphical

# Run the Setup Agent on first boot

firstboot disable

# Keyboard layouts

keyboard us

# System language

lang en_US

#SELinux configuration

selinux disabled

#Installation logging level

logging level=info

# System timezone

timezone America/New_York --isUtc

# System bootloader configuration

bootloader --location=mbr

# Partition clearing information

clearpart --all --initlabel

part swap --asprimary --fstype="swap" ---size-1024

part /boot --fstype xfs --size=1024

part pv.01 --size=1 --grow

volgroup zmpt01 pv.01

logvol / --fstype xfs --name=lv_01 --vgname=zmpt01 --size=1 --grow

%packages

@^minimal

@core

%end

%addon com_redhat_kdump --enable --reserve-mb='auto'

%end

Change the centos7.cfg to allow file execution

[root@pxe01 pub]# ls -l centos7.cfg

-rw-------. 1 root root 1006 Feb 7 14:31 centos7.cfg

[root@pxe01 pub]# chmod 755 centos7.cfg

Config file explaination – centos7.cfg

#platform=x86, AMD64, or Intel EM64T #< ---Architecture of processor

#version=DEVEL

#Firewall configuration #< ---Disable the firewall

firewall --disabled

#Install OS #< --- OS Install

Install

#Use FTP Installation Media #< ----FTP server folder location

url --url="ftp://192.168.56.133/pub"

# System authorization information #< ---Authorication of password file

auth --enableshadow --passalgo=sha512

#Root password #< --- root password generated

rootpw --iscrypted $1$qvYA3uE2$jFmQN3bDPC13U41b8OegF/

# Use graphical install #< ---Graphical Mode Installation

graphical

# Run the Setup Agent on first boot

firstboot disable

# Keyboard layouts # < --- Default setting

keyboard us

# System language

lang en_US

#SELinux configuration

selinux disabled

#Installation logging level

logging level=info

# System timezone

timezone America/New_York --isUtc

# System bootloader configuration

bootloader --location=mbr

# Partition clearing information

clearpart --all --initlabel

part swap --asprimary --fstype="swap" ---size-1024

part /boot --fstype xfs --size=1024

part pv.01 --size=1 --grow

volgroup zmpt01 pv.01

logvol / --fstype xfs --name=lv_01 --vgname=zmpt01 --size=1 --grow

%packages

@^minimal

@core

%end

%addon com_redhat_kdump --enable --reserve-mb='auto'

%end

PXE boot Menu – Create ‘default’ file

[root@pxe01 pxelinux.cfg]# pwd

/var/lib/tftpboot/pxelinux.cfg

[root@pxe01 pxelinux.cfg]# vi default

default menu.c32

prompt 0

timeout 30

MENU Title zmprotech PXE installation

LABEL centos7_x64 bits

MENU LABEL Centos7_64

KERNEL /networkboot/vmlinuz

APPEND initrd=/networkboot/initrd.img inst.repo=ftp://192.168.56.133/pub

ks=ftp://192.168.56.133/pub/cento7.cfg

Start all the required services

[root@pxe01 pxelinux.cfg]# systemctl start xinetd

[root@pxe01 pxelinux.cfg]# systemctl enable xinetd

[root@pxe01 pxelinux.cfg]# systemctl start dhcpd

Job for dhcpd.service failed because the control process exited with error code. See "systemctl status dhcpd.service" and "journalctl -xe" for details.

[root@pxe01 pxelinux.cfg]# systemctl enable dhcpd

Created symlink from /etc/systemd/system/multi-user.target.wants/dhcpd.service to /usr/lib/systemd/system/dhcpd.service.

[root@pxe01 pxelinux.cfg]# systemctl start vsftpd

[root@pxe01 pxelinux.cfg]# systemctl enable vsftpd

Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.

[root@pxe01 pxelinux.cfg]# systemctl start tftp

[root@pxe01 pxelinux.cfg]# systemctl enable tftp

Created symlink from /etc/systemd/system/sockets.target.wants/tftp.socket to /usr/lib/systemd/system/tftp.socket.

[root@pxe01 pxelinux.cfg]#

SELinux exception – allow through SELinux

[root@pxe01 ~]# setsebool -P allow_ftpd_full_access 1

Open ports in firewall