Unix Administration Guntis Barzdins
Linux System Administration SYS ADMIN TASKS Setting the Run Level System Services User Management Network Settings Scheduling Jobs Quota Management Backup and Restore Adding and Removing software/packages Setting a Printer Monitoring the system (general, logs) Monitoring any specific services running. Eg. DNS, DHCP, Web, NIS, NPT, Proxy etc.
Have you used UNIX before? • Which OS did Apple choose when it needed a stable OS layer for its Mac OSX? • Which OS made the biggest impact to the online lives as you know it today?
Process Manipulation w Once you run a program (e. g. vi, myprog, . . . ), that program will suspend the terminal you called it in (the terminal will not be receiving input from you). n You can start the program in the background to avoid this: l n myprog & You can suspend a program that is running and send it to background, if you already started it: l l Ctrl-z (to suspend) bg (sends the suspended program to the background) w w w ps (show running processes) top (monitor running processes) kill (kill processes) w w & (send process to background) bg (send process to background) fg (get process from background) Ctrl+c (terminate process)
Intrusion Detection System (IDS) w Tripwire – is a file integrity-checking program for UNIX/Linux operating systems n n n Software that alerts you when important files change Tripwire keeps a hash value for each designated file When a file is altered/deleted, tripwire will have a new hash value that is different
Tripwire tutorial in a slide w Initial setup n n download / build / install it modify policy file (e. g. remove unnecessary files) # vi /etc/tripwire/twpol. txt n generate policy file # twadmin –create-polfile /etc/tripwire/twpol. txt n build initial database # tripwire –init w check periodically # tripwire –check n reconcile differences (e. g. software installation) # tripwire –update –accept-all –twrfile report_file
Linux Security LINUX Firewall
Linux Security SELinux Malicious or broken software can have root-level access to the entire system by running as a root process. SELinux (Security Enhanced Linux) provides enhanced security. Through SELinux policies, a process can be granted just the permissions it needs to be functional, thus reducing the risk SELINUX can take one of these three values w enforcing - SELinux security policy is enforced. w permissive - SELinux prints warnings instead of
Linux Security SELinux Configuration
Log files w On linux, you can go to /var/log w Depends on the application w Information shown in log files depend on the debug level you defined
Linux System Administration Configuring Disk Quotas To implement disk quotas, use the following steps: Enable quotas per file system by modifying /etc/fstab Remount the file system(s) Create the quota files and generate the disk usage table Assign quotas
Linux System Administration Configuring Disk Quotas Enabling Quotas: Edit fstab to enable usrquota LABEL=/1 / ext 3 defaults LABEL=/boot ext 3 defaults LABEL=/users ext 3 exec, dev, suid, rw, usrquota LABEL=/var ext 3 defaults LABEL=SWAP-sda 5 swap defaults 1 1 1 2 1 2 0 0
Linux System Administration Configuring Disk Quotas Remounting the File Systems: Issue the umount command followed by the mount command to remount the file system in which quota has been implemented (umount /users; mount /users) Creating the Quota Database Files: Use quotacheck command to create quota. user file quotacheck -cu /users Assigning Quotas per User: assigning the disk quotas with the edquota command (edquota <username>) Disk quotas for user web_cc (uid 524): Filesystem blocks soft hard inodes soft hard /dev/sdb 1 988612 1024000 1075200 7862 0 0
Linux Commands Linux Filesystem Management badblocks Used to search a disk or partition for badblocks. (badblocks device) (badblocks hda) df Shows the disk free space on one or more filesystems. (df –k, df -h) du Shows how much disk space a directory and all its files contain. (du <directory>, du –sk <directory>, du –sh <directory>) fsck Filesystem check. Must not be run on a mounted file system. (fsck <filesystem>)
Linux Commands Linux Filesystem Management sync Synchronize data on disk with memory. `sync' writes any data buffered in memory out to disk. mount Used to mount a filesystem. Complement is umount. (mount <filesystem>, mount –a) umount Unmounts a filesystem. Complement is mount. (umount <filesystem>)
Native UNIX Backup Utilities w UNIX Systems include 3 core utilities that allow you to backup files to tape or disk. n n n tar (very simple to use) cpio (a bit more complex) dump (most complex of the three)
Using the tar Utility for Backup w tar usage: tar [x|c]vf [tape device name] [files or directory] w Where: x = extract from a tape n c = compress onto tape (just like when we tar and untar regular. tar files) n
Other UNIX Backup Utilities w cpio – has the ability to detect I/O errors during backup that tar cannot detect. Also has the ability to do things like specify wildcard patters during restore. w dump – very fast, detects I/O errors, allows you to perform incremental backups.
TAR Simplicity of Invocation CPIO DUMP Needs find to specify file names Simple. Few Options Very Simple (tar c files) Recover from I/O errors? None. Write your own utility Resync Option on HP-UX will cause some data loss Automatically skips over bad section Backup special files Later Revisions Yes Multi-volume backup Later Revisions Yes Backup across network? Using rsh only Yes Append files to backup Yes, (tar –r) No No Multiple Independent Backups on Single Tape Yes Yes Ease of listing files on the volume Difficult, Must search entire backup ( tar –t ) Difficult, Must search entire backup ( cpio –it ) Simple, Index at front ( restore –t ) Ease and speed of finding a particular file Difficult, No wildcards, Must search entire volume Moderate, Wildcards, Must search entire volume Interactive. Very easy with commands like cd, ls Incremental backup No Must use find to locate new/modified files Incremental of whole filesystem only, Mult. Levels List files as they are being backed up tar cvf 2>logfile cpio –v 2>logfile Only after backup with restore –t >logfile (Dump can show % complete, though. ) Backup based on other criteria No Find can use multiple criteria No Restore absolute path names to relative location Only by using chroot Limited with cpio -I Always relative to current working directory Interactive decision on restore Yes or No possible with tar –w Can specify new path or name on each file Specify individual files in interactive mode Compatibility Multiple platform with ASCII header, not always portable Readable between some platforms, but cannot be relied on Primary usefulness Individual user backup, transfer files between filesystems System backup Volume efficiency Medium, usually limited to 10 k block size Medium, usually only 5 K block size, but can specify larger size on some OSs High, can usually specify up to maximum block size of device Wildcards on restore No Yes Only in interactive mode Simplicity of selecting files for backup from numerous directories Low, must specify each independent directory, subdirectories included Medium, find options None, will backup one and only one filesystem Specifying directory on restore get files in that directory Yes No, must use "path/*" Yes Stop reading tape after a restored file is found No No Will stop reading tape as soon as last file is found Track deleted files No No If you restore with –r, files deleted before last incremental dump will be deleted. Filesystem efficiency Better Worst (files get a stat from both find and cpio) Best Limit on path length (Tests done with Solaris native utils 7/99. ) 155 characters. Complains "prefix is greater than 155 characters. " Gtar has slight workaround. 255 characters. Doesn’t complain. Just truncates pathname to 255 char’s. 1056 characters. Likelihood that file exists in TOC but not in Low Medium (since TOC is made first)
Lost Root Passwd w If you have Lilo installed, type n n LILI: linux init 1 Change the root passwd, reboot aga w If you have installed grub n Type ‘e’ to go to edit mode, add init 1 argument at the end w Boot with knoppix or single floppy linux n n Mount the disk and change root passwd Reboot !!
Linux System Administration Linux Services There are 113 deamons, Out of them, the following are most widely used: apmd : Power Management autofs : Automount services crond : Periodic Command Scheduler cups : Common Unix Printing System dhcpd : The DHCP server dovecot : IMAP (Internet Message Access Protocol) and POP 3 (Post Office Protocol) server gpm : Mouse httpd : Apache Web server
Linux System Administration Linux Services iptables : Kernel based Packet Filtering firewall kudzu: Finds new Hardware mysqld : My. SQL server named : BIND server network : Networking nfs : Network File Share nfslock : NFS file locking ntpd : NTP (Network Time Protocol) server portmap : RPC (Remote Procedure Call) support postgresql : The Postgresql Database Engine
Linux System Administration Linux Services sendmail : Sendmail Mail Server smb : Samba Network Services snmpd : Simple Network Management Protocol squid : Squid Proxy Server sshd : Open SSH and SFTP server syslog : System Logging xinetd : Provides support for telnet, ftp, talk, tftp etc. ypbind : NIS Server
Automating Unix Administration w You don’t want to spend the whole day making sure that all servers/workstations and its services are fine w Use monitoring tools that can alert you for any problem in the network n mon, nagios, cacti, angel w Create scripts to check the status of servers/services and use cron to run it periodically n Mail the result to admin
Example script #!/bin/sh machine="sunfire" down= i=0 while [ $i -le 15 ] do sun=$machine"$i" /usr/sbin/ping $sun > /dev/null if [ $? -ne 0 ] then down="$down: $sun" fi i=`echo "$i+1" | bc -l` done if [ -n "$down" ] then echo $down | tr : '