RH124
RH124
RH124
We will learn…
• Open source
• Linux distributions
• Red Hat Enterprise Linux
• Open source software is developed in a decentralized and collaborative way, relying on peer review
and community production. Open source software is often cheaper, more flexible, and has more
longevity than its proprietary peers because it is developed by communities rather than a single
author or company
• Linux is a free, open source operating system (OS), released under the GNU General Public License
(GPL). It’s also become the largest open source software project in the world
• Red Hat Enterprise Linux is built from open source components. The kernel itself and the
supporting software are all open source. However, Red Hat has built infrastructure, support, and a
suite of services that will let you license their branded version of enterprise Linux and use it in
production. By: Imran Afzal
www.utclisolutions.com
Get started with Red Hat Enterprise Linux
• Linux distribution
• A Linux distribution is an operating system composed of the Linux kernel, GNU tools, additional
software and a package manager.
Console
Closet
Shirts Jackets
Accessories Shoes
Pants
Skirts
Closet
Shirts Jackets
Accessories Shoes
Pants
Skirts
The second column is the number of hard links to the file. For a
directory, the number of hard links is the number of immediate
subdirectories it has plus its parent directory and itself
• Creating Directories
✓ mkdir
• cp
• rm
• mv
• mkdir
• rmdir or rm -r
• chgrp
• chown
• ln
• ln -s
• Output (stdout) - 1
• By default when running a command its output goes to the terminal
• The output of a command can be routed to a file using > symbol
• E.g. ls -l > listings
pwd > findpath
• If using the same file for additional output or to append to the same file then use >>
• E.g. ls –la >> listings
echo “Hello World” >> findpath.
• Input (stdin) - 0
• Input is used when feeding file contents to a file
• E.g. cat < listings
mail –s “Office memo” [email protected] < memoletter
• Error (stderr) - 2
• When a command is executed we use a keyboard and that is also considered (stdin -0)
• That command output goes on the monitor and that output is (stdout – 1)
• If the command produced any error on the screen then it is considered (stderr – 2)
• We can use redirects to route errors from the screen
• E.g ls –l /root 2> errorfile
telnet localhost 2> errorfile.
The symbol for a pipe is the vertical bar ( | ). The command syntax is:
ls -l | more
• whatiscommand
• command --help
• man command
• There are several standard text editors available on most Linux systems
• vi - Visual editor
• ed - Standard line editor
• ex - Extended line editor
• emacs - A full screen editor
• pico - Beginner’s editor
• vim - Advance version of vi
• Our editor = vi (available in almost every Linux distribution) By: Imran Afzal
www.utclisolutions.com
Create, View, and Edit Text Files
Introduction to vi Editor
• vi supplies commands for:
• Inserting and deleting text
• Replacing text
• Moving around the file
• Finding and substituting strings
• Cutting and pasting text
Files
• /etc/passwd
• /etc/group
• /etc/shadow
Example:
useradd –g superheros –s /bin/bash –c “user description” –m –d
/home/spiderman spiderman By: Imran Afzal
www.utclisolutions.com
Manage Local Users and Groups
• File = /etc/login.def
• PASS_MAX_DAYS 99999
• PASS_MIN_DAYS 0
• PASS_MIN_LEN 5
• PASS_WARN_AGE 7
• Example
chage [-d lastday] [-m mindays] [-M maxdays] [-W warndays] [-I
inactive] [-E expiredate] user
-d = 3. Last password change (lastchanged) : Days since Jan 1, 1970 that password was last changed
-m = 4. Minimum : The minimum number of days required between password changes i.e. the number of days left
before the user is allowed to change his/her password
-M = 5. Maximum : The maximum number of days the password is valid (after that user is forced to change his/her
password)
-W = 6. Warn : The number of days before password is to expire that user is warned that his/her password must be
changed
-I = 7. Inactive : The number of days after password expires that account is disabled
-E = 8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no
longer be used. By: Imran Afzal
www.utclisolutions.com
Manage Local Users and Groups
File
• /etc/sudoers
By: Imran Afzal
www.utclisolutions.com
Control Access to Files
File Permissions
• UNIX is a multi-user system. Every file and directory in your account can be protected
from or made accessible to other users by changing its access permissions. Every user has
responsibility for controlling access to their files.
• df
• du
• uptime
• top
• free
• lsof
• tcpdump
• netstat
• ps
• kill
• Some other commands are vmstat, iostat, iftop etc.
• SSH
• SSH stands for secure shell
provides you with an interface to the Linux system. It takes in
your commands and translate them to kernel to manage hardware
pwd
$ bash
csh ksh
# ls
Hardware
cp
• SSH itself is secure, meaning communication through SSH is always encrypted, but there
should be some additional configuration can be done to make it more secure
• Following are the most common configuration an administrator should take to secure SSH
▪ Become root
▪ Edit your /etc/ssh/sshd_config file and add the following line:
▪ ClientAliveInterval 600
▪ ClientAliveCountMax 0
▪ # systemctl restart sshd
The idle timeout interval you are setting is in seconds (600 secs = 10 minutes). Once the interval
has passed, the idle user will be automatically logged out
By: Imran Afzal
www.utclisolutions.com
Configure and Secure SSH
Disabling root login should be one of the measures you should take when setting up
the system for the first time. It disable any user to login to the system with root
account
▪ Become root
▪ Edit your /etc/ssh/sshd_config file and replace PermitRootLogin yes to no
▪ PermitRootLogin no
▪ # systemctl restart sshd
You need to prevent remote logins from accounts with empty passwords for
added security.
▪ Become root
▪ Edit your /etc/ssh/sshd_config file and remove # from the following line
▪ PermitEmptyPasswords no
▪ # systemctl restart sshd
To provide another layer of security, you should limit your SSH logins to only certain
users who need remote access
▪ Become root
▪ Edit your /etc/ssh/sshd_config file and add
▪ AllowUsers user1 user2
▪ # systemctl restart sshd
By default SSH port runs on 22. Most hackers looking for any open SSH servers will
look for port 22 and changing can make the system much more secure
▪ Become root
▪ Edit your /etc/ssh/sshd_config file and remove # from the following line and
change the port number
▪ Port 22
▪ # systemctl restart sshd
Username?
Password?
• Maintaining accurate system time is critical for log file analysis across multiple systems
• Also having accurate time on a system is requirement for sensitive applications such as
database in production environment
• The network time protocol (NTP) is a standard way for machines to provide and
synchronize the time to the NTP server
• An NTP server is a dedicated machine/computer which responds to clients for time
synchronization
• chronyd is a NTP service used for time synchronization in the newer Linux versions.
✓ OS Network Components
• Network interface
• MAC address
• Subnet mask
• Gateway
• DNS (Domain name system)
• tar
• gzip
• gzip –d OR gunzip
Archive and Transfer Files
FTP – File Transfer Protocol
• The File Transfer Protocol is a standard network protocol used for the transfer of computer
files between a client and server on a computer network. FTP is built on a client-server
model architecture using separate control and data connections between the client and the
server. (Wikipedia)
Client = A Server = B
FTP
ftpd = 21
• Find the following lines and make the changes as shown below:
• ## Disable anonymous login ##
• anonymous_enable=NO
• ## Uncomment ##
• ascii_upload_enable=YES
• ascii_download_enable=YES
• The Secure Copy Protocol or “SCP” helps to transfer computer files securely
from a local to a remote host. It is somewhat similar to the File Transfer Protocol
“FTP”, but it adds security and authentication
Client = A Server = B
ssh
scp
sshd = 22
We will learn…
✓ Linux package management using yum/dnf and rpm command
✓ System update and patch management (yum update vs. upgrade)
✓ Advance package management
Example:
yum update –y By: Imran Afzal
www.utclisolutions.com
Access Linux files systems
• Filesystem is a structured way where all files and directories are stored
• To access those files, we need navigation tools
• Following are the basic tools or commands to access Linux file system
• ls
• cd
• pwd
• df
• du
• fdisk
• Absolute and relative path (absolute path always begins with /)
• Tilde ~
• . and ..
• Cockpit is the easy-to-use, integrated, glanceable, and open web-based interface for your
servers
• The application is available in most of the Linux distributions such as, CentOS, Redhat,
Ubuntu and Fedora
• It can monitor system resources, add or remove accounts, monitor system usage, shut
down the system and perform quite a few other tasks all through a very accessible web
connection