Basic Network Concepts on Linux RHEL / CentOS 5&6

Network Basics:
Here we are providing some idea about network and network
commands
To check IP address and IP information
#ifconfig
To set IP address
#setup
network configuration
select ethernet
give IP address, subnet mask, gateway
close
quit
quit
#service network restart
To provide DNS information:
#vi /etc/resolv.conf
(type as follows)
nameserver (DNS IP)
ex: nameserver 202.138.103.100
save&quit
To check network connectivity:
Ping: packet internet gropher
#ping server IP
To check LAN card status:
#ping 127.0.0.1
To check host name:
#hostname
To change host name:
#hostname (fqdn)
ex: #hostname station1.redhat.com
To assign new hostname permanently
#vi /etc/hosts

add a new line

<IP> <fqdn> <hostname>
ex:
192.168.0.1 station1.redhat.com station1
save&quit
#vi /etc/sysconfig/network
edit as follows
hostname=<fqdn>
ex:
hostname=station1.redhat.com
To view current version of kernel
#uname -r
To view current run level:
#runlevel
we have 6 run levels:
runlevel 0=shutdown
runlevel 1=single user mode
runlevel 2=multi user without nfs
runlevel 3=multi user with network(only text mode)
runlevel 4=un used
runlevel 5=multi user with graphics & network
runlevel 6=reboot
#netstat -ant it will gives network statistics(which port number of
the server is connected to which port number of client)
#vi /etc/sysconfig/network-scripts
this is the directory stores networking information
#ifcfg-eth0
this command gives gateway, boot protocol, netmask details
this is the file which stores IP addresses and networking details
ifdown <eth0>:
this command is used to down the device
ifup <eth0>:
this command is used to bring the interface up device
Job Scheduling Concept on Linux (Redhat or CentOS 6)
AUTOMATIC JOBS :

As a system administrator some tasks are respective like backup,

monitoring, log files.
To automate them with the help of
1)at
2)batch
3)crontab
Crontab:to run some tasks automatically
to set a crontab for an user
#crontab -e -u <user name>
* * * * * /bin/echo "hello"
A crontab file contains instructions to the cron deamon of the
general form
"run this command at this time on this date"
Cron examines entries once every minute
field
allowed values
-----------------minute
0-59
hour
0-23
day of month
1-31
month
1-12 (or names, see below)
day of week
0-7 (0 or 7 is Sun, or use names)
A field may be an asterisk (*), which always stands for firstlast.
Ranges of numbers are allowed. Ranges are two numbers
separated with a
hyphen. The specified range is inclusive. For example, 8-11
for an
hours entry specifies execution at hours 8, 9, 10 and 11.
Lists are allowed. A list is a set of numbers (or ranges)
separated by
commas. Examples: 1,2,5,9, 0-4,8-12.
EXAMPLE CRON FILE
# use /bin/sh to run commands, no matter what /etc/passwd
says
SHELL=/bin/sh
# mail any output to paul, no matter whose crontab this is
MAILTO=paul
#
# run five minutes after midnight, every day

50***
$HOME/bin/daily.job >> $HOME/tmp/out 2>&1
# run at 2:15pm on the first of every month -- output mailed to
paul
15 14 1 * *
$HOME/bin/monthly
# run at 10 pm on weekdays, annoy Joe
0 22 * * 1-5 mail -s "Its 10pm" joe%Joe,%%Where are your
kids?%
23 0-23/2 * * * echo "run 23 minutes after midn, 2am, 4am ...,
everyday"
5 4 * * sun
echo "run at 5 after 4 every sunday"
To set a crontab for an user
#crontab -e -u <user name>
ex:crontab -e -u alex
To remove a crontab for an user
#crontab -r -u <user name>
ex:crontab -r -u alex
FTP Server Configuration on Linux (Redhat or CentOS 5&6)
FTP (FILE TRANSFER PROTOCOL)
Service profile:
Type:System V-managed service
Package:vsftpd
Daemon:/usr/sbin/vsftpd
Script:/etc/init.d/vsftpd
Ports:21(ftp),20(ftp-data)
Configuration
files:/etc/vsftpd/vsftpd.conf,/etc/vsftpd/ftpusers,/etc/pam.d/vsftpd
Log:/var/log/xferlog
Related:tcp_wrappers,ip_conntrack_ftp,ip_nat_ftp
default selinux daemon= /var/ftp
vsftpd--the default redhat enterprise linux ftp server
(very secure ftp daemon)
this is designed to be a secure,stabled,fast & scalable ftp daemon.
it provides two types of access
1)ANONYMOUS ACCESS:User can login as anonymous user (without
having any account in server) to get access to ftp site. By default

anonymous users are chrooted in /var/ftp for security.

2)LOCAL USERS:Users with accounts on the target system can
connect via ftp and login using their username and password. They
can download any file they can read and upload to any directory
which they have write access.
STEPS TO CONFIGURE FTP SERVER:
#yum install vsftpd-* -y
#service vsftpd start
#chkconfig vsftpd on
#service vsftpd restart
(try to login from a client as anonymous user)
By default anonymous user can login and he can download
1)To restrict anonymous user login:
#vi /etc/vsftpd/vsftpd.conf
(line no.12) anonymous_enable=YES(make this one as NO)
save&quit
#service vsftpd restart
2)To restrict local user login:
(line no. ) #local_enable=YES(remove #)
3)To allow local users to access their home directories:
#setsebool -P ftp_home_dir 1
4)To restrict local user to change root:
By default a local user can enter into "/" it will effect security of ftp
server so we restrict local user to enter into /
(line no.94) #chroot_list_enable=YES(remove #)
(line no. 96) #chroot_list_file=/etc/vsftpd/chroot_list(remove #)
save&quit
#vi /etc/vsftpd/chroot_list
type username
save&quit
#service vsftpd restart
5)To restrict a single users login to ftp server:
#vi /etc/vsftpd/ftpusers
type username
save&quit

(it will ask password and deny)

SECOND METHOD:
#vi /etc/vsftpd/user_list
type username
save&quit
(without asking password it will deny access)
To give upload permissions for anonymous user:
create a directory under /var/ftp
change that directories groupownership to ftp
make /var/ftp/<directory name> as public
Steps:
mkdir -p /var/www/cyber
chgrp ftp /var/www/cyber
chmod g+W /var/www/cyber
#chcon -R -t public_content_t /var/ftp
#chcon -t public_content_rw_t /var/ftp/cyber
#setsebool -P allow_ftpd_anon_write=1
#vi /etc/vsftpd/vsftpd.conf
(line no.27)#anon_upload_enable=YES(remove #)
save&quit
#!ser
To give permissions for an anonymous user to create directories:
(line no.31)#anon_mkdir_enable=YES(remove #)
To provide banner:
#vi /etc/vsftpd/vsftpd.conf
(line no.83)#ftpd_banner=welcome to blah ftpservice(remove # and
matter type your own matter)
save&quit
#!ser

CLIENT SIDE:
#ftp <server IP>
(it will prompt you for user name and password if you are login as
an anonymous user type ftp at username and nopassword is
required. If you are login as a local user name and password)
commands used at ftp

get:to download from server

syn:get <file name>
put:to upload to server
syn:put <file name>
!:to close ftp session temporarly
exit:to return to ftp
bye:to close session permanently
?:to view all commands
NFS Configuration in Linux (Redhat or CentOS 6)
NFS (NETWORK FILE SYSTEM)
Service profile:
type:system V-managed service
package:nfs-utils
Daemons:rpc.nfsd,rpc.lockd,rpciod,rpc.mountd,rpc.rquotad,rpc.stat
d
Scripts:/etc/init.d/nfs,/etc/init.d/nfslock
Ports:2049(nfsd),Others assigned by portmap(111)
Configuration:/etc/exports
Related:portmap (mandatory),tcp_wrappers
nfs server is used to share files accross the network
nfs server:
A system that contains the file resources to be shared with other
systems on the network.
nfs client:
A system that mounts the file resources shared over the network
and presents the file resource as if they were local(having same
range of IP address).
Benifits of nfs:
Centralized file access
Common software access
Easy to use
Requirements:
Packages:nfs-*
To create an nfs server:

#yum install nfs-* -y

#service portmap start
#service portmap restart
#service nfs start
#chkconfig portmap on
#chkconfig nfs on
(By using chkconfig for every reboot this services automatically
starts)
#vi /etc/exports
syn: <share directory> <clients range> <permissions>
ex: /data *.redhat.com(rw,sync)
save&quit
#service nfs restart
By default kernel will read root_squash means anyone who
wants to access /data comes under others.
So we have to change permissions of /data as readwrite to
others.
#chmod 777 /data
By giving like this there is no security and any file created by
users under
/data should get the owner and group ownership to
nfsnobody.
To prevent this one provide no_root_squash in /etc/exports
#vi /etc/exports
/data *.redhat.com(rw,sync,no_root_squash)
save&quit
#chmod 750 /data
#service nfs restart
#showmount -e
(this is the command to check which directories are exported)
#exportfs -v
(to check exported directories permissions)
#exportfs -r
(to replicate changes without logout session from client)

Client side configuration:

#showmount -e <server IP>
(to findout which files or directories are exported from the server)
#mount <server IP>:<share directory> <mountpoint>
ex: mount 192.168.0.1:/data /mnt
#cd /mnt
#cat >a

(edit data save&quit)

#ll
Drawbacks of nfs:
For using nfs like this we have to mount server for a long time at
that time if any user wants to connect with server it will take a long
time (network traffic).
Wastage of bandwidth
To overcome this drawbacks we use automounting
AUTOMOUNTING
Automounting:
Automounting is used to save the bandwidth and helps
administrator for easy administration of nfs mounts.
We can mount server uploaded directory on a nested directory
only.
Note: Automounting has to implement only in client
Steps to configure automounting:
(now we are trying to mount server exported /data on /sun/moon in
client)
#vi /etc/auto.master
(this file contains information about nfs mount directory and second
maping file and time out session)
Edit at last line:
/sun /etc/auto.misc --timeout=5
(default timeout is 1 minute here in configuration file timeout
identifies as seconds)
save&quit
#vi /etc/auto.misc
this file contains information aboout hidden directory filesystem
type and location of server and share directory.
syn: <directory> <permissions> <server IP>:<shared directory>
ex:moon
-rw,soft,intr 192.168.0.1:/data
save&quit
(here soft means whenever we are trying to edit into /sun/moon it
will automatically create a soft link between server and client)
intr is used to break the soft link whenever we comes out from the
nested directory by reading timeout
To check:
#cd /sun/moon

SAMBA Server Configuration in Linux (Redhat or CentOS 6)

SAMBA SERVER
The samba server will provide user authentication via passwords
and optionally domains. Samba can also try AFS(andrew file system)
authentication, granting AFS rights if successfull or falling back to
native password checking otherwise.
Samba also has the ability through the winbindd daemon, to
attach to a microsoft daemon password server.
When a redhat linux is running the winbindd service user
accounts defined in the microsoft domain can be used to
authenticate to the redhat linux machine.
Additionally in samba version 3.0 and later the samba services can
use some microsoft active directory resources.
SAMBA SERVICES:
Four main services of samba
1)Authentication and authorization of users
2)File and printer sharing
3)Name resolution
4)Browsing(service announcements)
Related:
smbclient command line access
linux can mount a samba share using cifs and smbfs filesystem
File and printer sharing is probably the most attractive samba
feature for most users. With this functions users can easily retrive
files or print to any printer over the network.
SERVICE PROFILE:
Type: System V-managed service
Packages: Samba,samba-common,samba-client
Daemons: /usr/sbin/nmbd,/usr/sbin/smbd
Script: /etc/init.d/smb
Ports: <netbios> 137(-ns),138(-dgm),139(-ssh),<smb over tcp>
445(-ds)
Configuration file: /etc/samba/smb.conf
Related: system-config-samba,testparm
Steps to configure samba server:
#yum install samba-* -y
#service smb start
#chkconfig smb on

#vi /etc/samba/smb.conf
copy last 8 lines and paste under change as follows
[linux]
comment=<any data>
path=/exam(directory to be shared)
valid users=sam john
writable= yes
printable= no
hosts allow= 192.168.0.(allowable network)
here we are sharing /exam directory to sam and john they can read
write /exam from any of 192.168.0. network system by using a share
name linux
Note: we have to provide samba password for both users
#smbpasswd -a <username>
samba passwords will store under /etc/samba/smbpasswd
To check syntax of configuration file:
#testparm
#service smb restart
#mkdir /exam
#chmod 777 /exam
(here we have to set selinux context )
#chcon -t samba_share_t /exam
#setsebool -P allow_smbd_anon_write=1

FROM LINUX CLIENT:

Note: Client must have samba-client package
#yum install samba-* -y
#service smb start
#service smb restart
#smbclient //<server IP>/<share name> -U <username>
try to get and put
to disconnect
smb> (type exit)
from windows client
Ist method :
right click on mynetwork places--- select mapnetwork drive--choose a drive
in folderbox type \\<serverip>\sharename

select finish
type username and password
try to create some files and folders
to disconnect
rightclick on mynetwork places disconnect network drive
select drive click ok
IInd Method
start---run ---\\<serverip>\<sharedirectory>
provide username and password
to access user homedirectory
#setsebool -P samba_enable_home_dirs 1
from linux client
#smbclient //<serverip>/<myhomes> -U <username>
from windows client
start--run--\\<serverip>\<myhomes>
provide username & password
to give directory for a specific group
vi /etc/samba/smb.conf
[<sharename>]
path=<exported directory>
write list=@<group name>
ex:
[linux]
path=/exam
write list=@sales
DNS Configuration in Linux (Redhat or CentOS 6)
DNS (Domain Naming Service)

DNS is a service which is used to resolve host to IP address and

zone records & configuration files.

MASTER DNS :
There are two types of zonerecords
1) Forwad lookup zone
2) Reverse lookup zone
By defaults, computer connects to another computer with the
help of IP address
Forward lookup zone
-------------------It converts names into IP addresses
Reverse lookup zone

------------------It converts IP addresses to names

Steps:
#yum install bind-* caching-nameserver*-y
#service named start
#chkconfig named on
#cd /var/named/chroot/etc
#ls
#cp named-caching-nameserver named.conf
#vi named.conf
delete ipv6 lines (line nos. 16 &22)
(line no15) Listen on port 53 {127.0.0.1; 192.168.0.254;}
(here 192.168.0.254 is server ip
(line no 21) allow-query 192.168.0.0/24 (clients range)
(line no 30) match-clients {local host; 192.168.0.0/24; } (here
192.168.0.0/24 is clients ip range & subnet mask)
(line no 31) match-destinations {localhost; 192.168.0.0/24;}
save&quit
# vi /etc/rfc1912.zones
copy ten lines from 21 to 31 and paste under 31
change as follows
zone "redhat.com" IN {
type master;
file "redhat.for"
allow-update { none; };
};
zone "0.168.192.IN-addr-arpa IN {
type master;
file "redhat.rev"
allow-update { none; };
};
(here redhat.com is domain name and 0.168.192. is redhat.coms
network range redhat.for is forward look up zone & redhat.rev is
reverse lookup zone)
save & quit
# chgrp named named.conf
#chgrp named named.rfc1912.zones
#cd /var/named/chroot/var/named
#cp localhost.zone redhat.for
#cp named.local redhat.rev
# vi redhat.for

change as follows
$TTL 86400
@
IN SOA redhat.com.
42
3H
15M
1W
1D )

root.redhat.com. (
; serial (d. adams)
; refresh
; retry
; expiry
; minimum

IN NS
server1.redhat.com.
server1.redhat.com.
IN A
192.168.0.254
www254.redhat.com.
IN CNAME
server1.redhat.com.
station1.redhat.com.
IN A
192.168.0.1
www1.redhat.com.
IN CNAME
station1.redhat.com.
station2.redhat.com.
IN A
192.168.0.2
www2.redhat.com.
IN CNAME
station2.redhat.com.
xxx2.redhat.com.
IN CNAME
station2.redhat.com.
yyy2.redhat.com.
IN CNAME
station2.redhat.com.
station3.redhat.com.
IN A
192.168.0.3
www3.redhat.com.
IN CNAME
station3.redhat.com.
station4.redhat.com.
IN A
192.168.0.4
www4.redhat.com.
IN CNAME
station4.redhat.com.
station5.redhat.com.
IN A
192.168.0.5
www5.redhat.com.
IN CNAME
station5.redhat.com.
station6.redhat.com.
IN A
192.168.0.6
www6.redhat.com.
IN CNAME
station6.redhat.com.

(zone: zone is a storage database which contains all zone records

forward lookup zone: used for resolving hostname to ipaddress & it
maintains host to ip mapping information
reverse lookup zone: used for resolving ip address to hostname & it
maintains ip to hostname mapping information
types of records:
SOA : sort of authority the first record in any zone it indicates who
is authority for this domain
NS :nameserver it identifies the dns server for each zone
A record : resolves hostname to ip address
CNAME record : resolves an alias name to a hostname
PTR record : resolves an ipaddress to a hostname
MX record : resolves mail server ip (used by mail server)
TTL :time to live)

save & quit

#vi redhat.rev
(change as follows)
$TTL 86400
@
IN
SOA redhat.com. root.redhat.com. (
1997022700 ; Serial
28800
; Refresh
14400
; Retry
3600000 ; Expire
86400 ) ; Minimum
IN
NS
server1.redhat.com.
254
IN
PTR
server1.redhat.com.
1
IN
PTR
station1.redhat.com.
2
IN
PTR
station2.redhat.com.
3
IN
PTR
station3.redhat.com.
4
IN
PTR
station4.redhat.com.
5
IN
PTR
station5.redhat.com.
6
IN
PTR station6.redhat.com.
save & quit
# chgrp named redhat.for
# chgrp named redhat.rev
# service named restart
to check:
#dig server1.redhat.com
#dig -x 192.168.0.1
(if answer is 1 server is ready if answer is 0 server has some error)

to check error in configuration file

#named-checkconf redhat.com /var/named/chroot/etc/named.conf
to check errors in zone record
#named-checkzone redhat.com
/var/named/chroot/var/named/redhat.for
#named-checkzone redhat.com
/var/named/chroot/var/named/redhat.rev

SLAVE DNS
Master DNS Server
It is the Master Copy of all the Zone Information.
It is Read/Write copy.
Slave DNS Server
It is Slave Backup of Master zone. It is Read Only
if any error may occur to your dns server at the time the entir
network will stop.sometimes it may cause huge damage.for that one
we are createing slave dns for faulttolerance and load balancing.
we need another system which contains server o/s
steps
#yum install bind-* caching-nameserver -y
#service named start
#chkconfig named on
#cd /var/named/chroot/etc/named-rfc1912.zone
(change as follows)
copy 10 lines from 21 to 31 paste under 31
zone "redhat.com"
type slave;
file "redhat.for"
masters {192.168.0.254:};
zone "0.168.192. IN-ADDR-arpa" IN {
type slave ;
file " redhat.rev"
masters {192.168.0.254;};
save& quit
#service named restart
go to client
#i /etc/resolv.conf

nameserver 192.168.0.254
nameserver 192.168.0.1 (slave dns ip)
FORWARDERS
if you have trusted relationship with another company those
comapny users can enter into our network & our company users can
enter into their network by using this forwarders
steps
in master dns server
# vi /var/named/chroot/etc/named.conf
add aline
forwarders {192.168.10.254:};
forward only ;
};
(here 192.168.10.254 is trusted companies dns)
save & quit
#service named restart

APACHE Web Server Configuration on Linux RHEL / CentOS 5&6

APACHE Web Server Configuration
Different web servers in world :Tux:
Kernel based only text support, Very fast
Stronghold : from RedHat Linux
Sun one:
Also known as iPlanet from Sun Microsystems
AOL server : American online free web server
Apache :
Open source
NETSCAPE

what is apache?
Apache is a freeware & is the Most Popular& widely used Web
Server which consumes 60% of web market that can be configured
in both windows and LINUX.

apache server is used to launch our web pages as websites.

service profile:
type: System V-managed service
packages: httpd,httpd-devel,httpd-manual
Daemon: /usr/sbin/httpd
script:/etc/init.d/httpd
ports: 80(http).443(https)
configuration file: /etc/httpd/conf/httpd.conf
related: system-config-httpd,mod_ssl
default selinux daemon : /var/www

steps to configure apache:

#yum install httpd-* -y
#service httpd start
#chkconfig httpd on
#vi /etc/httpd/conf/httpd.conf
copy 7 lines (line no 984 to 990)
paste under 990 line
change as follows
<VirtualHost 192.168.0.17>
992
ServerAdmin [email protected]
993
DocumentRoot /var/www/html
994
ServerName station17.redhat.com
995 </VirtualHost>
(here 192.168.0.17 is our system's ip & /var/www/html is the
document root here we have to place web page to convert as web
site NOTE: web page must be with a name of index.html)
save&quit
cd /var/www/html
vi index.html
(type as follows)
<head>
<body bgcolor=red>
<h1> " welcome to cyber web services" <h1>
</body>
</head>
save & quit
#service httpd restart
open firefox and type in url
http://station17.redhat.com(now the website will appear)

to launch virtual websites using virtual hostnames

#vi /etc/httpd/conf/http.conf
(line no 971) # name vitual host *: 80 (remove # and *:80) type ur
system ip
(namevirtualhost 192.168.0.17 )
copy last five lines and paste under it
VirtualHost 192.168.0.17>
ServerAdmin [email protected]
DocumentRoot /var/www/virtual
serverName www17.redhat.com
</VirtualHost>
(here we are changing system name as www17.redhat.com and
document root under /var/www/virtual)
save & quit
#mkdir -p /var/www/virtual
# cd /var/www/virtual
# vi index.html
<head>
<body bgcolor=green>
<h1> "welcome to virtual website" <h1>
</body>
</head>
save & quit
#service httpd restart
to check
open mozilla
type http://www17.redhat.com
to create virtual webpages under any directory
by default selinux allows webpages which are located under
/var/www/ if we want to launch a webpage which is not present
under /var/www we have to change selinux context,boolean values.
ex:
# vi /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.0.17>

ServerAdmin [email protected]
DocumentRoot /cyber
serverName xxx17.redhat.com
</VirtualHost>
save&quit
#mkdir /cyber
#cd /cyber
#vi index.html
<html>
<body bgcolor=blue>
<h1> "welcome to cyber'+'technologies" <h1>
</body>
</html>
save & quit
#chcon -R --reference=/var/www/html /cyber
#service httpd restart
to check :
open mozilla
type in url box as follows
http://xxx17.redhat.com(u will get website)
(Click On below image to large......)

##############################################
################################

TRY

THINGS

AFTER

PRACTICING EXAM ESSENTIALS

to create link pages in a website

#vi /etc/httpd/httpd.conf
<VirtualHost 192.168.0.17>
ServerAdmin [email protected]
DocumentRoot /var/www/virtual
serverName www17.redhat.com
Alias /training /var/www/training (add this line in that website)
</VirtualHost>
save & quit
# cd /var/www/
#cat > training
(type any thing)
save
#service httpd restart
to check :
go to mozilla
type www17.redhat.com/training

to create Authenticated websites

#vi /etc/httpd/conf/httpd.conf
<Directory /var/www/html>
AllowOverride AuthConfig
</Directory>
save & quit
# cd /var/www/html
#vi .htaccess
AuthName "it"
AuthType Basic
AuthUserfile /etc/httpd/conf/passwd
require valid-user

we have to provide http password for an user to view this website

#htpasswd -mc /etc/httpd/conf/passwd sam
(type password 2 times)
#service httpd restart
to check :
open mozilla ---clear private data ---in url type
http://station17.redhat.com
(give username&password)

to restrict a particular user or particular system to access a website

#vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
Order Allow,deny
Allow from all
deny station12.redhat.com
</Directory>
( here we are denying station12.redhat.com)
to check try to open station17.redhat.com from station12 system
to create ssl certificate for an web server
#yum install openssl-* -y
#yum install mod-ssl-* -y
# vi /etc/httpd/conf.d/ssl.conf
(line no134) #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
(remove #)
save&quit
#cd /etc/pki/tls/certs
make genkey
provide passphrase
#make testcert
passphrase(create with samepassword)
provide country,city,office,mailaddress
#service httpd restart

to run scripts
#vi test.sh
#!/bin/bash
echo Content-Type:text/html
echo
-date
ls -l
echo welcome to cyber services
save&quit
#mkdir -p /var/www/hml/cgi-bin
#cp -rf test.sh /var/www/html/cgi-bin/
#cd /var/www/html/cgi-bin/
#cd ..
#chown -R apache.apache cgi-bin
#cd cgi-bin
#chmod 755 test.sh
#vi /etc/httpd/conf/httpd.conf
add a line in website data
ScriptAlias /cgi-bin "/var/www/html/cgi-bin"
save&quit
#service httpd restart
#setsebool -P httpd_tty_comm on
#setsebool -P httpd_enable_cgi 1
#setsebool -P httpd_sys_script_exec_t rw
to check:
open mozilla
type http://station17.redhat.com/cgi-bin

DHCP Configuration in Linux (Redhat or Centos 6)

DHCP(Dynamically Host Configuration Protocol)
dhcp provide a method for hosts on a network to request and be
granted,configuration information including the address of routers
and nameservers
Ipv4 addresses are either dynamically assigned from a range of

address and netmask,its default gateway .Domain name and dns

server,timeserver,and location of kickstart conf.files
service profile:
type :SysteV-managed service
package:dhcp
Daemon: /usr/sbin/dhcpd
script : /etc/init.d/dhcpd
ports : 67(bootps), 68 (bootpc)
conf.file: /etc/dhcpd.conf,/var/lib/dhcpd/dhcpd.leases
related: dhclient,dhcpv6-client,dhcpv6
steps to configure dhcp server:
#yum install dhcpd-* -y
#service dhcpd start
#chkconfig dhcpd on
#cp /usr/share/doc/dhcp-3.0.5/dhcpd.conf.sample /etc/dhcpd.conf
# vi /etc/dhcpd.conf
(change as follows)
ddns-update-style interim;
ignore client-updates;
subnet 192.168.0.0 netmask 255.255.255.0 {
# --- default gateway
option routers
option subnet-mask

192.168.0.254; (server ip)

255.255.255.0; (subnetmask)

option nis-domain
"domain.org";
option domain-name
"redhat.com"; (domain name)
option domain-name-servers
192.168.0.254; (dns ip)
option time-offset
-18000; # Eastern Standard Time
#
option ntp-servers
192.168.1.1;
#
option netbios-name-servers
192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change
this unless
# -- you understand Netbios very well
#
option netbios-node-type 2;
range dynamic-bootp 192.168.0.1 192.168.0.20; (ip range)
default-lease-time 21600;

max-lease-time 43200;
save & quit
#service dhcpd restart
if you want to give a specific ip for a system
at the end of the file specify as follows
host station1
{ hardware ethernet 00:a0:cc:3d:45:3e
fixed address 192.168.0.10;
}
}
(here in this example we are providing 192.168.0.10 for a
specific system we have to type mac address of that system at
hardware ethernet)

(Click on Image to Large...)

NIS Configuration in Linux (Redhat or CentOS 6)

NIS (Network Information Server)
The two common authentication servicesare the Network
Information Service (NIS)
and the Lightweight directory Access Protocol (LDAP).
Both NIS and LDAP allows to manage all users &computer centrally.
it works with the help of sunrpc
here passwords are in clear text format. we normally use nfs along
wuth nis to share users home directories from server to client for
security purpose
steps to configure nis
#yum install yp* -y
#service ypserv start
#chkconfig ypserv on
#service ypbind start
#service ypxfrd start
#service yppasswdd start
#vi /var/yp/Makefile
(change as follows)
all: passwd group hosts rpc services netid protocols mail \
change as follows
all: passwd group hosts
# rpc services netid protocols mail \

save&quit
#/usr/lib/yp/ypinit -m (to make as master nis server)
ctrl+d
y (to create database)
#useradd user1
#useradd user2
#cd /var/yp
#make (to update database)
to set nisdomain name:
#nisdomainname RHCE
#vi /etc/sysconfig/network
add a new line
NISDOMAINNAME=RHCE
save&quit
#service network restart
#service ypxfrd restart
#service ypbind restart
#service yppasswdd restart
#service ypserv restart
(sharing home directories via nfs)
#yum install nfs-* -y
#service portmap start
#service portmap restart
#service nfs start
#chkconfig portmap on
#chkconfig nfs on
#vi /etc/exports
/home/u1 *.redhat.com(rw,sync)
save&quit
#service nfs restart
#exportfs -v
#exportfs -r

client side configuration:

#yum install yp-bind-* -y
#service ypbind start
#chkconfig ypbind on
#setup

select Authentication
select nis
provide nis domainname&nis server ip
#setsebool -P allow_ypbind 1
#vi /etc/auto.master
add a new line
/home /etc/auto.misc
save7quit
u1 -rw,soft,intr
server1.redhat.com:/home/u1
save&quit
#service autofs restart
#getent passwd u1
# su - u1
KICKSTART Server Installation In Linux (REdhat or CentOS 6)
KICKSTART SERVER
this server is used for remote installation & Automatic installation
of o/s
steps :
keep rhel or centOS 5 or 6 dvd in cdrom
#mount /dev/cdrom /mnt
#cd /mnt
#cd Server
#rpm -ivh pykickstart-0.43-1.el5.noarch.rpm --force --aid
#system-config-kickstart-2.6.19.1-1.el5.noarch.rpm --force --aid
enter below command
#system-config-kickstart
open screen like below screen shots..
we have provided screen shots for this
save this file under /var/ftp/pub(with a name with .ks extension)

client side:
place linux bootable cd
type
linux ks:nfs://<server ip>/var/ftp/pub/<ks filename>
installation is starttttttt..........................

MAIL Server Configuration on RHEL / CentOS

MAIL SERVER
Sendmail
Postfix
Qmail:
The Qmail MTA is another alternative to sendmail.
It is used by an impressive list of Internet sites.
Smail:
It is reportedly easier to configure than sendmail.
It also includes support for blocking messages.
Exim:
The Exim MTA was developed at Cambridge (U.K.) and is licensed

under the GPL. While based on an older MTAknown as Smail

Features of mail server:
we can forward mails from one domain to another domain.with the
help of this mail server we can forward mails to branches or public
mailserver must have public ip
we have three types of mail servers
1)MUA
2)MTA
3)MDA

sending & recieving mails using TCP/IP protocols such as

SMTP server (simple mail transfer protocol port no.25)
pop3 server (postoffice protocol port no.110)
nmtp server (network news transfer protocol port no.119)
imap server (internet message access protocol port no.143)

x.500 server (directory server)

ldap server (leightweight directory access protocol)
x.400 server (message handling system)

Functions of mail server:

Sending and receiving mail from one user to group of users over
internet
Sending and receiving mail from one mail server to different mail
servers over internet
Sending and receiving mail that contains voice, images, sounds,
movies
(Note:MIME is the service which is used to share voice, images,
sounds, movies over internet. MIME-multipurpose mail extension)
Different mail servers:
Exchange server
Microsoft
Send mail
Linux/unix
Qmail
Linux/unix
Postfix
Linux/unix
Squirell mail
Linux/unix
Lotus domino
IBM(we can use on any operating system)
Lotus notes(client)
IBM
Novel groupwise
Novel
MUA:(mail user agent)
this is a client side package used to retrive mails from mail server
ex:mail(text),mutt,evolution,kmail
MTA(mail transfer agent)
this is the server side service used to send and receive mails with in
the domain
ex:sendmail(text&gui),postfix,qmail
MDA:(mail delivery agent)
this is the server side service used to send and receive mails from
one mailserver to another mail server.
ex:dovecot,procmail

Send mail:
It listens mails sent by MUA's through port no.25.
in this mail server mails will be strictly check for exploids and
regenerate the packet and send to MDA.
we have two types in MDA:
1)pop3
2)IMAP
1)pop3:(postoffice protocol 3 port no.110)
mails are in /var/spool/mail
The pop3 connect to server with port no.110 and downloads
/var/spool/mail/U1 and the clients every mail and move it to the
client p.c(don't have backup)
The entire mails of user(U1) are downloaded into client system. It
any damage had done to the client system. I want to get back.
2)IMAP:
From the client it connects to port no.143 and get the mails of the
user(one copy) and it doesn't remove original file when ever the
damage occurs in client p.c. We can download another copy from
server.
pop3--> moves original mails to the client
IMAP--> It send only one copy of the mails to the client

steps to configure mailserver

(here we are configuring MTA & MDA in one system)
#yum install sendmail-* -y
#service sendmail start
#chkconfig sendmail on
#cd /etc/mail
#vi sendmail.mc
add dnl # for line no116
ex:DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
save&quit
[root@server1 mail]# m4 sendmail.mc > sendmail.cf
# service sendmail restart

(to configure MDA)

#yum install dovecot-* -y
#service dovecot start
#chkconfig dovecot on
#vi /etc/dovecot.conf
(line no17) #protocols = imap imaps pop3 pop3s(remove #)
save &quit

to check:
add 2users login as one user & send mail to another user
then login as second user type mail
2nd method
as root: mutt -f {[email protected]}
yes
provide mahesh password
O

configuruing e-mail aliases:

if u want to send an users mails to another user we have to
configure email alias
steps
#vi /etc/aliases
go to last line add as follows
mahesh: john (here in this example we are redirecting mahesh
mails to john)
save&quit
#newaliases (to update /etc/aliases file)

tocheck :

send a mail to sam from remote system

you have to get mail in john mailbox
###################################
SQUIRRELMAIL (Gui based mail server)

to configure squirrel mail server

#yum install squirrelmail-* -y
#service httpd start
#service dovecot start
open mozilla
type http://sever1.redhat.com/webmail
provide username&password
now u can send or recieve mails from remote systems or remote
mail servers

to check:
add an user send mail to that user from remote system
#############################################
SSL Certification (Secure Socket Layer)
by using ssl certification we can encrypt the data transfer between
one user to another user or one mailserver to another mailserver
#vi /etc/dovecot.conf
(line no 87 & 88)
#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem (remove # for
two lines)
save&quit
#make -C /etc/pki/tls/certs dovecot.pem
provide country,state,city,organization,server,user info (user must
not root)
#cp /etc/pki/tls/certs/dovecot.pem /etc/pki/tls/private

#service sendmail restart

#service dovecot restart
How to clustering in Redhat Linux and CentOS 5&6
Configuring A High Availability Cluster (Heartbeat) On CentOS
This guide shows how to set up a two nodes, High-availability HTTP
cluster with heartbeat on CentOS/RHEL. Both nodes use the Apache
web server to serve the same content.

Pre-Configuration Requirements
Assign hostname node01 to primary node with IP
address 192.168.0.20 to eth0.
Assign hostname node02 to slave node with IP
address 192.168.0.21.
Note: on node01
#uname -n
must return node01.
On node02
#uname -n
must return node02.
192.168.0.22 is the virtual IP address that will be used for our
Apache webserver (i.e., Apache will listen on that address).

Configuration:
1. Download and install the heartbeat package. In our case we are
using CentOS/RHEL so we will install heartbeat with yum command:

#yum install heartbeat

or download these packages:

heartbeat-2.08
heartbeat-pils-2.08
heartbeat-stonith-2.08
2. Now we have to configure heartbeat on our two node cluster. We
will deal with three files. These three files are:
authkeys
ha.cf
haresources
3. Now moving to our configuration files . But there is one more
thing to do, that is to copy these files to the /etc/ha.d directory. In
our case we copy these files as given below:
#cp /usr/share/doc/heartbeat-2.1.2/authkeys /etc/ha.d/
#cp /usr/share/doc/heartbeat-2.1.2/ha.cf /etc/ha.d/
#cp /usr/share/doc/heartbeat-2.1.2/haresources /etc/ha.d/
4. Now let's start configuring heartbeat. First we will deal with
the authkeys file, we will use authentication method 2 (sha1). For
this we will make changes in the authkeysfile as below.
#vi /etc/ha.d/authkeys

Then add the following lines:

auth 2
2 sha1 test-ha
Change the permission of the authkeys file:
#chmod 600 /etc/ha.d/authkeys
5. Moving to our second file (ha.cf) which is the most important. So
edit the ha.cf file with vi:

#vi /etc/ha.d/ha.cf

Add the following lines in the ha.cf file:

logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
initdead 120
bcast eth0
udpport 694
auto_failback on
node node01
node node02
Note: node01 and node02 is the output generated by
#uname -n
6. The final piece of work in our configuration is to edit
the haresources file. This file contains the information about
resources which we want to highly enable. In our case we want the
webserver (httpd) highly available:
#vi /etc/ha.d/haresources
Add the following line:

node01 192.168.0.22 httpd

7. Copy the /etc/ha.d/ directory from node01 to node02:
#scp -r /etc/ha.d/ root@node02:/etc/

8. As we want httpd highly enabled let's start configuring httpd:

#vi /etc/httpd/conf/httpd.conf

Add this line in httpd.conf:

Listen 192.168.0.22:80
9. Copy the /etc/httpd/conf/httpd.conf file to node02:
#scp /etc/httpd/conf/httpd.conf root@node02:/etc/httpd/conf/
10. Create the file index.html on both nodes (node01 & node02):
On node01:
#echo "node01 heartbeat test server" > /var/www/html/index.html
On node02:
#echo "node02 heartbeat test server" > /var/www/html/index.html
11. Now start heartbeat on the primary node01 and slave node02:
#/etc/init.d/heartbeat start

12. Open web-browser and type in the URL:

http://192.168.0.22
It will show node01 apache test server.
13. Now stop the hearbeat daemon on node01:
#/etc/init.d/heartbeat stop
In your browser type in the URL http://192.168.0.22 and press enter.
It will show node02 apache test server.

14. We don't need to create a virtual network interface and assign

an IP address (192.168.0.22) to it. Heartbeat will do this for you,
and start the service (httpd) itself. So don't worry about this.
Don't use the IP addresses 192.168.0.20 and 192.168.0.21 for
services. These addresses are used by heartbeat for communication
between node01 and node02. When any of them will be used for
services/resources, it will disturb hearbeat and will not work. Be
carefull!!!