Instructor Tavaris J. Thomas, Ph.D. The Cooper Union Retraining Program at CAMBA Linux (Unix) Administration Instructor Tavaris J. Thomas, Ph.D.

Welcome! Do I need any previous Linux experience? Who am I? Which Linux version is best for me? Where is the closest help resource? (puns intended ) whoami which whereis

Core Objectives Getting started with windows environment edit text files with gedit/vi/vim Understand Linux file system hierarchy and pathnames; manage files from the command line. Understand Linux file access mechanisms; manage file access from the GUI and the command line. Access documentation, both locally and online. Configure the date and time. Understand basic disk concepts and manage system disks. Understand logical volume concepts and manage logical volumes. Manage CPU, memory, and disk utilization. Manage system software locally Understand basic shell concepts, execute simple commands, and use basic job control techniques. Use man and info pages and find documentation in /usr/share/doc. Understand basic network concepts; configure, manage, and test network settings. Manage users and groups. Share and connect to a desktop; use SSH Understand run-levels and manage GRUB. Deploy an FTP server and a web server.

Course Objectives we will not learn Hacking BlackHat Techniques Penetration Testing Programming (beyond simple scripting) Developing/building your own kernel or modifications. However, I will try to introduce Linux concepts to you with a security minded approach.

Linux Admin Session 1 Outline Brief History of Linux Obtaining the Operating System Assistance, Resources, and Information Common Architectures Shells and Scripting Booting Procedures Shutdown Procedures

(Brief) History of Linux UNIX Developed by Dennis Ritchie and Ken Thompson at AT&T Bell Labs 1970s Heavy license fees for UNIX spurred the development of the reimplementation of an open sourced version UNIX In 1991 Linus Torvalds (Li) + UNIX (nux) = Linux

Downloading the distribution(s) Fedora (RedHat) http://fedorproject.org CentOS http://www.centos.org Debian (open) http://www.debian.org Ubuntu http://www.ubuntu.com Virtual Machines are your friend VMware, Parallels, Microsoft, Virtual Box, etc

Installing your distribution Stand alone Virtual Machine http://www.virtualbox.org Live CD Dual/multiple boot

Assistance, Resources, and Information Email me – tavaris@gmail.com Online: http://www.computerhope.com/unix/overview.htm HOW TO guides - Google Linux – Where to go for information???? $man topic $info topic $info emacs (an excellent tutorial for info)

Secure Installation Security begins with the first time you put that CD or DVD into your disk drive (or .iso for VM) to install Linux. Configuring your system securely from the beginning makes it easier to implement additional security settings later. NIST recommends creating separate partitions for /boot, /, /home, /tmp, and /var/tmp.

Common Architectures Hardware Kernel Shell Applications/GUI Keyboard, hard drives, processors, memory, optical drives, etc Kernel Device drivers, network stack, memory interface/mapping, etc Shell Command Line Interface Applications/GUI Desktop env, web browser, terminal, etc

What is the shell??? The shell acts as a buffer between the user and the machine, taking input from the user and interpreting it to the computer. The shell has several associated environment variables that it uses to keep track of information, including the current directory and where to look for files and applications. The shell can be used as a “mini-programming environment,” to execute a series of commands (i.e. a script) The terminal application can be viewed as a program that provides an interface that can accept user input from the keyboard and display characters on-screen for the user. The default shell is bash (the “Bourne-again” shell) sh - (the original Bourne shell) It was developed by Stephen Bourne at Bell Labs in 1977 for Unix Version 7. – source: Wikipedia

Scripting Scripts standardize and automate the performance of administrative duties. Scripts vary in complexity from simple ones that encapsulate a few static commands to major software projects that manage host configurations and administrative data for an entire organization. cron - the name for scripts that run on a regular basis

When NOT to use scripts Resource-intensive tasks, especially where speed is a factor (sorting, hashing, recursion) Procedures involving heavy-duty math operations, especially floating point arithmetic, arbitrary precision calculations, or complex numbers (use C++ or FORTRAN instead) Mission-critical applications upon which you are betting the future of the company Extensive file operations required (Bash is limited to serial file access, and that only in a particularly clumsy and inefficient line-by-line fashion.) Need native support for multi-dimensional arrays Need data structures, such as linked lists or trees Need to generate / manipulate graphics or GUIs Proprietary, closed-source applications (Shell scripts put the source code right out in the open for all the world to see.)

Shells and Scripting Why?? - Most environments include a hefty complement of existing sh scripts, and those scripts frequently need to be read, understood, and tweaked by administrators. Every process has at least three communication channels available to it: “standard input” (STDIN 0 ), “standard output” (STDOUT 1), and “standard error” (STDERR 2). Source: Wikipedia

Shells and Scripting cont’ The shell interprets the symbols “<, >, and >>” as instructions to reroute a command’s input or output to or from a file. “<“ symbol directs STDIN to the contents of an existing file. “>” and “>>” symbols redirect STDOUT; “>>” appends to file Examples “find / -name core > test 2>&1” echo test > junk 2>&1 $ echo "This is a test message." > /tmp/mymessage $echo “this is another appended message” >> /temp/mymessage $ grep test < /tmp/mymessage

Shells and Scripting cont’ To redirect both STDOUT and STDERR to the same place, use the “>&” symbol. To redirect STDERR only, use “2>”. The “|” symbols takes the output of one command and redirects it to the input of another. (example) “ &&” - executes a second command only if first command completes successfully “||” symbol executes the following command only if the preceding command fails. ping www.google.com$ find / -name core $ find / name core 2> /dev/null (sends error messages here permission denied) $ find / -name core > /tmp/corefiles 2> /dev/null $ ps –ef | grep httpd cmd > log 2>&1 This redirects stdout to log and then redirects stderr to wherever stdout is now being redirected, which is log. End result: both stdout and stderr are redirected to log. ping -c1 abc.com && ssh abc@abc.com ping google.com, and display useful information to user if its pingable or not. ping -c1 google.com && echo “Thats good, able to ping google.com” || echo “Thats bad unable to ping google.com”

Bootstrap Process “bootstrap” procedures: Loading and initialization of the kernel Device detection and configuration Creation of kernel threads (manual boot control - optional) Execution of startup scripts Multiuser operations

Booting the PC Startup your Linux distribution BOOT LOADERS Power on & BIOS Loading the boot loader Master Boot Record (MBR) contains the location of the boot loader BOOT LOADERS GRUB – The GRand Unified Boot loader LILO – the traditional Linux boot loader

GRUB Installed on most distributions Very useful booting multiple operating systems, kernels, configurations, etc Good for users that change configurations often GRUB configuration (accessed at boot time) is located at: /boot/grub2/grub.cfg

CentOS runlevel Previous versions of Red Hat Enterprise Linux, which were distributed with SysV init or Upstart, used init scripts located in the /etc/rc.d/init.d/ directory. In general, users operate Red Hat Enterprise Linux at runlevel 3 or runlevel 5 — both full multi-user modes. These init scripts were typically written in Bash, and allowed the system administrator to control the state of services and daemons in their system. In Red Hat Enterprise Linux 7, these init scripts have been replaced with service units.

systemctl Service units end with the .service file extension and serve a similar purpose as init scripts. To view, start, stop, restart, enable, or disable system services, use the systemctl command The service and chkconfig commands are still available in the system and work as expected, but are only included for compatibility reasons and should be avoided.

systemd Previous versions of Red Hat Enterprise Linux, implemented a predefined set of runlevels that represented specific modes of operation. These runlevels were numbered from 0 to 6 and were defined by a selection of system services to be run when a particular runlevel was enabled by the system administrator. In Red Hat Enterprise Linux 7, the concept of runlevels has been replaced with systemd targets.

systemd Systemd targets are represented by target units. Target units end with the .target file extension and their only purpose is to group together other systemd units through a chain of dependencies.

Run Levels

Checking/changing run-levels Try the following command: This shows the current default run-level Try another commands: # systemctl get-default # systemctl list-units --type=target # systemctl set-default multi-user.target

How to reset root http://www.unixmen.com/reset-root-password-centos-7/ CentOS 7 – Edit Grub (previous slide) Go to the line of Linux 16 and change ro with rw init=/sysroot/bin/sh chroot /sysroot passwd root touch /.autorelabel exit reboot

Rebooting and Shutting Down halt instructs the hardware to stop all CPU functions. poweroff sends an ACPI signal which instructs the system to power down. reboot instructs the system to reboot. Suspend does not turn off your computer. It puts the computer and all peripherals on a low power consumption mode. If the battery runs out or the computer turns off for some reason, the current session and unsaved changes will be lost. Hibernate saves the state of your computer to the hard disk and completely powers off. When resuming, the saved state is restored to RAM.

Rebooting and Shutting Down In Red Hat Enterprise Linux 7, the systemctl utility replaces a number of power management commands used in previous versions of the Red Hat Enterprise Linux system.

Assignment 1 Download and install a copy of CentOS 7 using one of the methods described in this chapter Read chapters 1 and 2 of text. Practice commands presented during class