System Administration: Core Concepts Chapter 11

Introduction  What is the job of the system administrator?  Keep one or more systems in a useful and convenient state for users

Introduction  A well-maintained system  Runs quickly enough so users do not get too frustrated waiting for the system to respond  Has enough storage to accommodate users’ needs  Provides a working environment appropriate to each user’s abilities and requirements  Is secure from malicious and accidental acts altering its performance or compromising the security of the data is holds  Is backed up regularly, with recently backed-up files readily available.  Backups must be tested regularly  All software on the system is patched and updated

System Administrator and SuperUser  Much of what a system administrator does is work that ordinary users do not have permission to do  To perform these tasks, the administrator typically will login as root (SuperUser)  Some commands can only be executed by root  Read, Write, and Execute file and directory access permissions do not affect root  Some safeguards built in to some commands do not apply to root  When running with root privileges, the shell will display a special prompt (#)

System Administrator and SuperUser  Gaining or granting Superuser privileges  Bring the system up in single-user mode  Once the system is running in multi-user mode, login as root  Use the su (substitute user) command  Use the sudo command to give users superuser privlidges for a limited amount of time on a per-user per-command basis  Using setuid

System Administration Tools  Numerous tools exist to assist in system administration it’s up to your imagination to make them work the way you want  su (substitute user)  Gives you another user’s privileges  You must know the password of the user who’s privileges you want to use  When su is used to become the superuser, a new shell is spawned and displays the # prompt  Use CONTROL-D or exit to terminate the session

System Administration Tools  su (cont.)  e.g. $ id uid=500(alex) gid=500(alex) groups=500(alex) context=user_u:system_r:unconfined_r $ su Password: # id uid=0(root) gid=0(root) groups=0(root), 1(bin), 2(daemon), 3(sys), …  su can be used with the –c option to run a single command with other privilidges  e.g. $ kill bash: kill: (4982) – Operation not permitted $ su –c “kill ” Password: $

System Administration Tools  kill  Sends a signal to a process  The signal may or may not terminate the process  kill -15 or kill –TERM  will send a terminate signal to the process. The process could ignore this.  kill -9 or kill –kill  will send a terminate signal that the process CAN’T ignore

System Operation  Booting the system  The process of reading the Linux kernel into system memory and starting it running  The last step of the boot procedure is for Linux to run the init program as PID number 1  init is the first genuine process to run after booting  init is the parent of all system processes  if you kill process 1, the system will crash

System Operation  init scripts  start and stop system services  The first script that init runs is /etc/rc.d/rc.sysinit  performs basic system configuration  setting the clock  hostname  keyboard mapping  setting up swap partitions  checking the file systems for errors  turning on quota management

System Operation  init scripts (cont.)  /etc/rc.d/rc  Runs next after rc.sysinit  Runs the scripts for services that need to be started or stopped when the system is first brought up or that need to be started or stopped when going from single user to multiuser and back  Init scripts (rc - run command) are shell scripts located in /etc/rc.d/init.d  run via symbolic link in the /etc/rc.d/rcn.d  n refers to the runlevel the system is entering

System Operation  Configuring Services  service utility  reports on or changes the status of a service  system-config-services  Displays the Service Configuration window  Two functions  Turns a system service on and off  Controls which services are stopped and started when the system enters and leaves runlevels 3, 4, and 5

Service Configuration GUI

System Operation  Configuring Services (cont.)  chkconfig  Character based  Duplicates much of the system-config-services utility  Add, remove, list startup information, and check the state of system services  Changes the config only – not the current state of services

System Operation  Bringing the system down  Shutdown utility  Must be told what time to bring the system down  Warns all users that the system is going down  Halt utility  Calls the shutdown utility  Both bring the system down safely  CONTROL-ALT-DEL  Reboots the system  DO NOT TURN POWER OFF BEFORE SYSTEM IS DOWN

System Operation  CRASH!!!!!  Occurs when the system suddenly stops or fails.  Run fsck on all local filesystems that were mounted at time of a crash – this is a file system check utility - (p.470)

System Administration Utilities  Red Hat configuration tools  system-config-authentication  Displays Authentication Configuration window with two tabs  User Information  Allows enabling of NIS, LDAP, Hesiod, and Winbind  Authentication  Allows the use of shadow and MD5 passwords  system-config-bind (Fedora)  Displays the DNS window

System Administration Utilities  Red Hat configuration tools  system-config-boot  Displays the Boot Configuration window  system-config-date  Displays the date/time properties window  system-config-display  Displays the Display Settings window  system-config-httpd  Displays the HTTP window  system-config-keyboard  Displays the keyboard window

Config Utilities

System Administration Utilities  Red Hat configuration tools  system-config-kickstart  Displays the Kickstart Configurator window  used to create a Kickstart script  system-config-language  Displays the Language Selection window  system-config-lvm  Displays the Logical Volume Management window  system-config-mouse  Displays the Mouse Configuration window

System Administration Utilities  Red Hat configuration tools  system-config-netboot  Displays the Network installation and Diskless Environment window  system-config-network  Displays the Network Configuration window (p.571)  system-config-network-cmd  Displays the parameters that system-config- network uses

System Administration Utilities  Red Hat configuration tools  system-config-printer  Displays the Printer Configuration window  system-config-rootpassword  Displays the Root Password window  The passwd command can also be used  system-config-samba  Displays the Samba Server Configuration window

System Administration Utilities  Red Hat configuration tools  system-config-services  Displays the Service Configuration window  Configures which services run at which runlevel  system-config-soundcard  Displays the Audio Devices window  system-config-users  Displays the User Management window  Used to manage users and groups

System Administration Utilities  Command Line Utilities  kudzu  Finds new and changed hardware and configures it  mkfs  Creates a new filesystem  e.g. mkfs –t ext3 device  setserial  Gets and sets serial port information  stat  Displays the information about a file or filesystem

Setting Up a Server – Admin Tasks  Writing configuration files  Specifying hosts and subnets  port-map  rpcinfo  xinetd  TCP wrappers  chroot jail

Setting up a Server  Standard Rules in writing Configuration Files  Blank lines are ignored  # anywhere on a line starts a comment that continues to the end of the line  When a name contains a SPACE, it must be quoted by single or double quotes  Lines can be broken by inserting a backslash (\) and pressing RETURN

Setting Up a Server  Specifying Clients in config files PatternMatches n.n.n.n One IP address name One hostname name starts with. name ending with the specified string IP addr ending with. IP addresses starting with the specified numbers n.n.n.n/m.m.m.m IP addresses based on subnet mask ALL Always match LOCAL Any hostname that doesn’t contain a. EXCEPT Matches anything in the preceding list that is not in the following listing

Setting Up a Server  rpcinfo and portmap  rpcinfo displays information about programs registered with portmap  RCP calls are made to programs to see if they are “alive”

Setting Up a Server  xinetd  Superserver  Replaced inetd and is more secure  Listens for network connections  When a connection is made, it launches a specified server daemon and forwards the data from the socket to the daemon’s standard input  uses /etc/hosts.allow and /etc/hosts.deny

Setting Up a Server  xinetd  Base configuration stored in /etc/xinetd.conf  View the contents of /etc/xinetd.conf  defaults  specifies the default configuration of xinetd  files in the included in the /etc/xinetd.d directory specify server specific configurations  defaults can be overridden by server-specific configuration files  instances  specify the number of instances a daemon can run at one time

Setting Up a Server  DHCP  The client daemon (dhclient) contacts the server daemon (dhcpd), to obtain IP addressing and additional information  netmask  broadcast  dns  etc.  Broadcast based  Both client and server must be on the same subnet

Setting Up a Server  DHCP  DHCP Client  Requests network configuration parameters from the DHCP server  Uses the obtained parameters to configure the network interface  Need to have dhclient installed  DHCP lease information is stored in dhclient.leases

Setting Up a Server  DHCP  DHCP Server  Maintains a list of IP addresses and other configuration parameters  When requested, the DHCP server provides configuration parameters to a DHCP client  Need to have dhcp installed  To cause dhcpd to start when the system enters multiuser  /sbin/chkconfig dhcpd on  To start manually  /sbin/service dhcpd start

Setting Up a Server  DHCP  DHCP Server  Simple DHCP server  Add clients to a network  Eliminates the need to maintain a list of assigned IP addresses  Some devices should NOT have an IP address assiged via DHCP  Routers  Servers  Switches  Others?

Setting Up a Server  DHCP  DHCP Server  Simple DHCP server configuration  /etc/dhcpd.conf default-lease-time 600; max-lease-time 86400; option subnet-mask ; option broadcast-address ; option routers ; option domain-name-servers ; subnet netmask {range }

Setting Up a Server  DHCP  DHCP Server  To install  Download latest version from the Internet Software Consortium (  Unpack the archive  $ tar xzf./dhcp tar.gz  Move the new directory that contains all the source files  $./configure  $ make  $ sudo make install  Copy the server/dhcp.conf to /etc

Setting Up a Server  DHCP  DHCP Server  To install  $ sudo touch /var/lib/dhcp/dhcp.leases  $ sudo chkconfig –level 35 dhcpd on  $ /etc/init.d/dhcp restart

Where do we go from here?  Read this chapter  Try out some of the commands  We will be installing DHCP in future lessons on your VM.