LINUX Administrator’s /etc/HOSTNAME

/etc/NETWORKING
MOUSETYPE=Microsoft
XEMU3=yes
hostname is set by “/bin/hostname” during
Quick Reference Card (Slackware)
boot and the name is read from these files. network settings, contains
May change manually. network NETWORKING=yes
Jialong He /etc/sysconfig/network
HOSTNAME=hostname.domain.com
[email protected] (Redhat)
http://www.bigfoot.com/~jialong_he
specify name server, DNS domain and
etc/resolv.conf
search order. For Example: NFS File Sharing
User Management search la.asu.edu
nameserver 129.219.17.200 Files
Files
/etc/hosts host name to IP mapping file. /etc/fstab file systems mounted during boot.
/etc/group
/etc/passwd User account information. host name information look up order. /etc/exports NFS server export list.
/etc/shadow Example:
/etc/host.conf /etc/auto.master auto mount master file.
order hosts, bind
/etc/bashrc multi on
/etc/profile Commands
BASH system wide and per user init files. /etc/nsswitch.conf new way to specify information source.
$HOME/.bashrc mount mount a file system or all entries in fstab.
$HOME/.bash_profile /etc/networks
exportfs export file system listed in exports
/etc/csh.cshrc /etc/protocols TCP/IP services and ports mapping.
/etc/csh.login /etc/services showmount –e show file systems exported
$HOME/.cshrc TCSH system wide and per user init files. hostname
/etc/rpc RPC service name to their program numbers
$HOME/.tcshrc mapping.
$HOME/.login
template files for new users. Commands Printer Configuration
/etc/skel
/etc/default default for certain commands. netconfig menu driven Ethernet setup program. Files
/etc/redhat-release Redhat and Slackware version info (Linux pppsetup setup PPP connection (Slackware). /etc/printcap
Printer capabilities data base.
/etc/slackware-version kernel version with “uname –a”) /etc/printcap.local
setup Ethernet during boot, for example
/etc/lpd.conf LPRng configuration file.
Commands /sbin/ifconfig eth0 ${IPADDR} broadcast
permissions control file for the LPRng line
script to create an new user interactively ${BROADCAST} netmask ${NETMASK} /etc/lpd.perms
adduser printer spooler
(slackware) or link to useradd (Redhat). ifconfig
/sbin/route add -net ${NETWORK} netmask /etc/hosts.lpd Access control (BSD lpd).
useradd, userdel, create, delete, modify an new user or update ${NETMASK} eth0
usermod default new user information.. /etc/hosts.equiv trusted hosts.

newusers update and create new users (batch mode). /sbin/route add default gw ${GATEWAY} netmask PRINTER Environment variable of default printer.
0.0.0.0 metric 1 parallel port.
groupadd, groupdel, /dev/lp0
add, delete or modify group. host lookup host name or IP (similar to nslookup).
groupmod
Commands
modify account policy (password length, dnsdomainname show DNS domain name.
expire data etc.) or finger information (full line printer control program, print queue
chage. chfn, chsh arping; arp find out Ethernet address by first arping then arp. lpc, lpq, lprm
name, phone number etc.) change default login maintain
shell. ipchains firewall and NAT (/etc/sysconfig/ipchains on Redhat)

gain root access during boot prompt without iptables firewall and NAT (/etc/sysconfig/iptables on Redhat)
linux init=/bin/sh rw
password, can be used to fix some problems.
Sendmail
ntsysv menu driven SYSV service configuration (Redhat)
mount –w -n –o remount /
chkconfig command line SYSV service configuration (Redhat)
Files
“sendmail.cf” is the configuration file. “sendmail.mc” is
sendmail.cf
a macro file which can be used to generate “sendmail.cf”
Network Configuration sendmail.mc
Redhat files in /etc/sysconfig by: m4 sendmail.mc > sendmail.cf
Files mail aliases, must run “newaliases” after change. use
Configuration Files aliases
:include: to include external list in a file.
/etc/rc.d/rc.inet1
(Slackware) IP address, Network mask, Default gateway keyboard map, e.g.,
keyboard per user aliases, use \yourname to prevent further expand
/etc/sysconfig/nework- are in these files. May edit manually to KEYBOARD=”/usr/lib/kdb/keytables/us.map” .forward
and keeps a copy in mailbox.
scripts/ifcfg-eth0 (Redhat) modify network parameters. mouse Mouse type, e.g.,
access mail access control, FEATURE(access_db) should be set
 in sendmail.mc. For example, in /etc/mail/access sysctl configure kernel parameters (Redhat).
cyberpromo.com REJECT
socklist list opened socked.
mydomain.com RELAY
[email protected] DISCARD shutdown [–r|h]
Compile Modules now reboot / halt computer
makemap hash /etc/mail/access < /etc/mail/access
make modules
Building and installing modules.
/etc/mail/relay- make modules_install nmap scan a host for opened ports.
list all host/domain accepted for relaying.
domains
crontab show or edit cron jobs.
Manage Modules
Commands insmod, lsmod, modinfo,
sys-unconfig unconfigure system
newaliases rebuild the data base for the mail aliases file. modprobe, rmmod, Manage loadable modules. chkconfig --list list services started at different run level.
depmod
build access database, e.g, unset TMOUT disable BASH auto-logout feature
makemap
makemap hash access.db<access
unset autologout disable TCSH auto-logout feature
Miscellaneous kudzu probe for new hardware (Redhat).
Useful Configuration Files Files rpm -i INSTALL a package
rpm -e UNINSTALL a package
Files /etc/shells allowed login shells rpm
rpm -q QUERY a package
httpd.conf Apache web server configuration file. /etc/ftpusers user names NOT allowed to use ftp. rpm -U UPDATE a package
lilo.conf LILO boot loder configuration file. /etc/hosts.allow save a man page as a text file and remove control
TCP wrapper access control files. man cmd | col –b
/etc/hosts.deny characters.
syslog.conf System log daemon (syslogd) configuration. >cmd.txt
/etc/sysconfig
ssh_config SSH client and server configuration files. contains system configuration files.
(redhat) Run ntop and listen on web port 3000. View traffic
sshd_config
ntop –w 3000 with browser to http://hostsname:3000
/dev/fd0 floppy drive A
ld.so.conf default dynamic library search path (run
ldconfig). /etc/inittab
system run level control file.
/etc/init.d
mtools.conf mtool configuration file (access DOS file).
Configure Apache 2.0 with SSL
named.conf DNS name server (BIND). Commands
sysctl.conf kernel parameters by sysctl (Redhat). fromdos, todos
mod_ssl
(Slackware) (1) when compile apache, specify –enable-ssl for configure script.
ntp.conf net time server. By default, ssl is not enabled. After compiling, use “httpd –l”
dos2unix, convert text file from/to linux format.
inetd.conf Internet super server. unix2dos to list the modules. “mod_ssl” should be in them.
(Redhat) (2) generate private key with command:
Xinetd.conf, Xinet.d Extended inetd configuration. openssl genrsa -out server.key 1024
directory pwck, grpck verify integrity of password and group files.
proftpd.conf proftpd FTP server. pwconv, (3) generate certificate request
pwunconv, openssl req -new -key server.key -out server.csr
amanda.conf network backup server. convert to and from shadow passwords and groups.
grpconv,
/etc/pine.conf PINE mail client system wide settings. grpuncov (4) generate self-signed certificate
/etc/pine.conf.fixed openssl x509 -req -days 60 -in server.csr -signkey server.key -out
shadowconfig toggle shadow passwords on and off. server.crt
quota,
Rebuild Kernel edquota, (5) modify “ssl.conf” which is included in “httpd.conf”. Note,
quotacheck, specify “httpd –DSSL”, otherwise, commented out <IfDefine SSL>
Configure Kernel Parameters Manage disk quota. in ssl.conf.
quotaon,
quotaoff,
Unpack the tarball in /usr/src directory
repquota,
make config bzip2 -dc linux-2.4.0.tar.bz2 | tar xvf –
make menuconfig lilo -D dos set LILO default OS (default=dos in lilo.conf)
Syslog.conf
make xconfig Configuring the kernel with interactive, menu
ldd find out shared library dependencies. Each line consists of a selector and an action. A selector has two parts:
or X window interface.
facilities and priorites, separated by a period (.),You may precede every
lsof list opened files.
priority with an equation sign (``='') to specify only this single priority
Compile Kernel Source fuser filename show processes that using the file. and not any of the above. You may also (both is valid, too) precede the
make dep Building and installing a new kernel. priority with an exclamation mark (``!'') to ignore all that priorities, either
ifdown
make zImage cp arch/i386/boot/bzImage /boot/vmlinuz bring up/down a network interface (Redhat) exact this one or this and any higher priority.
ifup
Example: security = user ## Change source addresses to 1.2.3.4.
mail.notice /var/log/mail # log to a file In this (default) security mode, samba maintain its own user login database iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to
*.emerg @myhost.mydomain.org # log to remote host which is usually in /etc/samba/smbpasswd. This file is created with 1.2.3.4
command /usr/sbin/smbpasswd. Note, the user login file and command
mangle This table is used for specific types of packet alteration.
Note: separator between first column and second colume (log file name) have the same name but in different directories. Following settings are used:
Build-in chains:
must be TAB, not spaces. encrypt passwords = yes
1. PREROUTING — This chain alters packets
smb passwd file = /etc/samba/smbpasswd
auth, auth-priv, cron, daemon, kern, lpr, mail, mark, received via a network interface before they are
facilities
news, syslog, user, uucp, local0 – local7. routed.
security = domain
priorities debug, info, notice, warning, err, crit, alert, emerg. In this security mode, samba server must join to an NT domain (using net 2. OUTPUT — This chain alters locally-generated
command) and authenticate users by a domain controller. A user must have packets before they are routed via a network
Regular File: interface.
action both valid UNIX and NT account in order to access files.
File with full pathname beginning with “/”.
Terminal and Console: security = server Commands
Specify a tty, same with /dev/console. Use another computer (NT or W2k) to authenticate users. No need to join a
Remote Machine: domain. Need to specify a login server: --flush | -F Flush (delete) rules in the selected chain.
@myhost.mydomain.org password server = mywin.domain.com
--policy | -P Set default policy for a particular chain.
security = share --list | -L List all rules in filter table, use [–t tablename] to
Samba File and Printer Sharing Give each share a password, no user name needed. specify other tables.
A appends a rule to the end of the specified chain.
Introduction
--append | -A
IPtables (Netfilter) -insert | -I Inserts a rule in a chain at a particular point.
Samba provides file and printer sharing with MS Windows computers. It Command Syntax Other commands:
makes UNIX speaks SMB/ICFS file and printer sharing protocol. The (1) --new | -N (2) --delete | -D (3) --replace | -D (4) --zero | -Z
latest version of samba can be downloaded from iptables [-t <table >] <command> <chain > <parameters> (5) –check | -C (6) delete-chain | -X (7) rename-chain | -E
http://www.samba.org. Save and Restore rules
Samba is controlled by a configuration file “smb.conf”. On Redhat Linux, /sbin/iptables-save > /etc/sysconfig/iptables Parameters
one can use “redhat-config-samba” to modify the configuration file. On /sbin/iptables-restore < /etc/sysconfig/iptables
--proto | -p [!] name protocol: by number or name, including tcp,
other systems, SWAT is a web based GUI interface. SWAT is run from
Firewall script sample udp, icmp or all.
“inetd” and listen to port 901. You just need point your browser to
http://tiger.la.asu.edu/iptables_examples.htm source IP address.
http://localhost:901 after starting swat. --source | -s [!] addr/mask
Build-in Table --destination | -d addr/mask destination IP address.
Commands filter This is the default table for handling network packets. Build- --in-interface | -i incoming interface name, e.g. eth0 or ppp0.
in chains are: --out-interface | -o outgoing interface name.
• To test if the syntax of “smb.conf” is correct, use 1. INPUT — This chain applies to packets received
via a network interface. --jump | -j jump to a particular target when matching a
testparm smb.conf 2. OUTPUT — This chain applies to packets sent rule. Standard options: ACCEPT, DROP,
• List shares on a Samba or Windows server out via the same network interface which received QUEUE, RETURN, REJECT. May jump
the packets. to a user defined chain.
smbclient –L machinename -U username
3. FORWARD — This chain applies to packets --fragment | -f match second or further fragments only.
• Connect to a Samba or Windows server and get/put files using received on one network interface and sent out on

Options for TCP and UDP protocol

FTP like commands: another.
smbclient //machinename/sharename -U username nat This table used to alter packets that create a new connection.
Build-in chains: --sport | --source-port source and/or destination port. Can specify a
1. PREROUTING — This chain alters packets --dport | destination-port range like 0:65535, use exclamation
received via a network interface when they arrive. character (!) to NOT match ports.
2. OUTPUT — This chain alters locally-generated
Security Mode in “smb.conf” packets before they are routed via a network
interface.
Options for TCP only
3. POSTROUTING — This chain alters packets --syn Match SYN packets.
before they are sent out via a network interface.
## Masquerade everything out ppp0. --tcp-flags Match TCP packets with specific bits set. For example, -p
iptables -t nat -A POSTROUTING -o ppp0 -j tcp –tcp-flags ACK,FIN,SYN SYN will only match TCP
MASQUERADE packets that have the SYN flag set and the ACK and FIN
flags unset.
 xhost server access control program for X. Option "StandbyTime" "time"
Options for ICMP only xsetroot root window parameter setting utility for X.
Sets the inactivity timeout for the "standby" phase of DPMS mode in
minutes. Default 20 min.
--icmp-type [!] type Match specified ICMP type. Valid ICMP type can be xlsfonts server font list displayer for X.
list by Option "SuspendTime" "time"
iptables –p icmp -h xset ser preference utility for X. Sets the inactivity timeout for the "suspend" phase of DPMS mode, default
30 min.
Option for state module (-m state --state) Option "OffTime" "time"
XF86Config Sets the inactivity timeout for the "off" phase of DPMS mode, default 40
ESTABLISHED The matching packet is associated with other min.
XFree86 uses a configuration file called XF86Config for its initial setup.
packets in an established connection.
This file is normally located in “/etc/X11” or “/etc” directory. The Option "DefaultServerLayout" "layout_id"
RELATED The matching packet is starting a new connection XF86Config file is composed of a number of sections which may be Specify the default ServerLayout section to use. Default is the first
related in some way to an existing connection. present in any order. Each section has the form: ServerLayout section.
NEW The matching packet is either creating a new EXAMPLE
Section "SectionName"
connection or is part of a two-way connection not Section "ServerFlags"
SectionEntry
previously seen. Option "BlankTime" "99999"
...
Option "StandbyTime" "99999"
INVALID The matching packet cannot be tied to a known EndSection
Option "SuspendTime" "99999"
connection.
Option "OffTime" "99999"
The graphics boards are described in the Device sections, and the monitors
EndSection
are described in the Monitor sections. They are bound together by a Screen
X Window (XFree86) section. Keyboard and Mouse are described in InputDevice sections,
although Keyboard and Pointer are still recognized. ServerLayout section
Files is at the highest level and bind together the InputDevice and Screen Module Section
sections.
To set screen resolution, in “Screen” section and Subsection “Display”, Load "modulename"
specify a mode. For example: Modes “1024x768” Load a module. The module name given should be the module's standard
A special keyword called Option may be used to provide free-form data to
name, not the module file name.
various components of the server. The Option keyword takes either one or
To specify screen refresh rate, in “Monitor” section, specify vertical rate.
two string arguments. The first is the option name, and the optional second EXAMPLE
For example: VertRefresh 70-120
argument is the option value. All Option values must be enclosed in quotes. Section "Module"
$HOME/.xinitrc Load "extmod"
/etc/X11/xinit/xinitrc File Section Load "type1"
/etc/X11/xinit/xinitrc.d scripts run after X server started EndSection
FontPath "path"
$HOME/.Xclients
Font path elements may be either absolute directory paths, or a font server
/etc/X11/xinit/Xclients
identifier
/etc/sysconfig/desktop
decide which desktop (GNORM, KDE) to start
RGBPath "path"
InputDevice Section
(Redhat). (by /etc/X11/prefdm)
Sets the path name for the RGB color database. There are normally at least two InputDevice sections, one for Keyboard and
/etc/X11/fs/config configuration of X11 font path (font server). one for Mouse.
ModulePath "path"
Allows you to set up multiple directories to use for storing modules loaded Identifier
Commands by the XFree86 server. Specify an unique name for this input device.
startx start X window system.
EXAMPLE Driver
Xconfigurator Section "Files" Specify the name of the driver to use for this input device..
(Redhat) RgbPath "/usr/X11R6/lib/X11/rgb"
Option "CorePointer"
xfree86setup setup X server and generate XF86config. FontPath "unix/:7100"
This input device is installed as the primary pointer device.
(Slackware) EndSection
xf86config Option "CoreKeyboard"
XFreee86 auto configuration (Plug-n-Play),
Serverflags Section This input device is the primary Keyboard.
XFree86 -configure
generate a template named “XF86Config.new” Option "DontZap" "boolean"
Disable use Ctrl+Alt+Backspace to terminate X server.
Ctrl+Alt+Del stop X server (on some system Ctrl+Alt+ESC).
Option "DontZoom" "boolean"
Ctrl+Alt+F1 F1 temporary switch to text mode, F7 switch
Disable use ‘Ctrl+Alt+Keypad +’ and ‘Ctrl+Alt+Keypad -’ to switch video
Ctrl+Alt+F7 back to graphic mode.
mode.
SuperProbe detect graphic hardware.
Option "BlankTime" "time"
xvidtune adjust X server origin and size. Sets the inactivity timeout for the blanking phase of the screensaver in
minutes. Default 10 min.
xmodmap modifying key map and mouse button map.
EXAMPLE Screen Section Identifier
Section "InputDevice" An unique name for this ServerLayout Section.
Identifier "Generic Keyboard" Screen Section binds Device and Monitor sections. There must be at least
Screen screen-num "screen-id" position-information
Driver "keyboard" one Screen Section. The active one is in ServerLayout section.
The screen-id field is mandatory, and specifies the Screen section being
Option "AutoRepeat" "500 30"
Identifier referenced.
Option "CoreKeyboard"
Specify an unique name for this Screen Section.
EndSection InputDevice "idev-id" "option" ...
Device "device-id" Normally at least two are required, one for the core pointer and the other for
Section "InputDevice" This specifies the Identifier of Device section to be used for this screen. the primary keyboard devices.
Identifier "PS2 Mouse"
Monitor "monitor-id" EXAMPLE
Driver "mouse"
This specifies the Identifier of Monitor section to be used for this screen. Section "ServerLayout"
Option "CorePointer"
Identifier "Default Layout"
Option "Device" "/dev/mouse" DefaultDepth depth
Screen "My Screen"
Option "Protocol" "PS/2" Default color depth, like 8, 16 or 24.
InputDevice "Generic Keyboard"
Option "Emulate3Buttons" "true"
Option "Accel" InputDevice "PS/2 Mouse"
EndSection
Enables XAA (X Acceleration Architecture), default is ON. EndSection
DISPLAY SUBSECTION
Each Screen section must have at least one Display Subsection which
Device Section matches the depth values in DefaultDepth.
Depth depth
Boot Sequences
Specifies information about the video card used by the system. You must
have at least one Device section in your configuration file. The active device This entry specifies what color depth of this Display Subsection. Redhat
is in ServerLayout->Screen. Virtual xdim ydim Usually the Linux kernel file is /boot/vmlinuz and is loaded by a boot
Identifier Specifies the virtual screen resolution to be used. loder (e.g., LILO). The first process created by the kernel is /sbin/init. It
Specify an unique name for this graphics card. ViewPort x0 y0 uses a configuration file /etc/inittab. init process runs /etc/rc.d/rc.sysinit
Driver script first, then runs all scripts in /etc/rc.d/rcN.d, where N is the default
Sets the upper left corner of the initial display.
Specify the name of the driver to use for this graphics card. run level defined in inittab. The actual scripts are stored in /etc/rc.d/init.d
Modes "mode-name" ... and proper links are created in run level directoris to point to
EXAMPLE Secifies the list of video modes to use. Each mode-name specified must be corresponding scripts in init.d directory. The last script to run is
Section "Device" in double quotes. They must correspond to those specified in the appropriate /etc/rc.d/rc.local.
Identifier "ATI Mach64" Monitor section (including implicitly referenced built-in ESA standard
VendorName "ATI MACH64" modes). mode can be switched with Ctrl+Alt+Keypad-Plus or Run level 1: Single user mode
VideoRam 2048 Ctrl+Alt+Keypad-Minus. Run level 3: Multiuser mode
EndSection Run level 5: Multiuser model with X11
EXAMPLE
Section "Screen" Slackware
Identifier "My Screen”
Monitor Section Device " ATI Mach64" In Slackware, Linux kernel is /boot/vmlinuz and the first process started
Monitor section describes a monitor. There must be at least one monitor Monitor " Generic Monitor" by the kernel is /sbin/init. Its configuration file is /etc/inittab. init first
section and the active one is used in ServerLayout->Screen. DefaultDepth 16 runs script /etc/rc.d/rc.S, then runs /etc/rc.K for single user mode or
SubSection "Display" /etc/rc.M for multiuser mode. The last script to run is /etc/rc.d/rc.local.
Identifier Depth 16
Specify an unique name for this monitor. Modes "1024x768" "800x600" "640x480" rc.S calls scripts (rc.modules, rc.pcmcia, rc.serial and rc.sysvinit).
HorizSync horizsync-range EndSubSection rc.M calls scripts (rc.inet1, rc.inet2, rc.httpd, rc.samba) and start some
Gives the range(s) of horizontal sync frequencies of this monitor in kHz. SubSection "Display" network server (lpd, httpd etc.)
Depth 24 rc.inet1 sets IP address, Mask, and default Gateway.
VertRefresh vertrefresh-range Modes "1024x768" "800x600" "640x480"
Gives the range(s) of vertical sync frequencies of this monitor in Hz. EndSubSection
Run level 1: Single user mode
EXAMPLE EndSection
Run level 3: Multiuser mode
Section "Monitor" Run level 4: Multiuser model with X11
Identifier "Generic Monitor "
VendorName "Monitor Vendor" ServerLayout Section
ModelName "Monitor Model" ServerLayout section binds a Screen section and one or more InputSection
HorizSync 31.5-56.6 to form a complete configuration. The active ServerLayout section is
VertRefresh 40-70 specified in ServerFlags. If not, the first ServerLayout section is active. If no
EndSection ServerLayout sections are present, the single active screen and two active
(core) input devices are selected as described in the relevant sections.