Devops

Foundation - Linux Systems and Network Administration

Table of Contents
Introduction 0
Linux Systems Administration 1
User and Group Managment 1.1
Configurations 1.1.1
Commands 1.1.2
Lab 101 : Managing Users and Groups 1.1.3
Process Management 1.2
Commands 1.2.1
Lab 102 : Process Management 1.2.2
Job Scheduling 1.3
Lab 103 : Scheduling Jobs 1.3.1
Localization - Date, Time, Locale 1.4
Essential Systems Services 1.5
NTP 1.5.1
Web Stack Administration 2
MySQL Administration 2.1
Lab 201: Install MySQL Server and Client 2.1.1
Lab 201-1: Reset MySQL Root Password 2.1.2
Lab 202: Generate MySQL Configs using Percona Wizard 2.1.3
Apache Administration 2.2
Lab 203 : Install and Configure and attach ssl certicate to apache Jobs 2.2.1
Lab 204 :Create self signed certificate 2.2.2
PHP Web Application 2.3
Lab 205 : Install php5 2.3.1
Lab 206 : Install and setup Wordpress with Apache with MySQL Backend
Lab 206-1 : Database Backup and Restore 2.3.3 2.3.2
Nginx Administration 2.4
Lab 208 : Install and configure nginx as a reverse proxy 2.4.1
Lab 209 : Create and attach ssl certificate to nginx 2.4.2
Tomcat Administration 2.5

2
Devops Foundation - Linux Systems and Network Administration

Lab 207 : Install and configure tomcat 2.5.1

Shell/ Bash Scripting 3
Networking 4
Network Utilities and Troubleshooting 4.1
Lab 401 : ping 4.1.1
Lab 402 : telnet 4.1.2
Lab 403 : nmap 4.1.3
Lab 404 : netstat 4.1.4
Lab 405 : traceroute 4.1.5
Lab 406 : tcptraceroute 4.1.6
Lab 407 : whois 4.1.7
Lab 408 : tcping 4.1.8
Lab 408 : nslookup 4.1.9
Lab 408 : dig 4.1.10
References 5

3
Devops Foundation - Linux Systems and Network Administration

Ops Essentials - Systems and Network

Administration
This book is aimed to serve as a crash course for anyone with the Operations Engineer/
Systems Administrator / Systems Operations Background, to serve as a essential reference
before taking up courses specific to Devops Engineers.

A Devops Engineer is typically someone with systems operations background with specific
skills with new tools. He/She is responsible for enabling organizations with Devops Tools
and Practices and help other team members such as Developers/QA Professionals to setup
automated workflows. They are also responsible for building, deploying, automating and
maintaining the infrastructure which not only runs the applications that the dev team is
building, but also for setting up and maintaining the internal tools for CI/CD, Monitoring,
Performance Measurement, Automated Provisioning and Configuration Management etc.
He/She is also responsible optimizing applications and systems infrastructure. And when
there are issues, he/she typically is the one who does initial troubleshooting, triaging and
escalations.

To be a well rounded Devops Engineer, one has to have a knowledge on wide breadth of
tools. Devops Engineers are typically Jack of All Trades, Master of a few. And most
essentially, they should have a good understanding of underlying operating system. Even
though role of Devops Engineer is not limitd to one OS, in most likeliness, its some flavor
GNU/Linux. More over, today's systems are interconnected with complex networking
systems. Hence, understanding of Linux as well as Computer Networks, servers as two
essential skills when it comes to Devops Engineers. This book is been written to keeping this
in mind and should serve as a essential reference for practical skills on systems and network
administrators.

LICENSE
CC BY-NC-SA 4.0

AUTHORS
Gourav Shah
Deepak Jain

Introduction 4
Devops Foundation - Linux Systems and Network Administration

Ashwini Chaudhari
Druva Ram

Introduction 5
Devops Foundation - Linux Systems and Network Administration

Linux Systems Administration

Linux Systems Administration 6

Devops Foundation - Linux Systems and Network Administration

User and Group Managment

User and Group Managemnt

User and Group Managment 7

Devops Foundation - Linux Systems and Network Administration

User Commands
The following commands are used to create, modify, delete, manipulate the properties of a
user.

USERADD
This command Add/Creates user accounts in Linux. This command can be combined with
various options

useradd Devops - Adds a user named Devops. To unlock this account you need to set a
password for this user

passwd Devops - To set the password for the newly created user

Once a new user is created, /etc/passwd file gets a new entry regarding the user created.

cat /etc/passwd | grep Devops - Shows the entry created for user "Devops" in the

passwd file

Each line in the /etc/paaswd contains 7 columns which provides us the information about the
user. It can be interpreted in the following way -

1. Username - Login name used to access the system - Devops

2. Password - The letter x signals that shadow passwords are used and that the hashed
password is stored in /etc/shadow file
3. UserID - Devops has been assigned a UID of 501, which reflects the rule that the
default UID values from 0 to 499 are typically reserved for system accounts
4. GroupID - The primary Group ID (GID) Group Identification Number stored in /etc/group
file
5. UserInfo - Optional field to fill in extra information about the user like Role or Full Name
of the user
6. Home Directory - Location of user's home directory
7. Shell - Location of user's shell

Commands 8
Devops Foundation - Linux Systems and Network Administration

USERADD command can be combined with other options to customize user creation as per
the requirement. Some of the options are -

useradd -c "Devops User" Devops - Creates a user with "Devops user" as a comment in
UserInfo field as stated above

useradd -d /project/Devops Devops - Creates a user "Devops". Home directory for the
user "Devops" is set as /project/Devops

useradd -u 619 Devops - Creates a user "Devops". UserID for the user "Devops" is set
as 619

useradd -g 719 Devops - Creates a user "Devops". GroupID for the user "Devops" is set
as 719

useradd -g g0 -G g1,g2 Devops - Adds the user "Devops" to primary group g0 and to
multiple groups(g1 and g2). You can check about the user is a part of which groups by
using the command "id Devops"

useradd -e 2016-10-01 Devops - Creates a user "Devops" with account expiry date of
October 1st,2016. Date should be mentioned in YYYY-MM-DD format. By default it is 0,
never expires

useradd -s /sbin/nologin Devops - Will add a user ‘tecmint‘ without login shell i.e.
‘/sbin/nologin‘ shell

useradd -M Devops - Creates a user "Devops" with no home directory. When you
combine useradd -m it will make sure that "Devops" user is created with Home directory
if it does not exist

USERMOD
This command is similar to useradd except it takes actions on already existing users. It
modifies the properties of already existing users . You can use this command with almost
same options as you use with command useradd.

usermod -c "Am Devops User" -u 619 -e 2016-10-01 Devops - Modifies the user
"Devops" UserInfo property as stated in the above examples

Commands 9
Devops Foundation - Linux Systems and Network Administration

usermod -l Devops_ad Devops - Modifies the user login name from Devops to
Devops_ad

usermod -L Devops - Locks the user "Devops" account. After the account lock, Login is
disabled and you will see a ! added before the encrypted password in /etc/shadow file
means password is disabled an user account is locked

USERDEL
This command removes the user accounts and files associated to the user from
Server/Workstation

userdel -r Devops - Combining userdel with the -r option removes files in the user's
home directory along with the home directory itself and the user's mail spool

userdel -f Devops - This option forces the removal of the user account, even if the user
is still logged in. This option is dangerous and may leave your system in an inconsistent
state

ID
This command is used to get the system identifications of a specific user like UID, Groups a
user belong to.

id Devops - Displays the System identifications for the user "Devops"

id -u Devops - Displays UserID for the user "Devops"

id -g Devops - Displays GroupId for the user "Devops"

Group Commands
The following commands are used to create, modify, delete, manipulate the properties of a
group.

Commands 10
Devops Foundation - Linux Systems and Network Administration

GROUPADD
Groups are a useful tool for permitting co-operation between different users. This command
is used to add a new group to the system.

groupadd friends - Adds a group named "friends" with default settings. You can gather
more information about the group from the file /etc/group

groupadd -g 719 friends - Creates a group named "friends" set its GroupID as 719.
When used with -g and GID already exists, groupadd refuses to create another group
with existing GID

groupadd -r friends - Creates a system group which are used for system purposes
which practically means that GID is allocated from 1 to 499 if not specified

NOTE :- If you want to add an existing user to the named group, you can make use of the
gpasswd command too instead of usermod and useradd. gpasswd is used to unlock the
group and set password on the group

gpasswd friends - Unlocks the group "friends" and sets the required password.

gpasswd -a Devops friends - Add the user "Devops" to group "friends". Replacing "-a"
with "-r" command removes the user "Devops" from group "friends"

gpasswd --members Devops,Devops_ad friends - Adds a list of

members(Devops,Devops_ad) to the group "friends". This command can be used to
add multiple users to a group at a time.

gpasswd -A Devops,Devops_ad friends - Makes Devops,Devops_ad group

administrators. A group administrator can add and delete users as well as set, change,
or remove the group password. A group can have more than one group administrator.

gpasswd -r friends - Removes password authentication on the group "friends"

GROUPMOD
Commands 11
Devops Foundation - Linux Systems and Network Administration

When a group already exists and you need to specify any of the options now, use the
groupmod command. The logic of using groupmod is identical to groupadd as well as its
syntax.

groupmod -g 819 friends - Modifies the GroupID for the group "friends" to 819

groupmod -n classmates friends - Replaces the name of group with "classmates"

GROUPDEL
This command is used to delete the group. There are some conditions you should take care
of before deleting a group. You may not remove the primary group of any existing user; you
must remove the user before you remove that user's primary group.

groupdel friends - Deletes the group named "friends". Below is the error if friends is the
primary group of any user

Commands 12
Devops Foundation - Linux Systems and Network Administration

Lab 101 : Managing Users and Groups

Learn About User Commands

$ man useradd

$ useradd --help

$ man id

$ id --help

$ man passwd

$ man usermod

$ man userdel

Create a System User

Create the following users,

dipti
pooja
ramesh
suresh

Check the Default User Configurations

$ useradd -D

While creating users, mention the option to create home directories.

$useradd -m dipti

$useradd -m ramesh

$useradd -m suresh

$useradd -m dipti

Validate whether the users have been created

** Option 1 : Observe /etc/passwd

$ tail /etc/passwd

Lab 101 : Managing Users and Groups 13

Devops Foundation - Linux Systems and Network Administration

Expected Output:
dipti:x:501:501::/home/dipti:/bin/bash ramesh:x:502:502::/home/ramesh:/bin/bash
suresh:x:503:503::/home/suresh:/bin/bash pooja:x:504:504::/home/pooja:/bin/bash

** Option 2 : using id command

$ id dipti $ id ramesh $ id suresh $ id pooja

Set Password

Check whether password exists, $ cat /etc/passwd

dipti:!!:16847:0:99999:7:::

Create password for each users, and validate,

$ passwd -m dipti

[Type and retype passwords]

New password: *

Retype new password: *

passwd: all authentication tokens updated successfully.

Validate

Logout as root user, and try logging in as the user you created password for.

$ su - dipti [verify you are able to login]

Also verify the contents of /etc/shadow which should have a encrypted string instead of !!

dipti:$6$t99EyAX/$3VCh3O9qjBEA7aevcRtV57B0HVNSM3WkhIXK9fe2JQMUQrsj8pxz5pD
bmrnJIoDlJimes3kd.yXNUNqKpoGpa0:16847:0:99999:7:::

Lab 101 : Managing Users and Groups 14

Devops Foundation - Linux Systems and Network Administration

Process Management 15
Devops Foundation - Linux Systems and Network Administration

Commands to Managing Process

1)PS

2)TOP

3)PSTREE

4)FREE

5)UPTIME

6)KILL

Commands 16
Devops Foundation - Linux Systems and Network Administration

Managing Processes

PS
PS - This command is used list/see the processes that are running on the Linux
system/server. Process is a running instance of a program. There are many commands
which are used to monitor and control these processes in Linux and ps is one such
command which is used to monitor them. Below are some of the examples which show their
practical applications.

• ps -ef - List all the processes that are currently running, where -e is used to display all the
process, -f is used to display full format listing

• ps -ef | grep ssh - List all the process which are related to ssh

• ps -f -u vagrant,postfix - List the process related users vagrant and postfix. You can use
UID too to find the process related to that particular user like (#ps -f -u 500)

ps -f -p 1307 - List the process which has PID of 1307. You can list multiple process by
listing multiple PIDs separated by commas in a single command

ps -f -ppid 1295 - List the process which has PPID of 1295

Lab 102 : Process Management 17

Devops Foundation - Linux Systems and Network Administration

ps -C crond -L -o pid,pcpu,nlwp - List all threads for a particular process(crond). This is

sometimes useful when a process gets hung and determine the threads running(NLWP)

ps -p 1307 -o uid,pid,etime - List the elapsed time for particular PID

ps aux --sort pmem - Sorts the highest memory consuming process at the bottom. You
can further dig into that highest memory consuming PID/PPID and get the Memory
percentage. You may use this data to find a memory leak. Where -v gives the
components of virtual memroy

TOP
This command is much more interactive and real-time than the ps command. This also
provides the percentage of resources actually consumed by the system.

top - Opens up an interactive session which gives information about the resource usage

After the top command displays output screen, it is like an interactive session which require
you to feed the commands to get the desired output as below

Lab 102 : Process Management 18

Devops Foundation - Linux Systems and Network Administration

1. O - Gives you a range of options to sort according to the resources

2. d - Changes the auto refresh interval

3. k - kill a process by desired PID

4. SpaceTabKey - For instant refresh

5. top -u vagrant - List the process details for a specific user. In this case it is "vagrant"

PSTREE

Lab 102 : Process Management 19

Devops Foundation - Linux Systems and Network Administration

This command shows the processes that are running on the system too. But it is better in a
visual way than ps command. This command shows the running processes in the form of a
tree. It requires no root privileges to run this command.

pstree - Gives you the process tree

pstree 3039 - List a process based on the PID

pstree root - Displays process tree for the user "root"

pstree -a vagrant - Display the command line arguments associated with a particular

process for particular user

Lab 102 : Process Management 20

Devops Foundation - Linux Systems and Network Administration

pstree -np - Displays the process in sorted way according to PID

pstree -h - Highlights the current process and its ancestors

FREE
This command gives us the total amount of Free, Used Physical memory and Swap memory
of the system. It also gives us the information about the Buffers used by the Kernel.

free -m - Displays the amount of memory in MegaBytes. Amount of memory can also be
seen in different units of Data. Following are the options

1. -b for bytes
2. -k for kilobytes

Lab 102 : Process Management 21

Devops Foundation - Linux Systems and Network Administration

3. -m for megabytes
4. -g for gigabytes
5. --tera for terrabytes

free -ms 5 - Displays the amount of memory in MegaBytes continuously every 5

seconds. "-s" is used in the command to achieve this cycle

free -t - It will display an extra line showing the column totals

UPTIME
This command gives you a one line display of current time, for how long the system is up,
how users are logged on, system load averages

uptime - Displays the uptime and average load

KILL
This command is used to send Terminate, Stop, Trap, Interrupt etc., signals to the process.

Lab 102 : Process Management 22

Devops Foundation - Linux Systems and Network Administration

kill -l - Displays the list of signal numbers that you can choose from

kill - Generates SIGTERM signal requesting process to terminate

kill -9 - Generates SIGKILL signal for process to terminate immediately or forcefully.You

can kill multiple PIDs in the following way (kill -9 1234 4356 234) where 1234, 4356, 234
are distinct processes

Kill -9 can be fed to the system in multiple ways like below

1. kill -s SIGKILL <PID> where SIGKILL is the signal name

2. kill -s SIGKILL <PID> where SIGKILL is the signal name
3. kill -s 9 <PID> where 9 is the signal number

NOTE :- Signal number can be determined by using the above mentioned command kill -l.
Signal name can be found out by the same command too. The shorthand notation of the
signal name can be found by the command kill -l signalnumber. Below is the example :-

9 is the signal number for SIGKILL. Getting the shorthand notation -

Lab 102 : Process Management 23

Devops Foundation - Linux Systems and Network Administration

Scheduing Jobs

Job Scheduling 24
Devops Foundation - Linux Systems and Network Administration

L 103 - Scheduling Jobs with Crontab and

At

Lab 103 : Scheduling Jobs 25

Devops Foundation - Linux Systems and Network Administration

DATE & TIME ZONE

DATE - This command is used to get the information about Day, Current
Date,Time,Timezone,Year

• #date

• #date +%D -s YYYY-MM-DD - Changes the date of the system/server (#date +%D -s 2016-
04-01)

• #date +%T -s HH:MM:SS - Changes the time on the system/server(#date +%T -s 23:26:00
-u) where "-u" is used if your system clock is set to use UTC

Changing Time Zones

Time zones are used to set time on the servers according to your requirement. There are
many methods in practice to change the time zones. One of the easiest way of changing the
time zone is as follows -

.#date - Displays the date and current time and time zone and it is UTC currently

.#cd /etc/ - Navigate to the directory /etc

.#rm localtime - Remove the file named "localtime"

.#ls /usr/share/zoneinfo/Asia - Lists all the timezones available in Asia. If you list the folder
/usr/share/zoneinfo/, you can see all the Zones available. You can choose the timezone

accordingly

.#ln -s /usr/share/zoneinfo/Asia/Calcutta localtime - Link the Calcutta file from Asia directory
to file "localtime"

Localization - Date, Time, Locale 26

Devops Foundation - Linux Systems and Network Administration

.#date - Displays time from IST timezone and your timezone is changed

Localization - Date, Time, Locale 27

Devops Foundation - Linux Systems and Network Administration

Network Time Protocol(NTP)

The Network Time Protocol (NTP) enables the accurate settings of time and date
information in order to keep the time clocks on networked computer systems synchronized
to a common reference over the network or the Internet. It is protocol which is run over the
port "123" and uses UDP.

Below are the steps to configure NTP server on your local machine -

NTP Server actions

• #which ntpd - We will get know whether NTP package is installed on the machine and if
installed it will show the executable file path

• #yum install ntp - Installs the NTP package on your local machine

• #vi /etc/ntp.conf - Edit the configuration as per the requirement. I have removed server
3.centos.pool.ntp.org and added the loopback address,so that even if my Internet network
goes down, I can fetch the time my local network or the hardware clock from my machine.
Further, you need to allow clients from your networks to synchronize time with this server. To
accomplish this, add the following line to NTP configuration file, where restrict statement
controls, what network is allowed to query and sync time. REPLACE NETWORK IPs
ACCORDINGLY

chkconfig ntpd on - To make NTP daemon persistent even if the machine reboots, use
chkconfig

chkconfig --list | grep ntpd - Just to br sure that chkconfig is configured

service ntpd start - Start the ntpd service

system-config-firewall - Configure the firewall for port 123 which is used by ntp on the
NTP server/current server

NTP 28
Devops Foundation - Linux Systems and Network Administration

ntpstat - To check if the ntp service is up and running. From the image you can see
there is difference of 111ms which will reduce gradually to lower values. Another way to
cross check the service is by the command #ntpq -p which shows the pool of ntp
servers your server is connected to.

Client Server actions

Follow the steps 1 and 2 as mentioned above in the NTP server actions

vi /etc/ntp.conf - Enter the IP address of NTP server we have configured above, in the
ntp.conf file of Client server. Add "prefer" in the entry you make in the ntp.conf file to use
configured NTP server. Rest of the servers are used just as backup if your NTP server
goes down.

chkconfig ntpd on - To make NTP daemon persistent even if the machine reboots

ntpstat - With this you can see that your Client server is synchronised with your own
NTP server

NTP 29
Devops Foundation - Linux Systems and Network Administration

MySQL
1. Install MySQL Server
2. Examine the MySQL Configurations
3. Generate MySQL Server Configurations using Percona’s Tool.
4. Install and Configure MySQL Admin
5. Connect to MySQL Database
6. Create a database and Tables
7. Query Data - SELECT
8. Modify Data - UPDATE/ALTER
9. Backup MySQL Database

Apache
10. Install Apache Web Server with Default Virtual host
11. Examine Apache Configurations
12. Create Virtual Hosts
13. Add Redirect and Rewrite Rules with Apache
14. Configure SSL with Apache

PHP Application
15. Install PHP
16. Configure PHP with Apache
17. Install and setup Wordpress with Apache with MySQL Backend

Nginx
18. Install Nginx
19. Examine Nginx Configurations
20. Configure Nginx as Load Balancer/ Reverse Proxy
21. Configure SSL Certificate with Nginx

Tomcat
Web Stack Administration 30
Devops Foundation - Linux Systems and Network Administration

22. Install Java and prerequisites

23. Install Tomcat
24. Tomcat Configurations
25. Deploy a Sample Application with Tomcat

Web Stack Administration 31

Devops Foundation - Linux Systems and Network Administration

Install MySQL Server

Install mysql-server
sudo yum install mysql-server

Start mysqld service

sudo service mysqld start

Validate
sudo service mysqld status

[Expected Output: "Should be Running"]

install MYSQL Client

sudo yum install mysql

To set/reset set a root MySQL password

Guide to reset root password

Lab 201: Install MySQL Server and Client 32

Devops Foundation - Linux Systems and Network Administration

Reset MySQL Root Password (On MySQL

Version 5.7.6 and later)

Stop MySQL Service and Start it again with --

skip-grant-tables options
sudo service mysqld stop sudo mysqld_safe --skip-grant-tables &

Login to mysql server

mysql

From MySQL Prompt reset the password

FLUSH PRIVILEGES;

For MySQL 5.7.6 and later

ALTER USER 'root'@'localhost' IDENTIFIED BY 'password';

For MySQL 5.7.5 and earlier

SET PASSWORD FOR 'root'@'localhost' = PASSWORD('[password]');

d to logout

Restart MySQL Service

service mysqld stop service mysqld start

Validate

Lab 201-1: Reset MySQL Root Password 33

Devops Foundation - Linux Systems and Network Administration

mysql -u root -p [Enter Password and login ]

Lab 201-1: Reset MySQL Root Password 34

Devops Foundation - Linux Systems and Network Administration

Generate MySQL Configs using Percona

Wizard

Visit to Percona
site(https://tools.percona.com)
Percona Tools

Click on Create Your mysql Configuration

Create An account or sign in (if you already

have an account)

goto Dashboard and Click on configure a

new server

Lab 202: Generate MySQL Configs using Percona Wizard 35

Devops Foundation - Linux Systems and Network Administration

answer the question on configuration wizard

and click on next (you can leave some field
blank which are not mandatory)

after click on DONE you will get your mysql

configuration file

Lab 202: Generate MySQL Configs using Percona Wizard 36

Devops Foundation - Linux Systems and Network Administration

Lab 202: Generate MySQL Configs using Percona Wizard 37

Devops Foundation - Linux Systems and Network Administration

Install And Configure Apache

Install apache
sudo yum install httpd

Start httpd service

sudo service httpd start

direct your browser to your server’s IP address

Note :- if you are not able to access check firewall(iptables). Sudo service iptables
stop .

Create Virtual Hosts

1. create below directory

sudo mkdir -p /var/www/schoolofdevops

cd /var/www/schoolofdevops

Lab 203 : Install and Configure and attach ssl certicate to apache Jobs 38
Devops Foundation - Linux Systems and Network Administration

2. create index.html file and put below content

<h1> Welcome to School of Devops</h1>

3. create new virtual host file

sudo touch /etc/httpd/conf.d/schoolofdevops.conf

4. put below contenet in new virtual host file i.e.

schoolofdevops.conf

<VirtualHost *:80>
ServerAdmin root
ServerName schoolofdevops.org
ServerAlias www.schoolofdevops.org
DocumentRoot /var/www/schoolofdevops/
</VirtualHost>

5. restart httpd service

sudo service httpd restart

6. visit our new page (http://serverip)

attach ssl certificate to schoolofdevops site

1. create ssl certificate and store them in /etc/httpd/ssl
directory
follow this lab to create ssl certificate

2. install mod_ssl module

sudo yum install mod_ssl

3. add below contenet in

/etc/httpd/conf.d/schoolofdevops.conf file

Lab 203 : Install and Configure and attach ssl certicate to apache Jobs 39
Devops Foundation - Linux Systems and Network Administration

<VirtualHost *:443>
ServerAdmin root
ServerName schoolofdevops.org
ServerAlias www.schoolofdevops.org
DocumentRoot /var/www/schoolofdevops/
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
</VirtualHost>

4. visit our https page (https://serverip)

Click on Proceed to IP button to check your page

Lab 203 : Install and Configure and attach ssl certicate to apache Jobs 40
Devops Foundation - Linux Systems and Network Administration

Create and attach ssl certificate

Make directory for the certificate

sudo mkdir /etc/httpd/ssl
cd /etc/httpd/ssl

Create a server key and Certificate Signing

Request
Creating the private server key
sudo openssl genrsa -des3 -out server.key 1024

Note:- you will be asked to enter a specific passphrase. Be sure to note this
phrase carefully

creating a certificate signing request:

sudo openssl req -new -key server.key -out server.csr

"Common Name" :- Enter your official domain name here or, if you don't have one yet,
your site's IP address.

Lab 204 :Create self signed certificate 41

Devops Foundation - Linux Systems and Network Administration

Remove the passphrase

sudo cp server.key server.tmp
sudo openssl rsa -in server.tmp -out server.key

Note:- In the event that nginx crashes or needs to reboot, you will always have to
re-enter your passphrase to get your entire web server back online. So to avoid it
remove the passphrase

Sign you ssl certificate

sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Lab 204 :Create self signed certificate 42

Devops Foundation - Linux Systems and Network Administration

Install php

install php5 with mysql bindings

sudo yum install php php-mysql sudo service httpd restart

create info.php file and display it on browser

follow this lab to install apache if it is not installed
Install and configure apache

Create the info.php file and add below content.

sudo vi /var/www/schoolofdevops/info.php

check your info.php page by

http://youripaddress/info.php

Lab 205 : Install php5 43

Devops Foundation - Linux Systems and Network Administration

Install and setup Wordpress with Apache

with MySQL Backend

1. Install and configure apache (skip this step if

alreday installed)
follow this lab to install and configure apache

2. installed mysql-server
follow this lab to install and configure mysql

3. install php5
follow this link to install php5

4. Install and configure wordpress application

Download wordpress application

cd /var/www/html
wget http://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz
chown -r apache:apache wordpress
rm -rf latest.tar.gz

Create database wordpress with full access to user

wordpress
goto Mysq Shell
mysql -u root -p

create database for wordpress

CREATE DATABASE wordpress;

create user for wordpress

CREATE USER wordpress@localhost;

Lab 206 : Install and setup Wordpress with Apache with MySQL Backend 44
Devops Foundation - Linux Systems and Network Administration

set password for wordpress user

SET PASSWORD FOR wordpress@localhost= PASSWORD("password");

Grant PRIVILEGES to wordpress user for wordpress database.

GRANT ALL PRIVILEGES ON wordpress.* TO wordpress@localhost IDENTIFIED BY
'password';
FLUSH PRIVILEGES;
exit

Configure wordpress application

Note:- Overwrite the index.php file or reomve any old index.php file which we
have create before copying
sudo cp -r ./wordpress/* /var/www/schoolofdevops

Wordpress application require one php-module which is not present in your

server
php-gd
sudo yum install php-gd
yum info php-gd

Edit the wp-config.php file and put appropriate values of variable

vi /var/www/schoolofdevops/wp-config.php

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');

/** MySQL database username */

define('DB_USER', 'username_here');

/** MySQL database password */

define('DB_PASSWORD', 'password_here');

/** MySQL hostname */

define('DB_HOST', 'localhost');

sudo service httpd restart

check your wordpress application by visiting

(http://youripaddress)

Lab 206 : Install and setup Wordpress with Apache with MySQL Backend 45
Devops Foundation - Linux Systems and Network Administration

Lab 206 : Install and setup Wordpress with Apache with MySQL Backend 46
Devops Foundation - Linux Systems and Network Administration

CDatabase Backups and Restore

Backing up Wordpress using mysqldump

cd /opt
mysqldump -u [username] –p[password] [database_name] > [wordpress_backup.sql]

Test the Backup

On the DB Server

Login to MySQL and verify existing data

mysql -u root -p USE wordpress; SHOW TABLES; ```

From MySQL Prompt, Delete Wordpress Database

USE mysql
DROP DATABASE WORDPRESS;

[Output: Query OK, 12 rows affected (0.28 sec)]

Validate the wordpress database is deleted

mysql> SHOW DATABASES; +--------------------+ | Database | +--------------------+ |
information_schema | | mysql | | performance_schema | | sys | +--------------------+ 4 rows in
set (0.00 sec)

Restore
mysql -u root -p < /opt/wordpress_backup.sql

Validate Data Restore

mysql -u root -p USE wordpress; SHOW TABLES; ```

Lab 206-1 : Database Backup and Restore 47

Devops Foundation - Linux Systems and Network Administration

Scheduling Daily/Nightly Backups

Create a file wordpress_backup.sh and edit it

vi /root/wordpress_backup.sh

Write backup script for wordpress dump

#!/bin/bash
current_date=`date +%Y-%m-%d`
sudo mkdir -p ~/wordpress_backup
cd ~/wordpress_backup
sudo mysqldump -u root -ppassword wordpress > wrodpress_backup_${current_date}.sql

Schedule above script at 12:00 am daily

crontab -e

add below entry in crontab as follow

0 0 * * * /bin/bash /root/wordpress_backup.sh

Lab 206-1 : Database Backup and Restore 48

Devops Foundation - Linux Systems and Network Administration

Install and configure nginx as a reverse

proxy

1. we have to run apache in the backend and

nginx in the frontend so to run both in the one
server we need to change the port of apache.
Edit the httpd.conf file and find the below line and change the port number to 8080 sudo
vi /etc/httpd/conf/httpd.conf

Restart Apache and validate service httpd restart netstat -pan | grep 8080
[Output: tcp 0 0 :::8080 :::* LISTEN 10170/httpd]

2. Install nginx
sudo yum install nginx

3. Configure nginx for apache

Create a file wordpress.conf
vi /etc/nginx/conf.d/wordpress.conf

Add the below block of code

Lab 208 : Install and configure nginx as a reverse proxy 49

Devops Foundation - Linux Systems and Network Administration

server {
listen 80;
location / {
proxy_pass http://127.0.0.1:8080/; #add you IP of apche server
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

4. Do a configuration test
sudo service nginx configtest

5. Disable Default Host Config for Nginx

mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak

6. Reload the nginx config

sudo service nginx reload

7. visit the info.php page and check the variabe

value

Lab 208 : Install and configure nginx as a reverse proxy 50

Devops Foundation - Linux Systems and Network Administration

Lab 208 : Install and configure nginx as a reverse proxy 51

Devops Foundation - Linux Systems and Network Administration

Create and attach ssl certificate to nginx

1. create ssl certificate

Use this labe to create ssl certificate

2. edit the wordpress.conf file

(/etc/nginx/conf.d/wordpress.conf)
vi /etc/nginx/conf.d/wordpress.conf

3. Append the block of code below to existing

configurations
server {
listen 443;

ssl on;
ssl_certificate /etc/httpd/ssl/server.crt;
ssl_certificate_key /etc/httpd/ssl/server.key;

location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

Lab 209 : Create and attach ssl certificate to nginx 52

Devops Foundation - Linux Systems and Network Administration

Note:- if you are using 443 port on apache then change the port to something else like
listen 445

4. Visit the info.php (https://your-ip-

address/info.php)

Lab 209 : Create and attach ssl certificate to nginx 53

Devops Foundation - Linux Systems and Network Administration

Install and configure tomcat

1. install java
sudo yum install java-1.7.0-openjdk

2. install tomcat
sudo yum install tomcat

sudo yum install tomcat-webapps tomcat-admin-webapps

3. configure the tomcat

open tomcat.conf file
sudo vi /etc/tomcat/tomcat.conf

add the below JAVA_OPTS line

JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Xmx512m
-XX:MaxPermSize=256m -XX:+UseConcMarkSweepGC"

Put the appropriate value of JAVA_HOME

JAVA_HOME="/usr/lib/jvm/jre-1.7.0-openjdk.x86_64/"

Lab 207 : Install and configure tomcat 54

Devops Foundation - Linux Systems and Network Administration

4. Change the tomcat's default port from 8080

to 9090 (skip these step if you are not running
anything on port 8080)
Note:- default port on which tomcat run is 8080 but we are alresay running apache on
that port.

Open file server.xml

sudo vi /etc/tomcat/server.xml

find the below line

<Connector port="8080" protocol="HTTP/1.1"

Change the port from 8080 to 9090

<Connector port="9090" protocol="HTTP/1.1"

Lab 207 : Install and configure tomcat 55

Devops Foundation - Linux Systems and Network Administration

restart the tomcat service

sudo service tomcat restart

5. open the tomcat management console

http://serveripaddress:9090

6. Configure Tomcate Web Mangment Interface

open tomcat-users.xml file

sudo vi /opt/tomcat/conf/tomcat-users.xml

add the below line between <tomcat-

users>...</tomcat-users> (change the
username and password accordingly)

Lab 207 : Install and configure tomcat 56

Devops Foundation - Linux Systems and Network Administration

<user username="initcron" password="password" roles="manager-gui,admin-gui"/>

Restart the tomcat service

sudo service tomcat restart

Note:- now if you click on server setup or other option it you will have to pass the
above credential

7. setup sample application

Download sample application
wget https://tomcat.apache.org/tomcat-6.0-doc/appdev/sample/sample.war

move the sample application to

CATALINA_HOME/webapps directory
(/usr/share/tomcat/webapps)
Note:- you can see CATALINA_HOME variable value in /etc/tomcat/tomcat.conf
file
mv sample.war /usr/share/tomcat/webapps

Lab 207 : Install and configure tomcat 57

Devops Foundation - Linux Systems and Network Administration

visit sample apllication by http://ip-address:9090/sample

Lab 207 : Install and configure tomcat 58

Devops Foundation - Linux Systems and Network Administration

Placeholder

Networking 59
Devops Foundation - Linux Systems and Network Administration

placeholder

Network Utilities and Troubleshooting 60

Devops Foundation - Linux Systems and Network Administration

Lab

ping, ping6:-

send ICMP ECHO_REQUEST to network hosts. It is use to find connectivity between two
nodes. Ping uses ICMP protocol. ping6 is IPv6 version of ping, and can also send Node
Information Queries (RFC4620).

Usage:-
ping [-aAbBdDfhLnOqrRUvV] [-c count] [-F flowlabel] [-i interval] [-I interface] [-l preload] [-m
mark] [-M pmtudisc_option] [-N node‐info_option] [-w deadline] [-W timeout] [-p pattern] [-Q
tos] [-s pack‐ etsize] [-S sndbuf] [-t ttl] [-T timestamp option] [hop ...] destination

Options:-
1. ping IP_addr/domain_name
By default ping without any option uses to check network connection between two nodes by
sending & receiving packet to & from nodes.

2. ping –a IP_addr/domain_name
Ex. ping –a www.google.com

Audiable ping, it gives beep after every packet transmittion & reception.

Lab 401 : ping 61

Devops Foundation - Linux Systems and Network Administration

3. ping domain_name
Ex. ping www.google.com

Use to find out ip address of specified domain name.

4. ping [–i interval ] IP_addr/domain_name

Ex. ping –i 5 www.google.com

This is used to ping increase/decrese time interval, as mention in command. By default ping
takes 1sec interval to send packets but with this utility we can increase/decrease its time
interval.

5. ping [-c count] IP_addr/domain_name

Ex. ping –c 4 www.google.com

command cannot stop automatically we have to terminate it with CTRL+c. But with this utility
we can specify no. of packet count ping can send , once it done it stop automatically.

6. ping –f IP_addr/domain_name
Ex. ping –f www.google.com

Flood ping. here it send “.” For every ECHO_REQUEST & received backspace for every
ECHO_REPLY. So increases output, ping can send thousands of packets in few seconds.

7. ping [-l preload] IP_addr/domain_name

Ex.ping –l 4 www.google.com

If preload option is specified then ping sends that many packets only not waiting for reply.
Preload value more than 3 sudo privileges requires.

8. ping [-p pattern] IP_addr

Lab 401 : ping 62

Devops Foundation - Linux Systems and Network Administration

Ex. ping –p aa 127.0.0.1

You may specify up to 16 ``pad'' bytes to fill out the packet you send. This is useful for
diagnosing data-dependent problems in a network. For example, -p ff will cause the sent
packet to be filled with all ones.

9. Ping [-m mark] IP_addr

Ex. ping –m 10 127.0.0.1

This extends ping to send a packet out based on a given mark using -m option. Useful with
policy routing to take different paths to same destination.

10. ping –q IP_addr

Ex. ping –q 127.0.0.1

Ping specified with q option nothing print on screen when we terminate command it prints
only ping statistics summary.

11. ping [-s pack‐ etsize] IP_addr

Ex. ping –s 110 1270.0.01

Ping with s option , we can modify packet size of ping command. By default its range
between 56 to 100. Ping has header size is ‘28’ so packet bytes send by ping in total is =
ping packet size + ping header size.

Lab 401 : ping 63

Devops Foundation - Linux Systems and Network Administration

Here total byte send = 110 + 28 = 138

12. ping [-w deadline] IP_addr

Ex. ping –w 4 127.0.0.

Ping by default gives continuous output ,it cannot terminate itself , if we specify ‘w’ g with
time then ping will stop automatically after specified time interval given in command.

Time
=3998ms(@4sec)

13. ping –R IP_addr

Ex. ping –R 127.0.0.1

Lab 401 : ping 64

Devops Foundation - Linux Systems and Network Administration

Ping with option ‘R’ we can record & prints the network routes through which packets is sent
& received.

14. ping [-M pmtudisc_option] IP_addr

Ex .ping –M do 127.0.0.1

Select Path MTU Discovery strategy. Their are three parameter provided with MTU
discovery do/don’t/want. These are use along with packet size ,if packet size is greater than
maximum data payload depend on MTU parameter specified it takes decision to fragment
packet or not.

15. ping IP IP_addr IP_addr

Ex. ping 192.168.2.3 192.168.33.1 192.168.64.1

We can specify path to reach ping packet to destination address. But here its important if
any one path is not reachable then the ping fails to send packet to destination address.

16. Ping –D IP_addr

Ex . ping –D 127.0.0.1

It prints time stamp before each line in format (unix time + microseconds as in gettimeofday)

17. ping localhost/127.0.0.1/0

Lab 401 : ping 65

Devops Foundation - Linux Systems and Network Administration

These are the way we can ping to localhost.

18. ping –V
This show the the current version of ping on your machine.

Lab 401 : ping 66

Devops Foundation - Linux Systems and Network Administration

Lab

Tenlet:-
User interface to the TELNET protocol. telnet command belongs to DAPRA command set,
allow you to log on to remote machine. It is used for interactive communication with remote
host. When telnet command with host IP address hit on command line it open telnet
command prompt & require a password to login to another host machine. As long as we
logged in with remote machine your machine is act like dumb terminal it just provide
interface to logged in to remote machine.

With escape character there is facility we can switch between remote machine & local
machine .Default Escape character : " Ctrl + ] " Once you press this you can work with
your local machine just at start of every command you have to press exclamatory mark '!' .
we can end remote session with exit command after that we bacl to our local machine.

Telnet not secure - everything is sent in plain text be it over a local network or over the
Internet. So any one can hack your information including your password. It is old - text based
only, there are no graphics provided.

telnet is not in built functionality we have to install it from yum or apt repository.

Yum install telnet

Apt-get install telnet.

Usage:-
telnet [-468ELadr] [-S tos] [-b address] [-e escapechar] [-l user] [-n tracefile] [host [port]]

1. telnet IP_addr
ex. telnet 192.168.2.5

with this command your able to login to remote machine provided login infirmation &
password. your local machine provide a terminal to work on remote machine using telnet
command.

Lab 402 : telnet 67

Devops Foundation - Linux Systems and Network Administration

2. telnet -4/6 IP_addr

Force IPv4/IPv6 address resolution.

3. telnet -E IP_addr
it disables the escape character functionality.If ths functionality removes it is not possible to
swich between remote machine & local machine.

4. telnet -l [user_name] IP_addr

ex. telnet -l ashu 192.168.2.5

Lab 402 : telnet 68

Devops Foundation - Linux Systems and Network Administration

with this "-l" option we can login to remote host with specific user name which must me
present at remote machine. with this command it directly promt you for password as it
already have user name with it.

5. telnet -e [escapechar] IP_addr

with this we can change the default escape character with new one as you specifies in
command.

6. telnet -r IP-addr
Emulate rlogin(1). In this mode, the default escape character is a tilde. Also, the
interpretation of the escape character is changed: an escape character followed by a dot
causes telnet to disconnect from the remote host. A ^Z instead of a dot suspends telnet, and
a ^] (the default telnet escape character) generates a normal telnet prompt. These codes are
accepted only at the beginning of a line.

7. telnet IP_addr port [port_no]

By default telnet uses port 23. we can change port or service by this command as we want.

8. telnet -n tracefile IP_addr

It is used to record trace information in file we specified on command line. but to record trace
information it is neccesary to set trace file first.

Lab 402 : telnet 69

Devops Foundation - Linux Systems and Network Administration

Lab

Nmap :-
Nmap (“Network Mapper”) is an open source tool for network exploration and security
auditing. Namp determine what hosts are available on the network, what services offering by
host, what type of operating system running, type of firewall in use. It is useful uitility for
network & system administrators. The output from Nmap is a list of scanned targets, with
information on each depending on the options used. nmap command line tool to scan a
host / network, security scanning, finding open port. Nmap is available in package
repository of most of linux distributions. We have to install it.

apt-get install nmap

yum install nmap

options:-
1. nmap IP_addr.
Ex. nmap 192.168.2.8

Namp with IP address scan IP address & gives you information of services, open port, mac
address.

Lab 403 : nmap 70

Devops Foundation - Linux Systems and Network Administration

2. nmap domain_name
ex. nmap www.google.com

nmap scan server name & gives you IP address, list out services, open port information,
mac address.

3. nmap -v IP_addr/domain_name
Gives details information of remote host.verbose dispaly.

4. nmap IP_addr with wildcard character ‘*’

Ex. nmap 192.168.2.* or nmap 192.168.2.0/24

With the wildcard character enter we can scan entire IP address range & subnet. gives all
information of hosts which are up & down.

Lab 403 : nmap 71

Devops Foundation - Linux Systems and Network Administration

5. nmap IP_addr with last octet

Ex. nmap 216.58.197.93,125

With nmap we can scan multiple IP address just by specifying last octect as shown in
example.

6. nmap IP_addr range

Ex nmap 216.58.197.90-93

With nmap command we can scan IP address range as specified in above example.

Lab 403 : nmap 72

Devops Foundation - Linux Systems and Network Administration

7. nmap –A IP_addr
With option “A” menstion along with nmap it gives script scanning output, traceroute, OS
version of provided host

8. nmap -O IP_addr
[O =-osscan guess]

With option ‘O’ it gives OS information & its version of remote host.

9. nmap IP_addr wildcard[*] --exclude IP_addr

Ex. nmap 192.168.2.* --exclude 192.168.2.8

With this command as shown in example we can exclude the IP address from scanning as
we used wildcard character to scan all 256 host in last octect.

10. nmap example.txt**

Cat > example.txt

Localhost

192.168.2.2

192.168.22.1

With file menstion along with nmap command we can scan all the IP address server host
names included in that .

11. nmap -sA IP_addr/ domain_name

With this ‘s’ option along with nmap command we can determine is host is protected by
firewall.

Lab 403 : nmap 73

Devops Foundation - Linux Systems and Network Administration

12. nmap –PN IP_addr/domain_name

Nmap along with this option we can scap host protected by firewall.

13. nmap -sP IP_addr/subnet mask

Ex. nmap -sP 192.168.2.2/24

With this we can scan which host are up, it find only running hosts. Its like ping utility.

Lab 403 : nmap 74

Devops Foundation - Linux Systems and Network Administration

14. nmap -F IP_addr

To perform fast scan “-F” option is used.

15. nmap -r IP_addr

It is used to scan sequentially.

16. nmap –p IP_addr

Ex. nmap –p 80 192.168.2.2

nmap –p T:80 192.168.2.2

nmap –p U:54 192.168.2.2

nmap –p 80,22 192.168.2.2

nmap –p 80-443 192.168.2.2

with “-p” option we scan fot a specific port . we cam menstioned port no directly inside
command or we can also find along with port type AS TCP,UDP, multiple port also scan on
single command line

17. nmap –iflist

Lab 403 : nmap 75

Devops Foundation - Linux Systems and Network Administration

With this command we can find out network interfaces & route information. It is useful during
debugging.

18. nmap -V IP_addr

With “-V” option we can find out current install version of nmap on local machine.

19. nmap –sV IP_addr

Lab 403 : nmap 76

Devops Foundation - Linux Systems and Network Administration

if we combine it as “-sV” then we can find service versions running on host.

20. scanning using ping protocol:

• Ping by host discovery method(when ICMP protocol blocks) for TCP protocol:

Ex. nmap -PS 192.168.2.2

nmap -PS 80,21,443 ,22 192.168.1.2
nmap -PA 192.168.1.1
nmap -PA 80,21,200-512 192.168.2.8

• ping using IP protocol:

nmap –PO 192.168.2.2

• ping using UDP protocol:

nmap PU 192.168.2.

21. scan services using ports :

• scan for UDP services:

nmap -sU www.google.com

nmap -sU 192.168.1.1

• scan for TCP services:

Lab 403 : nmap 77

Devops Foundation - Linux Systems and Network Administration

nmap -sS 192.168.1.1 ( stealthy scan)

nmap -sT 192.168.1.1 (no stealth scan)

nmap -sA 192.168.1.1 (ACK scan)

nmap -sW 192.168.1.1 (window scan)

nmap -sM 192.168.1.1 (maimon scan)

• scan fot IP services:

namp -sO 192.168.2.1

• scan for firewall check:

nmap -sN 192.168.1.2

nmap -sF 192.168.1.5
nmap -sX 192.168.1.

22. we can save nmap output to a file using:

ex:-

nmap 192.168.1.5 > nmap_soutput.txt

nmap -oN /home/test/file_name 192.168.1.5

nmap -oN nmap_output.txt 192.168.1.5

Lab 403 : nmap 78

Devops Foundation - Linux Systems and Network Administration

Lab

Netstat:-
Print network connections, routing tables, interface statistics, masquerade connections, and
multicast memberships. It prints the information related to Linux networking subsystem. It
shows which ports are open & close, it is most useful command for network troubleshooting.
This command is useful for network administration & system administration people.

Option:-
1. netstat
netstat displays a list of open sockets. If you don't specify any address families, then the
active sockets of all configured address families it listed

Its output like that but much big in length so just pipe it with more so you can go thgough all
the list.

Lab 404 : netstat 79

Devops Foundation - Linux Systems and Network Administration

2. netstat –t
it shows list of programs which already have established TCP connection but, not those
which are waiting for TCP connection

3. netstat –a

it shows list of listening & non listening sockets.

4. netstat –at
it list out all the programs which are listening & established TCP connection only.

5. netstat –u
it list out all the programs which have already established UDP connection only not listening
one.

Right now i don’t have any established UDP connection on my machine.

6. netstat –au

Lab 404 : netstat 80

Devops Foundation - Linux Systems and Network Administration

it list out all the programs which are listening & established UDP connection only.

7. netstat –l
it shows all listening sockets.(whose which are omitted by default)

8. netstat -s
Display summary statistics for each protocol. Default protocol list are TCP,UDP,ICMP & IP.

9. netstat –r
Dispaly kernel IP routing table.

10. netstat –i

Lab 404 : netstat 81

Devops Foundation - Linux Systems and Network Administration

Display kernel interface table. It shows network interface packet usage with MTU size.

11. netstat –c
It print the netstat information continuously. If we menstion no along with then it print after
that much duration of time

12. netstat –p
IT shows the list of services with their PID no which uses network sockets.

13. netstat –pa | grep ssh

It displays the which programs are listening on specified port.

14. netstat –g
It displays the multicast gropup membership information for IPv4/IPv6

Lab 404 : netstat 82

Devops Foundation - Linux Systems and Network Administration

15. netstat –F
Print routing information from the FIB. (This is the default.)

16. netstat –n
Show numerical addresses instead of trying to determine symbolic host, port or user names.

17. Netstat –M
Display a list of masqueraded connections.

18. netstat –V
shows the current version of netstat on system.

Lab 404 : netstat 83

Devops Foundation - Linux Systems and Network Administration

Lab

Traceroute:-
Print the route packets trace to network host.

It provides information number of routes presents between source to destination. It is

important command to understand network flow. It takes maimum 30 hops to traceoute
route,it does not means that their is only 30 routers/intermediate routers , it estimated &
takes only main ISP & forwared information.

Usage:-

traceroute [-46dFITUnreAV] [-f first_ttl] [-g gate,...]

[-i device] [-m max_ttl] [-p port] [-s src_addr]
[-q nqueries] [-N squeries] [-t tos]
[-l flow_label] [-w waittime] [-z sendwait] [-UL] [-D]
[-P proto] [--sport=port] [-M method] [-O mod_options]
[--mtu] [--back]
host [packet_len]
traceroute6 [options]
tcptraceroute [options]
lft [options]

Options:-
1. traceroute domain_name/IP_addr
ex. traceroute www.google.com

It gives the route information to reach destination address. Maximum 30 hops are their whin
that limit only it provide route information. If we get asterisks * signs its because some ICMP
packets block by firewall or not respond in timely manner.(here its because i use virtualbox).

Lab 405 : traceroute 84

Devops Foundation - Linux Systems and Network Administration

same command i run on my local machine it gives me full path as shown below:-

2. tracerout –mtu domain_name/IP_addr

ex. traceroute --mtu www.google.com

Lab 405 : traceroute 85

Devops Foundation - Linux Systems and Network Administration

It gives information of mtu(maximum trasmistion unit) for hop, if firewall settings not blocking
it. In the form of F=number.

3. traceroute –V
It tells the version traceroute used on your local machine.

4. traceroute –m count domain_name/IP_addr

ex. traceroute -m count 3 www.google.com

We know maximunm hop count is 30 we can limit that with this command with option m &
providing count along with it,so it only show that no of hops. It count from starting
incremental manner.

as shown below it just look upto first 3 hosts.(its virtual machine so its unable to dermine
path)

same output on my local machine (as its windows so "-h" oprion used with traceoute)

5. traceroute –n domain_name/IP_addr
ex. traceroute -n www.google.com

With –n option it eliminates FKDN only shows ip address, only shows output in numerical
form.

Lab 405 : traceroute 86

Devops Foundation - Linux Systems and Network Administration

as its output on windows machine "d" option i used , as shown below its just show IP

address No FKDN .

6. traceroute -4 /-6 domain_name

ex.traceroute -4 www.google.com

traceroute -6 www.google.com

Explicitly force to use IPv4 or IPv6 addressing scheme for tracerouting. By default it
automatically choose protocol & resolve name.

7. traceroute -I domain_name/IP_addr
ex. traceroute -I www.google.com

It forces to choose ICMP_ECHO method for tracerouting.

8. traceroute -T domain_name/IP_addr
ex. traceroute -T www.google.com

It forces to choose TCP_SYN method for tracerouting.

9. traceroute -q domain_name/IP_addr
ex. traceroute -q www.google.com

Lab 405 : traceroute 87

Devops Foundation - Linux Systems and Network Administration

option '-q' allows to change number of retries (default is 3).

10. traceroute domain_name/IP_addr packet_len

ex. traceroute www.google.com 80 It is use to modify original packet length using this
command.

length of treaceroute packet here is 60 byte.as you can see below:

modified lenth of packet:

11. traceroute –F domain_name/IP_addr

ex. traceroute -F www,google.com

It means do not fragments or splits the original probes packet.

12. traceroute –f [first_ttl] domain_name/IP_addr

ex. traceroute -f 4 www.google.com

It specifies from which ttl to start routing , by default it start from 1.

13. traceroute -g [gateway] domain_name/IP_addr

Tells traceroute to add an IP source routing option to the outgoing packet that tells the
network to route the packet through the specified gateway (most routers have disabled
source routing for security reasons).

Lab 405 : traceroute 88

Devops Foundation - Linux Systems and Network Administration

14. traceroute –i [interface] domain_name/IP_addr

We can mention interface so that from which interface traceroute should send packets. By
default it is selected according to routing table.

15. traceroute [–N squeries] domain_name/IP_addr

With this we can specify maximum no. of prob packets send simultaneously. Maximum vaue
is 16. But if we incease size their is chances of packet get lost. Same side it is speed up
response

16. traceroute [-s source_addr] domain_name/IP_addr

With this we can choose alternative souce address from interfaces, default outgoing
interface address used.

17. traceroute [-p port] domain_name/IP_addr

Used for UDP port

18. traceroute [-w timeout_time] domain_addr/IP_addr

It is used to set time to respond for each probe . by default it is 3 sec.

Lab 405 : traceroute 89

Devops Foundation - Linux Systems and Network Administration

Lab

Tcptraceroute:-
Is a traceroute implementation using TCP packets. Normal traceroute command uses
ICMP or UDP protocol ECHO packet with TTL. But now a days most modern machine has
firewall configured which blocks the ICMP & UDP protocol , so its not possible to trace out
destination path. However firewall allowes inbound TCP packets , so with tcptraceroute
utility it is possible to trace destination path.

It is worth noting that tcptraceroute never completely establishes a TCP connection with the
destination host. If the host is not listening for incoming connections, it will respond with an
RST indicating that the port is closed. If the host instead responds with a SYN|ACK, the port
is known to be open, and an RST is sent by the kernel tcptraceroute is running on to tear
down the connection without completing three-way handshake. This is the same half-open
scanning technique.

Usage:-
tcptraceroute [-nNFSAE] [-i ] [-f ] [-l ] [-q ] [-t ] [-m ] [-pP] ] [-s ] [-w ] [destination port] [packet
length]

Options:-
1. tcptreaceroute IP_addr/domain_server
ex. tcptraceroute www.google.com

It gives the route information to reach destination address using TCP packets.

2. tcptraceroute -n IP_addr/domain_name

Lab 406 : tcptraceroute 90

Devops Foundation - Linux Systems and Network Administration

ex. tcptraceroute -n www.google.com

It gives information in numerical form it dont display FQDN information associated with
hosts.

3. tcptraceroute –f [first_ttl] domain_name/IP_addr

ex. tcptraceroute -f 4 www.google.com

It specifies from which ttl to start routing , by default it start from 1.

4. tcptraceroute -s [source_addr] domain_name/IP_addr

ex. tcptraceroute -s 192.168.2.5 www.google.com

we can set source address from which packets send to destination address to trace route
from.

5. tcptraceroute –m count domain_name/IP_addr

ex. tcptraceroute -m count 3 www.google.com

We know maximunm hop count is 30 we can limit that with this command with option m &
providing count along with it,so it only show that no of hops. It count from starting
incremental manner.

6. tcptraceroute –i [interface] domain_name/IP_addr

We can mention interface so that from which interface tcptraceroute should send packets.
By default it is selected according to routing table.

7. tcptraceroute [-w timeout_time] domain_addr/IP_addr

Lab 406 : tcptraceroute 91

Devops Foundation - Linux Systems and Network Administration

It is used to set time to respond for each probe . By default it is 3 sec.

8. tcptraceroute –F domain_name/IP_addr
ex. tcptraceroute -F www,google.com

It means do not fragments or splits the original probes packet.

9. tcptraceroute domain_name/IP_addr
ex. tcptraceroute www.google.com 110

Set the total packet length to be used in outgoing packets. If the length is greater than the
minimum size required to assemble the necessary probe packet headers, this value is
automatically increased.

10. tcptraceroute -S domain_name/IP_addr

Set the TCP SYN flag in outgoing packets. This is the default, if neither -S or -A is specified.

11. tcptraceroute -A domain_name/IP_addr

Set the TCP ACK flag in outgoing packets. By doing so, it is possible to trace through
stateless firewalls which permit out‐ going TCP connections.

12. tcptraceroute -E domain_name/IP_addr

Send ECN SYN packets, as described in RFC2481.

Lab 406 : tcptraceroute 92

Devops Foundation - Linux Systems and Network Administration

Lab

Whois:-
client for the whois directory service. it provide owner,technical contact of virtually any public
domain name. whois is protocol use for searching server of specified object. whois searches
for an object in a RFC 3912 database.If no guess can made then it will connect to
whois.networksolutions.com for NIC handles or whois.arin.net for IPv4 addresses and
network names.

Usage:-
whois [OPTION]... OBJECT..[-h host] [-p port] [-alLMmcxbBGdKrR] [-i ATTR] [-T type]

Options:-
1. whois domain_name/IP_addr
ex. whois ubuntu.com

Lab 407 : whois 93

Devops Foundation - Linux Systems and Network Administration

It gives register domain information owner ,technical contacts.

2. whois --version
Gives version information.

3. whois [-p port] domain_name

This command allow to used specified port as menstion in command.By default it uses port
43.

Lab 407 : whois 94

Devops Foundation - Linux Systems and Network Administration

4. whois –v domain_name
Verbose display. It display output in detailed manner , what is being done.

5. whois –H domain_name
It use to hide legal disclaimers information.

6. whois --help
Use for online help.

Lab 407 : whois 95

Devops Foundation - Linux Systems and Network Administration

Reading List
Command Line Fu: http://www.commandlinefu.com/commands/browse
Command Line Cookbook: https://www.gitbook.com/book/minhhh/command-line-
cookbook
Ops School : http://www.opsschool.org/en/latest/
The Linux Cookbook : http://dsl.org/cookbook/cookbook_toc.html
Kernel and Systems Programming: https://www.gitbook.com/book/0xax/linux-
insides/details

References 96