LINUX BOOT PROCESS &

INTERVIEW QUESTIONS
Boot Process

BIOS -> MBR -> Grub -> Kernel -> Init (it process, /etc/inittab -> starts /etc/rc.sysinit and /etc/rcX.d ).

1. BIOS

BIOS stands for Basic Input/Output System

Performs some system integrity checks

Searches, loads, and executes the boot loader program.

It looks for boot loader in floppy, cd-rom, or hard drive. You can press a key (typically F12 of F2, but it
depends on your system) during the BIOS startup to change the boot sequence.

Once the boot loader program is detected and loaded into the memory, BIOS gives the control to it.

So, in simple terms BIOS loads and executes the MBR boot loader.

2. MBR

MBR stands for Master Boot Record.

It is located in the 1st sector of the bootable disk. Typically /dev/hda, or /dev/sda

MBR is less than 512 bytes in size. This has three components 1) primary boot loader info in 1st 446
bytes 2) partition table info in next 64 bytes 3) mbr validation check in last 2 bytes.

It contains information about GRUB (or LILO in old systems).

So, in simple terms MBR loads and executes the GRUB boot loader.

3. GRUB

GRUB stands for Grand Unified Bootloader.

If you have multiple kernel images installed on your system, you can choose which one to be executed.

GRUB displays a splash screen, waits for few seconds, if you don’t enter anything, it loads the default
kernel image as specified in the grub configuration file.

GRUB has the knowledge of the filesystem (the older Linux loader LILO didn’t understand filesystem).

Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to this). The following is sample
grub.conf of CentOS.

#boot=/dev/sda

default=0
timeout=5

splashimage=(hd0,0)/boot/grub/splash.xpm.gz

hiddenmenu

title CentOS (2.6.18-194.el5PAE)

root (hd0,0)

kernel /boot/vmlinuz-2.6.18-194.el5PAE ro root=LABEL=/

initrd /boot/initrd-2.6.18-194.el5PAE.img

As you notice from the above info, it contains kernel and initrd image.

So, in simple terms GRUB just loads and executes Kernel and initrd images.

4. Kernel

Mounts the root file system as specified in the “root=” in grub.conf

Kernel executes the /sbin/init program

Since init was the 1st program to be executed by Linux Kernel, it has the process id (PID) of 1. Do a ‘ps
-ef | grep init’ and check the pid.

initrd stands for Initial RAM Disk.

initrd is used by kernel as temporary root file system until kernel is booted and the real root file system
is mounted. It also contains necessary drivers compiled inside, which helps it to access the hard drive
partitions, and other hardware.

5. Init

Looks at the /etc/inittab file to decide the Linux run level.

Following are the available run levels

0 – halt

1 – Single user mode

2 – Multiuser, without NFS

3 – Full multiuser mode

4 – unused

5 – X11

6 – reboot

Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program.

Execute ‘grep initdefault /etc/inittab’ on your system to identify the default run level
If you want to get into trouble, you can set the default run level to 0 or 6. Since you know what 0 and 6
means, probably you might not do that.

Typically you would set the default run level to either 3 or 5.

6. Runlevel programs

When the Linux system is booting up, you might see various services getting started. For example, it
might say “starting sendmail …. OK”. Those are the runlevel programs, executed from the run level
directory as defined by your run level.

Depending on your default init level setting, the system will execute the programs from one of the
following directories.

Run level 0 – /etc/rc.d/rc0.d/

Run level 1 – /etc/rc.d/rc1.d/

Run level 2 – /etc/rc.d/rc2.d/

Run level 3 – /etc/rc.d/rc3.d/

Run level 4 – /etc/rc.d/rc4.d/

Run level 5 – /etc/rc.d/rc5.d/

Run level 6 – /etc/rc.d/rc6.d/

Please note that there are also symbolic links available for these directory under /etc directly. So,
/etc/rc0.d is linked to /etc/rc.d/rc0.d.

Under the /etc/rc.d/rc*.d/ directories, you would see programs that start with S and K.

Programs starts with S are used during startup. S for startup.

Programs starts with K are used during shutdown. K for kill.

There are numbers right next to S and K in the program names. Those are the sequence number in
which the programs should be started or killed.

For example, S12syslog is to start the syslog deamon, which has the sequence number of 12.
S80sendmail is to start the sendmail daemon, which has the sequence number of 80. So, syslog program
will be started before sendmail.

Interview questions on booting process. 1.) Explain booting process ? 2) How do you recover grub ? 3)
How to crack grub password ? 4) I want to run one prog which is not part of kernel default file; where i
can edit it? 5) Default location of grub file and contents of it.

COE UnixLinux interview questions & answers.

1. Who owns the data dictionary?

-> The SYS user owns the data dictionary. The SYS and SYSTEM users are created when the database is
created.

2. You routinely compress old log files. You now need to examine a log from two months ago. In order to
view its contents without first having to decompress it ?

zcat -> The zcat utility allows you to examine the contents of a compressed file much the same way that
cat displays a file.

3. You suspect that you have two commands with the same name as the command is not producing the
expected results. What command can you use to determine the location of the command being run?

which -> The which command searches your path until it finds a command that matches the command
you are looking for and displays its full path.

4. You locate a command in the /bin directory but do not know what it does. What command can you
use to determine its purpose.

whatis ->The whatis command displays a summary line from the man page for the specified command.

5. When you issue the command ls -l, the first character of the resulting display represents the file’s?

type ->The first character of the permission block designates the type of file that is being displayed.

6. What utility can you use to show a dynamic listing of running processes? top -> The top utility shows
a listing of all running processes that is dynamically updated.

7. Where is standard output usually directed? -> to the screen or display.

8. What daemon is responsible for tracking events on your system? syslogd ->The syslogd daemon is
responsible for tracking system information and saving it to specified log files.

9. You have a file called phonenos that is almost 4,000 lines long. What text filter can you use to split it
into four pieces each 1,000 lines long? split ->The split text filter will divide files into equally
sized pieces. The default length of each piece is 1,000 lines.

10. You would like to temporarily change your command line editor to be vi. What command should you
type to change it? set -o vi ->The set command is used to assign
environment variables. In this case, you are instructing your shell to assign vi as your command line
editor. However, once you log off and log back in you will return to the previously defined command line
editor.

11. What account is created when you install Linux? root ->Whenever you
install Linux, only one user account is created. This is the superuser account also known as root.

12. What command should you use to check the number of files and disk space used and each user’s
defined quotas? repquota ->The repquota command is used to get a
report on the status of the quotas you have set including the amount of allocated space and amount of
used space.
13. In order to run fsck on the root partition, the root partition must be mounted as ?
readonly ->You cannot run fsck on a partition that is mounted as read-write.

14. In order to improve your system’s security you decide to implement shadow passwords. What
command should you use? pwconv ->The pwconv command creates the file
/etc/shadow and changes all passwords to ‘x’ in the /etc/passwd file.

15. The top utility can be used to change the priority of a running process? Another utility that can also
be used to change priority is ___________? nice ->Both the top and nice utilities provide the capability
to change the priority of a running process.

16. What file defines the levels of messages written to system log files? kernel.h ->To determine the
various levels of messages that are defined on your system, examine the kernel.h file.

17. What can you type at a command line to determine which shell you are using?
echo $SHELL ->The name and path to the shell you are using is saved to the SHELL environment variable.
You can then use the echo command to print out the value of any variable by preceding the variable’s
name with $. Therefore, typing echo $SHELL will display the name of your shell.

18. When you create a new partition, you need to designate its size by defining the starting and ending ?
cylinders ->When creating a new partition you must first specify its starting cylinder. You can then either
specify its size or the ending cylinder.

19. How are devices represented in UNIX ? –> All devices are represented by files called special files that
are located in/dev directory. Thus, device files and other files are named and accessed in the same way.
A ‘regular file’ is just an ordinary data file in the disk. A ‘block special file’ represents a device with
characteristics similar to a disk (data transfer in terms of blocks). A ‘character special file’ represents a
device with characteristics similar to a keyboard (data transfer is by stream of bits in sequential order).

20. What is ‘inode’? –>All UNIX files have its description stored in a structure called ‘inode’. The inode
contains info about the file-size, its location, time of last access, time of last modification, permission
and so on. Directories are also represented as files and have an associated inode. In addition to
descriptions about the file, the inode contains pointers to the data blocks of the file. If the file is large,
inode has indirect pointer to a block of pointers to additional data blocks (this further aggregates for
larger files). A block is typically 8k. Inode consists of the following fields: File owner identifier File type
File access permissions File access times Number of links File size Location of the file data

21. Brief about the directory representation in UNIX ? –>A Unix directory is a file containing a
correspondence between filenames and inodes. A directory is a special file that the kernel maintains.
Only kernel modifies directories, but processes can read directories. The contents of a directory are a list
of filename and inode number pairs. When new directories are created, kernel makes two entries
named ‘.’ (refers to the directory itself) and ‘..’ (refers to parent directory). System call for creating
directory is mkdir (pathname, mode).

22. What are the Unix system calls for I/O? –> open(pathname,flag,mode) – open file
creat(pathname,mode) – create file close(filedes) – close an open file read(filedes,buffer,bytes) – read
data from an open file write(filedes,buffer,bytes) – write data to an open file lseek(filedes,offset,from) –
position an open file dup(filedes) – duplicate an existing file descriptor dup2(oldfd,newfd) – duplicate to
a desired file descriptor fcntl(filedes,cmd,arg) – change properties of an open file
ioctl(filedes,request,arg) – change the behaviour of an open file The difference between fcntl anf ioctl is
that the former is intended for any open file, while the latter is for device-specific operations.

23. How do you change File Access Permissions? –>Every file has following attributes: owner’s user ID
( 16 bit integer ) owner’s group ID ( 16 bit integer ) File access mode word ‘r w x -r w x- r w x’ (user
permission-group permission-others permission) r-read, w-write, x-execute To change the access mode,
we use chmod(filename,mode). Example 1: To change mode of myfile to ‘rw-rw-r–‘ (ie. read, write
permission for user – read,write permission for group – only read permission for others) we give the
args as: chmod(myfile,0664) . Each operation is represented by discrete values ‘r’ is 4 ‘w’ is 2 ‘x’ is 1
Therefore, for ‘rw’ the value is 6(4+2). Example 2: To change mode of myfile to ‘rwxr–r–‘ we give the
args as: chmod(myfile,0744).

24. What are links and symbolic links in UNIX file system? —>A link is a second name (not a file) for a
file. Links can be used to assign more than one name to a file, but cannot be used to assign a directory
more than one name or link filenames on different computers. Symbolic link ‘is’ a file that only contains
the name of another file.Operation on the symbolic link is directed to the file pointed by the it.Both the
limitations of links are eliminated in symbolic links. Commands for linking files are: Link ln filename1
filename2 Symbolic link ln -s filename1 filename2

25. What is a FIFO? –> FIFO are otherwise called as ‘named pipes’. FIFO (first-in-first-out) is a special file
which is said to be data transient. Once data is read from named pipe, it cannot be read again. Also, data
can be read only in the order written. It is used in interprocess communication where a process writes to
one end of the pipe (producer) and the other reads from the other end (consumer).

26. How do you create special files like named pipes and device files? –> The system call mknod creates
special files in the following sequence. 1. kernel assigns new inode, 2. sets the file type to indicate that
the file is a pipe, directory or special file, 3. If it is a device file, it makes the other entries like major,
minor device numbers. For example: If the device is a disk, major device number refers to the disk
controller and minor device number is the disk.

27. Discuss the mount and unmount system calls The privileged mount system call is used to attach a file
system to a directory of another file system; the unmount system call detaches a file system. When you
mount another file system on to your directory, you are essentially splicing one directory tree onto a
branch in another directory tree. The first argument to mount call is the mount point, that is , a
directory in the current file naming system. The second argument is the file system to mount to that
point. When you insert a cdrom to your unix system’s drive, the file system in the cdrom automatically
mounts to /dev/cdrom in your system.

28. How does the inode map to data block of a file? Inode has 13 block addresses. The first 10 are direct
block addresses of the first 10 data blocks in the file. The 11th address points to a one-level index block.
The 12th address points to a two-level (double in-direction) index block. The 13th address points to a
three-level(triple in-direction)index block. This provides a very large maximum file size with efficient
access to large files, but also small files are accessed directly in one disk read.

29. What is a shell? A shell is an interactive user interface to an operating system services that allows an
user to enter commands as character strings or through a graphical user interface. The shell converts
them to system calls to the OS or forks off a process to execute the command. System call results and
other information from the OS are presented to the user through an interactive interface. Commonly
used shells are sh,csh,ks etc.

30. Brief about the initial process sequence while the system boots up. While booting, special process
called the ‘swapper’ or ‘scheduler’ is created with Process-ID 0. The swapper manages memory
allocation for processes and influences CPU allocation. The swapper inturn creates 3 children: the
process dispatcher, vhand and dbflush with IDs 1,2 and 3 respectively. This is done by executing the
file /etc/init. Process dispatcher gives birth to the shell. Unix keeps track of all the processes in an
internal data structure called the Process Table (listing command is ps -el).

31. What are various IDs associated with a process? Unix identifies each process with a unique integer
called ProcessID. The process that executes the request for creation of a process is called the ‘parent
process’ whose PID is ‘Parent Process ID’. Every process is associated with a particular user called the
‘owner’ who has privileges over the process. The identification for the user is ‘UserID’. Owner is the user
who executes the process. Process also has ‘Effective User ID’ which determines the access privileges for
accessing resources like files. getpid() -process id getppid() -parent process id getuid() -user id geteuid()
-effective user id

32. Explain fork() system call. The `fork()’ used to create a new process from an existing process. The
new process is called the child process, and the existing process is called the parent. We can tell which is
which by checking the return value from `fork()’. The parent gets the child’s pid returned to him, but the
child gets 0 returned to him.

33. Predict the output of the following program code

34. 35. main() { fork(); printf(“Hello World!”); } Answer: Hello World!Hello World! Explanation: The fork
creates a child that is a duplicate of the parent process. The child begins from the fork().All the
statements after the call to fork() will be executed twice.(once by the parent process and other by child).
The statement before fork() is executed only by the parent process.

36. Predict the output of the following program code main() { fork(); fork(); fork(); printf(“Hello World!”);
} Answer: “Hello World” will be printed 8 times. Explanation: 2^n times where n is the number of calls to
fork()

37. List the system calls used for process management: System calls Description fork() To create a new
process exec() To execute a new program in a process wait() To wait until a created process completes
its execution exit() To exit from a process execution getpid() To get a process identifier of the current
process getppid() To get parent process identifier nice() To bias the existing priority of a process brk() To
increase/decrease the data segment size of a process

38. How can you get/set an environment variable from a program?: Getting the value of an environment
variable is done by using `getenv()’. Setting the value of an environment variable is done by using
`putenv()’.

39. How can a parent and child process communicate? A parent and child can communicate through any
of the normal inter-process communication schemes (pipes, sockets, message queues, shared memory),
but also have some special ways to communicate that take advantage of their relationship as a parent
and child. One of the most obvious is that the parent can get the exit status of the child.

40. What is a zombie? When a program forks and the child finishes before the parent, the kernel still
keeps some of its information about the child in case the parent might need it – for example, the parent
may need to check the child’s exit status. To be able to get this information, the parent calls `wait()’; In
the interval between the child terminating and the parent calling `wait()’, the child is said to be a
`zombie’ (If you do `ps’, the child will have a `Z’ in its status field to indicate this.)

41. What are the process states in Unix? As a process executes it changes state according to its
circumstances. Unix processes have the following states: Running : The process is either running or it is
ready to run . Waiting : The process is waiting for an event or for a resource. Stopped : The process has
been stopped, usually by receiving a signal. Zombie : The process is dead but have not been removed
from the process table.

42. What Happens when you execute a program? When you execute a program on your UNIX system,
the system creates a special environment for that program. This environment contains everything
needed for the system to run the program as if no other program were running on the system. Each
process has process context, which is everything that is unique about the state of the program you are
currently running. Every time you execute a program the UNIX system does a fork, which performs a
series of operations to create a process context and then execute your program in that context. The
steps include the following: Allocate a slot in the process table, a list of currently running programs kept
by UNIX. Assign a unique process identifier (PID) to the process. iCopy the context of the parent, the
process that requested the spawning of the new process. Return the new PID to the parent process. This
enables the parent process to examine or control the process directly. After the fork is complete, UNIX
runs your program.

43. What Happens when you execute a command? When you enter ‘ls’ command to look at the
contents of your current working directory, UNIX does a series of things to create an environment for ls
and the run it: The shell has UNIX perform a fork. This creates a new process that the shell will use to
run the ls program. The shell has UNIX perform an exec of the ls program. This replaces the shell
program and data with the program and data for ls and then starts running that new program. The ls
program is loaded into the new process context, replacing the text and data of the shell. The ls program
performs its task, listing the contents of the current directory.

44. What is a Daemon? A daemon is a process that detaches itself from the terminal and runs,
disconnected, in the background, waiting for requests and responding to them. It can also be defined as
the background process that does not belong to a terminal session. Many system functions are
commonly performed by daemons, including the sendmail daemon, which handles mail, and the NNTP
daemon, which handles USENET news. Many other daemons may exist. Some of the most common
daemons are: init: Takes over the basic running of the system when the kernel has finished the boot
process. inetd: Responsible for starting network services that do not have their own stand-alone
daemons. For example, inetd usually takes care of incoming rlogin, telnet, and ftp connections. cron:
Responsible for running repetitive tasks on a regular schedule.
45. What is ‘ps’ command for? The ps command prints the process status for some or all of the running
processes. The information given are the process identification number (PID),the amount of time that
the process has taken to execute so far etc.

46. How would you kill a process? The kill command takes the PID as one argument; this identifies which
process to terminate. The PID of a process can be got using ‘ps’ command.

47. What is an advantage of executing a process in background? The most common reason to put a
process in the background is to allow you to do something else interactively without waiting for the
process to complete. At the end of the command you add the special background symbol, &. This
symbol tells your shell to execute the given command in the background. Example: cp *.* ../backup& (cp
is for copy)

48. How do you execute one program from within another? The system calls used for low-level process
creation are execlp() and execvp(). The execlp call overlays the existing program with the new one , runs
that and exits. The original program gets back control only when an error occurs.
execlp(path,file_name,arguments..); //last argument must be NULL A variant of execlp called execvp is
used when the number of arguments is not known in advance. execvp(path,argument_array);
//argument array should be terminated by NULL

49. What is IPC? What are the various schemes available? The term IPC (Inter-Process Communication)
describes various ways by which different process running on some operating system communicate
between each other. Various schemes available are as follows: Pipes: One-way communication scheme
through which different process can communicate. The problem is that the two processes should have a
common ancestor (parent-child relationship). However this problem was fixed with the introduction of
named-pipes (FIFO). Message Queues : Message queues can be used between related and unrelated
processes running on a machine. Shared Memory: This is the fastest of all IPC schemes. The memory to
be shared is mapped into the address space of the processes (that are sharing). The speed achieved is
attributed to the fact that there is no kernel involvement. But this scheme needs synchronization.
Various forms of synchronisation are mutexes, condition-variables, read-write locks, record-locks, and
semaphores.

50. What is the difference between Swapping and Paging? Swapping: Whole process is moved from the
swap device to the main memory for execution. Process size must be less than or equal to the available
main memory. It is easier to implementation and overhead to the system. Swapping systems does not
handle the memory more flexibly as compared to the paging systems. Paging: Only the required
memory pages are moved to main memory from the swap device for execution. Process size does not
matter. Gives the concept of the virtual memory. It provides greater flexibility in mapping the virtual
address space into the physical memory of the machine. Allows more number of processes to fit in the
main memory simultaneously. Allows the greater process size than the available physical memory.
Demand paging systems handle the memory more flexibly.

51. What is major difference between the Historic Unix and the new BSD release of Unix System V in
terms of Memory Management? Historic Unix uses Swapping – entire process is transferred to the main
memory from the swap device, whereas the Unix System V uses Demand Paging – only the part of the
process is moved to the main memory. Historic Unix uses one Swap Device and Unix System V allow
multiple Swap Devices.
52. What is the main goal of the Memory Management? It decides which process should reside in the
main memory, Manages the parts of the virtual address space of a process which is non-core resident,
Monitors the available main memory and periodically write the processes into the swap device to
provide more processes fit in the main memory simultaneously.

53. What is a Map? A Map is an Array, which contains the addresses of the free space in the swap device
that are allocatable resources, and the number of the resource units available there. This allows First-Fit
allocation of contiguous blocks of a resource. Initially the Map contains one entry – address (block offset
from the starting of the swap area) and the total number of resources. Kernel treats each unit of Map as
a group of disk blocks. On the allocation and freeing of the resources Kernel updates the Map for
accurate information.

54. What scheme does the Kernel in Unix System V follow while choosing a swap device among the
multiple swap devices? Kernel follows Round Robin scheme choosing a swap device among the multiple
swap devices in Unix System V.

55. What is a Region? A Region is a continuous area of a process’s address space (such as text, data and
stack). The kernel in a ‘Region Table’ that is local to the process maintains region. Regions are sharable
among the process.

56. What are the events done by the Kernel after a process is being swapped out from the main
memory? When Kernel swaps the process out of the primary memory, it performs the following: Kernel
decrements the Reference Count of each region of the process. If the reference count becomes zero,
swaps the region out of the main memory, Kernel allocates the space for the swapping process in the
swap device, Kernel locks the other swapping process while the current swapping operation is going on,
The Kernel saves the swap address of the region in the region table.

57. Is the Process before and after the swap are the same? Give reason. Process before swapping is
residing in the primary memory in its original form. The regions (text, data and stack) may not be
occupied fully by the process, there may be few empty slots in any of the regions and while swapping
Kernel do not bother about the empty slots while swapping the process out. After swapping the process
resides in the swap (secondary memory) device. The regions swapped out will be present but only the
occupied region slots but not the empty slots that were present before assigning. While swapping the
process once again into the main memory, the Kernel referring to the Process Memory Map, it assigns
the main memory accordingly taking care of the empty slots in the regions.

58. What do you mean by u-area (user area) or u-block? This contains the private data that is
manipulated only by the Kernel. This is local to the Process, i.e. each process is allocated a u-area.

59. What are the entities that are swapped out of the main memory while swapping the process out of
the main memory? All memory space occupied by the process, process’s u-area, and Kernel stack are
swapped out, theoretically. Practically, if the process’s u-area contains the Address Translation Tables
for the process then Kernel implementations do not swap the u-area.

60. What is Fork swap? fork() is a system call to create a child process. When the parent process calls
fork() system call, the child process is created and if there is short of memory then the child process is
sent to the read-to-run state in the swap device, and return to the user state without swapping the
parent process. When the memory will be available the child process will be swapped into the main
memory.

61. What is Expansion swap? At the time when any process requires more memory than it is currently
allocated, the Kernel performs Expansion swap. To do this Kernel reserves enough space in the swap
device. Then the address translation mapping is adjusted for the new virtual address space but the
physical memory is not allocated. At last Kernel swaps the process into the assigned space in the swap
device. Later when the Kernel swaps the process into the main memory this assigns memory according
to the new address translation mapping.

62. How the Swapper works? The swapper is the only process that swaps the processes. The Swapper
operates only in the Kernel mode and it does not uses System calls instead it uses internal Kernel
functions for swapping. It is the archetype of all kernel process.

SSH IN LINUX
OpenSSH is the open source version of SSH secure shell protocol. It provides secure (encrypted)
communication between systems using a client/server architecture. It allows users to log into
remote systems or execute remote commands in a safe way because of all data transferred
between ssh client and server is encrypted. It also allows secure (encrypted) data transfers
between systems using scp or sftpthe encrypted secure FTP version. By default SSH tools are
installed on RHEL6 systems, the openssh* rpms are included on the default installation. The
server daemon sshd listens on port 22 TCP/IP and the configuration files are located in the
/etc/ssh directory.

Introduction to Encryption

Encryption with SSH requires a private key and a public key, generated by ‘ssh-keygen’
command. In order to establish an SSH encrypted communication between you and others the
first step is send your public key to others keeping always your private key private. When others
want to send data to you through SSH, their messages are encrypted with your public key that
you have send previously. Your computer can decrypt the message with your private key. As can
be seen the public and private keys are related with not easy to guess mathematical algorithms.

Private keys

Private key must be secure and used only by you to decrypt messages encrypted with you public
key. Secure SSH encrypted communications are based on keeping the private key secure.

Public keys

Public key is publicly available. The recipient of your messages will encrypt the data with your
public key that previously you have send. Only you using your private key will be able to
decrypt that message.
SSH Tools

These are the most basic SSH tools than a Linux user must be aware.

sshd

The daemon service that implements the ssh server. By default it must be listening on port 22
TCP/IP.

ssh: The Secure Shell command ssh is a secure way to log and execute commands in to a remote
machine using the private/public key encryption method replacing the insecure tools traditionally
used for it: telnet,rlogin, rexec, rsh, etc.

scp: The Secure Copy command is a secure way to transfer files between computers using the
private/public key encryption method replacing the insecure tool traditionally used for it: ftp.

ssh-keygen: This utility is used to create the public/private keys with the command ‘ssh-keygen
-t keytype’ where keytype can be DSA (Digital Secure Algorithm) or RSA1 (RSA Security).

ssh-agent:This utility holds private keys used for RSA authentication. The idea is that the ssh-
agent command is started in the beginning of an X session or a login session, and all other
windows or programs are started as clients to the ssh-agent program. In this way all clients of the
ssh-agent can remember through the use of environment variables the public/private keys used
when ssh-agent was started, so the user will not be ask for this in all these client sessions.

ssh-add

Adds RSA identities to the authentication agent ssh-agent.

SSH Server

The SSH server configuration file is /etc/ssh/sshd_config. This file is well commented so just
having a look on it one can understand the meaning of the main directives.

# cat /etc/ssh/sshd_config

# This directive configures SSH version 2, which is more secure that version 1
Protocol 2

# The following sends all logging attempts to the appropriate log file /var/log/secure
SyslogFacility AUTHPRIV

# This directive authorizes authentication based on local user passwords

PasswordAuthentication yes
# Set this to ‘yes’ to enable PAM authentication, account processing, and session processing
UsePAM yes

# The following directive allows to open remote GUI tools executed through SSH using the local
X Server
X11Forwarding yes

# This directive supports the use of SSH encryption for secure FTP file transfers
Subsystem sftp /usr/libexec/openssh/sftp-server

Once the configuration file has been set lets start the ssh server and make sure it will start at
system boot.

# /etc/init.d/sshd restart
# chkconfig sshd on

SSH client

The SSH client standard configuration file for all system is /etc/ssh/ssh_config. Each user can
have custom SSH client configurations in their ~/.ssh/config files.

Some examples of SSH client tools can be :

ssh

Allows to login and execute shell commands on remote systems.

node01> ssh rhel6 -l john

It will login as john on rhel6 system.

node01> ssh rhel6 “ls -lrt /home/john”.

It will execute the command ‘ls -lrt /home/john’ as user john on rhel6 system. The command
output is
displayed on node01 the SSH client from where are launched the connection

scp

Used to transfer data between computer systems using SSH.

node01> scp /tmp/file.txt john@rhel6:/tmp/file.txt

This command will transfer file /tmp/file.txt from SSH client node01 to SSH server rhel6 on
/tmp directory

using ‘john’ account.

node01> scp -r john@rhel6:/tmp/dir /tmp/
This command will transfer from SSH client rhel6 the directory /tmp/dir to the SSH server
node01 on /tmp dir using ‘john’ account. In this case node01 receives the data so node01 is the
SSH server, sshd daemon must be running on node01.

SSH Security

Firewall

As has been commented the sshd server listen on port 22 TCP/IP so this port must be open in
order to allow ssh server service through a firewall.

-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

User and Host Based Security

Some additional directives can be added to /etc/sshd/sshd_config file in order to make the access
to ssh server more restrictive.

# Do not allow empty passwords

PermitEmptyPasswords no

# The following directive will not allow to root user to log on the system using ssh. (Do not
allow remote root logins)
PermitRootLogin no

# Limit the users allowed to access a system via SSH. In this case only users ‘john’ and ‘charles’
are allowed to login on the system using SSH AllowUsers john charles

# Or even more restrictive, only allow login through SSH users ‘john’ and ‘charles’ from
192.168.1.101 node.
AllowUsers [email protected] [email protected]

# In addition you can restrict the access to users. In this case all users less ‘john’ are allowed to
connect to the SSH server.
DenyUsers john

SSH using only public/private keys

If the system where SSH server is running is directly connected to the Internet it will be a good
idea to disable password authentication on the SSH server and allow only public/private keys
authentication. This will reduce dramatically the chance that a cracker has login on your system
because the probability that he has to guess the pair user/private_key is much lower that
user/password pair. In order to accomplish this the
following directives must be changed/added to /etc/ssh/sshd_config file.
# cat /etc/ssh/sshd_config
…
# Do not allow password authentication
PasswordAuthentication no

# Allow public/private key authentication

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
…

Next step is create the public/private key pair on the ssh client node01 from where are going to
connect to the SSH server (rhel6).

node01> su – john
john-$>ssh-keygen -t dsa

(It will ask for a passphrase in order to protect your private key on the local node)

This command will create john private key on /home/john/.ssh/id_dsa (permissions 600) and
john public key on /home/john/.ssh/id_dsa.pub(permissions 644)

Change de .ssh directory permissions to 755.

john-$> chmod 755 .ssh

Copy the content of /home/john/.ssh/id_dsa.pub (john public key) generated on node01 (the node
from we want to login as john on SSH server)to /home/john/.ssh/authorized_keys on SSH server.
If necessary
create /home/john/.ssh directory with permission 755 on SSH server.

john-$> cat /home/john/.ssh/id_dsa.pub –> >> SSH

server(rhel6):/home/john/.ssh/authorized_keys

On SSH server (rhel6) change the permissions of /home/john/.ssh/authorized_keys to 644.

# chmod 644 /home/john/.ssh/authorized_keys

The final step is restart the ssh server and verify that you can connect from SSH client (node01)
to SSH server (rhel6) only using public/private key and not using the user password. Have a look
on Lab2.

# /etc/init.d/sshd reload

Note: In order to use the private key on SSH client to connect to SSH server the passphrase
introduced when the private key has been created with ‘ssh-keygen’ is asked. If you have left this
passphrase empty you will be able to login to SSH server directly without passphrase BUT using
your public/private keys. We do not recommend to left this passphrase empty but in any case this
method is more secure that using
standard password because in this case the cracker must guess the public/private keys that
normaly are random strings with at least 512K of size !!!

Using ssh-agent

When we are running a graphical environment on SSH client as gnome or kde we can use the
ssh-add utility in order to do not have to enter the passphrase every time we try to connect to the
SSH server.

john-$> exec /usr/bin/ssh-agent $SHELL

john-$> ssh-add
(–> Enter john passphrase)

The john passphrase now is stored in the environment variables for ‘john’ graphical session, so
john must not be to retype his passphrase any time that try to login to the SSH server from this
graphical environment on SSH client.

SSH Port Forwarding

SSH can secure insecure TCP/IP protocols via port forwarding, SSH server becomes an
encrypted conduit to the SSH client. Port forwarding maps a local port on the SSH client to a
remote port on the SSH server.

client> ssh -l john -L 2525:server.info.net:25 server.info.net

Once the user john has been logged on server.info.net through this ssh connection an SSH
encrypted Tunnel has been established between port 25 TCP/IP on server.info.net and port 2525
TCP/IP on client.info.com. In this way if you execute the command ‘telnet localhost 2525’ on
client.info.com you are making the telnet directly to port 25 TCP/IP on server.info.net.

client> telnet localhost 2525

Trying ::1…
Connected to localhost.
Escape character is ‘^]’.
220 server.info.net ESMTP Sendmail 8.13.8/8.13.8; Fri, 25 Mar 2011 13:18:29 +0100

!!! IT IS MAGIC !!!

If you want forward a port from a machine that is not running an SSH server, but another
machine on the same network is, SSH can still be used to secure a SSH tunnel.

client> ssh -l john -L 1100:pop.info.net:110 server.info.net

With this command you are making a ssh tunnel from pop.info.net:110 (that is not running an
SSH server) to your local machine client.info.com:1100 connecting as user ‘john’ on
server.info.net that is in the same LAN as pop.info.net. As POP service does not encrypt the data
itself, with the SSH tunnel the data is encrypted by SSH, so you are making more secure the
connection to your pop service.

Note: SSH Tunnels can be used to skip firewalls. Imagine that there is a firewall that blocks the
connection between your local machine client.info.com and your POP service on pop.info.net
port 110 TCP/IP. If the firewall is not blocking access to the SSH server on pop.info.net:22 (or a
machine in the same LAN running SSH server) you can establish an SSH tunnel from
client.info.com:110 and pop.info.net:1100 and skip the
firewall. !!! In reality you can forward any port and skip the firewall if you can connect through
ssh!!!

Maybe for security reasons you want to disable port forwarding through your SSH server. In this
case the following directive must be configured on the SSH server configuration file
/etc/ssh/sshd_config and then reload the SSH server service.

AllowTcpForwarding no

Questions

1.- By default SSH server runs on port 23 TCP/IP (true/false).

2.- OpenSSH can be used to encrypt remote X Windows applications (true/false).
3.- OpenSSH can be used to encrypt the traffic generated by any network application (true/false).
4.- Which command must be used in order to log as user ‘kate’ on node mark.info.net using ssh?.
5.- Which command must be used in order to copy the local file /root/script.sh on node
admin.info.net on /
root as root using scp?.
6.- Which command must be used in order to generate user charles RSA public/private keys used
by SSH?.
7.- Which configuration parameter must be configured on SSH Server configuration file in order
to not allow
root logins through ssh?.
8.- Which configuration parameter must be configured on SSH Server configuration file in order
to allow only
user ‘kate’ login through ssh?.
9.- Which of the following is the SSH server configuration file?.

A – /etc/ssh_config
B – /etc/ssh/ssh_config
C – /etc/sshd_config
D – /etc/ssh/sshd_config
10.- Which of the following commands will open an SSH Tunnel between remote.info.net:80
and
localhost:8080. (SSH Server is running on remote.info.net)?.
A – ssh -l root -L 8080:remote.info.net:80 remote.info.net
B – ssh -l root -L 80:remote.info.net:8080 remote.info.net
C – Both of them
D – None of them

Answers

1.- False.
2.- True.
3.- True, using SSH Tunnel (port forwarding).
4.- ‘ssh -l kate mark.info.net’ or ‘ssh [email protected]’
5.- ‘scp /root/script.sh [email protected]:/root/’
6.- ‘su – charles; ssh-keygen -t rsa’
7.- PermitRootLogin no
8.- AllowUsers kate
9.- D
10.- A

Case Study

1.- Configure a SSH server on rhel6 (192.168.1.10). Do not allow root and john users to login to
it and allow
the rest of users. Verify that SSH data transfers are encrypted.
2.- Re-configure SSH server on rhel6 (192.168.1.10) to allow logins only using public/private
keys. Generate
the keys for user ‘charles’ on node01 (192.168.1.101) with an empty passphrase and configure
‘charles’
account on rhel6 in order to allow ‘charles’ ssh login from node01.
3.- Using SSH Tunnel (Port forwarding) redirect rhel6 port 23 TCP/IP (telnet) to node01 port
2323 TCP/IP.
Verify that you are able to loggin on rhel6 from node01 through telnet skipping the firewall on
rhel6.

Lab 1

* Login as root on rhel6 (192.168.1.10) and configure SSH server to meet the requirements
specified.

# cat /etc/ssh/sshd_config

…
Protocol 2
..
SyslogFacility AUTHPRIV
…
PasswordAuthentication yes
…
PermitRootLogin no
DenyUsers john

* Reload SSH server service.

# /etc/init.d/sshd reload

* Open port 22 TCP/IP.

-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT -> /etc/sysconfig/iptables
# /etc/init.d/iptables restart

* Create users john/john, charles/charles on rhel6 if necessary with command ‘useradd’.

* From node01 try lo logging to rhel6 through ssh as user john and root and verify that the action
is denied
by SSH server.

node01> ssh -l john 192.168.1.10

–> Login Failed after 3 attempts.

node01> ssh -l root 192.168.1.10

–> Login Failed after 3 attempts.

* From node01 try lo logging to rhel6 through ssh as user charles and verify that the acction is
allowed by
SSH server. Also run tcpdump command to verify that data transferred in this ssh transaction is
encrypted.

node01> tcpdump -v -XX port 22

node01> ssh -l charles 192.168.1.10

–> Login successful.

–> Tcpdump does not show clear text data. All data is encrypted.

Lab 2

* On rhel6 modify Lab1 SSH server configuration file to meet the new requirements.

# cat /etc/ssh/sshd_config
…
Protocol 2
…
SyslogFacility AUTHPRIV
…
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
…
PasswordAuthentication no
…
PermitRootLogin no
DenyUsers john

* Reload SSH server service.

# /etc/init.d/sshd reload

* Connect to node01, create charles account and create DSA public/private keys for user charles
with an
empty passphrase.

node01> useradd charles

node01> su – charles
charles-$> ssh-keygen -t dsa
–> Enter an empty passphrase
charles-$> chmod 755 .ssh

* Open a connection to rhel6 and add ‘charles’ public key (/home/charles/.ssh/id_dsa.pub) to the
file rhel6:/
home/charles/.ssh/authorized_keys . Create this file if necessary and apply the correct
permissions.

rhel6-charles# mkdir .ssh

rhel6-charles# chmod 755 .ssh
node01:/home/charles/.ssh/id_dsa.pub –> >> SSH
server(rhel6):/home/charles/.ssh/authorized_keys
rhel6# chmod 644 /home/charles/.ssh/authorized_keys

* From node01 try to logging on rhel6 server as user charles.

node01> ssh -l charles 192.168.1.10

–> Login successful with an empty passphrase.

* From node01 try to login through ssh as user john on rhel6.

node01> ssh 192.168.1.10 -l john
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

This message means that john has not public/private keys configured on node01/rhel6 so as this
is the
unique valid method for ssh authentication on rhel6 the logging is DENIED before the directive
‘DenyUsers
john’ has taken effect. The same happens to root account.

Lab 3

* Login as root on rhel6 and install telnet-server rpm. Start it and make sure that it will start at
boot.

# yum install telnet-server

# chkconfig telnet on
# /etc/init.d/xinetd start
# chkconfig xinetd on

* From node01 try to open a telnet connection to rhel6 server. This connection will be blocked
by the firewall
on rhel6.

node01> telnet 192.168.1.10 23

Trying 192.168.1.10…
telnet: connect to address 192.168.1.10: No route to host
telnet: Unable to connect to remote host: No route to host

* Using a SSH Tunnel forward rhel6:23 to node01:2323 as user ‘charles’.

node01>su – charles
charles-$> ssh -l charles -L 2323:192.168.1.10:23 192.168.1.10

* Verify now that you can telnet to rhel6 just making ‘telnet localhost 2323’ on node01.

node01> telnet localhost 2323

Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
Red Hat Enterprise Linux Server release 6.0 (Santiago)
Kernel 2.6.32-71.el6.i686 on an i686
login: charles
Password:
Last login: Sun Mar 27 22:38:43 from 192.168.1.2
charles@rhel6> hostname
rhel6.info.net

* Magnific, we have skipped the firewall and at the end we have logged through telnet on rhel6
from node01.

USER ADMINISTRATION LINUX

1. 1) /etc/passwd

The file where system user account definition is done is /etc/passwd. This file has the following
structure :

$ cat /etc/passwd
…
username:x:500:600:Some comments:/home/username:/bin/bash
…

username
The system account username . It should not start with a number or include uppercase letters.

x
The password. An x points to /etc/shadow for the password. An * means the account is disabled.
A random group of letters and numbers represents the encrypted password.

500
The user ID (UID) for that user.

600
The group ID (GID) associated with that user.

Some comments Any information can be used in this field.

/home/username
By default, RHEL places new home directories in /home/username.

/bin/bash
Default user shell.

1. 2) /etc/group

The file where system group account definition is done is /etc/group. This file has the following
structure :
$ cat /etc/group
…
groupname:x:500:user1,user2
…

groupname
The system account groupname user gets his own group. By default when a user is created is
related to a group with groupname equal to username.

x
The group password password. An x points to /etc/gshadow for the password. As user password
on /etc/passwd random group of letters and numbers represents the encrypted password.

500
The group ID (GID) associated with user.

user1,user2
Lists of users that belong to the group. If it’s blank means that there is a username that is
identical to the groupname.

In order to add/delete groups to the system this file can be edited directly with vigr or using
useradd/userdel commands as described in next sections.

1. 3) /etc/shadow

The /etc/passwd file is can be read for every user on the system so include the encrypted
password there is not a good idea. For this reason the file /etc/shadow accessible to root only is
used to store the encrypted password.

$ cat /etc/shadow
…
username:$1sdsew$td%wqee@132ewSDADdsa:14860:0:99999:7:::
…

username
Username shadow entry, it is related with ‘username’ account on /etc/passwd.

$1sdsew$td%wqee@132ewSDADdsa
Encrypted password. An x in the second column of /etc/passwd means that the encrypted
password is stored here.

14860
Last password change date, in Linux epoch number of days: number of days after January 1,
1970.
0
The value of 0 here means that this user can keep this password forever.

99999
The system will ask to username to change his password after 99999 days since account creation.

::
This value means the number of days before password expiration when a warning is given, in
this case none.

::
It sets the number of days after password expiration when an account is made inactive, in this
case none.

::
This value means the number of days after password expiration when an account is disabled, in
this case none.

1. 4) Adding user account

When a user account needs to be added to the system the command useradd must be used :

$ useradd -u 600 -c “Test add user” -d /home/prashant -s /bin/bash prashant

With this command i have created the user account ‘prashant’ with UID=600 which home
directory in /home/prashant and default shell bash. By default the user is assigned to a new
created group ‘prashant’ with GID=600. This value can be changed using the -g option.

$ cat /etc/passwd
…
prashant:x:600:600:Test add user:/home/prashant:/bin/bash

Next step must be create a password to ‘prashant’ account with the command ‘$ passwd
prashant’

Deleting user account

When a user account needs to be removed in the system the command userdel must be used :

$ userdel -r prashant

With this command all information about ‘prashant’ account is removed on the system, including
all /home/prashant directory and mail spool files.

1. 5) Modifying user account

In order to change the parameters of an existing account the commands usermod and/or chage
can be used :

$ usermod -e 2013-1-08 prashant

Sets the expiration account day for user ‘prashant’ to 2013-1-08

$ usermod -G sales prashant

Sets ‘prashant’ account group ownership to ‘sales’ group.

$ chage -E -1 prashant
Removes any account expiration date for user ‘prashant’

User profile

By default when a user account is created some environment files stored in /etc/skel are copied to
the user home directory. Any changes applied to this files on /etc/skel directory are propagated to
the new users home directories.

.bashrc
This file points to the general /etc/bashrc configuration file. It normally includes the commands
to be run bash shell is started.

.bash_logout
This file is executed when the user exits a bash shell. It normally includes commands for clearing
screen, umount partitions, etc.

.bash_profile
It is the bash startup environment where environment variables as PATH and LIB_PATH are
configured.

The system-wide shell configuration files are stored in /etc/bashrc and /etc/profile. These files
configure the default system-wide umask value for default file creation permission, the default
prompt display, the system-wide PATH, aliases, etc.

Switch accounts with ‘su’

The ‘su’ commands allows the change between users accounts without logout :

$ su – prashant
Password:
prashant-$

It also allows to execute some command/script as another user after authentication without
changing the user account :
prashat-$ su cate -c id
Password:
uid=501(cate) gid=502(cate) groups=502(cate) context=user_u:system_r:unconfined_t
Without changing user john account we have executed the ‘id’ command as ‘cate’ user after
typing cat password

Execute a command as another user with ‘sudo’

A most powerful way to execute process as another user than ‘su -c’ is the sudo command. The
file /etc/sudoers accessible with visudocommand controls how sudo is executed.

The sudoers file format looks like:

user host = (userl) command

* user is the username or groupname to which the rule applies

* host is a list of hosts where the rule applies
* userl is the user that this rule can be run as. If it is not specified sudo run the command as root
user
* command is the command/s that can be run as userl from user account

The parameters host, userl and command can be replaced with the ALL, meaning unrestricted
access for this parameter. The parameterNOPASSWD after userl means that no passowrd
authentication is required on sudo execution.

Sudo examples

%prashant ALL=(cate) /usr/bin/id

prasahant-$ sudo -u cate id

[sudo] password for john:
uid=502(cate) gid=503(cate) groups=503(cate) context=user_u:system_r:unconfined_t

Without changing user prashant account we have executed the ‘id’ command as ‘cate’ user after
typing prashant password. Note the difference with the ‘su’ command, with sudo you do not
need to know the user password to run a process as that user.
%john ALL=(cate)NOPASSWD: /usr/bin/id

prashant-$ sudo -u cate id

uid=502(cate) gid=503(cate) groups=503(cate) context=user_u:system_r:unconfined_t

The same as before without typing any password

%prashant ALL=NOPASSWD: /bin/mount, /bin/umount

prashant-$ sudo mount /dev/sda1 /mnt

User prashant can execute mount/umount (only root can run these commands) as root without
typing any password. Note that no userl is specified the sudo execution is done as root.

1. 6) SUID

The Set User ID permission changes the effective user ID permission to the owner file user ID in
the file execution. It allows run a command/script as the owner�s file. In this case the
permission is set up on the standard file permission with the chmod u+s command. One common
example is the passwd command that allow system users change their password without being
root on the system :

$ ls -lrt /usr/bin/passwd
-rwsr-xr-x 1 root root 22960 jul 17 2006 /usr/bin/passwd

The ‘s’ on the user permission field means that this when a system user like ‘john’ will run this
command it

will be executed with the effective owner file user ID root which has the right permissions to
modify the /etc/shadow file in order to change ‘prashant’ password.

1. 7) SGID

The Set Group ID permission changes the effective group ID permission to the owner file group
ID in the file execution. It allows share files between users in the same group. As the SUID the
permission is set up on the standard group directory using the command chmod g+scommand:

$ groupadd admin
Create a new system group called admin.

$ usermod -G admin -a mike

$ usermod -G admin -a cate
$ usermod -G admin -a john
Add users john, cate and mike to ‘admin’ group.

$ mkdir /home/admin
Create the shared directory ‘/home/admin’.

$ chown nobody:admin /home/admin

Change the shared directory group ownership to ‘admin’.

$ chmod 770 /home/admin

Only group ‘admin’ has access to the shared directory ‘/home/admin’.
$ chmod g+s /home/admin
$ ls -lrt /home/ | grep admin drwxrws— 2 nobody admin 4096 oct 30 08:51 admin
Set the group bit to the shared directory ‘/home/admin’, the ‘s’ in the group permission field.
Now the files created on /home/admin automatically inherits ‘admin’ group ID so all ‘admin’
group members (john ,cate and mike) can access rw directly to all the files on the shared
/home/admin group directory without changing any permission.

1. 8) STICKY DIRECTORY

The sticky permission (‘t’ on others permission field) allows to remove files only to the owner in
777 directories as /tmp. Thanks to the sticky permission on /tmp everybody can create/remove
files but only the owner of the file can remove it. As previous examples the permission is applied
on the directory with the chmod o+t command :

$ chmod o+t /tmp

$ ls -lrt / | grep tmp
drwxrwxrwt 93 root root 4096 oct 30 08:55 tmp

$ su – john
john-$ ls -lrt /tmp/cate
-rwxrwxrwx 1 cate cate 0 oct 30 08:55 cate
john-$ rm /tmp/cate
rm: can not remove �cate�: Permision denied

The file /tmp/cate has 777 permision so everybody can remove it, but the directory that contains
the file /tmp has the sticky bit set so only the file owner (‘cate’) can remove /tmp/cate.

Questions / Answers

1.- The encrypted user password is always stored on /etc/shadow (true/false)

2.- Regular users accounts must have an user id UID equal or over 500 (true/false)
3.- By default in CentOS when a user account is created this user is assigned to ‘users’ group
(true/false)
4.- Which command will set up the SGID bit on /home/share directory ?
5.- Which command will set up the SUID bit on /root/script/compare.sh script ?
6.- The line ‘%john ALL=NOPASSWD: /sbin/’ on /etc/sudoers files allow users or group ‘john’
execute any
command in /sbin/ directory as root using ‘sudo’ command. (true/false)
7.- Which file must be modified in order to execute ‘echo “user john has logout” every time user
‘john’ logout
from bash shell ?
8.- Root account can not be locked using ‘chage’ command. (true/false)
9.- In which directory are stored the files that contains the user/group accounts ?
A – /root
B – /etc
C – /passwd
10.- Which permission bit is set up on directories to allow only the owner of the file remove it ?
A – sgid bit ‘g’
B – stiky bit ‘t’
C – suid bit ‘s’
D – None of them

1.- False. It can be stored in /etc/passwd but it is less safe.

2.- True.
3.- False. An group account with name equal to username is created and assigned to user.
4.- chmod g+s /home/share
5.- chmod u+s /root/script/compare.sh
6.- True.
7.- /home/john/.bash_logout
8.- False.
9.- B
10.- B

Lab 1

* Login as root on your system

* Create user accounts ben, kim and will.

$ useradd ben
$ useradd kim
$ useradd will

* Set password ‘shared’ to ben, kim and will.

$ passwd ben
Changing password for user ben.
New UNIX password: shared
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password: shared
passwd: all authentication tokens updated successfully.
The same for kim and will

* Create a group called ‘shared’.

$ groupadd shared

* Configure ‘shared’ as secondary group for ben, kim and will.

$ usermod -G shared -a ben

$ usermod -G shared -a kim
$ usermod -G shared -a will
* Make a simple verification :

$ id ben
uid=515(ben) gid=519(ben) groups=519(ben),522(shared)

Lab 2

* Login as root on your system

* Create /home/shared directory

$ mkdir /home/shared

* Change the /home/shared group ownership to group ‘shared’

$ chown nobody:shared /home/shared

* Change the /home/shared permissions.

$ chmod 770 /home/shared

* Set the SGID bit on /home/shared to make possible full rw access to all files to ‘shared’ group
members.

$ chmod g+s /home/shared

* Verify that files created by user ben on /home/shared are rw full access to kim and will. Verify
that users outside group ‘shared’ can not access to the files.

Lab 3

* Login as ben on your system and try to reboot the system with ‘/sbin/reboot’ command.

ben-$ /sbin/reboot
reboot: must be superuser.

User ben can not reboot the node with /sbin/reboot. The execution is tried with ‘ben-$ sudo
/sbin/reboot’ is also denied.

* Configure sudo to allow users on group ‘shared’ to execute any command as root :

ben-$ su – root
$ visudo
Add line %shared ALL=NOPASSWD: ALL

* To verify try to run /sbin/reboot as ben with sudo :

su – ben
ben-$ sudo /sbin/reboot

…and the server starts the reboot process without tying any password …

SSH-KEY GENERATION AND ADMINISTRATION

IN LINUX
Introduction
SSH keys serve as a means of identifying yourself to an SSH server using public-key
cryptography and challenge-response authentication. One immediate advantage is this
method has over traditional password
authentication is that you can be authenticated by the server without ever having to
send your password over the network.
SSH keys always come in pairs, one private and the other public. The private key is
known only to you and it should be safely guarded. By contrast, the public key can be
shared freely with any SSH server to which you
would like to connect. When an SSH server has your public key on file and sees you
requesting a connection, it uses your public key to construct and send you a challenge.
This challenge is like a coded message and it must be met with the appropriate
response before the server will grant you access. What makes this coded message
particularly secure is that it can only be understood by someone with the private key.
While the public key can be used to encrypt the message, it cannot be used to decrypt
that very same message. Only you, the holder of the  private key, will be able to
correctly understand the challenge and produce the correct response.
This challenge-response phase happens behind the scenes and is invisible to the user.
As long as you hold  the private key, which is typically stored in the ~/.ssh/ directory,
your SSH client should be able to reply with the appropriate response to the server.
Because private keys are considered sensitive information, they are often stored on disk
in an encrypted form.
Creation of ssh keys on server

Below are the parameters that we will use while generating the keys

type : 1024 SSH-2 DSA

comment : “firstname lastname,company,email id”
•

Create pair of DSA keys, using command like below

ssh-keygen -t dsa -b 1024 -C “user name , comment,email id”

It will create two files under /home/<username>/.ssh

id_dsa
id_dsa.pub
•

id_dsa.pub is the public key that will be distributed(i.e. added to

/root/.ssh/authorized_keys file)

RAID (REDUNDANT ARRAY OF INEXPENSIVE

DISKS) IN LINUX
 Introduction

The main goal of RAID (Redundant Array of Inexpensive Disks) is combine multiple
inexpensive, small disk drives into an array of disks in order to provide redundancy, lower
latency, increased bandwidth, and maximized ability to recover from hard disk crashes that one
large and expensive drive does not provide.This array of drives appears to the system as a single
drive.RAID can be implemented via hardware devices as RAID controllers or via software
controlled by the Linux Kernel . This chapter focuses on RAID implemented via software where
the Linux Kernel uses the MD driver
that allows the RAID solution to be hardware independent. The RAID software performance
depends directly on the system CPU and load.

RAID Levels

Several levels of software RAID are supported by CentOS/RHEL systems: levels 0, 1, 5, and 6

RAID 0
It requires a minimum of two disks. Read-Write access to the array is faster because it is done in
parallel on all the array components and the information is stripped across all array members
without providing
redundancy (parity). The total storage capacity of the array is the capacity sum of all array
components and if one disk crashes the information that contains will be lost. RAID 0 is also
known as striping without parity.

RAID 1
It requires a minimum of two disks identically-sized. The same information is written in all array
members so the performance is lower than RAID 0 but in this case it provides redundancy
(parity). If one disk crashes the information can be recovered from the other disk. The total
storage capacity of the array is the capacity of one of the members, the other is used to store the
parity to implement the redundancy. RAID 1 is also known as disk mirroring.

RAID 5
It requires a minimum of three disks identically-sized. In this case the parity is stripped across all
array components and if one disks crashes the information can be recovered using the parity
stored on the rest of the disks array. If two disks crashes all array information is lost. The total
storage capacity of the array is the capacity sum of all array members less the capacity on one
disk that is used to store the parity. RAID 5 provides the same redundancy as RAID 0 with an
higher performance. RAID 5 is also known as disk striping with parity.

RAID 6
It requires a minimum of four disks identically-sized . It uses two parity levels and the
information can be recovered in case of crash of two array members.

Spare disks
In all RAID levels additional disks for failover can be added, the spare disks. When one member
of the array fails, it is marked as bad and removed from the array. Automatically one spare disk
is added to the array and the array is rebuilt immediately. or no downtime.

RAID Building

* The first step in order to create a RAID array is create the disk partitions (with the same size)
that are going to be the array members as RAID partition with the command fdisk (code ‘fd’).
For example create a RAID 1 array with two partitions of 100M on sdb1 and sdc1 :

$ fdisk /dev/sdb

Command (m for help): n

Command action
e extended
p primary partition (1-4)
p
First cylinder (1-130, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-130, default 130): +100M

Command (m for help): t

Hex code (type L to list codes): fd
Changed system type of partition 1 to fd (Linux raid autodetect)
Set the partition type as RAID : ‘fd’

Command (m for help): w

The partition table has been altered!

Calling ioctl() to re-read partition table.

Syncing disks.

Repeat the same operation for disk sdc. The final result is two identical RAID partitions of 100M
sdb1 and sdc1 ready to form a raid array :
$ fdisk -l

Disk /dev/sdb: 1073 MB, 1073741824 bytes

255 heads, 63 sectors/track, 130 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device
Boot
/dev/sdb1

Disk /dev/sdc: 1073 MB, 1073741824 bytes

255 heads, 63 sectors/track, 130 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device
Boot
/dev/sdc1

* Next step is create a RAID 1 sdb1,sdc1 array using the command mdadm :

$ mdadm –create /dev/md0 –level=1 –raid-devices=2 /dev/sdb1 /dev/sdc1

mdadm: array /dev/md0 started.

* Verify raid status :

$ cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sdc1[1] sdb1[0]
803136 blocks [2/2] [UU]

unused devices:

* Create filesystem on RAID array using mkfs command :

$ mkfs.ext4 /dev/md0

mke2fs 1.41.12 (17-May-2010)

Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
26104 inodes, 104320 blocks
5216 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67371008
13 block groups
8192 blocks per group, 8192 fragments per group

Start
1

End
13

Blocks
104391

Id
fd

System
Linux raid autodetect

Start
1

End
Blocks
13
104391

Id
fd

System
Linux raid autodetect

2008 inodes per group

Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729

Writing inode tables: done

Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 39 mounts or

180 days, whichever comes first. Use tune2fs -c or -i to override.

* Mount the partition :

$ mount /dev/md0 /mnt
$ df -h
…
/dev/md0 99M 5.6M 89M 6% /mnt
…
/dev/md0 RAID-1 100MB mounted on /mnt

mdadm howto

The command mdadm can be used to manage the MD devices in RAID software :

* Create a RAID-5 array :

$ mdadm –create –verbose /dev/md0 –level=5 –raid-devices=3 /dev/sdb1 /dev/sdc1 /dev/sdd1

* Create a RAID-5 array with one spare partition, sde1 :

$ mdadm –create –verbose /dev/md0 –level=5 –raid-devices=3 –spare-devices=1 /dev/sdb1 /dev/

sdc1 /dev/sdd1 /dev/sde1

* Remove a RAID array :

$ mdadm –remove /dev/md0

* Mark sdb1 partition as failed on RAID array and remove it from RAID array :

$ mdadm –verbose /dev/md0 -f /dev/sdb1 -r /dev/sdb1

* Add sdb1 partition to the RAID array and start array reconstruction :

$ mdadm –verbose /dev/md0 -a /dev/sdb1

Questions

1.- RAID-0 supports the failure of one of the RAID array partition (true/false)
2.- RAID-5 requires at least three equal-size partitions in order to provide redundancy (true/false)
3.- RAID array can be constructed using partitions in ‘Linux’ format (true/false)
4.- Which command must be used in order remove sdc1 partition to /dev/md0 RAID device ?
5.- Which command must be used in order to add sdc1 partition to /dev/md0 RAID device ?
6.- On RAID software partitions only ext4 filesystem can be created ? (true/false)
7.- Which command must be used in order to remove /dev/md0 RAID array ?
8.- Which command shows all software RAID array status ?
9.- Which of the following commands can be used in order to monitor /dev/md0 RAID array ?
A – cat /proc/mdstat
B – mdadm –detail /dev/md0
C – Both of them
D – None of them
10.- Which of the following is not a supported software RAID level ?
A – RAID 3
B – RAID 4
C – RAID 6
D – RAID 10

Answers

1.- False.
2.- True.
3.- False, the partitions must be in RAID format : ‘fd’
4.- mdadm –verbose /dev/md0 -f /dev/sdc1 -r /dev/sdc1
5.- mdadm –verbose /dev/md0 -a /dev/sdc1
6.- False. Any filesystem supported by Linux can be created on RAID array
7.- mdadm –remove /dev/md0
8.- cat /proc/mdstat
9.- C
10.- A and B

Labs

1.- Create a RAID-5 400M partition on disk sdb with one spare partition. Create a ext4
filesystem on RAID-5 array, mount it on /mnt and copy the content of /tmp on /mnt.
2.- Mark as failed and remove one partition from the previous RAID-5 array. Verify that spare
partition has been added automatically to the RAID-5 and no data has been lost.
3.- Add the previous removed partition to the RAID-5 and verify the result.

Lab 1

* Login as root on your system

* Create four ‘raid’ partitions of size 200M (sdb1,sdb2,sdb3,sdb4). Three sdb1,2,3 raid partitions
of 200M to form a 400M RAID-5 array and one for the spare:

$ fdisk /dev/sdb

Command (m for help): n

Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-130, default 1): 1
Last cylinder or +size or +sizeM or +sizeK (1-130, default 130): +200M
Command (m for help): t
Selected partition 1
Hex code (type L to list codes): fd
Changed system type of partition 1 to fd (Linux raid autodetect)

Command (m for help): w

The partition table has been altered!

Calling ioctl() to re-read partition table.

Syncing disks.
[root@server ~]# partprobe
The same for sdb2,3,4

* Verify the raid partitions :

$ fdisk -l
…
Disk /dev/sdb: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device
Boot
/dev/sdb1
/dev/sdb2
/dev/sdb3
/dev/sdb4

* Create the RAID-5 array with one spare :

$ mdadm –create –verbose /dev/md0 –level=5 –raid-devices=3 –spare-devices=1 /dev/sdb1 /dev/

sdb2 /dev/sdb3 /dev/sdb4
mdadm: layout defaults to left-symmetric
mdadm: chunk size defaults to 64K
mdadm: array /dev/md0 started.

* Verify the RAID-5 array status

$ cat /etc/mdstat
Personalities : [raid6] [raid5] [raid4]
md0 : active raid5 sdb3[2] sdb4[3](S) sdb2[1] sdb1[0]
401408 blocks level 5, 64k chunk, algorithm 2 [3/3] [UUU]

unused devices:
Observe the spare partition ‘sdb4[3](S)’ and the RAID-5 status ‘UUU’
* Create an ext4 filesystem on RAID-5 array :

$ mkfs.ext4 /dev/md0

* Mount if on /mnt from /etc/fstab and copy /tmp/ on it :

$ echo “/dev/md0 /mnt ext4 defaults 1 2” >> /etc/fstab

$ mount /mnt
$ df -h
…
/dev/md0 380M 11M 350M 3% /mnt
…
Verify the RAID-5 size is 400M

$ rsync -av /tmp/ /mnt/

Lab 2

Start
1
26
51
76

End
Blocks
Id
System
25
200781
fd
Linux raid autodetect
50
200812+
fd
Linux raid autodetect
75
200812+
fd
Linux raid autodetect
100
200812+
fd
Linux raid autodetect
* Login as root on your system
* Mark sdb1 as failed and remove it from RAID-5 array

$ mdadm –verbose /dev/md0 -f /dev/sdb1 -r /dev/sdb1

mdadm: set /dev/sdb1 faulty in /dev/md0
mdadm: hot removed /dev/sdb1

* Verify raid status :

$ cat /proc/mdstat
Personalities : [raid6] [raid5] [raid4]
md0 : active raid5 sdb3[2] sdb4[0] sdb2[1]
401408 blocks level 5, 64k chunk, algorithm 2 [3/3] [UUU]

unused devices: Observe that the spare partition sdb4 has been added automatically to the RAID-
5 array and the RAID-5 has been rebuilt. The failed partition sdb1 has been removed.

Lab 3

* Login as root on your system

* Add sdb1 partition to the RAID-5 array :

$ mdadm –verbose /dev/md0 -a /dev/sdb1

mdadm: added /dev/sdb1

* Verify raid status :

$ cat /proc/mdstat
Personalities : [raid6] [raid5] [raid4]
md0 : active raid5 sdb1[3](S) sdb3[2] sdb4[0] sdb2[1]
401408 blocks level 5, 64k chunk, algorithm 2 [3/3] [UUU]

unused devices:

Observe that now the spare partition is sdb1 ‘sdb1[3](S)’, the partition that has been added.

1. How to check Gateway and net mask??

Ans. netstat -ar

2. RSYNC command executed, got error while copying, again the command initiated,
whether the file copies from 1st and incremental.
Ans:- The rsync command is incremental copy(check the files with destination and copies rest of
the part).

3. In RAID 5, two disks are corrupted what to do ?

Ans:- In RAID 5 , if one disk is corrupted , we can replace that effective drive without any
downtime. But here the scenario is  two disks are corrupted , in this case we don’t have much
option left. Need to replace all the effective disks and rebuild the OS. If we kept two spare hard
disk while creating RAID , the situation will be different.

4.what is hard and soft mounting?

Ans.  Hard mount:

— If the NFS file system is hard mounted, the NFS daemons will try repeatedly to contact the
server. The NFS daemon retries will not time out, will affect system performance, and you
cannot interrupt them.

Soft mount

— If the NFS file system is soft mounted, NFS will try repeatedly to contact the server until
either:

A connection is established

The NFS retry threshold is met

The nfstimeout value is reached

When one of these events occurs, control returns to the calling program.

5.what is /proc file system ?

Ans. procfs (or the proc file system  is a special file system in UNIX-like operating systems that
presents information about processes and other system information in a hierarchical file-like
structure, providing a more convenient and standardized method for dynamically accessing
process data held in the kernel than traditional tracing methods or direct access to kernel
memory.

6.what is daemon responsible for tracking events in a server?

Ans. syslogd

7.what is difference between raid 0 and raid 1?

Ans. RAID 0, No redundancy

RAID 1, Redundancy

8.what is kernel panic?

Ans. A kernel panic is an action taken by an operating system upon detecting an internal fatal
error from which it cannot safely recover. The term is largely specific to Unix and Unix-like
systems; for Microsoft Windows operating systems the equivalent term is “bug check” (or “Blue
Screen of Death”).

9.what is ‘0’ process?

Ans. parent process id of ‘init’ (sched process)

10.what is the last service started by init before logging screen appears?

Ans. /etc/rc.local which are the last commands run in initialization process or even booting
process

11.difference between LILO &GRUB?

Ans. LILO, Linux Loader, on kernel versions < 2.4,It does’nt support booting from n/w.

Grub, Grand unified boot loader. on Kernel versions >= 2.6, supports booting from network.

12.Stages of boot loader?

Ans.6 stages.

1. BIOS
2. MBR
3. GRUB
4. Kernel
5. Init
6. Runlevels

13.when two machines are there, one machine MAC & IP address is known,  another machine
MAC address is there, how to find IP of another machine using command?

Ans. ‘arp’ command

14.while ‘ping’ cmd is used  the system not receiving any o/p?

Ans. ping cmd is blocked in kernel parameters

ping  cmd uses icmp protocol.

15.Issue is there with hard drives ,dont know  which drive is fault. how to check which drive is
fault?

Ans. If it is HP and IBM Servers, it will show amber color for faulty HDD.  otherwise we can
see the status of the hard disks in ILO (Integrated Lights   Out)configuration for HP servers and
the same remote accessing feature also available for IBM. other wise you can check in dmesg .

16.In production server one drive got failed,how to replace new drive?

Ans. plug and play devices, in raid -1 mirror is used machine can run with one hard disk . we can
replace

17.ASR means AUTOMATED SERVER RECOVERY

18. What is Network bonding? Requirements for bonding?

Ans. N/w Bonding will configure on the servers for redundancy. It requires minimum 2 Ethernet
Ports/Cards.

19. MI means?

Ans. Major Incident

20. Different mount options apart from mount command?

Ans. crazy question, i will say /bin/mount., But it is mount command full form. I heared
guestmount commnad also there to mount a disk …but didn’t used yet.

22.how to start services apart from ‘service’ cmd?

Ans. /ect/init.d/<service name> start

23.how to display memory info?

Ans. cat /proc/meminfo

free -go (To see in GB)

24.how to display hardware information?

Ans. dmidecode |less

Command: lscpu

List available cpus and their caracteristics , Not available on older distribution
Command: lshal

Require HAL (Hardware Abstraction Layer) to be installed . List all hardware visible by HAL

Command: lshw

Available on Debian and Ubuntu based distributions by default .Available in the Fedora
repositories .Uses many inputs            to detect all hardware: Kernel, HAL, DMI, etc. use ‘-html’
switch that generates hardware reports

Command: lspci

Standard command ,List all hardware connected to the PCI bus as detected by the kernel

Command: lsusb

Standard command. List all hardware connected to the USB buses as detected by the kernel

Command: dmidecode

Standard command, Get the source information from the DMI (a kind of BIOS interface) .List all
hardware as reported by       the DMI interface

25. command to check the directory’s partition or mount ?

Ans. df -P file/goes/here | tail -1 | cut -d’ ‘ -f 1

[root@testmachine Desktop]# df -P /boot/ | tail -1 | cut -d’ ‘ -f1

/dev/sda1

26.how to rollback application?

Ans.  insert ‘ts_flags=repackage’ in /etc/yum.conf and create file /etc/rpm/macros with an

entry’repackage’ parameter.

27.how to rollback filesystem?

Ans. If ‘Snapshot'(backup) is taken, using superblocks we can rollback file system.

28. Newly attached hard drive is not recognizing how to make it active ?

Ans. After building server with 2 hard disks, again if we attach any hdd, server wont recognizes
it. if the server want to recognize it, we need to reboot it and create RIAD fo that HDD also.
If we replaced Faulty hard disk with new one, Server will take 1 hr time to synchronize the data
(RIAD 1 and RAID 5).

29.Different raid levels & explanation?

Ans. raid 0, raid1, raid1+0, raid 1+0, raid3, raid 5, raid50, raid6.

30.file system is full? user need some space to run his work ?

Ans. 1. If it is configured with ‘lvm’ we can extend it, or else we can make use of reserved
blocks.

2. Delete the old files after getting confirmation from user.

31. How to check a package is installed or not?

Ans.  rpm -qa | grep <package name>, it will gives package name and version, if it installed,
returns empty screen if not installed.

32.how to check which ports are working?

Ans. netstat cmd

33.how to configure static route?

Ans. vi /etc/sysconfig/network-scripts/ifcfg-route0

34. How to check the processor type ?

Ans. grep “model name” /proc/cpuinfo

[root@testmachine Desktop]# grep -i “model name” /proc/cpuinfo  | cut -d: -f2

Intel(R) Core(TM)2 Duo CPU     T9550  @ 2.66GHz

35.what is GRUB?

Ans. Grand unified Boot loader. Its boot loader in linux. (kernel versions >=2.6)

36.how to check info of  hard drives ?

Ans. df or mount

37.How to increase physical memory in steps?

Ans. Hardware job, Its requires a down time form the users/customers , to upgrade memory
modules . (memory size should be match with old memory modules.)

38.how to mount alternate superblock command?

Ans. mount  sb=alternative superblock  /dev/sda

39.How to create a never expire passwod for user?

Ans. chage -E -1 username

40.tune2fs command used for ?

Ans. for tuning  the file system parameters

41.I am sharing a directory through samba , everything is accessible apart  from soft link files
,how to share those soft links shares?

Ans. Apply parameters in share definition

follow symlinks =yes

wide links =yes

42.maximum file grow in ext4 filesystem?

Ans. The ext4 file system can support volumes with sizes up to 1 exbibyte (EiB) and files with
sizes up to 16 tebibytes (TiB). However, Red Hat recommends using XFS instead of ext4 for
volumes larger than 100 TB.

1 exbibyte = 260 bytes = 1152921504606846976bytes = 1,024 pebibytes

1 tebibyte = 240 bytes = 1099511627776bytes = 1024 gibibytes

43.scenerio

# df -h

……………. file system full

#ls -l

two files…..1. one file is occupying full space

# rm -f filename

#df  -h
same output …file system is full

#ls -l

file is not there ..still file system is full.

Ans.

# lsof | grep “(deleted)” # (or lsof | grep (filename))

If it’s safe to do so, take the pid from the lsof command, and do:

Code:

# ls -l /proc/(pid)/fd # to get the fd# for the file

# > /proc/(pid)/fd/(fd#) # to empty the file.

Otherwise the space will be freed when the application using it closes, or the system restarts.

# implies a root prompt, meaning your sysadmin needs to do this.

(S)he will need to install lsof if it’s not already installed.

44.No such file or directory error?

Ans. ls -ld <filename>, error, no such file or directory..

Reasons: Check it , by logging as a root. might be normal user not having the permissions to
view it.

we will get these type of messages, if the directory or file is unmounted or deleted.

45.how to check database and other applications running?

Ans. ps -ef | grep <database name/ application name>

46.mpstat, iostat,vmstat statistics define?

Ans.

1. iostat – Basic example

 
Iostat without any argument displays information about the CPU usage, and I/O statistics about
all the partitions on the system as shown below.

#iostat

Linux 2.6.32-100.28.5.el6.x86_64 (dev-db)       07/09/2013

avg-cpu:  %user   %nice %system %iowait  %steal   %idle

5.68    0.00    0.52    2.03    0.00   91.76

Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn

sda             194.72      1096.66      1598.70 2719068704 3963827344

sda1            178.20       773.45      1329.09 1917686794 3295354888

sda2             16.51       323.19       269.61  801326686  668472456

vmstat : vmstat by default will display the memory usage (including swap) as shown below.

#vmstat

procs ———–memory———- —swap– —–io—- –system– —–cpu——

r  b   swpd   free   buff  cache     si   so    bi    bo   in   cs us sy id wa st

0  0 305416 260688  29160 2356920    2    2     4     1    0    0  6  1 92  2  0

Procs – r: Total number of processes waiting to run

Procs – b: Total number of busy processes

Memory – swpd: Used virtual memory

Memory – free: Free virtual memory

Memory – buff: Memory used as buffers

Memory – cache: Memory used as cache.

Swap – si: Memory swapped from disk (for every second)

Swap – so: Memory swapped to disk (for every second)

IO – bi: Blocks in. i.e blocks received from device (for every second)
IO – bo: Blocks out. i.e blocks sent to the device (for every second)

System – in: Interrupts per second

System – cs: Context switches

CPU – us, sy, id, wa, st: CPU user time, system time, idle time, wait time

mpstat – Display basic info

By default mpstat displays CPU statistics.

46.how to list newly attached hardware?

Ans. dmidecode | less

47.In RAID , statistics display  “_U” .what is the meaning?

Ans. one of the hard disk is failed.

48.what is initrd? what it does?

Ans. initrd stands for Initial RAM Disk. initrd is used by kernel as temporary root file system
until kernel is booted and the real root file system is mounted. It also contains necessary drivers
compiled inside, which helps it to access the hard drive partitions, and other hardware parts of
the server.

49.where /proc file system rests?

Ans. Linux systems store all data as files. Most users are familiar with the two primary types of
files: text and binary. But the /proc/ directory contains another type of file called a virtual file. As
such, /proc/ is often referred to as a virtual file system.

50.where tmpfs stores?

Ans. Tmpfs is a file system which keeps all files in virtual memory. Everything in tmpfs is
temporary in the sense that no files will be created on your hard drive. If you unmount a tmpfs
instance, everything stored therein is lost. tmpfs lives completely in the page cache and on swap,
all tmpfs pages currently in memory will show up as cached

51.Daemons in nfs?

Ans. mountd ,nfsd,lockd,statd,nfslogd

52.how to change user access to entire file system?

Ans. chown -R

53.why UMASK is used, where to change its value to be effective on entire OS?

Ans. When user create a file or directory under Linux or UNIX, it creates with a default set of
permissions. In most case the system defaults may be open or relaxed for file sharing purpose.
For example, if a text file has 666 permissions, it grants read and write permission to everyone.
Similarly a directory with 777 permissions, grants read, write, and execute permission to
everyone.

You can setup umask in /etc/bashrc or /etc/profile file for all users. By default most Linux
machines set it to 0022 (022) or 0002 (002).

Open /etc/profile or ~/.bashrc file, enter:

# vi /etc/profile

OR

# vi ~/.bashrc

Append/modify following line to setup a new umask:

umask 022

Save and close the file. Changes will take effect after next login. All UNIX users can override
the system umask defaults in their /etc/profile file, ~/.profile (Korn / Bourne shell) ~/.cshrc file
(C shells), ~/.bash_profile (Bash shell) or ~/.login file (defines the user’s environment at login).

54.how to display the list of specific  port ?

Ans. netstat -ntlp | grep <service daemon name>

55.what is SFTP?

Ans.secure file transfer protocol, a network protocol for secure file transfer over a secure shell.

56.Top responding slowly..other option to check load average?

Ans. vmstat

57.Difference between crontab and at ?

list crontab entry?

Ans.crontab -l
58.what is MTA?

Ans. Mail Transfer Agent

59.while install rpm package, progress reports already use , but  no package name doesn’t exist
in rpm  list ?

Ans. rpm –reinstall <package name>

60.create user in different directory?

Ans. useradd -m -d  /newdir/<username>  username

Errors:—

Error name: /dev/null: Permission denied

I got this  error message while  Logging (doing ssh) into  one production server.   Please do the
Following things to fix it. It doesn’t requires any reboot and it wont effect to production.

testmachine11:~ # ls -ld /dev/null

crw——- 1 root root 1, 3 Apr 22  2012 /dev/null

It is a character file, The permissions should be  666 for this one. So , change the permission to
666. after that you wont see that message.

testmachine11:~ # chmod 666 /dev/null

testmachine11:~ # ls -ld /dev/null

crw-rw-rw- 1 root root 1, 3 Apr 22  2012 /dev/null

(OR)

You can delete it and recreate the /dev/null file. But first solution is little bit faster.

To Remove it..

#rm -f /dev/null

To create the special file for /dev/null

#mknod /dev/null c 1 3
This creates the /dev/null special file that is a special character file with the major device number
1 and the minor device  number 3.

Then start the sshd service

# /etc/init.d/sshd start

# /etc/init.d/sshd status