Linux Networking

Video CBT
LAB SERIES

Linux Networking & Administration

Video CBT Lab 23

Red Hat Cerified Technician (RHCT) &
CompTIA Linux+ Preparatory Course
 Linux Networking & Administration:
A complete Linux, Red Hat Certified Technician
(RHCT) & CompTia Linux +
Preparatory Course

Fast Track CBT Video Lab

Labs 1 - 10

Page 1 of 191 © Train Signal, Inc., 2002-2006

Page 2 of 191 © Train Signal, Inc., 2002-2006
About the Author

David Davis has been in the IT industry for 12 years. Currently, he manages a group of
systems/network administrators for a privately owned retail company and also authors IT-
related material in his spare time. He has written over fifty articles, eight practice tests and
has co-authored one book. His certifications include: IBM Certified Professional-AIX
Support, MCSE + Internet, Sun Certified Solaris Admin (SCSA), Certified Information
Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Wireless
Network Administrator (CWNA), Cisco CCNA, CCDA, CCNP and CCIE #9369.

Train Signal, Inc.

400 West Dundee Road
Suite #106
Buffalo Grove, IL 60089
Phone – (888) 229-5055 or (847) 229-8780
Fax – (847) 229-8760
www.trainsignal.com

Copyright and other Intellectual Property Information

© Train Signal, Inc., 2002-2005. All rights are reserved. No part of this publication,
including written work, videos and on-screen demonstrations (together called “the
Information” or “THE INFORMATION”) may be reproduced or distributed in any form
or by any means without the prior written permission of the copyright holder.

Products and company names, including but not limited to, Microsoft, Novell and Cisco, are
the trademarks, registered trademarks and service marks of their respective owners.

Page 3 of 191 © Train Signal, Inc., 2002-2006

Disclaimer and Limitation of Liability

Although the publishers and authors of the Information have made every effort to ensure
that the information within it was correct at the time of publication, the publishers and the
authors do not assume and hereby disclaim any liability to any party for any loss or damage
caused by errors, omissions, or misleading information.

TRAIN SIGNAL, INC. PROVIDES THE INFORMATION "AS-IS." NEITHER TRAIN

SIGNAL, INC. NOR ANY OF ITS SUPPLIERS MAKES ANY WARRANTY OF ANY
KIND, EXPRESS OR IMPLIED. TRAIN SIGNAL, INC. AND ITS SUPPLIERS
SPECIFICALLY DISCLAIM THE IMPLIED WARRANTIES OF TITLE, NON-
INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THERE IS NO WARRANTY OR GUARANTEE THAT THE OPERATION
OF THE INFORMATION WILL BE UNINTERRUPTED, ERROR-FREE, VIRUS-
FREE, OR THAT THE INFORMATION WILL MEET ANY PARTICULAR
CRITERIA OF PERFORMANCE OR QUALITY. YOU ASSUME THE ENTIRE RISK
OF SELECTION, INSTALLATION AND USE OF THE INFORMATION.
IN NO EVENT AND UNDER NO LEGAL THEORY, INCLUDING WITHOUT
LIMITATION, TORT, CONTRACT, OR STRICT PRODUCTS LIABILITY, SHALL
TRAIN SIGNAL, INC. OR ANY OF ITS SUPPLIERS BE LIABLE TO YOU OR ANY
OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR
CONSEQUENTIAL DAMAGES OF ANY KIND, INCLUDING WITHOUT
LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE,
COMPUTER MALFUNCTION, OR ANY OTHER KIND OF DAMAGE, EVEN IF
TRAIN SIGNAL, INC. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. IN NO EVENT SHALL TRAIN SIGNAL, INC. BE LIABLE FOR
DAMAGES IN EXCESS OF TRAIN SIGNAL, INC.'S LIST PRICE FOR THE
INFORMATION.

To the extent that this Limitation is inconsistent with the locality where you use the
Software, the Limitation shall be deemed to be modified consistent with such local law.
Choice of Law:
You agree that any and all claims, suits or other disputes arising from your use of the
Information shall be determined in accordance with the laws of the State of Illinois, in the
event Train Signal, Inc. is made a party thereto. You agree to submit to the jurisdiction of
the state and federal courts in Cook County, Illinois for all actions, whether in contract or in
tort, arising from your use or purchase of the Information.

Page 4 of 191 © Train Signal, Inc., 2002-2006

 TABLE OF CONTENTS

INTRODUCTION............................................................................................................... 7
LAB SETUP...................................................................................................................... 9
SETTING UP THE LAB................................................................................................... 10
COMPUTER 1............................................................................................................. 12
COMPUTER 2............................................................................................................. 12
LAB SCENARIO.......................................................................................................... 14
LAB 1.............................................................................................................................. 15
SELECT THE VERSION OF LINUX TO USE ................................................................. 16
DOWNLOAD AND CREATE CD MEDIA ........................................................................ 17
INSTALLING FEDORA LINUX........................................................................................ 20
LAB 2.............................................................................................................................. 35
LAB SCENARIO.............................................................................................................. 36
INSTALLING DNS........................................................................................................... 37
CONFIGURING LINUX DNS SERVER........................................................................... 40
LAB 3.............................................................................................................................. 55
LAB SCENARIO.............................................................................................................. 56
INSTALLING LINUX DHCP SERVER............................................................................. 57
CONFIGURING LINUX DHCP SERVER ........................................................................ 59
TEST LINUX DHCP SERVER WITH WINDOWS CLIENT ............................................. 64
LAB 4.............................................................................................................................. 69
LAB SCENARIO.............................................................................................................. 70
CONFIGURING SAMBA ................................................................................................. 71
TESTING SAMBA ........................................................................................................... 80
LAB 5.............................................................................................................................. 85
LAB SCENARIO.............................................................................................................. 86
START APACHE WEB SERVER AND SET TO START AUTOMATICALLY ................. 87
CONFIGURE APACHE AND CREATE A NEW VIRTUAL SERVER .............................. 91
TESTING THE NEW VIRTUAL SERVER ..................................................................... 103
LAB 6............................................................................................................................ 104
LAB SCENARIO............................................................................................................ 105
ADDING LINUX USERS AND GROUPS ...................................................................... 106
SETTING PERMISSIONS ON FILES AND FOLDERS................................................. 111
TESTING LINUX SECURITY........................................................................................ 117

Page 5 of 191 © Train Signal, Inc., 2002-2006

LAB 7............................................................................................................................ 132
LAB SCENARIO............................................................................................................ 133
CREATING A SPREADSHEET WITH OPENOFFICE CALC ....................................... 134
CREATING A DOCUMENT WITH OPENOFFICE WRITER......................................... 138
TEST SHARING A FILE BETWEEN MS WORD AND OPENOFFICE WRITER .......... 139
LAB 8............................................................................................................................ 146
LAB SCENARIO............................................................................................................ 147
INSTALLING KDAR ...................................................................................................... 148
PERFORMING A BACKUP WITH KDAR ..................................................................... 162
RESTORING A FILE WITH KDAR................................................................................ 168
LAB 9............................................................................................................................ 171
LAB SCENARIO............................................................................................................ 172
USING YUM.................................................................................................................. 173
INSTALLING YUMEX (YUM GUI INTERFACE) ........................................................... 174
USING YUMEX TO PERFORM AN UPDATE .............................................................. 176
LAB 10.......................................................................................................................... 183
LAB SCENARIO............................................................................................................ 184
CONFIGURING THE FTP SERVER............................................................................. 185
STARTING THE FTP SERVER .................................................................................... 188
TESTING OUR FTP SERVER CONFIGURATION....................................................... 189

Page 6 of 191 © Train Signal, Inc., 2002-2006

Introduction
Welcome to Train Signal!

This series of labs on Red Hat Linux is designed to give you detailed, hands-on experience of
working with the Linux Operating System. Train Signal’s Audio-Visual Lab courses are
targeted towards the serious learner, those who want to know more than just the answers to
the test questions. We have gone to great lengths to make this series appealing to both those
who are seeking the Red Hat Certified Technician (RHCT) or Linux+ certifications and to
those who want an excellent overall knowledge of the Linux Operating System.

Each of our courses puts you in the driver’s seat, working for different fictitious companies,
deploying complex configurations and then modifying them as your company grows. They
are not designed to be a “cookbook lab,” where you follow the steps of the “recipe” until
you have completed the lab and have learned nothing. Instead, you recommend that you
perform each step and then analyze the results of your actions in detail.

To complete these labs yourself, you will need two computers equipped as described in the
Lab Setup section. You also need to have a foundation in Networking and TCP/IP
concepts. You should be comfortable with navigating through a graphical operating system.
Basic networking skills will also be very helpful. These labs will start from a default
installation of Red Hat Linux. From there, you will be run through the basic configurations
and settings for a variety of standard Linux services and applications. It is very important
that you follow these guidelines exactly, in order to get the best results from this course.

The course also includes a CD-ROM that features an audio-visual walk-through of all of the
labs in the course. In the walk-through, you will be shown all of the details from start to
finish on each step, for every lab in the course. During the instruction, you will also benefit
from live training that discusses the current topic in great detail, making you aware of many
of the associated fine points.

Thanks for choosing Train Signal!

Scott Skinger
Owner
Train Signal, Inc.
Page 7 of 191 © Train Signal, Inc., 2002-2006
Page 8 of 191 © Train Signal, Inc., 2002-2006
 Lab Setup

Page 9 of 191 © Train Signal, Inc., 2002-2006

Setting up the Lab
1. Computer Equipment Needed

Item Minimum Recommended

Computers (2) Pentium 2 266 MHz (2) Pentium II 400MHz or greater

Memory 256 MB 512 MB

Hard Drive 6 GB 10 GB or larger

CD Recorder CD recordable drive CD recordable drive

NIC 1 per computer 1 per computer

Networking 10 Base-T Ethernet Interface 100 Base-T Ethernet Interface and a

and a hub switch

Dedicated Networked connection to the Networked connection to the Internet

Internet Internet required to download required to download and install
Connection and install many packages in many packages in these labs. A high-
these labs. speed Internet connection (i.e. DSL,
Cable, T1, etc) would be ideal.

Software Red Hat Linux (Version 9), Red Hat Fedora Linux Version 5
Enterprise Linux 3 or 4,
Fedora, or clones will all work) Microsoft Office Suite

Page 10 of 191 © Train Signal, Inc., 2002-2006

You are strongly urged to acquire all of the recommended equipment in the list above. It
can all be easily purchased from eBay or another source, for around $500 (less if you already
have some of the equipment). This same equipment is used over and over again in all of
Train Signal’s labs and will also work great in all sorts of other network configurations that
you may want to set up in the future. It will be an excellent investment in your education.
Call or email us at: [email protected] if you need help locating networking
equipment. Two other products that you may also want to look into are a KVM (Keyboard-
Video-Mouse) switch and a disk-imaging product, such as Norton Ghost. The KVM switch
will allow you to run all of your computers using a single keyboard/monitor/mouse set. A
button allows you to quickly control which PC you are managing. Disk imaging software
will save you a tremendous amount of time when it comes to reinstalling operating systems
for future labs. Many vendors offer trial versions or personal versions of their products that
are very inexpensive.

2. Computer Configuration Overview

1 2
Computer Number

Computer Name CLIENT1 SERVER1

IP 192.168.1.10 IP 192.168.1.100
IP Address
Subnet 255.255.255.0 Subnet 255.255.255.0

Default Gateway 192.168.1.1 192.168.1.1

OS Windows XP Pro Red Hat Fedora Linux

Additional SP2 or later

Core Version 5
Configurations And Microsoft Word

***Important Note***
This lab should NOT be performed on a live production network. You should only use computer
equipment that is not part of a business network AND is not connected to a business network.
Train Signal Inc., is not responsible for any damages. Refer to the full disclaimer and limitation of
liability, which appears at the beginning of this document and on our Website at:
http://www.trainsignal.com/legalinfo.html

Page 11 of 191 © Train Signal, Inc., 2002-2006

 3. Detailed Lab Configuration

Computer 1
Computer 1 will be named Client1 and the operating system on this computer will be
Windows XP Pro. You should also install Service Pack 2 or later to avoid any unforeseen
problems. Have Microsoft Word installed as well as we will use it to test file sharing between
Word and the Linux freeware version of Word.

Client1 will have one NIC with a static IP address of 192.168.1.10 and a 255.255.255.0
subnet mask. You are also welcome to use DHCP for both Client and Server as long as you
keep in mind that you will have to substitute the proper DHCP IP address for the static
addresses defined in this lab book. If you use the static IP addresses, make sure that these
addresses do not overlap with any existing IP addresses already on your LAN (assuming you
connect these machines to your LAN). The default gateway will be your local router that
connects to your Internet Service Provider. Initially, you should match the DNS server of
your Client and Server to match the DNS server information from your ISP. Many times,
this DNS server information will be obtained from your Router/AP. Later in these labs, you
will be configuring a Linux server using Red Hat and configuring your client’s DNS to be
that Red Hat Linux DNS server. The Client is in a workgroup named WORKGROUP but
will soon be moved to a domain when we configure the Linux Samba server. See figure 1,
next page.

Computer 2
Computer 2 will be named Server1 and the operating system on this computer will be Red
Hat Linux Fedora Core Version 5. However, most exercises will work on Red Hat Version
9, Enterprise Linux, or another version of Fedora Linux. The NIC in Server1 will have a
static IP address of 192.168.1.100 and a subnet mask of 255.255.255.0. The default gateway
should be set to 192.168.1.1. The DNS server information should match that of your
Internet Service Provider. See figure 1, next page.

Page 12 of 191 © Train Signal, Inc., 2002-2006

 Big Sky Fishing Supply
Network

Internet

Server 1
Router IP - 192.168.1.10
Internal IP - 192.168.1.1 SM - 255.255.255.0
Internal SM - 255.255.255.0 DG – 192.168.1.1
DNS – match ISP’s
External IP, SM, DG, and DNS via DHCP
DNS via ISP’s DHCP
Red Hat Fedora Core
Version 5

` Client 1
IP - 192.168.1.10
SM - 255.255.255.0
DG - 192.168.1.1
DNS - match ISP’s

XP Pro with SP2

(figure 1)

***Important Note***
This lab should NOT be performed on a live production network. You should only use computer
equipment that is not part of a business network AND that is not connected to a business network.
Train Signal Inc. is not responsible for any damages. Refer to the full disclaimer and limitation of
liability which appears at the beginning of this document and on our Web site at:
www.trainsignal.com

Page 13 of 191 © Train Signal, Inc., 2002-2006

Lab Scenario
Big Sky Fishing Supply (www.bigskkyfishingsupply.com) in Bozeman, Montana, sells fishing
supplies. They sell rods, reels and anything else related to fishing through their retail
locations and through their e-commerce website. Big Sky is also a wholesaler to many
different fishing stores and other retail outlets around the country.

Big Sky Fishing Supply is converting their retail outlet in Bozeman, Montana to Linux. They
will use Linux for the following services: file sharing, web serving, FTP, DHCP and DNS.
This will be a pilot test of the Linux operating system for Big Sky Fishing. If this test is
successful, they plan to convert all retail stores, the corporate office and their e-commerce
web servers to Linux. They could save thousands of dollars in licensing fees and
maintenance by doing this. Because of the potential cost savings and the high profile of this
pilot, the CIO considers this Linux implementation very critical.

As a contractor, you will be solely responsible for implementing the new Big Sky Fishing
Supply Linux server implementation. During this process, you will start by installing a new
Linux server. From there you will install, configure and test a variety of critical Linux
infrastructure applications. You will have a Windows client that you use for testing.

Before starting any of the labs you should ensure that you have setup your network
according to the lab setup section which can be found earlier in this lab.

Page 14 of 191 © Train Signal, Inc., 2002-2006

 Lab 1
Fedora Linux Installation

You will learn how to:

• Select the version of Linux to use

• Download Linux and create CD Media
• Install Fedora Linux

Page 15 of 191 © Train Signal, Inc., 2002-2006

Select the version of Linux to use
Red Hat offers a variety of Linux versions. Here is a short breakdown of them:

Server
Red Hat Enterprise Linux AS – for high-end servers.
Red Hat Enterprise Linux ES – for mid-range servers.

Workstation
Red Hat Enterprise Linux WS – for technical workstations and power desktops.
Red Hat Enterprise Linux Desktop – for volume client deployments.

Free/Home User
Fedora – for cutting edge users who aren’t as concerned with stability and who do not need
support from Red Hat.

On the Red Hat Certified Technician (RHCT) and RHCE exams, the Red Hat test will be
given on the WS version of the operating system. All of these Red Hat versions are similar
but have some differences. The differences to look for are:

• Support services included for that version of Red Hat.

• Platforms that that version is available for.
• Number of CPUs and amount of RAM supported.
• Packages included. Specifically, the packages that are not in Enterprise Linux WS or
Red Hat Desktop include: amanda-server, arptables_jf, bind, caching-nameserver,
dhcp, freeradius, inews, inn, krb5-server, netdump-server, openldap-servers, pxe,
quagga, radvd, rarpd, redhat-config-bind, redhat-config-netboot, tftp-server, tux,
vsftpd and ypserv.
• However, Fedora includes most all packages included in the server versions of
Enterprise Linux.

The server and workstation versions must be bought. The WS version starts at $179 but is
available as a 30 day evaluation. For the purpose of installing Red Hat Linux on this Big Sky
Fishing Supply server, you should use the free version of Red Hat Linux, called Fedora.
This way, you get all applications we will practice on and there is no cost or time limit for
use. However, if you are preparing for the RHCT exam, you may want to download the
evaluation version of Red Hat Enterprise Linux WS to practice with.

Page 16 of 191 © Train Signal, Inc., 2002-2006

Download and create CD media
1. To obtain Red Hat Fedora, go to www.redhat.com and click on Download.

2. Next, click on the Download link, under the Fedora section.

Page 17 of 191 © Train Signal, Inc., 2002-2006

3. Read through the download and installation instructions to familiarize yourself with
Fedora’s download process.

4. Click on the Download link.

Page 18 of 191 © Train Signal, Inc., 2002-2006

5. Next, choose your platform, i386 (unless you are using a 64-bit machine).

If you have trouble getting here, you can go to:

http://download.fedoraproject.org/pub/fedora/linux/core/5/i386/iso/

You will be taken to a random download mirror site for Fedora Linux. Thus, it may look
like this or it may look different. Either way, the files you want to download are the
same.

Download each of these FC-5-i386-discX.iso files where X is 1, 2, 3, 4 and 5. As these

files are about 600MB each, they will take some time to download.

Once downloaded, you need to create 5 CDs out of these 5 CD images (the ISO files
that you have downloaded). This can be done with just about any CD recording software
and a CD-R drive. Once you have the 5 CDs created, move on to installing the software.
Optionally, you could use a program like Daemon Tools (http://www.daemon-
tools.cc/) to just mount the ISO CDs directly, without ever having to burn them to a
CD.

Another option, available on some mirrors, is to download a 3+GB DVD file and to
burn a DVD of the entire Fedora distribution on a single DVD.

Page 19 of 191 © Train Signal, Inc., 2002-2006

Installing Fedora Linux
1. To install Red Hat Linux, insert CD #1 in your CD drive and power on your Server1
system. The server should find the CD in the drive and boot from it. You should see a
screen that looks like the one below.

2. You can press F2 to see the boot loader options, like this:

Page 20 of 191 © Train Signal, Inc., 2002-2006

3. Normally, you will just press the Enter key to begin the boot, with the default settings,
in graphical mode. After pressing enter, you will see a lot of text information scroll by
quickly. This is the Red Hat system starting up.

You will now see a colorful text menu screen, asking if you want to test the CD media
for errors. Note that your mouse doesn’t work here. You need to either use tab or the
right arrow to move over to the skip button. Once there, either press the space bar or
enter to select.

4. Now, Anaconda, the Fedora Linux Installer, will start up and the screen resolution will
change from 640x480 to 800x600. Here is what you will see:

Page 21 of 191 © Train Signal, Inc., 2002-2006

5. Your mouse should now function. Use it to click Next. On the language selection, take
the English default by clicking Next (assuming that is your choice). On the keyboard
selection, take the default of US English by clicking Next (assuming that is your
choice).Assuming you have a blank hard drive, you will be told that the partition table is
unreadable and you will be asked if you want to initialize the drive and erase all data.

6. Click Yes. You are now in the Disk Partitioning Setup section. The simplest choice here
is to take the defaults. However, if you have some more advanced knowledge, you can
review and modify the partition layout using that option.

Page 22 of 191 © Train Signal, Inc., 2002-2006

7. Click Next. On a new installation, like this one, you will get a message that says that the
partition table on device sda was unreadable and you must initialize the drive to
continue.

8. This is required so click Yes. Now you are at the networking configuration screen. It is
here that you either take the default of configuring the Linux system’s IP address
information via DHCP (from a DHCP server on your network) or using static IP
address information. In most cases, DHCP works fine, just as you would on a Windows
workstation. However, in our case, we have some specific static information we want to
configure.

Page 23 of 191 © Train Signal, Inc., 2002-2006

9. Click Edit on the Network Device section. A window will come up. In that window,
uncheck the Configure using DHCP option and fill in the static IP address and subnet
mask, like this:

10. Back on the main network configuration screen, put in a hostname for this Linux
system. The hostname should be Server1.BigSkyFishingSupply.com. Enter the
gateway from the setup section of 192.168.1.1 (or whatever your local router’s gateway
is). Enter the primary and secondary DNS IP addresses that are provided by your
Internet Service Provider or this information for already existing DNS servers on your
LAN. When you are done, the screen should look similar to this:

Page 24 of 191 © Train Signal, Inc., 2002-2006

11. Click Next to continue. On the next screen, set the time zone to North Dakota /
Central because that is where the Big Sky Fishing Supply Company is located.

12. Click Next. On the next screen, type in the root password. The root password is the
administrator and “super-user” for this computer. Because root has unlimited power on
this Linux system you should choose a secure root password. For the purposes of this
lab, type in Fishing123 in both blanks and click Next.

Page 25 of 191 © Train Signal, Inc., 2002-2006

13. You are now at the package group selection screen. As we chose a custom install, you
must choose your list of packages to be installed. Click Customize Now. Click Next.

Page 26 of 191 © Train Signal, Inc., 2002-2006

14. On the next screen, use the sections on the left to choose the following additional
packages (in addition to what is already checked):

• Servers:
o DNS Name Server
o FTP Server
o Network Servers
o Printing Support
o Server Configuration Tools
o Web Server
o Windows File Server

• Base System:
o System Tools

Here is an example of what the Servers section looks like (make sure you scroll down on
the right hand side to see all the choices):

Check the proper checkboxes from the list above for both the Servers and Base system
package groups then click Next.

Page 27 of 191 © Train Signal, Inc., 2002-2006

15. The next screen says that you are about to install the operating system. Click Next.

16. The file systems will be formatted and the installation process will begin. Assuming you
are installing from CDs, at various points in the installation, you will be asked to insert
the remaining installation CDs. This whole copying process can take about 45 minutes,
depending on the speed of the machine, CD drive and Disk. Once the copy process is
completed, you should see a screen that looks like this:

Page 28 of 191 © Train Signal, Inc., 2002-2006

17. Click Reboot and the system will restart. The boot will go through various phases. Once
the boot is successful, you will see this, “Welcome to Fedora” message.

18. Click Forward. Now click Yes, and Forward to accept the license agreement. You are
now at the firewall configuration screen. I recommend disabling the firewall for these
labs, to prevent any problems. If this machine moves from being a test machine to a
production machine, you should test enabling the firewall at that point to protect your
production machine. Change the Firewall option from Enabled to Disabled. Click
Forward and then click Yes to continue without enabling the firewall.

Page 29 of 191 © Train Signal, Inc., 2002-2006

19. You are now asked about SeLinux (Security Enhanced Linux). SeLinux provides
additional security over regular Linux Security. Choose the Permissive setting for
SeLinux as we don’t want to begin enforcing at this time. Click Forward.

20. In the next screen, you will be asked to either set the date and time or to use a network
time protocol (NTP) server. If you don’t have a NTP server on your network already,
Red Hat Linux offers some of the standard Internet NTP server domain names. In our
case, let’s say that Big Sky Fishing Supply wants this server to use the Internet NTP
servers to obtain its date and time information. So click on the Network Time Protocol
tab. On this window, check the checkbox to Enable Network Time Protocol. You will
be using the default servers. Your window should look like this:

Page 30 of 191 © Train Signal, Inc., 2002-2006

21. Click Forward and the system will attempt to contact the NTP servers on the Internet.
On the next screen, you will be asked for the resolution and color depth for the Linux
console monitor. The default is fine.

22. Click Forward. You will be prompted to create a regular user login (non-superuser).
Create a user called testuser and set the password to bigskyfishing.

Page 31 of 191 © Train Signal, Inc., 2002-2006

23. Click Forward. Click Finish on the soundcard screen that appears.

24. Some flashes of the screen will happen and you will be asked to login to the system.
Login as root with the password you configured.

Page 32 of 191 © Train Signal, Inc., 2002-2006

25. You should now see the screen below and be logged on to Fedora Linux

The installation process and Lab 1 are now complete.

At this point, I highly recommend opening the web browser on the newly installed
server and testing browsing to the Internet. Assuming this is successful, you have proved
that you have a network connection and valid network settings.

Page 33 of 191 © Train Signal, Inc., 2002-2006

Page 34 of 191 © Train Signal, Inc., 2002-2006
 Lab 2
Using Linux as a DNS Server

You will learn how to:

• Install the DNS Management Tool

• Configure DNS
• Test DNS

Page 35 of 191 © Train Signal, Inc., 2002-2006

Lab Scenario
When installing your Linux server, you used the DNS IP addresses from your Internet
Service Provider. This was so your Linux server could have Internet access for registration
and network time protocol.

However, at Big Sky Fishing Supply, your goal is to replace your existing Windows DNS
server with the new Linux DNS Server. This Linux DNS Server will provide local DNS
name resolution. When this local DNS server cannot resolve the name requested (such as an
Internet DNS name), it will forward that request to the Internet DNS servers, located at
your ISP.

To accomplish this, we will:

1. Install the DNS management tool on the Linux server.

2. Configure DNS to provide local name resolution.
3. Test name resolution from your Client1 (Windows XP Client) to the Linux DNS Server.

Please note that DNS Server in Linux is called BIND. BIND stands for Berkley Internet
Name Domain.

Page 36 of 191 © Train Signal, Inc., 2002-2006

Installing DNS
We installed the DNS server when we installed Linux. However, we did not install the DNS
graphical management tool. Of course, DNS can be administered and fully configured from
the command line. However, configuring Linux DNS from the command line is challenging,
even for an experienced Linux user.

1. To install the DNS GUI management tool, go to Applications Æ Add/Remove

Software.

2. The Package Manager window will appear. Click on the Servers section on the left hand
side.

Page 37 of 191 © Train Signal, Inc., 2002-2006

3. Click on the Server Configuration Tools section and then click Optional Packages.

4. Check the checkbox next to system-config-bind. This is the DNS graphical

configuration tool. Once this is checked, click Close, then click Apply back on the
Package Manager window. You will see this window:

Page 38 of 191 © Train Signal, Inc., 2002-2006

5. Click Continue. The package will be downloaded from the Internet.

6. When you are asked if you want to import the key, click Import Key. The DNS
management utility files will be copied and your update is complete.

Click OK. The Package Manager application will then automatically close. The
installation of the DNS GUI tool is complete.

Page 39 of 191 © Train Signal, Inc., 2002-2006

 Configuring Linux DNS Server
Your goal is to be able to use the Server1 Linux server as a DNS server for your Windows
clients. The Linux server will provide name resolution for the local LAN and will forward
any requests that it is unable to resolve to your ISP’s DNS servers. The requests that it is
unable to resolve will be, most likely, Internet DNS names.

1. To do this, start the DNS GUI management tool by going to System Æ

Administration Æ Server Settings Æ Domain Name System.

2. Once started, you should see a utility called the Bind Configuration GUI.

Page 40 of 191 © Train Signal, Inc., 2002-2006

3. Let me stress that our goal is to have the Windows PC go to the Linux server for DNS
lookup (both for the internal LAN and external Internet networks). To do this, we will
take these steps:

• Configure the Linux server to forward all unknown requests to external Internet ISP
DNS servers (create a forwarder).
• Create a new Zone. Add a hostname alias on the Linux DNS server for the Windows
PC and for the Linux Server.
• Configure the Linux server to go to itself for DNS.
• Configure the Windows system to go to the Linux server for all DNS requests.

To configure the first task of creating a forwarder, you will need your current Internet
Service provider’s IP addresses. Note those down here, or on your own notepad:

ISP Primary DNS ___ . ___ . ___ . ___

ISP Secondary DNS ___ . ___ . ___ . ___

Remember, you configured these IP addresses when you loaded Linux. If you have
trouble finding them, they can be found by going to System Æ Administration Æ
Network, then click on the DNS tab, like this:

Page 41 of 191 © Train Signal, Inc., 2002-2006

4. Once you have this information, in your DNS configuration tool, click on the first line
that says DNS Server. Then click Properties, on the toolbar, like this:

5. On the Properties window, on the right side, under All Options, scroll down the list
until you find Forwarders (with an S at the end). Click on Forwarders, then click the +
(plus) sign to add it to the list of Current Options, like this:

Page 42 of 191 © Train Signal, Inc., 2002-2006

6. Now click on the IPV4 Address on the middle right of this window. In the Edit List
Element that comes up, enter the IP address of your ISP’s primary DNS server in the
address boxes. It is easiest to just type them in. Make sure that your NumLock is on, if
you are using the numbered keypad.

7. Once you entered that address, click OK. Once added, it should be on the middle left
box called Address List, like this:

Page 43 of 191 © Train Signal, Inc., 2002-2006

8. Now repeat this procedure for the secondary DNS server. To repeat it, click on IPV4
Address, enter the address, and then click OK. When done, you should have two
addresses in the Forwarders Address List, like this:

Click OK.

Page 44 of 191 © Train Signal, Inc., 2002-2006

9. Before we begin our second task of creating an alias for our Client1 Windows XP
system, we first need to create a new DNS Zone for BigSkyFishingSupply.com. To do
this click on the New button and click Zone.

10. The box below will come up. This box is confusing. What you want to do is first click
OK under Class, then OK under Origin Type, then OK at the bottom of the window.

Page 45 of 191 © Train Signal, Inc., 2002-2006

11. That will bring you to the box below. On this window, fill in the Forward Zone Origin
box with BigSkyFishingSupply.com. Don’t forget the “.” (dot) at the end of the
domain name. Click OK.

12. Next, you’ll see this tall window that is used to configure the Zone. Make sure that the
Authoritative Name Server is Server1.BigSkyFishingSupply.com. Nothing else needs
to be changed.

Finally, click OK to add the new Zone.

Page 46 of 191 © Train Signal, Inc., 2002-2006

13. Now, we can move on to adding the aliases for the Windows Client and for the DNS
Server itself. To do this, right click on the BigSkyFishingSupply domain line and click
Add. A menu will appear. Click on the first line that says A IPv4 Address.

14. In the A IPv4 Alias window that appears, enter the client’s name as
client1.BigSkyFishingSupply.com. and the IP address for Client1 as 192.168.1.10.

Click OK. Now, repeat this procedure for Server1 by adding an A IPv4 Alias record for
Server1 at IP address 192.168.1.100.

Page 47 of 191 © Train Signal, Inc., 2002-2006

15. Let’s now go ahead and save the DNS server configuration changes by clicking the big
Save button on the toolbar, like this:

When you are asked if you want to backup and replace the DNS configuration files, click
Yes.

16. Let’s go ahead and start our DNS server. It is not started by default. To do this, right-
click on the DNS Server line, then click Start Server, like this:

Page 48 of 191 © Train Signal, Inc., 2002-2006

17. For our third task of configuring the Linux server to use itself for DNS, go to System
Æ Administration Æ Network, then click on the DNS Tab. Now close the DNS
GUI management utility by clicking the X on the top right hand side of the window.
Change your current Primary DNS server to the IP address of your Linux server,
192.168.1.100. Remove the Secondary DNS Server. When done, it should look like this:

Page 49 of 191 © Train Signal, Inc., 2002-2006

18. Go to File and click Save. You will be given a warning that “changes are saved and you
may need to restart network services”. Click OK. Close out the network configuration
by going to File and clicking Quit. For this to be the production DNS server, there is an
important configuration change we need to make. We need the DNS Server (also known
as bind and named) to start automatically, when the server starts. To do this, go to
System Æ Administration Æ Server Settings Æ Services. This will bring up the
services window. Scroll down to the named section (they are in alphabetical order) and
check the checkbox next to it.

Once named has a checkmark, click Save on the Toolbar. Then, close the Services
Configuration by clicking X on the top right hand side of the window. Let’s go ahead
and restart the Linux machine to ensure all network changes took effect. To do this, go
to System Æ Shutdown. When the window appear, select Restart computer. Once the
Linux server restarts, log back into the console as root. We have completed the
configuration of the Linux DNS Server.

To test our Windows client with name resolution for local and Internet DNS names, we
next need to change our DNS server setting on the Windows client.

Page 50 of 191 © Train Signal, Inc., 2002-2006

19. To do this, on the Windows client, go to Start Æ Settings Æ Network Connections
and click on your local network connection. This could be a wireless adaptor or a
wired Ethernet adaptor. Once the status window for your connection appears, click on
Properties.

20. Once the properties appear, scroll down the list of items used and double click on
TCP/IP.

Page 51 of 191 © Train Signal, Inc., 2002-2006

21. At this point, it is important that you use the static IP address, subnet mask and default
gateway provided. Most importantly, you need to change the DNS server information to
look like it does in the picture. In other words, you only have a primary DNS server and
that is your Linux server at IP address 192.168.1.100.

22. Now click on the Advanced button, then on the DNS tab.

Page 52 of 191 © Train Signal, Inc., 2002-2006

23. In the DNS suffix for this connection blank, type in BigSkyFishingSupply.com and
click OK. Click OK on the TCP/IP Properties box, then OK on the network connection
properties so the changes will take effect. At this point, you should be able to open a
web browser and go to your normal Internet web sites because you are using Internet
DNS forwarding through the Linux server. Test this out. Also, open a Windows
Command Prompt by doing Start Æ Run and typing cmd. Once in the command
prompt type Ping server1 and Ping client1.bigskyfishingsupply.com (you must use a
fully-qualified domain name or else the client will just resolve DNS to its local host
adaptor, not really testing the new DNS server). If your new Linux DNS server is
configured properly and working, you should have all ping requests responded to, like
this:

The testing of the Linux DNS server from the Windows client is complete and so is Lab
2.

Page 53 of 191 © Train Signal, Inc., 2002-2006

Page 54 of 191 © Train Signal, Inc., 2002-2006
 Lab 3
Using Linux as a DHCP Server

You will learn how to:

• Install Linux DHCP server

• Configure Linux DHCP server
• Test with Windows Client

Page 55 of 191 © Train Signal, Inc., 2002-2006

Lab Scenario
A core Windows infrastructure feature that the new Big Sky Fishing Supply Linux server is
replacing is DHCP. As you know, DHCP provides a dynamically assigned IP address, subnet
mask, default gateway and DNS information for devices on a LAN. In this lab, we will
configure the new Linux server, Server1, as a DHCP server for the Windows client, Client1.

Keep in mind that you cannot easily configure a DHCP server to hand out an IP address for
just one client so this Linux server will hand out IP addresses for any client that connects.
Because of this, you don’t want to do this exercise on a production network. If you have
another DHCP server already on the non-production network upon which you are
performing this lab (such as one on a home network router), then you will need to disable
those DHCP server before starting this lab.

Page 56 of 191 © Train Signal, Inc., 2002-2006

Installing Linux DHCP Server
1. To install Linux DHCP server, open up your Add or Remove Packages application by
going to Applications Æ Add/Remove Software. On the left, click on Servers and,
on the right, click on Network Servers.

Notice that next to the Optional Packages button, it tells you that 3 of the possible 21
packages under Network Servers have already been installed. We are going to install
another one. Click on Optional Packages for that package.

2. When the list of extra packages to be installed appears, check the checkbox next to
DHCP. Do not install the DHCPv6 server.

Click Close.
Page 57 of 191 © Train Signal, Inc., 2002-2006
3. Back on the Add or Remove Packages window, click Apply.

4. You will be asked to review the packages that will be installed. Sometimes there are more
packages being installed that you may think you selected because one package to you
may include more than one package to Linux.

Click Continue.

Page 58 of 191 © Train Signal, Inc., 2002-2006

5. The package will be downloaded and installed from the Internet and you should get this
message:

Click OK and the Package Manager application will close automatically. The DHCP
Server (called dhcpd, or DHCP Daemon) is now successfully installed.

Configuring Linux DHCP server

Configuring dhcpd can be a little tricky since there is no graphical administrative console
included. For later reference, there are some free administrative consoles that work with
dhcpd available, such as www.webmin.com. However, in this lab, we will manually edit and
create a dhcpd configuration file. Don’t worry, this isn’t as difficult as it may sound because
you will be provided with exactly what you need to type into the file.

1. To get started, open a Linux terminal window (command prompt) by going to

Applications Æ Accessories Æ Terminal.

Page 59 of 191 © Train Signal, Inc., 2002-2006

2. You should see the following window appear. In this window, type dhcpd and press
Enter.

3. This will attempt to start the DHCP server but the attempt will fail because there is no
configuration file. DHCPd requires a text configuration file in the directory /etc called
dhcpd.conf. Let’s create that file. To do this, start your text editor by going to
Applications Æ Accessories Æ Text Editor.

Page 60 of 191 © Train Signal, Inc., 2002-2006

4. This text editor is called gedit. In the text editor window, type in the following:

ddns-update-style interim;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.200 192.168.1.240;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
option domain-name-servers 192.168.1.100;
option domain-name "bigskyfishingsupply.com";
}

Be careful that the syntax is correct! Watch out for the squiggly-brackets “{}” before the
range and after the options. The first line about DDNS is required. The remaining part of
the configuration creates the DHCP scope and specifies the options that will be handed out
to the clients when they request a DHCP address. For more information on how to
configure the DHCPD server and this configuration file, see this website:

http://www.siliconvalleyccie.com/linux-hn/dchp.htm and their official website is at:

http://www.isc.org/index.pl?/sw/dhcp/

Now click on the big Save button on the toolbar. It will ask for a name. Type in
dhcpd.conf. Click Browse for other Folders. By clicking on FileSystem then on /etc,
your window should look like this. Next, click Save.

Page 61 of 191 © Train Signal, Inc., 2002-2006

5. When you are asked if you want to replace the existing file, click Replace.

6. When done, your gedit text editor window should look like this:

Notice the filename and folder across the title bar of the window. Click on the X on the
top right of the window to close out the text editor.

Page 62 of 191 © Train Signal, Inc., 2002-2006

7. Now you will be back at your terminal window (command prompt). On this window,
press the up arrow key to show your last command. That command should be dhcpd. If
it is, press Enter. If not, delete it and type dhcpd, then press Enter. You should see
something like this:

The DHCP server is now configured and running. It is time to test the server out with
our Windows client, Client1.

Please note that the DHCPD server can be started by going to the services manager,
found at System Æ Administration Æ Server Settings Æ Services. This is also where
you would configure the server to start automatically when the Linux sever boots.
Currently, we did not configure the DHCP server to start when the Linux server boots.
Thus, if you reboot this Linux server, when it comes back up, clients won’t receive IP
addresses anymore.

Page 63 of 191 © Train Signal, Inc., 2002-2006

Test Linux DHCP server with Windows Client
1. To test our new Linux DHCP server, go to your Windows client, Client1. To do this, on
the Windows client, go to Start Æ Settings Æ Network Connections and click on
your local network connection. This could be a wireless adaptor or a wired Ethernet
adaptor. Once the status window for your connection appears, click on Properties.

2. Once the properties appear, scroll down the list of items used and double click on
TCP/IP.

Page 64 of 191 © Train Signal, Inc., 2002-2006

3. Once on the TCP/IP Properties section, select both the radio buttons that say Obtain
IP Address Automatically and Obtain DNS Server Address Automatically. When
done, it should look like this:

Click OK on the TCP/IP Properties box, then OK on the network connection

properties so the changes will take effect.

Page 65 of 191 © Train Signal, Inc., 2002-2006

4. When you click that last OK button, your Windows client will immediately change from
your static IP address to a dynamic address. It will immediately try to obtain that
dynamic IP address (and associated information) using DHCP. The first DHCP server
that responds with an address will be used. In our case, it should be Server1, the new
Linux DHCP server. To see if you successfully obtained an address from that server,
open a Windows command prompt by going to Start Æ Run. Type in cmd for the
program to run and click OK. Once inside the Windows command prompt, type in
IPCONFIG /ALL and press Enter.

What you are looking for is that the adaptor you configured to use DHCP:

• has an address
• obtained that address from Server1.

What you should find looks something like this:

Notice in this window that this adaptor has an IP address and, more importantly, it
obtained it from DHCP Server 192.168.1.100. That IP address is the address of Server1.
Because of this, we know that our test was a success.

Page 66 of 191 © Train Signal, Inc., 2002-2006

5. You can also open up the status screen on your network adaptor by clicking on the
Support tab, then on the Details button. You should see something like this:

The testing of the Linux DHCP server from the Windows client is complete and so is
Lab 3.

Page 67 of 191 © Train Signal, Inc., 2002-2006

Page 68 of 191 © Train Signal, Inc., 2002-2006
 Lab 4
Using Linux as a Windows File Server

You will learn how to:

• Configure Samba
• Test Samba

Page 69 of 191 © Train Signal, Inc., 2002-2006

Lab Scenario
As you are replacing the existing Windows file server with the new Linux server, the Linux
server must be able to provide Windows file sharing capabilities. In Linux, this is done with a
program called Samba. Samba got its name from the Windows file sharing protocol, SMB, or
server message blocks.

Samba makes your Linux server look like a Windows server. With it, you can share your
Linux files to Windows server, Windows servers can use your Linux server for file storage,
the Linux server can act as a Windows print server and even as a Windows domain
controller.

In this lab, we will configure Samba to share a directory out as a windows share. We will
then use the Windows client to access that directory through the Windows My Network
Places. We will also add a mapped drive on the Windows client, pointing to this shared
Linux folder.

As Samba was installed when we installed the operating system, there is no need to install it
again now. Once you are more familiar with Samba, you may choose to move from a
workgroup to a domain environment and to do more with Samba. There is an excellent
utility called SWAT that is a web-based Samba configuration tool. I highly recommend it if
you are going to do more with Samba than the exercises shown in this lab.

Page 70 of 191 © Train Signal, Inc., 2002-2006

Configuring Samba

1. To configure and administer Samba, go to System Æ Administration Æ Server

Settings Æ Samba. This will bring up the Samba administrative program.

In this tool you can perform the most basic samba configurations – add users, configure
the authentication mode, configure the workgroup and add/remove shared samba
folders. For more in depth Samba configuration, you can learn how to edit the Samba
configuration file at /etc/samba/smb.conf and/or use SWAT (the Samba Web
Administration Tool). For complete documentation on Samba, go to www.samba.org.

Page 71 of 191 © Train Signal, Inc., 2002-2006

3. Our steps to complete the necessary configuration will be:

1. Configure the workgroup names of the server and client to be BigSkyFishingSupply.

2. Create a new Samba user called testuser.
3. Start the Samba daemon and set it to automatically start.
4. Share the /tmp file system so that the test user can access it.

In the next section of this lab, we will test to verify that these configuration worked.

To start off with, let’s change the name of the Samba workgroup to
BigSkyFishingSupply. To do this, in the Samba Administrators utility, go up to
Preferences and click on Server Settings. Set the Workgroup to bigskyfishingsu. We
are truncating the name of the company’s workgroup because there is a 15 character
limit on the name of a workgroup in windows. When you are done it should look like
this:

Click OK.

Page 72 of 191 © Train Signal, Inc., 2002-2006

4. Over on the Windows XP client, Client1, right click on your My Network Places icon
and click Properties. This will bring up your Network Connections. From the menu bar
click on Advanced, then Network Identification.

5. Click on Change to change the workgroup name from WORKGROUP to

BIGSKYFISHINGSU. Notice that you won’t be able to type the rest of the word
supply. This is because there is a 15 character limit on the name of a workgroup. Click
OK.

Page 73 of 191 © Train Signal, Inc., 2002-2006

6. You’ll get the following message. Click OK and you will be prompted to reboot your
computer.

Click OK to reboot Client1, then OK and Yes, to reboot the machine. Once the client
reboots and you log back in, move back over to Server1.

7. On Server1, we will create a new Samba user called testuser. This Samba user name will
match with the Unix user we made, named testuser. We made that user when we
installed Linux on this machine. To make the new Samba user, in your Samba server
configuration program, go to Preferences and click on Samba Users.

Page 74 of 191 © Train Signal, Inc., 2002-2006

8. Inside the Samba users program, click Add User. On the Create New Samba User
window that comes up, select the following:

Unix Username testuser

Windows Username testuser
Samba Password Fishing123
Confirm Password Fishing123

When done, it should look like this:

9. Click OK. Your list of Samba users should look like this. Next, click OK.

Page 75 of 191 © Train Signal, Inc., 2002-2006

10. Our next task is to start the Samba server and to set it to start automatically when the
server starts. To do this, go to System Æ Administration Æ Server Settings Æ
Services. This will bring up the Services window. Scroll down to the smb (they are in
alphabetical order) and check the checkbox next to it.

11. Now click the Save button to save this configuration. You have set the smb to start
automatically. Note that the services application knows that the smbd also needs the
nmbd daemon and it makes these changes to it as well. Now, right click on the smb and
click Start, like this:

Page 76 of 191 © Train Signal, Inc., 2002-2006

12. Click OK when you are told that the services have been started. After the smbd is
started, the services program will also start the nmbd. Click Save on the toolbar and
close out the Services Configuration application. Now you have the servers running
that are needed to make Samba work. The final piece of the configuration is to create a
Samba share. We will take an existing directory and share it out to the Windows client
using Samba. Keep in mind that if you are creating a new directory, you must be careful
of the Linux permissions on that directory as Samba is acting as the Linux user you
mapped in the Samba user setup and is accessing that directory. To create a new Samba
share, go to your Samba Server Configuration tool and click Add on the toolbar.

Page 77 of 191 © Train Signal, Inc., 2002-2006

13. In the box that appears, enter or do the following:

• For Directory, enter /tmp or browse to that directory.

• The Share name will be automatically filled in for you as tmp.
• For the Description, type Tmp Folder on Server1.
• Check the Writeable and Visible boxes.

It should look like this:

14. Now click on the Access tab on the top of this window. It will default to “only allow
access to specific user”. This is fine. Check the checkbox next to our user, testuser.

Page 78 of 191 © Train Signal, Inc., 2002-2006

15. Click OK. When done, it should look like this:

We have performed the entire configuration required and it is now time to test out our
configuration.

Page 79 of 191 © Train Signal, Inc., 2002-2006

Testing Samba
1. To test the Samba configuration go to your Window XP machine, Client1. On your
desktop, double click on My Network Places. On the window that comes up, click on
View Workgroup Computers.

2. Once inside your workgroup computer view, you should see this:

Page 80 of 191 © Train Signal, Inc., 2002-2006

3. Notice that you are in the workgroup Bigskyfishsu and there are two computers in the
workgroup, Client1 (your machine) and the Linux server running Samba, Server1.Double
click on the Samba Server, Server1. You will be prompted with a login box. In that login
box enter testuser as the username and Fishing123 as the password.

4. Click OK. You should see this:

Notice that, most importantly, our tmp share is viewable. Notice also that the testuser
home directories are, by default, shared, even though they didn’t show up in the Samba
configuration tool. This is done in the smb.conf file. Also, notice that printers can be
shared from the Linux server, with this method.

Page 81 of 191 © Train Signal, Inc., 2002-2006

5. Double click on the tmp folder.

6. Inside, you’ll see that there are a number of folders available. Go ahead and right click in
this folder, scroll down to New, then over to Text Document.

Page 82 of 191 © Train Signal, Inc., 2002-2006

7. Click on Text Document. Notice that a new text Document was created in the tmp
folder on Server1. If it doesn’t show up, press F5 to refresh the window. This proves
that you can see the tmp folder, shared through Samba, on the Linux server, server1.
Now, let’s go over to the Linux server and see if the new Text Document showed up
there. On the Linux Desktop, click on Computer.

8. Click on Filesystem.

Page 83 of 191 © Train Signal, Inc., 2002-2006

9. Scroll down and click on tmp.

10. Scroll down inside the folder and find the New Text Document.

This shows that the document created on the Windows system showed up on the Linux
tmp folder. If you want, you can delete this document, then go over to the Windows
system, hit refresh, and see that it has disappeared. We have successfully shared files
between the Windows and Linux systems using Samba. This concludes Lab 4.

Page 84 of 191 © Train Signal, Inc., 2002-2006

 Lab 5
Configure and Use Apache Web Server

You will learn how to:

• Start Apache web server and set to start automatically

• Configure Apache and create a new virtual server
• Test the new virtual server

Page 85 of 191 © Train Signal, Inc., 2002-2006

Lab Scenario
Apache is a freely available web server. When we installed Fedora Linux, Apache web server
was one of the options we installed. Apache’s web server program is called httpd, or HTTP
Daemon. A daemon is a server or service.

Apache is an excellent program and has a graphical configuration tool. Once Apache is
running, you can add other web-based management programs to run under it, such as the
Samba Web Administration Tool.

Big Sky Fishing Supply wants to use Apache as the web server for their Intranet and Internet
applications. To assist them in this, you need to get Apache up and running and to test it
out. Later, a web designer will install the content on the server.

Page 86 of 191 © Train Signal, Inc., 2002-2006

Start Apache web server and set to start automatically
We have already started and set a number of services to run automatically when the server
starts. Configuring Apache, or httpd, in this way is no different.

1. To do this, go to System Æ Administration Æ Server Settings Æ Services. This will

bring up the Services window. Scroll down to httpd (the services are in alphabetical
order) and check the checkbox next to it.

2. Now click the Save button to save this configuration. You have set the httpd to start
automatically. Now, right click on the httpd and click Start, like this:

Page 87 of 191 © Train Signal, Inc., 2002-2006

3. This window will come up:

When you are told that the services have been started, click OK. Close out the Services
Configuration Application.

4. Now let’s test our httpd server and see if it is working with the default web page. To do
this, click on the Firefox web browser icon on the top of the desktop:

Page 88 of 191 © Train Signal, Inc., 2002-2006

5. The Firefox web browser will appear:

6. In the Address bar, type Server1 and press Enter or click Go. You will see the default
Fedora web server page and it should look like this:

Page 89 of 191 © Train Signal, Inc., 2002-2006

7. Note that one of the things it says on this page is that web content for this default
website should be put at /var/www/html/. Now that we know that the Apache web
server is working and we can access it from a web browser, locally, on the server, how
about testing it from Client1. Over on Client1, open your web browser and put in
server1 for the URL. You should get this:

Page 90 of 191 © Train Signal, Inc., 2002-2006

Configure Apache and create a new virtual server

To create our new virtual server, we will be following these steps:

1. Create a new virtual interface with a new IP address.

2. Put that IP address in DNS.
3. Create a new IP-based HTTP Virtual server.
4. Restart the HTTP server.

1. So, let’s start with the first step, creating a new virtual interface with a new IP address.
Basically, there are two types of virtual servers. One of then is a name-based virtual
server and the other is an IP-based virtual server. With an IP-based virtual server, you
must have a single IP address for every virtual web server. Thus, if you have 10 virtual
web servers on your single Linux server, you will have 11 IP addresses on that virtual
server (one for the physical interface, then one for each virtual server). To create a new
virtual network adaptor and to assign it a new IP address, go to System Æ
Administration Æ Network. You will see the network configuration program (called
system-config-network).

Page 91 of 191 © Train Signal, Inc., 2002-2006

2. Click New to create your new virtual network interface. You will be asked what type of
network interface you want to create. The default is Ethernet and this is fine. Click
Forward.

3. On the next screen, you will be asked what type of Ethernet interface you want to add.
The brand/model of interfaces listed will vary based on your hardware. You should be
able to take the default interface available as this really isn’t a physical interface anyway.
Click Forward.

Page 92 of 191 © Train Signal, Inc., 2002-2006

4. On the next screen, you’ll need to type in your IP address information for this new
interface. Use the following information:

IP address 192.168.1.101
Subnet mask 255.255.255.0
Default Gateway 192.168.1.1

Here is what it should look like when you are done:

Click Forward.

Page 93 of 191 © Train Signal, Inc., 2002-2006

5. The next screen you see is a confirmation window for your review.

6. Click Apply to add your new interface. You will now be shown the list of interfaces,
including your new interface:

Page 94 of 191 © Train Signal, Inc., 2002-2006

7. Click on your new interface, called eth0:1 and click Activate on the toolbar. You will be
prompted to save your configuration. Click Yes.

8. You will see that the changes are saved. Next, click OK.

The network device will be activated and the IP address is ready for use. If you go to
your Windows machine, you should be able to ping this IP address- 192.168.1.101.

Page 95 of 191 © Train Signal, Inc., 2002-2006

9. For the second step, we need to add this IP address to DNS and give it a hostname.
That hostname will be the hostname that the users type to get to our new virtual server.
In the case of Big Sky Fishing Supply, they want to have a local web server called
wisdom because this location is in Wisdom, Montana. So, the fully-qualified domain
name will be wisdom.bigskyfishingsupply.com. When we are done, the user on Client1
should be able to access the new website using that URL. To add this new domain name
to DNS, open your DNS management console by going to System Æ Administration
Æ Server Settings Æ Domain Name System. Once there, expand the
BigSkyFishingSupply.com zone, like this:

10. Just as you already have aliases for Client1 and Server1, you want to create a new alias for
the new wisdom web server. You will do this just as you created the old aliases. Right
click on the DNS Zone, BigSkyFishingSupply.com and click Add.

Page 96 of 191 © Train Signal, Inc., 2002-2006

11. When the new alias window appears, set the domain name as
wisdom.bigskyfishingsupply.com and the IP address as 192.168.1.101. This will point
the new virtual web server to the new IP address. That new IP address points to the new
virtual network interface that we created earlier in this lab.

12. Click OK. You will see that the new alias has been created.

Page 97 of 191 © Train Signal, Inc., 2002-2006

13. Now, save your changes by clicking Save on the toolbar. When you are asked if you
really want to overwrite the configuration, click Yes. When the changes are complete
and the DNS server has been restarted, click OK.

14. For the third step, creating the new HTTP virtual server, we will use the graphical
configuration program for the Apache web server (httpd). To do this you will need to
open the text editor. Go to Applications Æ Accessories Æ Text Editor and open
/etc/httpd/conf/httpd.conf. Scroll to the bottom of the file and add this:

<VirtualHost 192.168.1.101>
DocumentRoot /wisdom
</VirtualHost>

15. Now make sure to Save the file. To be safe, let’s go into the services manager and restart
the HTTPD service. To do this, open the services manager inside System Æ
Administration Æ Server Settings. Scroll down to the httpd services and right click.

Page 98 of 191 © Train Signal, Inc., 2002-2006

16. Click Restart. Click OK when you are told that the service has been restarted. The last
thing we need to make this virtual host show a web page is a web page in its home
directory. To put one there, close all windows and go back to the desktop. Click on
Computer then Filesystem to browse through the files on the hard disk. Once you see
all the folders on your root (/) drive, right click on a white area in the file browser, like
this:

17. Click on Create Folder. A new folder will be created and your cursor will be put at the
prompt to rename that folder. Enter the name of the folder, wisdom, then press Enter.
This will be the home directory for our virtual web server, wisdom. Once the folder is
created, it needs a web page inside. To create a web page for your new virtual server,
double click on the new folder, wisdom. Once inside the folder, right click in the blank
white space. Scroll to Create Document, then over to Empty File.

Page 99 of 191 © Train Signal, Inc., 2002-2006

18. Click on Empty File and the blank document will be created, like this:

19. For the name of the new file, type index.html and press Enter. Now right click on the
new HTML document and click on Open with Other Application.

Page 100 of 191 © Train Signal, Inc., 2002-2006

20. When you are given a list of applications with which to open the document, scroll down
and select Text Editor.

Page 101 of 191 © Train Signal, Inc., 2002-2006

21. Click Open. The text editor with a blank document will come up. In the blank
document type:

<HTML>
Welcome to the new webserver, WISDOM.BIGSKYFISHINGSUPPLY.COM
</HTML>

Now click on the Save button on the toolbar. Once saved, close out the text editor with
the X on the top right hand side of the window. Right click on the index.html file and go
to Properties and then click on the Permissions tab. You must make the file world
readable. To accomplish this you must make sure that the user, group, and other all have
Read Access checked. Click Close. Setup of the virtual website is complete. Now let’s
test it out from our Windows client.

Page 102 of 191 © Train Signal, Inc., 2002-2006

Testing the new virtual server

1. To test the new virtual website from the Windows client, Client1, open the web
browser on Client1. All you need to type for the URL is wisdom and the press Enter or
click Go. The domain name should be appended onto the server name. If you have
trouble bringing it up, you can type in the full URL:

http://wisdom.bigskyfishingsupply.com

You should see that the HTML text you entered in the index.html file appears on your
new homepage. Also, go back and enter the webpage for the original site:
Server1.bigskyfishingsupply.com, and you should still see the default web page for the
default virtual site.

Note that full documentation and upgrades for Apache web server can be found at:
http://httpd.apache.org/docs/

The configuration and testing of the Apache web server is completed and so is Lab 5.

Page 103 of 191 © Train Signal, Inc., 2002-2006

 Lab 6
Administering Linux Users and Security

You will learn how to:

• Add Linux users and groups

• Set permissions on files and folders
• Test Linux security

Page 104 of 191 © Train Signal, Inc., 2002-2006

Lab Scenario
When it comes to administering any operating system, you need to know how to add, change
and remove users and groups. You must also be able to create files and folders then set
permissions for users and groups on those files and folders.

In this lab, we will do just that. Big Sky Fishing Supply will have two users that will log onto
the server. They are:

Sam Randolph – Finance Manager

Jason Chen - Human Resources Manager

Each will need access to their own secure home directory and each will need access to a
shared area. Here are the details on those shared areas:

Finance Reports Folder – Sam has Full Permissions but everyone else only has Read.
Shared Managers Folder – Both Jason and Sam have Read and Write with no execute. No
other users have access to this folder.

Let’s get started creating these configurations.

Page 105 of 191 © Train Signal, Inc., 2002-2006

Adding Linux users and groups

1. To add these two new users, click on System Æ Administration Æ Users and
Groups.

2. Here is what your users and groups program looks like:

Page 106 of 191 © Train Signal, Inc., 2002-2006

3. Inside the users and groups program, let’s first create our groups. We will create a
Finance group and a Managers group. To do this, click on Add Group in the toolbar.
When the Create New Group window appears, fill in the first group name as finance
and allow the tool to create the group ID number to be created manually by just taking
the default on that option. Do not use upper case letters in the name of the group. Click
OK.

4. Now, repeat this process and create the managers group. Click OK.

5. Now click on the Groups tab and you should see that your two new groups have been
created:

Page 107 of 191 © Train Signal, Inc., 2002-2006

6. Click back to the Users tab and then click Add User to create the new users. For Sam
Randolph, enter the following information in the boxes:

User Name srandolp

Full Name Sam Randolph
Password Fishing123
Confirm Password Fishing123

Note that the home directory is automatically created and set to /home/{username}. It
should look like this:

Click OK to create the user.

Page 108 of 191 © Train Signal, Inc., 2002-2006

7. Repeat this process for the next user, Jason Chen. Your screen should look like this:

Click OK.

8. Your Users tab should now look like this:

Page 109 of 191 © Train Signal, Inc., 2002-2006

9. Now we need to add our new users to the new groups. To do this, click on the Groups
tab. Double click the Finance group, then click on the Group Users tab. Scroll down to
srandolp and check the box next to him. Sam is now a member of the Finance group,
where he belongs. Click OK.

10. Now double click on the Managers group. Scroll down the list of names. Find jchen
and check the box next to him. Then find srandolp and check the box next to him. As
both are managers, they both belong in this group. Click OK.

Page 110 of 191 © Train Signal, Inc., 2002-2006

11. When done, your group membership should look like this:

Close the User Manager program by clicking the X on the top right-hand corner. We
have now created the necessary users and groups.

Setting permissions on files and folders

1. Now we need to create the necessary folders and files. To do this, double click the
Computer icon on your desktop. Then double click on File System. Right click in the
white space and click Create Folder.

Page 111 of 191 © Train Signal, Inc., 2002-2006

2. When the new folder appears, enter the name as Shares and press Enter.

3. This folder will be the folder into which we put the new folders we are creating so
double click on the shares folder and you will see an empty window, representing the
empty shares folder. In the white space on that window, right click and select Create
Folder. The name of the new folder will be Finance Reports Right click again and click
Create Folder. The name of this folder will be Managers. When you are done, it
should look like this:

Page 112 of 191 © Train Signal, Inc., 2002-2006

4. Now we need to set permissions on these folders to ensure proper security for these
users and groups. To set permissions on the Finance Reports folder, right click on it and
click Properties. Once the Properties window appears, click on the Permissions tab. If
the default permissions do not appear yet you will need to Restart your system. Then
when you return to the Permissions Tab it will look like this:

***Note*** If you receive the message “The permissions of “xxxxx” could not be
determined” just close the properties and the folder window that contains that folder
or file and then re-open that folder and go back into the properties. This is a flaw of
Fedora Core 5.

Page 113 of 191 © Train Signal, Inc., 2002-2006

5. Change the permissions on this folder using these steps:

• File Group = finance

• Group Permissions = Read, Write, and Execute
• Other Permissions = Read only ** For Directory Browsing , you will also need
Execute so Other permissions = Read & Execute

This way, the Finance group can access this shared folder but everyone else only has
Read access. When done, the permissions should look like this:

When done, click Close.

Page 114 of 191 © Train Signal, Inc., 2002-2006

6. Now right click on the Managers folder, click Properties, and then click on the
Permissions tab. The defaults will look the same as the previous folder. Change the
following permissions on this folder using these steps:

File Group = managers

Group Permissions = Read, Write, and Execute
Other Permissions = (none)

This way, the Managers group can access this shared folder but no one else has access.
When done, the permissions should look like this:

Click Close and close out all windows.

Page 115 of 191 © Train Signal, Inc., 2002-2006

7. On the desktop, click on Computer, then Filesystem, then home. Double click on
srandolp.

8. Right click on the white space in this folder and create a text file called private.txt.

Once done, close out all windows. We are now done with our configuration. It is time to
test it out.

Page 116 of 191 © Train Signal, Inc., 2002-2006

Testing Linux security
1. To test out this configuration, start by logging out of the console.

Note: here are the security settings we are testing:

Finance Reports Folder – Sam has Full Permissions but everyone else only has Read
Shared Managers Folder – Both Jason and Sam have Read and Write with no Execute.
No other users have access to this folder.

Login to the console as srandolp, password Fishing123.

2. Once logged in, double click on the Computer icon on the desktop.

Page 117 of 191 © Train Signal, Inc., 2002-2006

3. Double click on Filesystem.

4. Double click on shares.

Page 118 of 191 © Train Signal, Inc., 2002-2006

5. Inside the shares folder, you will see the two folders we are working on:

6. Double click on Finance Reports. In the empty space inside the folder, right click and
go to Create a Document Æ Empty File.

Page 119 of 191 © Train Signal, Inc., 2002-2006

7. Click on Empty File. A file will be created and your cursor will move to the point of
naming that file.

8. Call the file test file from sam.txt and press Enter.

Page 120 of 191 © Train Signal, Inc., 2002-2006

9. Now, let’s put something inside this file. Double click on the file to open it in the text
editor. Inside the Text Editor, type the following in the file: Finance Report from Sam
Randolph. Here is what it looks like:

Click on Save on the toolbar to save the file. Then click on the X to close the editor.

Page 121 of 191 © Train Signal, Inc., 2002-2006

10. Now you must set permissions on this new file so that others will be able to read it. In
the Linux command line, the default permissions for any new file you create are called
your umask. There is this same variable in the GUI environment. By default, when Sam
created this file, the permissions for the file were read and write for Sam only (no other
permissions). We are going to add the ability for the other members of the finance group
to read and write to this file as well as permissions for others to read the file. Right click
on the file and click Properties. Click on the Permissions tab. Add Read, Write and
Execute for the Group. Add Read only for Other. When done, it should look like this:

Click Close.

Page 122 of 191 © Train Signal, Inc., 2002-2006

11. Back on your file browser window, close out the window for the Finance Reports folder
and double click on the Managers folder. Repeat the process above in the Managers
folder. When you open your Text Editor with your file in it, type this: SHARED
REPORT FROM SAM RANDOLPH. When you are done, it should look like this:

Page 123 of 191 © Train Signal, Inc., 2002-2006

12. Make sure you set the permissions on this file as well, so that all managers in the group
can read the file. The permissions should look like this:

13. Now, log out of the console and login as jchen.

Page 124 of 191 © Train Signal, Inc., 2002-2006

14. Once logged in, open the Computer icon, click on Filesystem, then on the shares
folder. This should be your current view:

15. Double click on the Finance Reports folder and you should see the test file from Sam.

Page 125 of 191 © Train Signal, Inc., 2002-2006

16. Double click on the file to open it in the Text Editor. You will see that the Text Editor
calls this a Read Only file on the title bar (see below).

Thus, if you try to change it, you’ll find that you cannot. Because of this, we can see that
the finance report, made by Sam, is readable by others (like Jason Chen) but not
changeable. We have successfully tested this part of our security configuration.

Page 126 of 191 © Train Signal, Inc., 2002-2006

17. Now, close the Text Editor by clicking the X on the top right hand corner. Close the
Finance Reports Folder window. You should now be back at the shares window and it
should look like this:

18. Double click on the Managers folder.

Page 127 of 191 © Train Signal, Inc., 2002-2006

19. You should see the test file from Sam. Double click on the test file from Sam.txt. As
this file is also marked execute, you will get this window:

20. Click Display and the file will be opened in Gedit, the Linux Text Editor. After the text
already in the file, add your own message from Jason Chen, like this:

Click Save, then close the editor by clicking X on the top right hand corner.

This test shows that, because Jason was in the Managers group and the folder and file
permissions were configured properly, Jason was able to read the Manager’s test file and
to make changes. However, Jason was not able to make changes to the Finance report
file.

Page 128 of 191 © Train Signal, Inc., 2002-2006

21. Finally, let’s make sure that Jason cannot read the private.txt file that is inside Sam’s
home directory. To do this, close all windows, double click on Computer, double click
on Filesystem and double click on home. You should be looking at the home
directories on this system:

22. Notice that there is the srandolp home directory in this folder. If you double click on the
srandolp folder, you’ll find that you cannot even view what is inside, much less see the
private.txt file that is located inside the folder.

Page 129 of 191 © Train Signal, Inc., 2002-2006

23. If you right click on the folder and click on Properties, then on the Permissions tab,
you’ll see that the only permissions for this folder belong to the folder owner, srandolp.

This shows that the home directories are secured. This concludes our testing and Lab 6.

Page 130 of 191 © Train Signal, Inc., 2002-2006

Page 131 of 191 © Train Signal, Inc., 2002-2006
 Lab 7
Using Linux OpenOffice

You will learn how to:

• Create a spreadsheet with OpenOffice Calc

• Create a document with OpenOffice Writer
• Test sharing a file between MS Word and OpenOffice Writer

Page 132 of 191 © Train Signal, Inc., 2002-2006

Lab Scenario
OpenOffice is a free suite of office automation tasks, very similar to Microsoft Office. For
example, OpenOffice has Writer which is similar to MS Word. Here are some other similar
applications:

OpenOffice has Calc, similar to MS Excel

OpenOffice has Evolution & KOrganizer, similar to MS Outlook
OpenOffice has Impress, similar to MS Powerpoint.
OpenOffice has DIA, similar to MS Visio
OpenOffice has Base, similar to MS Access
Finally, OpenOffice has Project Management, similar to MS Project

As you can see, there is a competing program in OpenOffice for almost every MS Office
feature.

At Big Sky Fishing Supply, they hope to be able to trial OpenOffice on a few Windows PCs
and to be able to share files between them. They are also considering loading Linux on
desktops. Because of these things, they would like to test basic OpenOffice functionality and
test how files can shared between MS Office and OpenOffice using a Samba share.

As we chose to install the OpenOffice Suite when we installed Linux, there is no further
installation to perform.

Page 133 of 191 © Train Signal, Inc., 2002-2006

Creating a spreadsheet with OpenOffice Calc

1. To create a spreadsheet with OpenOffice Calc, from the Linux Desktop, go to

Applications Æ Office Æ Spreadsheet.

2. When Calc starts, it will look like this:

Page 134 of 191 © Train Signal, Inc., 2002-2006

3. To create your basic spreadsheet enter something like this:

Travel Expenses
Food $100
Gas $200
Hotel $200
Total =sum(B2:B4)

When done, your spreadsheet should look like this:

4. To save this document, click on the Save icon (Floppy Disk) on the title bar. It looks like
this:

Page 135 of 191 © Train Signal, Inc., 2002-2006

5. You will be prompted for the name of the file. Call it Test Spreadsheet and then click
Save.

6. Now, let’s export this spreadsheet to a PDF file. To do this, go to File and then down to
Export to PDF.

Page 136 of 191 © Train Signal, Inc., 2002-2006

7. You will be asked for a filename but it will already be filled in. If automatic file name
extension is checked, this file will automatically be a .PDF file. Click Save to save this is
your home directory.

8. Of course, you could also choose to save this document in one of the shared folders we
created in the /tmp directory that we configured as a samba share (to be shared with
windows systems). You will be prompted for some additional export options. Change
the format from FDF to PDF and click the Export button.

Exporting a spreadsheet to a PDF file is a feature that MS Excel doesn’t natively offer.
Go ahead and close out the Calc program because we have accomplished what we need
to in this part of the lab.

Page 137 of 191 © Train Signal, Inc., 2002-2006

Creating a document with OpenOffice Writer

1. To create a document with OpenOffice Writer go to Applications Æ Office Æ Word

Processor.

2. Here is what Writer will look like once opened:

OpenOffice Writer it a fully-featured word processor. Go ahead and type something in

this document and Save it by going to File Æ Save. When you are done, exit the Writer
program by clicking the X on the top right-hand of the screen.

Page 138 of 191 © Train Signal, Inc., 2002-2006

Test sharing a file between MS Word and OpenOffice Writer

1. Next, we will test the sharing of files between MS Word, on a Windows PC, and
OpenOffice Writer on the Linux system. To do this, start off by going to your Windows
system, Client1. Now, open Microsoft Word. To do this, on Client1, you can go to Start
Æ Programs Æ Microsoft Office Æ Microsoft Word or go to Start Æ Run, then
type in winword and click OK. Once opened, type in a test message, such as This is a
test document from MS Word, like this:

Page 139 of 191 © Train Signal, Inc., 2002-2006

2. Now, save this document on your Samba shared drive on the Linux server. To do this,
go to File Æ Save. You will be prompted for the location and name of the file. The
default name is fine as it should be the words you typed in the document. For the
location, click on My Network Places.

3. Click Entire Network.

Page 140 of 191 © Train Signal, Inc., 2002-2006

4. Click Microsoft Windows Network.

5. Click Bigskyfishsu.

Page 141 of 191 © Train Signal, Inc., 2002-2006

6. Click Samba Server (Server1).

7. Click tmp.

Page 142 of 191 © Train Signal, Inc., 2002-2006

8. Click Save.

9. You have now saved your MS Word document on the Linux server. Close your MS
Word application. Go to the console of the Linux server, Server1. Open OpenOffice
Writer by going to Applications Æ Office Æ Word Processor. Once inside Writer, go
to File Æ Open. On the Open window that appears, navigate to the tmp folder. To do
this, double click on Filesystem on the left then double click on tmp on the right, like
this:

Page 143 of 191 © Train Signal, Inc., 2002-2006

10. Once you double click on tmp, you should be in the tmp folder, like this:

11. Scroll down and find the MS Word document you created. As you can see above, it was
named This is a test document from MS Word.doc. Click on that document, then click
Open. The document should open and you should see the exact same text you typed in
MS Word. Now, add something to this document like: THESE ARE EDITS FROM
OPEN OFFICE WRITER

Page 144 of 191 © Train Signal, Inc., 2002-2006

12. Save the document by clicking on the Floppy disk on the toolbar. You will be asked if
you want to keep the MS Word compatibility information or remove it and replace it
with Writer formatting.

13. Click Yes to leave this as a MS Word document. Then Close the Writer application.
Go back to your Windows Client, Client1. Start MS Word by running winword. Go to
File Æ Open. Navigate to the tmp Samba shared folder (as we did above). Once there,
open the same document we originally created – This is a test document from MS
Word.doc. The document should look like this:

Notice that both the text we typed with MS Word and the text we typed with
OpenOffice Writer appear just fine. We have demonstrated the most basic form of
compatibility between these two similar applications and have also used our Samba share
to share these files. That concludes Lab 7.

Page 145 of 191 © Train Signal, Inc., 2002-2006

 Lab 8
How to Backup your System

You will learn how to:

• Download and install the KDar – GUI backup program

• Perform a backup with KDar
• Restore a file with KDar

Page 146 of 191 © Train Signal, Inc., 2002-2006

Lab Scenario
You never know what can happen to a computer’s hard drive. Even new systems can go
down and experience data loss. For any production system (or even just a system that would
take some time to recreate) you should ensure that you have complete and frequent backups.
In Linux, this can be accomplished with a variety of programs. In fact, there are easily 50 or
more backup programs available for Linux. You’ll find a complete list here:

http://www.linuxlinks.com/Software/Backup/

Included in Fedora Linux you can use cpio, tar, and dump/restore from the command line.
Fedora also comes with the Amanda backup client available for installation through Package
Manager. Amanda is a network backup program that works well for many clients. You can
learn more about it at www.amanda.org. The version of Amanda that comes with Fedora is
the client, not the server. However, you can download and install the server from the
Amanda website or from many of the RPM Finder websites such as:

http://rpmfind.net/linux/RPM/

At Big Sky Fishing Supply, you need to make sure that they have solid backups of this new
Linux server. In this lab, you will test backing up and restoring with a graphical backup
program called KDar.

Page 147 of 191 © Train Signal, Inc., 2002-2006

Installing KDar
The homepage for Kdar is http://kdar.sourceforge.net and this is the ultimate source for
downloading Kdar. However, when I went there, they only offered the source for download,
which meant that I would have to compile that source to make an executable program. To
avoid this, I searched google and found that I can download the Red Hat Fedora binaries
(executable programs) elsewhere. Here are the instructions to download from that source
and install KDar.

Firstly, it is important to note that you don’t just need one package to install KDar, you need
five packages. You need dar, dar-devel (also known as libdar), OpenSSL (which includes the
libcrypto.so.4 package, required by KDar) and the KDE desktop (which includes required
KDE libraries).

Let’s start by installing the KDE Desktop. You may want to be longed on as root for this
otherwise you will be prompted for the root password when root permissions are required.

1. Go to Applications and click on Add/Remove Software. This will bring up the

Package Manager. You will already be on the Desktop Environments section, on the left.
Check the checkbox next to KDE (K Desktop Environment) and click Apply.

Page 148 of 191 © Train Signal, Inc., 2002-2006

2. You will see this Package section window. Click Continue.

3. This installation will take a while (perhaps 10+ minutes). When done, you will see the
following message. Next, click OK.

Page 149 of 191 © Train Signal, Inc., 2002-2006

4. Now that the KDE Desktop is installed, we can move on to openssl. Let’s download
and install the openssl package. To do this, open Firefox and type in rpmfind.net as the
URL.

5. In the blank, type in libcrypto.so.4 and click Search (although it would seem to be the
obvious thing to do, don’t type openssl as you won’t get all the packages you need). We
typed that in because that is the package the KDar requires. If you tried to install KDar
without this package, it would tell you that it cannot be installed because this package is a
dependency of KDar.

Page 150 of 191 © Train Signal, Inc., 2002-2006

6. Once you see the search results, scroll down and find the OpenSSL Toolkit, version
openssl097a0.9.7a-3.i386.rpm. Make sure that you are downloading the correct
package as only this package will work. Click on the link on the left with the package
name.

7. Once there, click on the weblink on the top of the page. It should say
openssl097a0.9.7a-3.i386.rpm link across the top of the screen. You will be asked if
you want to install this package.

Page 151 of 191 © Train Signal, Inc., 2002-2006

8. Take the default of opening the package with the installer, by clicking OK. A new
Firefox window will appear and this package will be installed. You will be asked if you
are sure you want to install this package. Click Apply.

9. When the installation is complete, you will see this message. Click OK.

Page 152 of 191 © Train Signal, Inc., 2002-2006

10. Next, we need to download the remaining three KDar packages required and we will
install them all at the same time. To do this, open your Linux web browser (Firefox)
and go to

http://www.kde-apps.org/content/show.php?content=10367

Scroll down and find the links for the dar, dar-devel, and kdar rpm’s for fc3. First,
click on the dar link, like this:

http://www.personal.uni-jena.de/~p1woro/rpms/kdar-2.0.4-0.1.i386.rpm

Page 153 of 191 © Train Signal, Inc., 2002-2006

11. You will see the following window. Select to Save to Disk and click OK A new web
browser window will open, which you can close.

12. The Download Manager will appear and show the progress. When done, go back to your
original web browser and click on the dar-devel link:

http://www.personal.uni-jena.de/~p1woro/rpms/dar-devel-2.2.1-0.1.i386.rpm

Page 154 of 191 © Train Signal, Inc., 2002-2006

13. You’ll see the following window. Select to Save to Disk and click OK A new web
browser window will open, which you can close.

14. Third, click on the kdar link:

http://www.personal.uni-jena.de/~p1woro/rpms/kdar-2.0.4-0.1.i386.rpm

Page 155 of 191 © Train Signal, Inc., 2002-2006

15. This window will appear:. Select to Save to Disk and click OK. A new web browser
window will open, which you can close. You can then close out all web browser
windows.

16. Open your Terminal by going to Applications Æ Accessories Æ Terminal. In your

terminal window, type in cd Desktop. This will put you in the folder where these
downloaded files are. Type ls so you can see what files are in the directory. Now type:

rpm --install dar-2.2.1-0.1.i386.rpm dar-devel-2.2.1-0.1.i386.rpm kdar-2.0.4-

0.1.i386.rpm

It should look like this:

Page 156 of 191 © Train Signal, Inc., 2002-2006

17. When done, press Enter. You won’t see anything from the install, if successful. In fact, it
will just look like this:

18. You will be returned to a command prompt. To start kdar, just type kdar at that
command prompt. You will see some text scroll by in the command window where you
started Kdar. This is normal.

Page 157 of 191 © Train Signal, Inc., 2002-2006

19. A window about the Kdar wallet system will appear. Click Next.

A Password selection window will appear. Click Finish.

Page 158 of 191 © Train Signal, Inc., 2002-2006

20. An error about not being able to access the sound driver will appear. This just means
that KDar won’t be able to alert you with a sound. This is fine. Click Do not show this
message again and the click OK.

21. An error about not being able to access the KDE wallet will appear. Click Do not show
this message again and click OK.

Page 159 of 191 © Train Signal, Inc., 2002-2006

22. A directory selection window will appear. The default is /root/dar_backups. This is
where your backup files will be stored. Take the default by clicking OK.

23. You will get a message asking if you want to create the directory. Click Yes.

Page 160 of 191 © Train Signal, Inc., 2002-2006

24. Kdar is now started and it looks like this:

The download and installation of KDar is complete. Now you can move on to using
Kdar.

Page 161 of 191 © Train Signal, Inc., 2002-2006

Performing a backup with KDar

1. Now, let’s do a backup with KDar. To do this, inside KDar, go to Archive Æ Create.

2. You’ll see the following window. Click Next.

Page 162 of 191 © Train Signal, Inc., 2002-2006

3. You’ll see the window prompting for the name of the new archive you are creating. Type
something like test backup of the etc http directory. Click Next.

4. On the next window, type in /etc/httpd as the directory we want to backup. Of course,
you can also choose to browse here and select individual file systems or you could type /
to backup all files on your server. Click Next.

Page 163 of 191 © Train Signal, Inc., 2002-2006

5. This won’t be a differential backup so don’t do anything on the next screen. Click Next.

Page 164 of 191 © Train Signal, Inc., 2002-2006

6. On the next screen, you can choose to go into the configuration options for this backup.
This is where you would change the file sizes that you want this backup sliced into. For
example, the default is a 700MB CDR. You can change this to a DVD or a floppy or
whatever you want. Your backup file, assuming it is too big for that media, will be sliced
into multiple pieces. I encourage you to explore all the options in this section but we
won’t be changing any for this test backup. Click Next.

Page 165 of 191 © Train Signal, Inc., 2002-2006

You’ll now see the following window. Click Finish and the backup of the /etc/httpd
filesystem will now begin.

Page 166 of 191 © Train Signal, Inc., 2002-2006

7. When done, you’ll be put back to the main window but you will see that the backup
completed and if there were any errors in the messages window.

We have now successfully backed up the /etc/httpd file system. Close Kdar.

Page 167 of 191 © Train Signal, Inc., 2002-2006

Restoring a file with KDar
Now, let’s test a restore of the /etc/httpd folder from our backup.

1. Go to Restore Archive by clicking the third button on the toolbar, like this:

2. In the window that appears, click on your archive and click Open.

Page 168 of 191 © Train Signal, Inc., 2002-2006

3. Next, you’ll be asked where you want to restore these files to. Type /root to restore
them back from where they came. Click OK.

4. The files will be restored and you can see the results in the messages.

You can see here that 17 inode (file) were restored. That should be the entire /etc/httpd
directory and files.

Page 169 of 191 © Train Signal, Inc., 2002-2006

5. Go back to your terminal window. Type in cd /root and press Enter. Then ls –l and
press Enter. You should see that there are directories conf and conf.d in your home
directory. Type cd conf and press enter. Now Type ls –l and press enter. You should see
the httpd.conf file.

We have now successfully downloaded, installed, and tested KDar backup software. This
concludes Lab 8.

Page 170 of 191 © Train Signal, Inc., 2002-2006

 Lab 9
Updating Linux with Yum

You will learn how to:

• Configure Yum
• Use Yum from the command line
• Install Yumex (Yum GUI interface)
• Use Yumex to perform an update

Page 171 of 191 © Train Signal, Inc., 2002-2006

Lab Scenario
If you are using Red Hat Enterprise Linux, then you are paying for software updates for
Linux. In that case, you use the Red Hat Alert Notification Tool to automatically obtain
updates for your operating system. However, as I said, you are paying for that service.

In the case of Fedora, the easiest way to keep it updated is to use something called Yum.
Yum stands for Yellow Dog Updater. The homepage for the Yum project is:

http://linux.duke.edu/projects/yum/

You can think of Yum as being similar to the Window automatic update service - but with a
lot more configurability and complexity. Yum is great because it can automatically update
ANY Linux package. Plus, Yum can INSTALL new Linux packages.

In the case of the Big Sky Fishing Supply Company, they want to use Yum to keep their
server’s operating system updated with security patches. Even better, they want a GUI
interface for Yum. Let’s find out how to do this.

Page 172 of 191 © Train Signal, Inc., 2002-2006

Using Yum
1. You can, of course, use Yum from the command line as it is a command line tool. To
use Yum, open a Terminal Window by going to Applications Æ Accessories Æ
Terminal. Inside the terminal window, type this: yum list available | more

The output will look something like this:

This command lists all packages available in the configured repository for download. To
see which updates are available you can use yum install {package name}. To update a
package, you can use yum update {package name}. To see what updates are available,
you can use yum check-update. However, as the ultimate goal here is to have a GUI
interface for Yum, let’s move on to the next section.

Page 173 of 191 © Train Signal, Inc., 2002-2006

Installing Yumex (Yum GUI interface)
Yumex (or Yum Extender) is a graphical user interface for Yum. The homepage for Yumex
is:
https://sourceforge.net/projects/yumex.

1. To install Yumex, at your command line, type yum install yumex (note that you can
also install Yumex from the graphical Package Manager application). The results will
look something like this:

Page 174 of 191 © Train Signal, Inc., 2002-2006

2. When you are prompted to download this package, type y, for yes, and press Enter.
When you get the warning that no public key is available and you are asked if this is okay,
type y, for yes, and press Enter. The Yumex application will be installed. When
completed, you should have seen a number of “success” messages and “completed”
messages. You will be returned to a prompt, like this:

The Yumex installation is now complete. You may close terminal now.

Page 175 of 191 © Train Signal, Inc., 2002-2006

Using Yumex to perform an update

1. To start Yumex, you can go to Applications Æ System Tools Æ Yum Extender or

type yumex & at a command prompt. The ampersand (&) puts Yumex in the
background of the shell process that you started it in. Because of this, you can still use
the command line where you started Yumex.

2. When you first start Yumex, an update will occur that will take a few minutes. When
completed, the Yumex GUI interface looks like this:

Page 176 of 191 © Train Signal, Inc., 2002-2006

3. Now that we have Yumex up and running, let’s update a common Linux application –
the Firefox web browser. To do this, let’s first see what version of Firefox we are
running right now. Open Firefox by clicking on the globe on the toolbar, like this:

4. Once Firefox starts go to the Firefox toolbar and click on Help Æ About Mozilla
Firefox. You’ll see the following window appear.

Notice that the version number is in two places. You should see that you have Firefox
1.5.0.1. Click OK on the Firefox version info and click X to close Firefox.

Page 177 of 191 © Train Signal, Inc., 2002-2006

5. Now, using Yumex, let’s see if there is an upgrade available. Inside Yumex, with the
update button selected on the left, type Firefox in the Search box then press Enter or
click Search.

6. You’ll find that there is one Firefox update package available and that it is version
1.5.0.2, for Fedora Core 5. Check the checkbox next to Firefox. Click Add to Queue.

Page 178 of 191 © Train Signal, Inc., 2002-2006

7. Click on the Queue button on the left. Click Process Queue.

8. Yumex will confirm the package that you want to install. Click OK.

Page 179 of 191 © Train Signal, Inc., 2002-2006

9. The Firefox update will be downloaded. Note that, at the time that you are doing this
lab, there may be newer Firefox updates. Feel free to perform whatever Firefox update is
available at that time. When complete you will see the log of the download and install in
the window. Assuming everything worked, you will see the message below, that the
update completed OK. Click OK.

When done the package repositories may be updated. When complete, close out Yumex
by clicking the X in the top right-hand corner.

Page 180 of 191 © Train Signal, Inc., 2002-2006

10. Now, let’s see which version of Firefox you are using now. Open Firefox again by
clicking on the globe on top of the desktop. Once Firefox starts go to the Firefox
toolbar and click on Help Æ About Mozilla Firefox. You’ll see the following window
appear.

Notice that the version number has been updated from 1.5.0.1 to 1.5.0.2. The Firefox
update using Yum & Yumex is completed and so is Lab 9.

Page 181 of 191 © Train Signal, Inc., 2002-2006

Page 182 of 191 © Train Signal, Inc., 2002-2006
 Lab 10
Using Linux FTP Server

You will learn how to:

• Configure the FTP server

• Start the FTP server
• Test our FTP server configuration

Page 183 of 191 © Train Signal, Inc., 2002-2006

Lab Scenario
The Linux Fedora FTP Server is called vsftpd. The VS stands for Very Secure. The
homepage for vsftpd is http://vsftpd.beasts.org/. One version (a compiled executable /
binary) comes with Fedora. The latest version will be found at their website.

However, you will most likely only find the source for vsftpd there and you would have to
compile it yourself. This is how it works for most Linux programs. The source is freely
available but creating the binary/executable by compiling it can be challenging sometimes. In
our case, we will use the version that comes with Fedora.

There is no GUI interface for the vsftpd server that comes with Fedora. To configure it, you
use the text files located in the /etc/vsftpd directory. The most important of these is the
vsftpd.conf file. This is where most of the configuration takes place. Note that vsftpd is not
running by default and may or may not be installed. Fortunately, we installed it when we
installed the operating system however, we do need to start the server.

Prior to starting it, we will configure it. In the case of Big Sky Fishing Supply, they have the
following security requirements for their FTP server:

• Anonymous login will not be allowed

• A FTP Banner that says “Welcome to the Big Sky Fishing Supply FTP server,
Server1. Unauthorized login is prohibited”.
• The only allowed users will be jchen and testuser. No other users will be allowed.
• The FTP server will be running now and when we reboot the server

Page 184 of 191 © Train Signal, Inc., 2002-2006

Configuring the FTP server
1. To configure the FTP server, begin by editing the /etc/vsftpd/vsftpd.conf configuration
file. Do this by first opening gedit by going to Applications Æ Accessories Æ Text
Editor. Once gedit is open, open the vsftpd configuration file by going to File Æ
Open. Browse to the file by clicking on Filesystem (on the left). Next, on the right,
click etc, and then click vsftpd. Scroll down, find the file vsftpd.conf, and then click on
it. Next, click Open.

Page 185 of 191 © Train Signal, Inc., 2002-2006

2. Of the things we need to configure here, the first is denying anonymous FTP login. To
do this, find the line that says anonymous_enable=yes and change that to no. So, it
should read: anonymous_enable=NO. Next on the list is the FTP banner. Scroll down
and find the line that says ftpd_banner. Uncomment this line by removing the hash (or
#) mark at the start of the line. Now change the line to read:

ftpd_banner=Welcome to the Big Sky Fishing Supply FTP server, Server1.

Unauthorized login is prohibited.

For example:

Page 186 of 191 © Train Signal, Inc., 2002-2006

3. Next, we need to find the userlist_enable setting. Make sure this setting
reads:userlist_enable=YES and it is not commented out. Add the following setting
below it: userlist_deny=NO

Now we need to configure the list of users. To do this, click Save on the toolbar. Now
click on the Open icon on the toolbar. Click on the user_list file on the right hand side
and then click Open..

4. This is the list of users who can login to the FTP server. Remove all users in this list and
change it to read only: jchen and testuser. For example:

Now click Save, then close out the Text Editor with the X on the top right hand corner.
You have now successfully configured the FTP server.

Page 187 of 191 © Train Signal, Inc., 2002-2006

Starting the FTP server
Now, let’s start the FTP server, just as we started other services on our Linux server.

1. To do this, go to System Æ Administration Æ Server Settings Æ Services. Scroll

down the list of services (daemons) and find (at the bottom) vsftpd. Check the
checkbox next to it to enable it to start automatically. Then right click on it and click
Start.

2. Next, you’ll see the following message. Click OK.

Save your configuration by clicking the Save button on the toolbar then close the
services window by clicking X on the top right hand corner of the window. The vsftpd
server has been set to start automatically when the server starts and the vsftpd server is
running.

Page 188 of 191 © Train Signal, Inc., 2002-2006

Testing our FTP server configuration
Next, we need to test the configuration of our FTP server to make sure that everything we
put into the configuration file really works. Here is a list of the things we need to verify:

• Anonymous login will not be allowed

• There is a FTP Banner that says “Welcome to the Big Sky Fishing Supply FTP
server, Server1. Unauthorized login is prohibited”.
• The only allowed user will be jchen and testuser. No other users will be allowed.

We will test these settings from the Windows XP client, Client1, using the command-line
FTP client. We will do this because it is the most flexible method.

1. On Client1, open a Windows command prompt by going to Start Æ Run and typing in
cmd. Click OK and your Windows command window and prompt will appear.

2. On the command prompt, type ftp server1 and press Enter. You should see this:

From the response you get from that, you should have successfully tested two things:

• That the server is running.

• That the banner we configured worked.

Page 189 of 191 © Train Signal, Inc., 2002-2006

3. At the User prompt, type in anonymous and press Enter. You should see this:

This shows you that anonymous permission to login is denied. This was something else
we configured.

4. Now, try to login as user srandolp by typing user srandolp and press Enter. You should
see this:

This shows that other regular users like srandolp cannot login to the system. Now, can
the users that we want to be able to login, login to the system? Let’s try.

5. Type user jchen and press Enter. For the password, type Fishing123 and press Enter.
You should see this:

From this, you know that one of the two users we configured to be able to use the FTP
server can use it.

Page 190 of 191 © Train Signal, Inc., 2002-2006

6. Next, do a couple of commands to make sure that this user can really see their home
directory and what directory they are in. Type ls –l and press Enter. If prompted by
Windows XP Firewall click Unblock. Then type Pwd and press Enter. You should see
the file listing for your home directory and that you are in Jeff’s home directory
/home/jchen. Here is an example:

Next, type quit and press Enter.

5. Now press the up-arrow to repeat your last command. It should be: ftp server1 and
press enter. At the login prompt, type testuser for the username and press Enter. At
the password prompt, type bigskyfishing for the password and press Enter. You
should see that login was successful, like this:

Type pwd to see which directory you are placed in. You should be in /home/testuser.

You have now successfully tested all the configuration requirements for vsftpd and have
successfully completed Lab 10.

Page 191 of 191 © Train Signal, Inc., 2002-2006